2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
43 static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
51 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_UNBLOCK_DEVICE,
83 static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
198 static u8 mgmt_status(u8 hci_status)
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
203 return MGMT_STATUS_FAILED;
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222 hdr->index = cpu_to_le16(index);
223 hdr->len = cpu_to_le16(sizeof(*ev));
225 ev = (void *) skb_put(skb, sizeof(*ev));
227 put_unaligned_le16(cmd, &ev->opcode);
229 err = sock_queue_rcv_skb(sk, skb);
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
244 BT_DBG("sock %p", sk);
246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253 hdr->index = cpu_to_le16(index);
254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
261 memcpy(ev->data, rp, rp_len);
263 err = sock_queue_rcv_skb(sk, skb);
270 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
273 struct mgmt_rp_read_version rp;
275 BT_DBG("sock %p", sk);
277 rp.version = MGMT_VERSION;
278 put_unaligned_le16(MGMT_REVISION, &rp.revision);
280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
284 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
287 struct mgmt_rp_read_commands *rp;
288 u16 num_commands = ARRAY_SIZE(mgmt_commands);
289 u16 num_events = ARRAY_SIZE(mgmt_events);
294 BT_DBG("sock %p", sk);
296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
298 rp = kmalloc(rp_size, GFP_KERNEL);
302 put_unaligned_le16(num_commands, &rp->num_commands);
303 put_unaligned_le16(num_events, &rp->num_events);
305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306 put_unaligned_le16(mgmt_commands[i], opcode);
308 for (i = 0; i < num_events; i++, opcode++)
309 put_unaligned_le16(mgmt_events[i], opcode);
311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
318 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
321 struct mgmt_rp_read_index_list *rp;
328 BT_DBG("sock %p", sk);
330 read_lock(&hci_dev_list_lock);
333 list_for_each(p, &hci_dev_list) {
337 rp_len = sizeof(*rp) + (2 * count);
338 rp = kmalloc(rp_len, GFP_ATOMIC);
340 read_unlock(&hci_dev_list_lock);
344 put_unaligned_le16(count, &rp->num_controllers);
347 list_for_each_entry(d, &hci_dev_list, list) {
348 if (test_bit(HCI_SETUP, &d->dev_flags))
351 put_unaligned_le16(d->id, &rp->index[i++]);
352 BT_DBG("Added hci%u", d->id);
355 read_unlock(&hci_dev_list_lock);
357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
365 static u32 get_supported_settings(struct hci_dev *hdev)
369 settings |= MGMT_SETTING_POWERED;
370 settings |= MGMT_SETTING_CONNECTABLE;
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_PAIRABLE;
375 if (hdev->features[6] & LMP_SIMPLE_PAIR)
376 settings |= MGMT_SETTING_SSP;
378 if (!(hdev->features[4] & LMP_NO_BREDR)) {
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
384 settings |= MGMT_SETTING_HS;
387 if (hdev->features[4] & LMP_LE)
388 settings |= MGMT_SETTING_LE;
394 static u32 get_current_settings(struct hci_dev *hdev)
398 if (hdev_is_powered(hdev))
399 settings |= MGMT_SETTING_POWERED;
401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_DISCOVERABLE;
407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
408 settings |= MGMT_SETTING_PAIRABLE;
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
414 settings |= MGMT_SETTING_LE;
416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
417 settings |= MGMT_SETTING_LINK_SECURITY;
419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_SSP;
422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
428 #define PNP_INFO_SVCLASS_ID 0x1200
430 static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
435 static u16 get_uuid16(u8 *uuid128)
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
445 memcpy(&val, &uuid128[12], 4);
447 val = le32_to_cpu(val);
454 static void create_eir(struct hci_dev *hdev, u8 *data)
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
463 name_len = strlen(hdev->dev_name);
469 ptr[1] = EIR_NAME_SHORT;
471 ptr[1] = EIR_NAME_COMPLETE;
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
476 memcpy(ptr + 2, hdev->dev_name, name_len);
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
482 memset(uuid16_list, 0, sizeof(uuid16_list));
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
488 uuid16 = get_uuid16(uuid->uuid);
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
515 if (uuid16_list[0] != 0) {
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
534 static int update_eir(struct hci_dev *hdev)
536 struct hci_cp_write_eir cp;
538 if (!hdev_is_powered(hdev))
541 if (!(hdev->features[6] & LMP_EXT_INQ))
544 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
547 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
550 memset(&cp, 0, sizeof(cp));
552 create_eir(hdev, cp.data);
554 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
557 memcpy(hdev->eir, cp.data, sizeof(cp.data));
559 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
562 static u8 get_service_classes(struct hci_dev *hdev)
564 struct bt_uuid *uuid;
567 list_for_each_entry(uuid, &hdev->uuids, list)
568 val |= uuid->svc_hint;
573 static int update_class(struct hci_dev *hdev)
578 BT_DBG("%s", hdev->name);
580 if (!hdev_is_powered(hdev))
583 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
586 cod[0] = hdev->minor_class;
587 cod[1] = hdev->major_class;
588 cod[2] = get_service_classes(hdev);
590 if (memcmp(cod, hdev->dev_class, 3) == 0)
593 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
595 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
600 static void service_cache_off(struct work_struct *work)
602 struct hci_dev *hdev = container_of(work, struct hci_dev,
605 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
613 hci_dev_unlock(hdev);
616 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
618 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
621 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
623 /* Non-mgmt controlled devices get this bit set
624 * implicitly so that pairing works for them, however
625 * for mgmt we require user-space to explicitly enable
628 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
631 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
632 void *data, u16 data_len)
634 struct mgmt_rp_read_info rp;
636 BT_DBG("sock %p %s", sk, hdev->name);
640 memset(&rp, 0, sizeof(rp));
642 bacpy(&rp.bdaddr, &hdev->bdaddr);
644 rp.version = hdev->hci_ver;
646 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
648 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
649 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
651 memcpy(rp.dev_class, hdev->dev_class, 3);
653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
654 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
656 hci_dev_unlock(hdev);
658 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
662 static void mgmt_pending_free(struct pending_cmd *cmd)
669 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
670 struct hci_dev *hdev, void *data,
673 struct pending_cmd *cmd;
675 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
679 cmd->opcode = opcode;
680 cmd->index = hdev->id;
682 cmd->param = kmalloc(len, GFP_ATOMIC);
689 memcpy(cmd->param, data, len);
694 list_add(&cmd->list, &hdev->mgmt_pending);
699 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
700 void (*cb)(struct pending_cmd *cmd, void *data),
703 struct list_head *p, *n;
705 list_for_each_safe(p, n, &hdev->mgmt_pending) {
706 struct pending_cmd *cmd;
708 cmd = list_entry(p, struct pending_cmd, list);
710 if (opcode > 0 && cmd->opcode != opcode)
717 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
719 struct pending_cmd *cmd;
721 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
722 if (cmd->opcode == opcode)
729 static void mgmt_pending_remove(struct pending_cmd *cmd)
731 list_del(&cmd->list);
732 mgmt_pending_free(cmd);
735 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
737 __le32 settings = cpu_to_le32(get_current_settings(hdev));
739 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
743 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
746 struct mgmt_mode *cp = data;
747 struct pending_cmd *cmd;
750 BT_DBG("request for %s", hdev->name);
754 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
755 cancel_delayed_work(&hdev->power_off);
758 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
759 mgmt_powered(hdev, 1);
764 if (!!cp->val == hdev_is_powered(hdev)) {
765 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
769 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
770 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
775 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
782 schedule_work(&hdev->power_on);
784 schedule_work(&hdev->power_off.work);
789 hci_dev_unlock(hdev);
793 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
794 struct sock *skip_sk)
797 struct mgmt_hdr *hdr;
799 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
803 hdr = (void *) skb_put(skb, sizeof(*hdr));
804 hdr->opcode = cpu_to_le16(event);
806 hdr->index = cpu_to_le16(hdev->id);
808 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
809 hdr->len = cpu_to_le16(data_len);
812 memcpy(skb_put(skb, data_len), data, data_len);
815 __net_timestamp(skb);
817 hci_send_to_control(skb, skip_sk);
823 static int new_settings(struct hci_dev *hdev, struct sock *skip)
827 ev = cpu_to_le32(get_current_settings(hdev));
829 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
832 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
835 struct mgmt_cp_set_discoverable *cp = data;
836 struct pending_cmd *cmd;
841 BT_DBG("request for %s", hdev->name);
843 timeout = get_unaligned_le16(&cp->timeout);
844 if (!cp->val && timeout > 0)
845 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
846 MGMT_STATUS_INVALID_PARAMS);
850 if (!hdev_is_powered(hdev) && timeout > 0) {
851 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
852 MGMT_STATUS_NOT_POWERED);
856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
863 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
865 MGMT_STATUS_REJECTED);
869 if (!hdev_is_powered(hdev)) {
870 bool changed = false;
872 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
873 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
877 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
882 err = new_settings(hdev, sk);
887 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
888 if (hdev->discov_timeout > 0) {
889 cancel_delayed_work(&hdev->discov_off);
890 hdev->discov_timeout = 0;
893 if (cp->val && timeout > 0) {
894 hdev->discov_timeout = timeout;
895 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
896 msecs_to_jiffies(hdev->discov_timeout * 1000));
899 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
903 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
912 scan |= SCAN_INQUIRY;
914 cancel_delayed_work(&hdev->discov_off);
916 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
918 mgmt_pending_remove(cmd);
921 hdev->discov_timeout = timeout;
924 hci_dev_unlock(hdev);
928 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
931 struct mgmt_mode *cp = data;
932 struct pending_cmd *cmd;
936 BT_DBG("request for %s", hdev->name);
940 if (!hdev_is_powered(hdev)) {
941 bool changed = false;
943 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
947 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
949 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
950 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
953 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
958 err = new_settings(hdev, sk);
963 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
964 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
965 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
970 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
971 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
975 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
986 if (test_bit(HCI_ISCAN, &hdev->flags) &&
987 hdev->discov_timeout > 0)
988 cancel_delayed_work(&hdev->discov_off);
991 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
993 mgmt_pending_remove(cmd);
996 hci_dev_unlock(hdev);
1000 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1003 struct mgmt_mode *cp = data;
1006 BT_DBG("request for %s", hdev->name);
1011 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1013 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1015 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1019 err = new_settings(hdev, sk);
1022 hci_dev_unlock(hdev);
1026 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1029 struct mgmt_mode *cp = data;
1030 struct pending_cmd *cmd;
1034 BT_DBG("request for %s", hdev->name);
1038 if (!hdev_is_powered(hdev)) {
1039 bool changed = false;
1041 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1042 &hdev->dev_flags)) {
1043 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1047 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1052 err = new_settings(hdev, sk);
1057 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1058 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1065 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1066 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1070 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1076 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1078 mgmt_pending_remove(cmd);
1083 hci_dev_unlock(hdev);
1087 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1089 struct mgmt_mode *cp = data;
1090 struct pending_cmd *cmd;
1094 BT_DBG("request for %s", hdev->name);
1098 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1099 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1100 MGMT_STATUS_NOT_SUPPORTED);
1106 if (!hdev_is_powered(hdev)) {
1107 bool changed = false;
1109 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1110 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1114 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1119 err = new_settings(hdev, sk);
1124 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1130 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1135 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1141 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1143 mgmt_pending_remove(cmd);
1148 hci_dev_unlock(hdev);
1152 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1154 struct mgmt_mode *cp = data;
1156 BT_DBG("request for %s", hdev->name);
1159 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1160 MGMT_STATUS_NOT_SUPPORTED);
1163 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1165 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1167 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1170 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1172 struct mgmt_mode *cp = data;
1173 struct hci_cp_write_le_host_supported hci_cp;
1174 struct pending_cmd *cmd;
1178 BT_DBG("request for %s", hdev->name);
1182 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1184 MGMT_STATUS_NOT_SUPPORTED);
1189 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1191 if (!hdev_is_powered(hdev) || val == enabled) {
1192 bool changed = false;
1194 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1195 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1199 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1204 err = new_settings(hdev, sk);
1209 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1210 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1221 memset(&hci_cp, 0, sizeof(hci_cp));
1225 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1228 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1231 mgmt_pending_remove(cmd);
1236 hci_dev_unlock(hdev);
1240 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1242 struct mgmt_cp_add_uuid *cp = data;
1243 struct pending_cmd *cmd;
1244 struct bt_uuid *uuid;
1247 BT_DBG("request for %s", hdev->name);
1251 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1252 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1257 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1263 memcpy(uuid->uuid, cp->uuid, 16);
1264 uuid->svc_hint = cp->svc_hint;
1266 list_add(&uuid->list, &hdev->uuids);
1268 err = update_class(hdev);
1272 err = update_eir(hdev);
1276 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1278 hdev->dev_class, 3);
1282 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1289 hci_dev_unlock(hdev);
1293 static bool enable_service_cache(struct hci_dev *hdev)
1295 if (!hdev_is_powered(hdev))
1298 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1299 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1306 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1309 struct mgmt_cp_remove_uuid *cp = data;
1310 struct pending_cmd *cmd;
1311 struct list_head *p, *n;
1312 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1315 BT_DBG("request for %s", hdev->name);
1319 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1320 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1325 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1326 err = hci_uuids_clear(hdev);
1328 if (enable_service_cache(hdev)) {
1329 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1330 0, hdev->dev_class, 3);
1339 list_for_each_safe(p, n, &hdev->uuids) {
1340 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1342 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1345 list_del(&match->list);
1350 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1351 MGMT_STATUS_INVALID_PARAMS);
1356 err = update_class(hdev);
1360 err = update_eir(hdev);
1364 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1366 hdev->dev_class, 3);
1370 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1377 hci_dev_unlock(hdev);
1381 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1384 struct mgmt_cp_set_dev_class *cp = data;
1385 struct pending_cmd *cmd;
1388 BT_DBG("request for %s", hdev->name);
1392 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1398 hdev->major_class = cp->major;
1399 hdev->minor_class = cp->minor;
1401 if (!hdev_is_powered(hdev)) {
1402 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1403 hdev->dev_class, 3);
1407 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1408 hci_dev_unlock(hdev);
1409 cancel_delayed_work_sync(&hdev->service_cache);
1414 err = update_class(hdev);
1418 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1419 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1420 hdev->dev_class, 3);
1424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1431 hci_dev_unlock(hdev);
1435 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1438 struct mgmt_cp_load_link_keys *cp = data;
1439 u16 key_count, expected_len;
1442 key_count = get_unaligned_le16(&cp->key_count);
1444 expected_len = sizeof(*cp) + key_count *
1445 sizeof(struct mgmt_link_key_info);
1446 if (expected_len != len) {
1447 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1449 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1450 MGMT_STATUS_INVALID_PARAMS);
1453 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1458 hci_link_keys_clear(hdev);
1460 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1463 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1465 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1467 for (i = 0; i < key_count; i++) {
1468 struct mgmt_link_key_info *key = &cp->keys[i];
1470 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1471 key->type, key->pin_len);
1474 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1476 hci_dev_unlock(hdev);
1481 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1482 u8 addr_type, struct sock *skip_sk)
1484 struct mgmt_ev_device_unpaired ev;
1486 bacpy(&ev.addr.bdaddr, bdaddr);
1487 ev.addr.type = addr_type;
1489 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1493 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1496 struct mgmt_cp_unpair_device *cp = data;
1497 struct mgmt_rp_unpair_device rp;
1498 struct hci_cp_disconnect dc;
1499 struct pending_cmd *cmd;
1500 struct hci_conn *conn;
1505 memset(&rp, 0, sizeof(rp));
1506 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1507 rp.addr.type = cp->addr.type;
1509 if (!hdev_is_powered(hdev)) {
1510 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1511 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1515 if (cp->addr.type == MGMT_ADDR_BREDR)
1516 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1518 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1521 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1522 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1526 if (cp->disconnect) {
1527 if (cp->addr.type == MGMT_ADDR_BREDR)
1528 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1531 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1538 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1540 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1544 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1551 put_unaligned_le16(conn->handle, &dc.handle);
1552 dc.reason = 0x13; /* Remote User Terminated Connection */
1553 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1555 mgmt_pending_remove(cmd);
1558 hci_dev_unlock(hdev);
1562 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1565 struct mgmt_cp_disconnect *cp = data;
1566 struct hci_cp_disconnect dc;
1567 struct pending_cmd *cmd;
1568 struct hci_conn *conn;
1575 if (!test_bit(HCI_UP, &hdev->flags)) {
1576 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1577 MGMT_STATUS_NOT_POWERED);
1581 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1582 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1587 if (cp->addr.type == MGMT_ADDR_BREDR)
1588 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1590 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1593 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1594 MGMT_STATUS_NOT_CONNECTED);
1598 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1604 put_unaligned_le16(conn->handle, &dc.handle);
1605 dc.reason = 0x13; /* Remote User Terminated Connection */
1607 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1609 mgmt_pending_remove(cmd);
1612 hci_dev_unlock(hdev);
1616 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1618 switch (link_type) {
1620 switch (addr_type) {
1621 case ADDR_LE_DEV_PUBLIC:
1622 return MGMT_ADDR_LE_PUBLIC;
1623 case ADDR_LE_DEV_RANDOM:
1624 return MGMT_ADDR_LE_RANDOM;
1626 return MGMT_ADDR_INVALID;
1629 return MGMT_ADDR_BREDR;
1631 return MGMT_ADDR_INVALID;
1635 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1638 struct mgmt_rp_get_connections *rp;
1648 if (!hdev_is_powered(hdev)) {
1649 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1650 MGMT_STATUS_NOT_POWERED);
1655 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1656 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1660 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1661 rp = kmalloc(rp_len, GFP_ATOMIC);
1668 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1669 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1671 bacpy(&rp->addr[i].bdaddr, &c->dst);
1672 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1673 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1678 put_unaligned_le16(i, &rp->conn_count);
1680 /* Recalculate length in case of filtered SCO connections, etc */
1681 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1683 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1689 hci_dev_unlock(hdev);
1693 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1694 struct mgmt_cp_pin_code_neg_reply *cp)
1696 struct pending_cmd *cmd;
1699 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1704 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1705 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1707 mgmt_pending_remove(cmd);
1712 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1715 struct hci_conn *conn;
1716 struct mgmt_cp_pin_code_reply *cp = data;
1717 struct hci_cp_pin_code_reply reply;
1718 struct pending_cmd *cmd;
1725 if (!hdev_is_powered(hdev)) {
1726 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1727 MGMT_STATUS_NOT_POWERED);
1731 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1733 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1734 MGMT_STATUS_NOT_CONNECTED);
1738 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1739 struct mgmt_cp_pin_code_neg_reply ncp;
1741 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1743 BT_ERR("PIN code is not 16 bytes long");
1745 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1747 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1748 MGMT_STATUS_INVALID_PARAMS);
1753 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1759 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1760 reply.pin_len = cp->pin_len;
1761 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1763 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1765 mgmt_pending_remove(cmd);
1768 hci_dev_unlock(hdev);
1772 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1773 void *data, u16 len)
1775 struct mgmt_cp_pin_code_neg_reply *cp = data;
1782 if (!hdev_is_powered(hdev)) {
1783 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1784 MGMT_STATUS_NOT_POWERED);
1788 err = send_pin_code_neg_reply(sk, hdev, cp);
1791 hci_dev_unlock(hdev);
1795 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1798 struct mgmt_cp_set_io_capability *cp = data;
1804 hdev->io_capability = cp->io_capability;
1806 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1807 hdev->io_capability);
1809 hci_dev_unlock(hdev);
1811 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1815 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1817 struct hci_dev *hdev = conn->hdev;
1818 struct pending_cmd *cmd;
1820 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1821 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1824 if (cmd->user_data != conn)
1833 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1835 struct mgmt_rp_pair_device rp;
1836 struct hci_conn *conn = cmd->user_data;
1838 bacpy(&rp.addr.bdaddr, &conn->dst);
1839 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1841 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1844 /* So we don't get further callbacks for this connection */
1845 conn->connect_cfm_cb = NULL;
1846 conn->security_cfm_cb = NULL;
1847 conn->disconn_cfm_cb = NULL;
1851 mgmt_pending_remove(cmd);
1854 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1856 struct pending_cmd *cmd;
1858 BT_DBG("status %u", status);
1860 cmd = find_pairing(conn);
1862 BT_DBG("Unable to find a pending command");
1864 pairing_complete(cmd, mgmt_status(status));
1867 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1870 struct mgmt_cp_pair_device *cp = data;
1871 struct mgmt_rp_pair_device rp;
1872 struct pending_cmd *cmd;
1873 u8 sec_level, auth_type;
1874 struct hci_conn *conn;
1881 if (!hdev_is_powered(hdev)) {
1882 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1883 MGMT_STATUS_NOT_POWERED);
1887 sec_level = BT_SECURITY_MEDIUM;
1888 if (cp->io_cap == 0x03)
1889 auth_type = HCI_AT_DEDICATED_BONDING;
1891 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1893 if (cp->addr.type == MGMT_ADDR_BREDR)
1894 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1897 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1900 memset(&rp, 0, sizeof(rp));
1901 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1902 rp.addr.type = cp->addr.type;
1905 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1906 MGMT_STATUS_CONNECT_FAILED, &rp,
1911 if (conn->connect_cfm_cb) {
1913 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1914 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1918 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1925 /* For LE, just connecting isn't a proof that the pairing finished */
1926 if (cp->addr.type == MGMT_ADDR_BREDR)
1927 conn->connect_cfm_cb = pairing_complete_cb;
1929 conn->security_cfm_cb = pairing_complete_cb;
1930 conn->disconn_cfm_cb = pairing_complete_cb;
1931 conn->io_capability = cp->io_cap;
1932 cmd->user_data = conn;
1934 if (conn->state == BT_CONNECTED &&
1935 hci_conn_security(conn, sec_level, auth_type))
1936 pairing_complete(cmd, 0);
1941 hci_dev_unlock(hdev);
1945 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1948 struct mgmt_addr_info *addr = data;
1949 struct pending_cmd *cmd;
1950 struct hci_conn *conn;
1957 if (!hdev_is_powered(hdev)) {
1958 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1959 MGMT_STATUS_NOT_POWERED);
1963 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1965 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1966 MGMT_STATUS_INVALID_PARAMS);
1970 conn = cmd->user_data;
1972 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1973 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1974 MGMT_STATUS_INVALID_PARAMS);
1978 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1980 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1981 addr, sizeof(*addr));
1983 hci_dev_unlock(hdev);
1987 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1988 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
1989 u16 hci_op, __le32 passkey)
1991 struct pending_cmd *cmd;
1992 struct hci_conn *conn;
1997 if (!hdev_is_powered(hdev)) {
1998 err = cmd_status(sk, hdev->id, mgmt_op,
1999 MGMT_STATUS_NOT_POWERED);
2003 if (type == MGMT_ADDR_BREDR)
2004 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2006 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2009 err = cmd_status(sk, hdev->id, mgmt_op,
2010 MGMT_STATUS_NOT_CONNECTED);
2014 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2015 /* Continue with pairing via SMP */
2016 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2019 err = cmd_status(sk, hdev->id, mgmt_op,
2020 MGMT_STATUS_SUCCESS);
2022 err = cmd_status(sk, hdev->id, mgmt_op,
2023 MGMT_STATUS_FAILED);
2028 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2034 /* Continue with pairing via HCI */
2035 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2036 struct hci_cp_user_passkey_reply cp;
2038 bacpy(&cp.bdaddr, bdaddr);
2039 cp.passkey = passkey;
2040 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2042 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2045 mgmt_pending_remove(cmd);
2048 hci_dev_unlock(hdev);
2052 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2055 struct mgmt_cp_user_confirm_reply *cp = data;
2059 if (len != sizeof(*cp))
2060 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2061 MGMT_STATUS_INVALID_PARAMS);
2063 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2064 MGMT_OP_USER_CONFIRM_REPLY,
2065 HCI_OP_USER_CONFIRM_REPLY, 0);
2068 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2069 void *data, u16 len)
2071 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2075 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2076 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2077 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2080 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2083 struct mgmt_cp_user_passkey_reply *cp = data;
2087 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2088 MGMT_OP_USER_PASSKEY_REPLY,
2089 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2092 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2093 void *data, u16 len)
2095 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2100 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2101 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2104 static int update_name(struct hci_dev *hdev, const char *name)
2106 struct hci_cp_write_local_name cp;
2108 memcpy(cp.name, name, sizeof(cp.name));
2110 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2113 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2116 struct mgmt_cp_set_local_name *cp = data;
2117 struct pending_cmd *cmd;
2124 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2126 if (!hdev_is_powered(hdev)) {
2127 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2129 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2134 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2146 err = update_name(hdev, cp->name);
2148 mgmt_pending_remove(cmd);
2151 hci_dev_unlock(hdev);
2155 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2156 void *data, u16 data_len)
2158 struct pending_cmd *cmd;
2161 BT_DBG("%s", hdev->name);
2165 if (!hdev_is_powered(hdev)) {
2166 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2167 MGMT_STATUS_NOT_POWERED);
2171 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2172 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2173 MGMT_STATUS_NOT_SUPPORTED);
2177 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2178 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2183 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2189 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2191 mgmt_pending_remove(cmd);
2194 hci_dev_unlock(hdev);
2198 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2199 void *data, u16 len)
2201 struct mgmt_cp_add_remote_oob_data *cp = data;
2205 BT_DBG("%s ", hdev->name);
2209 if (!hdev_is_powered(hdev)) {
2210 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2211 MGMT_STATUS_NOT_POWERED, &cp->addr,
2216 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2219 status = MGMT_STATUS_FAILED;
2223 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2224 &cp->addr, sizeof(cp->addr));
2227 hci_dev_unlock(hdev);
2231 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2232 void *data, u16 len)
2234 struct mgmt_cp_remove_remote_oob_data *cp = data;
2238 BT_DBG("%s", hdev->name);
2242 if (!hdev_is_powered(hdev)) {
2243 err = cmd_complete(sk, hdev->id,
2244 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2245 MGMT_STATUS_NOT_POWERED, &cp->addr,
2250 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2252 status = MGMT_STATUS_INVALID_PARAMS;
2256 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2257 status, &cp->addr, sizeof(cp->addr));
2260 hci_dev_unlock(hdev);
2264 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2268 BT_DBG("%s", hdev->name);
2272 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2276 hci_dev_unlock(hdev);
2281 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2282 void *data, u16 len)
2284 struct mgmt_cp_start_discovery *cp = data;
2285 struct pending_cmd *cmd;
2288 BT_DBG("%s", hdev->name);
2292 if (!hdev_is_powered(hdev)) {
2293 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2294 MGMT_STATUS_NOT_POWERED);
2298 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2299 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2304 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2310 hdev->discovery.type = cp->type;
2312 switch (hdev->discovery.type) {
2313 case DISCOV_TYPE_BREDR:
2314 if (lmp_bredr_capable(hdev))
2315 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2320 case DISCOV_TYPE_LE:
2321 if (lmp_host_le_capable(hdev))
2322 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2323 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2328 case DISCOV_TYPE_INTERLEAVED:
2329 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2330 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2332 LE_SCAN_TIMEOUT_BREDR_LE);
2342 mgmt_pending_remove(cmd);
2344 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2347 hci_dev_unlock(hdev);
2351 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2354 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2355 struct pending_cmd *cmd;
2356 struct hci_cp_remote_name_req_cancel cp;
2357 struct inquiry_entry *e;
2360 BT_DBG("%s", hdev->name);
2364 if (!hci_discovery_active(hdev)) {
2365 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2366 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2367 sizeof(mgmt_cp->type));
2371 if (hdev->discovery.type != mgmt_cp->type) {
2372 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2373 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2374 sizeof(mgmt_cp->type));
2378 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2384 if (hdev->discovery.state == DISCOVERY_FINDING) {
2385 err = hci_cancel_inquiry(hdev);
2387 mgmt_pending_remove(cmd);
2389 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2393 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2395 mgmt_pending_remove(cmd);
2396 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
2397 &mgmt_cp->type, sizeof(mgmt_cp->type));
2398 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2402 bacpy(&cp.bdaddr, &e->data.bdaddr);
2403 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2406 mgmt_pending_remove(cmd);
2408 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2411 hci_dev_unlock(hdev);
2415 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2418 struct mgmt_cp_confirm_name *cp = data;
2419 struct inquiry_entry *e;
2422 BT_DBG("%s", hdev->name);
2426 if (!hci_discovery_active(hdev)) {
2427 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2428 MGMT_STATUS_FAILED);
2432 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2434 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2435 MGMT_STATUS_INVALID_PARAMS);
2439 if (cp->name_known) {
2440 e->name_state = NAME_KNOWN;
2443 e->name_state = NAME_NEEDED;
2444 hci_inquiry_cache_update_resolve(hdev, e);
2450 hci_dev_unlock(hdev);
2454 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2457 struct mgmt_cp_block_device *cp = data;
2461 BT_DBG("%s", hdev->name);
2465 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2467 status = MGMT_STATUS_FAILED;
2471 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2472 &cp->addr, sizeof(cp->addr));
2474 hci_dev_unlock(hdev);
2479 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2482 struct mgmt_cp_unblock_device *cp = data;
2486 BT_DBG("%s", hdev->name);
2490 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2492 status = MGMT_STATUS_INVALID_PARAMS;
2496 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2497 &cp->addr, sizeof(cp->addr));
2499 hci_dev_unlock(hdev);
2504 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2505 void *data, u16 len)
2507 struct mgmt_mode *cp = data;
2508 struct hci_cp_write_page_scan_activity acp;
2512 BT_DBG("%s", hdev->name);
2514 if (!hdev_is_powered(hdev))
2515 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2516 MGMT_STATUS_NOT_POWERED);
2518 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2519 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2520 MGMT_STATUS_REJECTED);
2525 type = PAGE_SCAN_TYPE_INTERLACED;
2526 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2528 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2529 acp.interval = 0x0800; /* default 1.28 sec page scan */
2532 acp.window = 0x0012; /* default 11.25 msec page scan window */
2534 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2537 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2538 MGMT_STATUS_FAILED);
2542 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2544 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2545 MGMT_STATUS_FAILED);
2549 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2552 hci_dev_unlock(hdev);
2556 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2557 void *cp_data, u16 len)
2559 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2560 u16 key_count, expected_len;
2563 key_count = get_unaligned_le16(&cp->key_count);
2565 expected_len = sizeof(*cp) + key_count *
2566 sizeof(struct mgmt_ltk_info);
2567 if (expected_len != len) {
2568 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2570 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2574 BT_DBG("%s key_count %u", hdev->name, key_count);
2578 hci_smp_ltks_clear(hdev);
2580 for (i = 0; i < key_count; i++) {
2581 struct mgmt_ltk_info *key = &cp->keys[i];
2587 type = HCI_SMP_LTK_SLAVE;
2589 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2590 type, 0, key->authenticated, key->val,
2591 key->enc_size, key->ediv, key->rand);
2594 hci_dev_unlock(hdev);
2599 struct mgmt_handler {
2600 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2604 } mgmt_handlers[] = {
2605 { NULL }, /* 0x0000 (no command) */
2606 { read_version, false, MGMT_READ_VERSION_SIZE },
2607 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2608 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2609 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2610 { set_powered, false, MGMT_SETTING_SIZE },
2611 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2612 { set_connectable, false, MGMT_SETTING_SIZE },
2613 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2614 { set_pairable, false, MGMT_SETTING_SIZE },
2615 { set_link_security, false, MGMT_SETTING_SIZE },
2616 { set_ssp, false, MGMT_SETTING_SIZE },
2617 { set_hs, false, MGMT_SETTING_SIZE },
2618 { set_le, false, MGMT_SETTING_SIZE },
2619 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2620 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2621 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2622 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2623 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2624 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2625 { disconnect, false, MGMT_DISCONNECT_SIZE },
2626 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2627 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2628 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2629 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2630 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2631 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2632 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2633 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2634 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2635 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2636 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2637 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2638 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2639 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2640 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2641 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2642 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2643 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2644 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2648 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2652 struct mgmt_hdr *hdr;
2653 u16 opcode, index, len;
2654 struct hci_dev *hdev = NULL;
2655 struct mgmt_handler *handler;
2658 BT_DBG("got %zu bytes", msglen);
2660 if (msglen < sizeof(*hdr))
2663 buf = kmalloc(msglen, GFP_KERNEL);
2667 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2673 opcode = get_unaligned_le16(&hdr->opcode);
2674 index = get_unaligned_le16(&hdr->index);
2675 len = get_unaligned_le16(&hdr->len);
2677 if (len != msglen - sizeof(*hdr)) {
2682 if (index != MGMT_INDEX_NONE) {
2683 hdev = hci_dev_get(index);
2685 err = cmd_status(sk, index, opcode,
2686 MGMT_STATUS_INVALID_INDEX);
2691 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2692 mgmt_handlers[opcode].func == NULL) {
2693 BT_DBG("Unknown op %u", opcode);
2694 err = cmd_status(sk, index, opcode,
2695 MGMT_STATUS_UNKNOWN_COMMAND);
2699 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2700 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2701 err = cmd_status(sk, index, opcode,
2702 MGMT_STATUS_INVALID_INDEX);
2706 handler = &mgmt_handlers[opcode];
2708 if ((handler->var_len && len < handler->data_len) ||
2709 (!handler->var_len && len != handler->data_len)) {
2710 err = cmd_status(sk, index, opcode,
2711 MGMT_STATUS_INVALID_PARAMS);
2716 mgmt_init_hdev(sk, hdev);
2718 cp = buf + sizeof(*hdr);
2720 err = handler->func(sk, hdev, cp, len);
2734 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2738 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2739 mgmt_pending_remove(cmd);
2742 int mgmt_index_added(struct hci_dev *hdev)
2744 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2747 int mgmt_index_removed(struct hci_dev *hdev)
2749 u8 status = MGMT_STATUS_INVALID_INDEX;
2751 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2753 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2758 struct hci_dev *hdev;
2762 static void settings_rsp(struct pending_cmd *cmd, void *data)
2764 struct cmd_lookup *match = data;
2766 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2768 list_del(&cmd->list);
2770 if (match->sk == NULL) {
2771 match->sk = cmd->sk;
2772 sock_hold(match->sk);
2775 mgmt_pending_free(cmd);
2778 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2780 struct cmd_lookup match = { NULL, hdev };
2783 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2786 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2791 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2793 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2794 scan |= SCAN_INQUIRY;
2797 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2800 update_name(hdev, hdev->dev_name);
2803 u8 status = MGMT_STATUS_NOT_POWERED;
2804 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2807 err = new_settings(hdev, match.sk);
2815 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2817 struct cmd_lookup match = { NULL, hdev };
2818 bool changed = false;
2822 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2825 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2829 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2833 err = new_settings(hdev, match.sk);
2841 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2843 struct cmd_lookup match = { NULL, hdev };
2844 bool changed = false;
2848 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2851 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2855 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2859 err = new_settings(hdev, match.sk);
2867 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2869 u8 mgmt_err = mgmt_status(status);
2871 if (scan & SCAN_PAGE)
2872 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2873 cmd_status_rsp, &mgmt_err);
2875 if (scan & SCAN_INQUIRY)
2876 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2877 cmd_status_rsp, &mgmt_err);
2882 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, u8 persistent)
2884 struct mgmt_ev_new_link_key ev;
2886 memset(&ev, 0, sizeof(ev));
2888 ev.store_hint = persistent;
2889 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2890 ev.key.addr.type = MGMT_ADDR_BREDR;
2891 ev.key.type = key->type;
2892 memcpy(ev.key.val, key->val, 16);
2893 ev.key.pin_len = key->pin_len;
2895 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2898 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2900 struct mgmt_ev_new_long_term_key ev;
2902 memset(&ev, 0, sizeof(ev));
2904 ev.store_hint = persistent;
2905 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2906 ev.key.addr.type = key->bdaddr_type;
2907 ev.key.authenticated = key->authenticated;
2908 ev.key.enc_size = key->enc_size;
2909 ev.key.ediv = key->ediv;
2911 if (key->type == HCI_SMP_LTK)
2914 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2915 memcpy(ev.key.val, key->val, sizeof(key->val));
2917 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2921 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2922 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2926 struct mgmt_ev_device_connected *ev = (void *) buf;
2929 bacpy(&ev->addr.bdaddr, bdaddr);
2930 ev->addr.type = link_to_mgmt(link_type, addr_type);
2932 ev->flags = __cpu_to_le32(flags);
2935 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2938 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2939 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2940 EIR_CLASS_OF_DEV, dev_class, 3);
2942 put_unaligned_le16(eir_len, &ev->eir_len);
2944 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2945 sizeof(*ev) + eir_len, NULL);
2948 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2950 struct mgmt_cp_disconnect *cp = cmd->param;
2951 struct sock **sk = data;
2952 struct mgmt_rp_disconnect rp;
2954 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2955 rp.addr.type = cp->addr.type;
2957 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2963 mgmt_pending_remove(cmd);
2966 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2968 struct hci_dev *hdev = data;
2969 struct mgmt_cp_unpair_device *cp = cmd->param;
2970 struct mgmt_rp_unpair_device rp;
2972 memset(&rp, 0, sizeof(rp));
2973 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2974 rp.addr.type = cp->addr.type;
2976 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2978 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
2980 mgmt_pending_remove(cmd);
2983 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2984 u8 link_type, u8 addr_type)
2986 struct mgmt_addr_info ev;
2987 struct sock *sk = NULL;
2990 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2992 bacpy(&ev.bdaddr, bdaddr);
2993 ev.type = link_to_mgmt(link_type, addr_type);
2995 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3001 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3007 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3008 u8 link_type, u8 addr_type, u8 status)
3010 struct mgmt_rp_disconnect rp;
3011 struct pending_cmd *cmd;
3014 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3018 bacpy(&rp.addr.bdaddr, bdaddr);
3019 rp.addr.type = link_to_mgmt(link_type, addr_type);
3021 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3022 mgmt_status(status), &rp, sizeof(rp));
3024 mgmt_pending_remove(cmd);
3026 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3031 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3032 u8 addr_type, u8 status)
3034 struct mgmt_ev_connect_failed ev;
3036 bacpy(&ev.addr.bdaddr, bdaddr);
3037 ev.addr.type = link_to_mgmt(link_type, addr_type);
3038 ev.status = mgmt_status(status);
3040 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3043 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3045 struct mgmt_ev_pin_code_request ev;
3047 bacpy(&ev.addr.bdaddr, bdaddr);
3048 ev.addr.type = MGMT_ADDR_BREDR;
3051 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3055 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3058 struct pending_cmd *cmd;
3059 struct mgmt_rp_pin_code_reply rp;
3062 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3066 bacpy(&rp.addr.bdaddr, bdaddr);
3067 rp.addr.type = MGMT_ADDR_BREDR;
3069 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3070 mgmt_status(status), &rp, sizeof(rp));
3072 mgmt_pending_remove(cmd);
3077 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3080 struct pending_cmd *cmd;
3081 struct mgmt_rp_pin_code_reply rp;
3084 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3088 bacpy(&rp.addr.bdaddr, bdaddr);
3089 rp.addr.type = MGMT_ADDR_BREDR;
3091 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3092 mgmt_status(status), &rp, sizeof(rp));
3094 mgmt_pending_remove(cmd);
3099 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3100 u8 link_type, u8 addr_type, __le32 value,
3103 struct mgmt_ev_user_confirm_request ev;
3105 BT_DBG("%s", hdev->name);
3107 bacpy(&ev.addr.bdaddr, bdaddr);
3108 ev.addr.type = link_to_mgmt(link_type, addr_type);
3109 ev.confirm_hint = confirm_hint;
3110 put_unaligned_le32(value, &ev.value);
3112 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3116 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3117 u8 link_type, u8 addr_type)
3119 struct mgmt_ev_user_passkey_request ev;
3121 BT_DBG("%s", hdev->name);
3123 bacpy(&ev.addr.bdaddr, bdaddr);
3124 ev.addr.type = link_to_mgmt(link_type, addr_type);
3126 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3130 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3131 u8 link_type, u8 addr_type, u8 status,
3134 struct pending_cmd *cmd;
3135 struct mgmt_rp_user_confirm_reply rp;
3138 cmd = mgmt_pending_find(opcode, hdev);
3142 bacpy(&rp.addr.bdaddr, bdaddr);
3143 rp.addr.type = link_to_mgmt(link_type, addr_type);
3144 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3147 mgmt_pending_remove(cmd);
3152 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3153 u8 link_type, u8 addr_type, u8 status)
3155 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3156 status, MGMT_OP_USER_CONFIRM_REPLY);
3159 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3160 u8 link_type, u8 addr_type, u8 status)
3162 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3163 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3166 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3167 u8 link_type, u8 addr_type, u8 status)
3169 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3170 status, MGMT_OP_USER_PASSKEY_REPLY);
3173 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3174 u8 link_type, u8 addr_type, u8 status)
3176 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3177 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3180 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3181 u8 addr_type, u8 status)
3183 struct mgmt_ev_auth_failed ev;
3185 bacpy(&ev.addr.bdaddr, bdaddr);
3186 ev.addr.type = link_to_mgmt(link_type, addr_type);
3187 ev.status = mgmt_status(status);
3189 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3192 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3194 struct cmd_lookup match = { NULL, hdev };
3195 bool changed = false;
3199 u8 mgmt_err = mgmt_status(status);
3200 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3201 cmd_status_rsp, &mgmt_err);
3205 if (test_bit(HCI_AUTH, &hdev->flags)) {
3206 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3209 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3213 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3217 err = new_settings(hdev, match.sk);
3225 static int clear_eir(struct hci_dev *hdev)
3227 struct hci_cp_write_eir cp;
3229 if (!(hdev->features[6] & LMP_EXT_INQ))
3232 memset(hdev->eir, 0, sizeof(hdev->eir));
3234 memset(&cp, 0, sizeof(cp));
3236 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3239 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3241 struct cmd_lookup match = { NULL, hdev };
3242 bool changed = false;
3246 u8 mgmt_err = mgmt_status(status);
3248 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3250 err = new_settings(hdev, NULL);
3252 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3259 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3262 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3266 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3269 err = new_settings(hdev, match.sk);
3274 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3282 static void class_rsp(struct pending_cmd *cmd, void *data)
3284 struct cmd_lookup *match = data;
3286 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3287 match->hdev->dev_class, 3);
3289 list_del(&cmd->list);
3291 if (match->sk == NULL) {
3292 match->sk = cmd->sk;
3293 sock_hold(match->sk);
3296 mgmt_pending_free(cmd);
3299 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3302 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3305 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3307 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3308 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3309 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3312 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3321 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3323 struct pending_cmd *cmd;
3324 struct mgmt_cp_set_local_name ev;
3325 bool changed = false;
3328 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3329 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3333 memset(&ev, 0, sizeof(ev));
3334 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3335 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3337 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3341 /* Always assume that either the short or the complete name has
3342 * changed if there was a pending mgmt command */
3346 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3347 mgmt_status(status));
3351 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3358 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3359 sizeof(ev), cmd ? cmd->sk : NULL);
3365 mgmt_pending_remove(cmd);
3369 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3370 u8 *randomizer, u8 status)
3372 struct pending_cmd *cmd;
3375 BT_DBG("%s status %u", hdev->name, status);
3377 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3382 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3383 mgmt_status(status));
3385 struct mgmt_rp_read_local_oob_data rp;
3387 memcpy(rp.hash, hash, sizeof(rp.hash));
3388 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3390 err = cmd_complete(cmd->sk, hdev->id,
3391 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3395 mgmt_pending_remove(cmd);
3400 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3402 struct cmd_lookup match = { NULL, hdev };
3403 bool changed = false;
3407 u8 mgmt_err = mgmt_status(status);
3409 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3411 err = new_settings(hdev, NULL);
3413 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3414 cmd_status_rsp, &mgmt_err);
3420 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3423 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3427 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3430 err = new_settings(hdev, match.sk);
3438 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3439 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3440 ssp, u8 *eir, u16 eir_len)
3443 struct mgmt_ev_device_found *ev = (void *) buf;
3446 /* Leave 5 bytes for a potential CoD field */
3447 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3450 memset(buf, 0, sizeof(buf));
3452 bacpy(&ev->addr.bdaddr, bdaddr);
3453 ev->addr.type = link_to_mgmt(link_type, addr_type);
3456 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3458 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3461 memcpy(ev->eir, eir, eir_len);
3463 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3464 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3467 put_unaligned_le16(eir_len, &ev->eir_len);
3469 ev_size = sizeof(*ev) + eir_len;
3471 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3474 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3475 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3477 struct mgmt_ev_device_found *ev;
3478 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3481 ev = (struct mgmt_ev_device_found *) buf;
3483 memset(buf, 0, sizeof(buf));
3485 bacpy(&ev->addr.bdaddr, bdaddr);
3486 ev->addr.type = link_to_mgmt(link_type, addr_type);
3489 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3492 put_unaligned_le16(eir_len, &ev->eir_len);
3494 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3495 sizeof(*ev) + eir_len, NULL);
3498 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3500 struct pending_cmd *cmd;
3504 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3506 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3510 type = hdev->discovery.type;
3512 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3513 &type, sizeof(type));
3514 mgmt_pending_remove(cmd);
3519 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3521 struct pending_cmd *cmd;
3524 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3528 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3529 &hdev->discovery.type, sizeof(hdev->discovery.type));
3530 mgmt_pending_remove(cmd);
3535 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3537 struct mgmt_ev_discovering ev;
3538 struct pending_cmd *cmd;
3540 BT_DBG("%s discovering %u", hdev->name, discovering);
3543 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3545 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3548 u8 type = hdev->discovery.type;
3550 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3552 mgmt_pending_remove(cmd);
3555 memset(&ev, 0, sizeof(ev));
3556 ev.type = hdev->discovery.type;
3557 ev.discovering = discovering;
3559 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3562 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3564 struct pending_cmd *cmd;
3565 struct mgmt_ev_device_blocked ev;
3567 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3569 bacpy(&ev.addr.bdaddr, bdaddr);
3570 ev.addr.type = type;
3572 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3573 cmd ? cmd->sk : NULL);
3576 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3578 struct pending_cmd *cmd;
3579 struct mgmt_ev_device_unblocked ev;
3581 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3583 bacpy(&ev.addr.bdaddr, bdaddr);
3584 ev.addr.type = type;
3586 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3587 cmd ? cmd->sk : NULL);
3590 module_param(enable_hs, bool, 0644);
3591 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3593 module_param(enable_le, bool, 0644);
3594 MODULE_PARM_DESC(enable_le, "Enable Low Energy support");