2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
83 static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
198 static u8 mgmt_status(u8 hci_status)
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
203 return MGMT_STATUS_FAILED;
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222 hdr->index = cpu_to_le16(index);
223 hdr->len = cpu_to_le16(sizeof(*ev));
225 ev = (void *) skb_put(skb, sizeof(*ev));
227 put_unaligned_le16(cmd, &ev->opcode);
229 err = sock_queue_rcv_skb(sk, skb);
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
244 BT_DBG("sock %p", sk);
246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253 hdr->index = cpu_to_le16(index);
254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
261 memcpy(ev->data, rp, rp_len);
263 err = sock_queue_rcv_skb(sk, skb);
270 static int read_version(struct sock *sk, struct hci_dev *hdev,
271 void *data, u16 data_len)
273 struct mgmt_rp_read_version rp;
275 BT_DBG("sock %p", sk);
277 rp.version = MGMT_VERSION;
278 put_unaligned_le16(MGMT_REVISION, &rp.revision);
280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
284 static int read_commands(struct sock *sk, struct hci_dev *hdev,
285 void *data, u16 data_len)
287 struct mgmt_rp_read_commands *rp;
288 u16 num_commands = ARRAY_SIZE(mgmt_commands);
289 u16 num_events = ARRAY_SIZE(mgmt_events);
294 BT_DBG("sock %p", sk);
296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
298 rp = kmalloc(rp_size, GFP_KERNEL);
302 put_unaligned_le16(num_commands, &rp->num_commands);
303 put_unaligned_le16(num_events, &rp->num_events);
305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306 put_unaligned_le16(mgmt_commands[i], opcode);
308 for (i = 0; i < num_events; i++, opcode++)
309 put_unaligned_le16(mgmt_events[i], opcode);
311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
318 static int read_index_list(struct sock *sk, struct hci_dev *hdev,
319 void *data, u16 data_len)
321 struct mgmt_rp_read_index_list *rp;
328 BT_DBG("sock %p", sk);
330 read_lock(&hci_dev_list_lock);
333 list_for_each(p, &hci_dev_list) {
337 rp_len = sizeof(*rp) + (2 * count);
338 rp = kmalloc(rp_len, GFP_ATOMIC);
340 read_unlock(&hci_dev_list_lock);
344 put_unaligned_le16(count, &rp->num_controllers);
347 list_for_each_entry(d, &hci_dev_list, list) {
348 if (test_bit(HCI_SETUP, &d->dev_flags))
351 put_unaligned_le16(d->id, &rp->index[i++]);
352 BT_DBG("Added hci%u", d->id);
355 read_unlock(&hci_dev_list_lock);
357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
365 static u32 get_supported_settings(struct hci_dev *hdev)
369 settings |= MGMT_SETTING_POWERED;
370 settings |= MGMT_SETTING_CONNECTABLE;
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_PAIRABLE;
375 if (hdev->features[6] & LMP_SIMPLE_PAIR)
376 settings |= MGMT_SETTING_SSP;
378 if (!(hdev->features[4] & LMP_NO_BREDR)) {
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
384 settings |= MGMT_SETTING_HS;
387 if (hdev->features[4] & LMP_LE)
388 settings |= MGMT_SETTING_LE;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_DISCOVERABLE;
407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_PAIRABLE;
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_LE;
416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LINK_SECURITY;
419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_SSP;
422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
428 #define PNP_INFO_SVCLASS_ID 0x1200
430 static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
435 static u16 get_uuid16(u8 *uuid128)
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
445 memcpy(&val, &uuid128[12], 4);
447 val = le32_to_cpu(val);
454 static void create_eir(struct hci_dev *hdev, u8 *data)
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
463 name_len = strlen(hdev->dev_name);
469 ptr[1] = EIR_NAME_SHORT;
471 ptr[1] = EIR_NAME_COMPLETE;
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
476 memcpy(ptr + 2, hdev->dev_name, name_len);
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
482 memset(uuid16_list, 0, sizeof(uuid16_list));
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
488 uuid16 = get_uuid16(uuid->uuid);
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
515 if (uuid16_list[0] != 0) {
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
534 static int update_eir(struct hci_dev *hdev)
536 struct hci_cp_write_eir cp;
538 if (!hdev_is_powered(hdev))
541 if (!(hdev->features[6] & LMP_EXT_INQ))
544 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
547 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
550 memset(&cp, 0, sizeof(cp));
552 create_eir(hdev, cp.data);
554 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
557 memcpy(hdev->eir, cp.data, sizeof(cp.data));
559 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
562 static u8 get_service_classes(struct hci_dev *hdev)
564 struct bt_uuid *uuid;
567 list_for_each_entry(uuid, &hdev->uuids, list)
568 val |= uuid->svc_hint;
573 static int update_class(struct hci_dev *hdev)
578 BT_DBG("%s", hdev->name);
580 if (!hdev_is_powered(hdev))
583 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
586 cod[0] = hdev->minor_class;
587 cod[1] = hdev->major_class;
588 cod[2] = get_service_classes(hdev);
590 if (memcmp(cod, hdev->dev_class, 3) == 0)
593 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
595 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
600 static void service_cache_off(struct work_struct *work)
602 struct hci_dev *hdev = container_of(work, struct hci_dev,
605 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
613 hci_dev_unlock(hdev);
616 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
618 if (!test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
621 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
622 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
624 /* Non-mgmt controlled devices get this bit set
625 * implicitly so that pairing works for them, however
626 * for mgmt we require user-space to explicitly enable
629 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
633 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
634 void *data, u16 data_len)
636 struct mgmt_rp_read_info rp;
638 BT_DBG("sock %p %s", sk, hdev->name);
642 memset(&rp, 0, sizeof(rp));
644 bacpy(&rp.bdaddr, &hdev->bdaddr);
646 rp.version = hdev->hci_ver;
648 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
650 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
651 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
653 memcpy(rp.dev_class, hdev->dev_class, 3);
655 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
656 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
658 hci_dev_unlock(hdev);
660 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
664 static void mgmt_pending_free(struct pending_cmd *cmd)
671 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
672 struct hci_dev *hdev,
675 struct pending_cmd *cmd;
677 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
681 cmd->opcode = opcode;
682 cmd->index = hdev->id;
684 cmd->param = kmalloc(len, GFP_ATOMIC);
691 memcpy(cmd->param, data, len);
696 list_add(&cmd->list, &hdev->mgmt_pending);
701 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
702 void (*cb)(struct pending_cmd *cmd, void *data),
705 struct list_head *p, *n;
707 list_for_each_safe(p, n, &hdev->mgmt_pending) {
708 struct pending_cmd *cmd;
710 cmd = list_entry(p, struct pending_cmd, list);
712 if (opcode > 0 && cmd->opcode != opcode)
719 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
721 struct pending_cmd *cmd;
723 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
724 if (cmd->opcode == opcode)
731 static void mgmt_pending_remove(struct pending_cmd *cmd)
733 list_del(&cmd->list);
734 mgmt_pending_free(cmd);
737 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
739 __le32 settings = cpu_to_le32(get_current_settings(hdev));
741 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
745 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
748 struct mgmt_mode *cp = data;
749 struct pending_cmd *cmd;
752 BT_DBG("request for %s", hdev->name);
756 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
757 cancel_delayed_work(&hdev->power_off);
760 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
761 mgmt_powered(hdev, 1);
766 if (!!cp->val == hdev_is_powered(hdev)) {
767 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
771 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
772 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
777 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
784 schedule_work(&hdev->power_on);
786 schedule_work(&hdev->power_off.work);
791 hci_dev_unlock(hdev);
795 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
796 u16 data_len, struct sock *skip_sk)
799 struct mgmt_hdr *hdr;
801 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
805 hdr = (void *) skb_put(skb, sizeof(*hdr));
806 hdr->opcode = cpu_to_le16(event);
808 hdr->index = cpu_to_le16(hdev->id);
810 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
811 hdr->len = cpu_to_le16(data_len);
814 memcpy(skb_put(skb, data_len), data, data_len);
817 __net_timestamp(skb);
819 hci_send_to_control(skb, skip_sk);
825 static int new_settings(struct hci_dev *hdev, struct sock *skip)
829 ev = cpu_to_le32(get_current_settings(hdev));
831 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
834 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
837 struct mgmt_cp_set_discoverable *cp = data;
838 struct pending_cmd *cmd;
843 BT_DBG("request for %s", hdev->name);
845 timeout = get_unaligned_le16(&cp->timeout);
846 if (!cp->val && timeout > 0)
847 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
848 MGMT_STATUS_INVALID_PARAMS);
852 if (!hdev_is_powered(hdev) && timeout > 0) {
853 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
854 MGMT_STATUS_NOT_POWERED);
858 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
859 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
860 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
865 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
866 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
867 MGMT_STATUS_REJECTED);
871 if (!hdev_is_powered(hdev)) {
872 bool changed = false;
874 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
875 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
879 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
884 err = new_settings(hdev, sk);
889 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
890 if (hdev->discov_timeout > 0) {
891 cancel_delayed_work(&hdev->discov_off);
892 hdev->discov_timeout = 0;
895 if (cp->val && timeout > 0) {
896 hdev->discov_timeout = timeout;
897 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
898 msecs_to_jiffies(hdev->discov_timeout * 1000));
901 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
905 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
914 scan |= SCAN_INQUIRY;
916 cancel_delayed_work(&hdev->discov_off);
918 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
920 mgmt_pending_remove(cmd);
923 hdev->discov_timeout = timeout;
926 hci_dev_unlock(hdev);
930 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
933 struct mgmt_mode *cp = data;
934 struct pending_cmd *cmd;
938 BT_DBG("request for %s", hdev->name);
942 if (!hdev_is_powered(hdev)) {
943 bool changed = false;
945 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
949 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
951 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
952 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
955 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
960 err = new_settings(hdev, sk);
965 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
966 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
967 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
972 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
973 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
977 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
988 if (test_bit(HCI_ISCAN, &hdev->flags) &&
989 hdev->discov_timeout > 0)
990 cancel_delayed_work(&hdev->discov_off);
993 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
995 mgmt_pending_remove(cmd);
998 hci_dev_unlock(hdev);
1002 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1005 struct mgmt_mode *cp = data;
1008 BT_DBG("request for %s", hdev->name);
1013 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1015 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1017 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1021 err = new_settings(hdev, sk);
1024 hci_dev_unlock(hdev);
1028 static int set_link_security(struct sock *sk, struct hci_dev *hdev,
1029 void *data, u16 len)
1031 struct mgmt_mode *cp = data;
1032 struct pending_cmd *cmd;
1036 BT_DBG("request for %s", hdev->name);
1040 if (!hdev_is_powered(hdev)) {
1041 bool changed = false;
1043 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1044 &hdev->dev_flags)) {
1045 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1049 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1054 err = new_settings(hdev, sk);
1059 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1060 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1067 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1068 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1072 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1078 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1080 mgmt_pending_remove(cmd);
1085 hci_dev_unlock(hdev);
1089 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1091 struct mgmt_mode *cp = data;
1092 struct pending_cmd *cmd;
1096 BT_DBG("request for %s", hdev->name);
1100 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1101 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1102 MGMT_STATUS_NOT_SUPPORTED);
1108 if (!hdev_is_powered(hdev)) {
1109 bool changed = false;
1111 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1112 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1116 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1121 err = new_settings(hdev, sk);
1126 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1127 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1132 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1133 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1137 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1143 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1145 mgmt_pending_remove(cmd);
1150 hci_dev_unlock(hdev);
1154 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1156 struct mgmt_mode *cp = data;
1158 BT_DBG("request for %s", hdev->name);
1161 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1162 MGMT_STATUS_NOT_SUPPORTED);
1165 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1167 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1169 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1172 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1174 struct mgmt_mode *cp = data;
1175 struct hci_cp_write_le_host_supported hci_cp;
1176 struct pending_cmd *cmd;
1180 BT_DBG("request for %s", hdev->name);
1184 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1185 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1186 MGMT_STATUS_NOT_SUPPORTED);
1191 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1193 if (!hdev_is_powered(hdev) || val == enabled) {
1194 bool changed = false;
1196 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1197 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1201 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1206 err = new_settings(hdev, sk);
1211 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1212 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1217 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1223 memset(&hci_cp, 0, sizeof(hci_cp));
1227 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1230 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
1231 sizeof(hci_cp), &hci_cp);
1233 mgmt_pending_remove(cmd);
1238 hci_dev_unlock(hdev);
1242 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1244 struct mgmt_cp_add_uuid *cp = data;
1245 struct pending_cmd *cmd;
1246 struct bt_uuid *uuid;
1249 BT_DBG("request for %s", hdev->name);
1253 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1254 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1259 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1265 memcpy(uuid->uuid, cp->uuid, 16);
1266 uuid->svc_hint = cp->svc_hint;
1268 list_add(&uuid->list, &hdev->uuids);
1270 err = update_class(hdev);
1274 err = update_eir(hdev);
1278 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1279 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1280 hdev->dev_class, 3);
1284 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1291 hci_dev_unlock(hdev);
1295 static bool enable_service_cache(struct hci_dev *hdev)
1297 if (!hdev_is_powered(hdev))
1300 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1301 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1308 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1311 struct mgmt_cp_remove_uuid *cp = data;
1312 struct pending_cmd *cmd;
1313 struct list_head *p, *n;
1314 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1317 BT_DBG("request for %s", hdev->name);
1321 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1322 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1327 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1328 err = hci_uuids_clear(hdev);
1330 if (enable_service_cache(hdev)) {
1331 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1332 0, hdev->dev_class, 3);
1341 list_for_each_safe(p, n, &hdev->uuids) {
1342 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1344 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1347 list_del(&match->list);
1352 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1353 MGMT_STATUS_INVALID_PARAMS);
1358 err = update_class(hdev);
1362 err = update_eir(hdev);
1366 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1367 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1368 hdev->dev_class, 3);
1372 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1379 hci_dev_unlock(hdev);
1383 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1386 struct mgmt_cp_set_dev_class *cp = data;
1387 struct pending_cmd *cmd;
1390 BT_DBG("request for %s", hdev->name);
1394 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1395 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1400 hdev->major_class = cp->major;
1401 hdev->minor_class = cp->minor;
1403 if (!hdev_is_powered(hdev)) {
1404 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1405 hdev->dev_class, 3);
1409 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1410 hci_dev_unlock(hdev);
1411 cancel_delayed_work_sync(&hdev->service_cache);
1416 err = update_class(hdev);
1420 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1421 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1422 hdev->dev_class, 3);
1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1433 hci_dev_unlock(hdev);
1437 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1440 struct mgmt_cp_load_link_keys *cp = data;
1441 u16 key_count, expected_len;
1444 key_count = get_unaligned_le16(&cp->key_count);
1446 expected_len = sizeof(*cp) + key_count *
1447 sizeof(struct mgmt_link_key_info);
1448 if (expected_len != len) {
1449 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1451 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1452 MGMT_STATUS_INVALID_PARAMS);
1455 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1460 hci_link_keys_clear(hdev);
1462 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1465 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1467 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1469 for (i = 0; i < key_count; i++) {
1470 struct mgmt_link_key_info *key = &cp->keys[i];
1472 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1473 key->type, key->pin_len);
1476 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1478 hci_dev_unlock(hdev);
1483 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1484 u8 addr_type, struct sock *skip_sk)
1486 struct mgmt_ev_device_unpaired ev;
1488 bacpy(&ev.addr.bdaddr, bdaddr);
1489 ev.addr.type = addr_type;
1491 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1495 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1498 struct mgmt_cp_unpair_device *cp = data;
1499 struct mgmt_rp_unpair_device rp;
1500 struct hci_cp_disconnect dc;
1501 struct pending_cmd *cmd;
1502 struct hci_conn *conn;
1507 memset(&rp, 0, sizeof(rp));
1508 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1509 rp.addr.type = cp->addr.type;
1511 if (!hdev_is_powered(hdev)) {
1512 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1513 MGMT_STATUS_NOT_POWERED,
1518 if (cp->addr.type == MGMT_ADDR_BREDR)
1519 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1521 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1524 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1525 MGMT_STATUS_NOT_PAIRED,
1530 if (cp->disconnect) {
1531 if (cp->addr.type == MGMT_ADDR_BREDR)
1532 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1535 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1542 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1544 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1548 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1555 put_unaligned_le16(conn->handle, &dc.handle);
1556 dc.reason = 0x13; /* Remote User Terminated Connection */
1557 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1559 mgmt_pending_remove(cmd);
1562 hci_dev_unlock(hdev);
1566 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1569 struct mgmt_cp_disconnect *cp = data;
1570 struct hci_cp_disconnect dc;
1571 struct pending_cmd *cmd;
1572 struct hci_conn *conn;
1579 if (!test_bit(HCI_UP, &hdev->flags)) {
1580 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1581 MGMT_STATUS_NOT_POWERED);
1585 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1586 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1591 if (cp->addr.type == MGMT_ADDR_BREDR)
1592 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1594 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1597 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1598 MGMT_STATUS_NOT_CONNECTED);
1602 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1608 put_unaligned_le16(conn->handle, &dc.handle);
1609 dc.reason = 0x13; /* Remote User Terminated Connection */
1611 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1613 mgmt_pending_remove(cmd);
1616 hci_dev_unlock(hdev);
1620 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1622 switch (link_type) {
1624 switch (addr_type) {
1625 case ADDR_LE_DEV_PUBLIC:
1626 return MGMT_ADDR_LE_PUBLIC;
1627 case ADDR_LE_DEV_RANDOM:
1628 return MGMT_ADDR_LE_RANDOM;
1630 return MGMT_ADDR_INVALID;
1633 return MGMT_ADDR_BREDR;
1635 return MGMT_ADDR_INVALID;
1639 static int get_connections(struct sock *sk, struct hci_dev *hdev,
1640 void *data, u16 data_len)
1642 struct mgmt_rp_get_connections *rp;
1652 if (!hdev_is_powered(hdev)) {
1653 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1654 MGMT_STATUS_NOT_POWERED);
1659 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1660 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1664 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1665 rp = kmalloc(rp_len, GFP_ATOMIC);
1672 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1673 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1675 bacpy(&rp->addr[i].bdaddr, &c->dst);
1676 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1677 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1682 put_unaligned_le16(i, &rp->conn_count);
1684 /* Recalculate length in case of filtered SCO connections, etc */
1685 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1687 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1693 hci_dev_unlock(hdev);
1697 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1698 struct mgmt_cp_pin_code_neg_reply *cp)
1700 struct pending_cmd *cmd;
1703 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1708 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1709 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1711 mgmt_pending_remove(cmd);
1716 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1719 struct hci_conn *conn;
1720 struct mgmt_cp_pin_code_reply *cp = data;
1721 struct hci_cp_pin_code_reply reply;
1722 struct pending_cmd *cmd;
1729 if (!hdev_is_powered(hdev)) {
1730 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1731 MGMT_STATUS_NOT_POWERED);
1735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1737 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1738 MGMT_STATUS_NOT_CONNECTED);
1742 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1743 struct mgmt_cp_pin_code_neg_reply ncp;
1745 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1747 BT_ERR("PIN code is not 16 bytes long");
1749 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1751 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1752 MGMT_STATUS_INVALID_PARAMS);
1757 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1763 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1764 reply.pin_len = cp->pin_len;
1765 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1767 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1769 mgmt_pending_remove(cmd);
1772 hci_dev_unlock(hdev);
1776 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1777 void *data, u16 len)
1779 struct mgmt_cp_pin_code_neg_reply *cp = data;
1786 if (!hdev_is_powered(hdev)) {
1787 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1788 MGMT_STATUS_NOT_POWERED);
1792 err = send_pin_code_neg_reply(sk, hdev, cp);
1795 hci_dev_unlock(hdev);
1799 static int set_io_capability(struct sock *sk, struct hci_dev *hdev,
1800 void *data, u16 len)
1802 struct mgmt_cp_set_io_capability *cp = data;
1808 hdev->io_capability = cp->io_capability;
1810 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1811 hdev->io_capability);
1813 hci_dev_unlock(hdev);
1815 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
1819 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1821 struct hci_dev *hdev = conn->hdev;
1822 struct pending_cmd *cmd;
1824 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1825 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1828 if (cmd->user_data != conn)
1837 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1839 struct mgmt_rp_pair_device rp;
1840 struct hci_conn *conn = cmd->user_data;
1842 bacpy(&rp.addr.bdaddr, &conn->dst);
1843 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1845 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1848 /* So we don't get further callbacks for this connection */
1849 conn->connect_cfm_cb = NULL;
1850 conn->security_cfm_cb = NULL;
1851 conn->disconn_cfm_cb = NULL;
1855 mgmt_pending_remove(cmd);
1858 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1860 struct pending_cmd *cmd;
1862 BT_DBG("status %u", status);
1864 cmd = find_pairing(conn);
1866 BT_DBG("Unable to find a pending command");
1868 pairing_complete(cmd, mgmt_status(status));
1871 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1874 struct mgmt_cp_pair_device *cp = data;
1875 struct mgmt_rp_pair_device rp;
1876 struct pending_cmd *cmd;
1877 u8 sec_level, auth_type;
1878 struct hci_conn *conn;
1885 if (!hdev_is_powered(hdev)) {
1886 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1887 MGMT_STATUS_NOT_POWERED);
1891 sec_level = BT_SECURITY_MEDIUM;
1892 if (cp->io_cap == 0x03)
1893 auth_type = HCI_AT_DEDICATED_BONDING;
1895 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1897 if (cp->addr.type == MGMT_ADDR_BREDR)
1898 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1901 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1904 memset(&rp, 0, sizeof(rp));
1905 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1906 rp.addr.type = cp->addr.type;
1909 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1910 MGMT_STATUS_CONNECT_FAILED,
1915 if (conn->connect_cfm_cb) {
1917 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1918 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1922 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1929 /* For LE, just connecting isn't a proof that the pairing finished */
1930 if (cp->addr.type == MGMT_ADDR_BREDR)
1931 conn->connect_cfm_cb = pairing_complete_cb;
1933 conn->security_cfm_cb = pairing_complete_cb;
1934 conn->disconn_cfm_cb = pairing_complete_cb;
1935 conn->io_capability = cp->io_cap;
1936 cmd->user_data = conn;
1938 if (conn->state == BT_CONNECTED &&
1939 hci_conn_security(conn, sec_level, auth_type))
1940 pairing_complete(cmd, 0);
1945 hci_dev_unlock(hdev);
1949 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev,
1950 void *data, u16 len)
1952 struct mgmt_addr_info *addr = data;
1953 struct pending_cmd *cmd;
1954 struct hci_conn *conn;
1961 if (!hdev_is_powered(hdev)) {
1962 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1963 MGMT_STATUS_NOT_POWERED);
1967 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1969 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1970 MGMT_STATUS_INVALID_PARAMS);
1974 conn = cmd->user_data;
1976 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1977 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1978 MGMT_STATUS_INVALID_PARAMS);
1982 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1984 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1985 addr, sizeof(*addr));
1987 hci_dev_unlock(hdev);
1991 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1992 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
1993 u16 hci_op, __le32 passkey)
1995 struct pending_cmd *cmd;
1996 struct hci_conn *conn;
2001 if (!hdev_is_powered(hdev)) {
2002 err = cmd_status(sk, hdev->id, mgmt_op,
2003 MGMT_STATUS_NOT_POWERED);
2007 if (type == MGMT_ADDR_BREDR)
2008 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2010 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2013 err = cmd_status(sk, hdev->id, mgmt_op,
2014 MGMT_STATUS_NOT_CONNECTED);
2018 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2019 /* Continue with pairing via SMP */
2020 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2023 err = cmd_status(sk, hdev->id, mgmt_op,
2024 MGMT_STATUS_SUCCESS);
2026 err = cmd_status(sk, hdev->id, mgmt_op,
2027 MGMT_STATUS_FAILED);
2032 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2038 /* Continue with pairing via HCI */
2039 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2040 struct hci_cp_user_passkey_reply cp;
2042 bacpy(&cp.bdaddr, bdaddr);
2043 cp.passkey = passkey;
2044 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2046 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2049 mgmt_pending_remove(cmd);
2052 hci_dev_unlock(hdev);
2056 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev,
2057 void *data, u16 len)
2059 struct mgmt_cp_user_confirm_reply *cp = data;
2063 if (len != sizeof(*cp))
2064 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2065 MGMT_STATUS_INVALID_PARAMS);
2067 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2068 MGMT_OP_USER_CONFIRM_REPLY,
2069 HCI_OP_USER_CONFIRM_REPLY, 0);
2072 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2073 void *data, u16 len)
2075 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2079 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2080 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2081 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2084 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev,
2085 void *data, u16 len)
2087 struct mgmt_cp_user_passkey_reply *cp = data;
2091 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2092 MGMT_OP_USER_PASSKEY_REPLY,
2093 HCI_OP_USER_PASSKEY_REPLY,
2097 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2098 void *data, u16 len)
2100 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2104 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2105 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2106 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2109 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2112 struct mgmt_cp_set_local_name *mgmt_cp = data;
2113 struct hci_cp_write_local_name hci_cp;
2114 struct pending_cmd *cmd;
2121 memcpy(hdev->short_name, mgmt_cp->short_name,
2122 sizeof(hdev->short_name));
2124 if (!hdev_is_powered(hdev)) {
2125 memcpy(hdev->dev_name, mgmt_cp->name, sizeof(hdev->dev_name));
2127 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2132 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2138 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2144 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2145 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2148 mgmt_pending_remove(cmd);
2151 hci_dev_unlock(hdev);
2155 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2156 void *data, u16 data_len)
2158 struct pending_cmd *cmd;
2161 BT_DBG("%s", hdev->name);
2165 if (!hdev_is_powered(hdev)) {
2166 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2167 MGMT_STATUS_NOT_POWERED);
2171 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2172 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2173 MGMT_STATUS_NOT_SUPPORTED);
2177 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2178 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2183 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2189 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2191 mgmt_pending_remove(cmd);
2194 hci_dev_unlock(hdev);
2198 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2199 void *data, u16 len)
2201 struct mgmt_cp_add_remote_oob_data *cp = data;
2205 BT_DBG("%s ", hdev->name);
2209 if (!hdev_is_powered(hdev)) {
2210 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2211 MGMT_STATUS_NOT_POWERED,
2212 &cp->addr, sizeof(cp->addr));
2216 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2219 status = MGMT_STATUS_FAILED;
2223 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2224 &cp->addr, sizeof(cp->addr));
2227 hci_dev_unlock(hdev);
2231 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2232 void *data, u16 len)
2234 struct mgmt_cp_remove_remote_oob_data *cp = data;
2238 BT_DBG("%s", hdev->name);
2242 if (!hdev_is_powered(hdev)) {
2243 err = cmd_complete(sk, hdev->id,
2244 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2245 MGMT_STATUS_NOT_POWERED,
2246 &cp->addr, sizeof(cp->addr));
2250 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2252 status = MGMT_STATUS_INVALID_PARAMS;
2256 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2257 status, &cp->addr, sizeof(cp->addr));
2260 hci_dev_unlock(hdev);
2264 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2268 BT_DBG("%s", hdev->name);
2272 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2276 hci_dev_unlock(hdev);
2281 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2282 void *data, u16 len)
2284 struct mgmt_cp_start_discovery *cp = data;
2285 struct pending_cmd *cmd;
2288 BT_DBG("%s", hdev->name);
2292 if (!hdev_is_powered(hdev)) {
2293 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2294 MGMT_STATUS_NOT_POWERED);
2298 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2299 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2304 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2310 hdev->discovery.type = cp->type;
2312 switch (hdev->discovery.type) {
2313 case DISCOV_TYPE_BREDR:
2314 if (lmp_bredr_capable(hdev))
2315 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2320 case DISCOV_TYPE_LE:
2321 if (lmp_host_le_capable(hdev))
2322 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2323 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2328 case DISCOV_TYPE_INTERLEAVED:
2329 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2330 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2331 LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE);
2341 mgmt_pending_remove(cmd);
2343 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2346 hci_dev_unlock(hdev);
2350 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2353 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2354 struct pending_cmd *cmd;
2355 struct hci_cp_remote_name_req_cancel cp;
2356 struct inquiry_entry *e;
2359 BT_DBG("%s", hdev->name);
2363 if (!hci_discovery_active(hdev)) {
2364 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2365 MGMT_STATUS_REJECTED,
2366 &mgmt_cp->type, sizeof(mgmt_cp->type));
2370 if (hdev->discovery.type != mgmt_cp->type) {
2371 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2372 MGMT_STATUS_INVALID_PARAMS,
2373 &mgmt_cp->type, sizeof(mgmt_cp->type));
2377 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2383 if (hdev->discovery.state == DISCOVERY_FINDING) {
2384 err = hci_cancel_inquiry(hdev);
2386 mgmt_pending_remove(cmd);
2388 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2392 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2394 mgmt_pending_remove(cmd);
2395 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
2396 &mgmt_cp->type, sizeof(mgmt_cp->type));
2397 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2401 bacpy(&cp.bdaddr, &e->data.bdaddr);
2402 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2405 mgmt_pending_remove(cmd);
2407 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2410 hci_dev_unlock(hdev);
2414 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2417 struct mgmt_cp_confirm_name *cp = data;
2418 struct inquiry_entry *e;
2421 BT_DBG("%s", hdev->name);
2425 if (!hci_discovery_active(hdev)) {
2426 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2427 MGMT_STATUS_FAILED);
2431 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2433 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2434 MGMT_STATUS_INVALID_PARAMS);
2438 if (cp->name_known) {
2439 e->name_state = NAME_KNOWN;
2442 e->name_state = NAME_NEEDED;
2443 hci_inquiry_cache_update_resolve(hdev, e);
2449 hci_dev_unlock(hdev);
2453 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2456 struct mgmt_cp_block_device *cp = data;
2460 BT_DBG("%s", hdev->name);
2464 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2466 status = MGMT_STATUS_FAILED;
2470 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2471 &cp->addr, sizeof(cp->addr));
2473 hci_dev_unlock(hdev);
2478 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2481 struct mgmt_cp_unblock_device *cp = data;
2485 BT_DBG("%s", hdev->name);
2489 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2491 status = MGMT_STATUS_INVALID_PARAMS;
2495 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2496 &cp->addr, sizeof(cp->addr));
2498 hci_dev_unlock(hdev);
2503 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2504 void *data, u16 len)
2506 struct mgmt_mode *cp = data;
2507 struct hci_cp_write_page_scan_activity acp;
2511 BT_DBG("%s", hdev->name);
2513 if (!hdev_is_powered(hdev))
2514 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2515 MGMT_STATUS_NOT_POWERED);
2517 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2518 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2519 MGMT_STATUS_REJECTED);
2524 type = PAGE_SCAN_TYPE_INTERLACED;
2525 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2527 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2528 acp.interval = 0x0800; /* default 1.28 sec page scan */
2531 acp.window = 0x0012; /* default 11.25 msec page scan window */
2533 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2536 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2537 MGMT_STATUS_FAILED);
2541 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2543 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2544 MGMT_STATUS_FAILED);
2548 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2551 hci_dev_unlock(hdev);
2555 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2556 void *cp_data, u16 len)
2558 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2559 u16 key_count, expected_len;
2562 key_count = get_unaligned_le16(&cp->key_count);
2564 expected_len = sizeof(*cp) + key_count *
2565 sizeof(struct mgmt_ltk_info);
2566 if (expected_len != len) {
2567 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2573 BT_DBG("%s key_count %u", hdev->name, key_count);
2577 hci_smp_ltks_clear(hdev);
2579 for (i = 0; i < key_count; i++) {
2580 struct mgmt_ltk_info *key = &cp->keys[i];
2586 type = HCI_SMP_LTK_SLAVE;
2588 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2589 type, 0, key->authenticated, key->val,
2590 key->enc_size, key->ediv, key->rand);
2593 hci_dev_unlock(hdev);
2598 struct mgmt_handler {
2599 int (*func) (struct sock *sk, struct hci_dev *hdev,
2600 void *data, u16 data_len);
2603 } mgmt_handlers[] = {
2604 { NULL }, /* 0x0000 (no command) */
2605 { read_version, false, MGMT_READ_VERSION_SIZE },
2606 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2607 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2608 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2609 { set_powered, false, MGMT_SETTING_SIZE },
2610 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2611 { set_connectable, false, MGMT_SETTING_SIZE },
2612 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2613 { set_pairable, false, MGMT_SETTING_SIZE },
2614 { set_link_security, false, MGMT_SETTING_SIZE },
2615 { set_ssp, false, MGMT_SETTING_SIZE },
2616 { set_hs, false, MGMT_SETTING_SIZE },
2617 { set_le, false, MGMT_SETTING_SIZE },
2618 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2619 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2620 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2621 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2622 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2623 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2624 { disconnect, false, MGMT_DISCONNECT_SIZE },
2625 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2626 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2627 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2628 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2629 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2630 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2631 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2632 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2633 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2634 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2635 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2636 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2637 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2638 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2639 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2640 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2641 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2642 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2643 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2647 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2651 struct mgmt_hdr *hdr;
2652 u16 opcode, index, len;
2653 struct hci_dev *hdev = NULL;
2654 struct mgmt_handler *handler;
2657 BT_DBG("got %zu bytes", msglen);
2659 if (msglen < sizeof(*hdr))
2662 buf = kmalloc(msglen, GFP_KERNEL);
2666 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2672 opcode = get_unaligned_le16(&hdr->opcode);
2673 index = get_unaligned_le16(&hdr->index);
2674 len = get_unaligned_le16(&hdr->len);
2676 if (len != msglen - sizeof(*hdr)) {
2681 if (index != MGMT_INDEX_NONE) {
2682 hdev = hci_dev_get(index);
2684 err = cmd_status(sk, index, opcode,
2685 MGMT_STATUS_INVALID_PARAMS);
2690 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2691 mgmt_handlers[opcode].func == NULL) {
2692 BT_DBG("Unknown op %u", opcode);
2693 err = cmd_status(sk, index, opcode,
2694 MGMT_STATUS_UNKNOWN_COMMAND);
2698 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2699 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2700 err = cmd_status(sk, index, opcode,
2701 MGMT_STATUS_INVALID_PARAMS);
2705 handler = &mgmt_handlers[opcode];
2707 if ((handler->var_len && len < handler->data_len) ||
2708 (!handler->var_len && len != handler->data_len)) {
2709 err = cmd_status(sk, index, opcode,
2710 MGMT_STATUS_INVALID_PARAMS);
2715 mgmt_init_hdev(sk, hdev);
2717 cp = buf + sizeof(*hdr);
2719 err = handler->func(sk, hdev, cp, len);
2733 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2737 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2738 mgmt_pending_remove(cmd);
2741 int mgmt_index_added(struct hci_dev *hdev)
2743 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2746 int mgmt_index_removed(struct hci_dev *hdev)
2750 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2752 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2757 struct hci_dev *hdev;
2761 static void settings_rsp(struct pending_cmd *cmd, void *data)
2763 struct cmd_lookup *match = data;
2765 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2767 list_del(&cmd->list);
2769 if (match->sk == NULL) {
2770 match->sk = cmd->sk;
2771 sock_hold(match->sk);
2774 mgmt_pending_free(cmd);
2777 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2779 struct cmd_lookup match = { NULL, hdev };
2782 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2785 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2790 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2792 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2793 scan |= SCAN_INQUIRY;
2796 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2801 u8 status = ENETDOWN;
2802 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2805 err = new_settings(hdev, match.sk);
2813 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2815 struct cmd_lookup match = { NULL, hdev };
2816 bool changed = false;
2820 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2823 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2827 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2831 err = new_settings(hdev, match.sk);
2839 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2841 struct cmd_lookup match = { NULL, hdev };
2842 bool changed = false;
2846 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2849 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2853 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2857 err = new_settings(hdev, match.sk);
2865 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2867 u8 mgmt_err = mgmt_status(status);
2869 if (scan & SCAN_PAGE)
2870 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2871 cmd_status_rsp, &mgmt_err);
2873 if (scan & SCAN_INQUIRY)
2874 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2875 cmd_status_rsp, &mgmt_err);
2880 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2883 struct mgmt_ev_new_link_key ev;
2885 memset(&ev, 0, sizeof(ev));
2887 ev.store_hint = persistent;
2888 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2889 ev.key.addr.type = MGMT_ADDR_BREDR;
2890 ev.key.type = key->type;
2891 memcpy(ev.key.val, key->val, 16);
2892 ev.key.pin_len = key->pin_len;
2894 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2897 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2899 struct mgmt_ev_new_long_term_key ev;
2901 memset(&ev, 0, sizeof(ev));
2903 ev.store_hint = persistent;
2904 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2905 ev.key.addr.type = key->bdaddr_type;
2906 ev.key.authenticated = key->authenticated;
2907 ev.key.enc_size = key->enc_size;
2908 ev.key.ediv = key->ediv;
2910 if (key->type == HCI_SMP_LTK)
2913 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2914 memcpy(ev.key.val, key->val, sizeof(key->val));
2916 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2917 &ev, sizeof(ev), NULL);
2920 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2921 u8 addr_type, u32 flags, u8 *name,
2922 u8 name_len, u8 *dev_class)
2925 struct mgmt_ev_device_connected *ev = (void *) buf;
2928 bacpy(&ev->addr.bdaddr, bdaddr);
2929 ev->addr.type = link_to_mgmt(link_type, addr_type);
2931 ev->flags = __cpu_to_le32(flags);
2934 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2937 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2938 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2939 EIR_CLASS_OF_DEV, dev_class, 3);
2941 put_unaligned_le16(eir_len, &ev->eir_len);
2943 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2944 sizeof(*ev) + eir_len, NULL);
2947 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2949 struct mgmt_cp_disconnect *cp = cmd->param;
2950 struct sock **sk = data;
2951 struct mgmt_rp_disconnect rp;
2953 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2954 rp.addr.type = cp->addr.type;
2956 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2962 mgmt_pending_remove(cmd);
2965 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2967 struct hci_dev *hdev = data;
2968 struct mgmt_cp_unpair_device *cp = cmd->param;
2969 struct mgmt_rp_unpair_device rp;
2971 memset(&rp, 0, sizeof(rp));
2972 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2973 rp.addr.type = cp->addr.type;
2975 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2977 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
2979 mgmt_pending_remove(cmd);
2982 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2983 u8 link_type, u8 addr_type)
2985 struct mgmt_addr_info ev;
2986 struct sock *sk = NULL;
2989 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2991 bacpy(&ev.bdaddr, bdaddr);
2992 ev.type = link_to_mgmt(link_type, addr_type);
2994 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3000 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3006 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3007 u8 link_type, u8 addr_type, u8 status)
3009 struct mgmt_rp_disconnect rp;
3010 struct pending_cmd *cmd;
3013 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3017 bacpy(&rp.addr.bdaddr, bdaddr);
3018 rp.addr.type = link_to_mgmt(link_type, addr_type);
3020 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3021 mgmt_status(status), &rp, sizeof(rp));
3023 mgmt_pending_remove(cmd);
3025 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3030 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3031 u8 addr_type, u8 status)
3033 struct mgmt_ev_connect_failed ev;
3035 bacpy(&ev.addr.bdaddr, bdaddr);
3036 ev.addr.type = link_to_mgmt(link_type, addr_type);
3037 ev.status = mgmt_status(status);
3039 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3042 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3044 struct mgmt_ev_pin_code_request ev;
3046 bacpy(&ev.addr.bdaddr, bdaddr);
3047 ev.addr.type = MGMT_ADDR_BREDR;
3050 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3054 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3057 struct pending_cmd *cmd;
3058 struct mgmt_rp_pin_code_reply rp;
3061 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3065 bacpy(&rp.addr.bdaddr, bdaddr);
3066 rp.addr.type = MGMT_ADDR_BREDR;
3068 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3069 mgmt_status(status), &rp, sizeof(rp));
3071 mgmt_pending_remove(cmd);
3076 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3079 struct pending_cmd *cmd;
3080 struct mgmt_rp_pin_code_reply rp;
3083 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3087 bacpy(&rp.addr.bdaddr, bdaddr);
3088 rp.addr.type = MGMT_ADDR_BREDR;
3090 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3091 mgmt_status(status), &rp, sizeof(rp));
3093 mgmt_pending_remove(cmd);
3098 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3099 u8 link_type, u8 addr_type, __le32 value,
3102 struct mgmt_ev_user_confirm_request ev;
3104 BT_DBG("%s", hdev->name);
3106 bacpy(&ev.addr.bdaddr, bdaddr);
3107 ev.addr.type = link_to_mgmt(link_type, addr_type);
3108 ev.confirm_hint = confirm_hint;
3109 put_unaligned_le32(value, &ev.value);
3111 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3115 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3116 u8 link_type, u8 addr_type)
3118 struct mgmt_ev_user_passkey_request ev;
3120 BT_DBG("%s", hdev->name);
3122 bacpy(&ev.addr.bdaddr, bdaddr);
3123 ev.addr.type = link_to_mgmt(link_type, addr_type);
3125 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3129 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3130 u8 link_type, u8 addr_type, u8 status,
3133 struct pending_cmd *cmd;
3134 struct mgmt_rp_user_confirm_reply rp;
3137 cmd = mgmt_pending_find(opcode, hdev);
3141 bacpy(&rp.addr.bdaddr, bdaddr);
3142 rp.addr.type = link_to_mgmt(link_type, addr_type);
3143 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3146 mgmt_pending_remove(cmd);
3151 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3152 u8 link_type, u8 addr_type, u8 status)
3154 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3155 status, MGMT_OP_USER_CONFIRM_REPLY);
3158 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3159 u8 link_type, u8 addr_type, u8 status)
3161 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3162 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3165 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3166 u8 link_type, u8 addr_type, u8 status)
3168 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3169 status, MGMT_OP_USER_PASSKEY_REPLY);
3172 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3173 u8 link_type, u8 addr_type, u8 status)
3175 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3176 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3179 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3180 u8 addr_type, u8 status)
3182 struct mgmt_ev_auth_failed ev;
3184 bacpy(&ev.addr.bdaddr, bdaddr);
3185 ev.addr.type = link_to_mgmt(link_type, addr_type);
3186 ev.status = mgmt_status(status);
3188 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3191 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3193 struct cmd_lookup match = { NULL, hdev };
3194 bool changed = false;
3198 u8 mgmt_err = mgmt_status(status);
3199 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3200 cmd_status_rsp, &mgmt_err);
3204 if (test_bit(HCI_AUTH, &hdev->flags)) {
3205 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3208 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3212 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3216 err = new_settings(hdev, match.sk);
3224 static int clear_eir(struct hci_dev *hdev)
3226 struct hci_cp_write_eir cp;
3228 if (!(hdev->features[6] & LMP_EXT_INQ))
3231 memset(hdev->eir, 0, sizeof(hdev->eir));
3233 memset(&cp, 0, sizeof(cp));
3235 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3238 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3240 struct cmd_lookup match = { NULL, hdev };
3241 bool changed = false;
3245 u8 mgmt_err = mgmt_status(status);
3247 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3249 err = new_settings(hdev, NULL);
3251 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3252 cmd_status_rsp, &mgmt_err);
3258 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3261 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3265 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3268 err = new_settings(hdev, match.sk);
3273 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3281 static void class_rsp(struct pending_cmd *cmd, void *data)
3283 struct cmd_lookup *match = data;
3285 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3286 match->hdev->dev_class, 3);
3288 list_del(&cmd->list);
3290 if (match->sk == NULL) {
3291 match->sk = cmd->sk;
3292 sock_hold(match->sk);
3295 mgmt_pending_free(cmd);
3298 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3301 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3304 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3306 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3307 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3308 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3311 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3312 dev_class, 3, NULL);
3320 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3322 struct pending_cmd *cmd;
3323 struct mgmt_cp_set_local_name ev;
3324 bool changed = false;
3327 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3328 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3332 memset(&ev, 0, sizeof(ev));
3333 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3334 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3336 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3340 /* Always assume that either the short or the complete name has
3341 * changed if there was a pending mgmt command */
3345 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3346 mgmt_status(status));
3350 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3357 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3358 sizeof(ev), cmd ? cmd->sk : NULL);
3364 mgmt_pending_remove(cmd);
3368 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3369 u8 *randomizer, u8 status)
3371 struct pending_cmd *cmd;
3374 BT_DBG("%s status %u", hdev->name, status);
3376 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3381 err = cmd_status(cmd->sk, hdev->id,
3382 MGMT_OP_READ_LOCAL_OOB_DATA,
3383 mgmt_status(status));
3385 struct mgmt_rp_read_local_oob_data rp;
3387 memcpy(rp.hash, hash, sizeof(rp.hash));
3388 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3390 err = cmd_complete(cmd->sk, hdev->id,
3391 MGMT_OP_READ_LOCAL_OOB_DATA,
3392 0, &rp, sizeof(rp));
3395 mgmt_pending_remove(cmd);
3400 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3402 struct cmd_lookup match = { NULL, hdev };
3403 bool changed = false;
3407 u8 mgmt_err = mgmt_status(status);
3409 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3411 err = new_settings(hdev, NULL);
3413 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3414 cmd_status_rsp, &mgmt_err);
3420 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3423 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3427 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3430 err = new_settings(hdev, match.sk);
3438 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3439 u8 addr_type, u8 *dev_class, s8 rssi,
3440 u8 cfm_name, u8 ssp, u8 *eir, u16 eir_len)
3443 struct mgmt_ev_device_found *ev = (void *) buf;
3446 /* Leave 5 bytes for a potential CoD field */
3447 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3450 memset(buf, 0, sizeof(buf));
3452 bacpy(&ev->addr.bdaddr, bdaddr);
3453 ev->addr.type = link_to_mgmt(link_type, addr_type);
3456 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3458 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3461 memcpy(ev->eir, eir, eir_len);
3463 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3464 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3467 put_unaligned_le16(eir_len, &ev->eir_len);
3469 ev_size = sizeof(*ev) + eir_len;
3471 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3474 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3475 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3477 struct mgmt_ev_device_found *ev;
3478 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3481 ev = (struct mgmt_ev_device_found *) buf;
3483 memset(buf, 0, sizeof(buf));
3485 bacpy(&ev->addr.bdaddr, bdaddr);
3486 ev->addr.type = link_to_mgmt(link_type, addr_type);
3489 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3492 put_unaligned_le16(eir_len, &ev->eir_len);
3494 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3495 sizeof(*ev) + eir_len, NULL);
3498 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3500 struct pending_cmd *cmd;
3504 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3506 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3510 type = hdev->discovery.type;
3512 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3513 &type, sizeof(type));
3514 mgmt_pending_remove(cmd);
3519 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3521 struct pending_cmd *cmd;
3524 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3528 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3529 &hdev->discovery.type,
3530 sizeof(hdev->discovery.type));
3531 mgmt_pending_remove(cmd);
3536 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3538 struct mgmt_ev_discovering ev;
3539 struct pending_cmd *cmd;
3541 BT_DBG("%s discovering %u", hdev->name, discovering);
3544 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3546 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3549 u8 type = hdev->discovery.type;
3551 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3552 &type, sizeof(type));
3553 mgmt_pending_remove(cmd);
3556 memset(&ev, 0, sizeof(ev));
3557 ev.type = hdev->discovery.type;
3558 ev.discovering = discovering;
3560 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3563 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3565 struct pending_cmd *cmd;
3566 struct mgmt_ev_device_blocked ev;
3568 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3570 bacpy(&ev.addr.bdaddr, bdaddr);
3571 ev.addr.type = type;
3573 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3574 cmd ? cmd->sk : NULL);
3577 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3579 struct pending_cmd *cmd;
3580 struct mgmt_ev_device_unblocked ev;
3582 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3584 bacpy(&ev.addr.bdaddr, bdaddr);
3585 ev.addr.type = type;
3587 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3588 cmd ? cmd->sk : NULL);
3591 module_param(enable_hs, bool, 0644);
3592 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3594 module_param(enable_le, bool, 0644);
3595 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
projects / platform / adaptation / renesas_rcar / renesas_kernel.git / blob