2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
40 #define MGMT_VERSION 1
41 #define MGMT_REVISION 0
43 static const u16 mgmt_commands
[] = {
44 MGMT_OP_READ_INDEX_LIST
,
47 MGMT_OP_SET_DISCOVERABLE
,
48 MGMT_OP_SET_CONNECTABLE
,
49 MGMT_OP_SET_FAST_CONNECTABLE
,
51 MGMT_OP_SET_LINK_SECURITY
,
55 MGMT_OP_SET_DEV_CLASS
,
56 MGMT_OP_SET_LOCAL_NAME
,
59 MGMT_OP_LOAD_LINK_KEYS
,
60 MGMT_OP_LOAD_LONG_TERM_KEYS
,
62 MGMT_OP_GET_CONNECTIONS
,
63 MGMT_OP_PIN_CODE_REPLY
,
64 MGMT_OP_PIN_CODE_NEG_REPLY
,
65 MGMT_OP_SET_IO_CAPABILITY
,
67 MGMT_OP_CANCEL_PAIR_DEVICE
,
68 MGMT_OP_UNPAIR_DEVICE
,
69 MGMT_OP_USER_CONFIRM_REPLY
,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
71 MGMT_OP_USER_PASSKEY_REPLY
,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
73 MGMT_OP_READ_LOCAL_OOB_DATA
,
74 MGMT_OP_ADD_REMOTE_OOB_DATA
,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
76 MGMT_OP_START_DISCOVERY
,
77 MGMT_OP_STOP_DISCOVERY
,
80 MGMT_OP_UNBLOCK_DEVICE
,
83 static const u16 mgmt_events
[] = {
84 MGMT_EV_CONTROLLER_ERROR
,
86 MGMT_EV_INDEX_REMOVED
,
88 MGMT_EV_CLASS_OF_DEV_CHANGED
,
89 MGMT_EV_LOCAL_NAME_CHANGED
,
91 MGMT_EV_NEW_LONG_TERM_KEY
,
92 MGMT_EV_DEVICE_CONNECTED
,
93 MGMT_EV_DEVICE_DISCONNECTED
,
94 MGMT_EV_CONNECT_FAILED
,
95 MGMT_EV_PIN_CODE_REQUEST
,
96 MGMT_EV_USER_CONFIRM_REQUEST
,
97 MGMT_EV_USER_PASSKEY_REQUEST
,
101 MGMT_EV_DEVICE_BLOCKED
,
102 MGMT_EV_DEVICE_UNBLOCKED
,
103 MGMT_EV_DEVICE_UNPAIRED
,
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
110 #define LE_SCAN_TYPE 0x01
111 #define LE_SCAN_WIN 0x12
112 #define LE_SCAN_INT 0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
116 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
119 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
125 struct list_head list
;
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table
[] = {
136 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
138 MGMT_STATUS_FAILED
, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
143 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY
, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED
, /* Rejected Security */
150 MGMT_STATUS_REJECTED
, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
158 MGMT_STATUS_BUSY
, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED
, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED
, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED
, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED
, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY
, /* Role Switch Pending */
184 MGMT_STATUS_FAILED
, /* Slot Violation */
185 MGMT_STATUS_FAILED
, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY
, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
198 static u8
mgmt_status(u8 hci_status
)
200 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
201 return mgmt_status_table
[hci_status
];
203 return MGMT_STATUS_FAILED
;
206 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
209 struct mgmt_hdr
*hdr
;
210 struct mgmt_ev_cmd_status
*ev
;
213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
215 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_ATOMIC
);
219 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
221 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_STATUS
);
222 hdr
->index
= cpu_to_le16(index
);
223 hdr
->len
= cpu_to_le16(sizeof(*ev
));
225 ev
= (void *) skb_put(skb
, sizeof(*ev
));
227 put_unaligned_le16(cmd
, &ev
->opcode
);
229 err
= sock_queue_rcv_skb(sk
, skb
);
236 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
237 void *rp
, size_t rp_len
)
240 struct mgmt_hdr
*hdr
;
241 struct mgmt_ev_cmd_complete
*ev
;
244 BT_DBG("sock %p", sk
);
246 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_ATOMIC
);
250 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
252 hdr
->opcode
= cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
253 hdr
->index
= cpu_to_le16(index
);
254 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
256 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
257 put_unaligned_le16(cmd
, &ev
->opcode
);
261 memcpy(ev
->data
, rp
, rp_len
);
263 err
= sock_queue_rcv_skb(sk
, skb
);
270 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
273 struct mgmt_rp_read_version rp
;
275 BT_DBG("sock %p", sk
);
277 rp
.version
= MGMT_VERSION
;
278 put_unaligned_le16(MGMT_REVISION
, &rp
.revision
);
280 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
284 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
287 struct mgmt_rp_read_commands
*rp
;
288 u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
289 u16 num_events
= ARRAY_SIZE(mgmt_events
);
294 BT_DBG("sock %p", sk
);
296 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
298 rp
= kmalloc(rp_size
, GFP_KERNEL
);
302 put_unaligned_le16(num_commands
, &rp
->num_commands
);
303 put_unaligned_le16(num_events
, &rp
->num_events
);
305 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
306 put_unaligned_le16(mgmt_commands
[i
], opcode
);
308 for (i
= 0; i
< num_events
; i
++, opcode
++)
309 put_unaligned_le16(mgmt_events
[i
], opcode
);
311 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
318 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
321 struct mgmt_rp_read_index_list
*rp
;
328 BT_DBG("sock %p", sk
);
330 read_lock(&hci_dev_list_lock
);
333 list_for_each(p
, &hci_dev_list
) {
337 rp_len
= sizeof(*rp
) + (2 * count
);
338 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
340 read_unlock(&hci_dev_list_lock
);
344 put_unaligned_le16(count
, &rp
->num_controllers
);
347 list_for_each_entry(d
, &hci_dev_list
, list
) {
348 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
351 put_unaligned_le16(d
->id
, &rp
->index
[i
++]);
352 BT_DBG("Added hci%u", d
->id
);
355 read_unlock(&hci_dev_list_lock
);
357 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
365 static u32
get_supported_settings(struct hci_dev
*hdev
)
369 settings
|= MGMT_SETTING_POWERED
;
370 settings
|= MGMT_SETTING_CONNECTABLE
;
371 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
372 settings
|= MGMT_SETTING_DISCOVERABLE
;
373 settings
|= MGMT_SETTING_PAIRABLE
;
375 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
)
376 settings
|= MGMT_SETTING_SSP
;
378 if (!(hdev
->features
[4] & LMP_NO_BREDR
)) {
379 settings
|= MGMT_SETTING_BREDR
;
380 settings
|= MGMT_SETTING_LINK_SECURITY
;
384 settings
|= MGMT_SETTING_HS
;
387 if (hdev
->features
[4] & LMP_LE
)
388 settings
|= MGMT_SETTING_LE
;
394 static u32
get_current_settings(struct hci_dev
*hdev
)
398 if (hdev_is_powered(hdev
))
399 settings
|= MGMT_SETTING_POWERED
;
401 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
402 settings
|= MGMT_SETTING_CONNECTABLE
;
404 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
405 settings
|= MGMT_SETTING_DISCOVERABLE
;
407 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
408 settings
|= MGMT_SETTING_PAIRABLE
;
410 if (!(hdev
->features
[4] & LMP_NO_BREDR
))
411 settings
|= MGMT_SETTING_BREDR
;
413 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
414 settings
|= MGMT_SETTING_LE
;
416 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
417 settings
|= MGMT_SETTING_LINK_SECURITY
;
419 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
420 settings
|= MGMT_SETTING_SSP
;
422 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
423 settings
|= MGMT_SETTING_HS
;
428 #define PNP_INFO_SVCLASS_ID 0x1200
430 static u8 bluetooth_base_uuid
[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
435 static u16
get_uuid16(u8
*uuid128
)
440 for (i
= 0; i
< 12; i
++) {
441 if (bluetooth_base_uuid
[i
] != uuid128
[i
])
445 memcpy(&val
, &uuid128
[12], 4);
447 val
= le32_to_cpu(val
);
454 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
458 u16 uuid16_list
[HCI_MAX_EIR_LENGTH
/ sizeof(u16
)];
459 int i
, truncated
= 0;
460 struct bt_uuid
*uuid
;
463 name_len
= strlen(hdev
->dev_name
);
469 ptr
[1] = EIR_NAME_SHORT
;
471 ptr
[1] = EIR_NAME_COMPLETE
;
473 /* EIR Data length */
474 ptr
[0] = name_len
+ 1;
476 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
478 eir_len
+= (name_len
+ 2);
479 ptr
+= (name_len
+ 2);
482 if (hdev
->inq_tx_power
) {
484 ptr
[1] = EIR_TX_POWER
;
485 ptr
[2] = (u8
) hdev
->inq_tx_power
;
491 memset(uuid16_list
, 0, sizeof(uuid16_list
));
493 /* Group all UUID16 types */
494 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
497 uuid16
= get_uuid16(uuid
->uuid
);
504 if (uuid16
== PNP_INFO_SVCLASS_ID
)
507 /* Stop if not enough space to put next UUID */
508 if (eir_len
+ 2 + sizeof(u16
) > HCI_MAX_EIR_LENGTH
) {
513 /* Check for duplicates */
514 for (i
= 0; uuid16_list
[i
] != 0; i
++)
515 if (uuid16_list
[i
] == uuid16
)
518 if (uuid16_list
[i
] == 0) {
519 uuid16_list
[i
] = uuid16
;
520 eir_len
+= sizeof(u16
);
524 if (uuid16_list
[0] != 0) {
528 ptr
[1] = truncated
? EIR_UUID16_SOME
: EIR_UUID16_ALL
;
533 for (i
= 0; uuid16_list
[i
] != 0; i
++) {
534 *ptr
++ = (uuid16_list
[i
] & 0x00ff);
535 *ptr
++ = (uuid16_list
[i
] & 0xff00) >> 8;
538 /* EIR Data length */
539 *length
= (i
* sizeof(u16
)) + 1;
543 static int update_eir(struct hci_dev
*hdev
)
545 struct hci_cp_write_eir cp
;
547 if (!hdev_is_powered(hdev
))
550 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
553 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
556 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
559 memset(&cp
, 0, sizeof(cp
));
561 create_eir(hdev
, cp
.data
);
563 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
566 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
568 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
571 static u8
get_service_classes(struct hci_dev
*hdev
)
573 struct bt_uuid
*uuid
;
576 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
577 val
|= uuid
->svc_hint
;
582 static int update_class(struct hci_dev
*hdev
)
587 BT_DBG("%s", hdev
->name
);
589 if (!hdev_is_powered(hdev
))
592 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
595 cod
[0] = hdev
->minor_class
;
596 cod
[1] = hdev
->major_class
;
597 cod
[2] = get_service_classes(hdev
);
599 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
602 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
604 set_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
609 static void service_cache_off(struct work_struct
*work
)
611 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
614 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
622 hci_dev_unlock(hdev
);
625 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
627 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
630 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
632 /* Non-mgmt controlled devices get this bit set
633 * implicitly so that pairing works for them, however
634 * for mgmt we require user-space to explicitly enable
637 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
640 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
641 void *data
, u16 data_len
)
643 struct mgmt_rp_read_info rp
;
645 BT_DBG("sock %p %s", sk
, hdev
->name
);
649 memset(&rp
, 0, sizeof(rp
));
651 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
653 rp
.version
= hdev
->hci_ver
;
655 put_unaligned_le16(hdev
->manufacturer
, &rp
.manufacturer
);
657 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
658 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
660 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
662 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
663 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
665 hci_dev_unlock(hdev
);
667 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
671 static void mgmt_pending_free(struct pending_cmd
*cmd
)
678 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
679 struct hci_dev
*hdev
, void *data
,
682 struct pending_cmd
*cmd
;
684 cmd
= kmalloc(sizeof(*cmd
), GFP_ATOMIC
);
688 cmd
->opcode
= opcode
;
689 cmd
->index
= hdev
->id
;
691 cmd
->param
= kmalloc(len
, GFP_ATOMIC
);
698 memcpy(cmd
->param
, data
, len
);
703 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
708 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
709 void (*cb
)(struct pending_cmd
*cmd
, void *data
),
712 struct list_head
*p
, *n
;
714 list_for_each_safe(p
, n
, &hdev
->mgmt_pending
) {
715 struct pending_cmd
*cmd
;
717 cmd
= list_entry(p
, struct pending_cmd
, list
);
719 if (opcode
> 0 && cmd
->opcode
!= opcode
)
726 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
728 struct pending_cmd
*cmd
;
730 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
731 if (cmd
->opcode
== opcode
)
738 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
740 list_del(&cmd
->list
);
741 mgmt_pending_free(cmd
);
744 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
746 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
748 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
752 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
755 struct mgmt_mode
*cp
= data
;
756 struct pending_cmd
*cmd
;
759 BT_DBG("request for %s", hdev
->name
);
763 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
764 cancel_delayed_work(&hdev
->power_off
);
767 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
768 mgmt_powered(hdev
, 1);
773 if (!!cp
->val
== hdev_is_powered(hdev
)) {
774 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
778 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
779 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
784 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
791 schedule_work(&hdev
->power_on
);
793 schedule_work(&hdev
->power_off
.work
);
798 hci_dev_unlock(hdev
);
802 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
803 struct sock
*skip_sk
)
806 struct mgmt_hdr
*hdr
;
808 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_ATOMIC
);
812 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
813 hdr
->opcode
= cpu_to_le16(event
);
815 hdr
->index
= cpu_to_le16(hdev
->id
);
817 hdr
->index
= cpu_to_le16(MGMT_INDEX_NONE
);
818 hdr
->len
= cpu_to_le16(data_len
);
821 memcpy(skb_put(skb
, data_len
), data
, data_len
);
824 __net_timestamp(skb
);
826 hci_send_to_control(skb
, skip_sk
);
832 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
836 ev
= cpu_to_le32(get_current_settings(hdev
));
838 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
841 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
844 struct mgmt_cp_set_discoverable
*cp
= data
;
845 struct pending_cmd
*cmd
;
850 BT_DBG("request for %s", hdev
->name
);
852 timeout
= get_unaligned_le16(&cp
->timeout
);
853 if (!cp
->val
&& timeout
> 0)
854 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
855 MGMT_STATUS_INVALID_PARAMS
);
859 if (!hdev_is_powered(hdev
) && timeout
> 0) {
860 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
861 MGMT_STATUS_NOT_POWERED
);
865 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
866 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
867 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
872 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
873 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
874 MGMT_STATUS_REJECTED
);
878 if (!hdev_is_powered(hdev
)) {
879 bool changed
= false;
881 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
882 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
886 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
891 err
= new_settings(hdev
, sk
);
896 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
897 if (hdev
->discov_timeout
> 0) {
898 cancel_delayed_work(&hdev
->discov_off
);
899 hdev
->discov_timeout
= 0;
902 if (cp
->val
&& timeout
> 0) {
903 hdev
->discov_timeout
= timeout
;
904 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
905 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
908 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
912 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
921 scan
|= SCAN_INQUIRY
;
923 cancel_delayed_work(&hdev
->discov_off
);
925 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
927 mgmt_pending_remove(cmd
);
930 hdev
->discov_timeout
= timeout
;
933 hci_dev_unlock(hdev
);
937 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
940 struct mgmt_mode
*cp
= data
;
941 struct pending_cmd
*cmd
;
945 BT_DBG("request for %s", hdev
->name
);
949 if (!hdev_is_powered(hdev
)) {
950 bool changed
= false;
952 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
956 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
958 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
959 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
962 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
967 err
= new_settings(hdev
, sk
);
972 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
973 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
974 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
979 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
980 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
984 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
995 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
996 hdev
->discov_timeout
> 0)
997 cancel_delayed_work(&hdev
->discov_off
);
1000 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1002 mgmt_pending_remove(cmd
);
1005 hci_dev_unlock(hdev
);
1009 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1012 struct mgmt_mode
*cp
= data
;
1015 BT_DBG("request for %s", hdev
->name
);
1020 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1022 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1024 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1028 err
= new_settings(hdev
, sk
);
1031 hci_dev_unlock(hdev
);
1035 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1038 struct mgmt_mode
*cp
= data
;
1039 struct pending_cmd
*cmd
;
1043 BT_DBG("request for %s", hdev
->name
);
1047 if (!hdev_is_powered(hdev
)) {
1048 bool changed
= false;
1050 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1051 &hdev
->dev_flags
)) {
1052 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1056 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1061 err
= new_settings(hdev
, sk
);
1066 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1067 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1074 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1075 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1079 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1085 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1087 mgmt_pending_remove(cmd
);
1092 hci_dev_unlock(hdev
);
1096 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1098 struct mgmt_mode
*cp
= data
;
1099 struct pending_cmd
*cmd
;
1103 BT_DBG("request for %s", hdev
->name
);
1107 if (!(hdev
->features
[6] & LMP_SIMPLE_PAIR
)) {
1108 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1109 MGMT_STATUS_NOT_SUPPORTED
);
1115 if (!hdev_is_powered(hdev
)) {
1116 bool changed
= false;
1118 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1119 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1123 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1128 err
= new_settings(hdev
, sk
);
1133 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1134 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1139 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1140 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1144 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1150 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1152 mgmt_pending_remove(cmd
);
1157 hci_dev_unlock(hdev
);
1161 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1163 struct mgmt_mode
*cp
= data
;
1165 BT_DBG("request for %s", hdev
->name
);
1168 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1169 MGMT_STATUS_NOT_SUPPORTED
);
1172 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1174 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1176 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1179 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1181 struct mgmt_mode
*cp
= data
;
1182 struct hci_cp_write_le_host_supported hci_cp
;
1183 struct pending_cmd
*cmd
;
1187 BT_DBG("request for %s", hdev
->name
);
1191 if (!enable_le
|| !(hdev
->features
[4] & LMP_LE
)) {
1192 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1193 MGMT_STATUS_NOT_SUPPORTED
);
1198 enabled
= !!(hdev
->host_features
[0] & LMP_HOST_LE
);
1200 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1201 bool changed
= false;
1203 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1204 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1208 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1213 err
= new_settings(hdev
, sk
);
1218 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1219 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1224 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1230 memset(&hci_cp
, 0, sizeof(hci_cp
));
1234 hci_cp
.simul
= !!(hdev
->features
[6] & LMP_SIMUL_LE_BR
);
1237 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1240 mgmt_pending_remove(cmd
);
1245 hci_dev_unlock(hdev
);
1249 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1251 struct mgmt_cp_add_uuid
*cp
= data
;
1252 struct pending_cmd
*cmd
;
1253 struct bt_uuid
*uuid
;
1256 BT_DBG("request for %s", hdev
->name
);
1260 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1261 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1266 uuid
= kmalloc(sizeof(*uuid
), GFP_ATOMIC
);
1272 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1273 uuid
->svc_hint
= cp
->svc_hint
;
1275 list_add(&uuid
->list
, &hdev
->uuids
);
1277 err
= update_class(hdev
);
1281 err
= update_eir(hdev
);
1285 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1286 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1287 hdev
->dev_class
, 3);
1291 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1298 hci_dev_unlock(hdev
);
1302 static bool enable_service_cache(struct hci_dev
*hdev
)
1304 if (!hdev_is_powered(hdev
))
1307 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1308 schedule_delayed_work(&hdev
->service_cache
, CACHE_TIMEOUT
);
1315 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1318 struct mgmt_cp_remove_uuid
*cp
= data
;
1319 struct pending_cmd
*cmd
;
1320 struct list_head
*p
, *n
;
1321 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1324 BT_DBG("request for %s", hdev
->name
);
1328 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1329 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1334 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1335 err
= hci_uuids_clear(hdev
);
1337 if (enable_service_cache(hdev
)) {
1338 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1339 0, hdev
->dev_class
, 3);
1348 list_for_each_safe(p
, n
, &hdev
->uuids
) {
1349 struct bt_uuid
*match
= list_entry(p
, struct bt_uuid
, list
);
1351 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1354 list_del(&match
->list
);
1359 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1360 MGMT_STATUS_INVALID_PARAMS
);
1365 err
= update_class(hdev
);
1369 err
= update_eir(hdev
);
1373 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1374 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1375 hdev
->dev_class
, 3);
1379 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1386 hci_dev_unlock(hdev
);
1390 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1393 struct mgmt_cp_set_dev_class
*cp
= data
;
1394 struct pending_cmd
*cmd
;
1397 BT_DBG("request for %s", hdev
->name
);
1401 if (test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1402 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1407 hdev
->major_class
= cp
->major
;
1408 hdev
->minor_class
= cp
->minor
;
1410 if (!hdev_is_powered(hdev
)) {
1411 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1412 hdev
->dev_class
, 3);
1416 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1417 hci_dev_unlock(hdev
);
1418 cancel_delayed_work_sync(&hdev
->service_cache
);
1423 err
= update_class(hdev
);
1427 if (!test_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
)) {
1428 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1429 hdev
->dev_class
, 3);
1433 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1440 hci_dev_unlock(hdev
);
1444 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1447 struct mgmt_cp_load_link_keys
*cp
= data
;
1448 u16 key_count
, expected_len
;
1451 key_count
= get_unaligned_le16(&cp
->key_count
);
1453 expected_len
= sizeof(*cp
) + key_count
*
1454 sizeof(struct mgmt_link_key_info
);
1455 if (expected_len
!= len
) {
1456 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1458 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1459 MGMT_STATUS_INVALID_PARAMS
);
1462 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1467 hci_link_keys_clear(hdev
);
1469 set_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
);
1472 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1474 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1476 for (i
= 0; i
< key_count
; i
++) {
1477 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1479 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1480 key
->type
, key
->pin_len
);
1483 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1485 hci_dev_unlock(hdev
);
1490 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1491 u8 addr_type
, struct sock
*skip_sk
)
1493 struct mgmt_ev_device_unpaired ev
;
1495 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1496 ev
.addr
.type
= addr_type
;
1498 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1502 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1505 struct mgmt_cp_unpair_device
*cp
= data
;
1506 struct mgmt_rp_unpair_device rp
;
1507 struct hci_cp_disconnect dc
;
1508 struct pending_cmd
*cmd
;
1509 struct hci_conn
*conn
;
1514 memset(&rp
, 0, sizeof(rp
));
1515 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1516 rp
.addr
.type
= cp
->addr
.type
;
1518 if (!hdev_is_powered(hdev
)) {
1519 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1520 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1524 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1525 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1527 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1530 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1531 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1535 if (cp
->disconnect
) {
1536 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1537 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1540 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1547 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1549 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1553 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1560 put_unaligned_le16(conn
->handle
, &dc
.handle
);
1561 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1562 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1564 mgmt_pending_remove(cmd
);
1567 hci_dev_unlock(hdev
);
1571 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1574 struct mgmt_cp_disconnect
*cp
= data
;
1575 struct hci_cp_disconnect dc
;
1576 struct pending_cmd
*cmd
;
1577 struct hci_conn
*conn
;
1584 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1585 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1586 MGMT_STATUS_NOT_POWERED
);
1590 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1591 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1596 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1597 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1599 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1602 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1603 MGMT_STATUS_NOT_CONNECTED
);
1607 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1613 put_unaligned_le16(conn
->handle
, &dc
.handle
);
1614 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1616 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1618 mgmt_pending_remove(cmd
);
1621 hci_dev_unlock(hdev
);
1625 static u8
link_to_mgmt(u8 link_type
, u8 addr_type
)
1627 switch (link_type
) {
1629 switch (addr_type
) {
1630 case ADDR_LE_DEV_PUBLIC
:
1631 return MGMT_ADDR_LE_PUBLIC
;
1632 case ADDR_LE_DEV_RANDOM
:
1633 return MGMT_ADDR_LE_RANDOM
;
1635 return MGMT_ADDR_INVALID
;
1638 return MGMT_ADDR_BREDR
;
1640 return MGMT_ADDR_INVALID
;
1644 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1647 struct mgmt_rp_get_connections
*rp
;
1657 if (!hdev_is_powered(hdev
)) {
1658 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1659 MGMT_STATUS_NOT_POWERED
);
1664 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1665 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1669 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1670 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
1677 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1678 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1680 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1681 rp
->addr
[i
].type
= link_to_mgmt(c
->type
, c
->dst_type
);
1682 if (rp
->addr
[i
].type
== MGMT_ADDR_INVALID
)
1687 put_unaligned_le16(i
, &rp
->conn_count
);
1689 /* Recalculate length in case of filtered SCO connections, etc */
1690 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1692 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1698 hci_dev_unlock(hdev
);
1702 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1703 struct mgmt_cp_pin_code_neg_reply
*cp
)
1705 struct pending_cmd
*cmd
;
1708 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
1713 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
1714 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
1716 mgmt_pending_remove(cmd
);
1721 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1724 struct hci_conn
*conn
;
1725 struct mgmt_cp_pin_code_reply
*cp
= data
;
1726 struct hci_cp_pin_code_reply reply
;
1727 struct pending_cmd
*cmd
;
1734 if (!hdev_is_powered(hdev
)) {
1735 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1736 MGMT_STATUS_NOT_POWERED
);
1740 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
1742 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1743 MGMT_STATUS_NOT_CONNECTED
);
1747 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
1748 struct mgmt_cp_pin_code_neg_reply ncp
;
1750 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
1752 BT_ERR("PIN code is not 16 bytes long");
1754 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
1756 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
1757 MGMT_STATUS_INVALID_PARAMS
);
1762 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
1768 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
1769 reply
.pin_len
= cp
->pin_len
;
1770 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
1772 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
1774 mgmt_pending_remove(cmd
);
1777 hci_dev_unlock(hdev
);
1781 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
1782 void *data
, u16 len
)
1784 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
1791 if (!hdev_is_powered(hdev
)) {
1792 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
1793 MGMT_STATUS_NOT_POWERED
);
1797 err
= send_pin_code_neg_reply(sk
, hdev
, cp
);
1800 hci_dev_unlock(hdev
);
1804 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1807 struct mgmt_cp_set_io_capability
*cp
= data
;
1813 hdev
->io_capability
= cp
->io_capability
;
1815 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
1816 hdev
->io_capability
);
1818 hci_dev_unlock(hdev
);
1820 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
1824 static inline struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
1826 struct hci_dev
*hdev
= conn
->hdev
;
1827 struct pending_cmd
*cmd
;
1829 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1830 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
1833 if (cmd
->user_data
!= conn
)
1842 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
1844 struct mgmt_rp_pair_device rp
;
1845 struct hci_conn
*conn
= cmd
->user_data
;
1847 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
1848 rp
.addr
.type
= link_to_mgmt(conn
->type
, conn
->dst_type
);
1850 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
1853 /* So we don't get further callbacks for this connection */
1854 conn
->connect_cfm_cb
= NULL
;
1855 conn
->security_cfm_cb
= NULL
;
1856 conn
->disconn_cfm_cb
= NULL
;
1860 mgmt_pending_remove(cmd
);
1863 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
1865 struct pending_cmd
*cmd
;
1867 BT_DBG("status %u", status
);
1869 cmd
= find_pairing(conn
);
1871 BT_DBG("Unable to find a pending command");
1873 pairing_complete(cmd
, mgmt_status(status
));
1876 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1879 struct mgmt_cp_pair_device
*cp
= data
;
1880 struct mgmt_rp_pair_device rp
;
1881 struct pending_cmd
*cmd
;
1882 u8 sec_level
, auth_type
;
1883 struct hci_conn
*conn
;
1890 if (!hdev_is_powered(hdev
)) {
1891 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1892 MGMT_STATUS_NOT_POWERED
);
1896 sec_level
= BT_SECURITY_MEDIUM
;
1897 if (cp
->io_cap
== 0x03)
1898 auth_type
= HCI_AT_DEDICATED_BONDING
;
1900 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
1902 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1903 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
, sec_level
,
1906 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
, sec_level
,
1909 memset(&rp
, 0, sizeof(rp
));
1910 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1911 rp
.addr
.type
= cp
->addr
.type
;
1914 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1915 MGMT_STATUS_CONNECT_FAILED
, &rp
,
1920 if (conn
->connect_cfm_cb
) {
1922 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
1923 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1927 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
1934 /* For LE, just connecting isn't a proof that the pairing finished */
1935 if (cp
->addr
.type
== MGMT_ADDR_BREDR
)
1936 conn
->connect_cfm_cb
= pairing_complete_cb
;
1938 conn
->security_cfm_cb
= pairing_complete_cb
;
1939 conn
->disconn_cfm_cb
= pairing_complete_cb
;
1940 conn
->io_capability
= cp
->io_cap
;
1941 cmd
->user_data
= conn
;
1943 if (conn
->state
== BT_CONNECTED
&&
1944 hci_conn_security(conn
, sec_level
, auth_type
))
1945 pairing_complete(cmd
, 0);
1950 hci_dev_unlock(hdev
);
1954 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1957 struct mgmt_addr_info
*addr
= data
;
1958 struct pending_cmd
*cmd
;
1959 struct hci_conn
*conn
;
1966 if (!hdev_is_powered(hdev
)) {
1967 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1968 MGMT_STATUS_NOT_POWERED
);
1972 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
1974 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1975 MGMT_STATUS_INVALID_PARAMS
);
1979 conn
= cmd
->user_data
;
1981 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
1982 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
1983 MGMT_STATUS_INVALID_PARAMS
);
1987 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
1989 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
1990 addr
, sizeof(*addr
));
1992 hci_dev_unlock(hdev
);
1996 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
1997 bdaddr_t
*bdaddr
, u8 type
, u16 mgmt_op
,
1998 u16 hci_op
, __le32 passkey
)
2000 struct pending_cmd
*cmd
;
2001 struct hci_conn
*conn
;
2006 if (!hdev_is_powered(hdev
)) {
2007 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2008 MGMT_STATUS_NOT_POWERED
);
2012 if (type
== MGMT_ADDR_BREDR
)
2013 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, bdaddr
);
2015 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, bdaddr
);
2018 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2019 MGMT_STATUS_NOT_CONNECTED
);
2023 if (type
== MGMT_ADDR_LE_PUBLIC
|| type
== MGMT_ADDR_LE_RANDOM
) {
2024 /* Continue with pairing via SMP */
2025 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2028 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2029 MGMT_STATUS_SUCCESS
);
2031 err
= cmd_status(sk
, hdev
->id
, mgmt_op
,
2032 MGMT_STATUS_FAILED
);
2037 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, bdaddr
, sizeof(*bdaddr
));
2043 /* Continue with pairing via HCI */
2044 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2045 struct hci_cp_user_passkey_reply cp
;
2047 bacpy(&cp
.bdaddr
, bdaddr
);
2048 cp
.passkey
= passkey
;
2049 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2051 err
= hci_send_cmd(hdev
, hci_op
, sizeof(*bdaddr
), bdaddr
);
2054 mgmt_pending_remove(cmd
);
2057 hci_dev_unlock(hdev
);
2061 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2064 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2068 if (len
!= sizeof(*cp
))
2069 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2070 MGMT_STATUS_INVALID_PARAMS
);
2072 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2073 MGMT_OP_USER_CONFIRM_REPLY
,
2074 HCI_OP_USER_CONFIRM_REPLY
, 0);
2077 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2078 void *data
, u16 len
)
2080 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2084 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2085 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2086 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2089 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2092 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2096 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2097 MGMT_OP_USER_PASSKEY_REPLY
,
2098 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2101 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2102 void *data
, u16 len
)
2104 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2108 return user_pairing_resp(sk
, hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
,
2109 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2110 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2113 static int update_name(struct hci_dev
*hdev
, const char *name
)
2115 struct hci_cp_write_local_name cp
;
2117 memcpy(cp
.name
, name
, sizeof(cp
.name
));
2119 return hci_send_cmd(hdev
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2122 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2125 struct mgmt_cp_set_local_name
*cp
= data
;
2126 struct pending_cmd
*cmd
;
2133 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2135 if (!hdev_is_powered(hdev
)) {
2136 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2138 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2143 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2149 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2155 err
= update_name(hdev
, cp
->name
);
2157 mgmt_pending_remove(cmd
);
2160 hci_dev_unlock(hdev
);
2164 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2165 void *data
, u16 data_len
)
2167 struct pending_cmd
*cmd
;
2170 BT_DBG("%s", hdev
->name
);
2174 if (!hdev_is_powered(hdev
)) {
2175 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2176 MGMT_STATUS_NOT_POWERED
);
2180 if (!(hdev
->features
[6] & LMP_SIMPLE_PAIR
)) {
2181 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2182 MGMT_STATUS_NOT_SUPPORTED
);
2186 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2187 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2192 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2198 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2200 mgmt_pending_remove(cmd
);
2203 hci_dev_unlock(hdev
);
2207 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2208 void *data
, u16 len
)
2210 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2214 BT_DBG("%s ", hdev
->name
);
2218 if (!hdev_is_powered(hdev
)) {
2219 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
,
2220 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2225 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2228 status
= MGMT_STATUS_FAILED
;
2232 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2233 &cp
->addr
, sizeof(cp
->addr
));
2236 hci_dev_unlock(hdev
);
2240 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2241 void *data
, u16 len
)
2243 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2247 BT_DBG("%s", hdev
->name
);
2251 if (!hdev_is_powered(hdev
)) {
2252 err
= cmd_complete(sk
, hdev
->id
,
2253 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2254 MGMT_STATUS_NOT_POWERED
, &cp
->addr
,
2259 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2261 status
= MGMT_STATUS_INVALID_PARAMS
;
2265 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2266 status
, &cp
->addr
, sizeof(cp
->addr
));
2269 hci_dev_unlock(hdev
);
2273 int mgmt_interleaved_discovery(struct hci_dev
*hdev
)
2277 BT_DBG("%s", hdev
->name
);
2281 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR_LE
);
2283 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2285 hci_dev_unlock(hdev
);
2290 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2291 void *data
, u16 len
)
2293 struct mgmt_cp_start_discovery
*cp
= data
;
2294 struct pending_cmd
*cmd
;
2297 BT_DBG("%s", hdev
->name
);
2301 if (!hdev_is_powered(hdev
)) {
2302 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2303 MGMT_STATUS_NOT_POWERED
);
2307 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2308 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2313 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2319 hdev
->discovery
.type
= cp
->type
;
2321 switch (hdev
->discovery
.type
) {
2322 case DISCOV_TYPE_BREDR
:
2323 if (lmp_bredr_capable(hdev
))
2324 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR
);
2329 case DISCOV_TYPE_LE
:
2330 if (lmp_host_le_capable(hdev
))
2331 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2332 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_LE_ONLY
);
2337 case DISCOV_TYPE_INTERLEAVED
:
2338 if (lmp_host_le_capable(hdev
) && lmp_bredr_capable(hdev
))
2339 err
= hci_le_scan(hdev
, LE_SCAN_TYPE
, LE_SCAN_INT
,
2341 LE_SCAN_TIMEOUT_BREDR_LE
);
2351 mgmt_pending_remove(cmd
);
2353 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2356 hci_dev_unlock(hdev
);
2360 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2363 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2364 struct pending_cmd
*cmd
;
2365 struct hci_cp_remote_name_req_cancel cp
;
2366 struct inquiry_entry
*e
;
2369 BT_DBG("%s", hdev
->name
);
2373 if (!hci_discovery_active(hdev
)) {
2374 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2375 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2376 sizeof(mgmt_cp
->type
));
2380 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2381 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2382 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2383 sizeof(mgmt_cp
->type
));
2387 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2393 if (hdev
->discovery
.state
== DISCOVERY_FINDING
) {
2394 err
= hci_cancel_inquiry(hdev
);
2396 mgmt_pending_remove(cmd
);
2398 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2402 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
, NAME_PENDING
);
2404 mgmt_pending_remove(cmd
);
2405 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
, 0,
2406 &mgmt_cp
->type
, sizeof(mgmt_cp
->type
));
2407 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2411 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2412 err
= hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ_CANCEL
, sizeof(cp
),
2415 mgmt_pending_remove(cmd
);
2417 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2420 hci_dev_unlock(hdev
);
2424 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2427 struct mgmt_cp_confirm_name
*cp
= data
;
2428 struct inquiry_entry
*e
;
2431 BT_DBG("%s", hdev
->name
);
2435 if (!hci_discovery_active(hdev
)) {
2436 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2437 MGMT_STATUS_FAILED
);
2441 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2443 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2444 MGMT_STATUS_INVALID_PARAMS
);
2448 if (cp
->name_known
) {
2449 e
->name_state
= NAME_KNOWN
;
2452 e
->name_state
= NAME_NEEDED
;
2453 hci_inquiry_cache_update_resolve(hdev
, e
);
2459 hci_dev_unlock(hdev
);
2463 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2466 struct mgmt_cp_block_device
*cp
= data
;
2470 BT_DBG("%s", hdev
->name
);
2474 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2476 status
= MGMT_STATUS_FAILED
;
2480 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
2481 &cp
->addr
, sizeof(cp
->addr
));
2483 hci_dev_unlock(hdev
);
2488 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2491 struct mgmt_cp_unblock_device
*cp
= data
;
2495 BT_DBG("%s", hdev
->name
);
2499 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2501 status
= MGMT_STATUS_INVALID_PARAMS
;
2505 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
2506 &cp
->addr
, sizeof(cp
->addr
));
2508 hci_dev_unlock(hdev
);
2513 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
2514 void *data
, u16 len
)
2516 struct mgmt_mode
*cp
= data
;
2517 struct hci_cp_write_page_scan_activity acp
;
2521 BT_DBG("%s", hdev
->name
);
2523 if (!hdev_is_powered(hdev
))
2524 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2525 MGMT_STATUS_NOT_POWERED
);
2527 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2528 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2529 MGMT_STATUS_REJECTED
);
2534 type
= PAGE_SCAN_TYPE_INTERLACED
;
2536 /* 22.5 msec page scan interval */
2537 acp
.interval
= __constant_cpu_to_le16(0x0024);
2539 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
2541 /* default 1.28 sec page scan */
2542 acp
.interval
= __constant_cpu_to_le16(0x0800);
2545 /* default 11.25 msec page scan window */
2546 acp
.window
= __constant_cpu_to_le16(0x0012);
2548 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
, sizeof(acp
),
2551 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2552 MGMT_STATUS_FAILED
);
2556 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
2558 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2559 MGMT_STATUS_FAILED
);
2563 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
, 0,
2566 hci_dev_unlock(hdev
);
2570 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
2571 void *cp_data
, u16 len
)
2573 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
2574 u16 key_count
, expected_len
;
2577 key_count
= get_unaligned_le16(&cp
->key_count
);
2579 expected_len
= sizeof(*cp
) + key_count
*
2580 sizeof(struct mgmt_ltk_info
);
2581 if (expected_len
!= len
) {
2582 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2584 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
2588 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
2592 hci_smp_ltks_clear(hdev
);
2594 for (i
= 0; i
< key_count
; i
++) {
2595 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
2601 type
= HCI_SMP_LTK_SLAVE
;
2603 hci_add_ltk(hdev
, &key
->addr
.bdaddr
, key
->addr
.type
,
2604 type
, 0, key
->authenticated
, key
->val
,
2605 key
->enc_size
, key
->ediv
, key
->rand
);
2608 hci_dev_unlock(hdev
);
2613 struct mgmt_handler
{
2614 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2618 } mgmt_handlers
[] = {
2619 { NULL
}, /* 0x0000 (no command) */
2620 { read_version
, false, MGMT_READ_VERSION_SIZE
},
2621 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
2622 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
2623 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
2624 { set_powered
, false, MGMT_SETTING_SIZE
},
2625 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
2626 { set_connectable
, false, MGMT_SETTING_SIZE
},
2627 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
2628 { set_pairable
, false, MGMT_SETTING_SIZE
},
2629 { set_link_security
, false, MGMT_SETTING_SIZE
},
2630 { set_ssp
, false, MGMT_SETTING_SIZE
},
2631 { set_hs
, false, MGMT_SETTING_SIZE
},
2632 { set_le
, false, MGMT_SETTING_SIZE
},
2633 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
2634 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
2635 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
2636 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
2637 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
2638 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
2639 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
2640 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
2641 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
2642 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
2643 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
2644 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
2645 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
2646 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
2647 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
2648 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
2649 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
2650 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
2651 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
2652 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
2653 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
2654 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
2655 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
2656 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
2657 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
2658 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
2662 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
2666 struct mgmt_hdr
*hdr
;
2667 u16 opcode
, index
, len
;
2668 struct hci_dev
*hdev
= NULL
;
2669 struct mgmt_handler
*handler
;
2672 BT_DBG("got %zu bytes", msglen
);
2674 if (msglen
< sizeof(*hdr
))
2677 buf
= kmalloc(msglen
, GFP_KERNEL
);
2681 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
2687 opcode
= get_unaligned_le16(&hdr
->opcode
);
2688 index
= get_unaligned_le16(&hdr
->index
);
2689 len
= get_unaligned_le16(&hdr
->len
);
2691 if (len
!= msglen
- sizeof(*hdr
)) {
2696 if (index
!= MGMT_INDEX_NONE
) {
2697 hdev
= hci_dev_get(index
);
2699 err
= cmd_status(sk
, index
, opcode
,
2700 MGMT_STATUS_INVALID_INDEX
);
2705 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
2706 mgmt_handlers
[opcode
].func
== NULL
) {
2707 BT_DBG("Unknown op %u", opcode
);
2708 err
= cmd_status(sk
, index
, opcode
,
2709 MGMT_STATUS_UNKNOWN_COMMAND
);
2713 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
2714 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
2715 err
= cmd_status(sk
, index
, opcode
,
2716 MGMT_STATUS_INVALID_INDEX
);
2720 handler
= &mgmt_handlers
[opcode
];
2722 if ((handler
->var_len
&& len
< handler
->data_len
) ||
2723 (!handler
->var_len
&& len
!= handler
->data_len
)) {
2724 err
= cmd_status(sk
, index
, opcode
,
2725 MGMT_STATUS_INVALID_PARAMS
);
2730 mgmt_init_hdev(sk
, hdev
);
2732 cp
= buf
+ sizeof(*hdr
);
2734 err
= handler
->func(sk
, hdev
, cp
, len
);
2748 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
2752 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
2753 mgmt_pending_remove(cmd
);
2756 int mgmt_index_added(struct hci_dev
*hdev
)
2758 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
2761 int mgmt_index_removed(struct hci_dev
*hdev
)
2763 u8 status
= MGMT_STATUS_INVALID_INDEX
;
2765 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2767 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
2772 struct hci_dev
*hdev
;
2776 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
2778 struct cmd_lookup
*match
= data
;
2780 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
2782 list_del(&cmd
->list
);
2784 if (match
->sk
== NULL
) {
2785 match
->sk
= cmd
->sk
;
2786 sock_hold(match
->sk
);
2789 mgmt_pending_free(cmd
);
2792 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
2794 struct cmd_lookup match
= { NULL
, hdev
};
2797 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
2800 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
2805 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2807 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2808 scan
|= SCAN_INQUIRY
;
2811 hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
2814 update_name(hdev
, hdev
->dev_name
);
2817 u8 status
= MGMT_STATUS_NOT_POWERED
;
2818 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
2821 err
= new_settings(hdev
, match
.sk
);
2829 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
2831 struct cmd_lookup match
= { NULL
, hdev
};
2832 bool changed
= false;
2836 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2839 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
2843 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
2847 err
= new_settings(hdev
, match
.sk
);
2855 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
2857 struct cmd_lookup match
= { NULL
, hdev
};
2858 bool changed
= false;
2862 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2865 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
2869 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
, settings_rsp
,
2873 err
= new_settings(hdev
, match
.sk
);
2881 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
2883 u8 mgmt_err
= mgmt_status(status
);
2885 if (scan
& SCAN_PAGE
)
2886 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
2887 cmd_status_rsp
, &mgmt_err
);
2889 if (scan
& SCAN_INQUIRY
)
2890 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
2891 cmd_status_rsp
, &mgmt_err
);
2896 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
, bool persistent
)
2898 struct mgmt_ev_new_link_key ev
;
2900 memset(&ev
, 0, sizeof(ev
));
2902 ev
.store_hint
= persistent
;
2903 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
2904 ev
.key
.addr
.type
= MGMT_ADDR_BREDR
;
2905 ev
.key
.type
= key
->type
;
2906 memcpy(ev
.key
.val
, key
->val
, 16);
2907 ev
.key
.pin_len
= key
->pin_len
;
2909 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
2912 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
2914 struct mgmt_ev_new_long_term_key ev
;
2916 memset(&ev
, 0, sizeof(ev
));
2918 ev
.store_hint
= persistent
;
2919 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
2920 ev
.key
.addr
.type
= key
->bdaddr_type
;
2921 ev
.key
.authenticated
= key
->authenticated
;
2922 ev
.key
.enc_size
= key
->enc_size
;
2923 ev
.key
.ediv
= key
->ediv
;
2925 if (key
->type
== HCI_SMP_LTK
)
2928 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
2929 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
2931 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
2935 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
2936 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
2940 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
2943 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
2944 ev
->addr
.type
= link_to_mgmt(link_type
, addr_type
);
2946 ev
->flags
= __cpu_to_le32(flags
);
2949 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
2952 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
2953 eir_len
= eir_append_data(ev
->eir
, eir_len
,
2954 EIR_CLASS_OF_DEV
, dev_class
, 3);
2956 put_unaligned_le16(eir_len
, &ev
->eir_len
);
2958 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
2959 sizeof(*ev
) + eir_len
, NULL
);
2962 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
2964 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
2965 struct sock
**sk
= data
;
2966 struct mgmt_rp_disconnect rp
;
2968 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2969 rp
.addr
.type
= cp
->addr
.type
;
2971 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
2977 mgmt_pending_remove(cmd
);
2980 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
2982 struct hci_dev
*hdev
= data
;
2983 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
2984 struct mgmt_rp_unpair_device rp
;
2986 memset(&rp
, 0, sizeof(rp
));
2987 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2988 rp
.addr
.type
= cp
->addr
.type
;
2990 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
2992 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
2994 mgmt_pending_remove(cmd
);
2997 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
2998 u8 link_type
, u8 addr_type
)
3000 struct mgmt_addr_info ev
;
3001 struct sock
*sk
= NULL
;
3004 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
3006 bacpy(&ev
.bdaddr
, bdaddr
);
3007 ev
.type
= link_to_mgmt(link_type
, addr_type
);
3009 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3015 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3021 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3022 u8 link_type
, u8 addr_type
, u8 status
)
3024 struct mgmt_rp_disconnect rp
;
3025 struct pending_cmd
*cmd
;
3028 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3032 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3033 rp
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3035 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3036 mgmt_status(status
), &rp
, sizeof(rp
));
3038 mgmt_pending_remove(cmd
);
3040 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3045 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3046 u8 addr_type
, u8 status
)
3048 struct mgmt_ev_connect_failed ev
;
3050 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3051 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3052 ev
.status
= mgmt_status(status
);
3054 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3057 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3059 struct mgmt_ev_pin_code_request ev
;
3061 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3062 ev
.addr
.type
= MGMT_ADDR_BREDR
;
3065 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3069 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3072 struct pending_cmd
*cmd
;
3073 struct mgmt_rp_pin_code_reply rp
;
3076 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3080 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3081 rp
.addr
.type
= MGMT_ADDR_BREDR
;
3083 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3084 mgmt_status(status
), &rp
, sizeof(rp
));
3086 mgmt_pending_remove(cmd
);
3091 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3094 struct pending_cmd
*cmd
;
3095 struct mgmt_rp_pin_code_reply rp
;
3098 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3102 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3103 rp
.addr
.type
= MGMT_ADDR_BREDR
;
3105 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3106 mgmt_status(status
), &rp
, sizeof(rp
));
3108 mgmt_pending_remove(cmd
);
3113 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3114 u8 link_type
, u8 addr_type
, __le32 value
,
3117 struct mgmt_ev_user_confirm_request ev
;
3119 BT_DBG("%s", hdev
->name
);
3121 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3122 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3123 ev
.confirm_hint
= confirm_hint
;
3126 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3130 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3131 u8 link_type
, u8 addr_type
)
3133 struct mgmt_ev_user_passkey_request ev
;
3135 BT_DBG("%s", hdev
->name
);
3137 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3138 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3140 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3144 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3145 u8 link_type
, u8 addr_type
, u8 status
,
3148 struct pending_cmd
*cmd
;
3149 struct mgmt_rp_user_confirm_reply rp
;
3152 cmd
= mgmt_pending_find(opcode
, hdev
);
3156 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3157 rp
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3158 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3161 mgmt_pending_remove(cmd
);
3166 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3167 u8 link_type
, u8 addr_type
, u8 status
)
3169 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3170 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3173 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3174 u8 link_type
, u8 addr_type
, u8 status
)
3176 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3177 status
, MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3180 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3181 u8 link_type
, u8 addr_type
, u8 status
)
3183 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3184 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3187 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3188 u8 link_type
, u8 addr_type
, u8 status
)
3190 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3191 status
, MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3194 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3195 u8 addr_type
, u8 status
)
3197 struct mgmt_ev_auth_failed ev
;
3199 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3200 ev
.addr
.type
= link_to_mgmt(link_type
, addr_type
);
3201 ev
.status
= mgmt_status(status
);
3203 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3206 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3208 struct cmd_lookup match
= { NULL
, hdev
};
3209 bool changed
= false;
3213 u8 mgmt_err
= mgmt_status(status
);
3214 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3215 cmd_status_rsp
, &mgmt_err
);
3219 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3220 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3223 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3227 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3231 err
= new_settings(hdev
, match
.sk
);
3239 static int clear_eir(struct hci_dev
*hdev
)
3241 struct hci_cp_write_eir cp
;
3243 if (!(hdev
->features
[6] & LMP_EXT_INQ
))
3246 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3248 memset(&cp
, 0, sizeof(cp
));
3250 return hci_send_cmd(hdev
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
3253 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3255 struct cmd_lookup match
= { NULL
, hdev
};
3256 bool changed
= false;
3260 u8 mgmt_err
= mgmt_status(status
);
3262 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
3264 err
= new_settings(hdev
, NULL
);
3266 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
3273 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3276 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3280 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
3283 err
= new_settings(hdev
, match
.sk
);
3288 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3296 static void class_rsp(struct pending_cmd
*cmd
, void *data
)
3298 struct cmd_lookup
*match
= data
;
3300 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, match
->mgmt_status
,
3301 match
->hdev
->dev_class
, 3);
3303 list_del(&cmd
->list
);
3305 if (match
->sk
== NULL
) {
3306 match
->sk
= cmd
->sk
;
3307 sock_hold(match
->sk
);
3310 mgmt_pending_free(cmd
);
3313 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
3316 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
3319 clear_bit(HCI_PENDING_CLASS
, &hdev
->dev_flags
);
3321 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, class_rsp
, &match
);
3322 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, class_rsp
, &match
);
3323 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, class_rsp
, &match
);
3326 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
3335 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
3337 struct pending_cmd
*cmd
;
3338 struct mgmt_cp_set_local_name ev
;
3339 bool changed
= false;
3342 if (memcmp(name
, hdev
->dev_name
, sizeof(hdev
->dev_name
)) != 0) {
3343 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
3347 memset(&ev
, 0, sizeof(ev
));
3348 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
3349 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
3351 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3355 /* Always assume that either the short or the complete name has
3356 * changed if there was a pending mgmt command */
3360 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
3361 mgmt_status(status
));
3365 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0, &ev
,
3372 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
,
3373 sizeof(ev
), cmd
? cmd
->sk
: NULL
);
3379 mgmt_pending_remove(cmd
);
3383 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
3384 u8
*randomizer
, u8 status
)
3386 struct pending_cmd
*cmd
;
3389 BT_DBG("%s status %u", hdev
->name
, status
);
3391 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3396 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3397 mgmt_status(status
));
3399 struct mgmt_rp_read_local_oob_data rp
;
3401 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
3402 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
3404 err
= cmd_complete(cmd
->sk
, hdev
->id
,
3405 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
3409 mgmt_pending_remove(cmd
);
3414 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3416 struct cmd_lookup match
= { NULL
, hdev
};
3417 bool changed
= false;
3421 u8 mgmt_err
= mgmt_status(status
);
3423 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
3425 err
= new_settings(hdev
, NULL
);
3427 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
,
3428 cmd_status_rsp
, &mgmt_err
);
3434 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3437 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
3441 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
3444 err
= new_settings(hdev
, match
.sk
);
3452 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3453 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
3454 ssp
, u8
*eir
, u16 eir_len
)
3457 struct mgmt_ev_device_found
*ev
= (void *) buf
;
3460 /* Leave 5 bytes for a potential CoD field */
3461 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
3464 memset(buf
, 0, sizeof(buf
));
3466 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3467 ev
->addr
.type
= link_to_mgmt(link_type
, addr_type
);
3470 ev
->flags
[0] |= MGMT_DEV_FOUND_CONFIRM_NAME
;
3472 ev
->flags
[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING
;
3475 memcpy(ev
->eir
, eir
, eir_len
);
3477 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
3478 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
3481 put_unaligned_le16(eir_len
, &ev
->eir_len
);
3483 ev_size
= sizeof(*ev
) + eir_len
;
3485 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
3488 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3489 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
3491 struct mgmt_ev_device_found
*ev
;
3492 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
3495 ev
= (struct mgmt_ev_device_found
*) buf
;
3497 memset(buf
, 0, sizeof(buf
));
3499 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3500 ev
->addr
.type
= link_to_mgmt(link_type
, addr_type
);
3503 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
3506 put_unaligned_le16(eir_len
, &ev
->eir_len
);
3508 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
3509 sizeof(*ev
) + eir_len
, NULL
);
3512 int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3514 struct pending_cmd
*cmd
;
3518 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
3520 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3524 type
= hdev
->discovery
.type
;
3526 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3527 &type
, sizeof(type
));
3528 mgmt_pending_remove(cmd
);
3533 int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
3535 struct pending_cmd
*cmd
;
3538 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3542 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
3543 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
3544 mgmt_pending_remove(cmd
);
3549 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
3551 struct mgmt_ev_discovering ev
;
3552 struct pending_cmd
*cmd
;
3554 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
3557 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
3559 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
3562 u8 type
= hdev
->discovery
.type
;
3564 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
3566 mgmt_pending_remove(cmd
);
3569 memset(&ev
, 0, sizeof(ev
));
3570 ev
.type
= hdev
->discovery
.type
;
3571 ev
.discovering
= discovering
;
3573 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
3576 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3578 struct pending_cmd
*cmd
;
3579 struct mgmt_ev_device_blocked ev
;
3581 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
3583 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3584 ev
.addr
.type
= type
;
3586 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
3587 cmd
? cmd
->sk
: NULL
);
3590 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
3592 struct pending_cmd
*cmd
;
3593 struct mgmt_ev_device_unblocked ev
;
3595 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
3597 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3598 ev
.addr
.type
= type
;
3600 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
3601 cmd
? cmd
->sk
: NULL
);
3604 module_param(enable_hs
, bool, 0644);
3605 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");
3607 module_param(enable_le
, bool, 0644);
3608 MODULE_PARM_DESC(enable_le
, "Enable Low Energy support");
projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob