2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <linux/module.h>
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #define MGMT_VERSION 0
34 #define MGMT_REVISION 1
36 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
39 struct list_head list;
47 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
51 struct mgmt_ev_cmd_status *ev;
54 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
56 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
60 hdr = (void *) skb_put(skb, sizeof(*hdr));
62 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
63 hdr->index = cpu_to_le16(index);
64 hdr->len = cpu_to_le16(sizeof(*ev));
66 ev = (void *) skb_put(skb, sizeof(*ev));
68 put_unaligned_le16(cmd, &ev->opcode);
70 err = sock_queue_rcv_skb(sk, skb);
77 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
82 struct mgmt_ev_cmd_complete *ev;
85 BT_DBG("sock %p", sk);
87 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
91 hdr = (void *) skb_put(skb, sizeof(*hdr));
93 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
94 hdr->index = cpu_to_le16(index);
95 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
97 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
98 put_unaligned_le16(cmd, &ev->opcode);
101 memcpy(ev->data, rp, rp_len);
103 err = sock_queue_rcv_skb(sk, skb);
110 static int read_version(struct sock *sk)
112 struct mgmt_rp_read_version rp;
114 BT_DBG("sock %p", sk);
116 rp.version = MGMT_VERSION;
117 put_unaligned_le16(MGMT_REVISION, &rp.revision);
119 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
123 static int read_index_list(struct sock *sk)
125 struct mgmt_rp_read_index_list *rp;
132 BT_DBG("sock %p", sk);
134 read_lock(&hci_dev_list_lock);
137 list_for_each(p, &hci_dev_list) {
141 rp_len = sizeof(*rp) + (2 * count);
142 rp = kmalloc(rp_len, GFP_ATOMIC);
144 read_unlock(&hci_dev_list_lock);
148 put_unaligned_le16(count, &rp->num_controllers);
151 list_for_each_entry(d, &hci_dev_list, list) {
152 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
153 cancel_delayed_work(&d->power_off);
155 if (test_bit(HCI_SETUP, &d->flags))
158 put_unaligned_le16(d->id, &rp->index[i++]);
159 BT_DBG("Added hci%u", d->id);
162 read_unlock(&hci_dev_list_lock);
164 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
172 static int read_controller_info(struct sock *sk, u16 index)
174 struct mgmt_rp_read_info rp;
175 struct hci_dev *hdev;
177 BT_DBG("sock %p hci%u", sk, index);
179 hdev = hci_dev_get(index);
181 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
183 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
184 cancel_delayed_work_sync(&hdev->power_off);
186 hci_dev_lock_bh(hdev);
188 set_bit(HCI_MGMT, &hdev->flags);
190 memset(&rp, 0, sizeof(rp));
192 rp.type = hdev->dev_type;
194 rp.powered = test_bit(HCI_UP, &hdev->flags);
195 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
196 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
197 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
199 if (test_bit(HCI_AUTH, &hdev->flags))
201 else if (hdev->ssp_mode > 0)
206 bacpy(&rp.bdaddr, &hdev->bdaddr);
207 memcpy(rp.features, hdev->features, 8);
208 memcpy(rp.dev_class, hdev->dev_class, 3);
209 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
210 rp.hci_ver = hdev->hci_ver;
211 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
213 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
215 hci_dev_unlock_bh(hdev);
218 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
221 static void mgmt_pending_free(struct pending_cmd *cmd)
228 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
229 struct hci_dev *hdev,
232 struct pending_cmd *cmd;
234 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
238 cmd->opcode = opcode;
239 cmd->index = hdev->id;
241 cmd->param = kmalloc(len, GFP_ATOMIC);
248 memcpy(cmd->param, data, len);
253 list_add(&cmd->list, &hdev->mgmt_pending);
258 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
259 void (*cb)(struct pending_cmd *cmd, void *data),
262 struct list_head *p, *n;
264 list_for_each_safe(p, n, &hdev->mgmt_pending) {
265 struct pending_cmd *cmd;
267 cmd = list_entry(p, struct pending_cmd, list);
269 if (opcode > 0 && cmd->opcode != opcode)
276 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
278 struct pending_cmd *cmd;
280 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
281 if (cmd->opcode == opcode)
288 static void mgmt_pending_remove(struct pending_cmd *cmd)
290 list_del(&cmd->list);
291 mgmt_pending_free(cmd);
294 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
296 struct mgmt_mode *cp;
297 struct hci_dev *hdev;
298 struct pending_cmd *cmd;
303 BT_DBG("request for hci%u", index);
305 if (len != sizeof(*cp))
306 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
308 hdev = hci_dev_get(index);
310 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
312 hci_dev_lock_bh(hdev);
314 up = test_bit(HCI_UP, &hdev->flags);
315 if ((cp->val && up) || (!cp->val && !up)) {
316 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
320 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
321 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
325 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
332 queue_work(hdev->workqueue, &hdev->power_on);
334 queue_work(hdev->workqueue, &hdev->power_off.work);
339 hci_dev_unlock_bh(hdev);
344 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
347 struct mgmt_cp_set_discoverable *cp;
348 struct hci_dev *hdev;
349 struct pending_cmd *cmd;
355 BT_DBG("request for hci%u", index);
357 if (len != sizeof(*cp))
358 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
360 hdev = hci_dev_get(index);
362 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
364 hci_dev_lock_bh(hdev);
366 if (!test_bit(HCI_UP, &hdev->flags)) {
367 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
371 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
372 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
373 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
377 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
378 test_bit(HCI_PSCAN, &hdev->flags)) {
379 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
383 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
392 scan |= SCAN_INQUIRY;
394 cancel_delayed_work(&hdev->discov_off);
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
398 mgmt_pending_remove(cmd);
401 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
404 hci_dev_unlock_bh(hdev);
410 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413 struct mgmt_mode *cp;
414 struct hci_dev *hdev;
415 struct pending_cmd *cmd;
421 BT_DBG("request for hci%u", index);
423 if (len != sizeof(*cp))
424 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
426 hdev = hci_dev_get(index);
428 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
430 hci_dev_lock_bh(hdev);
432 if (!test_bit(HCI_UP, &hdev->flags)) {
433 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
437 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
438 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
439 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
443 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
444 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
448 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
459 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
461 mgmt_pending_remove(cmd);
464 hci_dev_unlock_bh(hdev);
470 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
471 u16 data_len, struct sock *skip_sk)
474 struct mgmt_hdr *hdr;
476 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
480 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
482 hdr = (void *) skb_put(skb, sizeof(*hdr));
483 hdr->opcode = cpu_to_le16(event);
485 hdr->index = cpu_to_le16(hdev->id);
487 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
488 hdr->len = cpu_to_le16(data_len);
491 memcpy(skb_put(skb, data_len), data, data_len);
493 hci_send_to_sock(NULL, skb, skip_sk);
499 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
505 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
508 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
511 struct mgmt_mode *cp, ev;
512 struct hci_dev *hdev;
517 BT_DBG("request for hci%u", index);
519 if (len != sizeof(*cp))
520 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
522 hdev = hci_dev_get(index);
524 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
526 hci_dev_lock_bh(hdev);
529 set_bit(HCI_PAIRABLE, &hdev->flags);
531 clear_bit(HCI_PAIRABLE, &hdev->flags);
533 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
539 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
542 hci_dev_unlock_bh(hdev);
548 #define EIR_FLAGS 0x01 /* flags */
549 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
550 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
551 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
552 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
553 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
554 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
555 #define EIR_NAME_SHORT 0x08 /* shortened local name */
556 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
557 #define EIR_TX_POWER 0x0A /* transmit power level */
558 #define EIR_DEVICE_ID 0x10 /* device ID */
560 #define PNP_INFO_SVCLASS_ID 0x1200
562 static u8 bluetooth_base_uuid[] = {
563 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
564 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
567 static u16 get_uuid16(u8 *uuid128)
572 for (i = 0; i < 12; i++) {
573 if (bluetooth_base_uuid[i] != uuid128[i])
577 memcpy(&val, &uuid128[12], 4);
579 val = le32_to_cpu(val);
586 static void create_eir(struct hci_dev *hdev, u8 *data)
590 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
591 int i, truncated = 0;
592 struct bt_uuid *uuid;
595 name_len = strlen(hdev->dev_name);
601 ptr[1] = EIR_NAME_SHORT;
603 ptr[1] = EIR_NAME_COMPLETE;
605 /* EIR Data length */
606 ptr[0] = name_len + 1;
608 memcpy(ptr + 2, hdev->dev_name, name_len);
610 eir_len += (name_len + 2);
611 ptr += (name_len + 2);
614 memset(uuid16_list, 0, sizeof(uuid16_list));
616 /* Group all UUID16 types */
617 list_for_each_entry(uuid, &hdev->uuids, list) {
620 uuid16 = get_uuid16(uuid->uuid);
627 if (uuid16 == PNP_INFO_SVCLASS_ID)
630 /* Stop if not enough space to put next UUID */
631 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
636 /* Check for duplicates */
637 for (i = 0; uuid16_list[i] != 0; i++)
638 if (uuid16_list[i] == uuid16)
641 if (uuid16_list[i] == 0) {
642 uuid16_list[i] = uuid16;
643 eir_len += sizeof(u16);
647 if (uuid16_list[0] != 0) {
651 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
656 for (i = 0; uuid16_list[i] != 0; i++) {
657 *ptr++ = (uuid16_list[i] & 0x00ff);
658 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
661 /* EIR Data length */
662 *length = (i * sizeof(u16)) + 1;
666 static int update_eir(struct hci_dev *hdev)
668 struct hci_cp_write_eir cp;
670 if (!(hdev->features[6] & LMP_EXT_INQ))
673 if (hdev->ssp_mode == 0)
676 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
679 memset(&cp, 0, sizeof(cp));
681 create_eir(hdev, cp.data);
683 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
686 memcpy(hdev->eir, cp.data, sizeof(cp.data));
688 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
691 static u8 get_service_classes(struct hci_dev *hdev)
693 struct bt_uuid *uuid;
696 list_for_each_entry(uuid, &hdev->uuids, list)
697 val |= uuid->svc_hint;
702 static int update_class(struct hci_dev *hdev)
706 BT_DBG("%s", hdev->name);
708 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
711 cod[0] = hdev->minor_class;
712 cod[1] = hdev->major_class;
713 cod[2] = get_service_classes(hdev);
715 if (memcmp(cod, hdev->dev_class, 3) == 0)
718 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
721 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
723 struct mgmt_cp_add_uuid *cp;
724 struct hci_dev *hdev;
725 struct bt_uuid *uuid;
730 BT_DBG("request for hci%u", index);
732 if (len != sizeof(*cp))
733 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
735 hdev = hci_dev_get(index);
737 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
739 hci_dev_lock_bh(hdev);
741 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
747 memcpy(uuid->uuid, cp->uuid, 16);
748 uuid->svc_hint = cp->svc_hint;
750 list_add(&uuid->list, &hdev->uuids);
752 err = update_class(hdev);
756 err = update_eir(hdev);
760 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
763 hci_dev_unlock_bh(hdev);
769 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
771 struct list_head *p, *n;
772 struct mgmt_cp_remove_uuid *cp;
773 struct hci_dev *hdev;
774 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
779 BT_DBG("request for hci%u", index);
781 if (len != sizeof(*cp))
782 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
784 hdev = hci_dev_get(index);
786 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
788 hci_dev_lock_bh(hdev);
790 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
791 err = hci_uuids_clear(hdev);
797 list_for_each_safe(p, n, &hdev->uuids) {
798 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
800 if (memcmp(match->uuid, cp->uuid, 16) != 0)
803 list_del(&match->list);
808 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
812 err = update_class(hdev);
816 err = update_eir(hdev);
820 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
823 hci_dev_unlock_bh(hdev);
829 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
832 struct hci_dev *hdev;
833 struct mgmt_cp_set_dev_class *cp;
838 BT_DBG("request for hci%u", index);
840 if (len != sizeof(*cp))
841 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
843 hdev = hci_dev_get(index);
845 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
847 hci_dev_lock_bh(hdev);
849 hdev->major_class = cp->major;
850 hdev->minor_class = cp->minor;
852 err = update_class(hdev);
855 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
857 hci_dev_unlock_bh(hdev);
863 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
866 struct hci_dev *hdev;
867 struct mgmt_cp_set_service_cache *cp;
872 if (len != sizeof(*cp))
873 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
875 hdev = hci_dev_get(index);
877 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
879 hci_dev_lock_bh(hdev);
881 BT_DBG("hci%u enable %d", index, cp->enable);
884 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
888 err = update_class(hdev);
890 err = update_eir(hdev);
894 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
897 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
900 hci_dev_unlock_bh(hdev);
906 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
909 struct hci_dev *hdev;
910 struct mgmt_cp_load_link_keys *cp;
911 u16 key_count, expected_len;
916 if (len < sizeof(*cp))
917 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
919 key_count = get_unaligned_le16(&cp->key_count);
921 expected_len = sizeof(*cp) + key_count *
922 sizeof(struct mgmt_link_key_info);
923 if (expected_len != len) {
924 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
926 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
929 hdev = hci_dev_get(index);
931 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
933 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
936 hci_dev_lock_bh(hdev);
938 hci_link_keys_clear(hdev);
940 set_bit(HCI_LINK_KEYS, &hdev->flags);
943 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
945 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
947 for (i = 0; i < key_count; i++) {
948 struct mgmt_link_key_info *key = &cp->keys[i];
950 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
954 hci_dev_unlock_bh(hdev);
960 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
963 struct hci_dev *hdev;
964 struct mgmt_cp_remove_keys *cp;
965 struct hci_conn *conn;
970 if (len != sizeof(*cp))
971 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
973 hdev = hci_dev_get(index);
975 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
977 hci_dev_lock_bh(hdev);
979 err = hci_remove_link_key(hdev, &cp->bdaddr);
981 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
987 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
990 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
992 struct hci_cp_disconnect dc;
994 put_unaligned_le16(conn->handle, &dc.handle);
995 dc.reason = 0x13; /* Remote User Terminated Connection */
996 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1000 hci_dev_unlock_bh(hdev);
1006 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1008 struct hci_dev *hdev;
1009 struct mgmt_cp_disconnect *cp;
1010 struct hci_cp_disconnect dc;
1011 struct pending_cmd *cmd;
1012 struct hci_conn *conn;
1019 if (len != sizeof(*cp))
1020 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1022 hdev = hci_dev_get(index);
1024 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1026 hci_dev_lock_bh(hdev);
1028 if (!test_bit(HCI_UP, &hdev->flags)) {
1029 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1033 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1034 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1040 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1043 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1047 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1053 put_unaligned_le16(conn->handle, &dc.handle);
1054 dc.reason = 0x13; /* Remote User Terminated Connection */
1056 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1058 mgmt_pending_remove(cmd);
1061 hci_dev_unlock_bh(hdev);
1067 static u8 link_to_mgmt(u8 link_type)
1069 switch (link_type) {
1071 return MGMT_ADDR_LE;
1073 return MGMT_ADDR_BREDR;
1075 return MGMT_ADDR_INVALID;
1079 static int get_connections(struct sock *sk, u16 index)
1081 struct mgmt_rp_get_connections *rp;
1082 struct hci_dev *hdev;
1084 struct list_head *p;
1091 hdev = hci_dev_get(index);
1093 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1095 hci_dev_lock_bh(hdev);
1098 list_for_each(p, &hdev->conn_hash.list) {
1102 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1103 rp = kmalloc(rp_len, GFP_ATOMIC);
1109 put_unaligned_le16(count, &rp->conn_count);
1112 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1113 bacpy(&rp->addr[i].bdaddr, &c->dst);
1114 rp->addr[i].type = link_to_mgmt(c->type);
1115 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1120 /* Recalculate length in case of filtered SCO connections, etc */
1121 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1123 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1127 hci_dev_unlock_bh(hdev);
1132 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1133 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1135 struct pending_cmd *cmd;
1138 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1143 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1146 mgmt_pending_remove(cmd);
1151 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1154 struct hci_dev *hdev;
1155 struct hci_conn *conn;
1156 struct mgmt_cp_pin_code_reply *cp;
1157 struct mgmt_cp_pin_code_neg_reply ncp;
1158 struct hci_cp_pin_code_reply reply;
1159 struct pending_cmd *cmd;
1166 if (len != sizeof(*cp))
1167 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1169 hdev = hci_dev_get(index);
1171 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1173 hci_dev_lock_bh(hdev);
1175 if (!test_bit(HCI_UP, &hdev->flags)) {
1176 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1180 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1182 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1186 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1187 bacpy(&ncp.bdaddr, &cp->bdaddr);
1189 BT_ERR("PIN code is not 16 bytes long");
1191 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1193 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1199 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1205 bacpy(&reply.bdaddr, &cp->bdaddr);
1206 reply.pin_len = cp->pin_len;
1207 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1209 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1211 mgmt_pending_remove(cmd);
1214 hci_dev_unlock_bh(hdev);
1220 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1223 struct hci_dev *hdev;
1224 struct mgmt_cp_pin_code_neg_reply *cp;
1231 if (len != sizeof(*cp))
1232 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1235 hdev = hci_dev_get(index);
1237 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1240 hci_dev_lock_bh(hdev);
1242 if (!test_bit(HCI_UP, &hdev->flags)) {
1243 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1248 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1251 hci_dev_unlock_bh(hdev);
1257 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1260 struct hci_dev *hdev;
1261 struct mgmt_cp_set_io_capability *cp;
1267 if (len != sizeof(*cp))
1268 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1270 hdev = hci_dev_get(index);
1272 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1274 hci_dev_lock_bh(hdev);
1276 hdev->io_capability = cp->io_capability;
1278 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1279 hdev->io_capability);
1281 hci_dev_unlock_bh(hdev);
1284 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1287 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1289 struct hci_dev *hdev = conn->hdev;
1290 struct pending_cmd *cmd;
1292 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1293 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1296 if (cmd->user_data != conn)
1305 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1307 struct mgmt_rp_pair_device rp;
1308 struct hci_conn *conn = cmd->user_data;
1310 bacpy(&rp.bdaddr, &conn->dst);
1313 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1315 /* So we don't get further callbacks for this connection */
1316 conn->connect_cfm_cb = NULL;
1317 conn->security_cfm_cb = NULL;
1318 conn->disconn_cfm_cb = NULL;
1322 mgmt_pending_remove(cmd);
1325 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1327 struct pending_cmd *cmd;
1328 struct hci_dev *hdev = conn->hdev;
1330 BT_DBG("status %u", status);
1332 hci_dev_lock_bh(hdev);
1334 cmd = find_pairing(conn);
1336 BT_DBG("Unable to find a pending command");
1338 pairing_complete(cmd, status);
1340 hci_dev_unlock_bh(hdev);
1343 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1345 struct hci_dev *hdev;
1346 struct mgmt_cp_pair_device *cp;
1347 struct pending_cmd *cmd;
1348 struct adv_entry *entry;
1349 u8 sec_level, auth_type;
1350 struct hci_conn *conn;
1357 if (len != sizeof(*cp))
1358 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1360 hdev = hci_dev_get(index);
1362 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1364 hci_dev_lock_bh(hdev);
1366 sec_level = BT_SECURITY_MEDIUM;
1367 if (cp->io_cap == 0x03)
1368 auth_type = HCI_AT_DEDICATED_BONDING;
1370 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1372 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1374 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1377 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1381 err = PTR_ERR(conn);
1385 if (conn->connect_cfm_cb) {
1387 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1391 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1398 /* For LE, just connecting isn't a proof that the pairing finished */
1400 conn->connect_cfm_cb = pairing_complete_cb;
1402 conn->security_cfm_cb = pairing_complete_cb;
1403 conn->disconn_cfm_cb = pairing_complete_cb;
1404 conn->io_capability = cp->io_cap;
1405 cmd->user_data = conn;
1407 if (conn->state == BT_CONNECTED &&
1408 hci_conn_security(conn, sec_level, auth_type))
1409 pairing_complete(cmd, 0);
1414 hci_dev_unlock_bh(hdev);
1420 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1421 u16 len, int success)
1423 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1424 u16 mgmt_op, hci_op;
1425 struct pending_cmd *cmd;
1426 struct hci_dev *hdev;
1432 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1433 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1435 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1436 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1439 if (len != sizeof(*cp))
1440 return cmd_status(sk, index, mgmt_op, EINVAL);
1442 hdev = hci_dev_get(index);
1444 return cmd_status(sk, index, mgmt_op, ENODEV);
1446 hci_dev_lock_bh(hdev);
1448 if (!test_bit(HCI_UP, &hdev->flags)) {
1449 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1453 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1459 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1461 mgmt_pending_remove(cmd);
1464 hci_dev_unlock_bh(hdev);
1470 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1473 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1474 struct hci_cp_write_local_name hci_cp;
1475 struct hci_dev *hdev;
1476 struct pending_cmd *cmd;
1481 if (len != sizeof(*mgmt_cp))
1482 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1484 hdev = hci_dev_get(index);
1486 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1488 hci_dev_lock_bh(hdev);
1490 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1496 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1497 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1500 mgmt_pending_remove(cmd);
1503 hci_dev_unlock_bh(hdev);
1509 static int read_local_oob_data(struct sock *sk, u16 index)
1511 struct hci_dev *hdev;
1512 struct pending_cmd *cmd;
1515 BT_DBG("hci%u", index);
1517 hdev = hci_dev_get(index);
1519 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1522 hci_dev_lock_bh(hdev);
1524 if (!test_bit(HCI_UP, &hdev->flags)) {
1525 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1530 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1531 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1536 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1537 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1541 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1547 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1549 mgmt_pending_remove(cmd);
1552 hci_dev_unlock_bh(hdev);
1558 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1561 struct hci_dev *hdev;
1562 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1565 BT_DBG("hci%u ", index);
1567 if (len != sizeof(*cp))
1568 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1571 hdev = hci_dev_get(index);
1573 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1576 hci_dev_lock_bh(hdev);
1578 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1581 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1583 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1586 hci_dev_unlock_bh(hdev);
1592 static int remove_remote_oob_data(struct sock *sk, u16 index,
1593 unsigned char *data, u16 len)
1595 struct hci_dev *hdev;
1596 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1599 BT_DBG("hci%u ", index);
1601 if (len != sizeof(*cp))
1602 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1605 hdev = hci_dev_get(index);
1607 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1610 hci_dev_lock_bh(hdev);
1612 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1614 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1617 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1620 hci_dev_unlock_bh(hdev);
1626 static int start_discovery(struct sock *sk, u16 index)
1628 struct pending_cmd *cmd;
1629 struct hci_dev *hdev;
1632 BT_DBG("hci%u", index);
1634 hdev = hci_dev_get(index);
1636 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1638 hci_dev_lock_bh(hdev);
1640 if (!test_bit(HCI_UP, &hdev->flags)) {
1641 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1645 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1651 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1653 mgmt_pending_remove(cmd);
1656 hci_dev_unlock_bh(hdev);
1662 static int stop_discovery(struct sock *sk, u16 index)
1664 struct hci_dev *hdev;
1665 struct pending_cmd *cmd;
1668 BT_DBG("hci%u", index);
1670 hdev = hci_dev_get(index);
1672 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1674 hci_dev_lock_bh(hdev);
1676 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1682 err = hci_cancel_inquiry(hdev);
1684 mgmt_pending_remove(cmd);
1687 hci_dev_unlock_bh(hdev);
1693 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1696 struct hci_dev *hdev;
1697 struct mgmt_cp_block_device *cp = (void *) data;
1700 BT_DBG("hci%u", index);
1702 if (len != sizeof(*cp))
1703 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1706 hdev = hci_dev_get(index);
1708 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1711 hci_dev_lock_bh(hdev);
1713 err = hci_blacklist_add(hdev, &cp->bdaddr);
1715 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1717 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1720 hci_dev_unlock_bh(hdev);
1726 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1729 struct hci_dev *hdev;
1730 struct mgmt_cp_unblock_device *cp = (void *) data;
1733 BT_DBG("hci%u", index);
1735 if (len != sizeof(*cp))
1736 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1739 hdev = hci_dev_get(index);
1741 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1744 hci_dev_lock_bh(hdev);
1746 err = hci_blacklist_del(hdev, &cp->bdaddr);
1749 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1751 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1754 hci_dev_unlock_bh(hdev);
1760 static int set_fast_connectable(struct sock *sk, u16 index,
1761 unsigned char *data, u16 len)
1763 struct hci_dev *hdev;
1764 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1765 struct hci_cp_write_page_scan_activity acp;
1769 BT_DBG("hci%u", index);
1771 if (len != sizeof(*cp))
1772 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1775 hdev = hci_dev_get(index);
1777 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1783 type = PAGE_SCAN_TYPE_INTERLACED;
1784 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1786 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1787 acp.interval = 0x0800; /* default 1.28 sec page scan */
1790 acp.window = 0x0012; /* default 11.25 msec page scan window */
1792 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1795 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1800 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1802 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1807 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1810 hci_dev_unlock(hdev);
1816 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1819 struct mgmt_hdr *hdr;
1820 u16 opcode, index, len;
1823 BT_DBG("got %zu bytes", msglen);
1825 if (msglen < sizeof(*hdr))
1828 buf = kmalloc(msglen, GFP_KERNEL);
1832 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1837 hdr = (struct mgmt_hdr *) buf;
1838 opcode = get_unaligned_le16(&hdr->opcode);
1839 index = get_unaligned_le16(&hdr->index);
1840 len = get_unaligned_le16(&hdr->len);
1842 if (len != msglen - sizeof(*hdr)) {
1848 case MGMT_OP_READ_VERSION:
1849 err = read_version(sk);
1851 case MGMT_OP_READ_INDEX_LIST:
1852 err = read_index_list(sk);
1854 case MGMT_OP_READ_INFO:
1855 err = read_controller_info(sk, index);
1857 case MGMT_OP_SET_POWERED:
1858 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1860 case MGMT_OP_SET_DISCOVERABLE:
1861 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1863 case MGMT_OP_SET_CONNECTABLE:
1864 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1866 case MGMT_OP_SET_PAIRABLE:
1867 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1869 case MGMT_OP_ADD_UUID:
1870 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1872 case MGMT_OP_REMOVE_UUID:
1873 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1875 case MGMT_OP_SET_DEV_CLASS:
1876 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1878 case MGMT_OP_SET_SERVICE_CACHE:
1879 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1881 case MGMT_OP_LOAD_LINK_KEYS:
1882 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1884 case MGMT_OP_REMOVE_KEYS:
1885 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1887 case MGMT_OP_DISCONNECT:
1888 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1890 case MGMT_OP_GET_CONNECTIONS:
1891 err = get_connections(sk, index);
1893 case MGMT_OP_PIN_CODE_REPLY:
1894 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1896 case MGMT_OP_PIN_CODE_NEG_REPLY:
1897 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1899 case MGMT_OP_SET_IO_CAPABILITY:
1900 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1902 case MGMT_OP_PAIR_DEVICE:
1903 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1905 case MGMT_OP_USER_CONFIRM_REPLY:
1906 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1908 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1909 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1911 case MGMT_OP_SET_LOCAL_NAME:
1912 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1914 case MGMT_OP_READ_LOCAL_OOB_DATA:
1915 err = read_local_oob_data(sk, index);
1917 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1918 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1920 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1921 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1924 case MGMT_OP_START_DISCOVERY:
1925 err = start_discovery(sk, index);
1927 case MGMT_OP_STOP_DISCOVERY:
1928 err = stop_discovery(sk, index);
1930 case MGMT_OP_BLOCK_DEVICE:
1931 err = block_device(sk, index, buf + sizeof(*hdr), len);
1933 case MGMT_OP_UNBLOCK_DEVICE:
1934 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1936 case MGMT_OP_SET_FAST_CONNECTABLE:
1937 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1941 BT_DBG("Unknown op %u", opcode);
1942 err = cmd_status(sk, index, opcode, 0x01);
1956 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1960 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1961 mgmt_pending_remove(cmd);
1964 int mgmt_index_added(struct hci_dev *hdev)
1966 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1969 int mgmt_index_removed(struct hci_dev *hdev)
1973 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1975 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
1983 static void mode_rsp(struct pending_cmd *cmd, void *data)
1985 struct mgmt_mode *cp = cmd->param;
1986 struct cmd_lookup *match = data;
1988 if (cp->val != match->val)
1991 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1993 list_del(&cmd->list);
1995 if (match->sk == NULL) {
1996 match->sk = cmd->sk;
1997 sock_hold(match->sk);
2000 mgmt_pending_free(cmd);
2003 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2005 struct mgmt_mode ev;
2006 struct cmd_lookup match = { powered, NULL };
2009 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2012 u8 status = ENETDOWN;
2013 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2018 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2026 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2028 struct mgmt_mode ev;
2029 struct cmd_lookup match = { discoverable, NULL };
2032 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2034 ev.val = discoverable;
2036 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2045 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2047 struct mgmt_mode ev;
2048 struct cmd_lookup match = { connectable, NULL };
2051 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2053 ev.val = connectable;
2055 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2063 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2065 if (scan & SCAN_PAGE)
2066 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2067 cmd_status_rsp, &status);
2069 if (scan & SCAN_INQUIRY)
2070 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2071 cmd_status_rsp, &status);
2076 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2079 struct mgmt_ev_new_link_key ev;
2081 memset(&ev, 0, sizeof(ev));
2083 ev.store_hint = persistent;
2084 bacpy(&ev.key.bdaddr, &key->bdaddr);
2085 ev.key.type = key->type;
2086 memcpy(ev.key.val, key->val, 16);
2087 ev.key.pin_len = key->pin_len;
2089 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2092 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type)
2094 struct mgmt_addr_info ev;
2096 bacpy(&ev.bdaddr, bdaddr);
2097 ev.type = link_to_mgmt(link_type);
2099 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2102 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2104 struct mgmt_cp_disconnect *cp = cmd->param;
2105 struct sock **sk = data;
2106 struct mgmt_rp_disconnect rp;
2108 bacpy(&rp.bdaddr, &cp->bdaddr);
2110 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2115 mgmt_pending_remove(cmd);
2118 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2120 struct mgmt_addr_info ev;
2121 struct sock *sk = NULL;
2124 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2126 bacpy(&ev.bdaddr, bdaddr);
2127 ev.type = link_to_mgmt(type);
2129 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2137 int mgmt_disconnect_failed(struct hci_dev *hdev)
2139 struct pending_cmd *cmd;
2142 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2146 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2148 mgmt_pending_remove(cmd);
2153 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2156 struct mgmt_ev_connect_failed ev;
2158 bacpy(&ev.addr.bdaddr, bdaddr);
2159 ev.addr.type = link_to_mgmt(type);
2162 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2165 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2167 struct mgmt_ev_pin_code_request ev;
2169 bacpy(&ev.bdaddr, bdaddr);
2172 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2176 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2179 struct pending_cmd *cmd;
2180 struct mgmt_rp_pin_code_reply rp;
2183 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2187 bacpy(&rp.bdaddr, bdaddr);
2190 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2193 mgmt_pending_remove(cmd);
2198 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2201 struct pending_cmd *cmd;
2202 struct mgmt_rp_pin_code_reply rp;
2205 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2209 bacpy(&rp.bdaddr, bdaddr);
2212 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2215 mgmt_pending_remove(cmd);
2220 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2221 __le32 value, u8 confirm_hint)
2223 struct mgmt_ev_user_confirm_request ev;
2225 BT_DBG("%s", hdev->name);
2227 bacpy(&ev.bdaddr, bdaddr);
2228 ev.confirm_hint = confirm_hint;
2229 put_unaligned_le32(value, &ev.value);
2231 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2235 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2236 u8 status, u8 opcode)
2238 struct pending_cmd *cmd;
2239 struct mgmt_rp_user_confirm_reply rp;
2242 cmd = mgmt_pending_find(opcode, hdev);
2246 bacpy(&rp.bdaddr, bdaddr);
2248 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2250 mgmt_pending_remove(cmd);
2255 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2258 return confirm_reply_complete(hdev, bdaddr, status,
2259 MGMT_OP_USER_CONFIRM_REPLY);
2262 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2263 bdaddr_t *bdaddr, u8 status)
2265 return confirm_reply_complete(hdev, bdaddr, status,
2266 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2269 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2271 struct mgmt_ev_auth_failed ev;
2273 bacpy(&ev.bdaddr, bdaddr);
2276 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2279 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2281 struct pending_cmd *cmd;
2282 struct mgmt_cp_set_local_name ev;
2285 memset(&ev, 0, sizeof(ev));
2286 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2288 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2293 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2300 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2306 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2307 cmd ? cmd->sk : NULL);
2311 mgmt_pending_remove(cmd);
2315 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2316 u8 *randomizer, u8 status)
2318 struct pending_cmd *cmd;
2321 BT_DBG("%s status %u", hdev->name, status);
2323 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2328 err = cmd_status(cmd->sk, hdev->id,
2329 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2331 struct mgmt_rp_read_local_oob_data rp;
2333 memcpy(rp.hash, hash, sizeof(rp.hash));
2334 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2336 err = cmd_complete(cmd->sk, hdev->id,
2337 MGMT_OP_READ_LOCAL_OOB_DATA,
2341 mgmt_pending_remove(cmd);
2346 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2347 u8 *dev_class, s8 rssi, u8 *eir)
2349 struct mgmt_ev_device_found ev;
2351 memset(&ev, 0, sizeof(ev));
2353 bacpy(&ev.addr.bdaddr, bdaddr);
2354 ev.addr.type = link_to_mgmt(type);
2358 memcpy(ev.eir, eir, sizeof(ev.eir));
2361 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2363 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2366 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2368 struct mgmt_ev_remote_name ev;
2370 memset(&ev, 0, sizeof(ev));
2372 bacpy(&ev.bdaddr, bdaddr);
2373 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2375 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2378 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2380 struct pending_cmd *cmd;
2383 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2387 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2388 mgmt_pending_remove(cmd);
2393 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2395 struct pending_cmd *cmd;
2398 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2400 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2403 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2404 mgmt_pending_remove(cmd);
2407 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2408 sizeof(discovering), NULL);
2411 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2413 struct pending_cmd *cmd;
2414 struct mgmt_ev_device_blocked ev;
2416 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2418 bacpy(&ev.bdaddr, bdaddr);
2420 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2421 cmd ? cmd->sk : NULL);
2424 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2426 struct pending_cmd *cmd;
2427 struct mgmt_ev_device_unblocked ev;
2429 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2431 bacpy(&ev.bdaddr, bdaddr);
2433 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2434 cmd ? cmd->sk : NULL);