mgmt.c revision 37d9ef76c26092098e8fbd3fd540b7ac2181e6bf
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2010 Nokia Corporation 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21*/ 22 23/* Bluetooth HCI Management interface */ 24 25#include <linux/uaccess.h> 26#include <asm/unaligned.h> 27 28#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/hci_core.h> 30#include <net/bluetooth/mgmt.h> 31 32#define MGMT_VERSION 0 33#define MGMT_REVISION 1 34 35#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 36 37struct pending_cmd { 38 struct list_head list; 39 u16 opcode; 40 int index; 41 void *param; 42 struct sock *sk; 43 void *user_data; 44}; 45 46static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 47{ 48 struct sk_buff *skb; 49 struct mgmt_hdr *hdr; 50 struct mgmt_ev_cmd_status *ev; 51 int err; 52 53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 54 55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 56 if (!skb) 57 return -ENOMEM; 58 59 hdr = (void *) skb_put(skb, sizeof(*hdr)); 60 61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 62 hdr->index = cpu_to_le16(index); 63 hdr->len = cpu_to_le16(sizeof(*ev)); 64 65 ev = (void *) skb_put(skb, sizeof(*ev)); 66 ev->status = status; 67 put_unaligned_le16(cmd, &ev->opcode); 68 69 err = sock_queue_rcv_skb(sk, skb); 70 if (err < 0) 71 kfree_skb(skb); 72 73 return err; 74} 75 76static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 77 size_t rp_len) 78{ 79 struct sk_buff *skb; 80 struct mgmt_hdr *hdr; 81 struct mgmt_ev_cmd_complete *ev; 82 int err; 83 84 BT_DBG("sock %p", sk); 85 86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 87 if (!skb) 88 return -ENOMEM; 89 90 hdr = (void *) skb_put(skb, sizeof(*hdr)); 91 92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 93 hdr->index = cpu_to_le16(index); 94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 95 96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 97 put_unaligned_le16(cmd, &ev->opcode); 98 99 if (rp) 100 memcpy(ev->data, rp, rp_len); 101 102 err = sock_queue_rcv_skb(sk, skb); 103 if (err < 0) 104 kfree_skb(skb); 105 106 return err;; 107} 108 109static int read_version(struct sock *sk) 110{ 111 struct mgmt_rp_read_version rp; 112 113 BT_DBG("sock %p", sk); 114 115 rp.version = MGMT_VERSION; 116 put_unaligned_le16(MGMT_REVISION, &rp.revision); 117 118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 119 sizeof(rp)); 120} 121 122static int read_index_list(struct sock *sk) 123{ 124 struct mgmt_rp_read_index_list *rp; 125 struct list_head *p; 126 struct hci_dev *d; 127 size_t rp_len; 128 u16 count; 129 int i, err; 130 131 BT_DBG("sock %p", sk); 132 133 read_lock(&hci_dev_list_lock); 134 135 count = 0; 136 list_for_each(p, &hci_dev_list) { 137 count++; 138 } 139 140 rp_len = sizeof(*rp) + (2 * count); 141 rp = kmalloc(rp_len, GFP_ATOMIC); 142 if (!rp) { 143 read_unlock(&hci_dev_list_lock); 144 return -ENOMEM; 145 } 146 147 put_unaligned_le16(count, &rp->num_controllers); 148 149 i = 0; 150 list_for_each_entry(d, &hci_dev_list, list) { 151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags)) 152 cancel_delayed_work(&d->power_off); 153 154 if (test_bit(HCI_SETUP, &d->flags)) 155 continue; 156 157 put_unaligned_le16(d->id, &rp->index[i++]); 158 BT_DBG("Added hci%u", d->id); 159 } 160 161 read_unlock(&hci_dev_list_lock); 162 163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 164 rp_len); 165 166 kfree(rp); 167 168 return err; 169} 170 171static int read_controller_info(struct sock *sk, u16 index) 172{ 173 struct mgmt_rp_read_info rp; 174 struct hci_dev *hdev; 175 176 BT_DBG("sock %p hci%u", sk, index); 177 178 hdev = hci_dev_get(index); 179 if (!hdev) 180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV); 181 182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags)) 183 cancel_delayed_work_sync(&hdev->power_off); 184 185 hci_dev_lock_bh(hdev); 186 187 set_bit(HCI_MGMT, &hdev->flags); 188 189 memset(&rp, 0, sizeof(rp)); 190 191 rp.type = hdev->dev_type; 192 193 rp.powered = test_bit(HCI_UP, &hdev->flags); 194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags); 195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags); 196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags); 197 198 if (test_bit(HCI_AUTH, &hdev->flags)) 199 rp.sec_mode = 3; 200 else if (hdev->ssp_mode > 0) 201 rp.sec_mode = 4; 202 else 203 rp.sec_mode = 2; 204 205 bacpy(&rp.bdaddr, &hdev->bdaddr); 206 memcpy(rp.features, hdev->features, 8); 207 memcpy(rp.dev_class, hdev->dev_class, 3); 208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 209 rp.hci_ver = hdev->hci_ver; 210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev); 211 212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 213 214 hci_dev_unlock_bh(hdev); 215 hci_dev_put(hdev); 216 217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 218} 219 220static void mgmt_pending_free(struct pending_cmd *cmd) 221{ 222 sock_put(cmd->sk); 223 kfree(cmd->param); 224 kfree(cmd); 225} 226 227static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 228 struct hci_dev *hdev, 229 void *data, u16 len) 230{ 231 struct pending_cmd *cmd; 232 233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 234 if (!cmd) 235 return NULL; 236 237 cmd->opcode = opcode; 238 cmd->index = hdev->id; 239 240 cmd->param = kmalloc(len, GFP_ATOMIC); 241 if (!cmd->param) { 242 kfree(cmd); 243 return NULL; 244 } 245 246 if (data) 247 memcpy(cmd->param, data, len); 248 249 cmd->sk = sk; 250 sock_hold(sk); 251 252 list_add(&cmd->list, &hdev->mgmt_pending); 253 254 return cmd; 255} 256 257static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 258 void (*cb)(struct pending_cmd *cmd, void *data), 259 void *data) 260{ 261 struct list_head *p, *n; 262 263 list_for_each_safe(p, n, &hdev->mgmt_pending) { 264 struct pending_cmd *cmd; 265 266 cmd = list_entry(p, struct pending_cmd, list); 267 268 if (opcode > 0 && cmd->opcode != opcode) 269 continue; 270 271 cb(cmd, data); 272 } 273} 274 275static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 276{ 277 struct pending_cmd *cmd; 278 279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 280 if (cmd->opcode == opcode) 281 return cmd; 282 } 283 284 return NULL; 285} 286 287static void mgmt_pending_remove(struct pending_cmd *cmd) 288{ 289 list_del(&cmd->list); 290 mgmt_pending_free(cmd); 291} 292 293static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 294{ 295 struct mgmt_mode *cp; 296 struct hci_dev *hdev; 297 struct pending_cmd *cmd; 298 int err, up; 299 300 cp = (void *) data; 301 302 BT_DBG("request for hci%u", index); 303 304 if (len != sizeof(*cp)) 305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL); 306 307 hdev = hci_dev_get(index); 308 if (!hdev) 309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV); 310 311 hci_dev_lock_bh(hdev); 312 313 up = test_bit(HCI_UP, &hdev->flags); 314 if ((cp->val && up) || (!cp->val && !up)) { 315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY); 316 goto failed; 317 } 318 319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY); 321 goto failed; 322 } 323 324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 325 if (!cmd) { 326 err = -ENOMEM; 327 goto failed; 328 } 329 330 if (cp->val) 331 queue_work(hdev->workqueue, &hdev->power_on); 332 else 333 queue_work(hdev->workqueue, &hdev->power_off.work); 334 335 err = 0; 336 337failed: 338 hci_dev_unlock_bh(hdev); 339 hci_dev_put(hdev); 340 return err; 341} 342 343static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 344 u16 len) 345{ 346 struct mgmt_cp_set_discoverable *cp; 347 struct hci_dev *hdev; 348 struct pending_cmd *cmd; 349 u8 scan; 350 int err; 351 352 cp = (void *) data; 353 354 BT_DBG("request for hci%u", index); 355 356 if (len != sizeof(*cp)) 357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL); 358 359 hdev = hci_dev_get(index); 360 if (!hdev) 361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV); 362 363 hci_dev_lock_bh(hdev); 364 365 if (!test_bit(HCI_UP, &hdev->flags)) { 366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN); 367 goto failed; 368 } 369 370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY); 373 goto failed; 374 } 375 376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 377 test_bit(HCI_PSCAN, &hdev->flags)) { 378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY); 379 goto failed; 380 } 381 382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 383 if (!cmd) { 384 err = -ENOMEM; 385 goto failed; 386 } 387 388 scan = SCAN_PAGE; 389 390 if (cp->val) 391 scan |= SCAN_INQUIRY; 392 else 393 cancel_delayed_work(&hdev->discov_off); 394 395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 396 if (err < 0) 397 mgmt_pending_remove(cmd); 398 399 if (cp->val) 400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout); 401 402failed: 403 hci_dev_unlock_bh(hdev); 404 hci_dev_put(hdev); 405 406 return err; 407} 408 409static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 410 u16 len) 411{ 412 struct mgmt_mode *cp; 413 struct hci_dev *hdev; 414 struct pending_cmd *cmd; 415 u8 scan; 416 int err; 417 418 cp = (void *) data; 419 420 BT_DBG("request for hci%u", index); 421 422 if (len != sizeof(*cp)) 423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL); 424 425 hdev = hci_dev_get(index); 426 if (!hdev) 427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV); 428 429 hci_dev_lock_bh(hdev); 430 431 if (!test_bit(HCI_UP, &hdev->flags)) { 432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN); 433 goto failed; 434 } 435 436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY); 439 goto failed; 440 } 441 442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY); 444 goto failed; 445 } 446 447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 448 if (!cmd) { 449 err = -ENOMEM; 450 goto failed; 451 } 452 453 if (cp->val) 454 scan = SCAN_PAGE; 455 else 456 scan = 0; 457 458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 459 if (err < 0) 460 mgmt_pending_remove(cmd); 461 462failed: 463 hci_dev_unlock_bh(hdev); 464 hci_dev_put(hdev); 465 466 return err; 467} 468 469static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, 470 u16 data_len, struct sock *skip_sk) 471{ 472 struct sk_buff *skb; 473 struct mgmt_hdr *hdr; 474 475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 476 if (!skb) 477 return -ENOMEM; 478 479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 480 481 hdr = (void *) skb_put(skb, sizeof(*hdr)); 482 hdr->opcode = cpu_to_le16(event); 483 if (hdev) 484 hdr->index = cpu_to_le16(hdev->id); 485 else 486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 487 hdr->len = cpu_to_le16(data_len); 488 489 if (data) 490 memcpy(skb_put(skb, data_len), data, data_len); 491 492 hci_send_to_sock(NULL, skb, skip_sk); 493 kfree_skb(skb); 494 495 return 0; 496} 497 498static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val) 499{ 500 struct mgmt_mode rp; 501 502 rp.val = val; 503 504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp)); 505} 506 507static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 508 u16 len) 509{ 510 struct mgmt_mode *cp, ev; 511 struct hci_dev *hdev; 512 int err; 513 514 cp = (void *) data; 515 516 BT_DBG("request for hci%u", index); 517 518 if (len != sizeof(*cp)) 519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL); 520 521 hdev = hci_dev_get(index); 522 if (!hdev) 523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV); 524 525 hci_dev_lock_bh(hdev); 526 527 if (cp->val) 528 set_bit(HCI_PAIRABLE, &hdev->flags); 529 else 530 clear_bit(HCI_PAIRABLE, &hdev->flags); 531 532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val); 533 if (err < 0) 534 goto failed; 535 536 ev.val = cp->val; 537 538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk); 539 540failed: 541 hci_dev_unlock_bh(hdev); 542 hci_dev_put(hdev); 543 544 return err; 545} 546 547#define EIR_FLAGS 0x01 /* flags */ 548#define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */ 549#define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */ 550#define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */ 551#define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */ 552#define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */ 553#define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */ 554#define EIR_NAME_SHORT 0x08 /* shortened local name */ 555#define EIR_NAME_COMPLETE 0x09 /* complete local name */ 556#define EIR_TX_POWER 0x0A /* transmit power level */ 557#define EIR_DEVICE_ID 0x10 /* device ID */ 558 559#define PNP_INFO_SVCLASS_ID 0x1200 560 561static u8 bluetooth_base_uuid[] = { 562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 564}; 565 566static u16 get_uuid16(u8 *uuid128) 567{ 568 u32 val; 569 int i; 570 571 for (i = 0; i < 12; i++) { 572 if (bluetooth_base_uuid[i] != uuid128[i]) 573 return 0; 574 } 575 576 memcpy(&val, &uuid128[12], 4); 577 578 val = le32_to_cpu(val); 579 if (val > 0xffff) 580 return 0; 581 582 return (u16) val; 583} 584 585static void create_eir(struct hci_dev *hdev, u8 *data) 586{ 587 u8 *ptr = data; 588 u16 eir_len = 0; 589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 590 int i, truncated = 0; 591 struct bt_uuid *uuid; 592 size_t name_len; 593 594 name_len = strlen(hdev->dev_name); 595 596 if (name_len > 0) { 597 /* EIR Data type */ 598 if (name_len > 48) { 599 name_len = 48; 600 ptr[1] = EIR_NAME_SHORT; 601 } else 602 ptr[1] = EIR_NAME_COMPLETE; 603 604 /* EIR Data length */ 605 ptr[0] = name_len + 1; 606 607 memcpy(ptr + 2, hdev->dev_name, name_len); 608 609 eir_len += (name_len + 2); 610 ptr += (name_len + 2); 611 } 612 613 memset(uuid16_list, 0, sizeof(uuid16_list)); 614 615 /* Group all UUID16 types */ 616 list_for_each_entry(uuid, &hdev->uuids, list) { 617 u16 uuid16; 618 619 uuid16 = get_uuid16(uuid->uuid); 620 if (uuid16 == 0) 621 return; 622 623 if (uuid16 < 0x1100) 624 continue; 625 626 if (uuid16 == PNP_INFO_SVCLASS_ID) 627 continue; 628 629 /* Stop if not enough space to put next UUID */ 630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 631 truncated = 1; 632 break; 633 } 634 635 /* Check for duplicates */ 636 for (i = 0; uuid16_list[i] != 0; i++) 637 if (uuid16_list[i] == uuid16) 638 break; 639 640 if (uuid16_list[i] == 0) { 641 uuid16_list[i] = uuid16; 642 eir_len += sizeof(u16); 643 } 644 } 645 646 if (uuid16_list[0] != 0) { 647 u8 *length = ptr; 648 649 /* EIR Data type */ 650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 651 652 ptr += 2; 653 eir_len += 2; 654 655 for (i = 0; uuid16_list[i] != 0; i++) { 656 *ptr++ = (uuid16_list[i] & 0x00ff); 657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 658 } 659 660 /* EIR Data length */ 661 *length = (i * sizeof(u16)) + 1; 662 } 663} 664 665static int update_eir(struct hci_dev *hdev) 666{ 667 struct hci_cp_write_eir cp; 668 669 if (!(hdev->features[6] & LMP_EXT_INQ)) 670 return 0; 671 672 if (hdev->ssp_mode == 0) 673 return 0; 674 675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 676 return 0; 677 678 memset(&cp, 0, sizeof(cp)); 679 680 create_eir(hdev, cp.data); 681 682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 683 return 0; 684 685 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 686 687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 688} 689 690static u8 get_service_classes(struct hci_dev *hdev) 691{ 692 struct bt_uuid *uuid; 693 u8 val = 0; 694 695 list_for_each_entry(uuid, &hdev->uuids, list) 696 val |= uuid->svc_hint; 697 698 return val; 699} 700 701static int update_class(struct hci_dev *hdev) 702{ 703 u8 cod[3]; 704 705 BT_DBG("%s", hdev->name); 706 707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 708 return 0; 709 710 cod[0] = hdev->minor_class; 711 cod[1] = hdev->major_class; 712 cod[2] = get_service_classes(hdev); 713 714 if (memcmp(cod, hdev->dev_class, 3) == 0) 715 return 0; 716 717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 718} 719 720static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 721{ 722 struct mgmt_cp_add_uuid *cp; 723 struct hci_dev *hdev; 724 struct bt_uuid *uuid; 725 int err; 726 727 cp = (void *) data; 728 729 BT_DBG("request for hci%u", index); 730 731 if (len != sizeof(*cp)) 732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL); 733 734 hdev = hci_dev_get(index); 735 if (!hdev) 736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV); 737 738 hci_dev_lock_bh(hdev); 739 740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 741 if (!uuid) { 742 err = -ENOMEM; 743 goto failed; 744 } 745 746 memcpy(uuid->uuid, cp->uuid, 16); 747 uuid->svc_hint = cp->svc_hint; 748 749 list_add(&uuid->list, &hdev->uuids); 750 751 err = update_class(hdev); 752 if (err < 0) 753 goto failed; 754 755 err = update_eir(hdev); 756 if (err < 0) 757 goto failed; 758 759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 760 761failed: 762 hci_dev_unlock_bh(hdev); 763 hci_dev_put(hdev); 764 765 return err; 766} 767 768static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 769{ 770 struct list_head *p, *n; 771 struct mgmt_cp_remove_uuid *cp; 772 struct hci_dev *hdev; 773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 774 int err, found; 775 776 cp = (void *) data; 777 778 BT_DBG("request for hci%u", index); 779 780 if (len != sizeof(*cp)) 781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL); 782 783 hdev = hci_dev_get(index); 784 if (!hdev) 785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV); 786 787 hci_dev_lock_bh(hdev); 788 789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 790 err = hci_uuids_clear(hdev); 791 goto unlock; 792 } 793 794 found = 0; 795 796 list_for_each_safe(p, n, &hdev->uuids) { 797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 798 799 if (memcmp(match->uuid, cp->uuid, 16) != 0) 800 continue; 801 802 list_del(&match->list); 803 found++; 804 } 805 806 if (found == 0) { 807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT); 808 goto unlock; 809 } 810 811 err = update_class(hdev); 812 if (err < 0) 813 goto unlock; 814 815 err = update_eir(hdev); 816 if (err < 0) 817 goto unlock; 818 819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 820 821unlock: 822 hci_dev_unlock_bh(hdev); 823 hci_dev_put(hdev); 824 825 return err; 826} 827 828static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 829 u16 len) 830{ 831 struct hci_dev *hdev; 832 struct mgmt_cp_set_dev_class *cp; 833 int err; 834 835 cp = (void *) data; 836 837 BT_DBG("request for hci%u", index); 838 839 if (len != sizeof(*cp)) 840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL); 841 842 hdev = hci_dev_get(index); 843 if (!hdev) 844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV); 845 846 hci_dev_lock_bh(hdev); 847 848 hdev->major_class = cp->major; 849 hdev->minor_class = cp->minor; 850 851 err = update_class(hdev); 852 853 if (err == 0) 854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 855 856 hci_dev_unlock_bh(hdev); 857 hci_dev_put(hdev); 858 859 return err; 860} 861 862static int set_service_cache(struct sock *sk, u16 index, unsigned char *data, 863 u16 len) 864{ 865 struct hci_dev *hdev; 866 struct mgmt_cp_set_service_cache *cp; 867 int err; 868 869 cp = (void *) data; 870 871 if (len != sizeof(*cp)) 872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL); 873 874 hdev = hci_dev_get(index); 875 if (!hdev) 876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV); 877 878 hci_dev_lock_bh(hdev); 879 880 BT_DBG("hci%u enable %d", index, cp->enable); 881 882 if (cp->enable) { 883 set_bit(HCI_SERVICE_CACHE, &hdev->flags); 884 err = 0; 885 } else { 886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags); 887 err = update_class(hdev); 888 if (err == 0) 889 err = update_eir(hdev); 890 } 891 892 if (err == 0) 893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL, 894 0); 895 else 896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err); 897 898 899 hci_dev_unlock_bh(hdev); 900 hci_dev_put(hdev); 901 902 return err; 903} 904 905static int load_link_keys(struct sock *sk, u16 index, unsigned char *data, 906 u16 len) 907{ 908 struct hci_dev *hdev; 909 struct mgmt_cp_load_link_keys *cp; 910 u16 key_count, expected_len; 911 int i; 912 913 cp = (void *) data; 914 915 if (len < sizeof(*cp)) 916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL); 917 918 key_count = get_unaligned_le16(&cp->key_count); 919 920 expected_len = sizeof(*cp) + key_count * 921 sizeof(struct mgmt_link_key_info); 922 if (expected_len != len) { 923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 924 len, expected_len); 925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL); 926 } 927 928 hdev = hci_dev_get(index); 929 if (!hdev) 930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV); 931 932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 933 key_count); 934 935 hci_dev_lock_bh(hdev); 936 937 hci_link_keys_clear(hdev); 938 939 set_bit(HCI_LINK_KEYS, &hdev->flags); 940 941 if (cp->debug_keys) 942 set_bit(HCI_DEBUG_KEYS, &hdev->flags); 943 else 944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags); 945 946 for (i = 0; i < key_count; i++) { 947 struct mgmt_link_key_info *key = &cp->keys[i]; 948 949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, 950 key->pin_len); 951 } 952 953 hci_dev_unlock_bh(hdev); 954 hci_dev_put(hdev); 955 956 return 0; 957} 958 959static int remove_keys(struct sock *sk, u16 index, unsigned char *data, 960 u16 len) 961{ 962 struct hci_dev *hdev; 963 struct mgmt_cp_remove_keys *cp; 964 struct mgmt_rp_remove_keys rp; 965 struct hci_cp_disconnect dc; 966 struct pending_cmd *cmd; 967 struct hci_conn *conn; 968 int err; 969 970 cp = (void *) data; 971 972 if (len != sizeof(*cp)) 973 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL); 974 975 hdev = hci_dev_get(index); 976 if (!hdev) 977 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV); 978 979 hci_dev_lock_bh(hdev); 980 981 memset(&rp, 0, sizeof(rp)); 982 bacpy(&rp.bdaddr, &cp->bdaddr); 983 984 err = hci_remove_link_key(hdev, &cp->bdaddr); 985 if (err < 0) 986 goto unlock; 987 988 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) { 989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 990 sizeof(rp)); 991 goto unlock; 992 } 993 994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 995 if (!conn) { 996 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 997 sizeof(rp)); 998 goto unlock; 999 } 1000 1001 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp)); 1002 if (!cmd) { 1003 err = -ENOMEM; 1004 goto unlock; 1005 } 1006 1007 put_unaligned_le16(conn->handle, &dc.handle); 1008 dc.reason = 0x13; /* Remote User Terminated Connection */ 1009 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1010 if (err < 0) 1011 mgmt_pending_remove(cmd); 1012 1013unlock: 1014 if (err < 0) { 1015 rp.status = -err; 1016 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1017 sizeof(rp)); 1018 } 1019 hci_dev_unlock_bh(hdev); 1020 hci_dev_put(hdev); 1021 1022 return err; 1023} 1024 1025static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 1026{ 1027 struct hci_dev *hdev; 1028 struct mgmt_cp_disconnect *cp; 1029 struct hci_cp_disconnect dc; 1030 struct pending_cmd *cmd; 1031 struct hci_conn *conn; 1032 int err; 1033 1034 BT_DBG(""); 1035 1036 cp = (void *) data; 1037 1038 if (len != sizeof(*cp)) 1039 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL); 1040 1041 hdev = hci_dev_get(index); 1042 if (!hdev) 1043 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV); 1044 1045 hci_dev_lock_bh(hdev); 1046 1047 if (!test_bit(HCI_UP, &hdev->flags)) { 1048 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN); 1049 goto failed; 1050 } 1051 1052 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1053 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY); 1054 goto failed; 1055 } 1056 1057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1058 if (!conn) 1059 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr); 1060 1061 if (!conn) { 1062 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN); 1063 goto failed; 1064 } 1065 1066 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 1067 if (!cmd) { 1068 err = -ENOMEM; 1069 goto failed; 1070 } 1071 1072 put_unaligned_le16(conn->handle, &dc.handle); 1073 dc.reason = 0x13; /* Remote User Terminated Connection */ 1074 1075 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1076 if (err < 0) 1077 mgmt_pending_remove(cmd); 1078 1079failed: 1080 hci_dev_unlock_bh(hdev); 1081 hci_dev_put(hdev); 1082 1083 return err; 1084} 1085 1086static u8 link_to_mgmt(u8 link_type, u8 addr_type) 1087{ 1088 switch (link_type) { 1089 case LE_LINK: 1090 switch (addr_type) { 1091 case ADDR_LE_DEV_PUBLIC: 1092 return MGMT_ADDR_LE_PUBLIC; 1093 case ADDR_LE_DEV_RANDOM: 1094 return MGMT_ADDR_LE_RANDOM; 1095 default: 1096 return MGMT_ADDR_INVALID; 1097 } 1098 case ACL_LINK: 1099 return MGMT_ADDR_BREDR; 1100 default: 1101 return MGMT_ADDR_INVALID; 1102 } 1103} 1104 1105static int get_connections(struct sock *sk, u16 index) 1106{ 1107 struct mgmt_rp_get_connections *rp; 1108 struct hci_dev *hdev; 1109 struct hci_conn *c; 1110 struct list_head *p; 1111 size_t rp_len; 1112 u16 count; 1113 int i, err; 1114 1115 BT_DBG(""); 1116 1117 hdev = hci_dev_get(index); 1118 if (!hdev) 1119 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV); 1120 1121 hci_dev_lock_bh(hdev); 1122 1123 count = 0; 1124 list_for_each(p, &hdev->conn_hash.list) { 1125 count++; 1126 } 1127 1128 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info)); 1129 rp = kmalloc(rp_len, GFP_ATOMIC); 1130 if (!rp) { 1131 err = -ENOMEM; 1132 goto unlock; 1133 } 1134 1135 put_unaligned_le16(count, &rp->conn_count); 1136 1137 i = 0; 1138 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1139 bacpy(&rp->addr[i].bdaddr, &c->dst); 1140 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type); 1141 if (rp->addr[i].type == MGMT_ADDR_INVALID) 1142 continue; 1143 i++; 1144 } 1145 1146 /* Recalculate length in case of filtered SCO connections, etc */ 1147 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1148 1149 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 1150 1151unlock: 1152 kfree(rp); 1153 hci_dev_unlock_bh(hdev); 1154 hci_dev_put(hdev); 1155 return err; 1156} 1157 1158static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1159 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1160{ 1161 struct pending_cmd *cmd; 1162 int err; 1163 1164 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1165 sizeof(*cp)); 1166 if (!cmd) 1167 return -ENOMEM; 1168 1169 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1170 &cp->bdaddr); 1171 if (err < 0) 1172 mgmt_pending_remove(cmd); 1173 1174 return err; 1175} 1176 1177static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 1178 u16 len) 1179{ 1180 struct hci_dev *hdev; 1181 struct hci_conn *conn; 1182 struct mgmt_cp_pin_code_reply *cp; 1183 struct mgmt_cp_pin_code_neg_reply ncp; 1184 struct hci_cp_pin_code_reply reply; 1185 struct pending_cmd *cmd; 1186 int err; 1187 1188 BT_DBG(""); 1189 1190 cp = (void *) data; 1191 1192 if (len != sizeof(*cp)) 1193 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL); 1194 1195 hdev = hci_dev_get(index); 1196 if (!hdev) 1197 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV); 1198 1199 hci_dev_lock_bh(hdev); 1200 1201 if (!test_bit(HCI_UP, &hdev->flags)) { 1202 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN); 1203 goto failed; 1204 } 1205 1206 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1207 if (!conn) { 1208 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN); 1209 goto failed; 1210 } 1211 1212 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1213 bacpy(&ncp.bdaddr, &cp->bdaddr); 1214 1215 BT_ERR("PIN code is not 16 bytes long"); 1216 1217 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1218 if (err >= 0) 1219 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1220 EINVAL); 1221 1222 goto failed; 1223 } 1224 1225 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 1226 if (!cmd) { 1227 err = -ENOMEM; 1228 goto failed; 1229 } 1230 1231 bacpy(&reply.bdaddr, &cp->bdaddr); 1232 reply.pin_len = cp->pin_len; 1233 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1234 1235 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1236 if (err < 0) 1237 mgmt_pending_remove(cmd); 1238 1239failed: 1240 hci_dev_unlock_bh(hdev); 1241 hci_dev_put(hdev); 1242 1243 return err; 1244} 1245 1246static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1247 u16 len) 1248{ 1249 struct hci_dev *hdev; 1250 struct mgmt_cp_pin_code_neg_reply *cp; 1251 int err; 1252 1253 BT_DBG(""); 1254 1255 cp = (void *) data; 1256 1257 if (len != sizeof(*cp)) 1258 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1259 EINVAL); 1260 1261 hdev = hci_dev_get(index); 1262 if (!hdev) 1263 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1264 ENODEV); 1265 1266 hci_dev_lock_bh(hdev); 1267 1268 if (!test_bit(HCI_UP, &hdev->flags)) { 1269 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1270 ENETDOWN); 1271 goto failed; 1272 } 1273 1274 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1275 1276failed: 1277 hci_dev_unlock_bh(hdev); 1278 hci_dev_put(hdev); 1279 1280 return err; 1281} 1282 1283static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1284 u16 len) 1285{ 1286 struct hci_dev *hdev; 1287 struct mgmt_cp_set_io_capability *cp; 1288 1289 BT_DBG(""); 1290 1291 cp = (void *) data; 1292 1293 if (len != sizeof(*cp)) 1294 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL); 1295 1296 hdev = hci_dev_get(index); 1297 if (!hdev) 1298 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV); 1299 1300 hci_dev_lock_bh(hdev); 1301 1302 hdev->io_capability = cp->io_capability; 1303 1304 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1305 hdev->io_capability); 1306 1307 hci_dev_unlock_bh(hdev); 1308 hci_dev_put(hdev); 1309 1310 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1311} 1312 1313static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1314{ 1315 struct hci_dev *hdev = conn->hdev; 1316 struct pending_cmd *cmd; 1317 1318 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1319 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1320 continue; 1321 1322 if (cmd->user_data != conn) 1323 continue; 1324 1325 return cmd; 1326 } 1327 1328 return NULL; 1329} 1330 1331static void pairing_complete(struct pending_cmd *cmd, u8 status) 1332{ 1333 struct mgmt_rp_pair_device rp; 1334 struct hci_conn *conn = cmd->user_data; 1335 1336 bacpy(&rp.bdaddr, &conn->dst); 1337 rp.status = status; 1338 1339 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1340 1341 /* So we don't get further callbacks for this connection */ 1342 conn->connect_cfm_cb = NULL; 1343 conn->security_cfm_cb = NULL; 1344 conn->disconn_cfm_cb = NULL; 1345 1346 hci_conn_put(conn); 1347 1348 mgmt_pending_remove(cmd); 1349} 1350 1351static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1352{ 1353 struct pending_cmd *cmd; 1354 1355 BT_DBG("status %u", status); 1356 1357 cmd = find_pairing(conn); 1358 if (!cmd) 1359 BT_DBG("Unable to find a pending command"); 1360 else 1361 pairing_complete(cmd, status); 1362} 1363 1364static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1365{ 1366 struct hci_dev *hdev; 1367 struct mgmt_cp_pair_device *cp; 1368 struct pending_cmd *cmd; 1369 struct adv_entry *entry; 1370 u8 sec_level, auth_type; 1371 struct hci_conn *conn; 1372 int err; 1373 1374 BT_DBG(""); 1375 1376 cp = (void *) data; 1377 1378 if (len != sizeof(*cp)) 1379 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL); 1380 1381 hdev = hci_dev_get(index); 1382 if (!hdev) 1383 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV); 1384 1385 hci_dev_lock_bh(hdev); 1386 1387 sec_level = BT_SECURITY_MEDIUM; 1388 if (cp->io_cap == 0x03) 1389 auth_type = HCI_AT_DEDICATED_BONDING; 1390 else 1391 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1392 1393 entry = hci_find_adv_entry(hdev, &cp->bdaddr); 1394 if (entry) 1395 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level, 1396 auth_type); 1397 else 1398 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, 1399 auth_type); 1400 1401 if (IS_ERR(conn)) { 1402 err = PTR_ERR(conn); 1403 goto unlock; 1404 } 1405 1406 if (conn->connect_cfm_cb) { 1407 hci_conn_put(conn); 1408 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY); 1409 goto unlock; 1410 } 1411 1412 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 1413 if (!cmd) { 1414 err = -ENOMEM; 1415 hci_conn_put(conn); 1416 goto unlock; 1417 } 1418 1419 /* For LE, just connecting isn't a proof that the pairing finished */ 1420 if (!entry) 1421 conn->connect_cfm_cb = pairing_complete_cb; 1422 1423 conn->security_cfm_cb = pairing_complete_cb; 1424 conn->disconn_cfm_cb = pairing_complete_cb; 1425 conn->io_capability = cp->io_cap; 1426 cmd->user_data = conn; 1427 1428 if (conn->state == BT_CONNECTED && 1429 hci_conn_security(conn, sec_level, auth_type)) 1430 pairing_complete(cmd, 0); 1431 1432 err = 0; 1433 1434unlock: 1435 hci_dev_unlock_bh(hdev); 1436 hci_dev_put(hdev); 1437 1438 return err; 1439} 1440 1441static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data, 1442 u16 len, int success) 1443{ 1444 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 1445 u16 mgmt_op, hci_op; 1446 struct pending_cmd *cmd; 1447 struct hci_dev *hdev; 1448 int err; 1449 1450 BT_DBG(""); 1451 1452 if (success) { 1453 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY; 1454 hci_op = HCI_OP_USER_CONFIRM_REPLY; 1455 } else { 1456 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY; 1457 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY; 1458 } 1459 1460 if (len != sizeof(*cp)) 1461 return cmd_status(sk, index, mgmt_op, EINVAL); 1462 1463 hdev = hci_dev_get(index); 1464 if (!hdev) 1465 return cmd_status(sk, index, mgmt_op, ENODEV); 1466 1467 hci_dev_lock_bh(hdev); 1468 1469 if (!test_bit(HCI_UP, &hdev->flags)) { 1470 err = cmd_status(sk, index, mgmt_op, ENETDOWN); 1471 goto failed; 1472 } 1473 1474 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len); 1475 if (!cmd) { 1476 err = -ENOMEM; 1477 goto failed; 1478 } 1479 1480 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr); 1481 if (err < 0) 1482 mgmt_pending_remove(cmd); 1483 1484failed: 1485 hci_dev_unlock_bh(hdev); 1486 hci_dev_put(hdev); 1487 1488 return err; 1489} 1490 1491static int set_local_name(struct sock *sk, u16 index, unsigned char *data, 1492 u16 len) 1493{ 1494 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data; 1495 struct hci_cp_write_local_name hci_cp; 1496 struct hci_dev *hdev; 1497 struct pending_cmd *cmd; 1498 int err; 1499 1500 BT_DBG(""); 1501 1502 if (len != sizeof(*mgmt_cp)) 1503 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL); 1504 1505 hdev = hci_dev_get(index); 1506 if (!hdev) 1507 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV); 1508 1509 hci_dev_lock_bh(hdev); 1510 1511 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 1512 if (!cmd) { 1513 err = -ENOMEM; 1514 goto failed; 1515 } 1516 1517 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 1518 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 1519 &hci_cp); 1520 if (err < 0) 1521 mgmt_pending_remove(cmd); 1522 1523failed: 1524 hci_dev_unlock_bh(hdev); 1525 hci_dev_put(hdev); 1526 1527 return err; 1528} 1529 1530static int read_local_oob_data(struct sock *sk, u16 index) 1531{ 1532 struct hci_dev *hdev; 1533 struct pending_cmd *cmd; 1534 int err; 1535 1536 BT_DBG("hci%u", index); 1537 1538 hdev = hci_dev_get(index); 1539 if (!hdev) 1540 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1541 ENODEV); 1542 1543 hci_dev_lock_bh(hdev); 1544 1545 if (!test_bit(HCI_UP, &hdev->flags)) { 1546 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1547 ENETDOWN); 1548 goto unlock; 1549 } 1550 1551 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1552 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1553 EOPNOTSUPP); 1554 goto unlock; 1555 } 1556 1557 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 1558 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY); 1559 goto unlock; 1560 } 1561 1562 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 1563 if (!cmd) { 1564 err = -ENOMEM; 1565 goto unlock; 1566 } 1567 1568 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 1569 if (err < 0) 1570 mgmt_pending_remove(cmd); 1571 1572unlock: 1573 hci_dev_unlock_bh(hdev); 1574 hci_dev_put(hdev); 1575 1576 return err; 1577} 1578 1579static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, 1580 u16 len) 1581{ 1582 struct hci_dev *hdev; 1583 struct mgmt_cp_add_remote_oob_data *cp = (void *) data; 1584 int err; 1585 1586 BT_DBG("hci%u ", index); 1587 1588 if (len != sizeof(*cp)) 1589 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1590 EINVAL); 1591 1592 hdev = hci_dev_get(index); 1593 if (!hdev) 1594 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1595 ENODEV); 1596 1597 hci_dev_lock_bh(hdev); 1598 1599 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, 1600 cp->randomizer); 1601 if (err < 0) 1602 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err); 1603 else 1604 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, 1605 0); 1606 1607 hci_dev_unlock_bh(hdev); 1608 hci_dev_put(hdev); 1609 1610 return err; 1611} 1612 1613static int remove_remote_oob_data(struct sock *sk, u16 index, 1614 unsigned char *data, u16 len) 1615{ 1616 struct hci_dev *hdev; 1617 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data; 1618 int err; 1619 1620 BT_DBG("hci%u ", index); 1621 1622 if (len != sizeof(*cp)) 1623 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1624 EINVAL); 1625 1626 hdev = hci_dev_get(index); 1627 if (!hdev) 1628 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1629 ENODEV); 1630 1631 hci_dev_lock_bh(hdev); 1632 1633 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); 1634 if (err < 0) 1635 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1636 -err); 1637 else 1638 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1639 NULL, 0); 1640 1641 hci_dev_unlock_bh(hdev); 1642 hci_dev_put(hdev); 1643 1644 return err; 1645} 1646 1647static int start_discovery(struct sock *sk, u16 index) 1648{ 1649 struct pending_cmd *cmd; 1650 struct hci_dev *hdev; 1651 int err; 1652 1653 BT_DBG("hci%u", index); 1654 1655 hdev = hci_dev_get(index); 1656 if (!hdev) 1657 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV); 1658 1659 hci_dev_lock_bh(hdev); 1660 1661 if (!test_bit(HCI_UP, &hdev->flags)) { 1662 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN); 1663 goto failed; 1664 } 1665 1666 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 1667 if (!cmd) { 1668 err = -ENOMEM; 1669 goto failed; 1670 } 1671 1672 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 1673 if (err < 0) 1674 mgmt_pending_remove(cmd); 1675 1676failed: 1677 hci_dev_unlock_bh(hdev); 1678 hci_dev_put(hdev); 1679 1680 return err; 1681} 1682 1683static int stop_discovery(struct sock *sk, u16 index) 1684{ 1685 struct hci_dev *hdev; 1686 struct pending_cmd *cmd; 1687 int err; 1688 1689 BT_DBG("hci%u", index); 1690 1691 hdev = hci_dev_get(index); 1692 if (!hdev) 1693 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV); 1694 1695 hci_dev_lock_bh(hdev); 1696 1697 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 1698 if (!cmd) { 1699 err = -ENOMEM; 1700 goto failed; 1701 } 1702 1703 err = hci_cancel_inquiry(hdev); 1704 if (err < 0) 1705 mgmt_pending_remove(cmd); 1706 1707failed: 1708 hci_dev_unlock_bh(hdev); 1709 hci_dev_put(hdev); 1710 1711 return err; 1712} 1713 1714static int block_device(struct sock *sk, u16 index, unsigned char *data, 1715 u16 len) 1716{ 1717 struct hci_dev *hdev; 1718 struct mgmt_cp_block_device *cp = (void *) data; 1719 int err; 1720 1721 BT_DBG("hci%u", index); 1722 1723 if (len != sizeof(*cp)) 1724 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1725 EINVAL); 1726 1727 hdev = hci_dev_get(index); 1728 if (!hdev) 1729 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1730 ENODEV); 1731 1732 hci_dev_lock_bh(hdev); 1733 1734 err = hci_blacklist_add(hdev, &cp->bdaddr); 1735 if (err < 0) 1736 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err); 1737 else 1738 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 1739 NULL, 0); 1740 1741 hci_dev_unlock_bh(hdev); 1742 hci_dev_put(hdev); 1743 1744 return err; 1745} 1746 1747static int unblock_device(struct sock *sk, u16 index, unsigned char *data, 1748 u16 len) 1749{ 1750 struct hci_dev *hdev; 1751 struct mgmt_cp_unblock_device *cp = (void *) data; 1752 int err; 1753 1754 BT_DBG("hci%u", index); 1755 1756 if (len != sizeof(*cp)) 1757 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1758 EINVAL); 1759 1760 hdev = hci_dev_get(index); 1761 if (!hdev) 1762 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1763 ENODEV); 1764 1765 hci_dev_lock_bh(hdev); 1766 1767 err = hci_blacklist_del(hdev, &cp->bdaddr); 1768 1769 if (err < 0) 1770 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err); 1771 else 1772 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1773 NULL, 0); 1774 1775 hci_dev_unlock_bh(hdev); 1776 hci_dev_put(hdev); 1777 1778 return err; 1779} 1780 1781static int set_fast_connectable(struct sock *sk, u16 index, 1782 unsigned char *data, u16 len) 1783{ 1784 struct hci_dev *hdev; 1785 struct mgmt_cp_set_fast_connectable *cp = (void *) data; 1786 struct hci_cp_write_page_scan_activity acp; 1787 u8 type; 1788 int err; 1789 1790 BT_DBG("hci%u", index); 1791 1792 if (len != sizeof(*cp)) 1793 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1794 EINVAL); 1795 1796 hdev = hci_dev_get(index); 1797 if (!hdev) 1798 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1799 ENODEV); 1800 1801 hci_dev_lock(hdev); 1802 1803 if (cp->enable) { 1804 type = PAGE_SCAN_TYPE_INTERLACED; 1805 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 1806 } else { 1807 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 1808 acp.interval = 0x0800; /* default 1.28 sec page scan */ 1809 } 1810 1811 acp.window = 0x0012; /* default 11.25 msec page scan window */ 1812 1813 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 1814 sizeof(acp), &acp); 1815 if (err < 0) { 1816 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1817 -err); 1818 goto done; 1819 } 1820 1821 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 1822 if (err < 0) { 1823 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1824 -err); 1825 goto done; 1826 } 1827 1828 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1829 NULL, 0); 1830done: 1831 hci_dev_unlock(hdev); 1832 hci_dev_put(hdev); 1833 1834 return err; 1835} 1836 1837int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 1838{ 1839 unsigned char *buf; 1840 struct mgmt_hdr *hdr; 1841 u16 opcode, index, len; 1842 int err; 1843 1844 BT_DBG("got %zu bytes", msglen); 1845 1846 if (msglen < sizeof(*hdr)) 1847 return -EINVAL; 1848 1849 buf = kmalloc(msglen, GFP_KERNEL); 1850 if (!buf) 1851 return -ENOMEM; 1852 1853 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 1854 err = -EFAULT; 1855 goto done; 1856 } 1857 1858 hdr = (struct mgmt_hdr *) buf; 1859 opcode = get_unaligned_le16(&hdr->opcode); 1860 index = get_unaligned_le16(&hdr->index); 1861 len = get_unaligned_le16(&hdr->len); 1862 1863 if (len != msglen - sizeof(*hdr)) { 1864 err = -EINVAL; 1865 goto done; 1866 } 1867 1868 switch (opcode) { 1869 case MGMT_OP_READ_VERSION: 1870 err = read_version(sk); 1871 break; 1872 case MGMT_OP_READ_INDEX_LIST: 1873 err = read_index_list(sk); 1874 break; 1875 case MGMT_OP_READ_INFO: 1876 err = read_controller_info(sk, index); 1877 break; 1878 case MGMT_OP_SET_POWERED: 1879 err = set_powered(sk, index, buf + sizeof(*hdr), len); 1880 break; 1881 case MGMT_OP_SET_DISCOVERABLE: 1882 err = set_discoverable(sk, index, buf + sizeof(*hdr), len); 1883 break; 1884 case MGMT_OP_SET_CONNECTABLE: 1885 err = set_connectable(sk, index, buf + sizeof(*hdr), len); 1886 break; 1887 case MGMT_OP_SET_PAIRABLE: 1888 err = set_pairable(sk, index, buf + sizeof(*hdr), len); 1889 break; 1890 case MGMT_OP_ADD_UUID: 1891 err = add_uuid(sk, index, buf + sizeof(*hdr), len); 1892 break; 1893 case MGMT_OP_REMOVE_UUID: 1894 err = remove_uuid(sk, index, buf + sizeof(*hdr), len); 1895 break; 1896 case MGMT_OP_SET_DEV_CLASS: 1897 err = set_dev_class(sk, index, buf + sizeof(*hdr), len); 1898 break; 1899 case MGMT_OP_SET_SERVICE_CACHE: 1900 err = set_service_cache(sk, index, buf + sizeof(*hdr), len); 1901 break; 1902 case MGMT_OP_LOAD_LINK_KEYS: 1903 err = load_link_keys(sk, index, buf + sizeof(*hdr), len); 1904 break; 1905 case MGMT_OP_REMOVE_KEYS: 1906 err = remove_keys(sk, index, buf + sizeof(*hdr), len); 1907 break; 1908 case MGMT_OP_DISCONNECT: 1909 err = disconnect(sk, index, buf + sizeof(*hdr), len); 1910 break; 1911 case MGMT_OP_GET_CONNECTIONS: 1912 err = get_connections(sk, index); 1913 break; 1914 case MGMT_OP_PIN_CODE_REPLY: 1915 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len); 1916 break; 1917 case MGMT_OP_PIN_CODE_NEG_REPLY: 1918 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len); 1919 break; 1920 case MGMT_OP_SET_IO_CAPABILITY: 1921 err = set_io_capability(sk, index, buf + sizeof(*hdr), len); 1922 break; 1923 case MGMT_OP_PAIR_DEVICE: 1924 err = pair_device(sk, index, buf + sizeof(*hdr), len); 1925 break; 1926 case MGMT_OP_USER_CONFIRM_REPLY: 1927 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1); 1928 break; 1929 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 1930 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0); 1931 break; 1932 case MGMT_OP_SET_LOCAL_NAME: 1933 err = set_local_name(sk, index, buf + sizeof(*hdr), len); 1934 break; 1935 case MGMT_OP_READ_LOCAL_OOB_DATA: 1936 err = read_local_oob_data(sk, index); 1937 break; 1938 case MGMT_OP_ADD_REMOTE_OOB_DATA: 1939 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len); 1940 break; 1941 case MGMT_OP_REMOVE_REMOTE_OOB_DATA: 1942 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr), 1943 len); 1944 break; 1945 case MGMT_OP_START_DISCOVERY: 1946 err = start_discovery(sk, index); 1947 break; 1948 case MGMT_OP_STOP_DISCOVERY: 1949 err = stop_discovery(sk, index); 1950 break; 1951 case MGMT_OP_BLOCK_DEVICE: 1952 err = block_device(sk, index, buf + sizeof(*hdr), len); 1953 break; 1954 case MGMT_OP_UNBLOCK_DEVICE: 1955 err = unblock_device(sk, index, buf + sizeof(*hdr), len); 1956 break; 1957 case MGMT_OP_SET_FAST_CONNECTABLE: 1958 err = set_fast_connectable(sk, index, buf + sizeof(*hdr), 1959 len); 1960 break; 1961 default: 1962 BT_DBG("Unknown op %u", opcode); 1963 err = cmd_status(sk, index, opcode, 0x01); 1964 break; 1965 } 1966 1967 if (err < 0) 1968 goto done; 1969 1970 err = msglen; 1971 1972done: 1973 kfree(buf); 1974 return err; 1975} 1976 1977static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 1978{ 1979 u8 *status = data; 1980 1981 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1982 mgmt_pending_remove(cmd); 1983} 1984 1985int mgmt_index_added(struct hci_dev *hdev) 1986{ 1987 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 1988} 1989 1990int mgmt_index_removed(struct hci_dev *hdev) 1991{ 1992 u8 status = ENODEV; 1993 1994 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 1995 1996 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 1997} 1998 1999struct cmd_lookup { 2000 u8 val; 2001 struct sock *sk; 2002}; 2003 2004static void mode_rsp(struct pending_cmd *cmd, void *data) 2005{ 2006 struct mgmt_mode *cp = cmd->param; 2007 struct cmd_lookup *match = data; 2008 2009 if (cp->val != match->val) 2010 return; 2011 2012 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val); 2013 2014 list_del(&cmd->list); 2015 2016 if (match->sk == NULL) { 2017 match->sk = cmd->sk; 2018 sock_hold(match->sk); 2019 } 2020 2021 mgmt_pending_free(cmd); 2022} 2023 2024int mgmt_powered(struct hci_dev *hdev, u8 powered) 2025{ 2026 struct mgmt_mode ev; 2027 struct cmd_lookup match = { powered, NULL }; 2028 int ret; 2029 2030 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match); 2031 2032 if (!powered) { 2033 u8 status = ENETDOWN; 2034 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2035 } 2036 2037 ev.val = powered; 2038 2039 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk); 2040 2041 if (match.sk) 2042 sock_put(match.sk); 2043 2044 return ret; 2045} 2046 2047int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 2048{ 2049 struct mgmt_mode ev; 2050 struct cmd_lookup match = { discoverable, NULL }; 2051 int ret; 2052 2053 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match); 2054 2055 ev.val = discoverable; 2056 2057 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev), 2058 match.sk); 2059 2060 if (match.sk) 2061 sock_put(match.sk); 2062 2063 return ret; 2064} 2065 2066int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 2067{ 2068 struct mgmt_mode ev; 2069 struct cmd_lookup match = { connectable, NULL }; 2070 int ret; 2071 2072 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match); 2073 2074 ev.val = connectable; 2075 2076 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk); 2077 2078 if (match.sk) 2079 sock_put(match.sk); 2080 2081 return ret; 2082} 2083 2084int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 2085{ 2086 if (scan & SCAN_PAGE) 2087 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 2088 cmd_status_rsp, &status); 2089 2090 if (scan & SCAN_INQUIRY) 2091 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 2092 cmd_status_rsp, &status); 2093 2094 return 0; 2095} 2096 2097int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 2098 u8 persistent) 2099{ 2100 struct mgmt_ev_new_link_key ev; 2101 2102 memset(&ev, 0, sizeof(ev)); 2103 2104 ev.store_hint = persistent; 2105 bacpy(&ev.key.bdaddr, &key->bdaddr); 2106 ev.key.type = key->type; 2107 memcpy(ev.key.val, key->val, 16); 2108 ev.key.pin_len = key->pin_len; 2109 2110 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 2111} 2112 2113int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2114 u8 addr_type) 2115{ 2116 struct mgmt_addr_info ev; 2117 2118 bacpy(&ev.bdaddr, bdaddr); 2119 ev.type = link_to_mgmt(link_type, addr_type); 2120 2121 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL); 2122} 2123 2124static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2125{ 2126 struct mgmt_cp_disconnect *cp = cmd->param; 2127 struct sock **sk = data; 2128 struct mgmt_rp_disconnect rp; 2129 2130 bacpy(&rp.bdaddr, &cp->bdaddr); 2131 rp.status = 0; 2132 2133 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 2134 2135 *sk = cmd->sk; 2136 sock_hold(*sk); 2137 2138 mgmt_pending_remove(cmd); 2139} 2140 2141static void remove_keys_rsp(struct pending_cmd *cmd, void *data) 2142{ 2143 u8 *status = data; 2144 struct mgmt_cp_remove_keys *cp = cmd->param; 2145 struct mgmt_rp_remove_keys rp; 2146 2147 memset(&rp, 0, sizeof(rp)); 2148 bacpy(&rp.bdaddr, &cp->bdaddr); 2149 if (status != NULL) 2150 rp.status = *status; 2151 2152 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp, 2153 sizeof(rp)); 2154 2155 mgmt_pending_remove(cmd); 2156} 2157 2158int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2159 u8 addr_type) 2160{ 2161 struct mgmt_addr_info ev; 2162 struct sock *sk = NULL; 2163 int err; 2164 2165 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 2166 2167 bacpy(&ev.bdaddr, bdaddr); 2168 ev.type = link_to_mgmt(link_type, addr_type); 2169 2170 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 2171 2172 if (sk) 2173 sock_put(sk); 2174 2175 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL); 2176 2177 return err; 2178} 2179 2180int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 2181{ 2182 struct pending_cmd *cmd; 2183 int err; 2184 2185 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 2186 if (!cmd) 2187 return -ENOENT; 2188 2189 if (bdaddr) { 2190 struct mgmt_rp_disconnect rp; 2191 2192 bacpy(&rp.bdaddr, bdaddr); 2193 rp.status = status; 2194 2195 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 2196 &rp, sizeof(rp)); 2197 } else 2198 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, 2199 status); 2200 2201 mgmt_pending_remove(cmd); 2202 2203 return err; 2204} 2205 2206int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2207 u8 addr_type, u8 status) 2208{ 2209 struct mgmt_ev_connect_failed ev; 2210 2211 bacpy(&ev.addr.bdaddr, bdaddr); 2212 ev.addr.type = link_to_mgmt(link_type, addr_type); 2213 ev.status = status; 2214 2215 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 2216} 2217 2218int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 2219{ 2220 struct mgmt_ev_pin_code_request ev; 2221 2222 bacpy(&ev.bdaddr, bdaddr); 2223 ev.secure = secure; 2224 2225 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 2226 NULL); 2227} 2228 2229int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2230 u8 status) 2231{ 2232 struct pending_cmd *cmd; 2233 struct mgmt_rp_pin_code_reply rp; 2234 int err; 2235 2236 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 2237 if (!cmd) 2238 return -ENOENT; 2239 2240 bacpy(&rp.bdaddr, bdaddr); 2241 rp.status = status; 2242 2243 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp, 2244 sizeof(rp)); 2245 2246 mgmt_pending_remove(cmd); 2247 2248 return err; 2249} 2250 2251int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2252 u8 status) 2253{ 2254 struct pending_cmd *cmd; 2255 struct mgmt_rp_pin_code_reply rp; 2256 int err; 2257 2258 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 2259 if (!cmd) 2260 return -ENOENT; 2261 2262 bacpy(&rp.bdaddr, bdaddr); 2263 rp.status = status; 2264 2265 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 2266 sizeof(rp)); 2267 2268 mgmt_pending_remove(cmd); 2269 2270 return err; 2271} 2272 2273int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 2274 __le32 value, u8 confirm_hint) 2275{ 2276 struct mgmt_ev_user_confirm_request ev; 2277 2278 BT_DBG("%s", hdev->name); 2279 2280 bacpy(&ev.bdaddr, bdaddr); 2281 ev.confirm_hint = confirm_hint; 2282 put_unaligned_le32(value, &ev.value); 2283 2284 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 2285 NULL); 2286} 2287 2288static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2289 u8 status, u8 opcode) 2290{ 2291 struct pending_cmd *cmd; 2292 struct mgmt_rp_user_confirm_reply rp; 2293 int err; 2294 2295 cmd = mgmt_pending_find(opcode, hdev); 2296 if (!cmd) 2297 return -ENOENT; 2298 2299 bacpy(&rp.bdaddr, bdaddr); 2300 rp.status = status; 2301 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp)); 2302 2303 mgmt_pending_remove(cmd); 2304 2305 return err; 2306} 2307 2308int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2309 u8 status) 2310{ 2311 return confirm_reply_complete(hdev, bdaddr, status, 2312 MGMT_OP_USER_CONFIRM_REPLY); 2313} 2314 2315int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, 2316 bdaddr_t *bdaddr, u8 status) 2317{ 2318 return confirm_reply_complete(hdev, bdaddr, status, 2319 MGMT_OP_USER_CONFIRM_NEG_REPLY); 2320} 2321 2322int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 2323{ 2324 struct mgmt_ev_auth_failed ev; 2325 2326 bacpy(&ev.bdaddr, bdaddr); 2327 ev.status = status; 2328 2329 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 2330} 2331 2332int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 2333{ 2334 struct pending_cmd *cmd; 2335 struct mgmt_cp_set_local_name ev; 2336 int err; 2337 2338 memset(&ev, 0, sizeof(ev)); 2339 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2340 2341 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 2342 if (!cmd) 2343 goto send_event; 2344 2345 if (status) { 2346 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 2347 EIO); 2348 goto failed; 2349 } 2350 2351 update_eir(hdev); 2352 2353 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev, 2354 sizeof(ev)); 2355 if (err < 0) 2356 goto failed; 2357 2358send_event: 2359 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 2360 cmd ? cmd->sk : NULL); 2361 2362failed: 2363 if (cmd) 2364 mgmt_pending_remove(cmd); 2365 return err; 2366} 2367 2368int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 2369 u8 *randomizer, u8 status) 2370{ 2371 struct pending_cmd *cmd; 2372 int err; 2373 2374 BT_DBG("%s status %u", hdev->name, status); 2375 2376 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 2377 if (!cmd) 2378 return -ENOENT; 2379 2380 if (status) { 2381 err = cmd_status(cmd->sk, hdev->id, 2382 MGMT_OP_READ_LOCAL_OOB_DATA, EIO); 2383 } else { 2384 struct mgmt_rp_read_local_oob_data rp; 2385 2386 memcpy(rp.hash, hash, sizeof(rp.hash)); 2387 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 2388 2389 err = cmd_complete(cmd->sk, hdev->id, 2390 MGMT_OP_READ_LOCAL_OOB_DATA, 2391 &rp, sizeof(rp)); 2392 } 2393 2394 mgmt_pending_remove(cmd); 2395 2396 return err; 2397} 2398 2399int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2400 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir) 2401{ 2402 struct mgmt_ev_device_found ev; 2403 2404 memset(&ev, 0, sizeof(ev)); 2405 2406 bacpy(&ev.addr.bdaddr, bdaddr); 2407 ev.addr.type = link_to_mgmt(link_type, addr_type); 2408 ev.rssi = rssi; 2409 2410 if (eir) 2411 memcpy(ev.eir, eir, sizeof(ev.eir)); 2412 2413 if (dev_class) 2414 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class)); 2415 2416 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL); 2417} 2418 2419int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name) 2420{ 2421 struct mgmt_ev_remote_name ev; 2422 2423 memset(&ev, 0, sizeof(ev)); 2424 2425 bacpy(&ev.bdaddr, bdaddr); 2426 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2427 2428 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL); 2429} 2430 2431int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status) 2432{ 2433 struct pending_cmd *cmd; 2434 int err; 2435 2436 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 2437 if (!cmd) 2438 return -ENOENT; 2439 2440 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status); 2441 mgmt_pending_remove(cmd); 2442 2443 return err; 2444} 2445 2446int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 2447{ 2448 struct pending_cmd *cmd; 2449 2450 if (discovering) 2451 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 2452 else 2453 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 2454 2455 if (cmd != NULL) { 2456 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0); 2457 mgmt_pending_remove(cmd); 2458 } 2459 2460 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering, 2461 sizeof(discovering), NULL); 2462} 2463 2464int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 2465{ 2466 struct pending_cmd *cmd; 2467 struct mgmt_ev_device_blocked ev; 2468 2469 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 2470 2471 bacpy(&ev.bdaddr, bdaddr); 2472 2473 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 2474 cmd ? cmd->sk : NULL); 2475} 2476 2477int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 2478{ 2479 struct pending_cmd *cmd; 2480 struct mgmt_ev_device_unblocked ev; 2481 2482 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 2483 2484 bacpy(&ev.bdaddr, bdaddr); 2485 2486 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 2487 cmd ? cmd->sk : NULL); 2488} 2489