2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 err = sock_queue_rcv_skb(sk, skb);
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
81 struct mgmt_ev_cmd_complete *ev;
84 BT_DBG("sock %p", sk);
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
100 memcpy(ev->data, rp, rp_len);
102 err = sock_queue_rcv_skb(sk, skb);
109 static int read_version(struct sock *sk)
111 struct mgmt_rp_read_version rp;
113 BT_DBG("sock %p", sk);
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
122 static int read_index_list(struct sock *sk)
124 struct mgmt_rp_read_index_list *rp;
131 BT_DBG("sock %p", sk);
133 read_lock(&hci_dev_list_lock);
136 list_for_each(p, &hci_dev_list) {
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
143 read_unlock(&hci_dev_list_lock);
147 put_unaligned_le16(count, &rp->num_controllers);
150 list_for_each_entry(d, &hci_dev_list, list) {
151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
152 cancel_delayed_work(&d->power_off);
154 if (test_bit(HCI_SETUP, &d->flags))
157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
161 read_unlock(&hci_dev_list_lock);
163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
171 static int read_controller_info(struct sock *sk, u16 index)
173 struct mgmt_rp_read_info rp;
174 struct hci_dev *hdev;
176 BT_DBG("sock %p hci%u", sk, index);
178 hdev = hci_dev_get(index);
180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
185 hci_dev_lock_bh(hdev);
187 set_bit(HCI_MGMT, &hdev->flags);
189 memset(&rp, 0, sizeof(rp));
191 rp.type = hdev->dev_type;
193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198 if (test_bit(HCI_AUTH, &hdev->flags))
200 else if (hdev->ssp_mode > 0)
205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214 hci_dev_unlock_bh(hdev);
217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
220 static void mgmt_pending_free(struct pending_cmd *cmd)
227 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
228 struct hci_dev *hdev,
231 struct pending_cmd *cmd;
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
237 cmd->opcode = opcode;
238 cmd->index = hdev->id;
240 cmd->param = kmalloc(len, GFP_ATOMIC);
247 memcpy(cmd->param, data, len);
252 list_add(&cmd->list, &hdev->mgmt_pending);
257 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
258 void (*cb)(struct pending_cmd *cmd, void *data),
261 struct list_head *p, *n;
263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
264 struct pending_cmd *cmd;
266 cmd = list_entry(p, struct pending_cmd, list);
268 if (opcode > 0 && cmd->opcode != opcode)
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
277 struct pending_cmd *cmd;
279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
280 if (cmd->opcode == opcode)
287 static void mgmt_pending_remove(struct pending_cmd *cmd)
289 list_del(&cmd->list);
290 mgmt_pending_free(cmd);
293 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
295 struct mgmt_mode *cp;
296 struct hci_dev *hdev;
297 struct pending_cmd *cmd;
302 BT_DBG("request for hci%u", index);
304 if (len != sizeof(*cp))
305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
307 hdev = hci_dev_get(index);
309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
311 hci_dev_lock_bh(hdev);
313 up = test_bit(HCI_UP, &hdev->flags);
314 if ((cp->val && up) || (!cp->val && !up)) {
315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
331 queue_work(hdev->workqueue, &hdev->power_on);
333 queue_work(hdev->workqueue, &hdev->power_off.work);
338 hci_dev_unlock_bh(hdev);
343 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
346 struct mgmt_cp_set_discoverable *cp;
347 struct hci_dev *hdev;
348 struct pending_cmd *cmd;
354 BT_DBG("request for hci%u", index);
356 if (len != sizeof(*cp))
357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
359 hdev = hci_dev_get(index);
361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
363 hci_dev_lock_bh(hdev);
365 if (!test_bit(HCI_UP, &hdev->flags)) {
366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
377 test_bit(HCI_PSCAN, &hdev->flags)) {
378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
391 scan |= SCAN_INQUIRY;
393 cancel_delayed_work(&hdev->discov_off);
395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 mgmt_pending_remove(cmd);
400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
403 hci_dev_unlock_bh(hdev);
409 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
412 struct mgmt_mode *cp;
413 struct hci_dev *hdev;
414 struct pending_cmd *cmd;
420 BT_DBG("request for hci%u", index);
422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
425 hdev = hci_dev_get(index);
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
429 hci_dev_lock_bh(hdev);
431 if (!test_bit(HCI_UP, &hdev->flags)) {
432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
460 mgmt_pending_remove(cmd);
463 hci_dev_unlock_bh(hdev);
469 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
470 u16 data_len, struct sock *skip_sk)
473 struct mgmt_hdr *hdr;
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
484 hdr->index = cpu_to_le16(hdev->id);
486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
487 hdr->len = cpu_to_le16(data_len);
490 memcpy(skb_put(skb, data_len), data, data_len);
492 hci_send_to_sock(NULL, skb, skip_sk);
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
516 BT_DBG("request for hci%u", index);
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
521 hdev = hci_dev_get(index);
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
525 hci_dev_lock_bh(hdev);
528 set_bit(HCI_PAIRABLE, &hdev->flags);
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
541 hci_dev_unlock_bh(hdev);
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
559 #define PNP_INFO_SVCLASS_ID 0x1200
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566 static u16 get_uuid16(u8 *uuid128)
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
576 memcpy(&val, &uuid128[12], 4);
578 val = le32_to_cpu(val);
585 static void create_eir(struct hci_dev *hdev, u8 *data)
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct bt_uuid *uuid;
594 name_len = strlen(hdev->dev_name);
600 ptr[1] = EIR_NAME_SHORT;
602 ptr[1] = EIR_NAME_COMPLETE;
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
607 memcpy(ptr + 2, hdev->dev_name, name_len);
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
613 memset(uuid16_list, 0, sizeof(uuid16_list));
615 /* Group all UUID16 types */
616 list_for_each_entry(uuid, &hdev->uuids, list) {
619 uuid16 = get_uuid16(uuid->uuid);
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
646 if (uuid16_list[0] != 0) {
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
665 static int update_eir(struct hci_dev *hdev)
667 struct hci_cp_write_eir cp;
669 if (!(hdev->features[6] & LMP_EXT_INQ))
672 if (hdev->ssp_mode == 0)
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
678 memset(&cp, 0, sizeof(cp));
680 create_eir(hdev, cp.data);
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
690 static u8 get_service_classes(struct hci_dev *hdev)
692 struct bt_uuid *uuid;
695 list_for_each_entry(uuid, &hdev->uuids, list)
696 val |= uuid->svc_hint;
701 static int update_class(struct hci_dev *hdev)
705 BT_DBG("%s", hdev->name);
707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
710 cod[0] = hdev->minor_class;
711 cod[1] = hdev->major_class;
712 cod[2] = get_service_classes(hdev);
714 if (memcmp(cod, hdev->dev_class, 3) == 0)
717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
720 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
722 struct mgmt_cp_add_uuid *cp;
723 struct hci_dev *hdev;
724 struct bt_uuid *uuid;
729 BT_DBG("request for hci%u", index);
731 if (len != sizeof(*cp))
732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
734 hdev = hci_dev_get(index);
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
738 hci_dev_lock_bh(hdev);
740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
746 memcpy(uuid->uuid, cp->uuid, 16);
747 uuid->svc_hint = cp->svc_hint;
749 list_add(&uuid->list, &hdev->uuids);
751 err = update_class(hdev);
755 err = update_eir(hdev);
759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
762 hci_dev_unlock_bh(hdev);
768 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
770 struct list_head *p, *n;
771 struct mgmt_cp_remove_uuid *cp;
772 struct hci_dev *hdev;
773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 BT_DBG("request for hci%u", index);
780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
783 hdev = hci_dev_get(index);
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
787 hci_dev_lock_bh(hdev);
789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
790 err = hci_uuids_clear(hdev);
796 list_for_each_safe(p, n, &hdev->uuids) {
797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
799 if (memcmp(match->uuid, cp->uuid, 16) != 0)
802 list_del(&match->list);
807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
811 err = update_class(hdev);
815 err = update_eir(hdev);
819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
822 hci_dev_unlock_bh(hdev);
828 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
831 struct hci_dev *hdev;
832 struct mgmt_cp_set_dev_class *cp;
837 BT_DBG("request for hci%u", index);
839 if (len != sizeof(*cp))
840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
842 hdev = hci_dev_get(index);
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
846 hci_dev_lock_bh(hdev);
848 hdev->major_class = cp->major;
849 hdev->minor_class = cp->minor;
851 err = update_class(hdev);
854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
856 hci_dev_unlock_bh(hdev);
862 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
865 struct hci_dev *hdev;
866 struct mgmt_cp_set_service_cache *cp;
871 if (len != sizeof(*cp))
872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
874 hdev = hci_dev_get(index);
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
878 hci_dev_lock_bh(hdev);
880 BT_DBG("hci%u enable %d", index, cp->enable);
883 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = update_class(hdev);
889 err = update_eir(hdev);
893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
899 hci_dev_unlock_bh(hdev);
905 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_link_keys *cp;
910 u16 key_count, expected_len;
915 if (len < sizeof(*cp))
916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
918 key_count = get_unaligned_le16(&cp->key_count);
920 expected_len = sizeof(*cp) + key_count *
921 sizeof(struct mgmt_link_key_info);
922 if (expected_len != len) {
923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
928 hdev = hci_dev_get(index);
930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
935 hci_dev_lock_bh(hdev);
937 hci_link_keys_clear(hdev);
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
946 for (i = 0; i < key_count; i++) {
947 struct mgmt_link_key_info *key = &cp->keys[i];
949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
953 hci_dev_unlock_bh(hdev);
959 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
962 struct hci_dev *hdev;
963 struct mgmt_cp_remove_keys *cp;
964 struct mgmt_rp_remove_keys rp;
965 struct hci_cp_disconnect dc;
966 struct pending_cmd *cmd;
967 struct hci_conn *conn;
972 if (len != sizeof(*cp))
973 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
975 hdev = hci_dev_get(index);
977 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
979 hci_dev_lock_bh(hdev);
981 memset(&rp, 0, sizeof(rp));
982 bacpy(&rp.bdaddr, &cp->bdaddr);
984 err = hci_remove_link_key(hdev, &cp->bdaddr);
988 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
996 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1001 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1007 put_unaligned_le16(conn->handle, &dc.handle);
1008 dc.reason = 0x13; /* Remote User Terminated Connection */
1009 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1011 mgmt_pending_remove(cmd);
1016 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1019 hci_dev_unlock_bh(hdev);
1025 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1027 struct hci_dev *hdev;
1028 struct mgmt_cp_disconnect *cp;
1029 struct hci_cp_disconnect dc;
1030 struct pending_cmd *cmd;
1031 struct hci_conn *conn;
1038 if (len != sizeof(*cp))
1039 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1041 hdev = hci_dev_get(index);
1043 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1045 hci_dev_lock_bh(hdev);
1047 if (!test_bit(HCI_UP, &hdev->flags)) {
1048 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1052 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1053 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1059 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1062 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1066 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1072 put_unaligned_le16(conn->handle, &dc.handle);
1073 dc.reason = 0x13; /* Remote User Terminated Connection */
1075 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1077 mgmt_pending_remove(cmd);
1080 hci_dev_unlock_bh(hdev);
1086 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1088 switch (link_type) {
1090 switch (addr_type) {
1091 case ADDR_LE_DEV_PUBLIC:
1092 return MGMT_ADDR_LE_PUBLIC;
1093 case ADDR_LE_DEV_RANDOM:
1094 return MGMT_ADDR_LE_RANDOM;
1096 return MGMT_ADDR_INVALID;
1099 return MGMT_ADDR_BREDR;
1101 return MGMT_ADDR_INVALID;
1105 static int get_connections(struct sock *sk, u16 index)
1107 struct mgmt_rp_get_connections *rp;
1108 struct hci_dev *hdev;
1110 struct list_head *p;
1117 hdev = hci_dev_get(index);
1119 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1121 hci_dev_lock_bh(hdev);
1124 list_for_each(p, &hdev->conn_hash.list) {
1128 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1129 rp = kmalloc(rp_len, GFP_ATOMIC);
1135 put_unaligned_le16(count, &rp->conn_count);
1138 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1139 bacpy(&rp->addr[i].bdaddr, &c->dst);
1140 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1141 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1146 /* Recalculate length in case of filtered SCO connections, etc */
1147 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1149 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1153 hci_dev_unlock_bh(hdev);
1158 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1159 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1161 struct pending_cmd *cmd;
1164 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1169 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1172 mgmt_pending_remove(cmd);
1177 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1180 struct hci_dev *hdev;
1181 struct hci_conn *conn;
1182 struct mgmt_cp_pin_code_reply *cp;
1183 struct mgmt_cp_pin_code_neg_reply ncp;
1184 struct hci_cp_pin_code_reply reply;
1185 struct pending_cmd *cmd;
1192 if (len != sizeof(*cp))
1193 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1195 hdev = hci_dev_get(index);
1197 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1199 hci_dev_lock_bh(hdev);
1201 if (!test_bit(HCI_UP, &hdev->flags)) {
1202 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1206 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1208 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1212 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1213 bacpy(&ncp.bdaddr, &cp->bdaddr);
1215 BT_ERR("PIN code is not 16 bytes long");
1217 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1219 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1225 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1231 bacpy(&reply.bdaddr, &cp->bdaddr);
1232 reply.pin_len = cp->pin_len;
1233 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1235 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1237 mgmt_pending_remove(cmd);
1240 hci_dev_unlock_bh(hdev);
1246 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1249 struct hci_dev *hdev;
1250 struct mgmt_cp_pin_code_neg_reply *cp;
1257 if (len != sizeof(*cp))
1258 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1261 hdev = hci_dev_get(index);
1263 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1266 hci_dev_lock_bh(hdev);
1268 if (!test_bit(HCI_UP, &hdev->flags)) {
1269 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1274 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1277 hci_dev_unlock_bh(hdev);
1283 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1286 struct hci_dev *hdev;
1287 struct mgmt_cp_set_io_capability *cp;
1293 if (len != sizeof(*cp))
1294 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1296 hdev = hci_dev_get(index);
1298 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1300 hci_dev_lock_bh(hdev);
1302 hdev->io_capability = cp->io_capability;
1304 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1305 hdev->io_capability);
1307 hci_dev_unlock_bh(hdev);
1310 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1313 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1315 struct hci_dev *hdev = conn->hdev;
1316 struct pending_cmd *cmd;
1318 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1319 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1322 if (cmd->user_data != conn)
1331 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1333 struct mgmt_rp_pair_device rp;
1334 struct hci_conn *conn = cmd->user_data;
1336 bacpy(&rp.bdaddr, &conn->dst);
1339 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1341 /* So we don't get further callbacks for this connection */
1342 conn->connect_cfm_cb = NULL;
1343 conn->security_cfm_cb = NULL;
1344 conn->disconn_cfm_cb = NULL;
1348 mgmt_pending_remove(cmd);
1351 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1353 struct pending_cmd *cmd;
1355 BT_DBG("status %u", status);
1357 cmd = find_pairing(conn);
1359 BT_DBG("Unable to find a pending command");
1361 pairing_complete(cmd, status);
1364 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1366 struct hci_dev *hdev;
1367 struct mgmt_cp_pair_device *cp;
1368 struct pending_cmd *cmd;
1369 struct adv_entry *entry;
1370 u8 sec_level, auth_type;
1371 struct hci_conn *conn;
1378 if (len != sizeof(*cp))
1379 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1381 hdev = hci_dev_get(index);
1383 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1385 hci_dev_lock_bh(hdev);
1387 sec_level = BT_SECURITY_MEDIUM;
1388 if (cp->io_cap == 0x03)
1389 auth_type = HCI_AT_DEDICATED_BONDING;
1391 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1393 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1395 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1398 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1402 err = PTR_ERR(conn);
1406 if (conn->connect_cfm_cb) {
1408 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1412 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1419 /* For LE, just connecting isn't a proof that the pairing finished */
1421 conn->connect_cfm_cb = pairing_complete_cb;
1423 conn->security_cfm_cb = pairing_complete_cb;
1424 conn->disconn_cfm_cb = pairing_complete_cb;
1425 conn->io_capability = cp->io_cap;
1426 cmd->user_data = conn;
1428 if (conn->state == BT_CONNECTED &&
1429 hci_conn_security(conn, sec_level, auth_type))
1430 pairing_complete(cmd, 0);
1435 hci_dev_unlock_bh(hdev);
1441 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1442 u16 len, int success)
1444 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1445 u16 mgmt_op, hci_op;
1446 struct pending_cmd *cmd;
1447 struct hci_dev *hdev;
1453 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1454 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1456 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1457 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1460 if (len != sizeof(*cp))
1461 return cmd_status(sk, index, mgmt_op, EINVAL);
1463 hdev = hci_dev_get(index);
1465 return cmd_status(sk, index, mgmt_op, ENODEV);
1467 hci_dev_lock_bh(hdev);
1469 if (!test_bit(HCI_UP, &hdev->flags)) {
1470 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1474 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1480 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1482 mgmt_pending_remove(cmd);
1485 hci_dev_unlock_bh(hdev);
1491 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1494 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1495 struct hci_cp_write_local_name hci_cp;
1496 struct hci_dev *hdev;
1497 struct pending_cmd *cmd;
1502 if (len != sizeof(*mgmt_cp))
1503 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1505 hdev = hci_dev_get(index);
1507 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1509 hci_dev_lock_bh(hdev);
1511 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1517 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1518 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1521 mgmt_pending_remove(cmd);
1524 hci_dev_unlock_bh(hdev);
1530 static int read_local_oob_data(struct sock *sk, u16 index)
1532 struct hci_dev *hdev;
1533 struct pending_cmd *cmd;
1536 BT_DBG("hci%u", index);
1538 hdev = hci_dev_get(index);
1540 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1543 hci_dev_lock_bh(hdev);
1545 if (!test_bit(HCI_UP, &hdev->flags)) {
1546 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1551 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1552 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1557 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1558 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1562 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1568 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1570 mgmt_pending_remove(cmd);
1573 hci_dev_unlock_bh(hdev);
1579 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1582 struct hci_dev *hdev;
1583 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1586 BT_DBG("hci%u ", index);
1588 if (len != sizeof(*cp))
1589 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1592 hdev = hci_dev_get(index);
1594 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1597 hci_dev_lock_bh(hdev);
1599 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1602 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1604 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1607 hci_dev_unlock_bh(hdev);
1613 static int remove_remote_oob_data(struct sock *sk, u16 index,
1614 unsigned char *data, u16 len)
1616 struct hci_dev *hdev;
1617 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1620 BT_DBG("hci%u ", index);
1622 if (len != sizeof(*cp))
1623 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1626 hdev = hci_dev_get(index);
1628 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1631 hci_dev_lock_bh(hdev);
1633 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1635 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1638 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1641 hci_dev_unlock_bh(hdev);
1647 static int start_discovery(struct sock *sk, u16 index)
1649 struct pending_cmd *cmd;
1650 struct hci_dev *hdev;
1653 BT_DBG("hci%u", index);
1655 hdev = hci_dev_get(index);
1657 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1659 hci_dev_lock_bh(hdev);
1661 if (!test_bit(HCI_UP, &hdev->flags)) {
1662 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1666 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1672 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1674 mgmt_pending_remove(cmd);
1677 hci_dev_unlock_bh(hdev);
1683 static int stop_discovery(struct sock *sk, u16 index)
1685 struct hci_dev *hdev;
1686 struct pending_cmd *cmd;
1689 BT_DBG("hci%u", index);
1691 hdev = hci_dev_get(index);
1693 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1695 hci_dev_lock_bh(hdev);
1697 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1703 err = hci_cancel_inquiry(hdev);
1705 mgmt_pending_remove(cmd);
1708 hci_dev_unlock_bh(hdev);
1714 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1717 struct hci_dev *hdev;
1718 struct mgmt_cp_block_device *cp = (void *) data;
1721 BT_DBG("hci%u", index);
1723 if (len != sizeof(*cp))
1724 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1727 hdev = hci_dev_get(index);
1729 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1732 hci_dev_lock_bh(hdev);
1734 err = hci_blacklist_add(hdev, &cp->bdaddr);
1736 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1738 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1741 hci_dev_unlock_bh(hdev);
1747 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1750 struct hci_dev *hdev;
1751 struct mgmt_cp_unblock_device *cp = (void *) data;
1754 BT_DBG("hci%u", index);
1756 if (len != sizeof(*cp))
1757 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1760 hdev = hci_dev_get(index);
1762 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1765 hci_dev_lock_bh(hdev);
1767 err = hci_blacklist_del(hdev, &cp->bdaddr);
1770 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1772 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1775 hci_dev_unlock_bh(hdev);
1781 static int set_fast_connectable(struct sock *sk, u16 index,
1782 unsigned char *data, u16 len)
1784 struct hci_dev *hdev;
1785 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1786 struct hci_cp_write_page_scan_activity acp;
1790 BT_DBG("hci%u", index);
1792 if (len != sizeof(*cp))
1793 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1796 hdev = hci_dev_get(index);
1798 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1804 type = PAGE_SCAN_TYPE_INTERLACED;
1805 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1807 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1808 acp.interval = 0x0800; /* default 1.28 sec page scan */
1811 acp.window = 0x0012; /* default 11.25 msec page scan window */
1813 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1816 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1821 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1823 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1828 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1831 hci_dev_unlock(hdev);
1837 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1840 struct mgmt_hdr *hdr;
1841 u16 opcode, index, len;
1844 BT_DBG("got %zu bytes", msglen);
1846 if (msglen < sizeof(*hdr))
1849 buf = kmalloc(msglen, GFP_KERNEL);
1853 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1858 hdr = (struct mgmt_hdr *) buf;
1859 opcode = get_unaligned_le16(&hdr->opcode);
1860 index = get_unaligned_le16(&hdr->index);
1861 len = get_unaligned_le16(&hdr->len);
1863 if (len != msglen - sizeof(*hdr)) {
1869 case MGMT_OP_READ_VERSION:
1870 err = read_version(sk);
1872 case MGMT_OP_READ_INDEX_LIST:
1873 err = read_index_list(sk);
1875 case MGMT_OP_READ_INFO:
1876 err = read_controller_info(sk, index);
1878 case MGMT_OP_SET_POWERED:
1879 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1881 case MGMT_OP_SET_DISCOVERABLE:
1882 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1884 case MGMT_OP_SET_CONNECTABLE:
1885 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1887 case MGMT_OP_SET_PAIRABLE:
1888 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1890 case MGMT_OP_ADD_UUID:
1891 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1893 case MGMT_OP_REMOVE_UUID:
1894 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1896 case MGMT_OP_SET_DEV_CLASS:
1897 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1899 case MGMT_OP_SET_SERVICE_CACHE:
1900 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1902 case MGMT_OP_LOAD_LINK_KEYS:
1903 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1905 case MGMT_OP_REMOVE_KEYS:
1906 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1908 case MGMT_OP_DISCONNECT:
1909 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1911 case MGMT_OP_GET_CONNECTIONS:
1912 err = get_connections(sk, index);
1914 case MGMT_OP_PIN_CODE_REPLY:
1915 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1917 case MGMT_OP_PIN_CODE_NEG_REPLY:
1918 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1920 case MGMT_OP_SET_IO_CAPABILITY:
1921 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1923 case MGMT_OP_PAIR_DEVICE:
1924 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1926 case MGMT_OP_USER_CONFIRM_REPLY:
1927 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1929 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1930 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1932 case MGMT_OP_SET_LOCAL_NAME:
1933 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1935 case MGMT_OP_READ_LOCAL_OOB_DATA:
1936 err = read_local_oob_data(sk, index);
1938 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1939 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1941 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1942 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1945 case MGMT_OP_START_DISCOVERY:
1946 err = start_discovery(sk, index);
1948 case MGMT_OP_STOP_DISCOVERY:
1949 err = stop_discovery(sk, index);
1951 case MGMT_OP_BLOCK_DEVICE:
1952 err = block_device(sk, index, buf + sizeof(*hdr), len);
1954 case MGMT_OP_UNBLOCK_DEVICE:
1955 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1957 case MGMT_OP_SET_FAST_CONNECTABLE:
1958 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1962 BT_DBG("Unknown op %u", opcode);
1963 err = cmd_status(sk, index, opcode, 0x01);
1977 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1981 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1982 mgmt_pending_remove(cmd);
1985 int mgmt_index_added(struct hci_dev *hdev)
1987 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1990 int mgmt_index_removed(struct hci_dev *hdev)
1994 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1996 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2004 static void mode_rsp(struct pending_cmd *cmd, void *data)
2006 struct mgmt_mode *cp = cmd->param;
2007 struct cmd_lookup *match = data;
2009 if (cp->val != match->val)
2012 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
2014 list_del(&cmd->list);
2016 if (match->sk == NULL) {
2017 match->sk = cmd->sk;
2018 sock_hold(match->sk);
2021 mgmt_pending_free(cmd);
2024 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2026 struct mgmt_mode ev;
2027 struct cmd_lookup match = { powered, NULL };
2030 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2033 u8 status = ENETDOWN;
2034 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2039 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2047 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2049 struct mgmt_mode ev;
2050 struct cmd_lookup match = { discoverable, NULL };
2053 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2055 ev.val = discoverable;
2057 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2066 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2068 struct mgmt_mode ev;
2069 struct cmd_lookup match = { connectable, NULL };
2072 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2074 ev.val = connectable;
2076 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2084 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2086 if (scan & SCAN_PAGE)
2087 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2088 cmd_status_rsp, &status);
2090 if (scan & SCAN_INQUIRY)
2091 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2092 cmd_status_rsp, &status);
2097 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2100 struct mgmt_ev_new_link_key ev;
2102 memset(&ev, 0, sizeof(ev));
2104 ev.store_hint = persistent;
2105 bacpy(&ev.key.bdaddr, &key->bdaddr);
2106 ev.key.type = key->type;
2107 memcpy(ev.key.val, key->val, 16);
2108 ev.key.pin_len = key->pin_len;
2110 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2113 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2116 struct mgmt_addr_info ev;
2118 bacpy(&ev.bdaddr, bdaddr);
2119 ev.type = link_to_mgmt(link_type, addr_type);
2121 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2124 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2126 struct mgmt_cp_disconnect *cp = cmd->param;
2127 struct sock **sk = data;
2128 struct mgmt_rp_disconnect rp;
2130 bacpy(&rp.bdaddr, &cp->bdaddr);
2132 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2137 mgmt_pending_remove(cmd);
2140 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2143 struct mgmt_cp_remove_keys *cp = cmd->param;
2144 struct mgmt_rp_remove_keys rp;
2146 memset(&rp, 0, sizeof(rp));
2147 bacpy(&rp.bdaddr, &cp->bdaddr);
2149 rp.status = *status;
2151 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2154 mgmt_pending_remove(cmd);
2157 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2160 struct mgmt_addr_info ev;
2161 struct sock *sk = NULL;
2164 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2166 bacpy(&ev.bdaddr, bdaddr);
2167 ev.type = link_to_mgmt(link_type, addr_type);
2169 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2174 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2179 int mgmt_disconnect_failed(struct hci_dev *hdev)
2181 struct pending_cmd *cmd;
2184 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2188 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2190 mgmt_pending_remove(cmd);
2195 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2196 u8 addr_type, u8 status)
2198 struct mgmt_ev_connect_failed ev;
2200 bacpy(&ev.addr.bdaddr, bdaddr);
2201 ev.addr.type = link_to_mgmt(link_type, addr_type);
2204 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2207 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2209 struct mgmt_ev_pin_code_request ev;
2211 bacpy(&ev.bdaddr, bdaddr);
2214 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2218 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2221 struct pending_cmd *cmd;
2222 struct mgmt_rp_pin_code_reply rp;
2225 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2229 bacpy(&rp.bdaddr, bdaddr);
2232 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2235 mgmt_pending_remove(cmd);
2240 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2243 struct pending_cmd *cmd;
2244 struct mgmt_rp_pin_code_reply rp;
2247 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2251 bacpy(&rp.bdaddr, bdaddr);
2254 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2257 mgmt_pending_remove(cmd);
2262 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2263 __le32 value, u8 confirm_hint)
2265 struct mgmt_ev_user_confirm_request ev;
2267 BT_DBG("%s", hdev->name);
2269 bacpy(&ev.bdaddr, bdaddr);
2270 ev.confirm_hint = confirm_hint;
2271 put_unaligned_le32(value, &ev.value);
2273 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2277 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2278 u8 status, u8 opcode)
2280 struct pending_cmd *cmd;
2281 struct mgmt_rp_user_confirm_reply rp;
2284 cmd = mgmt_pending_find(opcode, hdev);
2288 bacpy(&rp.bdaddr, bdaddr);
2290 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2292 mgmt_pending_remove(cmd);
2297 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2300 return confirm_reply_complete(hdev, bdaddr, status,
2301 MGMT_OP_USER_CONFIRM_REPLY);
2304 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2305 bdaddr_t *bdaddr, u8 status)
2307 return confirm_reply_complete(hdev, bdaddr, status,
2308 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2311 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2313 struct mgmt_ev_auth_failed ev;
2315 bacpy(&ev.bdaddr, bdaddr);
2318 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2321 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2323 struct pending_cmd *cmd;
2324 struct mgmt_cp_set_local_name ev;
2327 memset(&ev, 0, sizeof(ev));
2328 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2330 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2335 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2342 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2348 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2349 cmd ? cmd->sk : NULL);
2353 mgmt_pending_remove(cmd);
2357 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2358 u8 *randomizer, u8 status)
2360 struct pending_cmd *cmd;
2363 BT_DBG("%s status %u", hdev->name, status);
2365 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2370 err = cmd_status(cmd->sk, hdev->id,
2371 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2373 struct mgmt_rp_read_local_oob_data rp;
2375 memcpy(rp.hash, hash, sizeof(rp.hash));
2376 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2378 err = cmd_complete(cmd->sk, hdev->id,
2379 MGMT_OP_READ_LOCAL_OOB_DATA,
2383 mgmt_pending_remove(cmd);
2388 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2389 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2391 struct mgmt_ev_device_found ev;
2393 memset(&ev, 0, sizeof(ev));
2395 bacpy(&ev.addr.bdaddr, bdaddr);
2396 ev.addr.type = link_to_mgmt(link_type, addr_type);
2400 memcpy(ev.eir, eir, sizeof(ev.eir));
2403 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2405 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2408 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2410 struct mgmt_ev_remote_name ev;
2412 memset(&ev, 0, sizeof(ev));
2414 bacpy(&ev.bdaddr, bdaddr);
2415 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2417 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2420 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2422 struct pending_cmd *cmd;
2425 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2429 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2430 mgmt_pending_remove(cmd);
2435 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2437 struct pending_cmd *cmd;
2440 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2442 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2445 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2446 mgmt_pending_remove(cmd);
2449 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2450 sizeof(discovering), NULL);
2453 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2455 struct pending_cmd *cmd;
2456 struct mgmt_ev_device_blocked ev;
2458 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2460 bacpy(&ev.bdaddr, bdaddr);
2462 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2463 cmd ? cmd->sk : NULL);
2466 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2468 struct pending_cmd *cmd;
2469 struct mgmt_ev_device_unblocked ev;
2471 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2473 bacpy(&ev.bdaddr, bdaddr);
2475 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2476 cmd ? cmd->sk : NULL);