2 BlueZ - Bluetooth protocol stack for Linux
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI Management interface */
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 3
40 static const u16 mgmt_commands
[] = {
41 MGMT_OP_READ_INDEX_LIST
,
44 MGMT_OP_SET_DISCOVERABLE
,
45 MGMT_OP_SET_CONNECTABLE
,
46 MGMT_OP_SET_FAST_CONNECTABLE
,
48 MGMT_OP_SET_LINK_SECURITY
,
52 MGMT_OP_SET_DEV_CLASS
,
53 MGMT_OP_SET_LOCAL_NAME
,
56 MGMT_OP_LOAD_LINK_KEYS
,
57 MGMT_OP_LOAD_LONG_TERM_KEYS
,
59 MGMT_OP_GET_CONNECTIONS
,
60 MGMT_OP_PIN_CODE_REPLY
,
61 MGMT_OP_PIN_CODE_NEG_REPLY
,
62 MGMT_OP_SET_IO_CAPABILITY
,
64 MGMT_OP_CANCEL_PAIR_DEVICE
,
65 MGMT_OP_UNPAIR_DEVICE
,
66 MGMT_OP_USER_CONFIRM_REPLY
,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
68 MGMT_OP_USER_PASSKEY_REPLY
,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
70 MGMT_OP_READ_LOCAL_OOB_DATA
,
71 MGMT_OP_ADD_REMOTE_OOB_DATA
,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
73 MGMT_OP_START_DISCOVERY
,
74 MGMT_OP_STOP_DISCOVERY
,
77 MGMT_OP_UNBLOCK_DEVICE
,
78 MGMT_OP_SET_DEVICE_ID
,
81 static const u16 mgmt_events
[] = {
82 MGMT_EV_CONTROLLER_ERROR
,
84 MGMT_EV_INDEX_REMOVED
,
86 MGMT_EV_CLASS_OF_DEV_CHANGED
,
87 MGMT_EV_LOCAL_NAME_CHANGED
,
89 MGMT_EV_NEW_LONG_TERM_KEY
,
90 MGMT_EV_DEVICE_CONNECTED
,
91 MGMT_EV_DEVICE_DISCONNECTED
,
92 MGMT_EV_CONNECT_FAILED
,
93 MGMT_EV_PIN_CODE_REQUEST
,
94 MGMT_EV_USER_CONFIRM_REQUEST
,
95 MGMT_EV_USER_PASSKEY_REQUEST
,
99 MGMT_EV_DEVICE_BLOCKED
,
100 MGMT_EV_DEVICE_UNBLOCKED
,
101 MGMT_EV_DEVICE_UNPAIRED
,
102 MGMT_EV_PASSKEY_NOTIFY
,
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
109 #define LE_SCAN_WIN 0x12
110 #define LE_SCAN_INT 0x12
111 #define LE_SCAN_TIMEOUT_LE_ONLY msecs_to_jiffies(10240)
112 #define LE_SCAN_TIMEOUT_BREDR_LE msecs_to_jiffies(5120)
114 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
115 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
117 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123 struct list_head list
;
131 /* HCI to MGMT error code conversion table */
132 static u8 mgmt_status_table
[] = {
134 MGMT_STATUS_UNKNOWN_COMMAND
, /* Unknown Command */
135 MGMT_STATUS_NOT_CONNECTED
, /* No Connection */
136 MGMT_STATUS_FAILED
, /* Hardware Failure */
137 MGMT_STATUS_CONNECT_FAILED
, /* Page Timeout */
138 MGMT_STATUS_AUTH_FAILED
, /* Authentication Failed */
139 MGMT_STATUS_NOT_PAIRED
, /* PIN or Key Missing */
140 MGMT_STATUS_NO_RESOURCES
, /* Memory Full */
141 MGMT_STATUS_TIMEOUT
, /* Connection Timeout */
142 MGMT_STATUS_NO_RESOURCES
, /* Max Number of Connections */
143 MGMT_STATUS_NO_RESOURCES
, /* Max Number of SCO Connections */
144 MGMT_STATUS_ALREADY_CONNECTED
, /* ACL Connection Exists */
145 MGMT_STATUS_BUSY
, /* Command Disallowed */
146 MGMT_STATUS_NO_RESOURCES
, /* Rejected Limited Resources */
147 MGMT_STATUS_REJECTED
, /* Rejected Security */
148 MGMT_STATUS_REJECTED
, /* Rejected Personal */
149 MGMT_STATUS_TIMEOUT
, /* Host Timeout */
150 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Feature */
151 MGMT_STATUS_INVALID_PARAMS
, /* Invalid Parameters */
152 MGMT_STATUS_DISCONNECTED
, /* OE User Ended Connection */
153 MGMT_STATUS_NO_RESOURCES
, /* OE Low Resources */
154 MGMT_STATUS_DISCONNECTED
, /* OE Power Off */
155 MGMT_STATUS_DISCONNECTED
, /* Connection Terminated */
156 MGMT_STATUS_BUSY
, /* Repeated Attempts */
157 MGMT_STATUS_REJECTED
, /* Pairing Not Allowed */
158 MGMT_STATUS_FAILED
, /* Unknown LMP PDU */
159 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported Remote Feature */
160 MGMT_STATUS_REJECTED
, /* SCO Offset Rejected */
161 MGMT_STATUS_REJECTED
, /* SCO Interval Rejected */
162 MGMT_STATUS_REJECTED
, /* Air Mode Rejected */
163 MGMT_STATUS_INVALID_PARAMS
, /* Invalid LMP Parameters */
164 MGMT_STATUS_FAILED
, /* Unspecified Error */
165 MGMT_STATUS_NOT_SUPPORTED
, /* Unsupported LMP Parameter Value */
166 MGMT_STATUS_FAILED
, /* Role Change Not Allowed */
167 MGMT_STATUS_TIMEOUT
, /* LMP Response Timeout */
168 MGMT_STATUS_FAILED
, /* LMP Error Transaction Collision */
169 MGMT_STATUS_FAILED
, /* LMP PDU Not Allowed */
170 MGMT_STATUS_REJECTED
, /* Encryption Mode Not Accepted */
171 MGMT_STATUS_FAILED
, /* Unit Link Key Used */
172 MGMT_STATUS_NOT_SUPPORTED
, /* QoS Not Supported */
173 MGMT_STATUS_TIMEOUT
, /* Instant Passed */
174 MGMT_STATUS_NOT_SUPPORTED
, /* Pairing Not Supported */
175 MGMT_STATUS_FAILED
, /* Transaction Collision */
176 MGMT_STATUS_INVALID_PARAMS
, /* Unacceptable Parameter */
177 MGMT_STATUS_REJECTED
, /* QoS Rejected */
178 MGMT_STATUS_NOT_SUPPORTED
, /* Classification Not Supported */
179 MGMT_STATUS_REJECTED
, /* Insufficient Security */
180 MGMT_STATUS_INVALID_PARAMS
, /* Parameter Out Of Range */
181 MGMT_STATUS_BUSY
, /* Role Switch Pending */
182 MGMT_STATUS_FAILED
, /* Slot Violation */
183 MGMT_STATUS_FAILED
, /* Role Switch Failed */
184 MGMT_STATUS_INVALID_PARAMS
, /* EIR Too Large */
185 MGMT_STATUS_NOT_SUPPORTED
, /* Simple Pairing Not Supported */
186 MGMT_STATUS_BUSY
, /* Host Busy Pairing */
187 MGMT_STATUS_REJECTED
, /* Rejected, No Suitable Channel */
188 MGMT_STATUS_BUSY
, /* Controller Busy */
189 MGMT_STATUS_INVALID_PARAMS
, /* Unsuitable Connection Interval */
190 MGMT_STATUS_TIMEOUT
, /* Directed Advertising Timeout */
191 MGMT_STATUS_AUTH_FAILED
, /* Terminated Due to MIC Failure */
192 MGMT_STATUS_CONNECT_FAILED
, /* Connection Establishment Failed */
193 MGMT_STATUS_CONNECT_FAILED
, /* MAC Connection Failed */
196 bool mgmt_valid_hdev(struct hci_dev
*hdev
)
198 return hdev
->dev_type
== HCI_BREDR
;
201 static u8
mgmt_status(u8 hci_status
)
203 if (hci_status
< ARRAY_SIZE(mgmt_status_table
))
204 return mgmt_status_table
[hci_status
];
206 return MGMT_STATUS_FAILED
;
209 static int cmd_status(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
)
212 struct mgmt_hdr
*hdr
;
213 struct mgmt_ev_cmd_status
*ev
;
216 BT_DBG("sock %p, index %u, cmd %u, status %u", sk
, index
, cmd
, status
);
218 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
), GFP_KERNEL
);
222 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
224 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_STATUS
);
225 hdr
->index
= cpu_to_le16(index
);
226 hdr
->len
= cpu_to_le16(sizeof(*ev
));
228 ev
= (void *) skb_put(skb
, sizeof(*ev
));
230 ev
->opcode
= cpu_to_le16(cmd
);
232 err
= sock_queue_rcv_skb(sk
, skb
);
239 static int cmd_complete(struct sock
*sk
, u16 index
, u16 cmd
, u8 status
,
240 void *rp
, size_t rp_len
)
243 struct mgmt_hdr
*hdr
;
244 struct mgmt_ev_cmd_complete
*ev
;
247 BT_DBG("sock %p", sk
);
249 skb
= alloc_skb(sizeof(*hdr
) + sizeof(*ev
) + rp_len
, GFP_KERNEL
);
253 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
255 hdr
->opcode
= __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE
);
256 hdr
->index
= cpu_to_le16(index
);
257 hdr
->len
= cpu_to_le16(sizeof(*ev
) + rp_len
);
259 ev
= (void *) skb_put(skb
, sizeof(*ev
) + rp_len
);
260 ev
->opcode
= cpu_to_le16(cmd
);
264 memcpy(ev
->data
, rp
, rp_len
);
266 err
= sock_queue_rcv_skb(sk
, skb
);
273 static int read_version(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
276 struct mgmt_rp_read_version rp
;
278 BT_DBG("sock %p", sk
);
280 rp
.version
= MGMT_VERSION
;
281 rp
.revision
= __constant_cpu_to_le16(MGMT_REVISION
);
283 return cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_VERSION
, 0, &rp
,
287 static int read_commands(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
290 struct mgmt_rp_read_commands
*rp
;
291 const u16 num_commands
= ARRAY_SIZE(mgmt_commands
);
292 const u16 num_events
= ARRAY_SIZE(mgmt_events
);
297 BT_DBG("sock %p", sk
);
299 rp_size
= sizeof(*rp
) + ((num_commands
+ num_events
) * sizeof(u16
));
301 rp
= kmalloc(rp_size
, GFP_KERNEL
);
305 rp
->num_commands
= __constant_cpu_to_le16(num_commands
);
306 rp
->num_events
= __constant_cpu_to_le16(num_events
);
308 for (i
= 0, opcode
= rp
->opcodes
; i
< num_commands
; i
++, opcode
++)
309 put_unaligned_le16(mgmt_commands
[i
], opcode
);
311 for (i
= 0; i
< num_events
; i
++, opcode
++)
312 put_unaligned_le16(mgmt_events
[i
], opcode
);
314 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_COMMANDS
, 0, rp
,
321 static int read_index_list(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
324 struct mgmt_rp_read_index_list
*rp
;
330 BT_DBG("sock %p", sk
);
332 read_lock(&hci_dev_list_lock
);
335 list_for_each_entry(d
, &hci_dev_list
, list
) {
336 if (!mgmt_valid_hdev(d
))
342 rp_len
= sizeof(*rp
) + (2 * count
);
343 rp
= kmalloc(rp_len
, GFP_ATOMIC
);
345 read_unlock(&hci_dev_list_lock
);
350 list_for_each_entry(d
, &hci_dev_list
, list
) {
351 if (test_bit(HCI_SETUP
, &d
->dev_flags
))
354 if (!mgmt_valid_hdev(d
))
357 rp
->index
[count
++] = cpu_to_le16(d
->id
);
358 BT_DBG("Added hci%u", d
->id
);
361 rp
->num_controllers
= cpu_to_le16(count
);
362 rp_len
= sizeof(*rp
) + (2 * count
);
364 read_unlock(&hci_dev_list_lock
);
366 err
= cmd_complete(sk
, MGMT_INDEX_NONE
, MGMT_OP_READ_INDEX_LIST
, 0, rp
,
374 static u32
get_supported_settings(struct hci_dev
*hdev
)
378 settings
|= MGMT_SETTING_POWERED
;
379 settings
|= MGMT_SETTING_PAIRABLE
;
381 if (lmp_ssp_capable(hdev
))
382 settings
|= MGMT_SETTING_SSP
;
384 if (lmp_bredr_capable(hdev
)) {
385 settings
|= MGMT_SETTING_CONNECTABLE
;
386 if (hdev
->hci_ver
>= BLUETOOTH_VER_1_2
)
387 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
388 settings
|= MGMT_SETTING_DISCOVERABLE
;
389 settings
|= MGMT_SETTING_BREDR
;
390 settings
|= MGMT_SETTING_LINK_SECURITY
;
394 settings
|= MGMT_SETTING_HS
;
396 if (lmp_le_capable(hdev
))
397 settings
|= MGMT_SETTING_LE
;
402 static u32
get_current_settings(struct hci_dev
*hdev
)
406 if (hdev_is_powered(hdev
))
407 settings
|= MGMT_SETTING_POWERED
;
409 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
410 settings
|= MGMT_SETTING_CONNECTABLE
;
412 if (test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
413 settings
|= MGMT_SETTING_FAST_CONNECTABLE
;
415 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
416 settings
|= MGMT_SETTING_DISCOVERABLE
;
418 if (test_bit(HCI_PAIRABLE
, &hdev
->dev_flags
))
419 settings
|= MGMT_SETTING_PAIRABLE
;
421 if (lmp_bredr_capable(hdev
))
422 settings
|= MGMT_SETTING_BREDR
;
424 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
425 settings
|= MGMT_SETTING_LE
;
427 if (test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
428 settings
|= MGMT_SETTING_LINK_SECURITY
;
430 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
431 settings
|= MGMT_SETTING_SSP
;
433 if (test_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
))
434 settings
|= MGMT_SETTING_HS
;
439 #define PNP_INFO_SVCLASS_ID 0x1200
441 static u8
*create_uuid16_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
443 u8
*ptr
= data
, *uuids_start
= NULL
;
444 struct bt_uuid
*uuid
;
449 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
452 if (uuid
->size
!= 16)
455 uuid16
= get_unaligned_le16(&uuid
->uuid
[12]);
459 if (uuid16
== PNP_INFO_SVCLASS_ID
)
465 uuids_start
[1] = EIR_UUID16_ALL
;
469 /* Stop if not enough space to put next UUID */
470 if ((ptr
- data
) + sizeof(u16
) > len
) {
471 uuids_start
[1] = EIR_UUID16_SOME
;
475 *ptr
++ = (uuid16
& 0x00ff);
476 *ptr
++ = (uuid16
& 0xff00) >> 8;
477 uuids_start
[0] += sizeof(uuid16
);
483 static u8
*create_uuid32_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
485 u8
*ptr
= data
, *uuids_start
= NULL
;
486 struct bt_uuid
*uuid
;
491 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
492 if (uuid
->size
!= 32)
498 uuids_start
[1] = EIR_UUID32_ALL
;
502 /* Stop if not enough space to put next UUID */
503 if ((ptr
- data
) + sizeof(u32
) > len
) {
504 uuids_start
[1] = EIR_UUID32_SOME
;
508 memcpy(ptr
, &uuid
->uuid
[12], sizeof(u32
));
510 uuids_start
[0] += sizeof(u32
);
516 static u8
*create_uuid128_list(struct hci_dev
*hdev
, u8
*data
, ptrdiff_t len
)
518 u8
*ptr
= data
, *uuids_start
= NULL
;
519 struct bt_uuid
*uuid
;
524 list_for_each_entry(uuid
, &hdev
->uuids
, list
) {
525 if (uuid
->size
!= 128)
531 uuids_start
[1] = EIR_UUID128_ALL
;
535 /* Stop if not enough space to put next UUID */
536 if ((ptr
- data
) + 16 > len
) {
537 uuids_start
[1] = EIR_UUID128_SOME
;
541 memcpy(ptr
, uuid
->uuid
, 16);
543 uuids_start
[0] += 16;
549 static void create_eir(struct hci_dev
*hdev
, u8
*data
)
554 name_len
= strlen(hdev
->dev_name
);
560 ptr
[1] = EIR_NAME_SHORT
;
562 ptr
[1] = EIR_NAME_COMPLETE
;
564 /* EIR Data length */
565 ptr
[0] = name_len
+ 1;
567 memcpy(ptr
+ 2, hdev
->dev_name
, name_len
);
569 ptr
+= (name_len
+ 2);
572 if (hdev
->inq_tx_power
!= HCI_TX_POWER_INVALID
) {
574 ptr
[1] = EIR_TX_POWER
;
575 ptr
[2] = (u8
) hdev
->inq_tx_power
;
580 if (hdev
->devid_source
> 0) {
582 ptr
[1] = EIR_DEVICE_ID
;
584 put_unaligned_le16(hdev
->devid_source
, ptr
+ 2);
585 put_unaligned_le16(hdev
->devid_vendor
, ptr
+ 4);
586 put_unaligned_le16(hdev
->devid_product
, ptr
+ 6);
587 put_unaligned_le16(hdev
->devid_version
, ptr
+ 8);
592 ptr
= create_uuid16_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
593 ptr
= create_uuid32_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
594 ptr
= create_uuid128_list(hdev
, ptr
, HCI_MAX_EIR_LENGTH
- (ptr
- data
));
597 static void update_eir(struct hci_request
*req
)
599 struct hci_dev
*hdev
= req
->hdev
;
600 struct hci_cp_write_eir cp
;
602 if (!hdev_is_powered(hdev
))
605 if (!lmp_ext_inq_capable(hdev
))
608 if (!test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
611 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
614 memset(&cp
, 0, sizeof(cp
));
616 create_eir(hdev
, cp
.data
);
618 if (memcmp(cp
.data
, hdev
->eir
, sizeof(cp
.data
)) == 0)
621 memcpy(hdev
->eir
, cp
.data
, sizeof(cp
.data
));
623 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
626 static u8
get_service_classes(struct hci_dev
*hdev
)
628 struct bt_uuid
*uuid
;
631 list_for_each_entry(uuid
, &hdev
->uuids
, list
)
632 val
|= uuid
->svc_hint
;
637 static void update_class(struct hci_request
*req
)
639 struct hci_dev
*hdev
= req
->hdev
;
642 BT_DBG("%s", hdev
->name
);
644 if (!hdev_is_powered(hdev
))
647 if (test_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
650 cod
[0] = hdev
->minor_class
;
651 cod
[1] = hdev
->major_class
;
652 cod
[2] = get_service_classes(hdev
);
654 if (memcmp(cod
, hdev
->dev_class
, 3) == 0)
657 hci_req_add(req
, HCI_OP_WRITE_CLASS_OF_DEV
, sizeof(cod
), cod
);
660 static void service_cache_off(struct work_struct
*work
)
662 struct hci_dev
*hdev
= container_of(work
, struct hci_dev
,
664 struct hci_request req
;
666 if (!test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
))
669 hci_req_init(&req
, hdev
);
676 hci_dev_unlock(hdev
);
678 hci_req_run(&req
, NULL
);
681 static void mgmt_init_hdev(struct sock
*sk
, struct hci_dev
*hdev
)
683 if (test_and_set_bit(HCI_MGMT
, &hdev
->dev_flags
))
686 INIT_DELAYED_WORK(&hdev
->service_cache
, service_cache_off
);
688 /* Non-mgmt controlled devices get this bit set
689 * implicitly so that pairing works for them, however
690 * for mgmt we require user-space to explicitly enable
693 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
696 static int read_controller_info(struct sock
*sk
, struct hci_dev
*hdev
,
697 void *data
, u16 data_len
)
699 struct mgmt_rp_read_info rp
;
701 BT_DBG("sock %p %s", sk
, hdev
->name
);
705 memset(&rp
, 0, sizeof(rp
));
707 bacpy(&rp
.bdaddr
, &hdev
->bdaddr
);
709 rp
.version
= hdev
->hci_ver
;
710 rp
.manufacturer
= cpu_to_le16(hdev
->manufacturer
);
712 rp
.supported_settings
= cpu_to_le32(get_supported_settings(hdev
));
713 rp
.current_settings
= cpu_to_le32(get_current_settings(hdev
));
715 memcpy(rp
.dev_class
, hdev
->dev_class
, 3);
717 memcpy(rp
.name
, hdev
->dev_name
, sizeof(hdev
->dev_name
));
718 memcpy(rp
.short_name
, hdev
->short_name
, sizeof(hdev
->short_name
));
720 hci_dev_unlock(hdev
);
722 return cmd_complete(sk
, hdev
->id
, MGMT_OP_READ_INFO
, 0, &rp
,
726 static void mgmt_pending_free(struct pending_cmd
*cmd
)
733 static struct pending_cmd
*mgmt_pending_add(struct sock
*sk
, u16 opcode
,
734 struct hci_dev
*hdev
, void *data
,
737 struct pending_cmd
*cmd
;
739 cmd
= kmalloc(sizeof(*cmd
), GFP_KERNEL
);
743 cmd
->opcode
= opcode
;
744 cmd
->index
= hdev
->id
;
746 cmd
->param
= kmalloc(len
, GFP_KERNEL
);
753 memcpy(cmd
->param
, data
, len
);
758 list_add(&cmd
->list
, &hdev
->mgmt_pending
);
763 static void mgmt_pending_foreach(u16 opcode
, struct hci_dev
*hdev
,
764 void (*cb
)(struct pending_cmd
*cmd
,
768 struct pending_cmd
*cmd
, *tmp
;
770 list_for_each_entry_safe(cmd
, tmp
, &hdev
->mgmt_pending
, list
) {
771 if (opcode
> 0 && cmd
->opcode
!= opcode
)
778 static struct pending_cmd
*mgmt_pending_find(u16 opcode
, struct hci_dev
*hdev
)
780 struct pending_cmd
*cmd
;
782 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
783 if (cmd
->opcode
== opcode
)
790 static void mgmt_pending_remove(struct pending_cmd
*cmd
)
792 list_del(&cmd
->list
);
793 mgmt_pending_free(cmd
);
796 static int send_settings_rsp(struct sock
*sk
, u16 opcode
, struct hci_dev
*hdev
)
798 __le32 settings
= cpu_to_le32(get_current_settings(hdev
));
800 return cmd_complete(sk
, hdev
->id
, opcode
, 0, &settings
,
804 static int set_powered(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
807 struct mgmt_mode
*cp
= data
;
808 struct pending_cmd
*cmd
;
811 BT_DBG("request for %s", hdev
->name
);
813 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
814 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
815 MGMT_STATUS_INVALID_PARAMS
);
819 if (test_and_clear_bit(HCI_AUTO_OFF
, &hdev
->dev_flags
)) {
820 cancel_delayed_work(&hdev
->power_off
);
823 mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
,
825 err
= mgmt_powered(hdev
, 1);
830 if (!!cp
->val
== hdev_is_powered(hdev
)) {
831 err
= send_settings_rsp(sk
, MGMT_OP_SET_POWERED
, hdev
);
835 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
)) {
836 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_POWERED
,
841 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_POWERED
, hdev
, data
, len
);
848 queue_work(hdev
->req_workqueue
, &hdev
->power_on
);
850 queue_work(hdev
->req_workqueue
, &hdev
->power_off
.work
);
855 hci_dev_unlock(hdev
);
859 static int mgmt_event(u16 event
, struct hci_dev
*hdev
, void *data
, u16 data_len
,
860 struct sock
*skip_sk
)
863 struct mgmt_hdr
*hdr
;
865 skb
= alloc_skb(sizeof(*hdr
) + data_len
, GFP_KERNEL
);
869 hdr
= (void *) skb_put(skb
, sizeof(*hdr
));
870 hdr
->opcode
= cpu_to_le16(event
);
872 hdr
->index
= cpu_to_le16(hdev
->id
);
874 hdr
->index
= __constant_cpu_to_le16(MGMT_INDEX_NONE
);
875 hdr
->len
= cpu_to_le16(data_len
);
878 memcpy(skb_put(skb
, data_len
), data
, data_len
);
881 __net_timestamp(skb
);
883 hci_send_to_control(skb
, skip_sk
);
889 static int new_settings(struct hci_dev
*hdev
, struct sock
*skip
)
893 ev
= cpu_to_le32(get_current_settings(hdev
));
895 return mgmt_event(MGMT_EV_NEW_SETTINGS
, hdev
, &ev
, sizeof(ev
), skip
);
898 static int set_discoverable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
901 struct mgmt_cp_set_discoverable
*cp
= data
;
902 struct pending_cmd
*cmd
;
907 BT_DBG("request for %s", hdev
->name
);
909 if (!lmp_bredr_capable(hdev
))
910 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
911 MGMT_STATUS_NOT_SUPPORTED
);
913 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
914 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
915 MGMT_STATUS_INVALID_PARAMS
);
917 timeout
= __le16_to_cpu(cp
->timeout
);
918 if (!cp
->val
&& timeout
> 0)
919 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
920 MGMT_STATUS_INVALID_PARAMS
);
924 if (!hdev_is_powered(hdev
) && timeout
> 0) {
925 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
926 MGMT_STATUS_NOT_POWERED
);
930 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
931 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
932 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
937 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
)) {
938 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DISCOVERABLE
,
939 MGMT_STATUS_REJECTED
);
943 if (!hdev_is_powered(hdev
)) {
944 bool changed
= false;
946 if (!!cp
->val
!= test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
947 change_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
951 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
956 err
= new_settings(hdev
, sk
);
961 if (!!cp
->val
== test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
)) {
962 if (hdev
->discov_timeout
> 0) {
963 cancel_delayed_work(&hdev
->discov_off
);
964 hdev
->discov_timeout
= 0;
967 if (cp
->val
&& timeout
> 0) {
968 hdev
->discov_timeout
= timeout
;
969 queue_delayed_work(hdev
->workqueue
, &hdev
->discov_off
,
970 msecs_to_jiffies(hdev
->discov_timeout
* 1000));
973 err
= send_settings_rsp(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
);
977 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DISCOVERABLE
, hdev
, data
, len
);
986 scan
|= SCAN_INQUIRY
;
988 cancel_delayed_work(&hdev
->discov_off
);
990 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
992 mgmt_pending_remove(cmd
);
995 hdev
->discov_timeout
= timeout
;
998 hci_dev_unlock(hdev
);
1002 static void write_fast_connectable(struct hci_request
*req
, bool enable
)
1004 struct hci_dev
*hdev
= req
->hdev
;
1005 struct hci_cp_write_page_scan_activity acp
;
1008 if (hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
1012 type
= PAGE_SCAN_TYPE_INTERLACED
;
1014 /* 160 msec page scan interval */
1015 acp
.interval
= __constant_cpu_to_le16(0x0100);
1017 type
= PAGE_SCAN_TYPE_STANDARD
; /* default */
1019 /* default 1.28 sec page scan */
1020 acp
.interval
= __constant_cpu_to_le16(0x0800);
1023 acp
.window
= __constant_cpu_to_le16(0x0012);
1025 if (__cpu_to_le16(hdev
->page_scan_interval
) != acp
.interval
||
1026 __cpu_to_le16(hdev
->page_scan_window
) != acp
.window
)
1027 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY
,
1030 if (hdev
->page_scan_type
!= type
)
1031 hci_req_add(req
, HCI_OP_WRITE_PAGE_SCAN_TYPE
, 1, &type
);
1034 static void set_connectable_complete(struct hci_dev
*hdev
, u8 status
)
1036 struct pending_cmd
*cmd
;
1038 BT_DBG("status 0x%02x", status
);
1042 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
1046 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1048 mgmt_pending_remove(cmd
);
1051 hci_dev_unlock(hdev
);
1054 static int set_connectable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1057 struct mgmt_mode
*cp
= data
;
1058 struct pending_cmd
*cmd
;
1059 struct hci_request req
;
1063 BT_DBG("request for %s", hdev
->name
);
1065 if (!lmp_bredr_capable(hdev
))
1066 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1067 MGMT_STATUS_NOT_SUPPORTED
);
1069 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1070 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1071 MGMT_STATUS_INVALID_PARAMS
);
1075 if (!hdev_is_powered(hdev
)) {
1076 bool changed
= false;
1078 if (!!cp
->val
!= test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
1082 set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1084 clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
);
1085 clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
);
1088 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1093 err
= new_settings(hdev
, sk
);
1098 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE
, hdev
) ||
1099 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
)) {
1100 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_CONNECTABLE
,
1105 if (!!cp
->val
== test_bit(HCI_PSCAN
, &hdev
->flags
)) {
1106 err
= send_settings_rsp(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
);
1110 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_CONNECTABLE
, hdev
, data
, len
);
1121 if (test_bit(HCI_ISCAN
, &hdev
->flags
) &&
1122 hdev
->discov_timeout
> 0)
1123 cancel_delayed_work(&hdev
->discov_off
);
1126 hci_req_init(&req
, hdev
);
1128 hci_req_add(&req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
1130 /* If we're going from non-connectable to connectable or
1131 * vice-versa when fast connectable is enabled ensure that fast
1132 * connectable gets disabled. write_fast_connectable won't do
1133 * anything if the page scan parameters are already what they
1136 if (cp
->val
|| test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
))
1137 write_fast_connectable(&req
, false);
1139 err
= hci_req_run(&req
, set_connectable_complete
);
1141 mgmt_pending_remove(cmd
);
1144 hci_dev_unlock(hdev
);
1148 static int set_pairable(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1151 struct mgmt_mode
*cp
= data
;
1154 BT_DBG("request for %s", hdev
->name
);
1156 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1157 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_PAIRABLE
,
1158 MGMT_STATUS_INVALID_PARAMS
);
1163 set_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1165 clear_bit(HCI_PAIRABLE
, &hdev
->dev_flags
);
1167 err
= send_settings_rsp(sk
, MGMT_OP_SET_PAIRABLE
, hdev
);
1171 err
= new_settings(hdev
, sk
);
1174 hci_dev_unlock(hdev
);
1178 static int set_link_security(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1181 struct mgmt_mode
*cp
= data
;
1182 struct pending_cmd
*cmd
;
1186 BT_DBG("request for %s", hdev
->name
);
1188 if (!lmp_bredr_capable(hdev
))
1189 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1190 MGMT_STATUS_NOT_SUPPORTED
);
1192 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1193 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1194 MGMT_STATUS_INVALID_PARAMS
);
1198 if (!hdev_is_powered(hdev
)) {
1199 bool changed
= false;
1201 if (!!cp
->val
!= test_bit(HCI_LINK_SECURITY
,
1202 &hdev
->dev_flags
)) {
1203 change_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
1207 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1212 err
= new_settings(hdev
, sk
);
1217 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY
, hdev
)) {
1218 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LINK_SECURITY
,
1225 if (test_bit(HCI_AUTH
, &hdev
->flags
) == val
) {
1226 err
= send_settings_rsp(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
);
1230 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LINK_SECURITY
, hdev
, data
, len
);
1236 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, sizeof(val
), &val
);
1238 mgmt_pending_remove(cmd
);
1243 hci_dev_unlock(hdev
);
1247 static int set_ssp(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1249 struct mgmt_mode
*cp
= data
;
1250 struct pending_cmd
*cmd
;
1254 BT_DBG("request for %s", hdev
->name
);
1256 if (!lmp_ssp_capable(hdev
))
1257 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1258 MGMT_STATUS_NOT_SUPPORTED
);
1260 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1261 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1262 MGMT_STATUS_INVALID_PARAMS
);
1268 if (!hdev_is_powered(hdev
)) {
1269 bool changed
= false;
1271 if (val
!= test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
)) {
1272 change_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
);
1276 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1281 err
= new_settings(hdev
, sk
);
1286 if (mgmt_pending_find(MGMT_OP_SET_SSP
, hdev
)) {
1287 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_SSP
,
1292 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) == val
) {
1293 err
= send_settings_rsp(sk
, MGMT_OP_SET_SSP
, hdev
);
1297 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_SSP
, hdev
, data
, len
);
1303 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(val
), &val
);
1305 mgmt_pending_remove(cmd
);
1310 hci_dev_unlock(hdev
);
1314 static int set_hs(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1316 struct mgmt_mode
*cp
= data
;
1318 BT_DBG("request for %s", hdev
->name
);
1321 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1322 MGMT_STATUS_NOT_SUPPORTED
);
1324 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1325 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_HS
,
1326 MGMT_STATUS_INVALID_PARAMS
);
1329 set_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1331 clear_bit(HCI_HS_ENABLED
, &hdev
->dev_flags
);
1333 return send_settings_rsp(sk
, MGMT_OP_SET_HS
, hdev
);
1336 static int set_le(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1338 struct mgmt_mode
*cp
= data
;
1339 struct hci_cp_write_le_host_supported hci_cp
;
1340 struct pending_cmd
*cmd
;
1344 BT_DBG("request for %s", hdev
->name
);
1346 if (!lmp_le_capable(hdev
))
1347 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1348 MGMT_STATUS_NOT_SUPPORTED
);
1350 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
1351 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1352 MGMT_STATUS_INVALID_PARAMS
);
1357 enabled
= lmp_host_le_capable(hdev
);
1359 if (!hdev_is_powered(hdev
) || val
== enabled
) {
1360 bool changed
= false;
1362 if (val
!= test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
1363 change_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
);
1367 err
= send_settings_rsp(sk
, MGMT_OP_SET_LE
, hdev
);
1372 err
= new_settings(hdev
, sk
);
1377 if (mgmt_pending_find(MGMT_OP_SET_LE
, hdev
)) {
1378 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_LE
,
1383 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LE
, hdev
, data
, len
);
1389 memset(&hci_cp
, 0, sizeof(hci_cp
));
1393 hci_cp
.simul
= lmp_le_br_capable(hdev
);
1396 err
= hci_send_cmd(hdev
, HCI_OP_WRITE_LE_HOST_SUPPORTED
, sizeof(hci_cp
),
1399 mgmt_pending_remove(cmd
);
1402 hci_dev_unlock(hdev
);
1406 /* This is a helper function to test for pending mgmt commands that can
1407 * cause CoD or EIR HCI commands. We can only allow one such pending
1408 * mgmt command at a time since otherwise we cannot easily track what
1409 * the current values are, will be, and based on that calculate if a new
1410 * HCI command needs to be sent and if yes with what value.
1412 static bool pending_eir_or_class(struct hci_dev
*hdev
)
1414 struct pending_cmd
*cmd
;
1416 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
1417 switch (cmd
->opcode
) {
1418 case MGMT_OP_ADD_UUID
:
1419 case MGMT_OP_REMOVE_UUID
:
1420 case MGMT_OP_SET_DEV_CLASS
:
1421 case MGMT_OP_SET_POWERED
:
1429 static const u8 bluetooth_base_uuid
[] = {
1430 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1431 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1434 static u8
get_uuid_size(const u8
*uuid
)
1438 if (memcmp(uuid
, bluetooth_base_uuid
, 12))
1441 val
= get_unaligned_le32(&uuid
[12]);
1448 static void mgmt_class_complete(struct hci_dev
*hdev
, u16 mgmt_op
, u8 status
)
1450 struct pending_cmd
*cmd
;
1454 cmd
= mgmt_pending_find(mgmt_op
, hdev
);
1458 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, mgmt_status(status
),
1459 hdev
->dev_class
, 3);
1461 mgmt_pending_remove(cmd
);
1464 hci_dev_unlock(hdev
);
1467 static void add_uuid_complete(struct hci_dev
*hdev
, u8 status
)
1469 BT_DBG("status 0x%02x", status
);
1471 mgmt_class_complete(hdev
, MGMT_OP_ADD_UUID
, status
);
1474 static int add_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
, u16 len
)
1476 struct mgmt_cp_add_uuid
*cp
= data
;
1477 struct pending_cmd
*cmd
;
1478 struct hci_request req
;
1479 struct bt_uuid
*uuid
;
1482 BT_DBG("request for %s", hdev
->name
);
1486 if (pending_eir_or_class(hdev
)) {
1487 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_ADD_UUID
,
1492 uuid
= kmalloc(sizeof(*uuid
), GFP_KERNEL
);
1498 memcpy(uuid
->uuid
, cp
->uuid
, 16);
1499 uuid
->svc_hint
= cp
->svc_hint
;
1500 uuid
->size
= get_uuid_size(cp
->uuid
);
1502 list_add_tail(&uuid
->list
, &hdev
->uuids
);
1504 hci_req_init(&req
, hdev
);
1509 err
= hci_req_run(&req
, add_uuid_complete
);
1511 if (err
!= -ENODATA
)
1514 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_UUID
, 0,
1515 hdev
->dev_class
, 3);
1519 cmd
= mgmt_pending_add(sk
, MGMT_OP_ADD_UUID
, hdev
, data
, len
);
1528 hci_dev_unlock(hdev
);
1532 static bool enable_service_cache(struct hci_dev
*hdev
)
1534 if (!hdev_is_powered(hdev
))
1537 if (!test_and_set_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1538 queue_delayed_work(hdev
->workqueue
, &hdev
->service_cache
,
1546 static void remove_uuid_complete(struct hci_dev
*hdev
, u8 status
)
1548 BT_DBG("status 0x%02x", status
);
1550 mgmt_class_complete(hdev
, MGMT_OP_REMOVE_UUID
, status
);
1553 static int remove_uuid(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1556 struct mgmt_cp_remove_uuid
*cp
= data
;
1557 struct pending_cmd
*cmd
;
1558 struct bt_uuid
*match
, *tmp
;
1559 u8 bt_uuid_any
[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1560 struct hci_request req
;
1563 BT_DBG("request for %s", hdev
->name
);
1567 if (pending_eir_or_class(hdev
)) {
1568 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1573 if (memcmp(cp
->uuid
, bt_uuid_any
, 16) == 0) {
1574 err
= hci_uuids_clear(hdev
);
1576 if (enable_service_cache(hdev
)) {
1577 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1578 0, hdev
->dev_class
, 3);
1587 list_for_each_entry_safe(match
, tmp
, &hdev
->uuids
, list
) {
1588 if (memcmp(match
->uuid
, cp
->uuid
, 16) != 0)
1591 list_del(&match
->list
);
1597 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
,
1598 MGMT_STATUS_INVALID_PARAMS
);
1603 hci_req_init(&req
, hdev
);
1608 err
= hci_req_run(&req
, remove_uuid_complete
);
1610 if (err
!= -ENODATA
)
1613 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_UUID
, 0,
1614 hdev
->dev_class
, 3);
1618 cmd
= mgmt_pending_add(sk
, MGMT_OP_REMOVE_UUID
, hdev
, data
, len
);
1627 hci_dev_unlock(hdev
);
1631 static void set_class_complete(struct hci_dev
*hdev
, u8 status
)
1633 BT_DBG("status 0x%02x", status
);
1635 mgmt_class_complete(hdev
, MGMT_OP_SET_DEV_CLASS
, status
);
1638 static int set_dev_class(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1641 struct mgmt_cp_set_dev_class
*cp
= data
;
1642 struct pending_cmd
*cmd
;
1643 struct hci_request req
;
1646 BT_DBG("request for %s", hdev
->name
);
1648 if (!lmp_bredr_capable(hdev
))
1649 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1650 MGMT_STATUS_NOT_SUPPORTED
);
1654 if (pending_eir_or_class(hdev
)) {
1655 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1660 if ((cp
->minor
& 0x03) != 0 || (cp
->major
& 0xe0) != 0) {
1661 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
,
1662 MGMT_STATUS_INVALID_PARAMS
);
1666 hdev
->major_class
= cp
->major
;
1667 hdev
->minor_class
= cp
->minor
;
1669 if (!hdev_is_powered(hdev
)) {
1670 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1671 hdev
->dev_class
, 3);
1675 hci_req_init(&req
, hdev
);
1677 if (test_and_clear_bit(HCI_SERVICE_CACHE
, &hdev
->dev_flags
)) {
1678 hci_dev_unlock(hdev
);
1679 cancel_delayed_work_sync(&hdev
->service_cache
);
1686 err
= hci_req_run(&req
, set_class_complete
);
1688 if (err
!= -ENODATA
)
1691 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEV_CLASS
, 0,
1692 hdev
->dev_class
, 3);
1696 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_DEV_CLASS
, hdev
, data
, len
);
1705 hci_dev_unlock(hdev
);
1709 static int load_link_keys(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1712 struct mgmt_cp_load_link_keys
*cp
= data
;
1713 u16 key_count
, expected_len
;
1716 key_count
= __le16_to_cpu(cp
->key_count
);
1718 expected_len
= sizeof(*cp
) + key_count
*
1719 sizeof(struct mgmt_link_key_info
);
1720 if (expected_len
!= len
) {
1721 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1723 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1724 MGMT_STATUS_INVALID_PARAMS
);
1727 if (cp
->debug_keys
!= 0x00 && cp
->debug_keys
!= 0x01)
1728 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1729 MGMT_STATUS_INVALID_PARAMS
);
1731 BT_DBG("%s debug_keys %u key_count %u", hdev
->name
, cp
->debug_keys
,
1734 for (i
= 0; i
< key_count
; i
++) {
1735 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1737 if (key
->addr
.type
!= BDADDR_BREDR
)
1738 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
,
1739 MGMT_STATUS_INVALID_PARAMS
);
1744 hci_link_keys_clear(hdev
);
1746 set_bit(HCI_LINK_KEYS
, &hdev
->dev_flags
);
1749 set_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1751 clear_bit(HCI_DEBUG_KEYS
, &hdev
->dev_flags
);
1753 for (i
= 0; i
< key_count
; i
++) {
1754 struct mgmt_link_key_info
*key
= &cp
->keys
[i
];
1756 hci_add_link_key(hdev
, NULL
, 0, &key
->addr
.bdaddr
, key
->val
,
1757 key
->type
, key
->pin_len
);
1760 cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LINK_KEYS
, 0, NULL
, 0);
1762 hci_dev_unlock(hdev
);
1767 static int device_unpaired(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
1768 u8 addr_type
, struct sock
*skip_sk
)
1770 struct mgmt_ev_device_unpaired ev
;
1772 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
1773 ev
.addr
.type
= addr_type
;
1775 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED
, hdev
, &ev
, sizeof(ev
),
1779 static int unpair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1782 struct mgmt_cp_unpair_device
*cp
= data
;
1783 struct mgmt_rp_unpair_device rp
;
1784 struct hci_cp_disconnect dc
;
1785 struct pending_cmd
*cmd
;
1786 struct hci_conn
*conn
;
1789 memset(&rp
, 0, sizeof(rp
));
1790 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1791 rp
.addr
.type
= cp
->addr
.type
;
1793 if (!bdaddr_type_is_valid(cp
->addr
.type
))
1794 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1795 MGMT_STATUS_INVALID_PARAMS
,
1798 if (cp
->disconnect
!= 0x00 && cp
->disconnect
!= 0x01)
1799 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1800 MGMT_STATUS_INVALID_PARAMS
,
1805 if (!hdev_is_powered(hdev
)) {
1806 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1807 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1811 if (cp
->addr
.type
== BDADDR_BREDR
)
1812 err
= hci_remove_link_key(hdev
, &cp
->addr
.bdaddr
);
1814 err
= hci_remove_ltk(hdev
, &cp
->addr
.bdaddr
);
1817 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
,
1818 MGMT_STATUS_NOT_PAIRED
, &rp
, sizeof(rp
));
1822 if (cp
->disconnect
) {
1823 if (cp
->addr
.type
== BDADDR_BREDR
)
1824 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1827 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
,
1834 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNPAIR_DEVICE
, 0,
1836 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, sk
);
1840 cmd
= mgmt_pending_add(sk
, MGMT_OP_UNPAIR_DEVICE
, hdev
, cp
,
1847 dc
.handle
= cpu_to_le16(conn
->handle
);
1848 dc
.reason
= 0x13; /* Remote User Terminated Connection */
1849 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1851 mgmt_pending_remove(cmd
);
1854 hci_dev_unlock(hdev
);
1858 static int disconnect(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1861 struct mgmt_cp_disconnect
*cp
= data
;
1862 struct mgmt_rp_disconnect rp
;
1863 struct hci_cp_disconnect dc
;
1864 struct pending_cmd
*cmd
;
1865 struct hci_conn
*conn
;
1870 memset(&rp
, 0, sizeof(rp
));
1871 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
1872 rp
.addr
.type
= cp
->addr
.type
;
1874 if (!bdaddr_type_is_valid(cp
->addr
.type
))
1875 return cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1876 MGMT_STATUS_INVALID_PARAMS
,
1881 if (!test_bit(HCI_UP
, &hdev
->flags
)) {
1882 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1883 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
1887 if (mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
)) {
1888 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1889 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
1893 if (cp
->addr
.type
== BDADDR_BREDR
)
1894 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
,
1897 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->addr
.bdaddr
);
1899 if (!conn
|| conn
->state
== BT_OPEN
|| conn
->state
== BT_CLOSED
) {
1900 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_DISCONNECT
,
1901 MGMT_STATUS_NOT_CONNECTED
, &rp
, sizeof(rp
));
1905 cmd
= mgmt_pending_add(sk
, MGMT_OP_DISCONNECT
, hdev
, data
, len
);
1911 dc
.handle
= cpu_to_le16(conn
->handle
);
1912 dc
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
1914 err
= hci_send_cmd(hdev
, HCI_OP_DISCONNECT
, sizeof(dc
), &dc
);
1916 mgmt_pending_remove(cmd
);
1919 hci_dev_unlock(hdev
);
1923 static u8
link_to_bdaddr(u8 link_type
, u8 addr_type
)
1925 switch (link_type
) {
1927 switch (addr_type
) {
1928 case ADDR_LE_DEV_PUBLIC
:
1929 return BDADDR_LE_PUBLIC
;
1932 /* Fallback to LE Random address type */
1933 return BDADDR_LE_RANDOM
;
1937 /* Fallback to BR/EDR type */
1938 return BDADDR_BREDR
;
1942 static int get_connections(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
1945 struct mgmt_rp_get_connections
*rp
;
1955 if (!hdev_is_powered(hdev
)) {
1956 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
,
1957 MGMT_STATUS_NOT_POWERED
);
1962 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1963 if (test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1967 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1968 rp
= kmalloc(rp_len
, GFP_KERNEL
);
1975 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
1976 if (!test_bit(HCI_CONN_MGMT_CONNECTED
, &c
->flags
))
1978 bacpy(&rp
->addr
[i
].bdaddr
, &c
->dst
);
1979 rp
->addr
[i
].type
= link_to_bdaddr(c
->type
, c
->dst_type
);
1980 if (c
->type
== SCO_LINK
|| c
->type
== ESCO_LINK
)
1985 rp
->conn_count
= cpu_to_le16(i
);
1987 /* Recalculate length in case of filtered SCO connections, etc */
1988 rp_len
= sizeof(*rp
) + (i
* sizeof(struct mgmt_addr_info
));
1990 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_GET_CONNECTIONS
, 0, rp
,
1996 hci_dev_unlock(hdev
);
2000 static int send_pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2001 struct mgmt_cp_pin_code_neg_reply
*cp
)
2003 struct pending_cmd
*cmd
;
2006 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
, cp
,
2011 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2012 sizeof(cp
->addr
.bdaddr
), &cp
->addr
.bdaddr
);
2014 mgmt_pending_remove(cmd
);
2019 static int pin_code_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2022 struct hci_conn
*conn
;
2023 struct mgmt_cp_pin_code_reply
*cp
= data
;
2024 struct hci_cp_pin_code_reply reply
;
2025 struct pending_cmd
*cmd
;
2032 if (!hdev_is_powered(hdev
)) {
2033 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2034 MGMT_STATUS_NOT_POWERED
);
2038 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
);
2040 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2041 MGMT_STATUS_NOT_CONNECTED
);
2045 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
&& cp
->pin_len
!= 16) {
2046 struct mgmt_cp_pin_code_neg_reply ncp
;
2048 memcpy(&ncp
.addr
, &cp
->addr
, sizeof(ncp
.addr
));
2050 BT_ERR("PIN code is not 16 bytes long");
2052 err
= send_pin_code_neg_reply(sk
, hdev
, &ncp
);
2054 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
2055 MGMT_STATUS_INVALID_PARAMS
);
2060 cmd
= mgmt_pending_add(sk
, MGMT_OP_PIN_CODE_REPLY
, hdev
, data
, len
);
2066 bacpy(&reply
.bdaddr
, &cp
->addr
.bdaddr
);
2067 reply
.pin_len
= cp
->pin_len
;
2068 memcpy(reply
.pin_code
, cp
->pin_code
, sizeof(reply
.pin_code
));
2070 err
= hci_send_cmd(hdev
, HCI_OP_PIN_CODE_REPLY
, sizeof(reply
), &reply
);
2072 mgmt_pending_remove(cmd
);
2075 hci_dev_unlock(hdev
);
2079 static int set_io_capability(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2082 struct mgmt_cp_set_io_capability
*cp
= data
;
2088 hdev
->io_capability
= cp
->io_capability
;
2090 BT_DBG("%s IO capability set to 0x%02x", hdev
->name
,
2091 hdev
->io_capability
);
2093 hci_dev_unlock(hdev
);
2095 return cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_IO_CAPABILITY
, 0, NULL
,
2099 static struct pending_cmd
*find_pairing(struct hci_conn
*conn
)
2101 struct hci_dev
*hdev
= conn
->hdev
;
2102 struct pending_cmd
*cmd
;
2104 list_for_each_entry(cmd
, &hdev
->mgmt_pending
, list
) {
2105 if (cmd
->opcode
!= MGMT_OP_PAIR_DEVICE
)
2108 if (cmd
->user_data
!= conn
)
2117 static void pairing_complete(struct pending_cmd
*cmd
, u8 status
)
2119 struct mgmt_rp_pair_device rp
;
2120 struct hci_conn
*conn
= cmd
->user_data
;
2122 bacpy(&rp
.addr
.bdaddr
, &conn
->dst
);
2123 rp
.addr
.type
= link_to_bdaddr(conn
->type
, conn
->dst_type
);
2125 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_PAIR_DEVICE
, status
,
2128 /* So we don't get further callbacks for this connection */
2129 conn
->connect_cfm_cb
= NULL
;
2130 conn
->security_cfm_cb
= NULL
;
2131 conn
->disconn_cfm_cb
= NULL
;
2133 hci_conn_drop(conn
);
2135 mgmt_pending_remove(cmd
);
2138 static void pairing_complete_cb(struct hci_conn
*conn
, u8 status
)
2140 struct pending_cmd
*cmd
;
2142 BT_DBG("status %u", status
);
2144 cmd
= find_pairing(conn
);
2146 BT_DBG("Unable to find a pending command");
2148 pairing_complete(cmd
, mgmt_status(status
));
2151 static void le_connect_complete_cb(struct hci_conn
*conn
, u8 status
)
2153 struct pending_cmd
*cmd
;
2155 BT_DBG("status %u", status
);
2160 cmd
= find_pairing(conn
);
2162 BT_DBG("Unable to find a pending command");
2164 pairing_complete(cmd
, mgmt_status(status
));
2167 static int pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2170 struct mgmt_cp_pair_device
*cp
= data
;
2171 struct mgmt_rp_pair_device rp
;
2172 struct pending_cmd
*cmd
;
2173 u8 sec_level
, auth_type
;
2174 struct hci_conn
*conn
;
2179 memset(&rp
, 0, sizeof(rp
));
2180 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
2181 rp
.addr
.type
= cp
->addr
.type
;
2183 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2184 return cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2185 MGMT_STATUS_INVALID_PARAMS
,
2190 if (!hdev_is_powered(hdev
)) {
2191 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2192 MGMT_STATUS_NOT_POWERED
, &rp
, sizeof(rp
));
2196 sec_level
= BT_SECURITY_MEDIUM
;
2197 if (cp
->io_cap
== 0x03)
2198 auth_type
= HCI_AT_DEDICATED_BONDING
;
2200 auth_type
= HCI_AT_DEDICATED_BONDING_MITM
;
2202 if (cp
->addr
.type
== BDADDR_BREDR
)
2203 conn
= hci_connect(hdev
, ACL_LINK
, &cp
->addr
.bdaddr
,
2204 cp
->addr
.type
, sec_level
, auth_type
);
2206 conn
= hci_connect(hdev
, LE_LINK
, &cp
->addr
.bdaddr
,
2207 cp
->addr
.type
, sec_level
, auth_type
);
2212 if (PTR_ERR(conn
) == -EBUSY
)
2213 status
= MGMT_STATUS_BUSY
;
2215 status
= MGMT_STATUS_CONNECT_FAILED
;
2217 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2223 if (conn
->connect_cfm_cb
) {
2224 hci_conn_drop(conn
);
2225 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_PAIR_DEVICE
,
2226 MGMT_STATUS_BUSY
, &rp
, sizeof(rp
));
2230 cmd
= mgmt_pending_add(sk
, MGMT_OP_PAIR_DEVICE
, hdev
, data
, len
);
2233 hci_conn_drop(conn
);
2237 /* For LE, just connecting isn't a proof that the pairing finished */
2238 if (cp
->addr
.type
== BDADDR_BREDR
)
2239 conn
->connect_cfm_cb
= pairing_complete_cb
;
2241 conn
->connect_cfm_cb
= le_connect_complete_cb
;
2243 conn
->security_cfm_cb
= pairing_complete_cb
;
2244 conn
->disconn_cfm_cb
= pairing_complete_cb
;
2245 conn
->io_capability
= cp
->io_cap
;
2246 cmd
->user_data
= conn
;
2248 if (conn
->state
== BT_CONNECTED
&&
2249 hci_conn_security(conn
, sec_level
, auth_type
))
2250 pairing_complete(cmd
, 0);
2255 hci_dev_unlock(hdev
);
2259 static int cancel_pair_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2262 struct mgmt_addr_info
*addr
= data
;
2263 struct pending_cmd
*cmd
;
2264 struct hci_conn
*conn
;
2271 if (!hdev_is_powered(hdev
)) {
2272 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2273 MGMT_STATUS_NOT_POWERED
);
2277 cmd
= mgmt_pending_find(MGMT_OP_PAIR_DEVICE
, hdev
);
2279 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2280 MGMT_STATUS_INVALID_PARAMS
);
2284 conn
= cmd
->user_data
;
2286 if (bacmp(&addr
->bdaddr
, &conn
->dst
) != 0) {
2287 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
,
2288 MGMT_STATUS_INVALID_PARAMS
);
2292 pairing_complete(cmd
, MGMT_STATUS_CANCELLED
);
2294 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CANCEL_PAIR_DEVICE
, 0,
2295 addr
, sizeof(*addr
));
2297 hci_dev_unlock(hdev
);
2301 static int user_pairing_resp(struct sock
*sk
, struct hci_dev
*hdev
,
2302 struct mgmt_addr_info
*addr
, u16 mgmt_op
,
2303 u16 hci_op
, __le32 passkey
)
2305 struct pending_cmd
*cmd
;
2306 struct hci_conn
*conn
;
2311 if (!hdev_is_powered(hdev
)) {
2312 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2313 MGMT_STATUS_NOT_POWERED
, addr
,
2318 if (addr
->type
== BDADDR_BREDR
)
2319 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &addr
->bdaddr
);
2321 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &addr
->bdaddr
);
2324 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2325 MGMT_STATUS_NOT_CONNECTED
, addr
,
2330 if (addr
->type
== BDADDR_LE_PUBLIC
|| addr
->type
== BDADDR_LE_RANDOM
) {
2331 /* Continue with pairing via SMP */
2332 err
= smp_user_confirm_reply(conn
, mgmt_op
, passkey
);
2335 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2336 MGMT_STATUS_SUCCESS
, addr
,
2339 err
= cmd_complete(sk
, hdev
->id
, mgmt_op
,
2340 MGMT_STATUS_FAILED
, addr
,
2346 cmd
= mgmt_pending_add(sk
, mgmt_op
, hdev
, addr
, sizeof(*addr
));
2352 /* Continue with pairing via HCI */
2353 if (hci_op
== HCI_OP_USER_PASSKEY_REPLY
) {
2354 struct hci_cp_user_passkey_reply cp
;
2356 bacpy(&cp
.bdaddr
, &addr
->bdaddr
);
2357 cp
.passkey
= passkey
;
2358 err
= hci_send_cmd(hdev
, hci_op
, sizeof(cp
), &cp
);
2360 err
= hci_send_cmd(hdev
, hci_op
, sizeof(addr
->bdaddr
),
2364 mgmt_pending_remove(cmd
);
2367 hci_dev_unlock(hdev
);
2371 static int pin_code_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2372 void *data
, u16 len
)
2374 struct mgmt_cp_pin_code_neg_reply
*cp
= data
;
2378 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2379 MGMT_OP_PIN_CODE_NEG_REPLY
,
2380 HCI_OP_PIN_CODE_NEG_REPLY
, 0);
2383 static int user_confirm_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2386 struct mgmt_cp_user_confirm_reply
*cp
= data
;
2390 if (len
!= sizeof(*cp
))
2391 return cmd_status(sk
, hdev
->id
, MGMT_OP_USER_CONFIRM_REPLY
,
2392 MGMT_STATUS_INVALID_PARAMS
);
2394 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2395 MGMT_OP_USER_CONFIRM_REPLY
,
2396 HCI_OP_USER_CONFIRM_REPLY
, 0);
2399 static int user_confirm_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2400 void *data
, u16 len
)
2402 struct mgmt_cp_user_confirm_neg_reply
*cp
= data
;
2406 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2407 MGMT_OP_USER_CONFIRM_NEG_REPLY
,
2408 HCI_OP_USER_CONFIRM_NEG_REPLY
, 0);
2411 static int user_passkey_reply(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2414 struct mgmt_cp_user_passkey_reply
*cp
= data
;
2418 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2419 MGMT_OP_USER_PASSKEY_REPLY
,
2420 HCI_OP_USER_PASSKEY_REPLY
, cp
->passkey
);
2423 static int user_passkey_neg_reply(struct sock
*sk
, struct hci_dev
*hdev
,
2424 void *data
, u16 len
)
2426 struct mgmt_cp_user_passkey_neg_reply
*cp
= data
;
2430 return user_pairing_resp(sk
, hdev
, &cp
->addr
,
2431 MGMT_OP_USER_PASSKEY_NEG_REPLY
,
2432 HCI_OP_USER_PASSKEY_NEG_REPLY
, 0);
2435 static void update_name(struct hci_request
*req
)
2437 struct hci_dev
*hdev
= req
->hdev
;
2438 struct hci_cp_write_local_name cp
;
2440 memcpy(cp
.name
, hdev
->dev_name
, sizeof(cp
.name
));
2442 hci_req_add(req
, HCI_OP_WRITE_LOCAL_NAME
, sizeof(cp
), &cp
);
2445 static void set_name_complete(struct hci_dev
*hdev
, u8 status
)
2447 struct mgmt_cp_set_local_name
*cp
;
2448 struct pending_cmd
*cmd
;
2450 BT_DBG("status 0x%02x", status
);
2454 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
2461 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
,
2462 mgmt_status(status
));
2464 cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2467 mgmt_pending_remove(cmd
);
2470 hci_dev_unlock(hdev
);
2473 static int set_local_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2476 struct mgmt_cp_set_local_name
*cp
= data
;
2477 struct pending_cmd
*cmd
;
2478 struct hci_request req
;
2485 /* If the old values are the same as the new ones just return a
2486 * direct command complete event.
2488 if (!memcmp(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
)) &&
2489 !memcmp(hdev
->short_name
, cp
->short_name
,
2490 sizeof(hdev
->short_name
))) {
2491 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2496 memcpy(hdev
->short_name
, cp
->short_name
, sizeof(hdev
->short_name
));
2498 if (!hdev_is_powered(hdev
)) {
2499 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2501 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_LOCAL_NAME
, 0,
2506 err
= mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, data
, len
,
2512 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_LOCAL_NAME
, hdev
, data
, len
);
2518 memcpy(hdev
->dev_name
, cp
->name
, sizeof(hdev
->dev_name
));
2520 hci_req_init(&req
, hdev
);
2522 if (lmp_bredr_capable(hdev
)) {
2527 if (lmp_le_capable(hdev
))
2528 hci_update_ad(&req
);
2530 err
= hci_req_run(&req
, set_name_complete
);
2532 mgmt_pending_remove(cmd
);
2535 hci_dev_unlock(hdev
);
2539 static int read_local_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2540 void *data
, u16 data_len
)
2542 struct pending_cmd
*cmd
;
2545 BT_DBG("%s", hdev
->name
);
2549 if (!hdev_is_powered(hdev
)) {
2550 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2551 MGMT_STATUS_NOT_POWERED
);
2555 if (!lmp_ssp_capable(hdev
)) {
2556 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2557 MGMT_STATUS_NOT_SUPPORTED
);
2561 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
)) {
2562 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
2567 cmd
= mgmt_pending_add(sk
, MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
, NULL
, 0);
2573 err
= hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_OOB_DATA
, 0, NULL
);
2575 mgmt_pending_remove(cmd
);
2578 hci_dev_unlock(hdev
);
2582 static int add_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2583 void *data
, u16 len
)
2585 struct mgmt_cp_add_remote_oob_data
*cp
= data
;
2589 BT_DBG("%s ", hdev
->name
);
2593 err
= hci_add_remote_oob_data(hdev
, &cp
->addr
.bdaddr
, cp
->hash
,
2596 status
= MGMT_STATUS_FAILED
;
2598 status
= MGMT_STATUS_SUCCESS
;
2600 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_ADD_REMOTE_OOB_DATA
, status
,
2601 &cp
->addr
, sizeof(cp
->addr
));
2603 hci_dev_unlock(hdev
);
2607 static int remove_remote_oob_data(struct sock
*sk
, struct hci_dev
*hdev
,
2608 void *data
, u16 len
)
2610 struct mgmt_cp_remove_remote_oob_data
*cp
= data
;
2614 BT_DBG("%s", hdev
->name
);
2618 err
= hci_remove_remote_oob_data(hdev
, &cp
->addr
.bdaddr
);
2620 status
= MGMT_STATUS_INVALID_PARAMS
;
2622 status
= MGMT_STATUS_SUCCESS
;
2624 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_REMOVE_REMOTE_OOB_DATA
,
2625 status
, &cp
->addr
, sizeof(cp
->addr
));
2627 hci_dev_unlock(hdev
);
2631 int mgmt_interleaved_discovery(struct hci_dev
*hdev
)
2635 BT_DBG("%s", hdev
->name
);
2639 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR_LE
);
2641 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2643 hci_dev_unlock(hdev
);
2648 static int start_discovery(struct sock
*sk
, struct hci_dev
*hdev
,
2649 void *data
, u16 len
)
2651 struct mgmt_cp_start_discovery
*cp
= data
;
2652 struct pending_cmd
*cmd
;
2655 BT_DBG("%s", hdev
->name
);
2659 if (!hdev_is_powered(hdev
)) {
2660 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2661 MGMT_STATUS_NOT_POWERED
);
2665 if (test_bit(HCI_PERIODIC_INQ
, &hdev
->dev_flags
)) {
2666 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2671 if (hdev
->discovery
.state
!= DISCOVERY_STOPPED
) {
2672 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2677 cmd
= mgmt_pending_add(sk
, MGMT_OP_START_DISCOVERY
, hdev
, NULL
, 0);
2683 hdev
->discovery
.type
= cp
->type
;
2685 switch (hdev
->discovery
.type
) {
2686 case DISCOV_TYPE_BREDR
:
2687 if (!lmp_bredr_capable(hdev
)) {
2688 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2689 MGMT_STATUS_NOT_SUPPORTED
);
2690 mgmt_pending_remove(cmd
);
2694 err
= hci_do_inquiry(hdev
, INQUIRY_LEN_BREDR
);
2697 case DISCOV_TYPE_LE
:
2698 if (!lmp_host_le_capable(hdev
)) {
2699 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2700 MGMT_STATUS_NOT_SUPPORTED
);
2701 mgmt_pending_remove(cmd
);
2705 err
= hci_le_scan(hdev
, LE_SCAN_ACTIVE
, LE_SCAN_INT
,
2706 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_LE_ONLY
);
2709 case DISCOV_TYPE_INTERLEAVED
:
2710 if (!lmp_host_le_capable(hdev
) || !lmp_bredr_capable(hdev
)) {
2711 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2712 MGMT_STATUS_NOT_SUPPORTED
);
2713 mgmt_pending_remove(cmd
);
2717 err
= hci_le_scan(hdev
, LE_SCAN_ACTIVE
, LE_SCAN_INT
,
2718 LE_SCAN_WIN
, LE_SCAN_TIMEOUT_BREDR_LE
);
2722 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_START_DISCOVERY
,
2723 MGMT_STATUS_INVALID_PARAMS
);
2724 mgmt_pending_remove(cmd
);
2729 mgmt_pending_remove(cmd
);
2731 hci_discovery_set_state(hdev
, DISCOVERY_STARTING
);
2734 hci_dev_unlock(hdev
);
2738 static int stop_discovery(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2741 struct mgmt_cp_stop_discovery
*mgmt_cp
= data
;
2742 struct pending_cmd
*cmd
;
2743 struct hci_cp_remote_name_req_cancel cp
;
2744 struct inquiry_entry
*e
;
2747 BT_DBG("%s", hdev
->name
);
2751 if (!hci_discovery_active(hdev
)) {
2752 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2753 MGMT_STATUS_REJECTED
, &mgmt_cp
->type
,
2754 sizeof(mgmt_cp
->type
));
2758 if (hdev
->discovery
.type
!= mgmt_cp
->type
) {
2759 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_STOP_DISCOVERY
,
2760 MGMT_STATUS_INVALID_PARAMS
, &mgmt_cp
->type
,
2761 sizeof(mgmt_cp
->type
));
2765 cmd
= mgmt_pending_add(sk
, MGMT_OP_STOP_DISCOVERY
, hdev
, NULL
, 0);
2771 switch (hdev
->discovery
.state
) {
2772 case DISCOVERY_FINDING
:
2773 if (test_bit(HCI_INQUIRY
, &hdev
->flags
))
2774 err
= hci_cancel_inquiry(hdev
);
2776 err
= hci_cancel_le_scan(hdev
);
2780 case DISCOVERY_RESOLVING
:
2781 e
= hci_inquiry_cache_lookup_resolve(hdev
, BDADDR_ANY
,
2784 mgmt_pending_remove(cmd
);
2785 err
= cmd_complete(sk
, hdev
->id
,
2786 MGMT_OP_STOP_DISCOVERY
, 0,
2788 sizeof(mgmt_cp
->type
));
2789 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
2793 bacpy(&cp
.bdaddr
, &e
->data
.bdaddr
);
2794 err
= hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ_CANCEL
,
2800 BT_DBG("unknown discovery state %u", hdev
->discovery
.state
);
2805 mgmt_pending_remove(cmd
);
2807 hci_discovery_set_state(hdev
, DISCOVERY_STOPPING
);
2810 hci_dev_unlock(hdev
);
2814 static int confirm_name(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2817 struct mgmt_cp_confirm_name
*cp
= data
;
2818 struct inquiry_entry
*e
;
2821 BT_DBG("%s", hdev
->name
);
2825 if (!hci_discovery_active(hdev
)) {
2826 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2827 MGMT_STATUS_FAILED
);
2831 e
= hci_inquiry_cache_lookup_unknown(hdev
, &cp
->addr
.bdaddr
);
2833 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
,
2834 MGMT_STATUS_INVALID_PARAMS
);
2838 if (cp
->name_known
) {
2839 e
->name_state
= NAME_KNOWN
;
2842 e
->name_state
= NAME_NEEDED
;
2843 hci_inquiry_cache_update_resolve(hdev
, e
);
2846 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_CONFIRM_NAME
, 0, &cp
->addr
,
2850 hci_dev_unlock(hdev
);
2854 static int block_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2857 struct mgmt_cp_block_device
*cp
= data
;
2861 BT_DBG("%s", hdev
->name
);
2863 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2864 return cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
,
2865 MGMT_STATUS_INVALID_PARAMS
,
2866 &cp
->addr
, sizeof(cp
->addr
));
2870 err
= hci_blacklist_add(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2872 status
= MGMT_STATUS_FAILED
;
2874 status
= MGMT_STATUS_SUCCESS
;
2876 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_BLOCK_DEVICE
, status
,
2877 &cp
->addr
, sizeof(cp
->addr
));
2879 hci_dev_unlock(hdev
);
2884 static int unblock_device(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2887 struct mgmt_cp_unblock_device
*cp
= data
;
2891 BT_DBG("%s", hdev
->name
);
2893 if (!bdaddr_type_is_valid(cp
->addr
.type
))
2894 return cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
,
2895 MGMT_STATUS_INVALID_PARAMS
,
2896 &cp
->addr
, sizeof(cp
->addr
));
2900 err
= hci_blacklist_del(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
);
2902 status
= MGMT_STATUS_INVALID_PARAMS
;
2904 status
= MGMT_STATUS_SUCCESS
;
2906 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_UNBLOCK_DEVICE
, status
,
2907 &cp
->addr
, sizeof(cp
->addr
));
2909 hci_dev_unlock(hdev
);
2914 static int set_device_id(struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
2917 struct mgmt_cp_set_device_id
*cp
= data
;
2918 struct hci_request req
;
2922 BT_DBG("%s", hdev
->name
);
2924 source
= __le16_to_cpu(cp
->source
);
2926 if (source
> 0x0002)
2927 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
,
2928 MGMT_STATUS_INVALID_PARAMS
);
2932 hdev
->devid_source
= source
;
2933 hdev
->devid_vendor
= __le16_to_cpu(cp
->vendor
);
2934 hdev
->devid_product
= __le16_to_cpu(cp
->product
);
2935 hdev
->devid_version
= __le16_to_cpu(cp
->version
);
2937 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_SET_DEVICE_ID
, 0, NULL
, 0);
2939 hci_req_init(&req
, hdev
);
2941 hci_req_run(&req
, NULL
);
2943 hci_dev_unlock(hdev
);
2948 static void fast_connectable_complete(struct hci_dev
*hdev
, u8 status
)
2950 struct pending_cmd
*cmd
;
2952 BT_DBG("status 0x%02x", status
);
2956 cmd
= mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
2961 cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2962 mgmt_status(status
));
2964 struct mgmt_mode
*cp
= cmd
->param
;
2967 set_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
2969 clear_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
);
2971 send_settings_rsp(cmd
->sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
);
2972 new_settings(hdev
, cmd
->sk
);
2975 mgmt_pending_remove(cmd
);
2978 hci_dev_unlock(hdev
);
2981 static int set_fast_connectable(struct sock
*sk
, struct hci_dev
*hdev
,
2982 void *data
, u16 len
)
2984 struct mgmt_mode
*cp
= data
;
2985 struct pending_cmd
*cmd
;
2986 struct hci_request req
;
2989 BT_DBG("%s", hdev
->name
);
2991 if (!lmp_bredr_capable(hdev
) || hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
2992 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2993 MGMT_STATUS_NOT_SUPPORTED
);
2995 if (cp
->val
!= 0x00 && cp
->val
!= 0x01)
2996 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
2997 MGMT_STATUS_INVALID_PARAMS
);
2999 if (!hdev_is_powered(hdev
))
3000 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3001 MGMT_STATUS_NOT_POWERED
);
3003 if (!test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3004 return cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3005 MGMT_STATUS_REJECTED
);
3009 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE
, hdev
)) {
3010 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3015 if (!!cp
->val
== test_bit(HCI_FAST_CONNECTABLE
, &hdev
->dev_flags
)) {
3016 err
= send_settings_rsp(sk
, MGMT_OP_SET_FAST_CONNECTABLE
,
3021 cmd
= mgmt_pending_add(sk
, MGMT_OP_SET_FAST_CONNECTABLE
, hdev
,
3028 hci_req_init(&req
, hdev
);
3030 write_fast_connectable(&req
, cp
->val
);
3032 err
= hci_req_run(&req
, fast_connectable_complete
);
3034 err
= cmd_status(sk
, hdev
->id
, MGMT_OP_SET_FAST_CONNECTABLE
,
3035 MGMT_STATUS_FAILED
);
3036 mgmt_pending_remove(cmd
);
3040 hci_dev_unlock(hdev
);
3045 static bool ltk_is_valid(struct mgmt_ltk_info
*key
)
3047 if (key
->authenticated
!= 0x00 && key
->authenticated
!= 0x01)
3049 if (key
->master
!= 0x00 && key
->master
!= 0x01)
3051 if (!bdaddr_type_is_le(key
->addr
.type
))
3056 static int load_long_term_keys(struct sock
*sk
, struct hci_dev
*hdev
,
3057 void *cp_data
, u16 len
)
3059 struct mgmt_cp_load_long_term_keys
*cp
= cp_data
;
3060 u16 key_count
, expected_len
;
3063 key_count
= __le16_to_cpu(cp
->key_count
);
3065 expected_len
= sizeof(*cp
) + key_count
*
3066 sizeof(struct mgmt_ltk_info
);
3067 if (expected_len
!= len
) {
3068 BT_ERR("load_keys: expected %u bytes, got %u bytes",
3070 return cmd_status(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
,
3071 MGMT_STATUS_INVALID_PARAMS
);
3074 BT_DBG("%s key_count %u", hdev
->name
, key_count
);
3076 for (i
= 0; i
< key_count
; i
++) {
3077 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
3079 if (!ltk_is_valid(key
))
3080 return cmd_status(sk
, hdev
->id
,
3081 MGMT_OP_LOAD_LONG_TERM_KEYS
,
3082 MGMT_STATUS_INVALID_PARAMS
);
3087 hci_smp_ltks_clear(hdev
);
3089 for (i
= 0; i
< key_count
; i
++) {
3090 struct mgmt_ltk_info
*key
= &cp
->keys
[i
];
3096 type
= HCI_SMP_LTK_SLAVE
;
3098 hci_add_ltk(hdev
, &key
->addr
.bdaddr
,
3099 bdaddr_to_le(key
->addr
.type
),
3100 type
, 0, key
->authenticated
, key
->val
,
3101 key
->enc_size
, key
->ediv
, key
->rand
);
3104 err
= cmd_complete(sk
, hdev
->id
, MGMT_OP_LOAD_LONG_TERM_KEYS
, 0,
3107 hci_dev_unlock(hdev
);
3112 static const struct mgmt_handler
{
3113 int (*func
) (struct sock
*sk
, struct hci_dev
*hdev
, void *data
,
3117 } mgmt_handlers
[] = {
3118 { NULL
}, /* 0x0000 (no command) */
3119 { read_version
, false, MGMT_READ_VERSION_SIZE
},
3120 { read_commands
, false, MGMT_READ_COMMANDS_SIZE
},
3121 { read_index_list
, false, MGMT_READ_INDEX_LIST_SIZE
},
3122 { read_controller_info
, false, MGMT_READ_INFO_SIZE
},
3123 { set_powered
, false, MGMT_SETTING_SIZE
},
3124 { set_discoverable
, false, MGMT_SET_DISCOVERABLE_SIZE
},
3125 { set_connectable
, false, MGMT_SETTING_SIZE
},
3126 { set_fast_connectable
, false, MGMT_SETTING_SIZE
},
3127 { set_pairable
, false, MGMT_SETTING_SIZE
},
3128 { set_link_security
, false, MGMT_SETTING_SIZE
},
3129 { set_ssp
, false, MGMT_SETTING_SIZE
},
3130 { set_hs
, false, MGMT_SETTING_SIZE
},
3131 { set_le
, false, MGMT_SETTING_SIZE
},
3132 { set_dev_class
, false, MGMT_SET_DEV_CLASS_SIZE
},
3133 { set_local_name
, false, MGMT_SET_LOCAL_NAME_SIZE
},
3134 { add_uuid
, false, MGMT_ADD_UUID_SIZE
},
3135 { remove_uuid
, false, MGMT_REMOVE_UUID_SIZE
},
3136 { load_link_keys
, true, MGMT_LOAD_LINK_KEYS_SIZE
},
3137 { load_long_term_keys
, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE
},
3138 { disconnect
, false, MGMT_DISCONNECT_SIZE
},
3139 { get_connections
, false, MGMT_GET_CONNECTIONS_SIZE
},
3140 { pin_code_reply
, false, MGMT_PIN_CODE_REPLY_SIZE
},
3141 { pin_code_neg_reply
, false, MGMT_PIN_CODE_NEG_REPLY_SIZE
},
3142 { set_io_capability
, false, MGMT_SET_IO_CAPABILITY_SIZE
},
3143 { pair_device
, false, MGMT_PAIR_DEVICE_SIZE
},
3144 { cancel_pair_device
, false, MGMT_CANCEL_PAIR_DEVICE_SIZE
},
3145 { unpair_device
, false, MGMT_UNPAIR_DEVICE_SIZE
},
3146 { user_confirm_reply
, false, MGMT_USER_CONFIRM_REPLY_SIZE
},
3147 { user_confirm_neg_reply
, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE
},
3148 { user_passkey_reply
, false, MGMT_USER_PASSKEY_REPLY_SIZE
},
3149 { user_passkey_neg_reply
, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE
},
3150 { read_local_oob_data
, false, MGMT_READ_LOCAL_OOB_DATA_SIZE
},
3151 { add_remote_oob_data
, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE
},
3152 { remove_remote_oob_data
, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE
},
3153 { start_discovery
, false, MGMT_START_DISCOVERY_SIZE
},
3154 { stop_discovery
, false, MGMT_STOP_DISCOVERY_SIZE
},
3155 { confirm_name
, false, MGMT_CONFIRM_NAME_SIZE
},
3156 { block_device
, false, MGMT_BLOCK_DEVICE_SIZE
},
3157 { unblock_device
, false, MGMT_UNBLOCK_DEVICE_SIZE
},
3158 { set_device_id
, false, MGMT_SET_DEVICE_ID_SIZE
},
3162 int mgmt_control(struct sock
*sk
, struct msghdr
*msg
, size_t msglen
)
3166 struct mgmt_hdr
*hdr
;
3167 u16 opcode
, index
, len
;
3168 struct hci_dev
*hdev
= NULL
;
3169 const struct mgmt_handler
*handler
;
3172 BT_DBG("got %zu bytes", msglen
);
3174 if (msglen
< sizeof(*hdr
))
3177 buf
= kmalloc(msglen
, GFP_KERNEL
);
3181 if (memcpy_fromiovec(buf
, msg
->msg_iov
, msglen
)) {
3187 opcode
= __le16_to_cpu(hdr
->opcode
);
3188 index
= __le16_to_cpu(hdr
->index
);
3189 len
= __le16_to_cpu(hdr
->len
);
3191 if (len
!= msglen
- sizeof(*hdr
)) {
3196 if (index
!= MGMT_INDEX_NONE
) {
3197 hdev
= hci_dev_get(index
);
3199 err
= cmd_status(sk
, index
, opcode
,
3200 MGMT_STATUS_INVALID_INDEX
);
3205 if (opcode
>= ARRAY_SIZE(mgmt_handlers
) ||
3206 mgmt_handlers
[opcode
].func
== NULL
) {
3207 BT_DBG("Unknown op %u", opcode
);
3208 err
= cmd_status(sk
, index
, opcode
,
3209 MGMT_STATUS_UNKNOWN_COMMAND
);
3213 if ((hdev
&& opcode
< MGMT_OP_READ_INFO
) ||
3214 (!hdev
&& opcode
>= MGMT_OP_READ_INFO
)) {
3215 err
= cmd_status(sk
, index
, opcode
,
3216 MGMT_STATUS_INVALID_INDEX
);
3220 handler
= &mgmt_handlers
[opcode
];
3222 if ((handler
->var_len
&& len
< handler
->data_len
) ||
3223 (!handler
->var_len
&& len
!= handler
->data_len
)) {
3224 err
= cmd_status(sk
, index
, opcode
,
3225 MGMT_STATUS_INVALID_PARAMS
);
3230 mgmt_init_hdev(sk
, hdev
);
3232 cp
= buf
+ sizeof(*hdr
);
3234 err
= handler
->func(sk
, hdev
, cp
, len
);
3248 static void cmd_status_rsp(struct pending_cmd
*cmd
, void *data
)
3252 cmd_status(cmd
->sk
, cmd
->index
, cmd
->opcode
, *status
);
3253 mgmt_pending_remove(cmd
);
3256 int mgmt_index_added(struct hci_dev
*hdev
)
3258 if (!mgmt_valid_hdev(hdev
))
3261 return mgmt_event(MGMT_EV_INDEX_ADDED
, hdev
, NULL
, 0, NULL
);
3264 int mgmt_index_removed(struct hci_dev
*hdev
)
3266 u8 status
= MGMT_STATUS_INVALID_INDEX
;
3268 if (!mgmt_valid_hdev(hdev
))
3271 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status
);
3273 return mgmt_event(MGMT_EV_INDEX_REMOVED
, hdev
, NULL
, 0, NULL
);
3278 struct hci_dev
*hdev
;
3282 static void settings_rsp(struct pending_cmd
*cmd
, void *data
)
3284 struct cmd_lookup
*match
= data
;
3286 send_settings_rsp(cmd
->sk
, cmd
->opcode
, match
->hdev
);
3288 list_del(&cmd
->list
);
3290 if (match
->sk
== NULL
) {
3291 match
->sk
= cmd
->sk
;
3292 sock_hold(match
->sk
);
3295 mgmt_pending_free(cmd
);
3298 static void set_bredr_scan(struct hci_request
*req
)
3300 struct hci_dev
*hdev
= req
->hdev
;
3303 /* Ensure that fast connectable is disabled. This function will
3304 * not do anything if the page scan parameters are already what
3307 write_fast_connectable(req
, false);
3309 if (test_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3311 if (test_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
3312 scan
|= SCAN_INQUIRY
;
3315 hci_req_add(req
, HCI_OP_WRITE_SCAN_ENABLE
, 1, &scan
);
3318 static void powered_complete(struct hci_dev
*hdev
, u8 status
)
3320 struct cmd_lookup match
= { NULL
, hdev
};
3322 BT_DBG("status 0x%02x", status
);
3326 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
3328 new_settings(hdev
, match
.sk
);
3330 hci_dev_unlock(hdev
);
3336 static int powered_update_hci(struct hci_dev
*hdev
)
3338 struct hci_request req
;
3341 hci_req_init(&req
, hdev
);
3343 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
) &&
3344 !lmp_host_ssp_capable(hdev
)) {
3347 hci_req_add(&req
, HCI_OP_WRITE_SSP_MODE
, 1, &ssp
);
3350 if (test_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
)) {
3351 struct hci_cp_write_le_host_supported cp
;
3354 cp
.simul
= lmp_le_br_capable(hdev
);
3356 /* Check first if we already have the right
3357 * host state (host features set)
3359 if (cp
.le
!= lmp_host_le_capable(hdev
) ||
3360 cp
.simul
!= lmp_host_le_br_capable(hdev
))
3361 hci_req_add(&req
, HCI_OP_WRITE_LE_HOST_SUPPORTED
,
3365 link_sec
= test_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
);
3366 if (link_sec
!= test_bit(HCI_AUTH
, &hdev
->flags
))
3367 hci_req_add(&req
, HCI_OP_WRITE_AUTH_ENABLE
,
3368 sizeof(link_sec
), &link_sec
);
3370 if (lmp_bredr_capable(hdev
)) {
3371 set_bredr_scan(&req
);
3377 return hci_req_run(&req
, powered_complete
);
3380 int mgmt_powered(struct hci_dev
*hdev
, u8 powered
)
3382 struct cmd_lookup match
= { NULL
, hdev
};
3383 u8 status_not_powered
= MGMT_STATUS_NOT_POWERED
;
3384 u8 zero_cod
[] = { 0, 0, 0 };
3387 if (!test_bit(HCI_MGMT
, &hdev
->dev_flags
))
3391 if (powered_update_hci(hdev
) == 0)
3394 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
,
3399 mgmt_pending_foreach(MGMT_OP_SET_POWERED
, hdev
, settings_rsp
, &match
);
3400 mgmt_pending_foreach(0, hdev
, cmd_status_rsp
, &status_not_powered
);
3402 if (memcmp(hdev
->dev_class
, zero_cod
, sizeof(zero_cod
)) != 0)
3403 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
,
3404 zero_cod
, sizeof(zero_cod
), NULL
);
3407 err
= new_settings(hdev
, match
.sk
);
3415 int mgmt_discoverable(struct hci_dev
*hdev
, u8 discoverable
)
3417 struct cmd_lookup match
= { NULL
, hdev
};
3418 bool changed
= false;
3422 if (!test_and_set_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
3425 if (test_and_clear_bit(HCI_DISCOVERABLE
, &hdev
->dev_flags
))
3429 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
, settings_rsp
,
3433 err
= new_settings(hdev
, match
.sk
);
3441 int mgmt_connectable(struct hci_dev
*hdev
, u8 connectable
)
3443 struct pending_cmd
*cmd
;
3444 bool changed
= false;
3448 if (!test_and_set_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3451 if (test_and_clear_bit(HCI_CONNECTABLE
, &hdev
->dev_flags
))
3455 cmd
= mgmt_pending_find(MGMT_OP_SET_CONNECTABLE
, hdev
);
3458 err
= new_settings(hdev
, cmd
? cmd
->sk
: NULL
);
3463 int mgmt_write_scan_failed(struct hci_dev
*hdev
, u8 scan
, u8 status
)
3465 u8 mgmt_err
= mgmt_status(status
);
3467 if (scan
& SCAN_PAGE
)
3468 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE
, hdev
,
3469 cmd_status_rsp
, &mgmt_err
);
3471 if (scan
& SCAN_INQUIRY
)
3472 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE
, hdev
,
3473 cmd_status_rsp
, &mgmt_err
);
3478 int mgmt_new_link_key(struct hci_dev
*hdev
, struct link_key
*key
,
3481 struct mgmt_ev_new_link_key ev
;
3483 memset(&ev
, 0, sizeof(ev
));
3485 ev
.store_hint
= persistent
;
3486 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3487 ev
.key
.addr
.type
= BDADDR_BREDR
;
3488 ev
.key
.type
= key
->type
;
3489 memcpy(ev
.key
.val
, key
->val
, HCI_LINK_KEY_SIZE
);
3490 ev
.key
.pin_len
= key
->pin_len
;
3492 return mgmt_event(MGMT_EV_NEW_LINK_KEY
, hdev
, &ev
, sizeof(ev
), NULL
);
3495 int mgmt_new_ltk(struct hci_dev
*hdev
, struct smp_ltk
*key
, u8 persistent
)
3497 struct mgmt_ev_new_long_term_key ev
;
3499 memset(&ev
, 0, sizeof(ev
));
3501 ev
.store_hint
= persistent
;
3502 bacpy(&ev
.key
.addr
.bdaddr
, &key
->bdaddr
);
3503 ev
.key
.addr
.type
= link_to_bdaddr(LE_LINK
, key
->bdaddr_type
);
3504 ev
.key
.authenticated
= key
->authenticated
;
3505 ev
.key
.enc_size
= key
->enc_size
;
3506 ev
.key
.ediv
= key
->ediv
;
3508 if (key
->type
== HCI_SMP_LTK
)
3511 memcpy(ev
.key
.rand
, key
->rand
, sizeof(key
->rand
));
3512 memcpy(ev
.key
.val
, key
->val
, sizeof(key
->val
));
3514 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY
, hdev
, &ev
, sizeof(ev
),
3518 int mgmt_device_connected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3519 u8 addr_type
, u32 flags
, u8
*name
, u8 name_len
,
3523 struct mgmt_ev_device_connected
*ev
= (void *) buf
;
3526 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
3527 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3529 ev
->flags
= __cpu_to_le32(flags
);
3532 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
,
3535 if (dev_class
&& memcmp(dev_class
, "\0\0\0", 3) != 0)
3536 eir_len
= eir_append_data(ev
->eir
, eir_len
,
3537 EIR_CLASS_OF_DEV
, dev_class
, 3);
3539 ev
->eir_len
= cpu_to_le16(eir_len
);
3541 return mgmt_event(MGMT_EV_DEVICE_CONNECTED
, hdev
, buf
,
3542 sizeof(*ev
) + eir_len
, NULL
);
3545 static void disconnect_rsp(struct pending_cmd
*cmd
, void *data
)
3547 struct mgmt_cp_disconnect
*cp
= cmd
->param
;
3548 struct sock
**sk
= data
;
3549 struct mgmt_rp_disconnect rp
;
3551 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3552 rp
.addr
.type
= cp
->addr
.type
;
3554 cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
, 0, &rp
,
3560 mgmt_pending_remove(cmd
);
3563 static void unpair_device_rsp(struct pending_cmd
*cmd
, void *data
)
3565 struct hci_dev
*hdev
= data
;
3566 struct mgmt_cp_unpair_device
*cp
= cmd
->param
;
3567 struct mgmt_rp_unpair_device rp
;
3569 memset(&rp
, 0, sizeof(rp
));
3570 bacpy(&rp
.addr
.bdaddr
, &cp
->addr
.bdaddr
);
3571 rp
.addr
.type
= cp
->addr
.type
;
3573 device_unpaired(hdev
, &cp
->addr
.bdaddr
, cp
->addr
.type
, cmd
->sk
);
3575 cmd_complete(cmd
->sk
, cmd
->index
, cmd
->opcode
, 0, &rp
, sizeof(rp
));
3577 mgmt_pending_remove(cmd
);
3580 int mgmt_device_disconnected(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3581 u8 link_type
, u8 addr_type
, u8 reason
)
3583 struct mgmt_ev_device_disconnected ev
;
3584 struct sock
*sk
= NULL
;
3587 mgmt_pending_foreach(MGMT_OP_DISCONNECT
, hdev
, disconnect_rsp
, &sk
);
3589 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3590 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3593 err
= mgmt_event(MGMT_EV_DEVICE_DISCONNECTED
, hdev
, &ev
, sizeof(ev
),
3599 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3605 int mgmt_disconnect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3606 u8 link_type
, u8 addr_type
, u8 status
)
3608 struct mgmt_rp_disconnect rp
;
3609 struct pending_cmd
*cmd
;
3612 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE
, hdev
, unpair_device_rsp
,
3615 cmd
= mgmt_pending_find(MGMT_OP_DISCONNECT
, hdev
);
3619 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3620 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3622 err
= cmd_complete(cmd
->sk
, cmd
->index
, MGMT_OP_DISCONNECT
,
3623 mgmt_status(status
), &rp
, sizeof(rp
));
3625 mgmt_pending_remove(cmd
);
3630 int mgmt_connect_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3631 u8 addr_type
, u8 status
)
3633 struct mgmt_ev_connect_failed ev
;
3635 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3636 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3637 ev
.status
= mgmt_status(status
);
3639 return mgmt_event(MGMT_EV_CONNECT_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3642 int mgmt_pin_code_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 secure
)
3644 struct mgmt_ev_pin_code_request ev
;
3646 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3647 ev
.addr
.type
= BDADDR_BREDR
;
3650 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST
, hdev
, &ev
, sizeof(ev
),
3654 int mgmt_pin_code_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3657 struct pending_cmd
*cmd
;
3658 struct mgmt_rp_pin_code_reply rp
;
3661 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY
, hdev
);
3665 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3666 rp
.addr
.type
= BDADDR_BREDR
;
3668 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_REPLY
,
3669 mgmt_status(status
), &rp
, sizeof(rp
));
3671 mgmt_pending_remove(cmd
);
3676 int mgmt_pin_code_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3679 struct pending_cmd
*cmd
;
3680 struct mgmt_rp_pin_code_reply rp
;
3683 cmd
= mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY
, hdev
);
3687 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3688 rp
.addr
.type
= BDADDR_BREDR
;
3690 err
= cmd_complete(cmd
->sk
, hdev
->id
, MGMT_OP_PIN_CODE_NEG_REPLY
,
3691 mgmt_status(status
), &rp
, sizeof(rp
));
3693 mgmt_pending_remove(cmd
);
3698 int mgmt_user_confirm_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3699 u8 link_type
, u8 addr_type
, __le32 value
,
3702 struct mgmt_ev_user_confirm_request ev
;
3704 BT_DBG("%s", hdev
->name
);
3706 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3707 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3708 ev
.confirm_hint
= confirm_hint
;
3711 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST
, hdev
, &ev
, sizeof(ev
),
3715 int mgmt_user_passkey_request(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3716 u8 link_type
, u8 addr_type
)
3718 struct mgmt_ev_user_passkey_request ev
;
3720 BT_DBG("%s", hdev
->name
);
3722 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3723 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3725 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST
, hdev
, &ev
, sizeof(ev
),
3729 static int user_pairing_resp_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3730 u8 link_type
, u8 addr_type
, u8 status
,
3733 struct pending_cmd
*cmd
;
3734 struct mgmt_rp_user_confirm_reply rp
;
3737 cmd
= mgmt_pending_find(opcode
, hdev
);
3741 bacpy(&rp
.addr
.bdaddr
, bdaddr
);
3742 rp
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3743 err
= cmd_complete(cmd
->sk
, hdev
->id
, opcode
, mgmt_status(status
),
3746 mgmt_pending_remove(cmd
);
3751 int mgmt_user_confirm_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3752 u8 link_type
, u8 addr_type
, u8 status
)
3754 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3755 status
, MGMT_OP_USER_CONFIRM_REPLY
);
3758 int mgmt_user_confirm_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3759 u8 link_type
, u8 addr_type
, u8 status
)
3761 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3763 MGMT_OP_USER_CONFIRM_NEG_REPLY
);
3766 int mgmt_user_passkey_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3767 u8 link_type
, u8 addr_type
, u8 status
)
3769 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3770 status
, MGMT_OP_USER_PASSKEY_REPLY
);
3773 int mgmt_user_passkey_neg_reply_complete(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3774 u8 link_type
, u8 addr_type
, u8 status
)
3776 return user_pairing_resp_complete(hdev
, bdaddr
, link_type
, addr_type
,
3778 MGMT_OP_USER_PASSKEY_NEG_REPLY
);
3781 int mgmt_user_passkey_notify(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
,
3782 u8 link_type
, u8 addr_type
, u32 passkey
,
3785 struct mgmt_ev_passkey_notify ev
;
3787 BT_DBG("%s", hdev
->name
);
3789 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3790 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3791 ev
.passkey
= __cpu_to_le32(passkey
);
3792 ev
.entered
= entered
;
3794 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY
, hdev
, &ev
, sizeof(ev
), NULL
);
3797 int mgmt_auth_failed(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
3798 u8 addr_type
, u8 status
)
3800 struct mgmt_ev_auth_failed ev
;
3802 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
3803 ev
.addr
.type
= link_to_bdaddr(link_type
, addr_type
);
3804 ev
.status
= mgmt_status(status
);
3806 return mgmt_event(MGMT_EV_AUTH_FAILED
, hdev
, &ev
, sizeof(ev
), NULL
);
3809 int mgmt_auth_enable_complete(struct hci_dev
*hdev
, u8 status
)
3811 struct cmd_lookup match
= { NULL
, hdev
};
3812 bool changed
= false;
3816 u8 mgmt_err
= mgmt_status(status
);
3817 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
,
3818 cmd_status_rsp
, &mgmt_err
);
3822 if (test_bit(HCI_AUTH
, &hdev
->flags
)) {
3823 if (!test_and_set_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3826 if (test_and_clear_bit(HCI_LINK_SECURITY
, &hdev
->dev_flags
))
3830 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY
, hdev
, settings_rsp
,
3834 err
= new_settings(hdev
, match
.sk
);
3842 static void clear_eir(struct hci_request
*req
)
3844 struct hci_dev
*hdev
= req
->hdev
;
3845 struct hci_cp_write_eir cp
;
3847 if (!lmp_ext_inq_capable(hdev
))
3850 memset(hdev
->eir
, 0, sizeof(hdev
->eir
));
3852 memset(&cp
, 0, sizeof(cp
));
3854 hci_req_add(req
, HCI_OP_WRITE_EIR
, sizeof(cp
), &cp
);
3857 int mgmt_ssp_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3859 struct cmd_lookup match
= { NULL
, hdev
};
3860 struct hci_request req
;
3861 bool changed
= false;
3865 u8 mgmt_err
= mgmt_status(status
);
3867 if (enable
&& test_and_clear_bit(HCI_SSP_ENABLED
,
3869 err
= new_settings(hdev
, NULL
);
3871 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, cmd_status_rsp
,
3878 if (!test_and_set_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3881 if (test_and_clear_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3885 mgmt_pending_foreach(MGMT_OP_SET_SSP
, hdev
, settings_rsp
, &match
);
3888 err
= new_settings(hdev
, match
.sk
);
3893 hci_req_init(&req
, hdev
);
3895 if (test_bit(HCI_SSP_ENABLED
, &hdev
->dev_flags
))
3900 hci_req_run(&req
, NULL
);
3905 static void sk_lookup(struct pending_cmd
*cmd
, void *data
)
3907 struct cmd_lookup
*match
= data
;
3909 if (match
->sk
== NULL
) {
3910 match
->sk
= cmd
->sk
;
3911 sock_hold(match
->sk
);
3915 int mgmt_set_class_of_dev_complete(struct hci_dev
*hdev
, u8
*dev_class
,
3918 struct cmd_lookup match
= { NULL
, hdev
, mgmt_status(status
) };
3921 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS
, hdev
, sk_lookup
, &match
);
3922 mgmt_pending_foreach(MGMT_OP_ADD_UUID
, hdev
, sk_lookup
, &match
);
3923 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID
, hdev
, sk_lookup
, &match
);
3926 err
= mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED
, hdev
, dev_class
,
3935 int mgmt_set_local_name_complete(struct hci_dev
*hdev
, u8
*name
, u8 status
)
3937 struct mgmt_cp_set_local_name ev
;
3938 struct pending_cmd
*cmd
;
3943 memset(&ev
, 0, sizeof(ev
));
3944 memcpy(ev
.name
, name
, HCI_MAX_NAME_LENGTH
);
3945 memcpy(ev
.short_name
, hdev
->short_name
, HCI_MAX_SHORT_NAME_LENGTH
);
3947 cmd
= mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME
, hdev
);
3949 memcpy(hdev
->dev_name
, name
, sizeof(hdev
->dev_name
));
3951 /* If this is a HCI command related to powering on the
3952 * HCI dev don't send any mgmt signals.
3954 if (mgmt_pending_find(MGMT_OP_SET_POWERED
, hdev
))
3958 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED
, hdev
, &ev
, sizeof(ev
),
3959 cmd
? cmd
->sk
: NULL
);
3962 int mgmt_read_local_oob_data_reply_complete(struct hci_dev
*hdev
, u8
*hash
,
3963 u8
*randomizer
, u8 status
)
3965 struct pending_cmd
*cmd
;
3968 BT_DBG("%s status %u", hdev
->name
, status
);
3970 cmd
= mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA
, hdev
);
3975 err
= cmd_status(cmd
->sk
, hdev
->id
, MGMT_OP_READ_LOCAL_OOB_DATA
,
3976 mgmt_status(status
));
3978 struct mgmt_rp_read_local_oob_data rp
;
3980 memcpy(rp
.hash
, hash
, sizeof(rp
.hash
));
3981 memcpy(rp
.randomizer
, randomizer
, sizeof(rp
.randomizer
));
3983 err
= cmd_complete(cmd
->sk
, hdev
->id
,
3984 MGMT_OP_READ_LOCAL_OOB_DATA
, 0, &rp
,
3988 mgmt_pending_remove(cmd
);
3993 int mgmt_le_enable_complete(struct hci_dev
*hdev
, u8 enable
, u8 status
)
3995 struct cmd_lookup match
= { NULL
, hdev
};
3996 bool changed
= false;
4000 u8 mgmt_err
= mgmt_status(status
);
4002 if (enable
&& test_and_clear_bit(HCI_LE_ENABLED
,
4004 err
= new_settings(hdev
, NULL
);
4006 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, cmd_status_rsp
,
4013 if (!test_and_set_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
4016 if (test_and_clear_bit(HCI_LE_ENABLED
, &hdev
->dev_flags
))
4020 mgmt_pending_foreach(MGMT_OP_SET_LE
, hdev
, settings_rsp
, &match
);
4023 err
= new_settings(hdev
, match
.sk
);
4031 int mgmt_device_found(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
4032 u8 addr_type
, u8
*dev_class
, s8 rssi
, u8 cfm_name
, u8
4033 ssp
, u8
*eir
, u16 eir_len
)
4036 struct mgmt_ev_device_found
*ev
= (void *) buf
;
4039 /* Leave 5 bytes for a potential CoD field */
4040 if (sizeof(*ev
) + eir_len
+ 5 > sizeof(buf
))
4043 memset(buf
, 0, sizeof(buf
));
4045 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
4046 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
4049 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME
);
4051 ev
->flags
|= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING
);
4054 memcpy(ev
->eir
, eir
, eir_len
);
4056 if (dev_class
&& !eir_has_data_type(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
))
4057 eir_len
= eir_append_data(ev
->eir
, eir_len
, EIR_CLASS_OF_DEV
,
4060 ev
->eir_len
= cpu_to_le16(eir_len
);
4061 ev_size
= sizeof(*ev
) + eir_len
;
4063 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
, ev_size
, NULL
);
4066 int mgmt_remote_name(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 link_type
,
4067 u8 addr_type
, s8 rssi
, u8
*name
, u8 name_len
)
4069 struct mgmt_ev_device_found
*ev
;
4070 char buf
[sizeof(*ev
) + HCI_MAX_NAME_LENGTH
+ 2];
4073 ev
= (struct mgmt_ev_device_found
*) buf
;
4075 memset(buf
, 0, sizeof(buf
));
4077 bacpy(&ev
->addr
.bdaddr
, bdaddr
);
4078 ev
->addr
.type
= link_to_bdaddr(link_type
, addr_type
);
4081 eir_len
= eir_append_data(ev
->eir
, 0, EIR_NAME_COMPLETE
, name
,
4084 ev
->eir_len
= cpu_to_le16(eir_len
);
4086 return mgmt_event(MGMT_EV_DEVICE_FOUND
, hdev
, ev
,
4087 sizeof(*ev
) + eir_len
, NULL
);
4090 int mgmt_start_discovery_failed(struct hci_dev
*hdev
, u8 status
)
4092 struct pending_cmd
*cmd
;
4096 hci_discovery_set_state(hdev
, DISCOVERY_STOPPED
);
4098 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
4102 type
= hdev
->discovery
.type
;
4104 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
4105 &type
, sizeof(type
));
4106 mgmt_pending_remove(cmd
);
4111 int mgmt_stop_discovery_failed(struct hci_dev
*hdev
, u8 status
)
4113 struct pending_cmd
*cmd
;
4116 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
4120 err
= cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, mgmt_status(status
),
4121 &hdev
->discovery
.type
, sizeof(hdev
->discovery
.type
));
4122 mgmt_pending_remove(cmd
);
4127 int mgmt_discovering(struct hci_dev
*hdev
, u8 discovering
)
4129 struct mgmt_ev_discovering ev
;
4130 struct pending_cmd
*cmd
;
4132 BT_DBG("%s discovering %u", hdev
->name
, discovering
);
4135 cmd
= mgmt_pending_find(MGMT_OP_START_DISCOVERY
, hdev
);
4137 cmd
= mgmt_pending_find(MGMT_OP_STOP_DISCOVERY
, hdev
);
4140 u8 type
= hdev
->discovery
.type
;
4142 cmd_complete(cmd
->sk
, hdev
->id
, cmd
->opcode
, 0, &type
,
4144 mgmt_pending_remove(cmd
);
4147 memset(&ev
, 0, sizeof(ev
));
4148 ev
.type
= hdev
->discovery
.type
;
4149 ev
.discovering
= discovering
;
4151 return mgmt_event(MGMT_EV_DISCOVERING
, hdev
, &ev
, sizeof(ev
), NULL
);
4154 int mgmt_device_blocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
4156 struct pending_cmd
*cmd
;
4157 struct mgmt_ev_device_blocked ev
;
4159 cmd
= mgmt_pending_find(MGMT_OP_BLOCK_DEVICE
, hdev
);
4161 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
4162 ev
.addr
.type
= type
;
4164 return mgmt_event(MGMT_EV_DEVICE_BLOCKED
, hdev
, &ev
, sizeof(ev
),
4165 cmd
? cmd
->sk
: NULL
);
4168 int mgmt_device_unblocked(struct hci_dev
*hdev
, bdaddr_t
*bdaddr
, u8 type
)
4170 struct pending_cmd
*cmd
;
4171 struct mgmt_ev_device_unblocked ev
;
4173 cmd
= mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE
, hdev
);
4175 bacpy(&ev
.addr
.bdaddr
, bdaddr
);
4176 ev
.addr
.type
= type
;
4178 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED
, hdev
, &ev
, sizeof(ev
),
4179 cmd
? cmd
->sk
: NULL
);
4182 module_param(enable_hs
, bool, 0644);
4183 MODULE_PARM_DESC(enable_hs
, "Enable High Speed support");
projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob