2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 1
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
105 * These LE scan and inquiry parameters were chosen according to LE General
106 * Discovery Procedure specification.
108 #define LE_SCAN_TYPE 0x01
109 #define LE_SCAN_WIN 0x12
110 #define LE_SCAN_INT 0x12
111 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
112 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
114 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
115 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
117 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123 struct list_head list;
131 /* HCI to MGMT error code conversion table */
132 static u8 mgmt_status_table[] = {
134 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
135 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
136 MGMT_STATUS_FAILED, /* Hardware Failure */
137 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
138 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
139 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
140 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
141 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
144 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
145 MGMT_STATUS_BUSY, /* Command Disallowed */
146 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
147 MGMT_STATUS_REJECTED, /* Rejected Security */
148 MGMT_STATUS_REJECTED, /* Rejected Personal */
149 MGMT_STATUS_TIMEOUT, /* Host Timeout */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
152 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
153 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
154 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
155 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
156 MGMT_STATUS_BUSY, /* Repeated Attempts */
157 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
158 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
159 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
160 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
161 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
162 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
163 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
164 MGMT_STATUS_FAILED, /* Unspecified Error */
165 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
166 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
167 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
168 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
169 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
170 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
171 MGMT_STATUS_FAILED, /* Unit Link Key Used */
172 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
173 MGMT_STATUS_TIMEOUT, /* Instant Passed */
174 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
175 MGMT_STATUS_FAILED, /* Transaction Collision */
176 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
177 MGMT_STATUS_REJECTED, /* QoS Rejected */
178 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
179 MGMT_STATUS_REJECTED, /* Insufficient Security */
180 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
181 MGMT_STATUS_BUSY, /* Role Switch Pending */
182 MGMT_STATUS_FAILED, /* Slot Violation */
183 MGMT_STATUS_FAILED, /* Role Switch Failed */
184 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
185 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
186 MGMT_STATUS_BUSY, /* Host Busy Pairing */
187 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
188 MGMT_STATUS_BUSY, /* Controller Busy */
189 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
190 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
191 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
192 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
193 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196 static u8 mgmt_status(u8 hci_status)
198 if (hci_status < ARRAY_SIZE(mgmt_status_table))
199 return mgmt_status_table[hci_status];
201 return MGMT_STATUS_FAILED;
204 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
207 struct mgmt_hdr *hdr;
208 struct mgmt_ev_cmd_status *ev;
211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
217 hdr = (void *) skb_put(skb, sizeof(*hdr));
219 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
220 hdr->index = cpu_to_le16(index);
221 hdr->len = cpu_to_le16(sizeof(*ev));
223 ev = (void *) skb_put(skb, sizeof(*ev));
225 ev->opcode = cpu_to_le16(cmd);
227 err = sock_queue_rcv_skb(sk, skb);
234 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
235 void *rp, size_t rp_len)
238 struct mgmt_hdr *hdr;
239 struct mgmt_ev_cmd_complete *ev;
242 BT_DBG("sock %p", sk);
244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
248 hdr = (void *) skb_put(skb, sizeof(*hdr));
250 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
251 hdr->index = cpu_to_le16(index);
252 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
254 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
255 ev->opcode = cpu_to_le16(cmd);
259 memcpy(ev->data, rp, rp_len);
261 err = sock_queue_rcv_skb(sk, skb);
268 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
271 struct mgmt_rp_read_version rp;
273 BT_DBG("sock %p", sk);
275 rp.version = MGMT_VERSION;
276 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
278 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
282 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
285 struct mgmt_rp_read_commands *rp;
286 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 const u16 num_events = ARRAY_SIZE(mgmt_events);
292 BT_DBG("sock %p", sk);
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
296 rp = kmalloc(rp_size, GFP_KERNEL);
300 rp->num_commands = __constant_cpu_to_le16(num_commands);
301 rp->num_events = __constant_cpu_to_le16(num_events);
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
319 struct mgmt_rp_read_index_list *rp;
326 BT_DBG("sock %p", sk);
328 read_lock(&hci_dev_list_lock);
331 list_for_each(p, &hci_dev_list) {
335 rp_len = sizeof(*rp) + (2 * count);
336 rp = kmalloc(rp_len, GFP_ATOMIC);
338 read_unlock(&hci_dev_list_lock);
342 rp->num_controllers = cpu_to_le16(count);
345 list_for_each_entry(d, &hci_dev_list, list) {
346 if (test_bit(HCI_SETUP, &d->dev_flags))
349 rp->index[i++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
353 read_unlock(&hci_dev_list_lock);
355 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
363 static u32 get_supported_settings(struct hci_dev *hdev)
367 settings |= MGMT_SETTING_POWERED;
368 settings |= MGMT_SETTING_CONNECTABLE;
369 settings |= MGMT_SETTING_FAST_CONNECTABLE;
370 settings |= MGMT_SETTING_DISCOVERABLE;
371 settings |= MGMT_SETTING_PAIRABLE;
373 if (hdev->features[6] & LMP_SIMPLE_PAIR)
374 settings |= MGMT_SETTING_SSP;
376 if (!(hdev->features[4] & LMP_NO_BREDR)) {
377 settings |= MGMT_SETTING_BREDR;
378 settings |= MGMT_SETTING_LINK_SECURITY;
382 settings |= MGMT_SETTING_HS;
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
390 static u32 get_current_settings(struct hci_dev *hdev)
394 if (hdev_is_powered(hdev))
395 settings |= MGMT_SETTING_POWERED;
397 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
398 settings |= MGMT_SETTING_CONNECTABLE;
400 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
401 settings |= MGMT_SETTING_DISCOVERABLE;
403 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
404 settings |= MGMT_SETTING_PAIRABLE;
406 if (!(hdev->features[4] & LMP_NO_BREDR))
407 settings |= MGMT_SETTING_BREDR;
409 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
410 settings |= MGMT_SETTING_LE;
412 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
413 settings |= MGMT_SETTING_LINK_SECURITY;
415 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
416 settings |= MGMT_SETTING_SSP;
418 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
419 settings |= MGMT_SETTING_HS;
424 #define PNP_INFO_SVCLASS_ID 0x1200
426 static u8 bluetooth_base_uuid[] = {
427 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
428 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
431 static u16 get_uuid16(u8 *uuid128)
436 for (i = 0; i < 12; i++) {
437 if (bluetooth_base_uuid[i] != uuid128[i])
441 val = get_unaligned_le32(&uuid128[12]);
448 static void create_eir(struct hci_dev *hdev, u8 *data)
452 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
453 int i, truncated = 0;
454 struct bt_uuid *uuid;
457 name_len = strlen(hdev->dev_name);
463 ptr[1] = EIR_NAME_SHORT;
465 ptr[1] = EIR_NAME_COMPLETE;
467 /* EIR Data length */
468 ptr[0] = name_len + 1;
470 memcpy(ptr + 2, hdev->dev_name, name_len);
472 eir_len += (name_len + 2);
473 ptr += (name_len + 2);
476 if (hdev->inq_tx_power) {
478 ptr[1] = EIR_TX_POWER;
479 ptr[2] = (u8) hdev->inq_tx_power;
485 if (hdev->devid_source > 0) {
487 ptr[1] = EIR_DEVICE_ID;
489 put_unaligned_le16(hdev->devid_source, ptr + 2);
490 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
491 put_unaligned_le16(hdev->devid_product, ptr + 6);
492 put_unaligned_le16(hdev->devid_version, ptr + 8);
498 memset(uuid16_list, 0, sizeof(uuid16_list));
500 /* Group all UUID16 types */
501 list_for_each_entry(uuid, &hdev->uuids, list) {
504 uuid16 = get_uuid16(uuid->uuid);
511 if (uuid16 == PNP_INFO_SVCLASS_ID)
514 /* Stop if not enough space to put next UUID */
515 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
520 /* Check for duplicates */
521 for (i = 0; uuid16_list[i] != 0; i++)
522 if (uuid16_list[i] == uuid16)
525 if (uuid16_list[i] == 0) {
526 uuid16_list[i] = uuid16;
527 eir_len += sizeof(u16);
531 if (uuid16_list[0] != 0) {
535 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
540 for (i = 0; uuid16_list[i] != 0; i++) {
541 *ptr++ = (uuid16_list[i] & 0x00ff);
542 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
545 /* EIR Data length */
546 *length = (i * sizeof(u16)) + 1;
550 static int update_eir(struct hci_dev *hdev)
552 struct hci_cp_write_eir cp;
554 if (!hdev_is_powered(hdev))
557 if (!(hdev->features[6] & LMP_EXT_INQ))
560 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
563 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
566 memset(&cp, 0, sizeof(cp));
568 create_eir(hdev, cp.data);
570 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
573 memcpy(hdev->eir, cp.data, sizeof(cp.data));
575 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
578 static u8 get_service_classes(struct hci_dev *hdev)
580 struct bt_uuid *uuid;
583 list_for_each_entry(uuid, &hdev->uuids, list)
584 val |= uuid->svc_hint;
589 static int update_class(struct hci_dev *hdev)
594 BT_DBG("%s", hdev->name);
596 if (!hdev_is_powered(hdev))
599 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
602 cod[0] = hdev->minor_class;
603 cod[1] = hdev->major_class;
604 cod[2] = get_service_classes(hdev);
606 if (memcmp(cod, hdev->dev_class, 3) == 0)
609 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
611 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
616 static void service_cache_off(struct work_struct *work)
618 struct hci_dev *hdev = container_of(work, struct hci_dev,
621 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
629 hci_dev_unlock(hdev);
632 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
634 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
637 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
639 /* Non-mgmt controlled devices get this bit set
640 * implicitly so that pairing works for them, however
641 * for mgmt we require user-space to explicitly enable
644 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
647 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
648 void *data, u16 data_len)
650 struct mgmt_rp_read_info rp;
652 BT_DBG("sock %p %s", sk, hdev->name);
656 memset(&rp, 0, sizeof(rp));
658 bacpy(&rp.bdaddr, &hdev->bdaddr);
660 rp.version = hdev->hci_ver;
661 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
663 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
664 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
666 memcpy(rp.dev_class, hdev->dev_class, 3);
668 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
669 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
671 hci_dev_unlock(hdev);
673 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
677 static void mgmt_pending_free(struct pending_cmd *cmd)
684 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
685 struct hci_dev *hdev, void *data,
688 struct pending_cmd *cmd;
690 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
694 cmd->opcode = opcode;
695 cmd->index = hdev->id;
697 cmd->param = kmalloc(len, GFP_KERNEL);
704 memcpy(cmd->param, data, len);
709 list_add(&cmd->list, &hdev->mgmt_pending);
714 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
715 void (*cb)(struct pending_cmd *cmd,
719 struct list_head *p, *n;
721 list_for_each_safe(p, n, &hdev->mgmt_pending) {
722 struct pending_cmd *cmd;
724 cmd = list_entry(p, struct pending_cmd, list);
726 if (opcode > 0 && cmd->opcode != opcode)
733 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
735 struct pending_cmd *cmd;
737 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
738 if (cmd->opcode == opcode)
745 static void mgmt_pending_remove(struct pending_cmd *cmd)
747 list_del(&cmd->list);
748 mgmt_pending_free(cmd);
751 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
753 __le32 settings = cpu_to_le32(get_current_settings(hdev));
755 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
759 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
762 struct mgmt_mode *cp = data;
763 struct pending_cmd *cmd;
766 BT_DBG("request for %s", hdev->name);
770 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
771 cancel_delayed_work(&hdev->power_off);
774 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
775 mgmt_powered(hdev, 1);
780 if (!!cp->val == hdev_is_powered(hdev)) {
781 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
785 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
786 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
791 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
798 schedule_work(&hdev->power_on);
800 schedule_work(&hdev->power_off.work);
805 hci_dev_unlock(hdev);
809 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
810 struct sock *skip_sk)
813 struct mgmt_hdr *hdr;
815 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
819 hdr = (void *) skb_put(skb, sizeof(*hdr));
820 hdr->opcode = cpu_to_le16(event);
822 hdr->index = cpu_to_le16(hdev->id);
824 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
825 hdr->len = cpu_to_le16(data_len);
828 memcpy(skb_put(skb, data_len), data, data_len);
831 __net_timestamp(skb);
833 hci_send_to_control(skb, skip_sk);
839 static int new_settings(struct hci_dev *hdev, struct sock *skip)
843 ev = cpu_to_le32(get_current_settings(hdev));
845 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
848 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
851 struct mgmt_cp_set_discoverable *cp = data;
852 struct pending_cmd *cmd;
857 BT_DBG("request for %s", hdev->name);
859 timeout = __le16_to_cpu(cp->timeout);
860 if (!cp->val && timeout > 0)
861 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
862 MGMT_STATUS_INVALID_PARAMS);
866 if (!hdev_is_powered(hdev) && timeout > 0) {
867 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
868 MGMT_STATUS_NOT_POWERED);
872 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
873 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
874 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
879 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
880 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
881 MGMT_STATUS_REJECTED);
885 if (!hdev_is_powered(hdev)) {
886 bool changed = false;
888 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
889 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
893 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
898 err = new_settings(hdev, sk);
903 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
904 if (hdev->discov_timeout > 0) {
905 cancel_delayed_work(&hdev->discov_off);
906 hdev->discov_timeout = 0;
909 if (cp->val && timeout > 0) {
910 hdev->discov_timeout = timeout;
911 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
912 msecs_to_jiffies(hdev->discov_timeout * 1000));
915 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
919 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
928 scan |= SCAN_INQUIRY;
930 cancel_delayed_work(&hdev->discov_off);
932 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
934 mgmt_pending_remove(cmd);
937 hdev->discov_timeout = timeout;
940 hci_dev_unlock(hdev);
944 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
947 struct mgmt_mode *cp = data;
948 struct pending_cmd *cmd;
952 BT_DBG("request for %s", hdev->name);
956 if (!hdev_is_powered(hdev)) {
957 bool changed = false;
959 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
963 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
965 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
966 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
969 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
974 err = new_settings(hdev, sk);
979 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
980 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
981 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
986 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
987 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
991 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1002 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1003 hdev->discov_timeout > 0)
1004 cancel_delayed_work(&hdev->discov_off);
1007 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1009 mgmt_pending_remove(cmd);
1012 hci_dev_unlock(hdev);
1016 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1019 struct mgmt_mode *cp = data;
1022 BT_DBG("request for %s", hdev->name);
1027 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1029 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1031 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1035 err = new_settings(hdev, sk);
1038 hci_dev_unlock(hdev);
1042 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1045 struct mgmt_mode *cp = data;
1046 struct pending_cmd *cmd;
1050 BT_DBG("request for %s", hdev->name);
1054 if (!hdev_is_powered(hdev)) {
1055 bool changed = false;
1057 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1058 &hdev->dev_flags)) {
1059 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1063 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1068 err = new_settings(hdev, sk);
1073 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1074 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1081 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1082 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1086 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1092 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1094 mgmt_pending_remove(cmd);
1099 hci_dev_unlock(hdev);
1103 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1105 struct mgmt_mode *cp = data;
1106 struct pending_cmd *cmd;
1110 BT_DBG("request for %s", hdev->name);
1114 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1115 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1116 MGMT_STATUS_NOT_SUPPORTED);
1122 if (!hdev_is_powered(hdev)) {
1123 bool changed = false;
1125 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1126 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1130 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1135 err = new_settings(hdev, sk);
1140 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1141 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1146 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1147 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1151 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1157 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1159 mgmt_pending_remove(cmd);
1164 hci_dev_unlock(hdev);
1168 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1170 struct mgmt_mode *cp = data;
1172 BT_DBG("request for %s", hdev->name);
1175 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1176 MGMT_STATUS_NOT_SUPPORTED);
1179 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1181 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1183 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1186 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1188 struct mgmt_mode *cp = data;
1189 struct hci_cp_write_le_host_supported hci_cp;
1190 struct pending_cmd *cmd;
1194 BT_DBG("request for %s", hdev->name);
1198 if (!(hdev->features[4] & LMP_LE)) {
1199 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1200 MGMT_STATUS_NOT_SUPPORTED);
1205 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1207 if (!hdev_is_powered(hdev) || val == enabled) {
1208 bool changed = false;
1210 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1211 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1215 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1220 err = new_settings(hdev, sk);
1225 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1226 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1231 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1237 memset(&hci_cp, 0, sizeof(hci_cp));
1241 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1244 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1247 mgmt_pending_remove(cmd);
1250 hci_dev_unlock(hdev);
1254 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1256 struct mgmt_cp_add_uuid *cp = data;
1257 struct pending_cmd *cmd;
1258 struct bt_uuid *uuid;
1261 BT_DBG("request for %s", hdev->name);
1265 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1266 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1271 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1277 memcpy(uuid->uuid, cp->uuid, 16);
1278 uuid->svc_hint = cp->svc_hint;
1280 list_add(&uuid->list, &hdev->uuids);
1282 err = update_class(hdev);
1286 err = update_eir(hdev);
1290 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1291 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1292 hdev->dev_class, 3);
1296 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1301 hci_dev_unlock(hdev);
1305 static bool enable_service_cache(struct hci_dev *hdev)
1307 if (!hdev_is_powered(hdev))
1310 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1311 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1318 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1321 struct mgmt_cp_remove_uuid *cp = data;
1322 struct pending_cmd *cmd;
1323 struct list_head *p, *n;
1324 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1327 BT_DBG("request for %s", hdev->name);
1331 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1332 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1337 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1338 err = hci_uuids_clear(hdev);
1340 if (enable_service_cache(hdev)) {
1341 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1342 0, hdev->dev_class, 3);
1351 list_for_each_safe(p, n, &hdev->uuids) {
1352 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1354 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1357 list_del(&match->list);
1362 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1363 MGMT_STATUS_INVALID_PARAMS);
1368 err = update_class(hdev);
1372 err = update_eir(hdev);
1376 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1377 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1378 hdev->dev_class, 3);
1382 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1387 hci_dev_unlock(hdev);
1391 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1394 struct mgmt_cp_set_dev_class *cp = data;
1395 struct pending_cmd *cmd;
1398 BT_DBG("request for %s", hdev->name);
1402 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1403 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1408 hdev->major_class = cp->major;
1409 hdev->minor_class = cp->minor;
1411 if (!hdev_is_powered(hdev)) {
1412 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1413 hdev->dev_class, 3);
1417 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1418 hci_dev_unlock(hdev);
1419 cancel_delayed_work_sync(&hdev->service_cache);
1424 err = update_class(hdev);
1428 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1429 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1430 hdev->dev_class, 3);
1434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1439 hci_dev_unlock(hdev);
1443 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1446 struct mgmt_cp_load_link_keys *cp = data;
1447 u16 key_count, expected_len;
1450 key_count = __le16_to_cpu(cp->key_count);
1452 expected_len = sizeof(*cp) + key_count *
1453 sizeof(struct mgmt_link_key_info);
1454 if (expected_len != len) {
1455 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1457 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1458 MGMT_STATUS_INVALID_PARAMS);
1461 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1466 hci_link_keys_clear(hdev);
1468 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1471 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1473 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1475 for (i = 0; i < key_count; i++) {
1476 struct mgmt_link_key_info *key = &cp->keys[i];
1478 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1479 key->type, key->pin_len);
1482 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1484 hci_dev_unlock(hdev);
1489 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1490 u8 addr_type, struct sock *skip_sk)
1492 struct mgmt_ev_device_unpaired ev;
1494 bacpy(&ev.addr.bdaddr, bdaddr);
1495 ev.addr.type = addr_type;
1497 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1501 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1504 struct mgmt_cp_unpair_device *cp = data;
1505 struct mgmt_rp_unpair_device rp;
1506 struct hci_cp_disconnect dc;
1507 struct pending_cmd *cmd;
1508 struct hci_conn *conn;
1513 memset(&rp, 0, sizeof(rp));
1514 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1515 rp.addr.type = cp->addr.type;
1517 if (!hdev_is_powered(hdev)) {
1518 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1519 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1523 if (cp->addr.type == BDADDR_BREDR)
1524 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1526 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1529 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1530 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1534 if (cp->disconnect) {
1535 if (cp->addr.type == BDADDR_BREDR)
1536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1539 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1546 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1548 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1552 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1559 dc.handle = cpu_to_le16(conn->handle);
1560 dc.reason = 0x13; /* Remote User Terminated Connection */
1561 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1563 mgmt_pending_remove(cmd);
1566 hci_dev_unlock(hdev);
1570 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1573 struct mgmt_cp_disconnect *cp = data;
1574 struct hci_cp_disconnect dc;
1575 struct pending_cmd *cmd;
1576 struct hci_conn *conn;
1583 if (!test_bit(HCI_UP, &hdev->flags)) {
1584 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1585 MGMT_STATUS_NOT_POWERED);
1589 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1590 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1595 if (cp->addr.type == BDADDR_BREDR)
1596 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1601 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1602 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1603 MGMT_STATUS_NOT_CONNECTED);
1607 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1613 dc.handle = cpu_to_le16(conn->handle);
1614 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1616 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1618 mgmt_pending_remove(cmd);
1621 hci_dev_unlock(hdev);
1625 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1627 switch (link_type) {
1629 switch (addr_type) {
1630 case ADDR_LE_DEV_PUBLIC:
1631 return BDADDR_LE_PUBLIC;
1634 /* Fallback to LE Random address type */
1635 return BDADDR_LE_RANDOM;
1639 /* Fallback to BR/EDR type */
1640 return BDADDR_BREDR;
1644 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1647 struct mgmt_rp_get_connections *rp;
1657 if (!hdev_is_powered(hdev)) {
1658 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1659 MGMT_STATUS_NOT_POWERED);
1664 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1665 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1669 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1670 rp = kmalloc(rp_len, GFP_KERNEL);
1677 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1678 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1680 bacpy(&rp->addr[i].bdaddr, &c->dst);
1681 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1682 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1687 rp->conn_count = cpu_to_le16(i);
1689 /* Recalculate length in case of filtered SCO connections, etc */
1690 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1692 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1698 hci_dev_unlock(hdev);
1702 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1703 struct mgmt_cp_pin_code_neg_reply *cp)
1705 struct pending_cmd *cmd;
1708 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1713 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1714 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1716 mgmt_pending_remove(cmd);
1721 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1724 struct hci_conn *conn;
1725 struct mgmt_cp_pin_code_reply *cp = data;
1726 struct hci_cp_pin_code_reply reply;
1727 struct pending_cmd *cmd;
1734 if (!hdev_is_powered(hdev)) {
1735 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1736 MGMT_STATUS_NOT_POWERED);
1740 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1742 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1743 MGMT_STATUS_NOT_CONNECTED);
1747 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1748 struct mgmt_cp_pin_code_neg_reply ncp;
1750 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1752 BT_ERR("PIN code is not 16 bytes long");
1754 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1756 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1757 MGMT_STATUS_INVALID_PARAMS);
1762 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1768 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1769 reply.pin_len = cp->pin_len;
1770 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1772 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1774 mgmt_pending_remove(cmd);
1777 hci_dev_unlock(hdev);
1781 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1784 struct mgmt_cp_set_io_capability *cp = data;
1790 hdev->io_capability = cp->io_capability;
1792 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1793 hdev->io_capability);
1795 hci_dev_unlock(hdev);
1797 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1801 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1803 struct hci_dev *hdev = conn->hdev;
1804 struct pending_cmd *cmd;
1806 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1807 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1810 if (cmd->user_data != conn)
1819 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1821 struct mgmt_rp_pair_device rp;
1822 struct hci_conn *conn = cmd->user_data;
1824 bacpy(&rp.addr.bdaddr, &conn->dst);
1825 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1827 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1830 /* So we don't get further callbacks for this connection */
1831 conn->connect_cfm_cb = NULL;
1832 conn->security_cfm_cb = NULL;
1833 conn->disconn_cfm_cb = NULL;
1837 mgmt_pending_remove(cmd);
1840 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1842 struct pending_cmd *cmd;
1844 BT_DBG("status %u", status);
1846 cmd = find_pairing(conn);
1848 BT_DBG("Unable to find a pending command");
1850 pairing_complete(cmd, mgmt_status(status));
1853 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1855 struct pending_cmd *cmd;
1857 BT_DBG("status %u", status);
1862 cmd = find_pairing(conn);
1864 BT_DBG("Unable to find a pending command");
1866 pairing_complete(cmd, mgmt_status(status));
1869 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1872 struct mgmt_cp_pair_device *cp = data;
1873 struct mgmt_rp_pair_device rp;
1874 struct pending_cmd *cmd;
1875 u8 sec_level, auth_type;
1876 struct hci_conn *conn;
1883 if (!hdev_is_powered(hdev)) {
1884 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1885 MGMT_STATUS_NOT_POWERED);
1889 sec_level = BT_SECURITY_MEDIUM;
1890 if (cp->io_cap == 0x03)
1891 auth_type = HCI_AT_DEDICATED_BONDING;
1893 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1895 if (cp->addr.type == BDADDR_BREDR)
1896 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1897 cp->addr.type, sec_level, auth_type);
1899 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1900 cp->addr.type, sec_level, auth_type);
1902 memset(&rp, 0, sizeof(rp));
1903 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1904 rp.addr.type = cp->addr.type;
1909 if (PTR_ERR(conn) == -EBUSY)
1910 status = MGMT_STATUS_BUSY;
1912 status = MGMT_STATUS_CONNECT_FAILED;
1914 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1920 if (conn->connect_cfm_cb) {
1922 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1923 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1927 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1934 /* For LE, just connecting isn't a proof that the pairing finished */
1935 if (cp->addr.type == BDADDR_BREDR)
1936 conn->connect_cfm_cb = pairing_complete_cb;
1938 conn->connect_cfm_cb = le_connect_complete_cb;
1940 conn->security_cfm_cb = pairing_complete_cb;
1941 conn->disconn_cfm_cb = pairing_complete_cb;
1942 conn->io_capability = cp->io_cap;
1943 cmd->user_data = conn;
1945 if (conn->state == BT_CONNECTED &&
1946 hci_conn_security(conn, sec_level, auth_type))
1947 pairing_complete(cmd, 0);
1952 hci_dev_unlock(hdev);
1956 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1959 struct mgmt_addr_info *addr = data;
1960 struct pending_cmd *cmd;
1961 struct hci_conn *conn;
1968 if (!hdev_is_powered(hdev)) {
1969 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1970 MGMT_STATUS_NOT_POWERED);
1974 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1976 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1977 MGMT_STATUS_INVALID_PARAMS);
1981 conn = cmd->user_data;
1983 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1984 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1985 MGMT_STATUS_INVALID_PARAMS);
1989 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1991 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1992 addr, sizeof(*addr));
1994 hci_dev_unlock(hdev);
1998 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1999 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2000 u16 hci_op, __le32 passkey)
2002 struct pending_cmd *cmd;
2003 struct hci_conn *conn;
2008 if (!hdev_is_powered(hdev)) {
2009 err = cmd_status(sk, hdev->id, mgmt_op,
2010 MGMT_STATUS_NOT_POWERED);
2014 if (type == BDADDR_BREDR)
2015 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2017 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2020 err = cmd_status(sk, hdev->id, mgmt_op,
2021 MGMT_STATUS_NOT_CONNECTED);
2025 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2026 /* Continue with pairing via SMP */
2027 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2030 err = cmd_status(sk, hdev->id, mgmt_op,
2031 MGMT_STATUS_SUCCESS);
2033 err = cmd_status(sk, hdev->id, mgmt_op,
2034 MGMT_STATUS_FAILED);
2039 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2045 /* Continue with pairing via HCI */
2046 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2047 struct hci_cp_user_passkey_reply cp;
2049 bacpy(&cp.bdaddr, bdaddr);
2050 cp.passkey = passkey;
2051 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2053 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2056 mgmt_pending_remove(cmd);
2059 hci_dev_unlock(hdev);
2063 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2064 void *data, u16 len)
2066 struct mgmt_cp_pin_code_neg_reply *cp = data;
2070 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2071 MGMT_OP_PIN_CODE_NEG_REPLY,
2072 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2075 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2078 struct mgmt_cp_user_confirm_reply *cp = data;
2082 if (len != sizeof(*cp))
2083 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2084 MGMT_STATUS_INVALID_PARAMS);
2086 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2087 MGMT_OP_USER_CONFIRM_REPLY,
2088 HCI_OP_USER_CONFIRM_REPLY, 0);
2091 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2092 void *data, u16 len)
2094 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2098 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2099 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2100 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2103 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2106 struct mgmt_cp_user_passkey_reply *cp = data;
2110 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2111 MGMT_OP_USER_PASSKEY_REPLY,
2112 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2115 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2116 void *data, u16 len)
2118 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2122 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2123 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2124 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2127 static int update_name(struct hci_dev *hdev, const char *name)
2129 struct hci_cp_write_local_name cp;
2131 memcpy(cp.name, name, sizeof(cp.name));
2133 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2136 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2139 struct mgmt_cp_set_local_name *cp = data;
2140 struct pending_cmd *cmd;
2147 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2149 if (!hdev_is_powered(hdev)) {
2150 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2152 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2157 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2163 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2169 err = update_name(hdev, cp->name);
2171 mgmt_pending_remove(cmd);
2174 hci_dev_unlock(hdev);
2178 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2179 void *data, u16 data_len)
2181 struct pending_cmd *cmd;
2184 BT_DBG("%s", hdev->name);
2188 if (!hdev_is_powered(hdev)) {
2189 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2190 MGMT_STATUS_NOT_POWERED);
2194 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2195 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2196 MGMT_STATUS_NOT_SUPPORTED);
2200 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2201 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2206 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2212 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2214 mgmt_pending_remove(cmd);
2217 hci_dev_unlock(hdev);
2221 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2222 void *data, u16 len)
2224 struct mgmt_cp_add_remote_oob_data *cp = data;
2228 BT_DBG("%s ", hdev->name);
2232 if (!hdev_is_powered(hdev)) {
2233 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2234 MGMT_STATUS_NOT_POWERED, &cp->addr,
2239 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2242 status = MGMT_STATUS_FAILED;
2246 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2247 &cp->addr, sizeof(cp->addr));
2250 hci_dev_unlock(hdev);
2254 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2255 void *data, u16 len)
2257 struct mgmt_cp_remove_remote_oob_data *cp = data;
2261 BT_DBG("%s", hdev->name);
2265 if (!hdev_is_powered(hdev)) {
2266 err = cmd_complete(sk, hdev->id,
2267 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2268 MGMT_STATUS_NOT_POWERED, &cp->addr,
2273 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2275 status = MGMT_STATUS_INVALID_PARAMS;
2279 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2280 status, &cp->addr, sizeof(cp->addr));
2283 hci_dev_unlock(hdev);
2287 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2291 BT_DBG("%s", hdev->name);
2295 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2297 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2299 hci_dev_unlock(hdev);
2304 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2305 void *data, u16 len)
2307 struct mgmt_cp_start_discovery *cp = data;
2308 struct pending_cmd *cmd;
2311 BT_DBG("%s", hdev->name);
2315 if (!hdev_is_powered(hdev)) {
2316 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2317 MGMT_STATUS_NOT_POWERED);
2321 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2322 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2327 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2328 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2333 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2339 hdev->discovery.type = cp->type;
2341 switch (hdev->discovery.type) {
2342 case DISCOV_TYPE_BREDR:
2343 if (lmp_bredr_capable(hdev))
2344 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2349 case DISCOV_TYPE_LE:
2350 if (lmp_host_le_capable(hdev))
2351 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2352 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2357 case DISCOV_TYPE_INTERLEAVED:
2358 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2359 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2361 LE_SCAN_TIMEOUT_BREDR_LE);
2371 mgmt_pending_remove(cmd);
2373 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2376 hci_dev_unlock(hdev);
2380 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2383 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2384 struct pending_cmd *cmd;
2385 struct hci_cp_remote_name_req_cancel cp;
2386 struct inquiry_entry *e;
2389 BT_DBG("%s", hdev->name);
2393 if (!hci_discovery_active(hdev)) {
2394 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2395 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2396 sizeof(mgmt_cp->type));
2400 if (hdev->discovery.type != mgmt_cp->type) {
2401 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2402 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2403 sizeof(mgmt_cp->type));
2407 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2413 switch (hdev->discovery.state) {
2414 case DISCOVERY_FINDING:
2415 if (test_bit(HCI_INQUIRY, &hdev->flags))
2416 err = hci_cancel_inquiry(hdev);
2418 err = hci_cancel_le_scan(hdev);
2422 case DISCOVERY_RESOLVING:
2423 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2426 mgmt_pending_remove(cmd);
2427 err = cmd_complete(sk, hdev->id,
2428 MGMT_OP_STOP_DISCOVERY, 0,
2430 sizeof(mgmt_cp->type));
2431 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2435 bacpy(&cp.bdaddr, &e->data.bdaddr);
2436 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2442 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2447 mgmt_pending_remove(cmd);
2449 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2452 hci_dev_unlock(hdev);
2456 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2459 struct mgmt_cp_confirm_name *cp = data;
2460 struct inquiry_entry *e;
2463 BT_DBG("%s", hdev->name);
2467 if (!hci_discovery_active(hdev)) {
2468 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2469 MGMT_STATUS_FAILED);
2473 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2475 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2476 MGMT_STATUS_INVALID_PARAMS);
2480 if (cp->name_known) {
2481 e->name_state = NAME_KNOWN;
2484 e->name_state = NAME_NEEDED;
2485 hci_inquiry_cache_update_resolve(hdev, e);
2491 hci_dev_unlock(hdev);
2495 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2498 struct mgmt_cp_block_device *cp = data;
2502 BT_DBG("%s", hdev->name);
2506 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2508 status = MGMT_STATUS_FAILED;
2512 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2513 &cp->addr, sizeof(cp->addr));
2515 hci_dev_unlock(hdev);
2520 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2523 struct mgmt_cp_unblock_device *cp = data;
2527 BT_DBG("%s", hdev->name);
2531 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2533 status = MGMT_STATUS_INVALID_PARAMS;
2537 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2538 &cp->addr, sizeof(cp->addr));
2540 hci_dev_unlock(hdev);
2545 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2548 struct mgmt_cp_set_device_id *cp = data;
2552 BT_DBG("%s", hdev->name);
2554 source = __le16_to_cpu(cp->source);
2556 if (source > 0x0002)
2557 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2558 MGMT_STATUS_INVALID_PARAMS);
2562 hdev->devid_source = source;
2563 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2564 hdev->devid_product = __le16_to_cpu(cp->product);
2565 hdev->devid_version = __le16_to_cpu(cp->version);
2567 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2571 hci_dev_unlock(hdev);
2576 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2577 void *data, u16 len)
2579 struct mgmt_mode *cp = data;
2580 struct hci_cp_write_page_scan_activity acp;
2584 BT_DBG("%s", hdev->name);
2586 if (!hdev_is_powered(hdev))
2587 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2588 MGMT_STATUS_NOT_POWERED);
2590 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2591 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2592 MGMT_STATUS_REJECTED);
2597 type = PAGE_SCAN_TYPE_INTERLACED;
2599 /* 160 msec page scan interval */
2600 acp.interval = __constant_cpu_to_le16(0x0100);
2602 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2604 /* default 1.28 sec page scan */
2605 acp.interval = __constant_cpu_to_le16(0x0800);
2608 /* default 11.25 msec page scan window */
2609 acp.window = __constant_cpu_to_le16(0x0012);
2611 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2614 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2615 MGMT_STATUS_FAILED);
2619 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2621 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2622 MGMT_STATUS_FAILED);
2626 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2629 hci_dev_unlock(hdev);
2633 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2634 void *cp_data, u16 len)
2636 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2637 u16 key_count, expected_len;
2640 key_count = __le16_to_cpu(cp->key_count);
2642 expected_len = sizeof(*cp) + key_count *
2643 sizeof(struct mgmt_ltk_info);
2644 if (expected_len != len) {
2645 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2647 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2651 BT_DBG("%s key_count %u", hdev->name, key_count);
2655 hci_smp_ltks_clear(hdev);
2657 for (i = 0; i < key_count; i++) {
2658 struct mgmt_ltk_info *key = &cp->keys[i];
2664 type = HCI_SMP_LTK_SLAVE;
2666 hci_add_ltk(hdev, &key->addr.bdaddr,
2667 bdaddr_to_le(key->addr.type),
2668 type, 0, key->authenticated, key->val,
2669 key->enc_size, key->ediv, key->rand);
2672 hci_dev_unlock(hdev);
2677 static const struct mgmt_handler {
2678 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2682 } mgmt_handlers[] = {
2683 { NULL }, /* 0x0000 (no command) */
2684 { read_version, false, MGMT_READ_VERSION_SIZE },
2685 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2686 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2687 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2688 { set_powered, false, MGMT_SETTING_SIZE },
2689 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2690 { set_connectable, false, MGMT_SETTING_SIZE },
2691 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2692 { set_pairable, false, MGMT_SETTING_SIZE },
2693 { set_link_security, false, MGMT_SETTING_SIZE },
2694 { set_ssp, false, MGMT_SETTING_SIZE },
2695 { set_hs, false, MGMT_SETTING_SIZE },
2696 { set_le, false, MGMT_SETTING_SIZE },
2697 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2698 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2699 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2700 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2701 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2702 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2703 { disconnect, false, MGMT_DISCONNECT_SIZE },
2704 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2705 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2706 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2707 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2708 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2709 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2710 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2711 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2712 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2713 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2714 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2715 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2716 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2717 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2718 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2719 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2720 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2721 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2722 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2723 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2727 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2731 struct mgmt_hdr *hdr;
2732 u16 opcode, index, len;
2733 struct hci_dev *hdev = NULL;
2734 const struct mgmt_handler *handler;
2737 BT_DBG("got %zu bytes", msglen);
2739 if (msglen < sizeof(*hdr))
2742 buf = kmalloc(msglen, GFP_KERNEL);
2746 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2752 opcode = __le16_to_cpu(hdr->opcode);
2753 index = __le16_to_cpu(hdr->index);
2754 len = __le16_to_cpu(hdr->len);
2756 if (len != msglen - sizeof(*hdr)) {
2761 if (index != MGMT_INDEX_NONE) {
2762 hdev = hci_dev_get(index);
2764 err = cmd_status(sk, index, opcode,
2765 MGMT_STATUS_INVALID_INDEX);
2770 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2771 mgmt_handlers[opcode].func == NULL) {
2772 BT_DBG("Unknown op %u", opcode);
2773 err = cmd_status(sk, index, opcode,
2774 MGMT_STATUS_UNKNOWN_COMMAND);
2778 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2779 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2780 err = cmd_status(sk, index, opcode,
2781 MGMT_STATUS_INVALID_INDEX);
2785 handler = &mgmt_handlers[opcode];
2787 if ((handler->var_len && len < handler->data_len) ||
2788 (!handler->var_len && len != handler->data_len)) {
2789 err = cmd_status(sk, index, opcode,
2790 MGMT_STATUS_INVALID_PARAMS);
2795 mgmt_init_hdev(sk, hdev);
2797 cp = buf + sizeof(*hdr);
2799 err = handler->func(sk, hdev, cp, len);
2813 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2817 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2818 mgmt_pending_remove(cmd);
2821 int mgmt_index_added(struct hci_dev *hdev)
2823 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2826 int mgmt_index_removed(struct hci_dev *hdev)
2828 u8 status = MGMT_STATUS_INVALID_INDEX;
2830 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2832 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2837 struct hci_dev *hdev;
2841 static void settings_rsp(struct pending_cmd *cmd, void *data)
2843 struct cmd_lookup *match = data;
2845 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2847 list_del(&cmd->list);
2849 if (match->sk == NULL) {
2850 match->sk = cmd->sk;
2851 sock_hold(match->sk);
2854 mgmt_pending_free(cmd);
2857 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2859 struct cmd_lookup match = { NULL, hdev };
2862 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2865 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2870 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2872 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2873 scan |= SCAN_INQUIRY;
2876 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2878 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2881 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2884 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2885 struct hci_cp_write_le_host_supported cp;
2888 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2890 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2895 update_name(hdev, hdev->dev_name);
2898 u8 status = MGMT_STATUS_NOT_POWERED;
2899 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2902 err = new_settings(hdev, match.sk);
2910 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2912 struct cmd_lookup match = { NULL, hdev };
2913 bool changed = false;
2917 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2920 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2924 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2928 err = new_settings(hdev, match.sk);
2936 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2938 struct cmd_lookup match = { NULL, hdev };
2939 bool changed = false;
2943 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2946 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2950 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2954 err = new_settings(hdev, match.sk);
2962 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2964 u8 mgmt_err = mgmt_status(status);
2966 if (scan & SCAN_PAGE)
2967 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2968 cmd_status_rsp, &mgmt_err);
2970 if (scan & SCAN_INQUIRY)
2971 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2972 cmd_status_rsp, &mgmt_err);
2977 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2980 struct mgmt_ev_new_link_key ev;
2982 memset(&ev, 0, sizeof(ev));
2984 ev.store_hint = persistent;
2985 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2986 ev.key.addr.type = BDADDR_BREDR;
2987 ev.key.type = key->type;
2988 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
2989 ev.key.pin_len = key->pin_len;
2991 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2994 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2996 struct mgmt_ev_new_long_term_key ev;
2998 memset(&ev, 0, sizeof(ev));
3000 ev.store_hint = persistent;
3001 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3002 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3003 ev.key.authenticated = key->authenticated;
3004 ev.key.enc_size = key->enc_size;
3005 ev.key.ediv = key->ediv;
3007 if (key->type == HCI_SMP_LTK)
3010 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3011 memcpy(ev.key.val, key->val, sizeof(key->val));
3013 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3017 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3018 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3022 struct mgmt_ev_device_connected *ev = (void *) buf;
3025 bacpy(&ev->addr.bdaddr, bdaddr);
3026 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3028 ev->flags = __cpu_to_le32(flags);
3031 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3034 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3035 eir_len = eir_append_data(ev->eir, eir_len,
3036 EIR_CLASS_OF_DEV, dev_class, 3);
3038 ev->eir_len = cpu_to_le16(eir_len);
3040 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3041 sizeof(*ev) + eir_len, NULL);
3044 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3046 struct mgmt_cp_disconnect *cp = cmd->param;
3047 struct sock **sk = data;
3048 struct mgmt_rp_disconnect rp;
3050 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3051 rp.addr.type = cp->addr.type;
3053 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3059 mgmt_pending_remove(cmd);
3062 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3064 struct hci_dev *hdev = data;
3065 struct mgmt_cp_unpair_device *cp = cmd->param;
3066 struct mgmt_rp_unpair_device rp;
3068 memset(&rp, 0, sizeof(rp));
3069 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3070 rp.addr.type = cp->addr.type;
3072 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3074 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3076 mgmt_pending_remove(cmd);
3079 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3080 u8 link_type, u8 addr_type)
3082 struct mgmt_addr_info ev;
3083 struct sock *sk = NULL;
3086 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3088 bacpy(&ev.bdaddr, bdaddr);
3089 ev.type = link_to_bdaddr(link_type, addr_type);
3091 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3097 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3103 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3104 u8 link_type, u8 addr_type, u8 status)
3106 struct mgmt_rp_disconnect rp;
3107 struct pending_cmd *cmd;
3110 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3114 bacpy(&rp.addr.bdaddr, bdaddr);
3115 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3117 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3118 mgmt_status(status), &rp, sizeof(rp));
3120 mgmt_pending_remove(cmd);
3122 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3127 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3128 u8 addr_type, u8 status)
3130 struct mgmt_ev_connect_failed ev;
3132 bacpy(&ev.addr.bdaddr, bdaddr);
3133 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3134 ev.status = mgmt_status(status);
3136 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3139 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3141 struct mgmt_ev_pin_code_request ev;
3143 bacpy(&ev.addr.bdaddr, bdaddr);
3144 ev.addr.type = BDADDR_BREDR;
3147 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3151 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3154 struct pending_cmd *cmd;
3155 struct mgmt_rp_pin_code_reply rp;
3158 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3162 bacpy(&rp.addr.bdaddr, bdaddr);
3163 rp.addr.type = BDADDR_BREDR;
3165 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3166 mgmt_status(status), &rp, sizeof(rp));
3168 mgmt_pending_remove(cmd);
3173 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3176 struct pending_cmd *cmd;
3177 struct mgmt_rp_pin_code_reply rp;
3180 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3184 bacpy(&rp.addr.bdaddr, bdaddr);
3185 rp.addr.type = BDADDR_BREDR;
3187 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3188 mgmt_status(status), &rp, sizeof(rp));
3190 mgmt_pending_remove(cmd);
3195 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3196 u8 link_type, u8 addr_type, __le32 value,
3199 struct mgmt_ev_user_confirm_request ev;
3201 BT_DBG("%s", hdev->name);
3203 bacpy(&ev.addr.bdaddr, bdaddr);
3204 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3205 ev.confirm_hint = confirm_hint;
3208 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3212 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3213 u8 link_type, u8 addr_type)
3215 struct mgmt_ev_user_passkey_request ev;
3217 BT_DBG("%s", hdev->name);
3219 bacpy(&ev.addr.bdaddr, bdaddr);
3220 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3222 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3226 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3227 u8 link_type, u8 addr_type, u8 status,
3230 struct pending_cmd *cmd;
3231 struct mgmt_rp_user_confirm_reply rp;
3234 cmd = mgmt_pending_find(opcode, hdev);
3238 bacpy(&rp.addr.bdaddr, bdaddr);
3239 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3240 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3243 mgmt_pending_remove(cmd);
3248 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3249 u8 link_type, u8 addr_type, u8 status)
3251 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3252 status, MGMT_OP_USER_CONFIRM_REPLY);
3255 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3256 u8 link_type, u8 addr_type, u8 status)
3258 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3260 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3263 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3264 u8 link_type, u8 addr_type, u8 status)
3266 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3267 status, MGMT_OP_USER_PASSKEY_REPLY);
3270 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3271 u8 link_type, u8 addr_type, u8 status)
3273 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3275 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3278 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3279 u8 addr_type, u8 status)
3281 struct mgmt_ev_auth_failed ev;
3283 bacpy(&ev.addr.bdaddr, bdaddr);
3284 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3285 ev.status = mgmt_status(status);
3287 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3290 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3292 struct cmd_lookup match = { NULL, hdev };
3293 bool changed = false;
3297 u8 mgmt_err = mgmt_status(status);
3298 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3299 cmd_status_rsp, &mgmt_err);
3303 if (test_bit(HCI_AUTH, &hdev->flags)) {
3304 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3307 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3311 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3315 err = new_settings(hdev, match.sk);
3323 static int clear_eir(struct hci_dev *hdev)
3325 struct hci_cp_write_eir cp;
3327 if (!(hdev->features[6] & LMP_EXT_INQ))
3330 memset(hdev->eir, 0, sizeof(hdev->eir));
3332 memset(&cp, 0, sizeof(cp));
3334 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3337 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3339 struct cmd_lookup match = { NULL, hdev };
3340 bool changed = false;
3344 u8 mgmt_err = mgmt_status(status);
3346 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3348 err = new_settings(hdev, NULL);
3350 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3357 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3360 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3364 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3367 err = new_settings(hdev, match.sk);
3372 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3380 static void class_rsp(struct pending_cmd *cmd, void *data)
3382 struct cmd_lookup *match = data;
3384 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3385 match->hdev->dev_class, 3);
3387 list_del(&cmd->list);
3389 if (match->sk == NULL) {
3390 match->sk = cmd->sk;
3391 sock_hold(match->sk);
3394 mgmt_pending_free(cmd);
3397 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3400 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3403 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3405 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3406 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3407 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3410 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3419 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3421 struct pending_cmd *cmd;
3422 struct mgmt_cp_set_local_name ev;
3423 bool changed = false;
3426 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3427 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3431 memset(&ev, 0, sizeof(ev));
3432 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3433 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3435 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3439 /* Always assume that either the short or the complete name has
3440 * changed if there was a pending mgmt command */
3444 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3445 mgmt_status(status));
3449 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3456 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3457 sizeof(ev), cmd ? cmd->sk : NULL);
3463 mgmt_pending_remove(cmd);
3467 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3468 u8 *randomizer, u8 status)
3470 struct pending_cmd *cmd;
3473 BT_DBG("%s status %u", hdev->name, status);
3475 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3480 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3481 mgmt_status(status));
3483 struct mgmt_rp_read_local_oob_data rp;
3485 memcpy(rp.hash, hash, sizeof(rp.hash));
3486 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3488 err = cmd_complete(cmd->sk, hdev->id,
3489 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3493 mgmt_pending_remove(cmd);
3498 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3500 struct cmd_lookup match = { NULL, hdev };
3501 bool changed = false;
3505 u8 mgmt_err = mgmt_status(status);
3507 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3509 err = new_settings(hdev, NULL);
3511 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3518 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3521 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3525 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3528 err = new_settings(hdev, match.sk);
3536 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3537 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3538 ssp, u8 *eir, u16 eir_len)
3541 struct mgmt_ev_device_found *ev = (void *) buf;
3544 /* Leave 5 bytes for a potential CoD field */
3545 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3548 memset(buf, 0, sizeof(buf));
3550 bacpy(&ev->addr.bdaddr, bdaddr);
3551 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3554 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3556 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3559 memcpy(ev->eir, eir, eir_len);
3561 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3562 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3565 ev->eir_len = cpu_to_le16(eir_len);
3566 ev_size = sizeof(*ev) + eir_len;
3568 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3571 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3572 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3574 struct mgmt_ev_device_found *ev;
3575 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3578 ev = (struct mgmt_ev_device_found *) buf;
3580 memset(buf, 0, sizeof(buf));
3582 bacpy(&ev->addr.bdaddr, bdaddr);
3583 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3586 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3589 ev->eir_len = cpu_to_le16(eir_len);
3591 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3592 sizeof(*ev) + eir_len, NULL);
3595 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3597 struct pending_cmd *cmd;
3601 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3603 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3607 type = hdev->discovery.type;
3609 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3610 &type, sizeof(type));
3611 mgmt_pending_remove(cmd);
3616 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3618 struct pending_cmd *cmd;
3621 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3625 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3626 &hdev->discovery.type, sizeof(hdev->discovery.type));
3627 mgmt_pending_remove(cmd);
3632 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3634 struct mgmt_ev_discovering ev;
3635 struct pending_cmd *cmd;
3637 BT_DBG("%s discovering %u", hdev->name, discovering);
3640 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3642 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3645 u8 type = hdev->discovery.type;
3647 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3649 mgmt_pending_remove(cmd);
3652 memset(&ev, 0, sizeof(ev));
3653 ev.type = hdev->discovery.type;
3654 ev.discovering = discovering;
3656 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3659 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3661 struct pending_cmd *cmd;
3662 struct mgmt_ev_device_blocked ev;
3664 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3666 bacpy(&ev.addr.bdaddr, bdaddr);
3667 ev.addr.type = type;
3669 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3670 cmd ? cmd->sk : NULL);
3673 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3675 struct pending_cmd *cmd;
3676 struct mgmt_ev_device_unblocked ev;
3678 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3680 bacpy(&ev.addr.bdaddr, bdaddr);
3681 ev.addr.type = type;
3683 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3684 cmd ? cmd->sk : NULL);
3687 module_param(enable_hs, bool, 0644);
3688 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / platform / adaptation / renesas_rcar / renesas_kernel.git / blob