mgmt.c revision b24752fe655e9427240a5fe840914b94e5f9c2bc
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2010 Nokia Corporation 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21*/ 22 23/* Bluetooth HCI Management interface */ 24 25#include <linux/uaccess.h> 26#include <asm/unaligned.h> 27 28#include <net/bluetooth/bluetooth.h> 29#include <net/bluetooth/hci_core.h> 30#include <net/bluetooth/mgmt.h> 31 32#define MGMT_VERSION 0 33#define MGMT_REVISION 1 34 35struct pending_cmd { 36 struct list_head list; 37 __u16 opcode; 38 int index; 39 void *param; 40 struct sock *sk; 41 void *user_data; 42}; 43 44static LIST_HEAD(cmd_list); 45 46static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 47{ 48 struct sk_buff *skb; 49 struct mgmt_hdr *hdr; 50 struct mgmt_ev_cmd_status *ev; 51 int err; 52 53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 54 55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 56 if (!skb) 57 return -ENOMEM; 58 59 hdr = (void *) skb_put(skb, sizeof(*hdr)); 60 61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 62 hdr->index = cpu_to_le16(index); 63 hdr->len = cpu_to_le16(sizeof(*ev)); 64 65 ev = (void *) skb_put(skb, sizeof(*ev)); 66 ev->status = status; 67 put_unaligned_le16(cmd, &ev->opcode); 68 69 err = sock_queue_rcv_skb(sk, skb); 70 if (err < 0) 71 kfree_skb(skb); 72 73 return err; 74} 75 76static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 77 size_t rp_len) 78{ 79 struct sk_buff *skb; 80 struct mgmt_hdr *hdr; 81 struct mgmt_ev_cmd_complete *ev; 82 int err; 83 84 BT_DBG("sock %p", sk); 85 86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 87 if (!skb) 88 return -ENOMEM; 89 90 hdr = (void *) skb_put(skb, sizeof(*hdr)); 91 92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 93 hdr->index = cpu_to_le16(index); 94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 95 96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 97 put_unaligned_le16(cmd, &ev->opcode); 98 99 if (rp) 100 memcpy(ev->data, rp, rp_len); 101 102 err = sock_queue_rcv_skb(sk, skb); 103 if (err < 0) 104 kfree_skb(skb); 105 106 return err;; 107} 108 109static int read_version(struct sock *sk) 110{ 111 struct mgmt_rp_read_version rp; 112 113 BT_DBG("sock %p", sk); 114 115 rp.version = MGMT_VERSION; 116 put_unaligned_le16(MGMT_REVISION, &rp.revision); 117 118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 119 sizeof(rp)); 120} 121 122static int read_index_list(struct sock *sk) 123{ 124 struct mgmt_rp_read_index_list *rp; 125 struct list_head *p; 126 struct hci_dev *d; 127 size_t rp_len; 128 u16 count; 129 int i, err; 130 131 BT_DBG("sock %p", sk); 132 133 read_lock(&hci_dev_list_lock); 134 135 count = 0; 136 list_for_each(p, &hci_dev_list) { 137 count++; 138 } 139 140 rp_len = sizeof(*rp) + (2 * count); 141 rp = kmalloc(rp_len, GFP_ATOMIC); 142 if (!rp) { 143 read_unlock(&hci_dev_list_lock); 144 return -ENOMEM; 145 } 146 147 put_unaligned_le16(count, &rp->num_controllers); 148 149 i = 0; 150 list_for_each_entry(d, &hci_dev_list, list) { 151 hci_del_off_timer(d); 152 153 if (test_bit(HCI_SETUP, &d->flags)) 154 continue; 155 156 put_unaligned_le16(d->id, &rp->index[i++]); 157 BT_DBG("Added hci%u", d->id); 158 } 159 160 read_unlock(&hci_dev_list_lock); 161 162 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 163 rp_len); 164 165 kfree(rp); 166 167 return err; 168} 169 170static int read_controller_info(struct sock *sk, u16 index) 171{ 172 struct mgmt_rp_read_info rp; 173 struct hci_dev *hdev; 174 175 BT_DBG("sock %p hci%u", sk, index); 176 177 hdev = hci_dev_get(index); 178 if (!hdev) 179 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV); 180 181 hci_del_off_timer(hdev); 182 183 hci_dev_lock_bh(hdev); 184 185 set_bit(HCI_MGMT, &hdev->flags); 186 187 memset(&rp, 0, sizeof(rp)); 188 189 rp.type = hdev->dev_type; 190 191 rp.powered = test_bit(HCI_UP, &hdev->flags); 192 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags); 193 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags); 194 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags); 195 196 if (test_bit(HCI_AUTH, &hdev->flags)) 197 rp.sec_mode = 3; 198 else if (hdev->ssp_mode > 0) 199 rp.sec_mode = 4; 200 else 201 rp.sec_mode = 2; 202 203 bacpy(&rp.bdaddr, &hdev->bdaddr); 204 memcpy(rp.features, hdev->features, 8); 205 memcpy(rp.dev_class, hdev->dev_class, 3); 206 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 207 rp.hci_ver = hdev->hci_ver; 208 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev); 209 210 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 211 212 hci_dev_unlock_bh(hdev); 213 hci_dev_put(hdev); 214 215 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 216} 217 218static void mgmt_pending_free(struct pending_cmd *cmd) 219{ 220 sock_put(cmd->sk); 221 kfree(cmd->param); 222 kfree(cmd); 223} 224 225static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 226 u16 index, void *data, u16 len) 227{ 228 struct pending_cmd *cmd; 229 230 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 231 if (!cmd) 232 return NULL; 233 234 cmd->opcode = opcode; 235 cmd->index = index; 236 237 cmd->param = kmalloc(len, GFP_ATOMIC); 238 if (!cmd->param) { 239 kfree(cmd); 240 return NULL; 241 } 242 243 if (data) 244 memcpy(cmd->param, data, len); 245 246 cmd->sk = sk; 247 sock_hold(sk); 248 249 list_add(&cmd->list, &cmd_list); 250 251 return cmd; 252} 253 254static void mgmt_pending_foreach(u16 opcode, int index, 255 void (*cb)(struct pending_cmd *cmd, void *data), 256 void *data) 257{ 258 struct list_head *p, *n; 259 260 list_for_each_safe(p, n, &cmd_list) { 261 struct pending_cmd *cmd; 262 263 cmd = list_entry(p, struct pending_cmd, list); 264 265 if (opcode > 0 && cmd->opcode != opcode) 266 continue; 267 268 if (index >= 0 && cmd->index != index) 269 continue; 270 271 cb(cmd, data); 272 } 273} 274 275static struct pending_cmd *mgmt_pending_find(u16 opcode, int index) 276{ 277 struct pending_cmd *cmd; 278 279 list_for_each_entry(cmd, &cmd_list, list) { 280 if (cmd->opcode != opcode) 281 continue; 282 283 if (index >= 0 && cmd->index != index) 284 continue; 285 286 return cmd; 287 } 288 289 return NULL; 290} 291 292static void mgmt_pending_remove(struct pending_cmd *cmd) 293{ 294 list_del(&cmd->list); 295 mgmt_pending_free(cmd); 296} 297 298static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 299{ 300 struct mgmt_mode *cp; 301 struct hci_dev *hdev; 302 struct pending_cmd *cmd; 303 int err, up; 304 305 cp = (void *) data; 306 307 BT_DBG("request for hci%u", index); 308 309 if (len != sizeof(*cp)) 310 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL); 311 312 hdev = hci_dev_get(index); 313 if (!hdev) 314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV); 315 316 hci_dev_lock_bh(hdev); 317 318 up = test_bit(HCI_UP, &hdev->flags); 319 if ((cp->val && up) || (!cp->val && !up)) { 320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY); 321 goto failed; 322 } 323 324 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) { 325 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY); 326 goto failed; 327 } 328 329 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len); 330 if (!cmd) { 331 err = -ENOMEM; 332 goto failed; 333 } 334 335 if (cp->val) 336 queue_work(hdev->workqueue, &hdev->power_on); 337 else 338 queue_work(hdev->workqueue, &hdev->power_off); 339 340 err = 0; 341 342failed: 343 hci_dev_unlock_bh(hdev); 344 hci_dev_put(hdev); 345 return err; 346} 347 348static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 349 u16 len) 350{ 351 struct mgmt_mode *cp; 352 struct hci_dev *hdev; 353 struct pending_cmd *cmd; 354 u8 scan; 355 int err; 356 357 cp = (void *) data; 358 359 BT_DBG("request for hci%u", index); 360 361 if (len != sizeof(*cp)) 362 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL); 363 364 hdev = hci_dev_get(index); 365 if (!hdev) 366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV); 367 368 hci_dev_lock_bh(hdev); 369 370 if (!test_bit(HCI_UP, &hdev->flags)) { 371 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN); 372 goto failed; 373 } 374 375 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 376 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 377 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY); 378 goto failed; 379 } 380 381 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 382 test_bit(HCI_PSCAN, &hdev->flags)) { 383 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY); 384 goto failed; 385 } 386 387 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len); 388 if (!cmd) { 389 err = -ENOMEM; 390 goto failed; 391 } 392 393 scan = SCAN_PAGE; 394 395 if (cp->val) 396 scan |= SCAN_INQUIRY; 397 398 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 399 if (err < 0) 400 mgmt_pending_remove(cmd); 401 402failed: 403 hci_dev_unlock_bh(hdev); 404 hci_dev_put(hdev); 405 406 return err; 407} 408 409static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 410 u16 len) 411{ 412 struct mgmt_mode *cp; 413 struct hci_dev *hdev; 414 struct pending_cmd *cmd; 415 u8 scan; 416 int err; 417 418 cp = (void *) data; 419 420 BT_DBG("request for hci%u", index); 421 422 if (len != sizeof(*cp)) 423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL); 424 425 hdev = hci_dev_get(index); 426 if (!hdev) 427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV); 428 429 hci_dev_lock_bh(hdev); 430 431 if (!test_bit(HCI_UP, &hdev->flags)) { 432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN); 433 goto failed; 434 } 435 436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY); 439 goto failed; 440 } 441 442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY); 444 goto failed; 445 } 446 447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len); 448 if (!cmd) { 449 err = -ENOMEM; 450 goto failed; 451 } 452 453 if (cp->val) 454 scan = SCAN_PAGE; 455 else 456 scan = 0; 457 458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 459 if (err < 0) 460 mgmt_pending_remove(cmd); 461 462failed: 463 hci_dev_unlock_bh(hdev); 464 hci_dev_put(hdev); 465 466 return err; 467} 468 469static int mgmt_event(u16 event, u16 index, void *data, u16 data_len, 470 struct sock *skip_sk) 471{ 472 struct sk_buff *skb; 473 struct mgmt_hdr *hdr; 474 475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 476 if (!skb) 477 return -ENOMEM; 478 479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 480 481 hdr = (void *) skb_put(skb, sizeof(*hdr)); 482 hdr->opcode = cpu_to_le16(event); 483 hdr->index = cpu_to_le16(index); 484 hdr->len = cpu_to_le16(data_len); 485 486 if (data) 487 memcpy(skb_put(skb, data_len), data, data_len); 488 489 hci_send_to_sock(NULL, skb, skip_sk); 490 kfree_skb(skb); 491 492 return 0; 493} 494 495static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val) 496{ 497 struct mgmt_mode rp; 498 499 rp.val = val; 500 501 return cmd_complete(sk, index, opcode, &rp, sizeof(rp)); 502} 503 504static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 505 u16 len) 506{ 507 struct mgmt_mode *cp, ev; 508 struct hci_dev *hdev; 509 int err; 510 511 cp = (void *) data; 512 513 BT_DBG("request for hci%u", index); 514 515 if (len != sizeof(*cp)) 516 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL); 517 518 hdev = hci_dev_get(index); 519 if (!hdev) 520 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV); 521 522 hci_dev_lock_bh(hdev); 523 524 if (cp->val) 525 set_bit(HCI_PAIRABLE, &hdev->flags); 526 else 527 clear_bit(HCI_PAIRABLE, &hdev->flags); 528 529 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val); 530 if (err < 0) 531 goto failed; 532 533 ev.val = cp->val; 534 535 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk); 536 537failed: 538 hci_dev_unlock_bh(hdev); 539 hci_dev_put(hdev); 540 541 return err; 542} 543 544#define EIR_FLAGS 0x01 /* flags */ 545#define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */ 546#define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */ 547#define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */ 548#define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */ 549#define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */ 550#define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */ 551#define EIR_NAME_SHORT 0x08 /* shortened local name */ 552#define EIR_NAME_COMPLETE 0x09 /* complete local name */ 553#define EIR_TX_POWER 0x0A /* transmit power level */ 554#define EIR_DEVICE_ID 0x10 /* device ID */ 555 556#define PNP_INFO_SVCLASS_ID 0x1200 557 558static u8 bluetooth_base_uuid[] = { 559 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 560 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 561}; 562 563static u16 get_uuid16(u8 *uuid128) 564{ 565 u32 val; 566 int i; 567 568 for (i = 0; i < 12; i++) { 569 if (bluetooth_base_uuid[i] != uuid128[i]) 570 return 0; 571 } 572 573 memcpy(&val, &uuid128[12], 4); 574 575 val = le32_to_cpu(val); 576 if (val > 0xffff) 577 return 0; 578 579 return (u16) val; 580} 581 582static void create_eir(struct hci_dev *hdev, u8 *data) 583{ 584 u8 *ptr = data; 585 u16 eir_len = 0; 586 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 587 int i, truncated = 0; 588 struct bt_uuid *uuid; 589 size_t name_len; 590 591 name_len = strlen(hdev->dev_name); 592 593 if (name_len > 0) { 594 /* EIR Data type */ 595 if (name_len > 48) { 596 name_len = 48; 597 ptr[1] = EIR_NAME_SHORT; 598 } else 599 ptr[1] = EIR_NAME_COMPLETE; 600 601 /* EIR Data length */ 602 ptr[0] = name_len + 1; 603 604 memcpy(ptr + 2, hdev->dev_name, name_len); 605 606 eir_len += (name_len + 2); 607 ptr += (name_len + 2); 608 } 609 610 memset(uuid16_list, 0, sizeof(uuid16_list)); 611 612 /* Group all UUID16 types */ 613 list_for_each_entry(uuid, &hdev->uuids, list) { 614 u16 uuid16; 615 616 uuid16 = get_uuid16(uuid->uuid); 617 if (uuid16 == 0) 618 return; 619 620 if (uuid16 < 0x1100) 621 continue; 622 623 if (uuid16 == PNP_INFO_SVCLASS_ID) 624 continue; 625 626 /* Stop if not enough space to put next UUID */ 627 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 628 truncated = 1; 629 break; 630 } 631 632 /* Check for duplicates */ 633 for (i = 0; uuid16_list[i] != 0; i++) 634 if (uuid16_list[i] == uuid16) 635 break; 636 637 if (uuid16_list[i] == 0) { 638 uuid16_list[i] = uuid16; 639 eir_len += sizeof(u16); 640 } 641 } 642 643 if (uuid16_list[0] != 0) { 644 u8 *length = ptr; 645 646 /* EIR Data type */ 647 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 648 649 ptr += 2; 650 eir_len += 2; 651 652 for (i = 0; uuid16_list[i] != 0; i++) { 653 *ptr++ = (uuid16_list[i] & 0x00ff); 654 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 655 } 656 657 /* EIR Data length */ 658 *length = (i * sizeof(u16)) + 1; 659 } 660} 661 662static int update_eir(struct hci_dev *hdev) 663{ 664 struct hci_cp_write_eir cp; 665 666 if (!(hdev->features[6] & LMP_EXT_INQ)) 667 return 0; 668 669 if (hdev->ssp_mode == 0) 670 return 0; 671 672 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 673 return 0; 674 675 memset(&cp, 0, sizeof(cp)); 676 677 create_eir(hdev, cp.data); 678 679 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 680 return 0; 681 682 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 683 684 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 685} 686 687static u8 get_service_classes(struct hci_dev *hdev) 688{ 689 struct bt_uuid *uuid; 690 u8 val = 0; 691 692 list_for_each_entry(uuid, &hdev->uuids, list) 693 val |= uuid->svc_hint; 694 695 return val; 696} 697 698static int update_class(struct hci_dev *hdev) 699{ 700 u8 cod[3]; 701 702 BT_DBG("%s", hdev->name); 703 704 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 705 return 0; 706 707 cod[0] = hdev->minor_class; 708 cod[1] = hdev->major_class; 709 cod[2] = get_service_classes(hdev); 710 711 if (memcmp(cod, hdev->dev_class, 3) == 0) 712 return 0; 713 714 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 715} 716 717static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 718{ 719 struct mgmt_cp_add_uuid *cp; 720 struct hci_dev *hdev; 721 struct bt_uuid *uuid; 722 int err; 723 724 cp = (void *) data; 725 726 BT_DBG("request for hci%u", index); 727 728 if (len != sizeof(*cp)) 729 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL); 730 731 hdev = hci_dev_get(index); 732 if (!hdev) 733 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV); 734 735 hci_dev_lock_bh(hdev); 736 737 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 738 if (!uuid) { 739 err = -ENOMEM; 740 goto failed; 741 } 742 743 memcpy(uuid->uuid, cp->uuid, 16); 744 uuid->svc_hint = cp->svc_hint; 745 746 list_add(&uuid->list, &hdev->uuids); 747 748 err = update_class(hdev); 749 if (err < 0) 750 goto failed; 751 752 err = update_eir(hdev); 753 if (err < 0) 754 goto failed; 755 756 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 757 758failed: 759 hci_dev_unlock_bh(hdev); 760 hci_dev_put(hdev); 761 762 return err; 763} 764 765static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 766{ 767 struct list_head *p, *n; 768 struct mgmt_cp_remove_uuid *cp; 769 struct hci_dev *hdev; 770 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 771 int err, found; 772 773 cp = (void *) data; 774 775 BT_DBG("request for hci%u", index); 776 777 if (len != sizeof(*cp)) 778 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL); 779 780 hdev = hci_dev_get(index); 781 if (!hdev) 782 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV); 783 784 hci_dev_lock_bh(hdev); 785 786 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 787 err = hci_uuids_clear(hdev); 788 goto unlock; 789 } 790 791 found = 0; 792 793 list_for_each_safe(p, n, &hdev->uuids) { 794 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 795 796 if (memcmp(match->uuid, cp->uuid, 16) != 0) 797 continue; 798 799 list_del(&match->list); 800 found++; 801 } 802 803 if (found == 0) { 804 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT); 805 goto unlock; 806 } 807 808 err = update_class(hdev); 809 if (err < 0) 810 goto unlock; 811 812 err = update_eir(hdev); 813 if (err < 0) 814 goto unlock; 815 816 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 817 818unlock: 819 hci_dev_unlock_bh(hdev); 820 hci_dev_put(hdev); 821 822 return err; 823} 824 825static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 826 u16 len) 827{ 828 struct hci_dev *hdev; 829 struct mgmt_cp_set_dev_class *cp; 830 int err; 831 832 cp = (void *) data; 833 834 BT_DBG("request for hci%u", index); 835 836 if (len != sizeof(*cp)) 837 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL); 838 839 hdev = hci_dev_get(index); 840 if (!hdev) 841 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV); 842 843 hci_dev_lock_bh(hdev); 844 845 hdev->major_class = cp->major; 846 hdev->minor_class = cp->minor; 847 848 err = update_class(hdev); 849 850 if (err == 0) 851 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 852 853 hci_dev_unlock_bh(hdev); 854 hci_dev_put(hdev); 855 856 return err; 857} 858 859static int set_service_cache(struct sock *sk, u16 index, unsigned char *data, 860 u16 len) 861{ 862 struct hci_dev *hdev; 863 struct mgmt_cp_set_service_cache *cp; 864 int err; 865 866 cp = (void *) data; 867 868 if (len != sizeof(*cp)) 869 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL); 870 871 hdev = hci_dev_get(index); 872 if (!hdev) 873 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV); 874 875 hci_dev_lock_bh(hdev); 876 877 BT_DBG("hci%u enable %d", index, cp->enable); 878 879 if (cp->enable) { 880 set_bit(HCI_SERVICE_CACHE, &hdev->flags); 881 err = 0; 882 } else { 883 clear_bit(HCI_SERVICE_CACHE, &hdev->flags); 884 err = update_class(hdev); 885 if (err == 0) 886 err = update_eir(hdev); 887 } 888 889 if (err == 0) 890 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL, 891 0); 892 else 893 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err); 894 895 896 hci_dev_unlock_bh(hdev); 897 hci_dev_put(hdev); 898 899 return err; 900} 901 902static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) 903{ 904 struct hci_dev *hdev; 905 struct mgmt_cp_load_keys *cp; 906 u16 key_count, expected_len; 907 int i; 908 909 cp = (void *) data; 910 911 if (len < sizeof(*cp)) 912 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL); 913 914 key_count = get_unaligned_le16(&cp->key_count); 915 916 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info); 917 if (expected_len != len) { 918 BT_ERR("load_keys: expected %u bytes, got %u bytes", 919 len, expected_len); 920 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL); 921 } 922 923 hdev = hci_dev_get(index); 924 if (!hdev) 925 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV); 926 927 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 928 key_count); 929 930 hci_dev_lock_bh(hdev); 931 932 hci_link_keys_clear(hdev); 933 934 set_bit(HCI_LINK_KEYS, &hdev->flags); 935 936 if (cp->debug_keys) 937 set_bit(HCI_DEBUG_KEYS, &hdev->flags); 938 else 939 clear_bit(HCI_DEBUG_KEYS, &hdev->flags); 940 941 for (i = 0; i < key_count; i++) { 942 struct mgmt_key_info *key = &cp->keys[i]; 943 944 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, 945 key->pin_len); 946 } 947 948 hci_dev_unlock_bh(hdev); 949 hci_dev_put(hdev); 950 951 return 0; 952} 953 954static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) 955{ 956 struct hci_dev *hdev; 957 struct mgmt_cp_remove_key *cp; 958 struct hci_conn *conn; 959 int err; 960 961 cp = (void *) data; 962 963 if (len != sizeof(*cp)) 964 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL); 965 966 hdev = hci_dev_get(index); 967 if (!hdev) 968 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV); 969 970 hci_dev_lock_bh(hdev); 971 972 err = hci_remove_link_key(hdev, &cp->bdaddr); 973 if (err < 0) { 974 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err); 975 goto unlock; 976 } 977 978 err = 0; 979 980 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) 981 goto unlock; 982 983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 984 if (conn) { 985 struct hci_cp_disconnect dc; 986 987 put_unaligned_le16(conn->handle, &dc.handle); 988 dc.reason = 0x13; /* Remote User Terminated Connection */ 989 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 990 } 991 992unlock: 993 hci_dev_unlock_bh(hdev); 994 hci_dev_put(hdev); 995 996 return err; 997} 998 999static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 1000{ 1001 struct hci_dev *hdev; 1002 struct mgmt_cp_disconnect *cp; 1003 struct hci_cp_disconnect dc; 1004 struct pending_cmd *cmd; 1005 struct hci_conn *conn; 1006 int err; 1007 1008 BT_DBG(""); 1009 1010 cp = (void *) data; 1011 1012 if (len != sizeof(*cp)) 1013 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL); 1014 1015 hdev = hci_dev_get(index); 1016 if (!hdev) 1017 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV); 1018 1019 hci_dev_lock_bh(hdev); 1020 1021 if (!test_bit(HCI_UP, &hdev->flags)) { 1022 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN); 1023 goto failed; 1024 } 1025 1026 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) { 1027 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY); 1028 goto failed; 1029 } 1030 1031 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1032 if (!conn) 1033 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr); 1034 1035 if (!conn) { 1036 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN); 1037 goto failed; 1038 } 1039 1040 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len); 1041 if (!cmd) { 1042 err = -ENOMEM; 1043 goto failed; 1044 } 1045 1046 put_unaligned_le16(conn->handle, &dc.handle); 1047 dc.reason = 0x13; /* Remote User Terminated Connection */ 1048 1049 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1050 if (err < 0) 1051 mgmt_pending_remove(cmd); 1052 1053failed: 1054 hci_dev_unlock_bh(hdev); 1055 hci_dev_put(hdev); 1056 1057 return err; 1058} 1059 1060static int get_connections(struct sock *sk, u16 index) 1061{ 1062 struct mgmt_rp_get_connections *rp; 1063 struct hci_dev *hdev; 1064 struct hci_conn *c; 1065 struct list_head *p; 1066 size_t rp_len; 1067 u16 count; 1068 int i, err; 1069 1070 BT_DBG(""); 1071 1072 hdev = hci_dev_get(index); 1073 if (!hdev) 1074 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV); 1075 1076 hci_dev_lock_bh(hdev); 1077 1078 count = 0; 1079 list_for_each(p, &hdev->conn_hash.list) { 1080 count++; 1081 } 1082 1083 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t)); 1084 rp = kmalloc(rp_len, GFP_ATOMIC); 1085 if (!rp) { 1086 err = -ENOMEM; 1087 goto unlock; 1088 } 1089 1090 put_unaligned_le16(count, &rp->conn_count); 1091 1092 i = 0; 1093 list_for_each_entry(c, &hdev->conn_hash.list, list) 1094 bacpy(&rp->conn[i++], &c->dst); 1095 1096 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 1097 1098unlock: 1099 kfree(rp); 1100 hci_dev_unlock_bh(hdev); 1101 hci_dev_put(hdev); 1102 return err; 1103} 1104 1105static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1106 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1107{ 1108 struct pending_cmd *cmd; 1109 int err; 1110 1111 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp, 1112 sizeof(*cp)); 1113 if (!cmd) 1114 return -ENOMEM; 1115 1116 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1117 &cp->bdaddr); 1118 if (err < 0) 1119 mgmt_pending_remove(cmd); 1120 1121 return err; 1122} 1123 1124static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 1125 u16 len) 1126{ 1127 struct hci_dev *hdev; 1128 struct hci_conn *conn; 1129 struct mgmt_cp_pin_code_reply *cp; 1130 struct mgmt_cp_pin_code_neg_reply ncp; 1131 struct hci_cp_pin_code_reply reply; 1132 struct pending_cmd *cmd; 1133 int err; 1134 1135 BT_DBG(""); 1136 1137 cp = (void *) data; 1138 1139 if (len != sizeof(*cp)) 1140 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL); 1141 1142 hdev = hci_dev_get(index); 1143 if (!hdev) 1144 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV); 1145 1146 hci_dev_lock_bh(hdev); 1147 1148 if (!test_bit(HCI_UP, &hdev->flags)) { 1149 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN); 1150 goto failed; 1151 } 1152 1153 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1154 if (!conn) { 1155 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN); 1156 goto failed; 1157 } 1158 1159 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1160 bacpy(&ncp.bdaddr, &cp->bdaddr); 1161 1162 BT_ERR("PIN code is not 16 bytes long"); 1163 1164 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1165 if (err >= 0) 1166 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1167 EINVAL); 1168 1169 goto failed; 1170 } 1171 1172 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len); 1173 if (!cmd) { 1174 err = -ENOMEM; 1175 goto failed; 1176 } 1177 1178 bacpy(&reply.bdaddr, &cp->bdaddr); 1179 reply.pin_len = cp->pin_len; 1180 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1181 1182 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1183 if (err < 0) 1184 mgmt_pending_remove(cmd); 1185 1186failed: 1187 hci_dev_unlock_bh(hdev); 1188 hci_dev_put(hdev); 1189 1190 return err; 1191} 1192 1193static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1194 u16 len) 1195{ 1196 struct hci_dev *hdev; 1197 struct mgmt_cp_pin_code_neg_reply *cp; 1198 int err; 1199 1200 BT_DBG(""); 1201 1202 cp = (void *) data; 1203 1204 if (len != sizeof(*cp)) 1205 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1206 EINVAL); 1207 1208 hdev = hci_dev_get(index); 1209 if (!hdev) 1210 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1211 ENODEV); 1212 1213 hci_dev_lock_bh(hdev); 1214 1215 if (!test_bit(HCI_UP, &hdev->flags)) { 1216 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1217 ENETDOWN); 1218 goto failed; 1219 } 1220 1221 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1222 1223failed: 1224 hci_dev_unlock_bh(hdev); 1225 hci_dev_put(hdev); 1226 1227 return err; 1228} 1229 1230static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1231 u16 len) 1232{ 1233 struct hci_dev *hdev; 1234 struct mgmt_cp_set_io_capability *cp; 1235 1236 BT_DBG(""); 1237 1238 cp = (void *) data; 1239 1240 if (len != sizeof(*cp)) 1241 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL); 1242 1243 hdev = hci_dev_get(index); 1244 if (!hdev) 1245 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV); 1246 1247 hci_dev_lock_bh(hdev); 1248 1249 hdev->io_capability = cp->io_capability; 1250 1251 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1252 hdev->io_capability); 1253 1254 hci_dev_unlock_bh(hdev); 1255 hci_dev_put(hdev); 1256 1257 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1258} 1259 1260static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1261{ 1262 struct hci_dev *hdev = conn->hdev; 1263 struct pending_cmd *cmd; 1264 1265 list_for_each_entry(cmd, &cmd_list, list) { 1266 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1267 continue; 1268 1269 if (cmd->index != hdev->id) 1270 continue; 1271 1272 if (cmd->user_data != conn) 1273 continue; 1274 1275 return cmd; 1276 } 1277 1278 return NULL; 1279} 1280 1281static void pairing_complete(struct pending_cmd *cmd, u8 status) 1282{ 1283 struct mgmt_rp_pair_device rp; 1284 struct hci_conn *conn = cmd->user_data; 1285 1286 bacpy(&rp.bdaddr, &conn->dst); 1287 rp.status = status; 1288 1289 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1290 1291 /* So we don't get further callbacks for this connection */ 1292 conn->connect_cfm_cb = NULL; 1293 conn->security_cfm_cb = NULL; 1294 conn->disconn_cfm_cb = NULL; 1295 1296 hci_conn_put(conn); 1297 1298 mgmt_pending_remove(cmd); 1299} 1300 1301static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1302{ 1303 struct pending_cmd *cmd; 1304 1305 BT_DBG("status %u", status); 1306 1307 cmd = find_pairing(conn); 1308 if (!cmd) { 1309 BT_DBG("Unable to find a pending command"); 1310 return; 1311 } 1312 1313 pairing_complete(cmd, status); 1314} 1315 1316static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1317{ 1318 struct hci_dev *hdev; 1319 struct mgmt_cp_pair_device *cp; 1320 struct pending_cmd *cmd; 1321 struct adv_entry *entry; 1322 u8 sec_level, auth_type; 1323 struct hci_conn *conn; 1324 int err; 1325 1326 BT_DBG(""); 1327 1328 cp = (void *) data; 1329 1330 if (len != sizeof(*cp)) 1331 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL); 1332 1333 hdev = hci_dev_get(index); 1334 if (!hdev) 1335 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV); 1336 1337 hci_dev_lock_bh(hdev); 1338 1339 sec_level = BT_SECURITY_MEDIUM; 1340 if (cp->io_cap == 0x03) 1341 auth_type = HCI_AT_DEDICATED_BONDING; 1342 else 1343 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1344 1345 entry = hci_find_adv_entry(hdev, &cp->bdaddr); 1346 if (entry) 1347 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level, 1348 auth_type); 1349 else 1350 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, 1351 auth_type); 1352 1353 if (IS_ERR(conn)) { 1354 err = PTR_ERR(conn); 1355 goto unlock; 1356 } 1357 1358 if (conn->connect_cfm_cb) { 1359 hci_conn_put(conn); 1360 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY); 1361 goto unlock; 1362 } 1363 1364 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len); 1365 if (!cmd) { 1366 err = -ENOMEM; 1367 hci_conn_put(conn); 1368 goto unlock; 1369 } 1370 1371 /* For LE, just connecting isn't a proof that the pairing finished */ 1372 if (!entry) 1373 conn->connect_cfm_cb = pairing_complete_cb; 1374 1375 conn->security_cfm_cb = pairing_complete_cb; 1376 conn->disconn_cfm_cb = pairing_complete_cb; 1377 conn->io_capability = cp->io_cap; 1378 cmd->user_data = conn; 1379 1380 if (conn->state == BT_CONNECTED && 1381 hci_conn_security(conn, sec_level, auth_type)) 1382 pairing_complete(cmd, 0); 1383 1384 err = 0; 1385 1386unlock: 1387 hci_dev_unlock_bh(hdev); 1388 hci_dev_put(hdev); 1389 1390 return err; 1391} 1392 1393static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data, 1394 u16 len, int success) 1395{ 1396 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 1397 u16 mgmt_op, hci_op; 1398 struct pending_cmd *cmd; 1399 struct hci_dev *hdev; 1400 int err; 1401 1402 BT_DBG(""); 1403 1404 if (success) { 1405 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY; 1406 hci_op = HCI_OP_USER_CONFIRM_REPLY; 1407 } else { 1408 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY; 1409 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY; 1410 } 1411 1412 if (len != sizeof(*cp)) 1413 return cmd_status(sk, index, mgmt_op, EINVAL); 1414 1415 hdev = hci_dev_get(index); 1416 if (!hdev) 1417 return cmd_status(sk, index, mgmt_op, ENODEV); 1418 1419 hci_dev_lock_bh(hdev); 1420 1421 if (!test_bit(HCI_UP, &hdev->flags)) { 1422 err = cmd_status(sk, index, mgmt_op, ENETDOWN); 1423 goto failed; 1424 } 1425 1426 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len); 1427 if (!cmd) { 1428 err = -ENOMEM; 1429 goto failed; 1430 } 1431 1432 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr); 1433 if (err < 0) 1434 mgmt_pending_remove(cmd); 1435 1436failed: 1437 hci_dev_unlock_bh(hdev); 1438 hci_dev_put(hdev); 1439 1440 return err; 1441} 1442 1443static int set_local_name(struct sock *sk, u16 index, unsigned char *data, 1444 u16 len) 1445{ 1446 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data; 1447 struct hci_cp_write_local_name hci_cp; 1448 struct hci_dev *hdev; 1449 struct pending_cmd *cmd; 1450 int err; 1451 1452 BT_DBG(""); 1453 1454 if (len != sizeof(*mgmt_cp)) 1455 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL); 1456 1457 hdev = hci_dev_get(index); 1458 if (!hdev) 1459 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV); 1460 1461 hci_dev_lock_bh(hdev); 1462 1463 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len); 1464 if (!cmd) { 1465 err = -ENOMEM; 1466 goto failed; 1467 } 1468 1469 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 1470 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 1471 &hci_cp); 1472 if (err < 0) 1473 mgmt_pending_remove(cmd); 1474 1475failed: 1476 hci_dev_unlock_bh(hdev); 1477 hci_dev_put(hdev); 1478 1479 return err; 1480} 1481 1482static int read_local_oob_data(struct sock *sk, u16 index) 1483{ 1484 struct hci_dev *hdev; 1485 struct pending_cmd *cmd; 1486 int err; 1487 1488 BT_DBG("hci%u", index); 1489 1490 hdev = hci_dev_get(index); 1491 if (!hdev) 1492 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1493 ENODEV); 1494 1495 hci_dev_lock_bh(hdev); 1496 1497 if (!test_bit(HCI_UP, &hdev->flags)) { 1498 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1499 ENETDOWN); 1500 goto unlock; 1501 } 1502 1503 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1504 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1505 EOPNOTSUPP); 1506 goto unlock; 1507 } 1508 1509 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) { 1510 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY); 1511 goto unlock; 1512 } 1513 1514 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0); 1515 if (!cmd) { 1516 err = -ENOMEM; 1517 goto unlock; 1518 } 1519 1520 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 1521 if (err < 0) 1522 mgmt_pending_remove(cmd); 1523 1524unlock: 1525 hci_dev_unlock_bh(hdev); 1526 hci_dev_put(hdev); 1527 1528 return err; 1529} 1530 1531static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, 1532 u16 len) 1533{ 1534 struct hci_dev *hdev; 1535 struct mgmt_cp_add_remote_oob_data *cp = (void *) data; 1536 int err; 1537 1538 BT_DBG("hci%u ", index); 1539 1540 if (len != sizeof(*cp)) 1541 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1542 EINVAL); 1543 1544 hdev = hci_dev_get(index); 1545 if (!hdev) 1546 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1547 ENODEV); 1548 1549 hci_dev_lock_bh(hdev); 1550 1551 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, 1552 cp->randomizer); 1553 if (err < 0) 1554 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err); 1555 else 1556 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, 1557 0); 1558 1559 hci_dev_unlock_bh(hdev); 1560 hci_dev_put(hdev); 1561 1562 return err; 1563} 1564 1565static int remove_remote_oob_data(struct sock *sk, u16 index, 1566 unsigned char *data, u16 len) 1567{ 1568 struct hci_dev *hdev; 1569 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data; 1570 int err; 1571 1572 BT_DBG("hci%u ", index); 1573 1574 if (len != sizeof(*cp)) 1575 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1576 EINVAL); 1577 1578 hdev = hci_dev_get(index); 1579 if (!hdev) 1580 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1581 ENODEV); 1582 1583 hci_dev_lock_bh(hdev); 1584 1585 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); 1586 if (err < 0) 1587 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1588 -err); 1589 else 1590 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1591 NULL, 0); 1592 1593 hci_dev_unlock_bh(hdev); 1594 hci_dev_put(hdev); 1595 1596 return err; 1597} 1598 1599static int start_discovery(struct sock *sk, u16 index) 1600{ 1601 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 1602 struct hci_cp_inquiry cp; 1603 struct pending_cmd *cmd; 1604 struct hci_dev *hdev; 1605 int err; 1606 1607 BT_DBG("hci%u", index); 1608 1609 hdev = hci_dev_get(index); 1610 if (!hdev) 1611 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV); 1612 1613 hci_dev_lock_bh(hdev); 1614 1615 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0); 1616 if (!cmd) { 1617 err = -ENOMEM; 1618 goto failed; 1619 } 1620 1621 memset(&cp, 0, sizeof(cp)); 1622 memcpy(&cp.lap, lap, 3); 1623 cp.length = 0x08; 1624 cp.num_rsp = 0x00; 1625 1626 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 1627 if (err < 0) 1628 mgmt_pending_remove(cmd); 1629 1630failed: 1631 hci_dev_unlock_bh(hdev); 1632 hci_dev_put(hdev); 1633 1634 return err; 1635} 1636 1637static int stop_discovery(struct sock *sk, u16 index) 1638{ 1639 struct hci_dev *hdev; 1640 struct pending_cmd *cmd; 1641 int err; 1642 1643 BT_DBG("hci%u", index); 1644 1645 hdev = hci_dev_get(index); 1646 if (!hdev) 1647 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV); 1648 1649 hci_dev_lock_bh(hdev); 1650 1651 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0); 1652 if (!cmd) { 1653 err = -ENOMEM; 1654 goto failed; 1655 } 1656 1657 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); 1658 if (err < 0) 1659 mgmt_pending_remove(cmd); 1660 1661failed: 1662 hci_dev_unlock_bh(hdev); 1663 hci_dev_put(hdev); 1664 1665 return err; 1666} 1667 1668static int block_device(struct sock *sk, u16 index, unsigned char *data, 1669 u16 len) 1670{ 1671 struct hci_dev *hdev; 1672 struct pending_cmd *cmd; 1673 struct mgmt_cp_block_device *cp = (void *) data; 1674 int err; 1675 1676 BT_DBG("hci%u", index); 1677 1678 if (len != sizeof(*cp)) 1679 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1680 EINVAL); 1681 1682 hdev = hci_dev_get(index); 1683 if (!hdev) 1684 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1685 ENODEV); 1686 1687 hci_dev_lock_bh(hdev); 1688 1689 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0); 1690 if (!cmd) { 1691 err = -ENOMEM; 1692 goto failed; 1693 } 1694 1695 err = hci_blacklist_add(hdev, &cp->bdaddr); 1696 1697 if (err < 0) 1698 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err); 1699 else 1700 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 1701 NULL, 0); 1702 1703 mgmt_pending_remove(cmd); 1704 1705failed: 1706 hci_dev_unlock_bh(hdev); 1707 hci_dev_put(hdev); 1708 1709 return err; 1710} 1711 1712static int unblock_device(struct sock *sk, u16 index, unsigned char *data, 1713 u16 len) 1714{ 1715 struct hci_dev *hdev; 1716 struct pending_cmd *cmd; 1717 struct mgmt_cp_unblock_device *cp = (void *) data; 1718 int err; 1719 1720 BT_DBG("hci%u", index); 1721 1722 if (len != sizeof(*cp)) 1723 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1724 EINVAL); 1725 1726 hdev = hci_dev_get(index); 1727 if (!hdev) 1728 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1729 ENODEV); 1730 1731 hci_dev_lock_bh(hdev); 1732 1733 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0); 1734 if (!cmd) { 1735 err = -ENOMEM; 1736 goto failed; 1737 } 1738 1739 err = hci_blacklist_del(hdev, &cp->bdaddr); 1740 1741 if (err < 0) 1742 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err); 1743 else 1744 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1745 NULL, 0); 1746 1747 mgmt_pending_remove(cmd); 1748 1749failed: 1750 hci_dev_unlock_bh(hdev); 1751 hci_dev_put(hdev); 1752 1753 return err; 1754} 1755 1756static int set_fast_connectable(struct sock *sk, u16 index, 1757 unsigned char *data, u16 len) 1758{ 1759 struct hci_dev *hdev; 1760 struct mgmt_cp_set_fast_connectable *cp = (void *) data; 1761 struct hci_cp_write_page_scan_activity acp; 1762 u8 type; 1763 int err; 1764 1765 BT_DBG("hci%u", index); 1766 1767 if (len != sizeof(*cp)) 1768 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1769 EINVAL); 1770 1771 hdev = hci_dev_get(index); 1772 if (!hdev) 1773 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1774 ENODEV); 1775 1776 hci_dev_lock(hdev); 1777 1778 if (cp->enable) { 1779 type = PAGE_SCAN_TYPE_INTERLACED; 1780 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 1781 } else { 1782 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 1783 acp.interval = 0x0800; /* default 1.28 sec page scan */ 1784 } 1785 1786 acp.window = 0x0012; /* default 11.25 msec page scan window */ 1787 1788 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 1789 sizeof(acp), &acp); 1790 if (err < 0) { 1791 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1792 -err); 1793 goto done; 1794 } 1795 1796 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 1797 if (err < 0) { 1798 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1799 -err); 1800 goto done; 1801 } 1802 1803 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1804 NULL, 0); 1805done: 1806 hci_dev_unlock(hdev); 1807 hci_dev_put(hdev); 1808 1809 return err; 1810} 1811 1812int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 1813{ 1814 unsigned char *buf; 1815 struct mgmt_hdr *hdr; 1816 u16 opcode, index, len; 1817 int err; 1818 1819 BT_DBG("got %zu bytes", msglen); 1820 1821 if (msglen < sizeof(*hdr)) 1822 return -EINVAL; 1823 1824 buf = kmalloc(msglen, GFP_KERNEL); 1825 if (!buf) 1826 return -ENOMEM; 1827 1828 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 1829 err = -EFAULT; 1830 goto done; 1831 } 1832 1833 hdr = (struct mgmt_hdr *) buf; 1834 opcode = get_unaligned_le16(&hdr->opcode); 1835 index = get_unaligned_le16(&hdr->index); 1836 len = get_unaligned_le16(&hdr->len); 1837 1838 if (len != msglen - sizeof(*hdr)) { 1839 err = -EINVAL; 1840 goto done; 1841 } 1842 1843 switch (opcode) { 1844 case MGMT_OP_READ_VERSION: 1845 err = read_version(sk); 1846 break; 1847 case MGMT_OP_READ_INDEX_LIST: 1848 err = read_index_list(sk); 1849 break; 1850 case MGMT_OP_READ_INFO: 1851 err = read_controller_info(sk, index); 1852 break; 1853 case MGMT_OP_SET_POWERED: 1854 err = set_powered(sk, index, buf + sizeof(*hdr), len); 1855 break; 1856 case MGMT_OP_SET_DISCOVERABLE: 1857 err = set_discoverable(sk, index, buf + sizeof(*hdr), len); 1858 break; 1859 case MGMT_OP_SET_CONNECTABLE: 1860 err = set_connectable(sk, index, buf + sizeof(*hdr), len); 1861 break; 1862 case MGMT_OP_SET_PAIRABLE: 1863 err = set_pairable(sk, index, buf + sizeof(*hdr), len); 1864 break; 1865 case MGMT_OP_ADD_UUID: 1866 err = add_uuid(sk, index, buf + sizeof(*hdr), len); 1867 break; 1868 case MGMT_OP_REMOVE_UUID: 1869 err = remove_uuid(sk, index, buf + sizeof(*hdr), len); 1870 break; 1871 case MGMT_OP_SET_DEV_CLASS: 1872 err = set_dev_class(sk, index, buf + sizeof(*hdr), len); 1873 break; 1874 case MGMT_OP_SET_SERVICE_CACHE: 1875 err = set_service_cache(sk, index, buf + sizeof(*hdr), len); 1876 break; 1877 case MGMT_OP_LOAD_KEYS: 1878 err = load_keys(sk, index, buf + sizeof(*hdr), len); 1879 break; 1880 case MGMT_OP_REMOVE_KEY: 1881 err = remove_key(sk, index, buf + sizeof(*hdr), len); 1882 break; 1883 case MGMT_OP_DISCONNECT: 1884 err = disconnect(sk, index, buf + sizeof(*hdr), len); 1885 break; 1886 case MGMT_OP_GET_CONNECTIONS: 1887 err = get_connections(sk, index); 1888 break; 1889 case MGMT_OP_PIN_CODE_REPLY: 1890 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len); 1891 break; 1892 case MGMT_OP_PIN_CODE_NEG_REPLY: 1893 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len); 1894 break; 1895 case MGMT_OP_SET_IO_CAPABILITY: 1896 err = set_io_capability(sk, index, buf + sizeof(*hdr), len); 1897 break; 1898 case MGMT_OP_PAIR_DEVICE: 1899 err = pair_device(sk, index, buf + sizeof(*hdr), len); 1900 break; 1901 case MGMT_OP_USER_CONFIRM_REPLY: 1902 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1); 1903 break; 1904 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 1905 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0); 1906 break; 1907 case MGMT_OP_SET_LOCAL_NAME: 1908 err = set_local_name(sk, index, buf + sizeof(*hdr), len); 1909 break; 1910 case MGMT_OP_READ_LOCAL_OOB_DATA: 1911 err = read_local_oob_data(sk, index); 1912 break; 1913 case MGMT_OP_ADD_REMOTE_OOB_DATA: 1914 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len); 1915 break; 1916 case MGMT_OP_REMOVE_REMOTE_OOB_DATA: 1917 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr), 1918 len); 1919 break; 1920 case MGMT_OP_START_DISCOVERY: 1921 err = start_discovery(sk, index); 1922 break; 1923 case MGMT_OP_STOP_DISCOVERY: 1924 err = stop_discovery(sk, index); 1925 break; 1926 case MGMT_OP_BLOCK_DEVICE: 1927 err = block_device(sk, index, buf + sizeof(*hdr), len); 1928 break; 1929 case MGMT_OP_UNBLOCK_DEVICE: 1930 err = unblock_device(sk, index, buf + sizeof(*hdr), len); 1931 break; 1932 case MGMT_OP_SET_FAST_CONNECTABLE: 1933 err = set_fast_connectable(sk, index, buf + sizeof(*hdr), 1934 len); 1935 break; 1936 default: 1937 BT_DBG("Unknown op %u", opcode); 1938 err = cmd_status(sk, index, opcode, 0x01); 1939 break; 1940 } 1941 1942 if (err < 0) 1943 goto done; 1944 1945 err = msglen; 1946 1947done: 1948 kfree(buf); 1949 return err; 1950} 1951 1952static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 1953{ 1954 u8 *status = data; 1955 1956 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 1957 mgmt_pending_remove(cmd); 1958} 1959 1960int mgmt_index_added(u16 index) 1961{ 1962 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL); 1963} 1964 1965int mgmt_index_removed(u16 index) 1966{ 1967 u8 status = ENODEV; 1968 1969 mgmt_pending_foreach(0, index, cmd_status_rsp, &status); 1970 1971 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL); 1972} 1973 1974struct cmd_lookup { 1975 u8 val; 1976 struct sock *sk; 1977}; 1978 1979static void mode_rsp(struct pending_cmd *cmd, void *data) 1980{ 1981 struct mgmt_mode *cp = cmd->param; 1982 struct cmd_lookup *match = data; 1983 1984 if (cp->val != match->val) 1985 return; 1986 1987 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val); 1988 1989 list_del(&cmd->list); 1990 1991 if (match->sk == NULL) { 1992 match->sk = cmd->sk; 1993 sock_hold(match->sk); 1994 } 1995 1996 mgmt_pending_free(cmd); 1997} 1998 1999int mgmt_powered(u16 index, u8 powered) 2000{ 2001 struct mgmt_mode ev; 2002 struct cmd_lookup match = { powered, NULL }; 2003 int ret; 2004 2005 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match); 2006 2007 if (!powered) { 2008 u8 status = ENETDOWN; 2009 mgmt_pending_foreach(0, index, cmd_status_rsp, &status); 2010 } 2011 2012 ev.val = powered; 2013 2014 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk); 2015 2016 if (match.sk) 2017 sock_put(match.sk); 2018 2019 return ret; 2020} 2021 2022int mgmt_discoverable(u16 index, u8 discoverable) 2023{ 2024 struct mgmt_mode ev; 2025 struct cmd_lookup match = { discoverable, NULL }; 2026 int ret; 2027 2028 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match); 2029 2030 ev.val = discoverable; 2031 2032 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev), 2033 match.sk); 2034 2035 if (match.sk) 2036 sock_put(match.sk); 2037 2038 return ret; 2039} 2040 2041int mgmt_connectable(u16 index, u8 connectable) 2042{ 2043 struct mgmt_mode ev; 2044 struct cmd_lookup match = { connectable, NULL }; 2045 int ret; 2046 2047 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match); 2048 2049 ev.val = connectable; 2050 2051 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk); 2052 2053 if (match.sk) 2054 sock_put(match.sk); 2055 2056 return ret; 2057} 2058 2059int mgmt_new_key(u16 index, struct link_key *key, u8 persistent) 2060{ 2061 struct mgmt_ev_new_key ev; 2062 2063 memset(&ev, 0, sizeof(ev)); 2064 2065 ev.store_hint = persistent; 2066 bacpy(&ev.key.bdaddr, &key->bdaddr); 2067 ev.key.type = key->type; 2068 memcpy(ev.key.val, key->val, 16); 2069 ev.key.pin_len = key->pin_len; 2070 2071 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL); 2072} 2073 2074int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type) 2075{ 2076 struct mgmt_ev_connected ev; 2077 2078 bacpy(&ev.bdaddr, bdaddr); 2079 ev.link_type = link_type; 2080 2081 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL); 2082} 2083 2084static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2085{ 2086 struct mgmt_cp_disconnect *cp = cmd->param; 2087 struct sock **sk = data; 2088 struct mgmt_rp_disconnect rp; 2089 2090 bacpy(&rp.bdaddr, &cp->bdaddr); 2091 2092 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 2093 2094 *sk = cmd->sk; 2095 sock_hold(*sk); 2096 2097 mgmt_pending_remove(cmd); 2098} 2099 2100int mgmt_disconnected(u16 index, bdaddr_t *bdaddr) 2101{ 2102 struct mgmt_ev_disconnected ev; 2103 struct sock *sk = NULL; 2104 int err; 2105 2106 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk); 2107 2108 bacpy(&ev.bdaddr, bdaddr); 2109 2110 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk); 2111 2112 if (sk) 2113 sock_put(sk); 2114 2115 return err; 2116} 2117 2118int mgmt_disconnect_failed(u16 index) 2119{ 2120 struct pending_cmd *cmd; 2121 int err; 2122 2123 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index); 2124 if (!cmd) 2125 return -ENOENT; 2126 2127 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO); 2128 2129 mgmt_pending_remove(cmd); 2130 2131 return err; 2132} 2133 2134int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status) 2135{ 2136 struct mgmt_ev_connect_failed ev; 2137 2138 bacpy(&ev.bdaddr, bdaddr); 2139 ev.status = status; 2140 2141 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL); 2142} 2143 2144int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure) 2145{ 2146 struct mgmt_ev_pin_code_request ev; 2147 2148 bacpy(&ev.bdaddr, bdaddr); 2149 ev.secure = secure; 2150 2151 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev), 2152 NULL); 2153} 2154 2155int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2156{ 2157 struct pending_cmd *cmd; 2158 struct mgmt_rp_pin_code_reply rp; 2159 int err; 2160 2161 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index); 2162 if (!cmd) 2163 return -ENOENT; 2164 2165 bacpy(&rp.bdaddr, bdaddr); 2166 rp.status = status; 2167 2168 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp, 2169 sizeof(rp)); 2170 2171 mgmt_pending_remove(cmd); 2172 2173 return err; 2174} 2175 2176int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2177{ 2178 struct pending_cmd *cmd; 2179 struct mgmt_rp_pin_code_reply rp; 2180 int err; 2181 2182 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index); 2183 if (!cmd) 2184 return -ENOENT; 2185 2186 bacpy(&rp.bdaddr, bdaddr); 2187 rp.status = status; 2188 2189 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 2190 sizeof(rp)); 2191 2192 mgmt_pending_remove(cmd); 2193 2194 return err; 2195} 2196 2197int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value, 2198 u8 confirm_hint) 2199{ 2200 struct mgmt_ev_user_confirm_request ev; 2201 2202 BT_DBG("hci%u", index); 2203 2204 bacpy(&ev.bdaddr, bdaddr); 2205 ev.confirm_hint = confirm_hint; 2206 put_unaligned_le32(value, &ev.value); 2207 2208 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev), 2209 NULL); 2210} 2211 2212static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status, 2213 u8 opcode) 2214{ 2215 struct pending_cmd *cmd; 2216 struct mgmt_rp_user_confirm_reply rp; 2217 int err; 2218 2219 cmd = mgmt_pending_find(opcode, index); 2220 if (!cmd) 2221 return -ENOENT; 2222 2223 bacpy(&rp.bdaddr, bdaddr); 2224 rp.status = status; 2225 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp)); 2226 2227 mgmt_pending_remove(cmd); 2228 2229 return err; 2230} 2231 2232int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2233{ 2234 return confirm_reply_complete(index, bdaddr, status, 2235 MGMT_OP_USER_CONFIRM_REPLY); 2236} 2237 2238int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2239{ 2240 return confirm_reply_complete(index, bdaddr, status, 2241 MGMT_OP_USER_CONFIRM_NEG_REPLY); 2242} 2243 2244int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status) 2245{ 2246 struct mgmt_ev_auth_failed ev; 2247 2248 bacpy(&ev.bdaddr, bdaddr); 2249 ev.status = status; 2250 2251 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL); 2252} 2253 2254int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status) 2255{ 2256 struct pending_cmd *cmd; 2257 struct hci_dev *hdev; 2258 struct mgmt_cp_set_local_name ev; 2259 int err; 2260 2261 memset(&ev, 0, sizeof(ev)); 2262 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2263 2264 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index); 2265 if (!cmd) 2266 goto send_event; 2267 2268 if (status) { 2269 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO); 2270 goto failed; 2271 } 2272 2273 hdev = hci_dev_get(index); 2274 if (hdev) { 2275 hci_dev_lock_bh(hdev); 2276 update_eir(hdev); 2277 hci_dev_unlock_bh(hdev); 2278 hci_dev_put(hdev); 2279 } 2280 2281 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev, 2282 sizeof(ev)); 2283 if (err < 0) 2284 goto failed; 2285 2286send_event: 2287 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev), 2288 cmd ? cmd->sk : NULL); 2289 2290failed: 2291 if (cmd) 2292 mgmt_pending_remove(cmd); 2293 return err; 2294} 2295 2296int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer, 2297 u8 status) 2298{ 2299 struct pending_cmd *cmd; 2300 int err; 2301 2302 BT_DBG("hci%u status %u", index, status); 2303 2304 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index); 2305 if (!cmd) 2306 return -ENOENT; 2307 2308 if (status) { 2309 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2310 EIO); 2311 } else { 2312 struct mgmt_rp_read_local_oob_data rp; 2313 2314 memcpy(rp.hash, hash, sizeof(rp.hash)); 2315 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 2316 2317 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2318 &rp, sizeof(rp)); 2319 } 2320 2321 mgmt_pending_remove(cmd); 2322 2323 return err; 2324} 2325 2326int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi, 2327 u8 *eir) 2328{ 2329 struct mgmt_ev_device_found ev; 2330 2331 memset(&ev, 0, sizeof(ev)); 2332 2333 bacpy(&ev.bdaddr, bdaddr); 2334 ev.rssi = rssi; 2335 2336 if (eir) 2337 memcpy(ev.eir, eir, sizeof(ev.eir)); 2338 2339 if (dev_class) 2340 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class)); 2341 2342 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL); 2343} 2344 2345int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name) 2346{ 2347 struct mgmt_ev_remote_name ev; 2348 2349 memset(&ev, 0, sizeof(ev)); 2350 2351 bacpy(&ev.bdaddr, bdaddr); 2352 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2353 2354 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL); 2355} 2356 2357int mgmt_inquiry_failed(u16 index, u8 status) 2358{ 2359 struct pending_cmd *cmd; 2360 int err; 2361 2362 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index); 2363 if (!cmd) 2364 return -ENOENT; 2365 2366 err = cmd_status(cmd->sk, index, cmd->opcode, status); 2367 mgmt_pending_remove(cmd); 2368 2369 return err; 2370} 2371 2372int mgmt_discovering(u16 index, u8 discovering) 2373{ 2374 struct pending_cmd *cmd; 2375 2376 if (discovering) 2377 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index); 2378 else 2379 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index); 2380 2381 if (cmd != NULL) { 2382 cmd_complete(cmd->sk, index, cmd->opcode, NULL, 0); 2383 mgmt_pending_remove(cmd); 2384 } 2385 2386 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering, 2387 sizeof(discovering), NULL); 2388} 2389 2390int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr) 2391{ 2392 struct pending_cmd *cmd; 2393 struct mgmt_ev_device_blocked ev; 2394 2395 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index); 2396 2397 bacpy(&ev.bdaddr, bdaddr); 2398 2399 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev), 2400 cmd ? cmd->sk : NULL); 2401} 2402 2403int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr) 2404{ 2405 struct pending_cmd *cmd; 2406 struct mgmt_ev_device_unblocked ev; 2407 2408 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index); 2409 2410 bacpy(&ev.bdaddr, bdaddr); 2411 2412 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev), 2413 cmd ? cmd->sk : NULL); 2414} 2415