2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 3
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
446 list_for_each_entry(uuid, &hdev->uuids, list) {
449 if (uuid->size != 16)
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
462 uuids_start[1] = EIR_UUID16_ALL;
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
480 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
495 uuids_start[1] = EIR_UUID32_ALL;
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
507 uuids_start[0] += sizeof(u32);
513 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
528 uuids_start[1] = EIR_UUID128_ALL;
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
538 memcpy(ptr, uuid->uuid, 16);
540 uuids_start[0] += 16;
546 static void create_eir(struct hci_dev *hdev, u8 *data)
551 name_len = strlen(hdev->dev_name);
557 ptr[1] = EIR_NAME_SHORT;
559 ptr[1] = EIR_NAME_COMPLETE;
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
564 memcpy(ptr + 2, hdev->dev_name, name_len);
566 ptr += (name_len + 2);
569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
577 if (hdev->devid_source > 0) {
579 ptr[1] = EIR_DEVICE_ID;
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
594 static int update_eir(struct hci_dev *hdev)
596 struct hci_cp_write_eir cp;
598 if (!hdev_is_powered(hdev))
601 if (!lmp_ext_inq_capable(hdev))
604 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
607 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
610 memset(&cp, 0, sizeof(cp));
612 create_eir(hdev, cp.data);
614 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
617 memcpy(hdev->eir, cp.data, sizeof(cp.data));
619 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
622 static u8 get_service_classes(struct hci_dev *hdev)
624 struct bt_uuid *uuid;
627 list_for_each_entry(uuid, &hdev->uuids, list)
628 val |= uuid->svc_hint;
633 static int update_class(struct hci_dev *hdev)
638 BT_DBG("%s", hdev->name);
640 if (!hdev_is_powered(hdev))
643 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
646 cod[0] = hdev->minor_class;
647 cod[1] = hdev->major_class;
648 cod[2] = get_service_classes(hdev);
650 if (memcmp(cod, hdev->dev_class, 3) == 0)
653 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
655 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
660 static void service_cache_off(struct work_struct *work)
662 struct hci_dev *hdev = container_of(work, struct hci_dev,
665 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
673 hci_dev_unlock(hdev);
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
694 struct mgmt_rp_read_info rp;
696 BT_DBG("sock %p %s", sk, hdev->name);
700 memset(&rp, 0, sizeof(rp));
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
710 memcpy(rp.dev_class, hdev->dev_class, 3);
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
715 hci_dev_unlock(hdev);
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
721 static void mgmt_pending_free(struct pending_cmd *cmd)
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
732 struct pending_cmd *cmd;
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
741 cmd->param = kmalloc(len, GFP_KERNEL);
748 memcpy(cmd->param, data, len);
753 list_add(&cmd->list, &hdev->mgmt_pending);
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
763 struct pending_cmd *cmd, *tmp;
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
775 struct pending_cmd *cmd;
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
806 BT_DBG("request for %s", hdev->name);
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
814 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
815 cancel_delayed_work(&hdev->power_off);
818 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
820 err = mgmt_powered(hdev, 1);
825 if (!!cp->val == hdev_is_powered(hdev)) {
826 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
830 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
831 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
843 queue_work(hdev->req_workqueue, &hdev->power_on);
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
850 hci_dev_unlock(hdev);
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
858 struct mgmt_hdr *hdr;
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
867 hdr->index = cpu_to_le16(hdev->id);
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
873 memcpy(skb_put(skb, data_len), data, data_len);
876 __net_timestamp(skb);
878 hci_send_to_control(skb, skip_sk);
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
888 ev = cpu_to_le32(get_current_settings(hdev));
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
893 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
896 struct mgmt_cp_set_discoverable *cp = data;
897 struct pending_cmd *cmd;
902 BT_DBG("request for %s", hdev->name);
904 if (!lmp_bredr_capable(hdev))
905 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_NOT_SUPPORTED);
908 if (cp->val != 0x00 && cp->val != 0x01)
909 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
910 MGMT_STATUS_INVALID_PARAMS);
912 timeout = __le16_to_cpu(cp->timeout);
913 if (!cp->val && timeout > 0)
914 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
915 MGMT_STATUS_INVALID_PARAMS);
919 if (!hdev_is_powered(hdev) && timeout > 0) {
920 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
921 MGMT_STATUS_NOT_POWERED);
925 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
926 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
927 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
932 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
933 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
934 MGMT_STATUS_REJECTED);
938 if (!hdev_is_powered(hdev)) {
939 bool changed = false;
941 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
942 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
946 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
951 err = new_settings(hdev, sk);
956 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
957 if (hdev->discov_timeout > 0) {
958 cancel_delayed_work(&hdev->discov_off);
959 hdev->discov_timeout = 0;
962 if (cp->val && timeout > 0) {
963 hdev->discov_timeout = timeout;
964 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
965 msecs_to_jiffies(hdev->discov_timeout * 1000));
968 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
972 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
981 scan |= SCAN_INQUIRY;
983 cancel_delayed_work(&hdev->discov_off);
985 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
987 mgmt_pending_remove(cmd);
990 hdev->discov_timeout = timeout;
993 hci_dev_unlock(hdev);
997 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
1000 struct mgmt_mode *cp = data;
1001 struct pending_cmd *cmd;
1005 BT_DBG("request for %s", hdev->name);
1007 if (!lmp_bredr_capable(hdev))
1008 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1009 MGMT_STATUS_NOT_SUPPORTED);
1011 if (cp->val != 0x00 && cp->val != 0x01)
1012 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1013 MGMT_STATUS_INVALID_PARAMS);
1017 if (!hdev_is_powered(hdev)) {
1018 bool changed = false;
1020 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1024 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1026 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1027 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1030 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1035 err = new_settings(hdev, sk);
1040 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1041 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1042 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1047 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1048 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1052 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1063 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1064 hdev->discov_timeout > 0)
1065 cancel_delayed_work(&hdev->discov_off);
1068 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1070 mgmt_pending_remove(cmd);
1073 hci_dev_unlock(hdev);
1077 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1080 struct mgmt_mode *cp = data;
1083 BT_DBG("request for %s", hdev->name);
1085 if (cp->val != 0x00 && cp->val != 0x01)
1086 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1087 MGMT_STATUS_INVALID_PARAMS);
1092 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1094 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1096 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1100 err = new_settings(hdev, sk);
1103 hci_dev_unlock(hdev);
1107 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1110 struct mgmt_mode *cp = data;
1111 struct pending_cmd *cmd;
1115 BT_DBG("request for %s", hdev->name);
1117 if (!lmp_bredr_capable(hdev))
1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1119 MGMT_STATUS_NOT_SUPPORTED);
1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1123 MGMT_STATUS_INVALID_PARAMS);
1127 if (!hdev_is_powered(hdev)) {
1128 bool changed = false;
1130 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1131 &hdev->dev_flags)) {
1132 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1136 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1141 err = new_settings(hdev, sk);
1146 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1154 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1155 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1159 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1165 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1167 mgmt_pending_remove(cmd);
1172 hci_dev_unlock(hdev);
1176 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1178 struct mgmt_mode *cp = data;
1179 struct pending_cmd *cmd;
1183 BT_DBG("request for %s", hdev->name);
1185 if (!lmp_ssp_capable(hdev))
1186 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1187 MGMT_STATUS_NOT_SUPPORTED);
1189 if (cp->val != 0x00 && cp->val != 0x01)
1190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1191 MGMT_STATUS_INVALID_PARAMS);
1197 if (!hdev_is_powered(hdev)) {
1198 bool changed = false;
1200 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1201 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1205 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1210 err = new_settings(hdev, sk);
1215 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1216 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1221 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1222 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1226 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1234 mgmt_pending_remove(cmd);
1239 hci_dev_unlock(hdev);
1243 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1245 struct mgmt_mode *cp = data;
1247 BT_DBG("request for %s", hdev->name);
1250 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1251 MGMT_STATUS_NOT_SUPPORTED);
1253 if (cp->val != 0x00 && cp->val != 0x01)
1254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1255 MGMT_STATUS_INVALID_PARAMS);
1258 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1260 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1262 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1265 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1267 struct mgmt_mode *cp = data;
1268 struct hci_cp_write_le_host_supported hci_cp;
1269 struct pending_cmd *cmd;
1273 BT_DBG("request for %s", hdev->name);
1275 if (!lmp_le_capable(hdev))
1276 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1277 MGMT_STATUS_NOT_SUPPORTED);
1279 if (cp->val != 0x00 && cp->val != 0x01)
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1281 MGMT_STATUS_INVALID_PARAMS);
1286 enabled = lmp_host_le_capable(hdev);
1288 if (!hdev_is_powered(hdev) || val == enabled) {
1289 bool changed = false;
1291 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1292 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1296 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1301 err = new_settings(hdev, sk);
1306 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1307 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1312 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1318 memset(&hci_cp, 0, sizeof(hci_cp));
1322 hci_cp.simul = lmp_le_br_capable(hdev);
1325 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1328 mgmt_pending_remove(cmd);
1331 hci_dev_unlock(hdev);
1335 static const u8 bluetooth_base_uuid[] = {
1336 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1337 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1340 static u8 get_uuid_size(const u8 *uuid)
1344 if (memcmp(uuid, bluetooth_base_uuid, 12))
1347 val = get_unaligned_le32(&uuid[12]);
1354 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1356 struct mgmt_cp_add_uuid *cp = data;
1357 struct pending_cmd *cmd;
1358 struct bt_uuid *uuid;
1361 BT_DBG("request for %s", hdev->name);
1365 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1366 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1371 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1377 memcpy(uuid->uuid, cp->uuid, 16);
1378 uuid->svc_hint = cp->svc_hint;
1379 uuid->size = get_uuid_size(cp->uuid);
1381 list_add_tail(&uuid->list, &hdev->uuids);
1383 err = update_class(hdev);
1387 err = update_eir(hdev);
1391 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1392 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1393 hdev->dev_class, 3);
1397 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1402 hci_dev_unlock(hdev);
1406 static bool enable_service_cache(struct hci_dev *hdev)
1408 if (!hdev_is_powered(hdev))
1411 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1412 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1420 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1423 struct mgmt_cp_remove_uuid *cp = data;
1424 struct pending_cmd *cmd;
1425 struct bt_uuid *match, *tmp;
1426 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1429 BT_DBG("request for %s", hdev->name);
1433 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1434 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1439 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1440 err = hci_uuids_clear(hdev);
1442 if (enable_service_cache(hdev)) {
1443 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1444 0, hdev->dev_class, 3);
1453 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1454 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1457 list_del(&match->list);
1463 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1464 MGMT_STATUS_INVALID_PARAMS);
1469 err = update_class(hdev);
1473 err = update_eir(hdev);
1477 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1478 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1479 hdev->dev_class, 3);
1483 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1488 hci_dev_unlock(hdev);
1492 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1495 struct mgmt_cp_set_dev_class *cp = data;
1496 struct pending_cmd *cmd;
1499 BT_DBG("request for %s", hdev->name);
1501 if (!lmp_bredr_capable(hdev))
1502 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1503 MGMT_STATUS_NOT_SUPPORTED);
1505 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1506 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1509 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1510 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1511 MGMT_STATUS_INVALID_PARAMS);
1515 hdev->major_class = cp->major;
1516 hdev->minor_class = cp->minor;
1518 if (!hdev_is_powered(hdev)) {
1519 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1520 hdev->dev_class, 3);
1524 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1525 hci_dev_unlock(hdev);
1526 cancel_delayed_work_sync(&hdev->service_cache);
1531 err = update_class(hdev);
1535 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1536 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1537 hdev->dev_class, 3);
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1546 hci_dev_unlock(hdev);
1550 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1553 struct mgmt_cp_load_link_keys *cp = data;
1554 u16 key_count, expected_len;
1557 key_count = __le16_to_cpu(cp->key_count);
1559 expected_len = sizeof(*cp) + key_count *
1560 sizeof(struct mgmt_link_key_info);
1561 if (expected_len != len) {
1562 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1564 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1565 MGMT_STATUS_INVALID_PARAMS);
1568 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1570 MGMT_STATUS_INVALID_PARAMS);
1572 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1575 for (i = 0; i < key_count; i++) {
1576 struct mgmt_link_key_info *key = &cp->keys[i];
1578 if (key->addr.type != BDADDR_BREDR)
1579 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1580 MGMT_STATUS_INVALID_PARAMS);
1585 hci_link_keys_clear(hdev);
1587 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1590 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1592 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1594 for (i = 0; i < key_count; i++) {
1595 struct mgmt_link_key_info *key = &cp->keys[i];
1597 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1598 key->type, key->pin_len);
1601 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1603 hci_dev_unlock(hdev);
1608 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1609 u8 addr_type, struct sock *skip_sk)
1611 struct mgmt_ev_device_unpaired ev;
1613 bacpy(&ev.addr.bdaddr, bdaddr);
1614 ev.addr.type = addr_type;
1616 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1620 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1623 struct mgmt_cp_unpair_device *cp = data;
1624 struct mgmt_rp_unpair_device rp;
1625 struct hci_cp_disconnect dc;
1626 struct pending_cmd *cmd;
1627 struct hci_conn *conn;
1630 memset(&rp, 0, sizeof(rp));
1631 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1632 rp.addr.type = cp->addr.type;
1634 if (!bdaddr_type_is_valid(cp->addr.type))
1635 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1636 MGMT_STATUS_INVALID_PARAMS,
1639 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1640 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1641 MGMT_STATUS_INVALID_PARAMS,
1646 if (!hdev_is_powered(hdev)) {
1647 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1648 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1652 if (cp->addr.type == BDADDR_BREDR)
1653 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1655 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1658 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1659 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1663 if (cp->disconnect) {
1664 if (cp->addr.type == BDADDR_BREDR)
1665 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1668 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1675 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1677 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1681 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1688 dc.handle = cpu_to_le16(conn->handle);
1689 dc.reason = 0x13; /* Remote User Terminated Connection */
1690 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1692 mgmt_pending_remove(cmd);
1695 hci_dev_unlock(hdev);
1699 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1702 struct mgmt_cp_disconnect *cp = data;
1703 struct mgmt_rp_disconnect rp;
1704 struct hci_cp_disconnect dc;
1705 struct pending_cmd *cmd;
1706 struct hci_conn *conn;
1711 memset(&rp, 0, sizeof(rp));
1712 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1713 rp.addr.type = cp->addr.type;
1715 if (!bdaddr_type_is_valid(cp->addr.type))
1716 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1717 MGMT_STATUS_INVALID_PARAMS,
1722 if (!test_bit(HCI_UP, &hdev->flags)) {
1723 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1724 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1728 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1729 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1730 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1734 if (cp->addr.type == BDADDR_BREDR)
1735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1738 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1740 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1741 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1742 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
1746 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1752 dc.handle = cpu_to_le16(conn->handle);
1753 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1755 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1757 mgmt_pending_remove(cmd);
1760 hci_dev_unlock(hdev);
1764 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1766 switch (link_type) {
1768 switch (addr_type) {
1769 case ADDR_LE_DEV_PUBLIC:
1770 return BDADDR_LE_PUBLIC;
1773 /* Fallback to LE Random address type */
1774 return BDADDR_LE_RANDOM;
1778 /* Fallback to BR/EDR type */
1779 return BDADDR_BREDR;
1783 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1786 struct mgmt_rp_get_connections *rp;
1796 if (!hdev_is_powered(hdev)) {
1797 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1798 MGMT_STATUS_NOT_POWERED);
1803 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1804 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1808 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1809 rp = kmalloc(rp_len, GFP_KERNEL);
1816 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1817 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1819 bacpy(&rp->addr[i].bdaddr, &c->dst);
1820 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1821 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1826 rp->conn_count = cpu_to_le16(i);
1828 /* Recalculate length in case of filtered SCO connections, etc */
1829 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1831 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1837 hci_dev_unlock(hdev);
1841 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1842 struct mgmt_cp_pin_code_neg_reply *cp)
1844 struct pending_cmd *cmd;
1847 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1852 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1853 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1855 mgmt_pending_remove(cmd);
1860 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1863 struct hci_conn *conn;
1864 struct mgmt_cp_pin_code_reply *cp = data;
1865 struct hci_cp_pin_code_reply reply;
1866 struct pending_cmd *cmd;
1873 if (!hdev_is_powered(hdev)) {
1874 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1875 MGMT_STATUS_NOT_POWERED);
1879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1881 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1882 MGMT_STATUS_NOT_CONNECTED);
1886 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1887 struct mgmt_cp_pin_code_neg_reply ncp;
1889 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1891 BT_ERR("PIN code is not 16 bytes long");
1893 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1895 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1896 MGMT_STATUS_INVALID_PARAMS);
1901 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1907 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1908 reply.pin_len = cp->pin_len;
1909 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1911 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1913 mgmt_pending_remove(cmd);
1916 hci_dev_unlock(hdev);
1920 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1923 struct mgmt_cp_set_io_capability *cp = data;
1929 hdev->io_capability = cp->io_capability;
1931 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1932 hdev->io_capability);
1934 hci_dev_unlock(hdev);
1936 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1940 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1942 struct hci_dev *hdev = conn->hdev;
1943 struct pending_cmd *cmd;
1945 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1946 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1949 if (cmd->user_data != conn)
1958 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1960 struct mgmt_rp_pair_device rp;
1961 struct hci_conn *conn = cmd->user_data;
1963 bacpy(&rp.addr.bdaddr, &conn->dst);
1964 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1966 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1969 /* So we don't get further callbacks for this connection */
1970 conn->connect_cfm_cb = NULL;
1971 conn->security_cfm_cb = NULL;
1972 conn->disconn_cfm_cb = NULL;
1976 mgmt_pending_remove(cmd);
1979 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1981 struct pending_cmd *cmd;
1983 BT_DBG("status %u", status);
1985 cmd = find_pairing(conn);
1987 BT_DBG("Unable to find a pending command");
1989 pairing_complete(cmd, mgmt_status(status));
1992 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1994 struct pending_cmd *cmd;
1996 BT_DBG("status %u", status);
2001 cmd = find_pairing(conn);
2003 BT_DBG("Unable to find a pending command");
2005 pairing_complete(cmd, mgmt_status(status));
2008 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2011 struct mgmt_cp_pair_device *cp = data;
2012 struct mgmt_rp_pair_device rp;
2013 struct pending_cmd *cmd;
2014 u8 sec_level, auth_type;
2015 struct hci_conn *conn;
2020 memset(&rp, 0, sizeof(rp));
2021 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2022 rp.addr.type = cp->addr.type;
2024 if (!bdaddr_type_is_valid(cp->addr.type))
2025 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2026 MGMT_STATUS_INVALID_PARAMS,
2031 if (!hdev_is_powered(hdev)) {
2032 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2033 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2037 sec_level = BT_SECURITY_MEDIUM;
2038 if (cp->io_cap == 0x03)
2039 auth_type = HCI_AT_DEDICATED_BONDING;
2041 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2043 if (cp->addr.type == BDADDR_BREDR)
2044 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2045 cp->addr.type, sec_level, auth_type);
2047 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2048 cp->addr.type, sec_level, auth_type);
2053 if (PTR_ERR(conn) == -EBUSY)
2054 status = MGMT_STATUS_BUSY;
2056 status = MGMT_STATUS_CONNECT_FAILED;
2058 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2064 if (conn->connect_cfm_cb) {
2066 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2067 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2071 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2078 /* For LE, just connecting isn't a proof that the pairing finished */
2079 if (cp->addr.type == BDADDR_BREDR)
2080 conn->connect_cfm_cb = pairing_complete_cb;
2082 conn->connect_cfm_cb = le_connect_complete_cb;
2084 conn->security_cfm_cb = pairing_complete_cb;
2085 conn->disconn_cfm_cb = pairing_complete_cb;
2086 conn->io_capability = cp->io_cap;
2087 cmd->user_data = conn;
2089 if (conn->state == BT_CONNECTED &&
2090 hci_conn_security(conn, sec_level, auth_type))
2091 pairing_complete(cmd, 0);
2096 hci_dev_unlock(hdev);
2100 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2103 struct mgmt_addr_info *addr = data;
2104 struct pending_cmd *cmd;
2105 struct hci_conn *conn;
2112 if (!hdev_is_powered(hdev)) {
2113 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2114 MGMT_STATUS_NOT_POWERED);
2118 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2120 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2121 MGMT_STATUS_INVALID_PARAMS);
2125 conn = cmd->user_data;
2127 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2128 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2129 MGMT_STATUS_INVALID_PARAMS);
2133 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2135 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2136 addr, sizeof(*addr));
2138 hci_dev_unlock(hdev);
2142 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2143 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2144 u16 hci_op, __le32 passkey)
2146 struct pending_cmd *cmd;
2147 struct hci_conn *conn;
2152 if (!hdev_is_powered(hdev)) {
2153 err = cmd_status(sk, hdev->id, mgmt_op,
2154 MGMT_STATUS_NOT_POWERED);
2158 if (type == BDADDR_BREDR)
2159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2161 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2164 err = cmd_status(sk, hdev->id, mgmt_op,
2165 MGMT_STATUS_NOT_CONNECTED);
2169 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2170 /* Continue with pairing via SMP */
2171 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2174 err = cmd_status(sk, hdev->id, mgmt_op,
2175 MGMT_STATUS_SUCCESS);
2177 err = cmd_status(sk, hdev->id, mgmt_op,
2178 MGMT_STATUS_FAILED);
2183 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2189 /* Continue with pairing via HCI */
2190 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2191 struct hci_cp_user_passkey_reply cp;
2193 bacpy(&cp.bdaddr, bdaddr);
2194 cp.passkey = passkey;
2195 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2197 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2200 mgmt_pending_remove(cmd);
2203 hci_dev_unlock(hdev);
2207 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2208 void *data, u16 len)
2210 struct mgmt_cp_pin_code_neg_reply *cp = data;
2214 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2215 MGMT_OP_PIN_CODE_NEG_REPLY,
2216 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2219 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2222 struct mgmt_cp_user_confirm_reply *cp = data;
2226 if (len != sizeof(*cp))
2227 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2228 MGMT_STATUS_INVALID_PARAMS);
2230 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2231 MGMT_OP_USER_CONFIRM_REPLY,
2232 HCI_OP_USER_CONFIRM_REPLY, 0);
2235 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2236 void *data, u16 len)
2238 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2242 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2243 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2244 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2247 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2250 struct mgmt_cp_user_passkey_reply *cp = data;
2254 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2255 MGMT_OP_USER_PASSKEY_REPLY,
2256 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2259 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2260 void *data, u16 len)
2262 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2266 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2267 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2268 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2271 static int update_name(struct hci_dev *hdev, const char *name)
2273 struct hci_cp_write_local_name cp;
2275 memcpy(cp.name, name, sizeof(cp.name));
2277 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2280 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2283 struct mgmt_cp_set_local_name *cp = data;
2284 struct pending_cmd *cmd;
2291 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2293 if (!hdev_is_powered(hdev)) {
2294 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2301 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2307 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2313 err = update_name(hdev, cp->name);
2315 mgmt_pending_remove(cmd);
2318 hci_dev_unlock(hdev);
2322 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2323 void *data, u16 data_len)
2325 struct pending_cmd *cmd;
2328 BT_DBG("%s", hdev->name);
2332 if (!hdev_is_powered(hdev)) {
2333 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2334 MGMT_STATUS_NOT_POWERED);
2338 if (!lmp_ssp_capable(hdev)) {
2339 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2340 MGMT_STATUS_NOT_SUPPORTED);
2344 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2345 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2350 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2356 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2358 mgmt_pending_remove(cmd);
2361 hci_dev_unlock(hdev);
2365 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2366 void *data, u16 len)
2368 struct mgmt_cp_add_remote_oob_data *cp = data;
2372 BT_DBG("%s ", hdev->name);
2376 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2379 status = MGMT_STATUS_FAILED;
2381 status = MGMT_STATUS_SUCCESS;
2383 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2384 &cp->addr, sizeof(cp->addr));
2386 hci_dev_unlock(hdev);
2390 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2391 void *data, u16 len)
2393 struct mgmt_cp_remove_remote_oob_data *cp = data;
2397 BT_DBG("%s", hdev->name);
2401 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2403 status = MGMT_STATUS_INVALID_PARAMS;
2405 status = MGMT_STATUS_SUCCESS;
2407 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2408 status, &cp->addr, sizeof(cp->addr));
2410 hci_dev_unlock(hdev);
2414 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2418 BT_DBG("%s", hdev->name);
2422 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2424 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2426 hci_dev_unlock(hdev);
2431 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2432 void *data, u16 len)
2434 struct mgmt_cp_start_discovery *cp = data;
2435 struct pending_cmd *cmd;
2438 BT_DBG("%s", hdev->name);
2442 if (!hdev_is_powered(hdev)) {
2443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2444 MGMT_STATUS_NOT_POWERED);
2448 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2449 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2454 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2460 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2466 hdev->discovery.type = cp->type;
2468 switch (hdev->discovery.type) {
2469 case DISCOV_TYPE_BREDR:
2470 if (!lmp_bredr_capable(hdev)) {
2471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2472 MGMT_STATUS_NOT_SUPPORTED);
2473 mgmt_pending_remove(cmd);
2477 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2480 case DISCOV_TYPE_LE:
2481 if (!lmp_host_le_capable(hdev)) {
2482 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2483 MGMT_STATUS_NOT_SUPPORTED);
2484 mgmt_pending_remove(cmd);
2488 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2489 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2492 case DISCOV_TYPE_INTERLEAVED:
2493 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2494 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2495 MGMT_STATUS_NOT_SUPPORTED);
2496 mgmt_pending_remove(cmd);
2500 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2501 LE_SCAN_TIMEOUT_BREDR_LE);
2505 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2506 MGMT_STATUS_INVALID_PARAMS);
2507 mgmt_pending_remove(cmd);
2512 mgmt_pending_remove(cmd);
2514 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2517 hci_dev_unlock(hdev);
2521 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2524 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2525 struct pending_cmd *cmd;
2526 struct hci_cp_remote_name_req_cancel cp;
2527 struct inquiry_entry *e;
2530 BT_DBG("%s", hdev->name);
2534 if (!hci_discovery_active(hdev)) {
2535 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2536 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2537 sizeof(mgmt_cp->type));
2541 if (hdev->discovery.type != mgmt_cp->type) {
2542 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2543 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2544 sizeof(mgmt_cp->type));
2548 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2554 switch (hdev->discovery.state) {
2555 case DISCOVERY_FINDING:
2556 if (test_bit(HCI_INQUIRY, &hdev->flags))
2557 err = hci_cancel_inquiry(hdev);
2559 err = hci_cancel_le_scan(hdev);
2563 case DISCOVERY_RESOLVING:
2564 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2567 mgmt_pending_remove(cmd);
2568 err = cmd_complete(sk, hdev->id,
2569 MGMT_OP_STOP_DISCOVERY, 0,
2571 sizeof(mgmt_cp->type));
2572 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2576 bacpy(&cp.bdaddr, &e->data.bdaddr);
2577 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2583 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2588 mgmt_pending_remove(cmd);
2590 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2593 hci_dev_unlock(hdev);
2597 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2600 struct mgmt_cp_confirm_name *cp = data;
2601 struct inquiry_entry *e;
2604 BT_DBG("%s", hdev->name);
2608 if (!hci_discovery_active(hdev)) {
2609 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2610 MGMT_STATUS_FAILED);
2614 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2616 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2617 MGMT_STATUS_INVALID_PARAMS);
2621 if (cp->name_known) {
2622 e->name_state = NAME_KNOWN;
2625 e->name_state = NAME_NEEDED;
2626 hci_inquiry_cache_update_resolve(hdev, e);
2629 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2633 hci_dev_unlock(hdev);
2637 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2640 struct mgmt_cp_block_device *cp = data;
2644 BT_DBG("%s", hdev->name);
2646 if (!bdaddr_type_is_valid(cp->addr.type))
2647 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2648 MGMT_STATUS_INVALID_PARAMS,
2649 &cp->addr, sizeof(cp->addr));
2653 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2655 status = MGMT_STATUS_FAILED;
2657 status = MGMT_STATUS_SUCCESS;
2659 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2660 &cp->addr, sizeof(cp->addr));
2662 hci_dev_unlock(hdev);
2667 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2670 struct mgmt_cp_unblock_device *cp = data;
2674 BT_DBG("%s", hdev->name);
2676 if (!bdaddr_type_is_valid(cp->addr.type))
2677 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2678 MGMT_STATUS_INVALID_PARAMS,
2679 &cp->addr, sizeof(cp->addr));
2683 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2685 status = MGMT_STATUS_INVALID_PARAMS;
2687 status = MGMT_STATUS_SUCCESS;
2689 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2690 &cp->addr, sizeof(cp->addr));
2692 hci_dev_unlock(hdev);
2697 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2700 struct mgmt_cp_set_device_id *cp = data;
2704 BT_DBG("%s", hdev->name);
2706 source = __le16_to_cpu(cp->source);
2708 if (source > 0x0002)
2709 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2710 MGMT_STATUS_INVALID_PARAMS);
2714 hdev->devid_source = source;
2715 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2716 hdev->devid_product = __le16_to_cpu(cp->product);
2717 hdev->devid_version = __le16_to_cpu(cp->version);
2719 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2723 hci_dev_unlock(hdev);
2728 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2729 void *data, u16 len)
2731 struct mgmt_mode *cp = data;
2732 struct hci_cp_write_page_scan_activity acp;
2736 BT_DBG("%s", hdev->name);
2738 if (!lmp_bredr_capable(hdev))
2739 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2740 MGMT_STATUS_NOT_SUPPORTED);
2742 if (cp->val != 0x00 && cp->val != 0x01)
2743 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2744 MGMT_STATUS_INVALID_PARAMS);
2746 if (!hdev_is_powered(hdev))
2747 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2748 MGMT_STATUS_NOT_POWERED);
2750 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2751 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2752 MGMT_STATUS_REJECTED);
2757 type = PAGE_SCAN_TYPE_INTERLACED;
2759 /* 160 msec page scan interval */
2760 acp.interval = __constant_cpu_to_le16(0x0100);
2762 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2764 /* default 1.28 sec page scan */
2765 acp.interval = __constant_cpu_to_le16(0x0800);
2768 /* default 11.25 msec page scan window */
2769 acp.window = __constant_cpu_to_le16(0x0012);
2771 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2774 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2775 MGMT_STATUS_FAILED);
2779 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2782 MGMT_STATUS_FAILED);
2786 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2789 hci_dev_unlock(hdev);
2793 static bool ltk_is_valid(struct mgmt_ltk_info *key)
2795 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2797 if (key->master != 0x00 && key->master != 0x01)
2799 if (!bdaddr_type_is_le(key->addr.type))
2804 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2805 void *cp_data, u16 len)
2807 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2808 u16 key_count, expected_len;
2811 key_count = __le16_to_cpu(cp->key_count);
2813 expected_len = sizeof(*cp) + key_count *
2814 sizeof(struct mgmt_ltk_info);
2815 if (expected_len != len) {
2816 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2818 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2819 MGMT_STATUS_INVALID_PARAMS);
2822 BT_DBG("%s key_count %u", hdev->name, key_count);
2824 for (i = 0; i < key_count; i++) {
2825 struct mgmt_ltk_info *key = &cp->keys[i];
2827 if (!ltk_is_valid(key))
2828 return cmd_status(sk, hdev->id,
2829 MGMT_OP_LOAD_LONG_TERM_KEYS,
2830 MGMT_STATUS_INVALID_PARAMS);
2835 hci_smp_ltks_clear(hdev);
2837 for (i = 0; i < key_count; i++) {
2838 struct mgmt_ltk_info *key = &cp->keys[i];
2844 type = HCI_SMP_LTK_SLAVE;
2846 hci_add_ltk(hdev, &key->addr.bdaddr,
2847 bdaddr_to_le(key->addr.type),
2848 type, 0, key->authenticated, key->val,
2849 key->enc_size, key->ediv, key->rand);
2852 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2855 hci_dev_unlock(hdev);
2860 static const struct mgmt_handler {
2861 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2865 } mgmt_handlers[] = {
2866 { NULL }, /* 0x0000 (no command) */
2867 { read_version, false, MGMT_READ_VERSION_SIZE },
2868 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2869 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2870 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2871 { set_powered, false, MGMT_SETTING_SIZE },
2872 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2873 { set_connectable, false, MGMT_SETTING_SIZE },
2874 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2875 { set_pairable, false, MGMT_SETTING_SIZE },
2876 { set_link_security, false, MGMT_SETTING_SIZE },
2877 { set_ssp, false, MGMT_SETTING_SIZE },
2878 { set_hs, false, MGMT_SETTING_SIZE },
2879 { set_le, false, MGMT_SETTING_SIZE },
2880 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2881 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2882 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2883 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2884 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2885 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2886 { disconnect, false, MGMT_DISCONNECT_SIZE },
2887 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2888 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2889 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2890 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2891 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2892 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2893 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2894 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2895 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2896 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2897 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2898 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2899 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2900 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2901 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2902 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2903 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2904 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2905 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2906 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2910 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2914 struct mgmt_hdr *hdr;
2915 u16 opcode, index, len;
2916 struct hci_dev *hdev = NULL;
2917 const struct mgmt_handler *handler;
2920 BT_DBG("got %zu bytes", msglen);
2922 if (msglen < sizeof(*hdr))
2925 buf = kmalloc(msglen, GFP_KERNEL);
2929 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2935 opcode = __le16_to_cpu(hdr->opcode);
2936 index = __le16_to_cpu(hdr->index);
2937 len = __le16_to_cpu(hdr->len);
2939 if (len != msglen - sizeof(*hdr)) {
2944 if (index != MGMT_INDEX_NONE) {
2945 hdev = hci_dev_get(index);
2947 err = cmd_status(sk, index, opcode,
2948 MGMT_STATUS_INVALID_INDEX);
2953 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2954 mgmt_handlers[opcode].func == NULL) {
2955 BT_DBG("Unknown op %u", opcode);
2956 err = cmd_status(sk, index, opcode,
2957 MGMT_STATUS_UNKNOWN_COMMAND);
2961 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2962 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2963 err = cmd_status(sk, index, opcode,
2964 MGMT_STATUS_INVALID_INDEX);
2968 handler = &mgmt_handlers[opcode];
2970 if ((handler->var_len && len < handler->data_len) ||
2971 (!handler->var_len && len != handler->data_len)) {
2972 err = cmd_status(sk, index, opcode,
2973 MGMT_STATUS_INVALID_PARAMS);
2978 mgmt_init_hdev(sk, hdev);
2980 cp = buf + sizeof(*hdr);
2982 err = handler->func(sk, hdev, cp, len);
2996 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3001 mgmt_pending_remove(cmd);
3004 int mgmt_index_added(struct hci_dev *hdev)
3006 if (!mgmt_valid_hdev(hdev))
3009 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3012 int mgmt_index_removed(struct hci_dev *hdev)
3014 u8 status = MGMT_STATUS_INVALID_INDEX;
3016 if (!mgmt_valid_hdev(hdev))
3019 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3021 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3026 struct hci_dev *hdev;
3030 static void settings_rsp(struct pending_cmd *cmd, void *data)
3032 struct cmd_lookup *match = data;
3034 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
3036 list_del(&cmd->list);
3038 if (match->sk == NULL) {
3039 match->sk = cmd->sk;
3040 sock_hold(match->sk);
3043 mgmt_pending_free(cmd);
3046 static int set_bredr_scan(struct hci_dev *hdev)
3050 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3052 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3053 scan |= SCAN_INQUIRY;
3058 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3061 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3063 struct cmd_lookup match = { NULL, hdev };
3066 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3069 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3074 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3075 !lmp_host_ssp_capable(hdev)) {
3078 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3081 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3082 struct hci_cp_write_le_host_supported cp;
3085 cp.simul = lmp_le_br_capable(hdev);
3087 /* Check first if we already have the right
3088 * host state (host features set)
3090 if (cp.le != lmp_host_le_capable(hdev) ||
3091 cp.simul != lmp_host_le_br_capable(hdev))
3093 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3097 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3098 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3099 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
3100 sizeof(link_sec), &link_sec);
3102 if (lmp_bredr_capable(hdev)) {
3103 set_bredr_scan(hdev);
3105 update_name(hdev, hdev->dev_name);
3109 u8 status = MGMT_STATUS_NOT_POWERED;
3110 u8 zero_cod[] = { 0, 0, 0 };
3112 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3114 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3115 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3116 zero_cod, sizeof(zero_cod), NULL);
3119 err = new_settings(hdev, match.sk);
3127 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3129 struct cmd_lookup match = { NULL, hdev };
3130 bool changed = false;
3134 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3137 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3141 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3145 err = new_settings(hdev, match.sk);
3153 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3155 struct cmd_lookup match = { NULL, hdev };
3156 bool changed = false;
3160 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3163 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3167 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3171 err = new_settings(hdev, match.sk);
3179 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3181 u8 mgmt_err = mgmt_status(status);
3183 if (scan & SCAN_PAGE)
3184 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3185 cmd_status_rsp, &mgmt_err);
3187 if (scan & SCAN_INQUIRY)
3188 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3189 cmd_status_rsp, &mgmt_err);
3194 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3197 struct mgmt_ev_new_link_key ev;
3199 memset(&ev, 0, sizeof(ev));
3201 ev.store_hint = persistent;
3202 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3203 ev.key.addr.type = BDADDR_BREDR;
3204 ev.key.type = key->type;
3205 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3206 ev.key.pin_len = key->pin_len;
3208 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3211 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3213 struct mgmt_ev_new_long_term_key ev;
3215 memset(&ev, 0, sizeof(ev));
3217 ev.store_hint = persistent;
3218 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3219 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3220 ev.key.authenticated = key->authenticated;
3221 ev.key.enc_size = key->enc_size;
3222 ev.key.ediv = key->ediv;
3224 if (key->type == HCI_SMP_LTK)
3227 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3228 memcpy(ev.key.val, key->val, sizeof(key->val));
3230 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3234 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3235 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3239 struct mgmt_ev_device_connected *ev = (void *) buf;
3242 bacpy(&ev->addr.bdaddr, bdaddr);
3243 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3245 ev->flags = __cpu_to_le32(flags);
3248 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3251 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3252 eir_len = eir_append_data(ev->eir, eir_len,
3253 EIR_CLASS_OF_DEV, dev_class, 3);
3255 ev->eir_len = cpu_to_le16(eir_len);
3257 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3258 sizeof(*ev) + eir_len, NULL);
3261 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3263 struct mgmt_cp_disconnect *cp = cmd->param;
3264 struct sock **sk = data;
3265 struct mgmt_rp_disconnect rp;
3267 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3268 rp.addr.type = cp->addr.type;
3270 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3276 mgmt_pending_remove(cmd);
3279 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3281 struct hci_dev *hdev = data;
3282 struct mgmt_cp_unpair_device *cp = cmd->param;
3283 struct mgmt_rp_unpair_device rp;
3285 memset(&rp, 0, sizeof(rp));
3286 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3287 rp.addr.type = cp->addr.type;
3289 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3291 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3293 mgmt_pending_remove(cmd);
3296 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3297 u8 link_type, u8 addr_type, u8 reason)
3299 struct mgmt_ev_device_disconnected ev;
3300 struct sock *sk = NULL;
3303 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3305 bacpy(&ev.addr.bdaddr, bdaddr);
3306 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3309 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3315 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3321 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3322 u8 link_type, u8 addr_type, u8 status)
3324 struct mgmt_rp_disconnect rp;
3325 struct pending_cmd *cmd;
3328 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3331 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3335 bacpy(&rp.addr.bdaddr, bdaddr);
3336 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3338 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3339 mgmt_status(status), &rp, sizeof(rp));
3341 mgmt_pending_remove(cmd);
3346 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3347 u8 addr_type, u8 status)
3349 struct mgmt_ev_connect_failed ev;
3351 bacpy(&ev.addr.bdaddr, bdaddr);
3352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3353 ev.status = mgmt_status(status);
3355 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3358 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3360 struct mgmt_ev_pin_code_request ev;
3362 bacpy(&ev.addr.bdaddr, bdaddr);
3363 ev.addr.type = BDADDR_BREDR;
3366 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3370 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3373 struct pending_cmd *cmd;
3374 struct mgmt_rp_pin_code_reply rp;
3377 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3381 bacpy(&rp.addr.bdaddr, bdaddr);
3382 rp.addr.type = BDADDR_BREDR;
3384 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3385 mgmt_status(status), &rp, sizeof(rp));
3387 mgmt_pending_remove(cmd);
3392 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3395 struct pending_cmd *cmd;
3396 struct mgmt_rp_pin_code_reply rp;
3399 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3403 bacpy(&rp.addr.bdaddr, bdaddr);
3404 rp.addr.type = BDADDR_BREDR;
3406 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3407 mgmt_status(status), &rp, sizeof(rp));
3409 mgmt_pending_remove(cmd);
3414 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3415 u8 link_type, u8 addr_type, __le32 value,
3418 struct mgmt_ev_user_confirm_request ev;
3420 BT_DBG("%s", hdev->name);
3422 bacpy(&ev.addr.bdaddr, bdaddr);
3423 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3424 ev.confirm_hint = confirm_hint;
3427 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3431 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3432 u8 link_type, u8 addr_type)
3434 struct mgmt_ev_user_passkey_request ev;
3436 BT_DBG("%s", hdev->name);
3438 bacpy(&ev.addr.bdaddr, bdaddr);
3439 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3441 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3445 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3446 u8 link_type, u8 addr_type, u8 status,
3449 struct pending_cmd *cmd;
3450 struct mgmt_rp_user_confirm_reply rp;
3453 cmd = mgmt_pending_find(opcode, hdev);
3457 bacpy(&rp.addr.bdaddr, bdaddr);
3458 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3459 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3462 mgmt_pending_remove(cmd);
3467 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3468 u8 link_type, u8 addr_type, u8 status)
3470 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3471 status, MGMT_OP_USER_CONFIRM_REPLY);
3474 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3475 u8 link_type, u8 addr_type, u8 status)
3477 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3479 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3482 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3483 u8 link_type, u8 addr_type, u8 status)
3485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3486 status, MGMT_OP_USER_PASSKEY_REPLY);
3489 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3490 u8 link_type, u8 addr_type, u8 status)
3492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3494 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3497 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3498 u8 link_type, u8 addr_type, u32 passkey,
3501 struct mgmt_ev_passkey_notify ev;
3503 BT_DBG("%s", hdev->name);
3505 bacpy(&ev.addr.bdaddr, bdaddr);
3506 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3507 ev.passkey = __cpu_to_le32(passkey);
3508 ev.entered = entered;
3510 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3513 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3514 u8 addr_type, u8 status)
3516 struct mgmt_ev_auth_failed ev;
3518 bacpy(&ev.addr.bdaddr, bdaddr);
3519 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3520 ev.status = mgmt_status(status);
3522 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3525 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3527 struct cmd_lookup match = { NULL, hdev };
3528 bool changed = false;
3532 u8 mgmt_err = mgmt_status(status);
3533 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3534 cmd_status_rsp, &mgmt_err);
3538 if (test_bit(HCI_AUTH, &hdev->flags)) {
3539 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3542 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3546 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3550 err = new_settings(hdev, match.sk);
3558 static int clear_eir(struct hci_dev *hdev)
3560 struct hci_cp_write_eir cp;
3562 if (!lmp_ext_inq_capable(hdev))
3565 memset(hdev->eir, 0, sizeof(hdev->eir));
3567 memset(&cp, 0, sizeof(cp));
3569 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3572 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3574 struct cmd_lookup match = { NULL, hdev };
3575 bool changed = false;
3579 u8 mgmt_err = mgmt_status(status);
3581 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3583 err = new_settings(hdev, NULL);
3585 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3592 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3595 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3599 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3602 err = new_settings(hdev, match.sk);
3607 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3615 static void class_rsp(struct pending_cmd *cmd, void *data)
3617 struct cmd_lookup *match = data;
3619 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3620 match->hdev->dev_class, 3);
3622 list_del(&cmd->list);
3624 if (match->sk == NULL) {
3625 match->sk = cmd->sk;
3626 sock_hold(match->sk);
3629 mgmt_pending_free(cmd);
3632 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3635 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3638 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3640 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3641 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3642 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3645 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3654 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3656 struct pending_cmd *cmd;
3657 struct mgmt_cp_set_local_name ev;
3658 bool changed = false;
3661 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3662 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3666 memset(&ev, 0, sizeof(ev));
3667 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3668 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3670 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3674 /* Always assume that either the short or the complete name has
3675 * changed if there was a pending mgmt command */
3679 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3680 mgmt_status(status));
3684 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3691 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3692 sizeof(ev), cmd ? cmd->sk : NULL);
3694 /* EIR is taken care of separately when powering on the
3695 * adapter so only update them here if this is a name change
3696 * unrelated to power on.
3698 if (!test_bit(HCI_INIT, &hdev->flags))
3703 mgmt_pending_remove(cmd);
3707 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3708 u8 *randomizer, u8 status)
3710 struct pending_cmd *cmd;
3713 BT_DBG("%s status %u", hdev->name, status);
3715 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3720 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3721 mgmt_status(status));
3723 struct mgmt_rp_read_local_oob_data rp;
3725 memcpy(rp.hash, hash, sizeof(rp.hash));
3726 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3728 err = cmd_complete(cmd->sk, hdev->id,
3729 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3733 mgmt_pending_remove(cmd);
3738 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3740 struct cmd_lookup match = { NULL, hdev };
3741 bool changed = false;
3745 u8 mgmt_err = mgmt_status(status);
3747 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3749 err = new_settings(hdev, NULL);
3751 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3758 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3761 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3765 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3768 err = new_settings(hdev, match.sk);
3776 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3777 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3778 ssp, u8 *eir, u16 eir_len)
3781 struct mgmt_ev_device_found *ev = (void *) buf;
3784 /* Leave 5 bytes for a potential CoD field */
3785 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3788 memset(buf, 0, sizeof(buf));
3790 bacpy(&ev->addr.bdaddr, bdaddr);
3791 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3794 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3796 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3799 memcpy(ev->eir, eir, eir_len);
3801 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3802 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3805 ev->eir_len = cpu_to_le16(eir_len);
3806 ev_size = sizeof(*ev) + eir_len;
3808 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3811 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3812 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3814 struct mgmt_ev_device_found *ev;
3815 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3818 ev = (struct mgmt_ev_device_found *) buf;
3820 memset(buf, 0, sizeof(buf));
3822 bacpy(&ev->addr.bdaddr, bdaddr);
3823 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3826 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3829 ev->eir_len = cpu_to_le16(eir_len);
3831 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3832 sizeof(*ev) + eir_len, NULL);
3835 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3837 struct pending_cmd *cmd;
3841 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3843 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3847 type = hdev->discovery.type;
3849 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3850 &type, sizeof(type));
3851 mgmt_pending_remove(cmd);
3856 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3858 struct pending_cmd *cmd;
3861 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3865 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3866 &hdev->discovery.type, sizeof(hdev->discovery.type));
3867 mgmt_pending_remove(cmd);
3872 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3874 struct mgmt_ev_discovering ev;
3875 struct pending_cmd *cmd;
3877 BT_DBG("%s discovering %u", hdev->name, discovering);
3880 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3882 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3885 u8 type = hdev->discovery.type;
3887 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3889 mgmt_pending_remove(cmd);
3892 memset(&ev, 0, sizeof(ev));
3893 ev.type = hdev->discovery.type;
3894 ev.discovering = discovering;
3896 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3899 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3901 struct pending_cmd *cmd;
3902 struct mgmt_ev_device_blocked ev;
3904 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3906 bacpy(&ev.addr.bdaddr, bdaddr);
3907 ev.addr.type = type;
3909 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3910 cmd ? cmd->sk : NULL);
3913 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3915 struct pending_cmd *cmd;
3916 struct mgmt_ev_device_unblocked ev;
3918 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3920 bacpy(&ev.addr.bdaddr, bdaddr);
3921 ev.addr.type = type;
3923 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3924 cmd ? cmd->sk : NULL);
3927 module_param(enable_hs, bool, 0644);
3928 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
projects / firefly-linux-kernel-4.4.55.git / blob