2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 3
40 static const u16 mgmt_commands
[] = {
41 MGMT_OP_READ_INDEX_LIST
,
44 MGMT_OP_SET_DISCOVERABLE
,
45 MGMT_OP_SET_CONNECTABLE
,
46 MGMT_OP_SET_FAST_CONNECTABLE
,
48 MGMT_OP_SET_LINK_SECURITY
,
52 MGMT_OP_SET_DEV_CLASS
,
53 MGMT_OP_SET_LOCAL_NAME
,
56 MGMT_OP_LOAD_LINK_KEYS
,
57 MGMT_OP_LOAD_LONG_TERM_KEYS
,
59 MGMT_OP_GET_CONNECTIONS
,
60 MGMT_OP_PIN_CODE_REPLY
,
61 MGMT_OP_PIN_CODE_NEG_REPLY
,
62 MGMT_OP_SET_IO_CAPABILITY
,
64 MGMT_OP_CANCEL_PAIR_DEVICE
,
65 MGMT_OP_UNPAIR_DEVICE
,
66 MGMT_OP_USER_CONFIRM_REPLY
,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
68 MGMT_OP_USER_PASSKEY_REPLY
,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
70 MGMT_OP_READ_LOCAL_OOB_DATA
,
71 MGMT_OP_ADD_REMOTE_OOB_DATA
,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
73 MGMT_OP_START_DISCOVERY
,
74 MGMT_OP_STOP_DISCOVERY
,
77 MGMT_OP_UNBLOCK_DEVICE
,
78 MGMT_OP_SET_DEVICE_ID
,
81 static const u16 mgmt_events
[] = {
82 MGMT_EV_CONTROLLER_ERROR
,
84 MGMT_EV_INDEX_REMOVED
,
86 MGMT_EV_CLASS_OF_DEV_CHANGED
,
87 MGMT_EV_LOCAL_NAME_CHANGED
,
89 MGMT_EV_NEW_LONG_TERM_KEY
,
90 MGMT_EV_DEVICE_CONNECTED
,
91 MGMT_EV_DEVICE_DISCONNECTED
,
92 MGMT_EV_CONNECT_FAILED
,
93 MGMT_EV_PIN_CODE_REQUEST
,
94 MGMT_EV_USER_CONFIRM_REQUEST
,
95 MGMT_EV_USER_PASSKEY_REQUEST
,
99 MGMT_EV_DEVICE_BLOCKED
,
100 MGMT_EV_DEVICE_UNBLOCKED
,
101 MGMT_EV_DEVICE_UNPAIRED
,
102 MGMT_EV_PASSKEY_NOTIFY
,
105 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
107 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
108 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
111 struct list_head list
;
119 /* HCI to MGMT error code conversion table */
120 static u8 mgmt_status_table
[] = {
122 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
123 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
124 MGMT_STATUS_FAILED
, /* Hardware Failure */
125 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
126 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
127 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
128 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
129 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
130 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
131 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
132 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
133 MGMT_STATUS_BUSY
, /* Command Disallowed */
134 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
135 MGMT_STATUS_REJECTED
, /* Rejected Security */
136 MGMT_STATUS_REJECTED
, /* Rejected Personal */
137 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
138 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
139 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
140 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
141 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
142 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
143 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
144 MGMT_STATUS_BUSY
, /* Repeated Attempts */
145 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
146 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
147 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
148 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
149 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
150 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
151 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
152 MGMT_STATUS_FAILED
, /* Unspecified Error */
153 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
154 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
155 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
156 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
157 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
158 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
159 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
160 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
161 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
162 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
163 MGMT_STATUS_FAILED
, /* Transaction Collision */
164 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
165 MGMT_STATUS_REJECTED
, /* QoS Rejected */
166 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
167 MGMT_STATUS_REJECTED
, /* Insufficient Security */
168 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
169 MGMT_STATUS_BUSY
, /* Role Switch Pending */
170 MGMT_STATUS_FAILED
, /* Slot Violation */
171 MGMT_STATUS_FAILED
, /* Role Switch Failed */
172 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
173 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
174 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
175 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
176 MGMT_STATUS_BUSY
, /* Controller Busy */
177 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
178 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
179 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
180 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
181 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
184 bool mgmt_valid_hdev(struct hci_dev
*hdev
)
186 return hdev
->dev_type
== HCI_BREDR
;
189 static u8
mgmt_status(u8 hci_status
)
191 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
192 return mgmt_status_table
[hci_status
];
194 return MGMT_STATUS_FAILED
;
197 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
200 struct mgmt_hdr
*hdr
;
201 struct mgmt_ev_cmd_status
*ev
;
204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
206 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_KERNEL
);
210 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
212 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_STATUS
);
213 hdr
->index
= cpu_to_le16(index
);
214 hdr
->len
= cpu_to_le16(sizeof(*ev
));
216 ev
= (void *) skb_put(skb
, sizeof(*ev
));
218 ev
->opcode
= cpu_to_le16(cmd
);
220 err
= sock_queue_rcv_skb(sk
, skb
);
227 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
228 void *rp
, size_t rp_len
)
231 struct mgmt_hdr
*hdr
;
232 struct mgmt_ev_cmd_complete
*ev
;
235 BT_DBG("sock %p", sk
);
237 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_KERNEL
);
241 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
243 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
244 hdr
->index
= cpu_to_le16(index
);
245 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
247 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
248 ev
->opcode
= cpu_to_le16(cmd
);
252 memcpy(ev
->data
, rp
, rp_len
);
254 err
= sock_queue_rcv_skb(sk
, skb
);
261 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
264 struct mgmt_rp_read_version rp
;
266 BT_DBG("sock %p", sk
);
268 rp
.version
= MGMT_VERSION
;
269 rp
.revision
= __constant_cpu_to_le16(MGMT_REVISION
);
271 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
275 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
278 struct mgmt_rp_read_commands
*rp
;
279 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
280 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
285 BT_DBG("sock %p", sk
);
287 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
289 rp
= kmalloc(rp_size
, GFP_KERNEL
);
293 rp
->num_commands
= __constant_cpu_to_le16(num_commands
);
294 rp
->num_events
= __constant_cpu_to_le16(num_events
);
296 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
297 put_unaligned_le16(mgmt_commands
[i
], opcode
);
299 for (i
= 0; i
< num_events
; i
++, opcode
++)
300 put_unaligned_le16(mgmt_events
[i
], opcode
);
302 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
309 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
312 struct mgmt_rp_read_index_list
*rp
;
318 BT_DBG("sock %p", sk
);
320 read_lock(&hci_dev_list_lock
);
323 list_for_each_entry(d
, &hci_dev_list
, list
) {
324 if (!mgmt_valid_hdev(d
))
330 rp_len
= sizeof(*rp
) + (2 * count
);
331 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
333 read_unlock(&hci_dev_list_lock
);
338 list_for_each_entry(d
, &hci_dev_list
, list
) {
339 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
342 if (!mgmt_valid_hdev(d
))
345 rp
->index
[count
++] = cpu_to_le16(d
->id
);
346 BT_DBG("Added hci%u", d
->id
);
349 rp
->num_controllers
= cpu_to_le16(count
);
350 rp_len
= sizeof(*rp
) + (2 * count
);
352 read_unlock(&hci_dev_list_lock
);
354 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
362 static u32
get_supported_settings(struct hci_dev
*hdev
)
366 settings
|= MGMT_SETTING_POWERED
;
367 settings
|= MGMT_SETTING_PAIRABLE
;
369 if (lmp_ssp_capable(hdev
))
370 settings
|= MGMT_SETTING_SSP
;
372 if (lmp_bredr_capable(hdev
)) {
373 settings
|= MGMT_SETTING_CONNECTABLE
;
374 if (hdev
->hci_ver
>= BLUETOOTH_VER_1_2
)
375 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
376 settings
|= MGMT_SETTING_DISCOVERABLE
;
377 settings
|= MGMT_SETTING_BREDR
;
378 settings
|= MGMT_SETTING_LINK_SECURITY
;
382 settings
|= MGMT_SETTING_HS
;
384 if (lmp_le_capable(hdev
))
385 settings
|= MGMT_SETTING_LE
;
390 static u32
get_current_settings(struct hci_dev
*hdev
)
394 if (hdev_is_powered(hdev
))
395 settings
|= MGMT_SETTING_POWERED
;
397 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
398 settings
|= MGMT_SETTING_CONNECTABLE
;
400 if (test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
401 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
403 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
404 settings
|= MGMT_SETTING_DISCOVERABLE
;
406 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
407 settings
|= MGMT_SETTING_PAIRABLE
;
409 if (lmp_bredr_capable(hdev
))
410 settings
|= MGMT_SETTING_BREDR
;
412 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
413 settings
|= MGMT_SETTING_LE
;
415 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
416 settings
|= MGMT_SETTING_LINK_SECURITY
;
418 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
419 settings
|= MGMT_SETTING_SSP
;
421 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
422 settings
|= MGMT_SETTING_HS
;
427 #define PNP_INFO_SVCLASS_ID 0x1200
429 static u8
*create_uuid16_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
431 u8
*ptr
= data
, *uuids_start
= NULL
;
432 struct bt_uuid
*uuid
;
437 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
440 if (uuid
->size
!= 16)
443 uuid16
= get_unaligned_le16(&uuid
->uuid
[12]);
447 if (uuid16
== PNP_INFO_SVCLASS_ID
)
453 uuids_start
[1] = EIR_UUID16_ALL
;
457 /* Stop if not enough space to put next UUID */
458 if ((ptr
- data
) + sizeof(u16
) > len
) {
459 uuids_start
[1] = EIR_UUID16_SOME
;
463 *ptr
++ = (uuid16
& 0x00ff);
464 *ptr
++ = (uuid16
& 0xff00) >> 8;
465 uuids_start
[0] += sizeof(uuid16
);
471 static u8
*create_uuid32_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
473 u8
*ptr
= data
, *uuids_start
= NULL
;
474 struct bt_uuid
*uuid
;
479 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
480 if (uuid
->size
!= 32)
486 uuids_start
[1] = EIR_UUID32_ALL
;
490 /* Stop if not enough space to put next UUID */
491 if ((ptr
- data
) + sizeof(u32
) > len
) {
492 uuids_start
[1] = EIR_UUID32_SOME
;
496 memcpy(ptr
, &uuid
->uuid
[12], sizeof(u32
));
498 uuids_start
[0] += sizeof(u32
);
504 static u8
*create_uuid128_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
506 u8
*ptr
= data
, *uuids_start
= NULL
;
507 struct bt_uuid
*uuid
;
512 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
513 if (uuid
->size
!= 128)
519 uuids_start
[1] = EIR_UUID128_ALL
;
523 /* Stop if not enough space to put next UUID */
524 if ((ptr
- data
) + 16 > len
) {
525 uuids_start
[1] = EIR_UUID128_SOME
;
529 memcpy(ptr
, uuid
->uuid
, 16);
531 uuids_start
[0] += 16;
537 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
542 name_len
= strlen(hdev
->dev_name
);
548 ptr
[1] = EIR_NAME_SHORT
;
550 ptr
[1] = EIR_NAME_COMPLETE
;
552 /* EIR Data length */
553 ptr
[0] = name_len
+ 1;
555 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
557 ptr
+= (name_len
+ 2);
560 if (hdev
->inq_tx_power
!= HCI_TX_POWER_INVALID
) {
562 ptr
[1] = EIR_TX_POWER
;
563 ptr
[2] = (u8
) hdev
->inq_tx_power
;
568 if (hdev
->devid_source
> 0) {
570 ptr
[1] = EIR_DEVICE_ID
;
572 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
573 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
574 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
575 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
580 ptr
= create_uuid16_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
581 ptr
= create_uuid32_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
582 ptr
= create_uuid128_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
585 static void update_eir(struct hci_request
*req
)
587 struct hci_dev
*hdev
= req
->hdev
;
588 struct hci_cp_write_eir cp
;
590 if (!hdev_is_powered(hdev
))
593 if (!lmp_ext_inq_capable(hdev
))
596 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
599 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
602 memset(&cp
, 0, sizeof(cp
));
604 create_eir(hdev
, cp
.data
);
606 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
609 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
611 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
614 static u8
get_service_classes(struct hci_dev
*hdev
)
616 struct bt_uuid
*uuid
;
619 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
620 val
|= uuid
->svc_hint
;
625 static void update_class(struct hci_request
*req
)
627 struct hci_dev
*hdev
= req
->hdev
;
630 BT_DBG("%s", hdev
->name
);
632 if (!hdev_is_powered(hdev
))
635 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
638 cod
[0] = hdev
->minor_class
;
639 cod
[1] = hdev
->major_class
;
640 cod
[2] = get_service_classes(hdev
);
642 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
645 hci_req_add(req
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
648 static void service_cache_off(struct work_struct
*work
)
650 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
652 struct hci_request req
;
654 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
657 hci_req_init(&req
, hdev
);
664 hci_dev_unlock(hdev
);
666 hci_req_run(&req
, NULL
);
669 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
671 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
674 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
676 /* Non-mgmt controlled devices get this bit set
677 * implicitly so that pairing works for them, however
678 * for mgmt we require user-space to explicitly enable
681 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
684 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
685 void *data
, u16 data_len
)
687 struct mgmt_rp_read_info rp
;
689 BT_DBG("sock %p %s", sk
, hdev
->name
);
693 memset(&rp
, 0, sizeof(rp
));
695 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
697 rp
.version
= hdev
->hci_ver
;
698 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
700 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
701 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
703 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
705 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
706 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
708 hci_dev_unlock(hdev
);
710 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
714 static void mgmt_pending_free(struct pending_cmd
*cmd
)
721 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
722 struct hci_dev
*hdev
, void *data
,
725 struct pending_cmd
*cmd
;
727 cmd
= kmalloc(sizeof(*cmd
), GFP_KERNEL
);
731 cmd
->opcode
= opcode
;
732 cmd
->index
= hdev
->id
;
734 cmd
->param
= kmalloc(len
, GFP_KERNEL
);
741 memcpy(cmd
->param
, data
, len
);
746 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
751 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
752 void (*cb
)(struct pending_cmd
*cmd
,
756 struct pending_cmd
*cmd
, *tmp
;
758 list_for_each_entry_safe(cmd
, tmp
, &hdev
->mgmt_pending
, list
) {
759 if (opcode
> 0 && cmd
->opcode
!= opcode
)
766 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
768 struct pending_cmd
*cmd
;
770 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
771 if (cmd
->opcode
== opcode
)
778 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
780 list_del(&cmd
->list
);
781 mgmt_pending_free(cmd
);
784 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
786 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
788 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
792 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
795 struct mgmt_mode
*cp
= data
;
796 struct pending_cmd
*cmd
;
799 BT_DBG("request for %s", hdev
->name
);
801 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
802 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
803 MGMT_STATUS_INVALID_PARAMS
);
807 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
808 cancel_delayed_work(&hdev
->power_off
);
811 mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
,
813 err
= mgmt_powered(hdev
, 1);
818 if (!!cp
->val
== hdev_is_powered(hdev
)) {
819 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
823 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
824 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
829 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
836 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
838 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
843 hci_dev_unlock(hdev
);
847 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
848 struct sock
*skip_sk
)
851 struct mgmt_hdr
*hdr
;
853 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_KERNEL
);
857 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
858 hdr
->opcode
= cpu_to_le16(event
);
860 hdr
->index
= cpu_to_le16(hdev
->id
);
862 hdr
->index
= __constant_cpu_to_le16(MGMT_INDEX_NONE
);
863 hdr
->len
= cpu_to_le16(data_len
);
866 memcpy(skb_put(skb
, data_len
), data
, data_len
);
869 __net_timestamp(skb
);
871 hci_send_to_control(skb
, skip_sk
);
877 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
881 ev
= cpu_to_le32(get_current_settings(hdev
));
883 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
886 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
889 struct mgmt_cp_set_discoverable
*cp
= data
;
890 struct pending_cmd
*cmd
;
895 BT_DBG("request for %s", hdev
->name
);
897 if (!lmp_bredr_capable(hdev
))
898 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
899 MGMT_STATUS_NOT_SUPPORTED
);
901 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
902 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
903 MGMT_STATUS_INVALID_PARAMS
);
905 timeout
= __le16_to_cpu(cp
->timeout
);
906 if (!cp
->val
&& timeout
> 0)
907 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
908 MGMT_STATUS_INVALID_PARAMS
);
912 if (!hdev_is_powered(hdev
) && timeout
> 0) {
913 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
914 MGMT_STATUS_NOT_POWERED
);
918 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
919 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
920 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
925 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
926 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
927 MGMT_STATUS_REJECTED
);
931 if (!hdev_is_powered(hdev
)) {
932 bool changed
= false;
934 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
935 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
939 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
944 err
= new_settings(hdev
, sk
);
949 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
950 if (hdev
->discov_timeout
> 0) {
951 cancel_delayed_work(&hdev
->discov_off
);
952 hdev
->discov_timeout
= 0;
955 if (cp
->val
&& timeout
> 0) {
956 hdev
->discov_timeout
= timeout
;
957 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
958 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
961 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
965 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
974 scan
|= SCAN_INQUIRY
;
976 cancel_delayed_work(&hdev
->discov_off
);
978 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
980 mgmt_pending_remove(cmd
);
983 hdev
->discov_timeout
= timeout
;
986 hci_dev_unlock(hdev
);
990 static void write_fast_connectable(struct hci_request
*req
, bool enable
)
992 struct hci_dev
*hdev
= req
->hdev
;
993 struct hci_cp_write_page_scan_activity acp
;
996 if (hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
1000 type
= PAGE_SCAN_TYPE_INTERLACED
;
1002 /* 160 msec page scan interval */
1003 acp
.interval
= __constant_cpu_to_le16(0x0100);
1005 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
1007 /* default 1.28 sec page scan */
1008 acp
.interval
= __constant_cpu_to_le16(0x0800);
1011 acp
.window
= __constant_cpu_to_le16(0x0012);
1013 if (__cpu_to_le16(hdev
->page_scan_interval
) != acp
.interval
||
1014 __cpu_to_le16(hdev
->page_scan_window
) != acp
.window
)
1015 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
,
1018 if (hdev
->page_scan_type
!= type
)
1019 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
1022 static void set_connectable_complete(struct hci_dev
*hdev
, u8 status
)
1024 struct pending_cmd
*cmd
;
1026 BT_DBG("status 0x%02x", status
);
1030 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
1034 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1036 mgmt_pending_remove(cmd
);
1039 hci_dev_unlock(hdev
);
1042 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1045 struct mgmt_mode
*cp
= data
;
1046 struct pending_cmd
*cmd
;
1047 struct hci_request req
;
1051 BT_DBG("request for %s", hdev
->name
);
1053 if (!lmp_bredr_capable(hdev
))
1054 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1055 MGMT_STATUS_NOT_SUPPORTED
);
1057 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1058 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1059 MGMT_STATUS_INVALID_PARAMS
);
1063 if (!hdev_is_powered(hdev
)) {
1064 bool changed
= false;
1066 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
1070 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1072 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1073 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1076 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1081 err
= new_settings(hdev
, sk
);
1086 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1087 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1088 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1093 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1094 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1098 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1109 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1110 hdev
->discov_timeout
> 0)
1111 cancel_delayed_work(&hdev
->discov_off
);
1114 hci_req_init(&req
, hdev
);
1116 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1118 /* If we're going from non-connectable to connectable or
1119 * vice-versa when fast connectable is enabled ensure that fast
1120 * connectable gets disabled. write_fast_connectable won't do
1121 * anything if the page scan parameters are already what they
1124 if (cp
->val
|| test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
1125 write_fast_connectable(&req
, false);
1127 err
= hci_req_run(&req
, set_connectable_complete
);
1129 mgmt_pending_remove(cmd
);
1132 hci_dev_unlock(hdev
);
1136 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1139 struct mgmt_mode
*cp
= data
;
1142 BT_DBG("request for %s", hdev
->name
);
1144 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1145 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PAIRABLE
,
1146 MGMT_STATUS_INVALID_PARAMS
);
1151 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1153 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1155 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1159 err
= new_settings(hdev
, sk
);
1162 hci_dev_unlock(hdev
);
1166 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1169 struct mgmt_mode
*cp
= data
;
1170 struct pending_cmd
*cmd
;
1174 BT_DBG("request for %s", hdev
->name
);
1176 if (!lmp_bredr_capable(hdev
))
1177 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1178 MGMT_STATUS_NOT_SUPPORTED
);
1180 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1181 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1182 MGMT_STATUS_INVALID_PARAMS
);
1186 if (!hdev_is_powered(hdev
)) {
1187 bool changed
= false;
1189 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1190 &hdev
->dev_flags
)) {
1191 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1195 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1200 err
= new_settings(hdev
, sk
);
1205 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1206 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1213 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1214 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1218 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1224 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1226 mgmt_pending_remove(cmd
);
1231 hci_dev_unlock(hdev
);
1235 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1237 struct mgmt_mode
*cp
= data
;
1238 struct pending_cmd
*cmd
;
1242 BT_DBG("request for %s", hdev
->name
);
1244 if (!lmp_ssp_capable(hdev
))
1245 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1246 MGMT_STATUS_NOT_SUPPORTED
);
1248 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1249 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1250 MGMT_STATUS_INVALID_PARAMS
);
1256 if (!hdev_is_powered(hdev
)) {
1257 bool changed
= false;
1259 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1260 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1264 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1269 err
= new_settings(hdev
, sk
);
1274 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1275 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1280 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1281 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1285 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1291 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1293 mgmt_pending_remove(cmd
);
1298 hci_dev_unlock(hdev
);
1302 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1304 struct mgmt_mode
*cp
= data
;
1306 BT_DBG("request for %s", hdev
->name
);
1309 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1310 MGMT_STATUS_NOT_SUPPORTED
);
1312 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1313 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1314 MGMT_STATUS_INVALID_PARAMS
);
1317 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1319 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1321 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1324 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1326 struct mgmt_mode
*cp
= data
;
1327 struct hci_cp_write_le_host_supported hci_cp
;
1328 struct pending_cmd
*cmd
;
1332 BT_DBG("request for %s", hdev
->name
);
1334 if (!lmp_le_capable(hdev
))
1335 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1336 MGMT_STATUS_NOT_SUPPORTED
);
1338 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1339 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1340 MGMT_STATUS_INVALID_PARAMS
);
1342 /* LE-only devices do not allow toggling LE on/off */
1343 if (!lmp_bredr_capable(hdev
))
1344 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1345 MGMT_STATUS_REJECTED
);
1350 enabled
= lmp_host_le_capable(hdev
);
1352 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1353 bool changed
= false;
1355 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1356 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1360 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1365 err
= new_settings(hdev
, sk
);
1370 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1371 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1376 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1382 memset(&hci_cp
, 0, sizeof(hci_cp
));
1386 hci_cp
.simul
= lmp_le_br_capable(hdev
);
1389 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1392 mgmt_pending_remove(cmd
);
1395 hci_dev_unlock(hdev
);
1399 /* This is a helper function to test for pending mgmt commands that can
1400 * cause CoD or EIR HCI commands. We can only allow one such pending
1401 * mgmt command at a time since otherwise we cannot easily track what
1402 * the current values are, will be, and based on that calculate if a new
1403 * HCI command needs to be sent and if yes with what value.
1405 static bool pending_eir_or_class(struct hci_dev
*hdev
)
1407 struct pending_cmd
*cmd
;
1409 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1410 switch (cmd
->opcode
) {
1411 case MGMT_OP_ADD_UUID
:
1412 case MGMT_OP_REMOVE_UUID
:
1413 case MGMT_OP_SET_DEV_CLASS
:
1414 case MGMT_OP_SET_POWERED
:
1422 static const u8 bluetooth_base_uuid
[] = {
1423 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1424 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1427 static u8
get_uuid_size(const u8
*uuid
)
1431 if (memcmp(uuid
, bluetooth_base_uuid
, 12))
1434 val
= get_unaligned_le32(&uuid
[12]);
1441 static void mgmt_class_complete(struct hci_dev
*hdev
, u16 mgmt_op
, u8 status
)
1443 struct pending_cmd
*cmd
;
1447 cmd
= mgmt_pending_find(mgmt_op
, hdev
);
1451 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_status(status
),
1452 hdev
->dev_class
, 3);
1454 mgmt_pending_remove(cmd
);
1457 hci_dev_unlock(hdev
);
1460 static void add_uuid_complete(struct hci_dev
*hdev
, u8 status
)
1462 BT_DBG("status 0x%02x", status
);
1464 mgmt_class_complete(hdev
, MGMT_OP_ADD_UUID
, status
);
1467 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1469 struct mgmt_cp_add_uuid
*cp
= data
;
1470 struct pending_cmd
*cmd
;
1471 struct hci_request req
;
1472 struct bt_uuid
*uuid
;
1475 BT_DBG("request for %s", hdev
->name
);
1479 if (pending_eir_or_class(hdev
)) {
1480 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1485 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
1491 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1492 uuid
->svc_hint
= cp
->svc_hint
;
1493 uuid
->size
= get_uuid_size(cp
->uuid
);
1495 list_add_tail(&uuid
->list
, &hdev
->uuids
);
1497 hci_req_init(&req
, hdev
);
1502 err
= hci_req_run(&req
, add_uuid_complete
);
1504 if (err
!= -ENODATA
)
1507 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1508 hdev
->dev_class
, 3);
1512 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1521 hci_dev_unlock(hdev
);
1525 static bool enable_service_cache(struct hci_dev
*hdev
)
1527 if (!hdev_is_powered(hdev
))
1530 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1531 queue_delayed_work(hdev
->workqueue
, &hdev
->service_cache
,
1539 static void remove_uuid_complete(struct hci_dev
*hdev
, u8 status
)
1541 BT_DBG("status 0x%02x", status
);
1543 mgmt_class_complete(hdev
, MGMT_OP_REMOVE_UUID
, status
);
1546 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1549 struct mgmt_cp_remove_uuid
*cp
= data
;
1550 struct pending_cmd
*cmd
;
1551 struct bt_uuid
*match
, *tmp
;
1552 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1553 struct hci_request req
;
1556 BT_DBG("request for %s", hdev
->name
);
1560 if (pending_eir_or_class(hdev
)) {
1561 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1566 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1567 err
= hci_uuids_clear(hdev
);
1569 if (enable_service_cache(hdev
)) {
1570 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1571 0, hdev
->dev_class
, 3);
1580 list_for_each_entry_safe(match
, tmp
, &hdev
->uuids
, list
) {
1581 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1584 list_del(&match
->list
);
1590 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1591 MGMT_STATUS_INVALID_PARAMS
);
1596 hci_req_init(&req
, hdev
);
1601 err
= hci_req_run(&req
, remove_uuid_complete
);
1603 if (err
!= -ENODATA
)
1606 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1607 hdev
->dev_class
, 3);
1611 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1620 hci_dev_unlock(hdev
);
1624 static void set_class_complete(struct hci_dev
*hdev
, u8 status
)
1626 BT_DBG("status 0x%02x", status
);
1628 mgmt_class_complete(hdev
, MGMT_OP_SET_DEV_CLASS
, status
);
1631 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1634 struct mgmt_cp_set_dev_class
*cp
= data
;
1635 struct pending_cmd
*cmd
;
1636 struct hci_request req
;
1639 BT_DBG("request for %s", hdev
->name
);
1641 if (!lmp_bredr_capable(hdev
))
1642 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1643 MGMT_STATUS_NOT_SUPPORTED
);
1647 if (pending_eir_or_class(hdev
)) {
1648 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1653 if ((cp
->minor
& 0x03) != 0 || (cp
->major
& 0xe0) != 0) {
1654 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1655 MGMT_STATUS_INVALID_PARAMS
);
1659 hdev
->major_class
= cp
->major
;
1660 hdev
->minor_class
= cp
->minor
;
1662 if (!hdev_is_powered(hdev
)) {
1663 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1664 hdev
->dev_class
, 3);
1668 hci_req_init(&req
, hdev
);
1670 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1671 hci_dev_unlock(hdev
);
1672 cancel_delayed_work_sync(&hdev
->service_cache
);
1679 err
= hci_req_run(&req
, set_class_complete
);
1681 if (err
!= -ENODATA
)
1684 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1685 hdev
->dev_class
, 3);
1689 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1698 hci_dev_unlock(hdev
);
1702 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1705 struct mgmt_cp_load_link_keys
*cp
= data
;
1706 u16 key_count
, expected_len
;
1709 key_count
= __le16_to_cpu(cp
->key_count
);
1711 expected_len
= sizeof(*cp
) + key_count
*
1712 sizeof(struct mgmt_link_key_info
);
1713 if (expected_len
!= len
) {
1714 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1716 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1717 MGMT_STATUS_INVALID_PARAMS
);
1720 if (cp
->debug_keys
!= 0x00 && cp
->debug_keys
!= 0x01)
1721 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1722 MGMT_STATUS_INVALID_PARAMS
);
1724 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1727 for (i
= 0; i
< key_count
; i
++) {
1728 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1730 if (key
->addr
.type
!= BDADDR_BREDR
)
1731 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1732 MGMT_STATUS_INVALID_PARAMS
);
1737 hci_link_keys_clear(hdev
);
1740 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1742 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1744 for (i
= 0; i
< key_count
; i
++) {
1745 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1747 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1748 key
->type
, key
->pin_len
);
1751 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1753 hci_dev_unlock(hdev
);
1758 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1759 u8 addr_type
, struct sock
*skip_sk
)
1761 struct mgmt_ev_device_unpaired ev
;
1763 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1764 ev
.addr
.type
= addr_type
;
1766 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1770 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1773 struct mgmt_cp_unpair_device
*cp
= data
;
1774 struct mgmt_rp_unpair_device rp
;
1775 struct hci_cp_disconnect dc
;
1776 struct pending_cmd
*cmd
;
1777 struct hci_conn
*conn
;
1780 memset(&rp
, 0, sizeof(rp
));
1781 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1782 rp
.addr
.type
= cp
->addr
.type
;
1784 if (!bdaddr_type_is_valid(cp
->addr
.type
))
1785 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1786 MGMT_STATUS_INVALID_PARAMS
,
1789 if (cp
->disconnect
!= 0x00 && cp
->disconnect
!= 0x01)
1790 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1791 MGMT_STATUS_INVALID_PARAMS
,
1796 if (!hdev_is_powered(hdev
)) {
1797 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1798 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1802 if (cp
->addr
.type
== BDADDR_BREDR
)
1803 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1805 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1808 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1809 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1813 if (cp
->disconnect
) {
1814 if (cp
->addr
.type
== BDADDR_BREDR
)
1815 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1818 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1825 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1827 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1831 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1838 dc
.handle
= cpu_to_le16(conn
->handle
);
1839 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1840 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1842 mgmt_pending_remove(cmd
);
1845 hci_dev_unlock(hdev
);
1849 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1852 struct mgmt_cp_disconnect
*cp
= data
;
1853 struct mgmt_rp_disconnect rp
;
1854 struct hci_cp_disconnect dc
;
1855 struct pending_cmd
*cmd
;
1856 struct hci_conn
*conn
;
1861 memset(&rp
, 0, sizeof(rp
));
1862 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1863 rp
.addr
.type
= cp
->addr
.type
;
1865 if (!bdaddr_type_is_valid(cp
->addr
.type
))
1866 return cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1867 MGMT_STATUS_INVALID_PARAMS
,
1872 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1873 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1874 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1878 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1879 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1880 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1884 if (cp
->addr
.type
== BDADDR_BREDR
)
1885 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1888 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1890 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
1891 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1892 MGMT_STATUS_NOT_CONNECTED
, &rp
, sizeof(rp
));
1896 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1902 dc
.handle
= cpu_to_le16(conn
->handle
);
1903 dc
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
1905 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1907 mgmt_pending_remove(cmd
);
1910 hci_dev_unlock(hdev
);
1914 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
1916 switch (link_type
) {
1918 switch (addr_type
) {
1919 case ADDR_LE_DEV_PUBLIC
:
1920 return BDADDR_LE_PUBLIC
;
1923 /* Fallback to LE Random address type */
1924 return BDADDR_LE_RANDOM
;
1928 /* Fallback to BR/EDR type */
1929 return BDADDR_BREDR
;
1933 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1936 struct mgmt_rp_get_connections
*rp
;
1946 if (!hdev_is_powered(hdev
)) {
1947 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1948 MGMT_STATUS_NOT_POWERED
);
1953 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1954 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1958 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1959 rp
= kmalloc(rp_len
, GFP_KERNEL
);
1966 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1967 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1969 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1970 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
1971 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
1976 rp
->conn_count
= cpu_to_le16(i
);
1978 /* Recalculate length in case of filtered SCO connections, etc */
1979 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1981 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1987 hci_dev_unlock(hdev
);
1991 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1992 struct mgmt_cp_pin_code_neg_reply
*cp
)
1994 struct pending_cmd
*cmd
;
1997 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
2002 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2003 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
2005 mgmt_pending_remove(cmd
);
2010 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2013 struct hci_conn
*conn
;
2014 struct mgmt_cp_pin_code_reply
*cp
= data
;
2015 struct hci_cp_pin_code_reply reply
;
2016 struct pending_cmd
*cmd
;
2023 if (!hdev_is_powered(hdev
)) {
2024 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2025 MGMT_STATUS_NOT_POWERED
);
2029 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
2031 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2032 MGMT_STATUS_NOT_CONNECTED
);
2036 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
2037 struct mgmt_cp_pin_code_neg_reply ncp
;
2039 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
2041 BT_ERR("PIN code is not 16 bytes long");
2043 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
2045 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2046 MGMT_STATUS_INVALID_PARAMS
);
2051 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
2057 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
2058 reply
.pin_len
= cp
->pin_len
;
2059 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
2061 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
2063 mgmt_pending_remove(cmd
);
2066 hci_dev_unlock(hdev
);
2070 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2073 struct mgmt_cp_set_io_capability
*cp
= data
;
2079 hdev
->io_capability
= cp
->io_capability
;
2081 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
2082 hdev
->io_capability
);
2084 hci_dev_unlock(hdev
);
2086 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
2090 static struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
2092 struct hci_dev
*hdev
= conn
->hdev
;
2093 struct pending_cmd
*cmd
;
2095 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
2096 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
2099 if (cmd
->user_data
!= conn
)
2108 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
2110 struct mgmt_rp_pair_device rp
;
2111 struct hci_conn
*conn
= cmd
->user_data
;
2113 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
2114 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
2116 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
2119 /* So we don't get further callbacks for this connection */
2120 conn
->connect_cfm_cb
= NULL
;
2121 conn
->security_cfm_cb
= NULL
;
2122 conn
->disconn_cfm_cb
= NULL
;
2124 hci_conn_drop(conn
);
2126 mgmt_pending_remove(cmd
);
2129 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
2131 struct pending_cmd
*cmd
;
2133 BT_DBG("status %u", status
);
2135 cmd
= find_pairing(conn
);
2137 BT_DBG("Unable to find a pending command");
2139 pairing_complete(cmd
, mgmt_status(status
));
2142 static void le_connect_complete_cb(struct hci_conn
*conn
, u8 status
)
2144 struct pending_cmd
*cmd
;
2146 BT_DBG("status %u", status
);
2151 cmd
= find_pairing(conn
);
2153 BT_DBG("Unable to find a pending command");
2155 pairing_complete(cmd
, mgmt_status(status
));
2158 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2161 struct mgmt_cp_pair_device
*cp
= data
;
2162 struct mgmt_rp_pair_device rp
;
2163 struct pending_cmd
*cmd
;
2164 u8 sec_level
, auth_type
;
2165 struct hci_conn
*conn
;
2170 memset(&rp
, 0, sizeof(rp
));
2171 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2172 rp
.addr
.type
= cp
->addr
.type
;
2174 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2175 return cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2176 MGMT_STATUS_INVALID_PARAMS
,
2181 if (!hdev_is_powered(hdev
)) {
2182 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2183 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
2187 sec_level
= BT_SECURITY_MEDIUM
;
2188 if (cp
->io_cap
== 0x03)
2189 auth_type
= HCI_AT_DEDICATED_BONDING
;
2191 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
2193 if (cp
->addr
.type
== BDADDR_BREDR
)
2194 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
,
2195 cp
->addr
.type
, sec_level
, auth_type
);
2197 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
,
2198 cp
->addr
.type
, sec_level
, auth_type
);
2203 if (PTR_ERR(conn
) == -EBUSY
)
2204 status
= MGMT_STATUS_BUSY
;
2206 status
= MGMT_STATUS_CONNECT_FAILED
;
2208 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2214 if (conn
->connect_cfm_cb
) {
2215 hci_conn_drop(conn
);
2216 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2217 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
2221 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
2224 hci_conn_drop(conn
);
2228 /* For LE, just connecting isn't a proof that the pairing finished */
2229 if (cp
->addr
.type
== BDADDR_BREDR
)
2230 conn
->connect_cfm_cb
= pairing_complete_cb
;
2232 conn
->connect_cfm_cb
= le_connect_complete_cb
;
2234 conn
->security_cfm_cb
= pairing_complete_cb
;
2235 conn
->disconn_cfm_cb
= pairing_complete_cb
;
2236 conn
->io_capability
= cp
->io_cap
;
2237 cmd
->user_data
= conn
;
2239 if (conn
->state
== BT_CONNECTED
&&
2240 hci_conn_security(conn
, sec_level
, auth_type
))
2241 pairing_complete(cmd
, 0);
2246 hci_dev_unlock(hdev
);
2250 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2253 struct mgmt_addr_info
*addr
= data
;
2254 struct pending_cmd
*cmd
;
2255 struct hci_conn
*conn
;
2262 if (!hdev_is_powered(hdev
)) {
2263 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2264 MGMT_STATUS_NOT_POWERED
);
2268 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
2270 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2271 MGMT_STATUS_INVALID_PARAMS
);
2275 conn
= cmd
->user_data
;
2277 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
2278 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2279 MGMT_STATUS_INVALID_PARAMS
);
2283 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
2285 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
2286 addr
, sizeof(*addr
));
2288 hci_dev_unlock(hdev
);
2292 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
2293 struct mgmt_addr_info
*addr
, u16 mgmt_op
,
2294 u16 hci_op
, __le32 passkey
)
2296 struct pending_cmd
*cmd
;
2297 struct hci_conn
*conn
;
2302 if (!hdev_is_powered(hdev
)) {
2303 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2304 MGMT_STATUS_NOT_POWERED
, addr
,
2309 if (addr
->type
== BDADDR_BREDR
)
2310 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &addr
->bdaddr
);
2312 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &addr
->bdaddr
);
2315 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2316 MGMT_STATUS_NOT_CONNECTED
, addr
,
2321 if (addr
->type
== BDADDR_LE_PUBLIC
|| addr
->type
== BDADDR_LE_RANDOM
) {
2322 /* Continue with pairing via SMP. The hdev lock must be
2323 * released as SMP may try to recquire it for crypto
2326 hci_dev_unlock(hdev
);
2327 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2331 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2332 MGMT_STATUS_SUCCESS
, addr
,
2335 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2336 MGMT_STATUS_FAILED
, addr
,
2342 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, addr
, sizeof(*addr
));
2348 /* Continue with pairing via HCI */
2349 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2350 struct hci_cp_user_passkey_reply cp
;
2352 bacpy(&cp
.bdaddr
, &addr
->bdaddr
);
2353 cp
.passkey
= passkey
;
2354 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2356 err
= hci_send_cmd(hdev
, hci_op
, sizeof(addr
->bdaddr
),
2360 mgmt_pending_remove(cmd
);
2363 hci_dev_unlock(hdev
);
2367 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2368 void *data
, u16 len
)
2370 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
2374 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2375 MGMT_OP_PIN_CODE_NEG_REPLY
,
2376 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
2379 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2382 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2386 if (len
!= sizeof(*cp
))
2387 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2388 MGMT_STATUS_INVALID_PARAMS
);
2390 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2391 MGMT_OP_USER_CONFIRM_REPLY
,
2392 HCI_OP_USER_CONFIRM_REPLY
, 0);
2395 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2396 void *data
, u16 len
)
2398 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2402 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2403 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2404 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2407 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2410 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2414 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2415 MGMT_OP_USER_PASSKEY_REPLY
,
2416 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2419 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2420 void *data
, u16 len
)
2422 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2426 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2427 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2428 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2431 static void update_name(struct hci_request
*req
)
2433 struct hci_dev
*hdev
= req
->hdev
;
2434 struct hci_cp_write_local_name cp
;
2436 memcpy(cp
.name
, hdev
->dev_name
, sizeof(cp
.name
));
2438 hci_req_add(req
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2441 static void set_name_complete(struct hci_dev
*hdev
, u8 status
)
2443 struct mgmt_cp_set_local_name
*cp
;
2444 struct pending_cmd
*cmd
;
2446 BT_DBG("status 0x%02x", status
);
2450 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
2457 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
2458 mgmt_status(status
));
2460 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2463 mgmt_pending_remove(cmd
);
2466 hci_dev_unlock(hdev
);
2469 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2472 struct mgmt_cp_set_local_name
*cp
= data
;
2473 struct pending_cmd
*cmd
;
2474 struct hci_request req
;
2481 /* If the old values are the same as the new ones just return a
2482 * direct command complete event.
2484 if (!memcmp(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
)) &&
2485 !memcmp(hdev
->short_name
, cp
->short_name
,
2486 sizeof(hdev
->short_name
))) {
2487 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2492 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2494 if (!hdev_is_powered(hdev
)) {
2495 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2497 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2502 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2508 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2514 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2516 hci_req_init(&req
, hdev
);
2518 if (lmp_bredr_capable(hdev
)) {
2523 if (lmp_le_capable(hdev
))
2524 hci_update_ad(&req
);
2526 err
= hci_req_run(&req
, set_name_complete
);
2528 mgmt_pending_remove(cmd
);
2531 hci_dev_unlock(hdev
);
2535 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2536 void *data
, u16 data_len
)
2538 struct pending_cmd
*cmd
;
2541 BT_DBG("%s", hdev
->name
);
2545 if (!hdev_is_powered(hdev
)) {
2546 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2547 MGMT_STATUS_NOT_POWERED
);
2551 if (!lmp_ssp_capable(hdev
)) {
2552 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2553 MGMT_STATUS_NOT_SUPPORTED
);
2557 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2558 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2563 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2569 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2571 mgmt_pending_remove(cmd
);
2574 hci_dev_unlock(hdev
);
2578 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2579 void *data
, u16 len
)
2581 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2585 BT_DBG("%s ", hdev
->name
);
2589 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2592 status
= MGMT_STATUS_FAILED
;
2594 status
= MGMT_STATUS_SUCCESS
;
2596 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2597 &cp
->addr
, sizeof(cp
->addr
));
2599 hci_dev_unlock(hdev
);
2603 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2604 void *data
, u16 len
)
2606 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2610 BT_DBG("%s", hdev
->name
);
2614 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2616 status
= MGMT_STATUS_INVALID_PARAMS
;
2618 status
= MGMT_STATUS_SUCCESS
;
2620 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2621 status
, &cp
->addr
, sizeof(cp
->addr
));
2623 hci_dev_unlock(hdev
);
2627 static int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
2629 struct pending_cmd
*cmd
;
2633 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2635 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
2639 type
= hdev
->discovery
.type
;
2641 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
2642 &type
, sizeof(type
));
2643 mgmt_pending_remove(cmd
);
2648 static void start_discovery_complete(struct hci_dev
*hdev
, u8 status
)
2650 BT_DBG("status %d", status
);
2654 mgmt_start_discovery_failed(hdev
, status
);
2655 hci_dev_unlock(hdev
);
2660 hci_discovery_set_state(hdev
, DISCOVERY_FINDING
);
2661 hci_dev_unlock(hdev
);
2663 switch (hdev
->discovery
.type
) {
2664 case DISCOV_TYPE_LE
:
2665 queue_delayed_work(hdev
->workqueue
, &hdev
->le_scan_disable
,
2669 case DISCOV_TYPE_INTERLEAVED
:
2670 queue_delayed_work(hdev
->workqueue
, &hdev
->le_scan_disable
,
2671 DISCOV_INTERLEAVED_TIMEOUT
);
2674 case DISCOV_TYPE_BREDR
:
2678 BT_ERR("Invalid discovery type %d", hdev
->discovery
.type
);
2682 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2683 void *data
, u16 len
)
2685 struct mgmt_cp_start_discovery
*cp
= data
;
2686 struct pending_cmd
*cmd
;
2687 struct hci_cp_le_set_scan_param param_cp
;
2688 struct hci_cp_le_set_scan_enable enable_cp
;
2689 struct hci_cp_inquiry inq_cp
;
2690 struct hci_request req
;
2691 /* General inquiry access code (GIAC) */
2692 u8 lap
[3] = { 0x33, 0x8b, 0x9e };
2695 BT_DBG("%s", hdev
->name
);
2699 if (!hdev_is_powered(hdev
)) {
2700 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2701 MGMT_STATUS_NOT_POWERED
);
2705 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
2706 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2711 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2712 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2717 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2723 hdev
->discovery
.type
= cp
->type
;
2725 hci_req_init(&req
, hdev
);
2727 switch (hdev
->discovery
.type
) {
2728 case DISCOV_TYPE_BREDR
:
2729 if (!lmp_bredr_capable(hdev
)) {
2730 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2731 MGMT_STATUS_NOT_SUPPORTED
);
2732 mgmt_pending_remove(cmd
);
2736 if (test_bit(HCI_INQUIRY
, &hdev
->flags
)) {
2737 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2739 mgmt_pending_remove(cmd
);
2743 hci_inquiry_cache_flush(hdev
);
2745 memset(&inq_cp
, 0, sizeof(inq_cp
));
2746 memcpy(&inq_cp
.lap
, lap
, sizeof(inq_cp
.lap
));
2747 inq_cp
.length
= DISCOV_BREDR_INQUIRY_LEN
;
2748 hci_req_add(&req
, HCI_OP_INQUIRY
, sizeof(inq_cp
), &inq_cp
);
2751 case DISCOV_TYPE_LE
:
2752 case DISCOV_TYPE_INTERLEAVED
:
2753 if (!test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
2754 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2755 MGMT_STATUS_NOT_SUPPORTED
);
2756 mgmt_pending_remove(cmd
);
2760 if (hdev
->discovery
.type
== DISCOV_TYPE_INTERLEAVED
&&
2761 !lmp_bredr_capable(hdev
)) {
2762 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2763 MGMT_STATUS_NOT_SUPPORTED
);
2764 mgmt_pending_remove(cmd
);
2768 if (test_bit(HCI_LE_PERIPHERAL
, &hdev
->dev_flags
)) {
2769 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2770 MGMT_STATUS_REJECTED
);
2771 mgmt_pending_remove(cmd
);
2775 if (test_bit(HCI_LE_SCAN
, &hdev
->dev_flags
)) {
2776 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2778 mgmt_pending_remove(cmd
);
2782 memset(¶m_cp
, 0, sizeof(param_cp
));
2783 param_cp
.type
= LE_SCAN_ACTIVE
;
2784 param_cp
.interval
= cpu_to_le16(DISCOV_LE_SCAN_INT
);
2785 param_cp
.window
= cpu_to_le16(DISCOV_LE_SCAN_WIN
);
2786 hci_req_add(&req
, HCI_OP_LE_SET_SCAN_PARAM
, sizeof(param_cp
),
2789 memset(&enable_cp
, 0, sizeof(enable_cp
));
2790 enable_cp
.enable
= LE_SCAN_ENABLE
;
2791 enable_cp
.filter_dup
= LE_SCAN_FILTER_DUP_ENABLE
;
2792 hci_req_add(&req
, HCI_OP_LE_SET_SCAN_ENABLE
, sizeof(enable_cp
),
2797 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2798 MGMT_STATUS_INVALID_PARAMS
);
2799 mgmt_pending_remove(cmd
);
2803 err
= hci_req_run(&req
, start_discovery_complete
);
2805 mgmt_pending_remove(cmd
);
2807 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2810 hci_dev_unlock(hdev
);
2814 static int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
2816 struct pending_cmd
*cmd
;
2819 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
2823 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
2824 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
2825 mgmt_pending_remove(cmd
);
2830 static void stop_discovery_complete(struct hci_dev
*hdev
, u8 status
)
2832 BT_DBG("status %d", status
);
2837 mgmt_stop_discovery_failed(hdev
, status
);
2841 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2844 hci_dev_unlock(hdev
);
2847 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2850 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2851 struct pending_cmd
*cmd
;
2852 struct hci_cp_remote_name_req_cancel cp
;
2853 struct inquiry_entry
*e
;
2854 struct hci_request req
;
2855 struct hci_cp_le_set_scan_enable enable_cp
;
2858 BT_DBG("%s", hdev
->name
);
2862 if (!hci_discovery_active(hdev
)) {
2863 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2864 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2865 sizeof(mgmt_cp
->type
));
2869 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2870 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2871 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2872 sizeof(mgmt_cp
->type
));
2876 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2882 hci_req_init(&req
, hdev
);
2884 switch (hdev
->discovery
.state
) {
2885 case DISCOVERY_FINDING
:
2886 if (test_bit(HCI_INQUIRY
, &hdev
->flags
)) {
2887 hci_req_add(&req
, HCI_OP_INQUIRY_CANCEL
, 0, NULL
);
2889 cancel_delayed_work(&hdev
->le_scan_disable
);
2891 memset(&enable_cp
, 0, sizeof(enable_cp
));
2892 enable_cp
.enable
= LE_SCAN_DISABLE
;
2893 hci_req_add(&req
, HCI_OP_LE_SET_SCAN_ENABLE
,
2894 sizeof(enable_cp
), &enable_cp
);
2899 case DISCOVERY_RESOLVING
:
2900 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
2903 mgmt_pending_remove(cmd
);
2904 err
= cmd_complete(sk
, hdev
->id
,
2905 MGMT_OP_STOP_DISCOVERY
, 0,
2907 sizeof(mgmt_cp
->type
));
2908 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2912 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2913 hci_req_add(&req
, HCI_OP_REMOTE_NAME_REQ_CANCEL
, sizeof(cp
),
2919 BT_DBG("unknown discovery state %u", hdev
->discovery
.state
);
2921 mgmt_pending_remove(cmd
);
2922 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2923 MGMT_STATUS_FAILED
, &mgmt_cp
->type
,
2924 sizeof(mgmt_cp
->type
));
2928 err
= hci_req_run(&req
, stop_discovery_complete
);
2930 mgmt_pending_remove(cmd
);
2932 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2935 hci_dev_unlock(hdev
);
2939 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2942 struct mgmt_cp_confirm_name
*cp
= data
;
2943 struct inquiry_entry
*e
;
2946 BT_DBG("%s", hdev
->name
);
2950 if (!hci_discovery_active(hdev
)) {
2951 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2952 MGMT_STATUS_FAILED
);
2956 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2958 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2959 MGMT_STATUS_INVALID_PARAMS
);
2963 if (cp
->name_known
) {
2964 e
->name_state
= NAME_KNOWN
;
2967 e
->name_state
= NAME_NEEDED
;
2968 hci_inquiry_cache_update_resolve(hdev
, e
);
2971 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
, 0, &cp
->addr
,
2975 hci_dev_unlock(hdev
);
2979 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2982 struct mgmt_cp_block_device
*cp
= data
;
2986 BT_DBG("%s", hdev
->name
);
2988 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2989 return cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
,
2990 MGMT_STATUS_INVALID_PARAMS
,
2991 &cp
->addr
, sizeof(cp
->addr
));
2995 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2997 status
= MGMT_STATUS_FAILED
;
2999 status
= MGMT_STATUS_SUCCESS
;
3001 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
3002 &cp
->addr
, sizeof(cp
->addr
));
3004 hci_dev_unlock(hdev
);
3009 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3012 struct mgmt_cp_unblock_device
*cp
= data
;
3016 BT_DBG("%s", hdev
->name
);
3018 if (!bdaddr_type_is_valid(cp
->addr
.type
))
3019 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
,
3020 MGMT_STATUS_INVALID_PARAMS
,
3021 &cp
->addr
, sizeof(cp
->addr
));
3025 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
3027 status
= MGMT_STATUS_INVALID_PARAMS
;
3029 status
= MGMT_STATUS_SUCCESS
;
3031 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
3032 &cp
->addr
, sizeof(cp
->addr
));
3034 hci_dev_unlock(hdev
);
3039 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3042 struct mgmt_cp_set_device_id
*cp
= data
;
3043 struct hci_request req
;
3047 BT_DBG("%s", hdev
->name
);
3049 source
= __le16_to_cpu(cp
->source
);
3051 if (source
> 0x0002)
3052 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
3053 MGMT_STATUS_INVALID_PARAMS
);
3057 hdev
->devid_source
= source
;
3058 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
3059 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
3060 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
3062 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
3064 hci_req_init(&req
, hdev
);
3066 hci_req_run(&req
, NULL
);
3068 hci_dev_unlock(hdev
);
3073 static void fast_connectable_complete(struct hci_dev
*hdev
, u8 status
)
3075 struct pending_cmd
*cmd
;
3077 BT_DBG("status 0x%02x", status
);
3081 cmd
= mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
3086 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3087 mgmt_status(status
));
3089 struct mgmt_mode
*cp
= cmd
->param
;
3092 set_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
3094 clear_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
3096 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
3097 new_settings(hdev
, cmd
->sk
);
3100 mgmt_pending_remove(cmd
);
3103 hci_dev_unlock(hdev
);
3106 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
3107 void *data
, u16 len
)
3109 struct mgmt_mode
*cp
= data
;
3110 struct pending_cmd
*cmd
;
3111 struct hci_request req
;
3114 BT_DBG("%s", hdev
->name
);
3116 if (!lmp_bredr_capable(hdev
) || hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
3117 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3118 MGMT_STATUS_NOT_SUPPORTED
);
3120 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
3121 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3122 MGMT_STATUS_INVALID_PARAMS
);
3124 if (!hdev_is_powered(hdev
))
3125 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3126 MGMT_STATUS_NOT_POWERED
);
3128 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3129 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3130 MGMT_STATUS_REJECTED
);
3134 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
)) {
3135 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3140 if (!!cp
->val
== test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
)) {
3141 err
= send_settings_rsp(sk
, MGMT_OP_SET_FAST_CONNECTABLE
,
3146 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
,
3153 hci_req_init(&req
, hdev
);
3155 write_fast_connectable(&req
, cp
->val
);
3157 err
= hci_req_run(&req
, fast_connectable_complete
);
3159 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3160 MGMT_STATUS_FAILED
);
3161 mgmt_pending_remove(cmd
);
3165 hci_dev_unlock(hdev
);
3170 static bool ltk_is_valid(struct mgmt_ltk_info
*key
)
3172 if (key
->authenticated
!= 0x00 && key
->authenticated
!= 0x01)
3174 if (key
->master
!= 0x00 && key
->master
!= 0x01)
3176 if (!bdaddr_type_is_le(key
->addr
.type
))
3181 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
3182 void *cp_data
, u16 len
)
3184 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
3185 u16 key_count
, expected_len
;
3188 key_count
= __le16_to_cpu(cp
->key_count
);
3190 expected_len
= sizeof(*cp
) + key_count
*
3191 sizeof(struct mgmt_ltk_info
);
3192 if (expected_len
!= len
) {
3193 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3195 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
3196 MGMT_STATUS_INVALID_PARAMS
);
3199 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
3201 for (i
= 0; i
< key_count
; i
++) {
3202 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
3204 if (!ltk_is_valid(key
))
3205 return cmd_status(sk
, hdev
->id
,
3206 MGMT_OP_LOAD_LONG_TERM_KEYS
,
3207 MGMT_STATUS_INVALID_PARAMS
);
3212 hci_smp_ltks_clear(hdev
);
3214 for (i
= 0; i
< key_count
; i
++) {
3215 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
3221 type
= HCI_SMP_LTK_SLAVE
;
3223 hci_add_ltk(hdev
, &key
->addr
.bdaddr
,
3224 bdaddr_to_le(key
->addr
.type
),
3225 type
, 0, key
->authenticated
, key
->val
,
3226 key
->enc_size
, key
->ediv
, key
->rand
);
3229 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
, 0,
3232 hci_dev_unlock(hdev
);
3237 static const struct mgmt_handler
{
3238 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3242 } mgmt_handlers
[] = {
3243 { NULL
}, /* 0x0000 (no command) */
3244 { read_version
, false, MGMT_READ_VERSION_SIZE
},
3245 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
3246 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
3247 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
3248 { set_powered
, false, MGMT_SETTING_SIZE
},
3249 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
3250 { set_connectable
, false, MGMT_SETTING_SIZE
},
3251 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
3252 { set_pairable
, false, MGMT_SETTING_SIZE
},
3253 { set_link_security
, false, MGMT_SETTING_SIZE
},
3254 { set_ssp
, false, MGMT_SETTING_SIZE
},
3255 { set_hs
, false, MGMT_SETTING_SIZE
},
3256 { set_le
, false, MGMT_SETTING_SIZE
},
3257 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
3258 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
3259 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
3260 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
3261 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
3262 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
3263 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
3264 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
3265 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
3266 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
3267 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
3268 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
3269 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
3270 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
3271 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
3272 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
3273 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
3274 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
3275 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
3276 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
3277 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
3278 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
3279 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
3280 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
3281 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
3282 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
3283 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
3287 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
3291 struct mgmt_hdr
*hdr
;
3292 u16 opcode
, index
, len
;
3293 struct hci_dev
*hdev
= NULL
;
3294 const struct mgmt_handler
*handler
;
3297 BT_DBG("got %zu bytes", msglen
);
3299 if (msglen
< sizeof(*hdr
))
3302 buf
= kmalloc(msglen
, GFP_KERNEL
);
3306 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
3312 opcode
= __le16_to_cpu(hdr
->opcode
);
3313 index
= __le16_to_cpu(hdr
->index
);
3314 len
= __le16_to_cpu(hdr
->len
);
3316 if (len
!= msglen
- sizeof(*hdr
)) {
3321 if (index
!= MGMT_INDEX_NONE
) {
3322 hdev
= hci_dev_get(index
);
3324 err
= cmd_status(sk
, index
, opcode
,
3325 MGMT_STATUS_INVALID_INDEX
);
3330 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
3331 mgmt_handlers
[opcode
].func
== NULL
) {
3332 BT_DBG("Unknown op %u", opcode
);
3333 err
= cmd_status(sk
, index
, opcode
,
3334 MGMT_STATUS_UNKNOWN_COMMAND
);
3338 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
3339 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
3340 err
= cmd_status(sk
, index
, opcode
,
3341 MGMT_STATUS_INVALID_INDEX
);
3345 handler
= &mgmt_handlers
[opcode
];
3347 if ((handler
->var_len
&& len
< handler
->data_len
) ||
3348 (!handler
->var_len
&& len
!= handler
->data_len
)) {
3349 err
= cmd_status(sk
, index
, opcode
,
3350 MGMT_STATUS_INVALID_PARAMS
);
3355 mgmt_init_hdev(sk
, hdev
);
3357 cp
= buf
+ sizeof(*hdr
);
3359 err
= handler
->func(sk
, hdev
, cp
, len
);
3373 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
3377 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
3378 mgmt_pending_remove(cmd
);
3381 int mgmt_index_added(struct hci_dev
*hdev
)
3383 if (!mgmt_valid_hdev(hdev
))
3386 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
3389 int mgmt_index_removed(struct hci_dev
*hdev
)
3391 u8 status
= MGMT_STATUS_INVALID_INDEX
;
3393 if (!mgmt_valid_hdev(hdev
))
3396 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
3398 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
3403 struct hci_dev
*hdev
;
3407 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
3409 struct cmd_lookup
*match
= data
;
3411 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
3413 list_del(&cmd
->list
);
3415 if (match
->sk
== NULL
) {
3416 match
->sk
= cmd
->sk
;
3417 sock_hold(match
->sk
);
3420 mgmt_pending_free(cmd
);
3423 static void set_bredr_scan(struct hci_request
*req
)
3425 struct hci_dev
*hdev
= req
->hdev
;
3428 /* Ensure that fast connectable is disabled. This function will
3429 * not do anything if the page scan parameters are already what
3432 write_fast_connectable(req
, false);
3434 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3436 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
3437 scan
|= SCAN_INQUIRY
;
3440 hci_req_add(req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
3443 static void powered_complete(struct hci_dev
*hdev
, u8 status
)
3445 struct cmd_lookup match
= { NULL
, hdev
};
3447 BT_DBG("status 0x%02x", status
);
3451 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
3453 new_settings(hdev
, match
.sk
);
3455 hci_dev_unlock(hdev
);
3461 static int powered_update_hci(struct hci_dev
*hdev
)
3463 struct hci_request req
;
3466 hci_req_init(&req
, hdev
);
3468 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) &&
3469 !lmp_host_ssp_capable(hdev
)) {
3472 hci_req_add(&req
, HCI_OP_WRITE_SSP_MODE
, 1, &ssp
);
3475 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
) &&
3476 lmp_bredr_capable(hdev
)) {
3477 struct hci_cp_write_le_host_supported cp
;
3480 cp
.simul
= lmp_le_br_capable(hdev
);
3482 /* Check first if we already have the right
3483 * host state (host features set)
3485 if (cp
.le
!= lmp_host_le_capable(hdev
) ||
3486 cp
.simul
!= lmp_host_le_br_capable(hdev
))
3487 hci_req_add(&req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
,
3491 link_sec
= test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
3492 if (link_sec
!= test_bit(HCI_AUTH
, &hdev
->flags
))
3493 hci_req_add(&req
, HCI_OP_WRITE_AUTH_ENABLE
,
3494 sizeof(link_sec
), &link_sec
);
3496 if (lmp_bredr_capable(hdev
)) {
3497 set_bredr_scan(&req
);
3503 return hci_req_run(&req
, powered_complete
);
3506 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
3508 struct cmd_lookup match
= { NULL
, hdev
};
3509 u8 status_not_powered
= MGMT_STATUS_NOT_POWERED
;
3510 u8 zero_cod
[] = { 0, 0, 0 };
3513 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3517 if (powered_update_hci(hdev
) == 0)
3520 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
,
3525 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
3526 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status_not_powered
);
3528 if (memcmp(hdev
->dev_class
, zero_cod
, sizeof(zero_cod
)) != 0)
3529 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
,
3530 zero_cod
, sizeof(zero_cod
), NULL
);
3533 err
= new_settings(hdev
, match
.sk
);
3541 int mgmt_set_powered_failed(struct hci_dev
*hdev
, int err
)
3543 struct pending_cmd
*cmd
;
3546 cmd
= mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
);
3550 if (err
== -ERFKILL
)
3551 status
= MGMT_STATUS_RFKILLED
;
3553 status
= MGMT_STATUS_FAILED
;
3555 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_POWERED
, status
);
3557 mgmt_pending_remove(cmd
);
3562 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
3564 struct cmd_lookup match
= { NULL
, hdev
};
3565 bool changed
= false;
3569 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
3572 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
3576 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
3580 err
= new_settings(hdev
, match
.sk
);
3588 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
3590 struct pending_cmd
*cmd
;
3591 bool changed
= false;
3595 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3598 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3602 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
3605 err
= new_settings(hdev
, cmd
? cmd
->sk
: NULL
);
3610 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
3612 u8 mgmt_err
= mgmt_status(status
);
3614 if (scan
& SCAN_PAGE
)
3615 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
3616 cmd_status_rsp
, &mgmt_err
);
3618 if (scan
& SCAN_INQUIRY
)
3619 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
3620 cmd_status_rsp
, &mgmt_err
);
3625 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
3628 struct mgmt_ev_new_link_key ev
;
3630 memset(&ev
, 0, sizeof(ev
));
3632 ev
.store_hint
= persistent
;
3633 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3634 ev
.key
.addr
.type
= BDADDR_BREDR
;
3635 ev
.key
.type
= key
->type
;
3636 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
3637 ev
.key
.pin_len
= key
->pin_len
;
3639 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
3642 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
3644 struct mgmt_ev_new_long_term_key ev
;
3646 memset(&ev
, 0, sizeof(ev
));
3648 ev
.store_hint
= persistent
;
3649 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3650 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
3651 ev
.key
.authenticated
= key
->authenticated
;
3652 ev
.key
.enc_size
= key
->enc_size
;
3653 ev
.key
.ediv
= key
->ediv
;
3655 if (key
->type
== HCI_SMP_LTK
)
3658 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
3659 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
3661 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
3665 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3666 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
3670 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
3673 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3674 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3676 ev
->flags
= __cpu_to_le32(flags
);
3679 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
3682 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
3683 eir_len
= eir_append_data(ev
->eir
, eir_len
,
3684 EIR_CLASS_OF_DEV
, dev_class
, 3);
3686 ev
->eir_len
= cpu_to_le16(eir_len
);
3688 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
3689 sizeof(*ev
) + eir_len
, NULL
);
3692 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
3694 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
3695 struct sock
**sk
= data
;
3696 struct mgmt_rp_disconnect rp
;
3698 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3699 rp
.addr
.type
= cp
->addr
.type
;
3701 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
3707 mgmt_pending_remove(cmd
);
3710 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
3712 struct hci_dev
*hdev
= data
;
3713 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
3714 struct mgmt_rp_unpair_device rp
;
3716 memset(&rp
, 0, sizeof(rp
));
3717 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3718 rp
.addr
.type
= cp
->addr
.type
;
3720 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
3722 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
3724 mgmt_pending_remove(cmd
);
3727 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3728 u8 link_type
, u8 addr_type
, u8 reason
)
3730 struct mgmt_ev_device_disconnected ev
;
3731 struct sock
*sk
= NULL
;
3734 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
3736 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3737 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3740 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3746 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3752 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3753 u8 link_type
, u8 addr_type
, u8 status
)
3755 struct mgmt_rp_disconnect rp
;
3756 struct pending_cmd
*cmd
;
3759 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3762 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3766 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3767 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3769 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3770 mgmt_status(status
), &rp
, sizeof(rp
));
3772 mgmt_pending_remove(cmd
);
3777 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3778 u8 addr_type
, u8 status
)
3780 struct mgmt_ev_connect_failed ev
;
3782 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3783 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3784 ev
.status
= mgmt_status(status
);
3786 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3789 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3791 struct mgmt_ev_pin_code_request ev
;
3793 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3794 ev
.addr
.type
= BDADDR_BREDR
;
3797 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3801 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3804 struct pending_cmd
*cmd
;
3805 struct mgmt_rp_pin_code_reply rp
;
3808 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3812 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3813 rp
.addr
.type
= BDADDR_BREDR
;
3815 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3816 mgmt_status(status
), &rp
, sizeof(rp
));
3818 mgmt_pending_remove(cmd
);
3823 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3826 struct pending_cmd
*cmd
;
3827 struct mgmt_rp_pin_code_reply rp
;
3830 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3834 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3835 rp
.addr
.type
= BDADDR_BREDR
;
3837 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3838 mgmt_status(status
), &rp
, sizeof(rp
));
3840 mgmt_pending_remove(cmd
);
3845 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3846 u8 link_type
, u8 addr_type
, __le32 value
,
3849 struct mgmt_ev_user_confirm_request ev
;
3851 BT_DBG("%s", hdev
->name
);
3853 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3854 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3855 ev
.confirm_hint
= confirm_hint
;
3858 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3862 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3863 u8 link_type
, u8 addr_type
)
3865 struct mgmt_ev_user_passkey_request ev
;
3867 BT_DBG("%s", hdev
->name
);
3869 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3870 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3872 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3876 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3877 u8 link_type
, u8 addr_type
, u8 status
,
3880 struct pending_cmd
*cmd
;
3881 struct mgmt_rp_user_confirm_reply rp
;
3884 cmd
= mgmt_pending_find(opcode
, hdev
);
3888 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3889 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3890 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3893 mgmt_pending_remove(cmd
);
3898 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3899 u8 link_type
, u8 addr_type
, u8 status
)
3901 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3902 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3905 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3906 u8 link_type
, u8 addr_type
, u8 status
)
3908 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3910 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3913 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3914 u8 link_type
, u8 addr_type
, u8 status
)
3916 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3917 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3920 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3921 u8 link_type
, u8 addr_type
, u8 status
)
3923 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3925 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3928 int mgmt_user_passkey_notify(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3929 u8 link_type
, u8 addr_type
, u32 passkey
,
3932 struct mgmt_ev_passkey_notify ev
;
3934 BT_DBG("%s", hdev
->name
);
3936 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3937 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3938 ev
.passkey
= __cpu_to_le32(passkey
);
3939 ev
.entered
= entered
;
3941 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY
, hdev
, &ev
, sizeof(ev
), NULL
);
3944 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3945 u8 addr_type
, u8 status
)
3947 struct mgmt_ev_auth_failed ev
;
3949 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3950 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3951 ev
.status
= mgmt_status(status
);
3953 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3956 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3958 struct cmd_lookup match
= { NULL
, hdev
};
3959 bool changed
= false;
3963 u8 mgmt_err
= mgmt_status(status
);
3964 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3965 cmd_status_rsp
, &mgmt_err
);
3969 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3970 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3973 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3977 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3981 err
= new_settings(hdev
, match
.sk
);
3989 static void clear_eir(struct hci_request
*req
)
3991 struct hci_dev
*hdev
= req
->hdev
;
3992 struct hci_cp_write_eir cp
;
3994 if (!lmp_ext_inq_capable(hdev
))
3997 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3999 memset(&cp
, 0, sizeof(cp
));
4001 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
4004 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
4006 struct cmd_lookup match
= { NULL
, hdev
};
4007 struct hci_request req
;
4008 bool changed
= false;
4012 u8 mgmt_err
= mgmt_status(status
);
4014 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
4016 err
= new_settings(hdev
, NULL
);
4018 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
4025 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
4028 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
4032 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
4035 err
= new_settings(hdev
, match
.sk
);
4040 hci_req_init(&req
, hdev
);
4042 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
4047 hci_req_run(&req
, NULL
);
4052 static void sk_lookup(struct pending_cmd
*cmd
, void *data
)
4054 struct cmd_lookup
*match
= data
;
4056 if (match
->sk
== NULL
) {
4057 match
->sk
= cmd
->sk
;
4058 sock_hold(match
->sk
);
4062 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
4065 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
4068 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, sk_lookup
, &match
);
4069 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, sk_lookup
, &match
);
4070 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, sk_lookup
, &match
);
4073 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
4082 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
4084 struct mgmt_cp_set_local_name ev
;
4085 struct pending_cmd
*cmd
;
4090 memset(&ev
, 0, sizeof(ev
));
4091 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
4092 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
4094 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
4096 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
4098 /* If this is a HCI command related to powering on the
4099 * HCI dev don't send any mgmt signals.
4101 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
4105 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
, sizeof(ev
),
4106 cmd
? cmd
->sk
: NULL
);
4109 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
4110 u8
*randomizer
, u8 status
)
4112 struct pending_cmd
*cmd
;
4115 BT_DBG("%s status %u", hdev
->name
, status
);
4117 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
4122 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
4123 mgmt_status(status
));
4125 struct mgmt_rp_read_local_oob_data rp
;
4127 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
4128 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
4130 err
= cmd_complete(cmd
->sk
, hdev
->id
,
4131 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
4135 mgmt_pending_remove(cmd
);
4140 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
4142 struct cmd_lookup match
= { NULL
, hdev
};
4143 bool changed
= false;
4147 u8 mgmt_err
= mgmt_status(status
);
4149 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
4151 err
= new_settings(hdev
, NULL
);
4153 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
4160 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
4163 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
4167 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
4170 err
= new_settings(hdev
, match
.sk
);
4178 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
4179 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
4180 ssp
, u8
*eir
, u16 eir_len
)
4183 struct mgmt_ev_device_found
*ev
= (void *) buf
;
4186 if (!hci_discovery_active(hdev
))
4189 /* Leave 5 bytes for a potential CoD field */
4190 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
4193 memset(buf
, 0, sizeof(buf
));
4195 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
4196 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
4199 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME
);
4201 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING
);
4204 memcpy(ev
->eir
, eir
, eir_len
);
4206 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
4207 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
4210 ev
->eir_len
= cpu_to_le16(eir_len
);
4211 ev_size
= sizeof(*ev
) + eir_len
;
4213 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
4216 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
4217 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
4219 struct mgmt_ev_device_found
*ev
;
4220 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
4223 ev
= (struct mgmt_ev_device_found
*) buf
;
4225 memset(buf
, 0, sizeof(buf
));
4227 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
4228 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
4231 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
4234 ev
->eir_len
= cpu_to_le16(eir_len
);
4236 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
4237 sizeof(*ev
) + eir_len
, NULL
);
4240 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
4242 struct mgmt_ev_discovering ev
;
4243 struct pending_cmd
*cmd
;
4245 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
4248 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
4250 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
4253 u8 type
= hdev
->discovery
.type
;
4255 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
4257 mgmt_pending_remove(cmd
);
4260 memset(&ev
, 0, sizeof(ev
));
4261 ev
.type
= hdev
->discovery
.type
;
4262 ev
.discovering
= discovering
;
4264 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
4267 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
4269 struct pending_cmd
*cmd
;
4270 struct mgmt_ev_device_blocked ev
;
4272 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
4274 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
4275 ev
.addr
.type
= type
;
4277 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
4278 cmd
? cmd
->sk
: NULL
);
4281 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
4283 struct pending_cmd
*cmd
;
4284 struct mgmt_ev_device_unblocked ev
;
4286 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
4288 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
4289 ev
.addr
.type
= type
;
4291 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
4292 cmd
? cmd
->sk
: NULL
);
4295 module_param(enable_hs
, bool, 0644);
4296 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");
