2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
48 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124 struct list_head list;
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
199 return hdev->dev_type == HCI_BREDR;
202 static u8 mgmt_status(u8 hci_status)
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
207 return MGMT_STATUS_FAILED;
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
229 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->opcode = cpu_to_le16(cmd);
233 err = sock_queue_rcv_skb(sk, skb);
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
248 BT_DBG("sock %p", sk);
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
256 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
265 memcpy(ev->data, rp, rp_len);
267 err = sock_queue_rcv_skb(sk, skb);
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
277 struct mgmt_rp_read_version rp;
279 BT_DBG("sock %p", sk);
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
298 BT_DBG("sock %p", sk);
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302 rp = kmalloc(rp_size, GFP_KERNEL);
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
325 struct mgmt_rp_read_index_list *rp;
331 BT_DBG("sock %p", sk);
333 read_lock(&hci_dev_list_lock);
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
346 read_unlock(&hci_dev_list_lock);
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
355 if (!mgmt_valid_hdev(d))
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
365 read_unlock(&hci_dev_list_lock);
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
375 static u32 get_supported_settings(struct hci_dev *hdev)
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_CONNECTABLE;
381 settings |= MGMT_SETTING_FAST_CONNECTABLE;
382 settings |= MGMT_SETTING_DISCOVERABLE;
383 settings |= MGMT_SETTING_PAIRABLE;
385 if (lmp_ssp_capable(hdev))
386 settings |= MGMT_SETTING_SSP;
388 if (lmp_bredr_capable(hdev)) {
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
394 settings |= MGMT_SETTING_HS;
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
402 static u32 get_current_settings(struct hci_dev *hdev)
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
436 #define PNP_INFO_SVCLASS_ID 0x1200
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
443 static u16 get_uuid16(u8 *uuid128)
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
453 val = get_unaligned_le32(&uuid128[12]);
460 static void create_eir(struct hci_dev *hdev, u8 *data)
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
469 name_len = strlen(hdev->dev_name);
475 ptr[1] = EIR_NAME_SHORT;
477 ptr[1] = EIR_NAME_COMPLETE;
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
482 memcpy(ptr + 2, hdev->dev_name, name_len);
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
488 if (hdev->inq_tx_power) {
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
497 if (hdev->devid_source > 0) {
499 ptr[1] = EIR_DEVICE_ID;
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
510 memset(uuid16_list, 0, sizeof(uuid16_list));
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
516 uuid16 = get_uuid16(uuid->uuid);
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
543 if (uuid16_list[0] != 0) {
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
562 static int update_eir(struct hci_dev *hdev)
564 struct hci_cp_write_eir cp;
566 if (!hdev_is_powered(hdev))
569 if (!(hdev->features[6] & LMP_EXT_INQ))
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 memset(&cp, 0, sizeof(cp));
580 create_eir(hdev, cp.data);
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
590 static u8 get_service_classes(struct hci_dev *hdev)
592 struct bt_uuid *uuid;
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
601 static int update_class(struct hci_dev *hdev)
606 BT_DBG("%s", hdev->name);
608 if (!hdev_is_powered(hdev))
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
628 static void service_cache_off(struct work_struct *work)
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
641 hci_dev_unlock(hdev);
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
662 struct mgmt_rp_read_info rp;
664 BT_DBG("sock %p %s", sk, hdev->name);
668 memset(&rp, 0, sizeof(rp));
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
678 memcpy(rp.dev_class, hdev->dev_class, 3);
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
683 hci_dev_unlock(hdev);
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
689 static void mgmt_pending_free(struct pending_cmd *cmd)
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
700 struct pending_cmd *cmd;
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
709 cmd->param = kmalloc(len, GFP_KERNEL);
716 memcpy(cmd->param, data, len);
721 list_add(&cmd->list, &hdev->mgmt_pending);
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
731 struct list_head *p, *n;
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
736 cmd = list_entry(p, struct pending_cmd, list);
738 if (opcode > 0 && cmd->opcode != opcode)
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747 struct pending_cmd *cmd;
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
778 BT_DBG("request for %s", hdev->name);
782 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
783 cancel_delayed_work(&hdev->power_off);
786 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
787 mgmt_powered(hdev, 1);
792 if (!!cp->val == hdev_is_powered(hdev)) {
793 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
797 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
798 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
803 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
810 schedule_work(&hdev->power_on);
812 schedule_work(&hdev->power_off.work);
817 hci_dev_unlock(hdev);
821 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
822 struct sock *skip_sk)
825 struct mgmt_hdr *hdr;
827 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
831 hdr = (void *) skb_put(skb, sizeof(*hdr));
832 hdr->opcode = cpu_to_le16(event);
834 hdr->index = cpu_to_le16(hdev->id);
836 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
837 hdr->len = cpu_to_le16(data_len);
840 memcpy(skb_put(skb, data_len), data, data_len);
843 __net_timestamp(skb);
845 hci_send_to_control(skb, skip_sk);
851 static int new_settings(struct hci_dev *hdev, struct sock *skip)
855 ev = cpu_to_le32(get_current_settings(hdev));
857 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
860 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
863 struct mgmt_cp_set_discoverable *cp = data;
864 struct pending_cmd *cmd;
869 BT_DBG("request for %s", hdev->name);
871 timeout = __le16_to_cpu(cp->timeout);
872 if (!cp->val && timeout > 0)
873 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_INVALID_PARAMS);
878 if (!hdev_is_powered(hdev) && timeout > 0) {
879 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
880 MGMT_STATUS_NOT_POWERED);
884 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
885 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
886 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
891 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
893 MGMT_STATUS_REJECTED);
897 if (!hdev_is_powered(hdev)) {
898 bool changed = false;
900 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
901 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
905 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
910 err = new_settings(hdev, sk);
915 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
916 if (hdev->discov_timeout > 0) {
917 cancel_delayed_work(&hdev->discov_off);
918 hdev->discov_timeout = 0;
921 if (cp->val && timeout > 0) {
922 hdev->discov_timeout = timeout;
923 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
924 msecs_to_jiffies(hdev->discov_timeout * 1000));
927 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
931 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
940 scan |= SCAN_INQUIRY;
942 cancel_delayed_work(&hdev->discov_off);
944 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
946 mgmt_pending_remove(cmd);
949 hdev->discov_timeout = timeout;
952 hci_dev_unlock(hdev);
956 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
959 struct mgmt_mode *cp = data;
960 struct pending_cmd *cmd;
964 BT_DBG("request for %s", hdev->name);
968 if (!hdev_is_powered(hdev)) {
969 bool changed = false;
971 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
975 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
977 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
978 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
981 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
986 err = new_settings(hdev, sk);
991 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
992 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
993 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
998 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
999 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1003 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1014 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1015 hdev->discov_timeout > 0)
1016 cancel_delayed_work(&hdev->discov_off);
1019 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1021 mgmt_pending_remove(cmd);
1024 hci_dev_unlock(hdev);
1028 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1031 struct mgmt_mode *cp = data;
1034 BT_DBG("request for %s", hdev->name);
1039 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1041 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1043 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1047 err = new_settings(hdev, sk);
1050 hci_dev_unlock(hdev);
1054 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1057 struct mgmt_mode *cp = data;
1058 struct pending_cmd *cmd;
1062 BT_DBG("request for %s", hdev->name);
1066 if (!hdev_is_powered(hdev)) {
1067 bool changed = false;
1069 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1070 &hdev->dev_flags)) {
1071 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1075 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1080 err = new_settings(hdev, sk);
1085 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1086 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1093 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1094 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1098 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1104 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1106 mgmt_pending_remove(cmd);
1111 hci_dev_unlock(hdev);
1115 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1117 struct mgmt_mode *cp = data;
1118 struct pending_cmd *cmd;
1122 BT_DBG("request for %s", hdev->name);
1126 if (!lmp_ssp_capable(hdev)) {
1127 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1128 MGMT_STATUS_NOT_SUPPORTED);
1134 if (!hdev_is_powered(hdev)) {
1135 bool changed = false;
1137 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1138 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1142 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1147 err = new_settings(hdev, sk);
1152 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1153 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1158 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1159 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1163 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1169 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1171 mgmt_pending_remove(cmd);
1176 hci_dev_unlock(hdev);
1180 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1182 struct mgmt_mode *cp = data;
1184 BT_DBG("request for %s", hdev->name);
1187 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1188 MGMT_STATUS_NOT_SUPPORTED);
1191 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1193 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1195 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1198 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1200 struct mgmt_mode *cp = data;
1201 struct hci_cp_write_le_host_supported hci_cp;
1202 struct pending_cmd *cmd;
1206 BT_DBG("request for %s", hdev->name);
1210 if (!lmp_le_capable(hdev)) {
1211 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1212 MGMT_STATUS_NOT_SUPPORTED);
1217 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1219 if (!hdev_is_powered(hdev) || val == enabled) {
1220 bool changed = false;
1222 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1223 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1227 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1232 err = new_settings(hdev, sk);
1237 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1238 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1243 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1249 memset(&hci_cp, 0, sizeof(hci_cp));
1253 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1256 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1259 mgmt_pending_remove(cmd);
1262 hci_dev_unlock(hdev);
1266 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1268 struct mgmt_cp_add_uuid *cp = data;
1269 struct pending_cmd *cmd;
1270 struct bt_uuid *uuid;
1273 BT_DBG("request for %s", hdev->name);
1277 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1278 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1283 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1289 memcpy(uuid->uuid, cp->uuid, 16);
1290 uuid->svc_hint = cp->svc_hint;
1292 list_add(&uuid->list, &hdev->uuids);
1294 err = update_class(hdev);
1298 err = update_eir(hdev);
1302 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1303 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1304 hdev->dev_class, 3);
1308 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1313 hci_dev_unlock(hdev);
1317 static bool enable_service_cache(struct hci_dev *hdev)
1319 if (!hdev_is_powered(hdev))
1322 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1323 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1330 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1333 struct mgmt_cp_remove_uuid *cp = data;
1334 struct pending_cmd *cmd;
1335 struct list_head *p, *n;
1336 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1339 BT_DBG("request for %s", hdev->name);
1343 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1344 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1349 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1350 err = hci_uuids_clear(hdev);
1352 if (enable_service_cache(hdev)) {
1353 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1354 0, hdev->dev_class, 3);
1363 list_for_each_safe(p, n, &hdev->uuids) {
1364 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1366 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1369 list_del(&match->list);
1375 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1376 MGMT_STATUS_INVALID_PARAMS);
1381 err = update_class(hdev);
1385 err = update_eir(hdev);
1389 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1390 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1391 hdev->dev_class, 3);
1395 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1400 hci_dev_unlock(hdev);
1404 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1407 struct mgmt_cp_set_dev_class *cp = data;
1408 struct pending_cmd *cmd;
1411 BT_DBG("request for %s", hdev->name);
1415 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1416 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1421 hdev->major_class = cp->major;
1422 hdev->minor_class = cp->minor;
1424 if (!hdev_is_powered(hdev)) {
1425 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1426 hdev->dev_class, 3);
1430 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1431 hci_dev_unlock(hdev);
1432 cancel_delayed_work_sync(&hdev->service_cache);
1437 err = update_class(hdev);
1441 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1442 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1443 hdev->dev_class, 3);
1447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1452 hci_dev_unlock(hdev);
1456 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1459 struct mgmt_cp_load_link_keys *cp = data;
1460 u16 key_count, expected_len;
1463 key_count = __le16_to_cpu(cp->key_count);
1465 expected_len = sizeof(*cp) + key_count *
1466 sizeof(struct mgmt_link_key_info);
1467 if (expected_len != len) {
1468 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1470 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1471 MGMT_STATUS_INVALID_PARAMS);
1474 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1479 hci_link_keys_clear(hdev);
1481 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1484 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1486 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1488 for (i = 0; i < key_count; i++) {
1489 struct mgmt_link_key_info *key = &cp->keys[i];
1491 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1492 key->type, key->pin_len);
1495 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1497 hci_dev_unlock(hdev);
1502 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1503 u8 addr_type, struct sock *skip_sk)
1505 struct mgmt_ev_device_unpaired ev;
1507 bacpy(&ev.addr.bdaddr, bdaddr);
1508 ev.addr.type = addr_type;
1510 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1514 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1517 struct mgmt_cp_unpair_device *cp = data;
1518 struct mgmt_rp_unpair_device rp;
1519 struct hci_cp_disconnect dc;
1520 struct pending_cmd *cmd;
1521 struct hci_conn *conn;
1526 memset(&rp, 0, sizeof(rp));
1527 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1528 rp.addr.type = cp->addr.type;
1530 if (!hdev_is_powered(hdev)) {
1531 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1532 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1536 if (cp->addr.type == BDADDR_BREDR)
1537 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1539 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1542 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1543 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1547 if (cp->disconnect) {
1548 if (cp->addr.type == BDADDR_BREDR)
1549 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1552 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1559 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1561 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1565 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1572 dc.handle = cpu_to_le16(conn->handle);
1573 dc.reason = 0x13; /* Remote User Terminated Connection */
1574 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1576 mgmt_pending_remove(cmd);
1579 hci_dev_unlock(hdev);
1583 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1586 struct mgmt_cp_disconnect *cp = data;
1587 struct hci_cp_disconnect dc;
1588 struct pending_cmd *cmd;
1589 struct hci_conn *conn;
1596 if (!test_bit(HCI_UP, &hdev->flags)) {
1597 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1598 MGMT_STATUS_NOT_POWERED);
1602 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1603 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1608 if (cp->addr.type == BDADDR_BREDR)
1609 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1612 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1614 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1616 MGMT_STATUS_NOT_CONNECTED);
1620 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1626 dc.handle = cpu_to_le16(conn->handle);
1627 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1629 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1631 mgmt_pending_remove(cmd);
1634 hci_dev_unlock(hdev);
1638 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1640 switch (link_type) {
1642 switch (addr_type) {
1643 case ADDR_LE_DEV_PUBLIC:
1644 return BDADDR_LE_PUBLIC;
1647 /* Fallback to LE Random address type */
1648 return BDADDR_LE_RANDOM;
1652 /* Fallback to BR/EDR type */
1653 return BDADDR_BREDR;
1657 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1660 struct mgmt_rp_get_connections *rp;
1670 if (!hdev_is_powered(hdev)) {
1671 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1672 MGMT_STATUS_NOT_POWERED);
1677 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1678 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1682 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1683 rp = kmalloc(rp_len, GFP_KERNEL);
1690 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1691 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1693 bacpy(&rp->addr[i].bdaddr, &c->dst);
1694 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1695 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1700 rp->conn_count = cpu_to_le16(i);
1702 /* Recalculate length in case of filtered SCO connections, etc */
1703 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1705 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1711 hci_dev_unlock(hdev);
1715 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1716 struct mgmt_cp_pin_code_neg_reply *cp)
1718 struct pending_cmd *cmd;
1721 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1726 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1727 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1729 mgmt_pending_remove(cmd);
1734 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1737 struct hci_conn *conn;
1738 struct mgmt_cp_pin_code_reply *cp = data;
1739 struct hci_cp_pin_code_reply reply;
1740 struct pending_cmd *cmd;
1747 if (!hdev_is_powered(hdev)) {
1748 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1749 MGMT_STATUS_NOT_POWERED);
1753 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1755 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1756 MGMT_STATUS_NOT_CONNECTED);
1760 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1761 struct mgmt_cp_pin_code_neg_reply ncp;
1763 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1765 BT_ERR("PIN code is not 16 bytes long");
1767 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1769 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1770 MGMT_STATUS_INVALID_PARAMS);
1775 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1781 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1782 reply.pin_len = cp->pin_len;
1783 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1785 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1787 mgmt_pending_remove(cmd);
1790 hci_dev_unlock(hdev);
1794 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1797 struct mgmt_cp_set_io_capability *cp = data;
1803 hdev->io_capability = cp->io_capability;
1805 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1806 hdev->io_capability);
1808 hci_dev_unlock(hdev);
1810 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1814 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1816 struct hci_dev *hdev = conn->hdev;
1817 struct pending_cmd *cmd;
1819 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1820 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1823 if (cmd->user_data != conn)
1832 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1834 struct mgmt_rp_pair_device rp;
1835 struct hci_conn *conn = cmd->user_data;
1837 bacpy(&rp.addr.bdaddr, &conn->dst);
1838 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1840 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1843 /* So we don't get further callbacks for this connection */
1844 conn->connect_cfm_cb = NULL;
1845 conn->security_cfm_cb = NULL;
1846 conn->disconn_cfm_cb = NULL;
1850 mgmt_pending_remove(cmd);
1853 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1855 struct pending_cmd *cmd;
1857 BT_DBG("status %u", status);
1859 cmd = find_pairing(conn);
1861 BT_DBG("Unable to find a pending command");
1863 pairing_complete(cmd, mgmt_status(status));
1866 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1868 struct pending_cmd *cmd;
1870 BT_DBG("status %u", status);
1875 cmd = find_pairing(conn);
1877 BT_DBG("Unable to find a pending command");
1879 pairing_complete(cmd, mgmt_status(status));
1882 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1885 struct mgmt_cp_pair_device *cp = data;
1886 struct mgmt_rp_pair_device rp;
1887 struct pending_cmd *cmd;
1888 u8 sec_level, auth_type;
1889 struct hci_conn *conn;
1896 if (!hdev_is_powered(hdev)) {
1897 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1898 MGMT_STATUS_NOT_POWERED);
1902 sec_level = BT_SECURITY_MEDIUM;
1903 if (cp->io_cap == 0x03)
1904 auth_type = HCI_AT_DEDICATED_BONDING;
1906 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1908 if (cp->addr.type == BDADDR_BREDR)
1909 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1910 cp->addr.type, sec_level, auth_type);
1912 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1913 cp->addr.type, sec_level, auth_type);
1915 memset(&rp, 0, sizeof(rp));
1916 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1917 rp.addr.type = cp->addr.type;
1922 if (PTR_ERR(conn) == -EBUSY)
1923 status = MGMT_STATUS_BUSY;
1925 status = MGMT_STATUS_CONNECT_FAILED;
1927 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1933 if (conn->connect_cfm_cb) {
1935 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1936 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1940 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1947 /* For LE, just connecting isn't a proof that the pairing finished */
1948 if (cp->addr.type == BDADDR_BREDR)
1949 conn->connect_cfm_cb = pairing_complete_cb;
1951 conn->connect_cfm_cb = le_connect_complete_cb;
1953 conn->security_cfm_cb = pairing_complete_cb;
1954 conn->disconn_cfm_cb = pairing_complete_cb;
1955 conn->io_capability = cp->io_cap;
1956 cmd->user_data = conn;
1958 if (conn->state == BT_CONNECTED &&
1959 hci_conn_security(conn, sec_level, auth_type))
1960 pairing_complete(cmd, 0);
1965 hci_dev_unlock(hdev);
1969 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1972 struct mgmt_addr_info *addr = data;
1973 struct pending_cmd *cmd;
1974 struct hci_conn *conn;
1981 if (!hdev_is_powered(hdev)) {
1982 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1983 MGMT_STATUS_NOT_POWERED);
1987 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1989 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1990 MGMT_STATUS_INVALID_PARAMS);
1994 conn = cmd->user_data;
1996 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1997 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1998 MGMT_STATUS_INVALID_PARAMS);
2002 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2004 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2005 addr, sizeof(*addr));
2007 hci_dev_unlock(hdev);
2011 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2012 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2013 u16 hci_op, __le32 passkey)
2015 struct pending_cmd *cmd;
2016 struct hci_conn *conn;
2021 if (!hdev_is_powered(hdev)) {
2022 err = cmd_status(sk, hdev->id, mgmt_op,
2023 MGMT_STATUS_NOT_POWERED);
2027 if (type == BDADDR_BREDR)
2028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2030 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2033 err = cmd_status(sk, hdev->id, mgmt_op,
2034 MGMT_STATUS_NOT_CONNECTED);
2038 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2039 /* Continue with pairing via SMP */
2040 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2043 err = cmd_status(sk, hdev->id, mgmt_op,
2044 MGMT_STATUS_SUCCESS);
2046 err = cmd_status(sk, hdev->id, mgmt_op,
2047 MGMT_STATUS_FAILED);
2052 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2058 /* Continue with pairing via HCI */
2059 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2060 struct hci_cp_user_passkey_reply cp;
2062 bacpy(&cp.bdaddr, bdaddr);
2063 cp.passkey = passkey;
2064 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2066 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2069 mgmt_pending_remove(cmd);
2072 hci_dev_unlock(hdev);
2076 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2077 void *data, u16 len)
2079 struct mgmt_cp_pin_code_neg_reply *cp = data;
2083 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2084 MGMT_OP_PIN_CODE_NEG_REPLY,
2085 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2088 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2091 struct mgmt_cp_user_confirm_reply *cp = data;
2095 if (len != sizeof(*cp))
2096 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2097 MGMT_STATUS_INVALID_PARAMS);
2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2100 MGMT_OP_USER_CONFIRM_REPLY,
2101 HCI_OP_USER_CONFIRM_REPLY, 0);
2104 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2105 void *data, u16 len)
2107 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2112 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2113 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2116 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2119 struct mgmt_cp_user_passkey_reply *cp = data;
2123 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2124 MGMT_OP_USER_PASSKEY_REPLY,
2125 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2128 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2129 void *data, u16 len)
2131 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2135 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2136 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2137 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2140 static int update_name(struct hci_dev *hdev, const char *name)
2142 struct hci_cp_write_local_name cp;
2144 memcpy(cp.name, name, sizeof(cp.name));
2146 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2149 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2152 struct mgmt_cp_set_local_name *cp = data;
2153 struct pending_cmd *cmd;
2160 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2162 if (!hdev_is_powered(hdev)) {
2163 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2165 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2170 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2176 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2182 err = update_name(hdev, cp->name);
2184 mgmt_pending_remove(cmd);
2187 hci_dev_unlock(hdev);
2191 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2192 void *data, u16 data_len)
2194 struct pending_cmd *cmd;
2197 BT_DBG("%s", hdev->name);
2201 if (!hdev_is_powered(hdev)) {
2202 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2203 MGMT_STATUS_NOT_POWERED);
2207 if (!lmp_ssp_capable(hdev)) {
2208 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2209 MGMT_STATUS_NOT_SUPPORTED);
2213 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2214 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2219 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2225 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2227 mgmt_pending_remove(cmd);
2230 hci_dev_unlock(hdev);
2234 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2235 void *data, u16 len)
2237 struct mgmt_cp_add_remote_oob_data *cp = data;
2241 BT_DBG("%s ", hdev->name);
2245 if (!hdev_is_powered(hdev)) {
2246 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2247 MGMT_STATUS_NOT_POWERED, &cp->addr,
2252 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2255 status = MGMT_STATUS_FAILED;
2259 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2260 &cp->addr, sizeof(cp->addr));
2263 hci_dev_unlock(hdev);
2267 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2268 void *data, u16 len)
2270 struct mgmt_cp_remove_remote_oob_data *cp = data;
2274 BT_DBG("%s", hdev->name);
2278 if (!hdev_is_powered(hdev)) {
2279 err = cmd_complete(sk, hdev->id,
2280 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2281 MGMT_STATUS_NOT_POWERED, &cp->addr,
2286 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2288 status = MGMT_STATUS_INVALID_PARAMS;
2292 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2293 status, &cp->addr, sizeof(cp->addr));
2296 hci_dev_unlock(hdev);
2300 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2304 BT_DBG("%s", hdev->name);
2308 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2310 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2312 hci_dev_unlock(hdev);
2317 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2318 void *data, u16 len)
2320 struct mgmt_cp_start_discovery *cp = data;
2321 struct pending_cmd *cmd;
2324 BT_DBG("%s", hdev->name);
2328 if (!hdev_is_powered(hdev)) {
2329 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2330 MGMT_STATUS_NOT_POWERED);
2334 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2335 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2340 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2341 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2346 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2352 hdev->discovery.type = cp->type;
2354 switch (hdev->discovery.type) {
2355 case DISCOV_TYPE_BREDR:
2356 if (lmp_bredr_capable(hdev))
2357 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2362 case DISCOV_TYPE_LE:
2363 if (lmp_host_le_capable(hdev))
2364 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2365 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2370 case DISCOV_TYPE_INTERLEAVED:
2371 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2372 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2374 LE_SCAN_TIMEOUT_BREDR_LE);
2384 mgmt_pending_remove(cmd);
2386 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2389 hci_dev_unlock(hdev);
2393 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2396 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2397 struct pending_cmd *cmd;
2398 struct hci_cp_remote_name_req_cancel cp;
2399 struct inquiry_entry *e;
2402 BT_DBG("%s", hdev->name);
2406 if (!hci_discovery_active(hdev)) {
2407 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2408 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2409 sizeof(mgmt_cp->type));
2413 if (hdev->discovery.type != mgmt_cp->type) {
2414 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2415 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2416 sizeof(mgmt_cp->type));
2420 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2426 switch (hdev->discovery.state) {
2427 case DISCOVERY_FINDING:
2428 if (test_bit(HCI_INQUIRY, &hdev->flags))
2429 err = hci_cancel_inquiry(hdev);
2431 err = hci_cancel_le_scan(hdev);
2435 case DISCOVERY_RESOLVING:
2436 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2439 mgmt_pending_remove(cmd);
2440 err = cmd_complete(sk, hdev->id,
2441 MGMT_OP_STOP_DISCOVERY, 0,
2443 sizeof(mgmt_cp->type));
2444 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2448 bacpy(&cp.bdaddr, &e->data.bdaddr);
2449 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2455 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2460 mgmt_pending_remove(cmd);
2462 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2465 hci_dev_unlock(hdev);
2469 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2472 struct mgmt_cp_confirm_name *cp = data;
2473 struct inquiry_entry *e;
2476 BT_DBG("%s", hdev->name);
2480 if (!hci_discovery_active(hdev)) {
2481 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2482 MGMT_STATUS_FAILED);
2486 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2488 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2489 MGMT_STATUS_INVALID_PARAMS);
2493 if (cp->name_known) {
2494 e->name_state = NAME_KNOWN;
2497 e->name_state = NAME_NEEDED;
2498 hci_inquiry_cache_update_resolve(hdev, e);
2504 hci_dev_unlock(hdev);
2508 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2511 struct mgmt_cp_block_device *cp = data;
2515 BT_DBG("%s", hdev->name);
2519 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2521 status = MGMT_STATUS_FAILED;
2525 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2526 &cp->addr, sizeof(cp->addr));
2528 hci_dev_unlock(hdev);
2533 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2536 struct mgmt_cp_unblock_device *cp = data;
2540 BT_DBG("%s", hdev->name);
2544 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2546 status = MGMT_STATUS_INVALID_PARAMS;
2550 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2551 &cp->addr, sizeof(cp->addr));
2553 hci_dev_unlock(hdev);
2558 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2561 struct mgmt_cp_set_device_id *cp = data;
2565 BT_DBG("%s", hdev->name);
2567 source = __le16_to_cpu(cp->source);
2569 if (source > 0x0002)
2570 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2571 MGMT_STATUS_INVALID_PARAMS);
2575 hdev->devid_source = source;
2576 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2577 hdev->devid_product = __le16_to_cpu(cp->product);
2578 hdev->devid_version = __le16_to_cpu(cp->version);
2580 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2584 hci_dev_unlock(hdev);
2589 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2590 void *data, u16 len)
2592 struct mgmt_mode *cp = data;
2593 struct hci_cp_write_page_scan_activity acp;
2597 BT_DBG("%s", hdev->name);
2599 if (!hdev_is_powered(hdev))
2600 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2601 MGMT_STATUS_NOT_POWERED);
2603 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2604 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2605 MGMT_STATUS_REJECTED);
2610 type = PAGE_SCAN_TYPE_INTERLACED;
2612 /* 160 msec page scan interval */
2613 acp.interval = __constant_cpu_to_le16(0x0100);
2615 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2617 /* default 1.28 sec page scan */
2618 acp.interval = __constant_cpu_to_le16(0x0800);
2621 /* default 11.25 msec page scan window */
2622 acp.window = __constant_cpu_to_le16(0x0012);
2624 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2627 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2628 MGMT_STATUS_FAILED);
2632 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2634 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2635 MGMT_STATUS_FAILED);
2639 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2642 hci_dev_unlock(hdev);
2646 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2647 void *cp_data, u16 len)
2649 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2650 u16 key_count, expected_len;
2653 key_count = __le16_to_cpu(cp->key_count);
2655 expected_len = sizeof(*cp) + key_count *
2656 sizeof(struct mgmt_ltk_info);
2657 if (expected_len != len) {
2658 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2660 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2664 BT_DBG("%s key_count %u", hdev->name, key_count);
2668 hci_smp_ltks_clear(hdev);
2670 for (i = 0; i < key_count; i++) {
2671 struct mgmt_ltk_info *key = &cp->keys[i];
2677 type = HCI_SMP_LTK_SLAVE;
2679 hci_add_ltk(hdev, &key->addr.bdaddr,
2680 bdaddr_to_le(key->addr.type),
2681 type, 0, key->authenticated, key->val,
2682 key->enc_size, key->ediv, key->rand);
2685 hci_dev_unlock(hdev);
2690 static const struct mgmt_handler {
2691 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2695 } mgmt_handlers[] = {
2696 { NULL }, /* 0x0000 (no command) */
2697 { read_version, false, MGMT_READ_VERSION_SIZE },
2698 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2699 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2700 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2701 { set_powered, false, MGMT_SETTING_SIZE },
2702 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2703 { set_connectable, false, MGMT_SETTING_SIZE },
2704 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2705 { set_pairable, false, MGMT_SETTING_SIZE },
2706 { set_link_security, false, MGMT_SETTING_SIZE },
2707 { set_ssp, false, MGMT_SETTING_SIZE },
2708 { set_hs, false, MGMT_SETTING_SIZE },
2709 { set_le, false, MGMT_SETTING_SIZE },
2710 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2711 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2712 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2713 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2714 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2715 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2716 { disconnect, false, MGMT_DISCONNECT_SIZE },
2717 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2718 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2719 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2720 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2721 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2722 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2723 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2724 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2725 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2726 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2727 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2728 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2729 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2730 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2731 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2732 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2733 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2734 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2735 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2736 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2740 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2744 struct mgmt_hdr *hdr;
2745 u16 opcode, index, len;
2746 struct hci_dev *hdev = NULL;
2747 const struct mgmt_handler *handler;
2750 BT_DBG("got %zu bytes", msglen);
2752 if (msglen < sizeof(*hdr))
2755 buf = kmalloc(msglen, GFP_KERNEL);
2759 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2765 opcode = __le16_to_cpu(hdr->opcode);
2766 index = __le16_to_cpu(hdr->index);
2767 len = __le16_to_cpu(hdr->len);
2769 if (len != msglen - sizeof(*hdr)) {
2774 if (index != MGMT_INDEX_NONE) {
2775 hdev = hci_dev_get(index);
2777 err = cmd_status(sk, index, opcode,
2778 MGMT_STATUS_INVALID_INDEX);
2783 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2784 mgmt_handlers[opcode].func == NULL) {
2785 BT_DBG("Unknown op %u", opcode);
2786 err = cmd_status(sk, index, opcode,
2787 MGMT_STATUS_UNKNOWN_COMMAND);
2791 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2792 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2793 err = cmd_status(sk, index, opcode,
2794 MGMT_STATUS_INVALID_INDEX);
2798 handler = &mgmt_handlers[opcode];
2800 if ((handler->var_len && len < handler->data_len) ||
2801 (!handler->var_len && len != handler->data_len)) {
2802 err = cmd_status(sk, index, opcode,
2803 MGMT_STATUS_INVALID_PARAMS);
2808 mgmt_init_hdev(sk, hdev);
2810 cp = buf + sizeof(*hdr);
2812 err = handler->func(sk, hdev, cp, len);
2826 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2830 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2831 mgmt_pending_remove(cmd);
2834 int mgmt_index_added(struct hci_dev *hdev)
2836 if (!mgmt_valid_hdev(hdev))
2839 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2842 int mgmt_index_removed(struct hci_dev *hdev)
2844 u8 status = MGMT_STATUS_INVALID_INDEX;
2846 if (!mgmt_valid_hdev(hdev))
2849 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2851 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2856 struct hci_dev *hdev;
2860 static void settings_rsp(struct pending_cmd *cmd, void *data)
2862 struct cmd_lookup *match = data;
2864 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2866 list_del(&cmd->list);
2868 if (match->sk == NULL) {
2869 match->sk = cmd->sk;
2870 sock_hold(match->sk);
2873 mgmt_pending_free(cmd);
2876 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2878 struct cmd_lookup match = { NULL, hdev };
2881 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2884 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2889 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2891 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2892 scan |= SCAN_INQUIRY;
2895 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2897 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2900 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2903 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2904 struct hci_cp_write_le_host_supported cp;
2907 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2909 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2914 update_name(hdev, hdev->dev_name);
2917 u8 status = MGMT_STATUS_NOT_POWERED;
2918 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2921 err = new_settings(hdev, match.sk);
2929 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2931 struct cmd_lookup match = { NULL, hdev };
2932 bool changed = false;
2936 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2939 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2943 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2947 err = new_settings(hdev, match.sk);
2955 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2957 struct cmd_lookup match = { NULL, hdev };
2958 bool changed = false;
2962 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2965 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2969 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2973 err = new_settings(hdev, match.sk);
2981 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2983 u8 mgmt_err = mgmt_status(status);
2985 if (scan & SCAN_PAGE)
2986 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2987 cmd_status_rsp, &mgmt_err);
2989 if (scan & SCAN_INQUIRY)
2990 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2991 cmd_status_rsp, &mgmt_err);
2996 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2999 struct mgmt_ev_new_link_key ev;
3001 memset(&ev, 0, sizeof(ev));
3003 ev.store_hint = persistent;
3004 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3005 ev.key.addr.type = BDADDR_BREDR;
3006 ev.key.type = key->type;
3007 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3008 ev.key.pin_len = key->pin_len;
3010 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3013 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3015 struct mgmt_ev_new_long_term_key ev;
3017 memset(&ev, 0, sizeof(ev));
3019 ev.store_hint = persistent;
3020 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3021 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3022 ev.key.authenticated = key->authenticated;
3023 ev.key.enc_size = key->enc_size;
3024 ev.key.ediv = key->ediv;
3026 if (key->type == HCI_SMP_LTK)
3029 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3030 memcpy(ev.key.val, key->val, sizeof(key->val));
3032 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3036 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3037 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3041 struct mgmt_ev_device_connected *ev = (void *) buf;
3044 bacpy(&ev->addr.bdaddr, bdaddr);
3045 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3047 ev->flags = __cpu_to_le32(flags);
3050 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3053 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3054 eir_len = eir_append_data(ev->eir, eir_len,
3055 EIR_CLASS_OF_DEV, dev_class, 3);
3057 ev->eir_len = cpu_to_le16(eir_len);
3059 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3060 sizeof(*ev) + eir_len, NULL);
3063 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3065 struct mgmt_cp_disconnect *cp = cmd->param;
3066 struct sock **sk = data;
3067 struct mgmt_rp_disconnect rp;
3069 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3070 rp.addr.type = cp->addr.type;
3072 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3078 mgmt_pending_remove(cmd);
3081 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3083 struct hci_dev *hdev = data;
3084 struct mgmt_cp_unpair_device *cp = cmd->param;
3085 struct mgmt_rp_unpair_device rp;
3087 memset(&rp, 0, sizeof(rp));
3088 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3089 rp.addr.type = cp->addr.type;
3091 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3093 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3095 mgmt_pending_remove(cmd);
3098 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3099 u8 link_type, u8 addr_type, u8 reason)
3101 struct mgmt_ev_device_disconnected ev;
3102 struct sock *sk = NULL;
3105 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3107 bacpy(&ev.addr.bdaddr, bdaddr);
3108 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3111 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3117 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3123 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3124 u8 link_type, u8 addr_type, u8 status)
3126 struct mgmt_rp_disconnect rp;
3127 struct pending_cmd *cmd;
3130 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3134 bacpy(&rp.addr.bdaddr, bdaddr);
3135 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3137 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3138 mgmt_status(status), &rp, sizeof(rp));
3140 mgmt_pending_remove(cmd);
3142 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3147 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3148 u8 addr_type, u8 status)
3150 struct mgmt_ev_connect_failed ev;
3152 bacpy(&ev.addr.bdaddr, bdaddr);
3153 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3154 ev.status = mgmt_status(status);
3156 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3159 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3161 struct mgmt_ev_pin_code_request ev;
3163 bacpy(&ev.addr.bdaddr, bdaddr);
3164 ev.addr.type = BDADDR_BREDR;
3167 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3171 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3174 struct pending_cmd *cmd;
3175 struct mgmt_rp_pin_code_reply rp;
3178 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3182 bacpy(&rp.addr.bdaddr, bdaddr);
3183 rp.addr.type = BDADDR_BREDR;
3185 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3186 mgmt_status(status), &rp, sizeof(rp));
3188 mgmt_pending_remove(cmd);
3193 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3196 struct pending_cmd *cmd;
3197 struct mgmt_rp_pin_code_reply rp;
3200 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3204 bacpy(&rp.addr.bdaddr, bdaddr);
3205 rp.addr.type = BDADDR_BREDR;
3207 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3208 mgmt_status(status), &rp, sizeof(rp));
3210 mgmt_pending_remove(cmd);
3215 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3216 u8 link_type, u8 addr_type, __le32 value,
3219 struct mgmt_ev_user_confirm_request ev;
3221 BT_DBG("%s", hdev->name);
3223 bacpy(&ev.addr.bdaddr, bdaddr);
3224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3225 ev.confirm_hint = confirm_hint;
3228 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3232 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3233 u8 link_type, u8 addr_type)
3235 struct mgmt_ev_user_passkey_request ev;
3237 BT_DBG("%s", hdev->name);
3239 bacpy(&ev.addr.bdaddr, bdaddr);
3240 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3242 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3246 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3247 u8 link_type, u8 addr_type, u8 status,
3250 struct pending_cmd *cmd;
3251 struct mgmt_rp_user_confirm_reply rp;
3254 cmd = mgmt_pending_find(opcode, hdev);
3258 bacpy(&rp.addr.bdaddr, bdaddr);
3259 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3260 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3263 mgmt_pending_remove(cmd);
3268 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3269 u8 link_type, u8 addr_type, u8 status)
3271 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3272 status, MGMT_OP_USER_CONFIRM_REPLY);
3275 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3276 u8 link_type, u8 addr_type, u8 status)
3278 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3280 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3283 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3284 u8 link_type, u8 addr_type, u8 status)
3286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3287 status, MGMT_OP_USER_PASSKEY_REPLY);
3290 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3291 u8 link_type, u8 addr_type, u8 status)
3293 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3295 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3298 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3299 u8 link_type, u8 addr_type, u32 passkey,
3302 struct mgmt_ev_passkey_notify ev;
3304 BT_DBG("%s", hdev->name);
3306 bacpy(&ev.addr.bdaddr, bdaddr);
3307 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3308 ev.passkey = __cpu_to_le32(passkey);
3309 ev.entered = entered;
3311 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3314 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3315 u8 addr_type, u8 status)
3317 struct mgmt_ev_auth_failed ev;
3319 bacpy(&ev.addr.bdaddr, bdaddr);
3320 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3321 ev.status = mgmt_status(status);
3323 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3326 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3328 struct cmd_lookup match = { NULL, hdev };
3329 bool changed = false;
3333 u8 mgmt_err = mgmt_status(status);
3334 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3335 cmd_status_rsp, &mgmt_err);
3339 if (test_bit(HCI_AUTH, &hdev->flags)) {
3340 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3343 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3347 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3351 err = new_settings(hdev, match.sk);
3359 static int clear_eir(struct hci_dev *hdev)
3361 struct hci_cp_write_eir cp;
3363 if (!(hdev->features[6] & LMP_EXT_INQ))
3366 memset(hdev->eir, 0, sizeof(hdev->eir));
3368 memset(&cp, 0, sizeof(cp));
3370 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3373 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3375 struct cmd_lookup match = { NULL, hdev };
3376 bool changed = false;
3380 u8 mgmt_err = mgmt_status(status);
3382 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3384 err = new_settings(hdev, NULL);
3386 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3393 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3396 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3400 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3403 err = new_settings(hdev, match.sk);
3408 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3416 static void class_rsp(struct pending_cmd *cmd, void *data)
3418 struct cmd_lookup *match = data;
3420 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3421 match->hdev->dev_class, 3);
3423 list_del(&cmd->list);
3425 if (match->sk == NULL) {
3426 match->sk = cmd->sk;
3427 sock_hold(match->sk);
3430 mgmt_pending_free(cmd);
3433 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3436 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3439 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3441 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3442 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3443 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3446 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3455 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3457 struct pending_cmd *cmd;
3458 struct mgmt_cp_set_local_name ev;
3459 bool changed = false;
3462 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3463 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3467 memset(&ev, 0, sizeof(ev));
3468 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3469 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3471 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3475 /* Always assume that either the short or the complete name has
3476 * changed if there was a pending mgmt command */
3480 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3481 mgmt_status(status));
3485 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3492 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3493 sizeof(ev), cmd ? cmd->sk : NULL);
3499 mgmt_pending_remove(cmd);
3503 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3504 u8 *randomizer, u8 status)
3506 struct pending_cmd *cmd;
3509 BT_DBG("%s status %u", hdev->name, status);
3511 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3516 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3517 mgmt_status(status));
3519 struct mgmt_rp_read_local_oob_data rp;
3521 memcpy(rp.hash, hash, sizeof(rp.hash));
3522 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3524 err = cmd_complete(cmd->sk, hdev->id,
3525 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3529 mgmt_pending_remove(cmd);
3534 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3536 struct cmd_lookup match = { NULL, hdev };
3537 bool changed = false;
3541 u8 mgmt_err = mgmt_status(status);
3543 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3545 err = new_settings(hdev, NULL);
3547 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3554 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3557 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3561 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3564 err = new_settings(hdev, match.sk);
3572 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3573 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3574 ssp, u8 *eir, u16 eir_len)
3577 struct mgmt_ev_device_found *ev = (void *) buf;
3580 /* Leave 5 bytes for a potential CoD field */
3581 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3584 memset(buf, 0, sizeof(buf));
3586 bacpy(&ev->addr.bdaddr, bdaddr);
3587 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3590 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3592 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3595 memcpy(ev->eir, eir, eir_len);
3597 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3598 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3601 ev->eir_len = cpu_to_le16(eir_len);
3602 ev_size = sizeof(*ev) + eir_len;
3604 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3607 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3608 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3610 struct mgmt_ev_device_found *ev;
3611 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3614 ev = (struct mgmt_ev_device_found *) buf;
3616 memset(buf, 0, sizeof(buf));
3618 bacpy(&ev->addr.bdaddr, bdaddr);
3619 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3622 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3625 ev->eir_len = cpu_to_le16(eir_len);
3627 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3628 sizeof(*ev) + eir_len, NULL);
3631 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3633 struct pending_cmd *cmd;
3637 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3639 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3643 type = hdev->discovery.type;
3645 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3646 &type, sizeof(type));
3647 mgmt_pending_remove(cmd);
3652 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3654 struct pending_cmd *cmd;
3657 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3661 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3662 &hdev->discovery.type, sizeof(hdev->discovery.type));
3663 mgmt_pending_remove(cmd);
3668 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3670 struct mgmt_ev_discovering ev;
3671 struct pending_cmd *cmd;
3673 BT_DBG("%s discovering %u", hdev->name, discovering);
3676 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3678 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3681 u8 type = hdev->discovery.type;
3683 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3685 mgmt_pending_remove(cmd);
3688 memset(&ev, 0, sizeof(ev));
3689 ev.type = hdev->discovery.type;
3690 ev.discovering = discovering;
3692 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3695 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3697 struct pending_cmd *cmd;
3698 struct mgmt_ev_device_blocked ev;
3700 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3702 bacpy(&ev.addr.bdaddr, bdaddr);
3703 ev.addr.type = type;
3705 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3706 cmd ? cmd->sk : NULL);
3709 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3711 struct pending_cmd *cmd;
3712 struct mgmt_ev_device_unblocked ev;
3714 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3716 bacpy(&ev.addr.bdaddr, bdaddr);
3717 ev.addr.type = type;
3719 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3720 cmd ? cmd->sk : NULL);
3723 module_param(enable_hs, bool, 0644);
3724 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");