mgmt.c revision b644ba33699711630099efc58a4efc225560aceb
1/* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2010 Nokia Corporation 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21*/ 22 23/* Bluetooth HCI Management interface */ 24 25#include <linux/kernel.h> 26#include <linux/uaccess.h> 27#include <linux/module.h> 28#include <asm/unaligned.h> 29 30#include <net/bluetooth/bluetooth.h> 31#include <net/bluetooth/hci_core.h> 32#include <net/bluetooth/mgmt.h> 33#include <net/bluetooth/smp.h> 34 35#define MGMT_VERSION 0 36#define MGMT_REVISION 1 37 38#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 39 40#define SERVICE_CACHE_TIMEOUT (5 * 1000) 41 42struct pending_cmd { 43 struct list_head list; 44 u16 opcode; 45 int index; 46 void *param; 47 struct sock *sk; 48 void *user_data; 49}; 50 51/* HCI to MGMT error code conversion table */ 52static u8 mgmt_status_table[] = { 53 MGMT_STATUS_SUCCESS, 54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 56 MGMT_STATUS_FAILED, /* Hardware Failure */ 57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */ 60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 65 MGMT_STATUS_BUSY, /* Command Disallowed */ 66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 67 MGMT_STATUS_REJECTED, /* Rejected Security */ 68 MGMT_STATUS_REJECTED, /* Rejected Personal */ 69 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 76 MGMT_STATUS_BUSY, /* Repeated Attempts */ 77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 84 MGMT_STATUS_FAILED, /* Unspecified Error */ 85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 91 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 93 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 95 MGMT_STATUS_FAILED, /* Transaction Collision */ 96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 97 MGMT_STATUS_REJECTED, /* QoS Rejected */ 98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 99 MGMT_STATUS_REJECTED, /* Insufficient Security */ 100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 101 MGMT_STATUS_BUSY, /* Role Switch Pending */ 102 MGMT_STATUS_FAILED, /* Slot Violation */ 103 MGMT_STATUS_FAILED, /* Role Switch Failed */ 104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 106 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 108 MGMT_STATUS_BUSY, /* Controller Busy */ 109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 114}; 115 116static u8 mgmt_status(u8 hci_status) 117{ 118 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 119 return mgmt_status_table[hci_status]; 120 121 return MGMT_STATUS_FAILED; 122} 123 124static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 125{ 126 struct sk_buff *skb; 127 struct mgmt_hdr *hdr; 128 struct mgmt_ev_cmd_status *ev; 129 int err; 130 131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 132 133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 134 if (!skb) 135 return -ENOMEM; 136 137 hdr = (void *) skb_put(skb, sizeof(*hdr)); 138 139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 140 hdr->index = cpu_to_le16(index); 141 hdr->len = cpu_to_le16(sizeof(*ev)); 142 143 ev = (void *) skb_put(skb, sizeof(*ev)); 144 ev->status = status; 145 put_unaligned_le16(cmd, &ev->opcode); 146 147 err = sock_queue_rcv_skb(sk, skb); 148 if (err < 0) 149 kfree_skb(skb); 150 151 return err; 152} 153 154static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 155 size_t rp_len) 156{ 157 struct sk_buff *skb; 158 struct mgmt_hdr *hdr; 159 struct mgmt_ev_cmd_complete *ev; 160 int err; 161 162 BT_DBG("sock %p", sk); 163 164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 165 if (!skb) 166 return -ENOMEM; 167 168 hdr = (void *) skb_put(skb, sizeof(*hdr)); 169 170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 171 hdr->index = cpu_to_le16(index); 172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 173 174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 175 put_unaligned_le16(cmd, &ev->opcode); 176 177 if (rp) 178 memcpy(ev->data, rp, rp_len); 179 180 err = sock_queue_rcv_skb(sk, skb); 181 if (err < 0) 182 kfree_skb(skb); 183 184 return err;; 185} 186 187static int read_version(struct sock *sk) 188{ 189 struct mgmt_rp_read_version rp; 190 191 BT_DBG("sock %p", sk); 192 193 rp.version = MGMT_VERSION; 194 put_unaligned_le16(MGMT_REVISION, &rp.revision); 195 196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 197 sizeof(rp)); 198} 199 200static int read_index_list(struct sock *sk) 201{ 202 struct mgmt_rp_read_index_list *rp; 203 struct list_head *p; 204 struct hci_dev *d; 205 size_t rp_len; 206 u16 count; 207 int i, err; 208 209 BT_DBG("sock %p", sk); 210 211 read_lock(&hci_dev_list_lock); 212 213 count = 0; 214 list_for_each(p, &hci_dev_list) { 215 count++; 216 } 217 218 rp_len = sizeof(*rp) + (2 * count); 219 rp = kmalloc(rp_len, GFP_ATOMIC); 220 if (!rp) { 221 read_unlock(&hci_dev_list_lock); 222 return -ENOMEM; 223 } 224 225 put_unaligned_le16(count, &rp->num_controllers); 226 227 i = 0; 228 list_for_each_entry(d, &hci_dev_list, list) { 229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags)) 230 cancel_delayed_work(&d->power_off); 231 232 if (test_bit(HCI_SETUP, &d->dev_flags)) 233 continue; 234 235 put_unaligned_le16(d->id, &rp->index[i++]); 236 BT_DBG("Added hci%u", d->id); 237 } 238 239 read_unlock(&hci_dev_list_lock); 240 241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 242 rp_len); 243 244 kfree(rp); 245 246 return err; 247} 248 249static u32 get_supported_settings(struct hci_dev *hdev) 250{ 251 u32 settings = 0; 252 253 settings |= MGMT_SETTING_POWERED; 254 settings |= MGMT_SETTING_CONNECTABLE; 255 settings |= MGMT_SETTING_FAST_CONNECTABLE; 256 settings |= MGMT_SETTING_DISCOVERABLE; 257 settings |= MGMT_SETTING_PAIRABLE; 258 259 if (hdev->features[6] & LMP_SIMPLE_PAIR) 260 settings |= MGMT_SETTING_SSP; 261 262 if (!(hdev->features[4] & LMP_NO_BREDR)) { 263 settings |= MGMT_SETTING_BREDR; 264 settings |= MGMT_SETTING_LINK_SECURITY; 265 } 266 267 if (hdev->features[4] & LMP_LE) 268 settings |= MGMT_SETTING_LE; 269 270 return settings; 271} 272 273static u32 get_current_settings(struct hci_dev *hdev) 274{ 275 u32 settings = 0; 276 277 if (test_bit(HCI_UP, &hdev->flags)) 278 settings |= MGMT_SETTING_POWERED; 279 else 280 return settings; 281 282 if (test_bit(HCI_PSCAN, &hdev->flags)) 283 settings |= MGMT_SETTING_CONNECTABLE; 284 285 if (test_bit(HCI_ISCAN, &hdev->flags)) 286 settings |= MGMT_SETTING_DISCOVERABLE; 287 288 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 289 settings |= MGMT_SETTING_PAIRABLE; 290 291 if (!(hdev->features[4] & LMP_NO_BREDR)) 292 settings |= MGMT_SETTING_BREDR; 293 294 if (hdev->host_features[0] & LMP_HOST_LE) 295 settings |= MGMT_SETTING_LE; 296 297 if (test_bit(HCI_AUTH, &hdev->flags)) 298 settings |= MGMT_SETTING_LINK_SECURITY; 299 300 if (hdev->ssp_mode > 0) 301 settings |= MGMT_SETTING_SSP; 302 303 return settings; 304} 305 306#define PNP_INFO_SVCLASS_ID 0x1200 307 308static u8 bluetooth_base_uuid[] = { 309 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 310 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 311}; 312 313static u16 get_uuid16(u8 *uuid128) 314{ 315 u32 val; 316 int i; 317 318 for (i = 0; i < 12; i++) { 319 if (bluetooth_base_uuid[i] != uuid128[i]) 320 return 0; 321 } 322 323 memcpy(&val, &uuid128[12], 4); 324 325 val = le32_to_cpu(val); 326 if (val > 0xffff) 327 return 0; 328 329 return (u16) val; 330} 331 332static void create_eir(struct hci_dev *hdev, u8 *data) 333{ 334 u8 *ptr = data; 335 u16 eir_len = 0; 336 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 337 int i, truncated = 0; 338 struct bt_uuid *uuid; 339 size_t name_len; 340 341 name_len = strlen(hdev->dev_name); 342 343 if (name_len > 0) { 344 /* EIR Data type */ 345 if (name_len > 48) { 346 name_len = 48; 347 ptr[1] = EIR_NAME_SHORT; 348 } else 349 ptr[1] = EIR_NAME_COMPLETE; 350 351 /* EIR Data length */ 352 ptr[0] = name_len + 1; 353 354 memcpy(ptr + 2, hdev->dev_name, name_len); 355 356 eir_len += (name_len + 2); 357 ptr += (name_len + 2); 358 } 359 360 memset(uuid16_list, 0, sizeof(uuid16_list)); 361 362 /* Group all UUID16 types */ 363 list_for_each_entry(uuid, &hdev->uuids, list) { 364 u16 uuid16; 365 366 uuid16 = get_uuid16(uuid->uuid); 367 if (uuid16 == 0) 368 return; 369 370 if (uuid16 < 0x1100) 371 continue; 372 373 if (uuid16 == PNP_INFO_SVCLASS_ID) 374 continue; 375 376 /* Stop if not enough space to put next UUID */ 377 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 378 truncated = 1; 379 break; 380 } 381 382 /* Check for duplicates */ 383 for (i = 0; uuid16_list[i] != 0; i++) 384 if (uuid16_list[i] == uuid16) 385 break; 386 387 if (uuid16_list[i] == 0) { 388 uuid16_list[i] = uuid16; 389 eir_len += sizeof(u16); 390 } 391 } 392 393 if (uuid16_list[0] != 0) { 394 u8 *length = ptr; 395 396 /* EIR Data type */ 397 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 398 399 ptr += 2; 400 eir_len += 2; 401 402 for (i = 0; uuid16_list[i] != 0; i++) { 403 *ptr++ = (uuid16_list[i] & 0x00ff); 404 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 405 } 406 407 /* EIR Data length */ 408 *length = (i * sizeof(u16)) + 1; 409 } 410} 411 412static int update_eir(struct hci_dev *hdev) 413{ 414 struct hci_cp_write_eir cp; 415 416 if (!(hdev->features[6] & LMP_EXT_INQ)) 417 return 0; 418 419 if (hdev->ssp_mode == 0) 420 return 0; 421 422 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 423 return 0; 424 425 memset(&cp, 0, sizeof(cp)); 426 427 create_eir(hdev, cp.data); 428 429 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 430 return 0; 431 432 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 433 434 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 435} 436 437static u8 get_service_classes(struct hci_dev *hdev) 438{ 439 struct bt_uuid *uuid; 440 u8 val = 0; 441 442 list_for_each_entry(uuid, &hdev->uuids, list) 443 val |= uuid->svc_hint; 444 445 return val; 446} 447 448static int update_class(struct hci_dev *hdev) 449{ 450 u8 cod[3]; 451 452 BT_DBG("%s", hdev->name); 453 454 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 455 return 0; 456 457 cod[0] = hdev->minor_class; 458 cod[1] = hdev->major_class; 459 cod[2] = get_service_classes(hdev); 460 461 if (memcmp(cod, hdev->dev_class, 3) == 0) 462 return 0; 463 464 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 465} 466 467static void service_cache_off(struct work_struct *work) 468{ 469 struct hci_dev *hdev = container_of(work, struct hci_dev, 470 service_cache.work); 471 472 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 473 return; 474 475 hci_dev_lock(hdev); 476 477 update_eir(hdev); 478 update_class(hdev); 479 480 hci_dev_unlock(hdev); 481} 482 483static void mgmt_init_hdev(struct hci_dev *hdev) 484{ 485 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) 486 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 487 488 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) 489 schedule_delayed_work(&hdev->service_cache, 490 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT)); 491} 492 493static int read_controller_info(struct sock *sk, u16 index) 494{ 495 struct mgmt_rp_read_info rp; 496 struct hci_dev *hdev; 497 498 BT_DBG("sock %p hci%u", sk, index); 499 500 hdev = hci_dev_get(index); 501 if (!hdev) 502 return cmd_status(sk, index, MGMT_OP_READ_INFO, 503 MGMT_STATUS_INVALID_PARAMS); 504 505 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) 506 cancel_delayed_work_sync(&hdev->power_off); 507 508 hci_dev_lock(hdev); 509 510 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags)) 511 mgmt_init_hdev(hdev); 512 513 memset(&rp, 0, sizeof(rp)); 514 515 bacpy(&rp.bdaddr, &hdev->bdaddr); 516 517 rp.version = hdev->hci_ver; 518 519 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 520 521 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 522 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 523 524 memcpy(rp.dev_class, hdev->dev_class, 3); 525 526 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 527 528 hci_dev_unlock(hdev); 529 hci_dev_put(hdev); 530 531 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 532} 533 534static void mgmt_pending_free(struct pending_cmd *cmd) 535{ 536 sock_put(cmd->sk); 537 kfree(cmd->param); 538 kfree(cmd); 539} 540 541static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 542 struct hci_dev *hdev, 543 void *data, u16 len) 544{ 545 struct pending_cmd *cmd; 546 547 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 548 if (!cmd) 549 return NULL; 550 551 cmd->opcode = opcode; 552 cmd->index = hdev->id; 553 554 cmd->param = kmalloc(len, GFP_ATOMIC); 555 if (!cmd->param) { 556 kfree(cmd); 557 return NULL; 558 } 559 560 if (data) 561 memcpy(cmd->param, data, len); 562 563 cmd->sk = sk; 564 sock_hold(sk); 565 566 list_add(&cmd->list, &hdev->mgmt_pending); 567 568 return cmd; 569} 570 571static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 572 void (*cb)(struct pending_cmd *cmd, void *data), 573 void *data) 574{ 575 struct list_head *p, *n; 576 577 list_for_each_safe(p, n, &hdev->mgmt_pending) { 578 struct pending_cmd *cmd; 579 580 cmd = list_entry(p, struct pending_cmd, list); 581 582 if (opcode > 0 && cmd->opcode != opcode) 583 continue; 584 585 cb(cmd, data); 586 } 587} 588 589static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 590{ 591 struct pending_cmd *cmd; 592 593 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 594 if (cmd->opcode == opcode) 595 return cmd; 596 } 597 598 return NULL; 599} 600 601static void mgmt_pending_remove(struct pending_cmd *cmd) 602{ 603 list_del(&cmd->list); 604 mgmt_pending_free(cmd); 605} 606 607static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 608{ 609 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 610 611 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings)); 612} 613 614static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 615{ 616 struct mgmt_mode *cp; 617 struct hci_dev *hdev; 618 struct pending_cmd *cmd; 619 int err, up; 620 621 cp = (void *) data; 622 623 BT_DBG("request for hci%u", index); 624 625 if (len != sizeof(*cp)) 626 return cmd_status(sk, index, MGMT_OP_SET_POWERED, 627 MGMT_STATUS_INVALID_PARAMS); 628 629 hdev = hci_dev_get(index); 630 if (!hdev) 631 return cmd_status(sk, index, MGMT_OP_SET_POWERED, 632 MGMT_STATUS_INVALID_PARAMS); 633 634 hci_dev_lock(hdev); 635 636 up = test_bit(HCI_UP, &hdev->flags); 637 if ((cp->val && up) || (!cp->val && !up)) { 638 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 639 goto failed; 640 } 641 642 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 643 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, 644 MGMT_STATUS_BUSY); 645 goto failed; 646 } 647 648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 649 if (!cmd) { 650 err = -ENOMEM; 651 goto failed; 652 } 653 654 if (cp->val) 655 schedule_work(&hdev->power_on); 656 else 657 schedule_work(&hdev->power_off.work); 658 659 err = 0; 660 661failed: 662 hci_dev_unlock(hdev); 663 hci_dev_put(hdev); 664 return err; 665} 666 667static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 668 u16 len) 669{ 670 struct mgmt_cp_set_discoverable *cp; 671 struct hci_dev *hdev; 672 struct pending_cmd *cmd; 673 u8 scan; 674 int err; 675 676 cp = (void *) data; 677 678 BT_DBG("request for hci%u", index); 679 680 if (len != sizeof(*cp)) 681 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 682 MGMT_STATUS_INVALID_PARAMS); 683 684 hdev = hci_dev_get(index); 685 if (!hdev) 686 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 687 MGMT_STATUS_INVALID_PARAMS); 688 689 hci_dev_lock(hdev); 690 691 if (!test_bit(HCI_UP, &hdev->flags)) { 692 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 693 MGMT_STATUS_NOT_POWERED); 694 goto failed; 695 } 696 697 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 698 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 699 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 700 MGMT_STATUS_BUSY); 701 goto failed; 702 } 703 704 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 705 test_bit(HCI_PSCAN, &hdev->flags)) { 706 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 707 goto failed; 708 } 709 710 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 711 if (!cmd) { 712 err = -ENOMEM; 713 goto failed; 714 } 715 716 scan = SCAN_PAGE; 717 718 if (cp->val) 719 scan |= SCAN_INQUIRY; 720 else 721 cancel_delayed_work(&hdev->discov_off); 722 723 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 724 if (err < 0) 725 mgmt_pending_remove(cmd); 726 727 if (cp->val) 728 hdev->discov_timeout = get_unaligned_le16(&cp->timeout); 729 730failed: 731 hci_dev_unlock(hdev); 732 hci_dev_put(hdev); 733 734 return err; 735} 736 737static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 738 u16 len) 739{ 740 struct mgmt_mode *cp; 741 struct hci_dev *hdev; 742 struct pending_cmd *cmd; 743 u8 scan; 744 int err; 745 746 cp = (void *) data; 747 748 BT_DBG("request for hci%u", index); 749 750 if (len != sizeof(*cp)) 751 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 752 MGMT_STATUS_INVALID_PARAMS); 753 754 hdev = hci_dev_get(index); 755 if (!hdev) 756 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 757 MGMT_STATUS_INVALID_PARAMS); 758 759 hci_dev_lock(hdev); 760 761 if (!test_bit(HCI_UP, &hdev->flags)) { 762 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 763 MGMT_STATUS_NOT_POWERED); 764 goto failed; 765 } 766 767 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 768 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 769 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 770 MGMT_STATUS_BUSY); 771 goto failed; 772 } 773 774 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 775 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 776 goto failed; 777 } 778 779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 780 if (!cmd) { 781 err = -ENOMEM; 782 goto failed; 783 } 784 785 if (cp->val) 786 scan = SCAN_PAGE; 787 else 788 scan = 0; 789 790 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 791 if (err < 0) 792 mgmt_pending_remove(cmd); 793 794failed: 795 hci_dev_unlock(hdev); 796 hci_dev_put(hdev); 797 798 return err; 799} 800 801static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, 802 u16 data_len, struct sock *skip_sk) 803{ 804 struct sk_buff *skb; 805 struct mgmt_hdr *hdr; 806 807 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 808 if (!skb) 809 return -ENOMEM; 810 811 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 812 813 hdr = (void *) skb_put(skb, sizeof(*hdr)); 814 hdr->opcode = cpu_to_le16(event); 815 if (hdev) 816 hdr->index = cpu_to_le16(hdev->id); 817 else 818 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 819 hdr->len = cpu_to_le16(data_len); 820 821 if (data) 822 memcpy(skb_put(skb, data_len), data, data_len); 823 824 hci_send_to_sock(NULL, skb, skip_sk); 825 kfree_skb(skb); 826 827 return 0; 828} 829 830static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 831 u16 len) 832{ 833 struct mgmt_mode *cp; 834 struct hci_dev *hdev; 835 __le32 ev; 836 int err; 837 838 cp = (void *) data; 839 840 BT_DBG("request for hci%u", index); 841 842 if (len != sizeof(*cp)) 843 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 844 MGMT_STATUS_INVALID_PARAMS); 845 846 hdev = hci_dev_get(index); 847 if (!hdev) 848 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 849 MGMT_STATUS_INVALID_PARAMS); 850 851 hci_dev_lock(hdev); 852 853 if (cp->val) 854 set_bit(HCI_PAIRABLE, &hdev->dev_flags); 855 else 856 clear_bit(HCI_PAIRABLE, &hdev->dev_flags); 857 858 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 859 if (err < 0) 860 goto failed; 861 862 ev = cpu_to_le32(get_current_settings(hdev)); 863 864 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk); 865 866failed: 867 hci_dev_unlock(hdev); 868 hci_dev_put(hdev); 869 870 return err; 871} 872 873static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 874{ 875 struct mgmt_cp_add_uuid *cp; 876 struct hci_dev *hdev; 877 struct bt_uuid *uuid; 878 int err; 879 880 cp = (void *) data; 881 882 BT_DBG("request for hci%u", index); 883 884 if (len != sizeof(*cp)) 885 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 886 MGMT_STATUS_INVALID_PARAMS); 887 888 hdev = hci_dev_get(index); 889 if (!hdev) 890 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 891 MGMT_STATUS_INVALID_PARAMS); 892 893 hci_dev_lock(hdev); 894 895 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 896 if (!uuid) { 897 err = -ENOMEM; 898 goto failed; 899 } 900 901 memcpy(uuid->uuid, cp->uuid, 16); 902 uuid->svc_hint = cp->svc_hint; 903 904 list_add(&uuid->list, &hdev->uuids); 905 906 err = update_class(hdev); 907 if (err < 0) 908 goto failed; 909 910 err = update_eir(hdev); 911 if (err < 0) 912 goto failed; 913 914 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 915 916failed: 917 hci_dev_unlock(hdev); 918 hci_dev_put(hdev); 919 920 return err; 921} 922 923static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 924{ 925 struct list_head *p, *n; 926 struct mgmt_cp_remove_uuid *cp; 927 struct hci_dev *hdev; 928 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 929 int err, found; 930 931 cp = (void *) data; 932 933 BT_DBG("request for hci%u", index); 934 935 if (len != sizeof(*cp)) 936 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 937 MGMT_STATUS_INVALID_PARAMS); 938 939 hdev = hci_dev_get(index); 940 if (!hdev) 941 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 942 MGMT_STATUS_INVALID_PARAMS); 943 944 hci_dev_lock(hdev); 945 946 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 947 err = hci_uuids_clear(hdev); 948 goto unlock; 949 } 950 951 found = 0; 952 953 list_for_each_safe(p, n, &hdev->uuids) { 954 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 955 956 if (memcmp(match->uuid, cp->uuid, 16) != 0) 957 continue; 958 959 list_del(&match->list); 960 found++; 961 } 962 963 if (found == 0) { 964 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 965 MGMT_STATUS_INVALID_PARAMS); 966 goto unlock; 967 } 968 969 err = update_class(hdev); 970 if (err < 0) 971 goto unlock; 972 973 err = update_eir(hdev); 974 if (err < 0) 975 goto unlock; 976 977 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 978 979unlock: 980 hci_dev_unlock(hdev); 981 hci_dev_put(hdev); 982 983 return err; 984} 985 986static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 987 u16 len) 988{ 989 struct hci_dev *hdev; 990 struct mgmt_cp_set_dev_class *cp; 991 int err; 992 993 cp = (void *) data; 994 995 BT_DBG("request for hci%u", index); 996 997 if (len != sizeof(*cp)) 998 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, 999 MGMT_STATUS_INVALID_PARAMS); 1000 1001 hdev = hci_dev_get(index); 1002 if (!hdev) 1003 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, 1004 MGMT_STATUS_INVALID_PARAMS); 1005 1006 hci_dev_lock(hdev); 1007 1008 hdev->major_class = cp->major; 1009 hdev->minor_class = cp->minor; 1010 1011 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) { 1012 hci_dev_unlock(hdev); 1013 cancel_delayed_work_sync(&hdev->service_cache); 1014 hci_dev_lock(hdev); 1015 update_eir(hdev); 1016 } 1017 1018 err = update_class(hdev); 1019 1020 if (err == 0) 1021 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 1022 1023 hci_dev_unlock(hdev); 1024 hci_dev_put(hdev); 1025 1026 return err; 1027} 1028 1029static int load_link_keys(struct sock *sk, u16 index, unsigned char *data, 1030 u16 len) 1031{ 1032 struct hci_dev *hdev; 1033 struct mgmt_cp_load_link_keys *cp; 1034 u16 key_count, expected_len; 1035 int i; 1036 1037 cp = (void *) data; 1038 1039 if (len < sizeof(*cp)) 1040 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1041 MGMT_STATUS_INVALID_PARAMS); 1042 1043 key_count = get_unaligned_le16(&cp->key_count); 1044 1045 expected_len = sizeof(*cp) + key_count * 1046 sizeof(struct mgmt_link_key_info); 1047 if (expected_len != len) { 1048 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 1049 len, expected_len); 1050 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1051 MGMT_STATUS_INVALID_PARAMS); 1052 } 1053 1054 hdev = hci_dev_get(index); 1055 if (!hdev) 1056 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1057 MGMT_STATUS_INVALID_PARAMS); 1058 1059 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 1060 key_count); 1061 1062 hci_dev_lock(hdev); 1063 1064 hci_link_keys_clear(hdev); 1065 1066 set_bit(HCI_LINK_KEYS, &hdev->dev_flags); 1067 1068 if (cp->debug_keys) 1069 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1070 else 1071 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags); 1072 1073 for (i = 0; i < key_count; i++) { 1074 struct mgmt_link_key_info *key = &cp->keys[i]; 1075 1076 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, 1077 key->pin_len); 1078 } 1079 1080 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0); 1081 1082 hci_dev_unlock(hdev); 1083 hci_dev_put(hdev); 1084 1085 return 0; 1086} 1087 1088static int remove_keys(struct sock *sk, u16 index, unsigned char *data, 1089 u16 len) 1090{ 1091 struct hci_dev *hdev; 1092 struct mgmt_cp_remove_keys *cp; 1093 struct mgmt_rp_remove_keys rp; 1094 struct hci_cp_disconnect dc; 1095 struct pending_cmd *cmd; 1096 struct hci_conn *conn; 1097 int err; 1098 1099 cp = (void *) data; 1100 1101 if (len != sizeof(*cp)) 1102 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, 1103 MGMT_STATUS_INVALID_PARAMS); 1104 1105 hdev = hci_dev_get(index); 1106 if (!hdev) 1107 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, 1108 MGMT_STATUS_INVALID_PARAMS); 1109 1110 hci_dev_lock(hdev); 1111 1112 memset(&rp, 0, sizeof(rp)); 1113 bacpy(&rp.bdaddr, &cp->bdaddr); 1114 rp.status = MGMT_STATUS_FAILED; 1115 1116 err = hci_remove_link_key(hdev, &cp->bdaddr); 1117 if (err < 0) { 1118 rp.status = MGMT_STATUS_NOT_PAIRED; 1119 goto unlock; 1120 } 1121 1122 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) { 1123 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1124 sizeof(rp)); 1125 goto unlock; 1126 } 1127 1128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1129 if (!conn) { 1130 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1131 sizeof(rp)); 1132 goto unlock; 1133 } 1134 1135 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp)); 1136 if (!cmd) { 1137 err = -ENOMEM; 1138 goto unlock; 1139 } 1140 1141 put_unaligned_le16(conn->handle, &dc.handle); 1142 dc.reason = 0x13; /* Remote User Terminated Connection */ 1143 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1144 if (err < 0) 1145 mgmt_pending_remove(cmd); 1146 1147unlock: 1148 if (err < 0) 1149 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1150 sizeof(rp)); 1151 hci_dev_unlock(hdev); 1152 hci_dev_put(hdev); 1153 1154 return err; 1155} 1156 1157static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 1158{ 1159 struct hci_dev *hdev; 1160 struct mgmt_cp_disconnect *cp; 1161 struct hci_cp_disconnect dc; 1162 struct pending_cmd *cmd; 1163 struct hci_conn *conn; 1164 int err; 1165 1166 BT_DBG(""); 1167 1168 cp = (void *) data; 1169 1170 if (len != sizeof(*cp)) 1171 return cmd_status(sk, index, MGMT_OP_DISCONNECT, 1172 MGMT_STATUS_INVALID_PARAMS); 1173 1174 hdev = hci_dev_get(index); 1175 if (!hdev) 1176 return cmd_status(sk, index, MGMT_OP_DISCONNECT, 1177 MGMT_STATUS_INVALID_PARAMS); 1178 1179 hci_dev_lock(hdev); 1180 1181 if (!test_bit(HCI_UP, &hdev->flags)) { 1182 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1183 MGMT_STATUS_NOT_POWERED); 1184 goto failed; 1185 } 1186 1187 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1188 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1189 MGMT_STATUS_BUSY); 1190 goto failed; 1191 } 1192 1193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1194 if (!conn) 1195 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr); 1196 1197 if (!conn) { 1198 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1199 MGMT_STATUS_NOT_CONNECTED); 1200 goto failed; 1201 } 1202 1203 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 1204 if (!cmd) { 1205 err = -ENOMEM; 1206 goto failed; 1207 } 1208 1209 put_unaligned_le16(conn->handle, &dc.handle); 1210 dc.reason = 0x13; /* Remote User Terminated Connection */ 1211 1212 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1213 if (err < 0) 1214 mgmt_pending_remove(cmd); 1215 1216failed: 1217 hci_dev_unlock(hdev); 1218 hci_dev_put(hdev); 1219 1220 return err; 1221} 1222 1223static u8 link_to_mgmt(u8 link_type, u8 addr_type) 1224{ 1225 switch (link_type) { 1226 case LE_LINK: 1227 switch (addr_type) { 1228 case ADDR_LE_DEV_PUBLIC: 1229 return MGMT_ADDR_LE_PUBLIC; 1230 case ADDR_LE_DEV_RANDOM: 1231 return MGMT_ADDR_LE_RANDOM; 1232 default: 1233 return MGMT_ADDR_INVALID; 1234 } 1235 case ACL_LINK: 1236 return MGMT_ADDR_BREDR; 1237 default: 1238 return MGMT_ADDR_INVALID; 1239 } 1240} 1241 1242static int get_connections(struct sock *sk, u16 index) 1243{ 1244 struct mgmt_rp_get_connections *rp; 1245 struct hci_dev *hdev; 1246 struct hci_conn *c; 1247 size_t rp_len; 1248 u16 count; 1249 int i, err; 1250 1251 BT_DBG(""); 1252 1253 hdev = hci_dev_get(index); 1254 if (!hdev) 1255 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, 1256 MGMT_STATUS_INVALID_PARAMS); 1257 1258 hci_dev_lock(hdev); 1259 1260 count = 0; 1261 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1262 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1263 count++; 1264 } 1265 1266 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info)); 1267 rp = kmalloc(rp_len, GFP_ATOMIC); 1268 if (!rp) { 1269 err = -ENOMEM; 1270 goto unlock; 1271 } 1272 1273 put_unaligned_le16(count, &rp->conn_count); 1274 1275 i = 0; 1276 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1277 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags)) 1278 continue; 1279 bacpy(&rp->addr[i].bdaddr, &c->dst); 1280 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type); 1281 if (rp->addr[i].type == MGMT_ADDR_INVALID) 1282 continue; 1283 i++; 1284 } 1285 1286 /* Recalculate length in case of filtered SCO connections, etc */ 1287 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1288 1289 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 1290 1291unlock: 1292 kfree(rp); 1293 hci_dev_unlock(hdev); 1294 hci_dev_put(hdev); 1295 return err; 1296} 1297 1298static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1299 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1300{ 1301 struct pending_cmd *cmd; 1302 int err; 1303 1304 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1305 sizeof(*cp)); 1306 if (!cmd) 1307 return -ENOMEM; 1308 1309 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1310 &cp->bdaddr); 1311 if (err < 0) 1312 mgmt_pending_remove(cmd); 1313 1314 return err; 1315} 1316 1317static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 1318 u16 len) 1319{ 1320 struct hci_dev *hdev; 1321 struct hci_conn *conn; 1322 struct mgmt_cp_pin_code_reply *cp; 1323 struct mgmt_cp_pin_code_neg_reply ncp; 1324 struct hci_cp_pin_code_reply reply; 1325 struct pending_cmd *cmd; 1326 int err; 1327 1328 BT_DBG(""); 1329 1330 cp = (void *) data; 1331 1332 if (len != sizeof(*cp)) 1333 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1334 MGMT_STATUS_INVALID_PARAMS); 1335 1336 hdev = hci_dev_get(index); 1337 if (!hdev) 1338 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1339 MGMT_STATUS_INVALID_PARAMS); 1340 1341 hci_dev_lock(hdev); 1342 1343 if (!test_bit(HCI_UP, &hdev->flags)) { 1344 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1345 MGMT_STATUS_NOT_POWERED); 1346 goto failed; 1347 } 1348 1349 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1350 if (!conn) { 1351 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1352 MGMT_STATUS_NOT_CONNECTED); 1353 goto failed; 1354 } 1355 1356 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1357 bacpy(&ncp.bdaddr, &cp->bdaddr); 1358 1359 BT_ERR("PIN code is not 16 bytes long"); 1360 1361 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1362 if (err >= 0) 1363 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1364 MGMT_STATUS_INVALID_PARAMS); 1365 1366 goto failed; 1367 } 1368 1369 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 1370 if (!cmd) { 1371 err = -ENOMEM; 1372 goto failed; 1373 } 1374 1375 bacpy(&reply.bdaddr, &cp->bdaddr); 1376 reply.pin_len = cp->pin_len; 1377 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1378 1379 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1380 if (err < 0) 1381 mgmt_pending_remove(cmd); 1382 1383failed: 1384 hci_dev_unlock(hdev); 1385 hci_dev_put(hdev); 1386 1387 return err; 1388} 1389 1390static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1391 u16 len) 1392{ 1393 struct hci_dev *hdev; 1394 struct mgmt_cp_pin_code_neg_reply *cp; 1395 int err; 1396 1397 BT_DBG(""); 1398 1399 cp = (void *) data; 1400 1401 if (len != sizeof(*cp)) 1402 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1403 MGMT_STATUS_INVALID_PARAMS); 1404 1405 hdev = hci_dev_get(index); 1406 if (!hdev) 1407 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1408 MGMT_STATUS_INVALID_PARAMS); 1409 1410 hci_dev_lock(hdev); 1411 1412 if (!test_bit(HCI_UP, &hdev->flags)) { 1413 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1414 MGMT_STATUS_NOT_POWERED); 1415 goto failed; 1416 } 1417 1418 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1419 1420failed: 1421 hci_dev_unlock(hdev); 1422 hci_dev_put(hdev); 1423 1424 return err; 1425} 1426 1427static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1428 u16 len) 1429{ 1430 struct hci_dev *hdev; 1431 struct mgmt_cp_set_io_capability *cp; 1432 1433 BT_DBG(""); 1434 1435 cp = (void *) data; 1436 1437 if (len != sizeof(*cp)) 1438 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, 1439 MGMT_STATUS_INVALID_PARAMS); 1440 1441 hdev = hci_dev_get(index); 1442 if (!hdev) 1443 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, 1444 MGMT_STATUS_INVALID_PARAMS); 1445 1446 hci_dev_lock(hdev); 1447 1448 hdev->io_capability = cp->io_capability; 1449 1450 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1451 hdev->io_capability); 1452 1453 hci_dev_unlock(hdev); 1454 hci_dev_put(hdev); 1455 1456 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1457} 1458 1459static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1460{ 1461 struct hci_dev *hdev = conn->hdev; 1462 struct pending_cmd *cmd; 1463 1464 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1465 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1466 continue; 1467 1468 if (cmd->user_data != conn) 1469 continue; 1470 1471 return cmd; 1472 } 1473 1474 return NULL; 1475} 1476 1477static void pairing_complete(struct pending_cmd *cmd, u8 status) 1478{ 1479 struct mgmt_rp_pair_device rp; 1480 struct hci_conn *conn = cmd->user_data; 1481 1482 bacpy(&rp.addr.bdaddr, &conn->dst); 1483 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type); 1484 rp.status = status; 1485 1486 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1487 1488 /* So we don't get further callbacks for this connection */ 1489 conn->connect_cfm_cb = NULL; 1490 conn->security_cfm_cb = NULL; 1491 conn->disconn_cfm_cb = NULL; 1492 1493 hci_conn_put(conn); 1494 1495 mgmt_pending_remove(cmd); 1496} 1497 1498static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1499{ 1500 struct pending_cmd *cmd; 1501 1502 BT_DBG("status %u", status); 1503 1504 cmd = find_pairing(conn); 1505 if (!cmd) 1506 BT_DBG("Unable to find a pending command"); 1507 else 1508 pairing_complete(cmd, status); 1509} 1510 1511static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1512{ 1513 struct hci_dev *hdev; 1514 struct mgmt_cp_pair_device *cp; 1515 struct mgmt_rp_pair_device rp; 1516 struct pending_cmd *cmd; 1517 u8 sec_level, auth_type; 1518 struct hci_conn *conn; 1519 int err; 1520 1521 BT_DBG(""); 1522 1523 cp = (void *) data; 1524 1525 if (len != sizeof(*cp)) 1526 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, 1527 MGMT_STATUS_INVALID_PARAMS); 1528 1529 hdev = hci_dev_get(index); 1530 if (!hdev) 1531 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, 1532 MGMT_STATUS_INVALID_PARAMS); 1533 1534 hci_dev_lock(hdev); 1535 1536 sec_level = BT_SECURITY_MEDIUM; 1537 if (cp->io_cap == 0x03) 1538 auth_type = HCI_AT_DEDICATED_BONDING; 1539 else 1540 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1541 1542 if (cp->addr.type == MGMT_ADDR_BREDR) 1543 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level, 1544 auth_type); 1545 else 1546 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level, 1547 auth_type); 1548 1549 memset(&rp, 0, sizeof(rp)); 1550 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1551 rp.addr.type = cp->addr.type; 1552 1553 if (IS_ERR(conn)) { 1554 rp.status = -PTR_ERR(conn); 1555 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1556 &rp, sizeof(rp)); 1557 goto unlock; 1558 } 1559 1560 if (conn->connect_cfm_cb) { 1561 hci_conn_put(conn); 1562 rp.status = EBUSY; 1563 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1564 &rp, sizeof(rp)); 1565 goto unlock; 1566 } 1567 1568 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 1569 if (!cmd) { 1570 err = -ENOMEM; 1571 hci_conn_put(conn); 1572 goto unlock; 1573 } 1574 1575 /* For LE, just connecting isn't a proof that the pairing finished */ 1576 if (cp->addr.type == MGMT_ADDR_BREDR) 1577 conn->connect_cfm_cb = pairing_complete_cb; 1578 1579 conn->security_cfm_cb = pairing_complete_cb; 1580 conn->disconn_cfm_cb = pairing_complete_cb; 1581 conn->io_capability = cp->io_cap; 1582 cmd->user_data = conn; 1583 1584 if (conn->state == BT_CONNECTED && 1585 hci_conn_security(conn, sec_level, auth_type)) 1586 pairing_complete(cmd, 0); 1587 1588 err = 0; 1589 1590unlock: 1591 hci_dev_unlock(hdev); 1592 hci_dev_put(hdev); 1593 1594 return err; 1595} 1596 1597static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr, 1598 u16 mgmt_op, u16 hci_op, __le32 passkey) 1599{ 1600 struct pending_cmd *cmd; 1601 struct hci_dev *hdev; 1602 struct hci_conn *conn; 1603 int err; 1604 1605 hdev = hci_dev_get(index); 1606 if (!hdev) 1607 return cmd_status(sk, index, mgmt_op, 1608 MGMT_STATUS_INVALID_PARAMS); 1609 1610 hci_dev_lock(hdev); 1611 1612 if (!test_bit(HCI_UP, &hdev->flags)) { 1613 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED); 1614 goto done; 1615 } 1616 1617 /* 1618 * Check for an existing ACL link, if present pair via 1619 * HCI commands. 1620 * 1621 * If no ACL link is present, check for an LE link and if 1622 * present, pair via the SMP engine. 1623 * 1624 * If neither ACL nor LE links are present, fail with error. 1625 */ 1626 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr); 1627 if (!conn) { 1628 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr); 1629 if (!conn) { 1630 err = cmd_status(sk, index, mgmt_op, 1631 MGMT_STATUS_NOT_CONNECTED); 1632 goto done; 1633 } 1634 1635 /* Continue with pairing via SMP */ 1636 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 1637 1638 if (!err) 1639 err = cmd_status(sk, index, mgmt_op, 1640 MGMT_STATUS_SUCCESS); 1641 else 1642 err = cmd_status(sk, index, mgmt_op, 1643 MGMT_STATUS_FAILED); 1644 1645 goto done; 1646 } 1647 1648 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr)); 1649 if (!cmd) { 1650 err = -ENOMEM; 1651 goto done; 1652 } 1653 1654 /* Continue with pairing via HCI */ 1655 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 1656 struct hci_cp_user_passkey_reply cp; 1657 1658 bacpy(&cp.bdaddr, bdaddr); 1659 cp.passkey = passkey; 1660 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 1661 } else 1662 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr); 1663 1664 if (err < 0) 1665 mgmt_pending_remove(cmd); 1666 1667done: 1668 hci_dev_unlock(hdev); 1669 hci_dev_put(hdev); 1670 1671 return err; 1672} 1673 1674static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len) 1675{ 1676 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 1677 1678 BT_DBG(""); 1679 1680 if (len != sizeof(*cp)) 1681 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY, 1682 MGMT_STATUS_INVALID_PARAMS); 1683 1684 return user_pairing_resp(sk, index, &cp->bdaddr, 1685 MGMT_OP_USER_CONFIRM_REPLY, 1686 HCI_OP_USER_CONFIRM_REPLY, 0); 1687} 1688 1689static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data, 1690 u16 len) 1691{ 1692 struct mgmt_cp_user_confirm_neg_reply *cp = data; 1693 1694 BT_DBG(""); 1695 1696 if (len != sizeof(*cp)) 1697 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY, 1698 MGMT_STATUS_INVALID_PARAMS); 1699 1700 return user_pairing_resp(sk, index, &cp->bdaddr, 1701 MGMT_OP_USER_CONFIRM_NEG_REPLY, 1702 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 1703} 1704 1705static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len) 1706{ 1707 struct mgmt_cp_user_passkey_reply *cp = (void *) data; 1708 1709 BT_DBG(""); 1710 1711 if (len != sizeof(*cp)) 1712 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY, 1713 EINVAL); 1714 1715 return user_pairing_resp(sk, index, &cp->bdaddr, 1716 MGMT_OP_USER_PASSKEY_REPLY, 1717 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 1718} 1719 1720static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data, 1721 u16 len) 1722{ 1723 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data; 1724 1725 BT_DBG(""); 1726 1727 if (len != sizeof(*cp)) 1728 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY, 1729 EINVAL); 1730 1731 return user_pairing_resp(sk, index, &cp->bdaddr, 1732 MGMT_OP_USER_PASSKEY_NEG_REPLY, 1733 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 1734} 1735 1736static int set_local_name(struct sock *sk, u16 index, unsigned char *data, 1737 u16 len) 1738{ 1739 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data; 1740 struct hci_cp_write_local_name hci_cp; 1741 struct hci_dev *hdev; 1742 struct pending_cmd *cmd; 1743 int err; 1744 1745 BT_DBG(""); 1746 1747 if (len != sizeof(*mgmt_cp)) 1748 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, 1749 MGMT_STATUS_INVALID_PARAMS); 1750 1751 hdev = hci_dev_get(index); 1752 if (!hdev) 1753 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, 1754 MGMT_STATUS_INVALID_PARAMS); 1755 1756 hci_dev_lock(hdev); 1757 1758 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 1759 if (!cmd) { 1760 err = -ENOMEM; 1761 goto failed; 1762 } 1763 1764 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 1765 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 1766 &hci_cp); 1767 if (err < 0) 1768 mgmt_pending_remove(cmd); 1769 1770failed: 1771 hci_dev_unlock(hdev); 1772 hci_dev_put(hdev); 1773 1774 return err; 1775} 1776 1777static int read_local_oob_data(struct sock *sk, u16 index) 1778{ 1779 struct hci_dev *hdev; 1780 struct pending_cmd *cmd; 1781 int err; 1782 1783 BT_DBG("hci%u", index); 1784 1785 hdev = hci_dev_get(index); 1786 if (!hdev) 1787 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1788 MGMT_STATUS_INVALID_PARAMS); 1789 1790 hci_dev_lock(hdev); 1791 1792 if (!test_bit(HCI_UP, &hdev->flags)) { 1793 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1794 MGMT_STATUS_NOT_POWERED); 1795 goto unlock; 1796 } 1797 1798 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1799 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1800 MGMT_STATUS_NOT_SUPPORTED); 1801 goto unlock; 1802 } 1803 1804 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 1805 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1806 MGMT_STATUS_BUSY); 1807 goto unlock; 1808 } 1809 1810 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 1811 if (!cmd) { 1812 err = -ENOMEM; 1813 goto unlock; 1814 } 1815 1816 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 1817 if (err < 0) 1818 mgmt_pending_remove(cmd); 1819 1820unlock: 1821 hci_dev_unlock(hdev); 1822 hci_dev_put(hdev); 1823 1824 return err; 1825} 1826 1827static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, 1828 u16 len) 1829{ 1830 struct hci_dev *hdev; 1831 struct mgmt_cp_add_remote_oob_data *cp = (void *) data; 1832 int err; 1833 1834 BT_DBG("hci%u ", index); 1835 1836 if (len != sizeof(*cp)) 1837 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1838 MGMT_STATUS_INVALID_PARAMS); 1839 1840 hdev = hci_dev_get(index); 1841 if (!hdev) 1842 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1843 MGMT_STATUS_INVALID_PARAMS); 1844 1845 hci_dev_lock(hdev); 1846 1847 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, 1848 cp->randomizer); 1849 if (err < 0) 1850 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1851 MGMT_STATUS_FAILED); 1852 else 1853 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, 1854 0); 1855 1856 hci_dev_unlock(hdev); 1857 hci_dev_put(hdev); 1858 1859 return err; 1860} 1861 1862static int remove_remote_oob_data(struct sock *sk, u16 index, 1863 unsigned char *data, u16 len) 1864{ 1865 struct hci_dev *hdev; 1866 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data; 1867 int err; 1868 1869 BT_DBG("hci%u ", index); 1870 1871 if (len != sizeof(*cp)) 1872 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1873 MGMT_STATUS_INVALID_PARAMS); 1874 1875 hdev = hci_dev_get(index); 1876 if (!hdev) 1877 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1878 MGMT_STATUS_INVALID_PARAMS); 1879 1880 hci_dev_lock(hdev); 1881 1882 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); 1883 if (err < 0) 1884 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1885 MGMT_STATUS_INVALID_PARAMS); 1886 else 1887 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1888 NULL, 0); 1889 1890 hci_dev_unlock(hdev); 1891 hci_dev_put(hdev); 1892 1893 return err; 1894} 1895 1896static int start_discovery(struct sock *sk, u16 index, 1897 unsigned char *data, u16 len) 1898{ 1899 struct mgmt_cp_start_discovery *cp = (void *) data; 1900 struct pending_cmd *cmd; 1901 struct hci_dev *hdev; 1902 int err; 1903 1904 BT_DBG("hci%u", index); 1905 1906 if (len != sizeof(*cp)) 1907 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 1908 MGMT_STATUS_INVALID_PARAMS); 1909 1910 hdev = hci_dev_get(index); 1911 if (!hdev) 1912 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 1913 MGMT_STATUS_INVALID_PARAMS); 1914 1915 hci_dev_lock(hdev); 1916 1917 if (!test_bit(HCI_UP, &hdev->flags)) { 1918 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 1919 MGMT_STATUS_NOT_POWERED); 1920 goto failed; 1921 } 1922 1923 if (hdev->discovery.state != DISCOVERY_STOPPED) { 1924 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 1925 MGMT_STATUS_BUSY); 1926 goto failed; 1927 } 1928 1929 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 1930 if (!cmd) { 1931 err = -ENOMEM; 1932 goto failed; 1933 } 1934 1935 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 1936 if (err < 0) 1937 mgmt_pending_remove(cmd); 1938 else 1939 hci_discovery_set_state(hdev, DISCOVERY_STARTING); 1940 1941failed: 1942 hci_dev_unlock(hdev); 1943 hci_dev_put(hdev); 1944 1945 return err; 1946} 1947 1948static int stop_discovery(struct sock *sk, u16 index) 1949{ 1950 struct hci_dev *hdev; 1951 struct pending_cmd *cmd; 1952 struct hci_cp_remote_name_req_cancel cp; 1953 struct inquiry_entry *e; 1954 int err; 1955 1956 BT_DBG("hci%u", index); 1957 1958 hdev = hci_dev_get(index); 1959 if (!hdev) 1960 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, 1961 MGMT_STATUS_INVALID_PARAMS); 1962 1963 hci_dev_lock(hdev); 1964 1965 if (!hci_discovery_active(hdev)) { 1966 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, 1967 MGMT_STATUS_REJECTED); 1968 goto unlock; 1969 } 1970 1971 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 1972 if (!cmd) { 1973 err = -ENOMEM; 1974 goto unlock; 1975 } 1976 1977 if (hdev->discovery.state == DISCOVERY_INQUIRY) { 1978 err = hci_cancel_inquiry(hdev); 1979 if (err < 0) 1980 mgmt_pending_remove(cmd); 1981 else 1982 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 1983 goto unlock; 1984 } 1985 1986 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING); 1987 if (!e) { 1988 mgmt_pending_remove(cmd); 1989 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0); 1990 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 1991 goto unlock; 1992 } 1993 1994 bacpy(&cp.bdaddr, &e->data.bdaddr); 1995 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, 1996 sizeof(cp), &cp); 1997 if (err < 0) 1998 mgmt_pending_remove(cmd); 1999 else 2000 hci_discovery_set_state(hdev, DISCOVERY_STOPPING); 2001 2002unlock: 2003 hci_dev_unlock(hdev); 2004 hci_dev_put(hdev); 2005 2006 return err; 2007} 2008 2009static int confirm_name(struct sock *sk, u16 index, unsigned char *data, 2010 u16 len) 2011{ 2012 struct mgmt_cp_confirm_name *cp = (void *) data; 2013 struct inquiry_entry *e; 2014 struct hci_dev *hdev; 2015 int err; 2016 2017 BT_DBG("hci%u", index); 2018 2019 if (len != sizeof(*cp)) 2020 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME, 2021 MGMT_STATUS_INVALID_PARAMS); 2022 2023 hdev = hci_dev_get(index); 2024 if (!hdev) 2025 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME, 2026 MGMT_STATUS_INVALID_PARAMS); 2027 2028 hci_dev_lock(hdev); 2029 2030 if (!hci_discovery_active(hdev)) { 2031 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME, 2032 MGMT_STATUS_FAILED); 2033 goto failed; 2034 } 2035 2036 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr); 2037 if (!e) { 2038 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME, 2039 MGMT_STATUS_INVALID_PARAMS); 2040 goto failed; 2041 } 2042 2043 if (cp->name_known) { 2044 e->name_state = NAME_KNOWN; 2045 list_del(&e->list); 2046 } else { 2047 e->name_state = NAME_NEEDED; 2048 hci_inquiry_cache_update_resolve(hdev, e); 2049 } 2050 2051 err = 0; 2052 2053failed: 2054 hci_dev_unlock(hdev); 2055 2056 return err; 2057} 2058 2059static int block_device(struct sock *sk, u16 index, unsigned char *data, 2060 u16 len) 2061{ 2062 struct hci_dev *hdev; 2063 struct mgmt_cp_block_device *cp = (void *) data; 2064 int err; 2065 2066 BT_DBG("hci%u", index); 2067 2068 if (len != sizeof(*cp)) 2069 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2070 MGMT_STATUS_INVALID_PARAMS); 2071 2072 hdev = hci_dev_get(index); 2073 if (!hdev) 2074 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2075 MGMT_STATUS_INVALID_PARAMS); 2076 2077 hci_dev_lock(hdev); 2078 2079 err = hci_blacklist_add(hdev, &cp->bdaddr); 2080 if (err < 0) 2081 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2082 MGMT_STATUS_FAILED); 2083 else 2084 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 2085 NULL, 0); 2086 2087 hci_dev_unlock(hdev); 2088 hci_dev_put(hdev); 2089 2090 return err; 2091} 2092 2093static int unblock_device(struct sock *sk, u16 index, unsigned char *data, 2094 u16 len) 2095{ 2096 struct hci_dev *hdev; 2097 struct mgmt_cp_unblock_device *cp = (void *) data; 2098 int err; 2099 2100 BT_DBG("hci%u", index); 2101 2102 if (len != sizeof(*cp)) 2103 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2104 MGMT_STATUS_INVALID_PARAMS); 2105 2106 hdev = hci_dev_get(index); 2107 if (!hdev) 2108 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2109 MGMT_STATUS_INVALID_PARAMS); 2110 2111 hci_dev_lock(hdev); 2112 2113 err = hci_blacklist_del(hdev, &cp->bdaddr); 2114 2115 if (err < 0) 2116 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2117 MGMT_STATUS_INVALID_PARAMS); 2118 else 2119 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2120 NULL, 0); 2121 2122 hci_dev_unlock(hdev); 2123 hci_dev_put(hdev); 2124 2125 return err; 2126} 2127 2128static int set_fast_connectable(struct sock *sk, u16 index, 2129 unsigned char *data, u16 len) 2130{ 2131 struct hci_dev *hdev; 2132 struct mgmt_mode *cp = (void *) data; 2133 struct hci_cp_write_page_scan_activity acp; 2134 u8 type; 2135 int err; 2136 2137 BT_DBG("hci%u", index); 2138 2139 if (len != sizeof(*cp)) 2140 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2141 MGMT_STATUS_INVALID_PARAMS); 2142 2143 hdev = hci_dev_get(index); 2144 if (!hdev) 2145 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2146 MGMT_STATUS_INVALID_PARAMS); 2147 2148 hci_dev_lock(hdev); 2149 2150 if (cp->val) { 2151 type = PAGE_SCAN_TYPE_INTERLACED; 2152 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 2153 } else { 2154 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2155 acp.interval = 0x0800; /* default 1.28 sec page scan */ 2156 } 2157 2158 acp.window = 0x0012; /* default 11.25 msec page scan window */ 2159 2160 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 2161 sizeof(acp), &acp); 2162 if (err < 0) { 2163 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2164 MGMT_STATUS_FAILED); 2165 goto done; 2166 } 2167 2168 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 2169 if (err < 0) { 2170 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2171 MGMT_STATUS_FAILED); 2172 goto done; 2173 } 2174 2175 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2176 NULL, 0); 2177done: 2178 hci_dev_unlock(hdev); 2179 hci_dev_put(hdev); 2180 2181 return err; 2182} 2183 2184int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 2185{ 2186 unsigned char *buf; 2187 struct mgmt_hdr *hdr; 2188 u16 opcode, index, len; 2189 int err; 2190 2191 BT_DBG("got %zu bytes", msglen); 2192 2193 if (msglen < sizeof(*hdr)) 2194 return -EINVAL; 2195 2196 buf = kmalloc(msglen, GFP_KERNEL); 2197 if (!buf) 2198 return -ENOMEM; 2199 2200 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 2201 err = -EFAULT; 2202 goto done; 2203 } 2204 2205 hdr = (struct mgmt_hdr *) buf; 2206 opcode = get_unaligned_le16(&hdr->opcode); 2207 index = get_unaligned_le16(&hdr->index); 2208 len = get_unaligned_le16(&hdr->len); 2209 2210 if (len != msglen - sizeof(*hdr)) { 2211 err = -EINVAL; 2212 goto done; 2213 } 2214 2215 switch (opcode) { 2216 case MGMT_OP_READ_VERSION: 2217 err = read_version(sk); 2218 break; 2219 case MGMT_OP_READ_INDEX_LIST: 2220 err = read_index_list(sk); 2221 break; 2222 case MGMT_OP_READ_INFO: 2223 err = read_controller_info(sk, index); 2224 break; 2225 case MGMT_OP_SET_POWERED: 2226 err = set_powered(sk, index, buf + sizeof(*hdr), len); 2227 break; 2228 case MGMT_OP_SET_DISCOVERABLE: 2229 err = set_discoverable(sk, index, buf + sizeof(*hdr), len); 2230 break; 2231 case MGMT_OP_SET_CONNECTABLE: 2232 err = set_connectable(sk, index, buf + sizeof(*hdr), len); 2233 break; 2234 case MGMT_OP_SET_FAST_CONNECTABLE: 2235 err = set_fast_connectable(sk, index, buf + sizeof(*hdr), 2236 len); 2237 break; 2238 case MGMT_OP_SET_PAIRABLE: 2239 err = set_pairable(sk, index, buf + sizeof(*hdr), len); 2240 break; 2241 case MGMT_OP_ADD_UUID: 2242 err = add_uuid(sk, index, buf + sizeof(*hdr), len); 2243 break; 2244 case MGMT_OP_REMOVE_UUID: 2245 err = remove_uuid(sk, index, buf + sizeof(*hdr), len); 2246 break; 2247 case MGMT_OP_SET_DEV_CLASS: 2248 err = set_dev_class(sk, index, buf + sizeof(*hdr), len); 2249 break; 2250 case MGMT_OP_LOAD_LINK_KEYS: 2251 err = load_link_keys(sk, index, buf + sizeof(*hdr), len); 2252 break; 2253 case MGMT_OP_REMOVE_KEYS: 2254 err = remove_keys(sk, index, buf + sizeof(*hdr), len); 2255 break; 2256 case MGMT_OP_DISCONNECT: 2257 err = disconnect(sk, index, buf + sizeof(*hdr), len); 2258 break; 2259 case MGMT_OP_GET_CONNECTIONS: 2260 err = get_connections(sk, index); 2261 break; 2262 case MGMT_OP_PIN_CODE_REPLY: 2263 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len); 2264 break; 2265 case MGMT_OP_PIN_CODE_NEG_REPLY: 2266 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len); 2267 break; 2268 case MGMT_OP_SET_IO_CAPABILITY: 2269 err = set_io_capability(sk, index, buf + sizeof(*hdr), len); 2270 break; 2271 case MGMT_OP_PAIR_DEVICE: 2272 err = pair_device(sk, index, buf + sizeof(*hdr), len); 2273 break; 2274 case MGMT_OP_USER_CONFIRM_REPLY: 2275 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len); 2276 break; 2277 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 2278 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr), 2279 len); 2280 break; 2281 case MGMT_OP_USER_PASSKEY_REPLY: 2282 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len); 2283 break; 2284 case MGMT_OP_USER_PASSKEY_NEG_REPLY: 2285 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr), 2286 len); 2287 break; 2288 case MGMT_OP_SET_LOCAL_NAME: 2289 err = set_local_name(sk, index, buf + sizeof(*hdr), len); 2290 break; 2291 case MGMT_OP_READ_LOCAL_OOB_DATA: 2292 err = read_local_oob_data(sk, index); 2293 break; 2294 case MGMT_OP_ADD_REMOTE_OOB_DATA: 2295 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len); 2296 break; 2297 case MGMT_OP_REMOVE_REMOTE_OOB_DATA: 2298 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr), 2299 len); 2300 break; 2301 case MGMT_OP_START_DISCOVERY: 2302 err = start_discovery(sk, index, buf + sizeof(*hdr), len); 2303 break; 2304 case MGMT_OP_STOP_DISCOVERY: 2305 err = stop_discovery(sk, index); 2306 break; 2307 case MGMT_OP_CONFIRM_NAME: 2308 err = confirm_name(sk, index, buf + sizeof(*hdr), len); 2309 break; 2310 case MGMT_OP_BLOCK_DEVICE: 2311 err = block_device(sk, index, buf + sizeof(*hdr), len); 2312 break; 2313 case MGMT_OP_UNBLOCK_DEVICE: 2314 err = unblock_device(sk, index, buf + sizeof(*hdr), len); 2315 break; 2316 default: 2317 BT_DBG("Unknown op %u", opcode); 2318 err = cmd_status(sk, index, opcode, 2319 MGMT_STATUS_UNKNOWN_COMMAND); 2320 break; 2321 } 2322 2323 if (err < 0) 2324 goto done; 2325 2326 err = msglen; 2327 2328done: 2329 kfree(buf); 2330 return err; 2331} 2332 2333static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 2334{ 2335 u8 *status = data; 2336 2337 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 2338 mgmt_pending_remove(cmd); 2339} 2340 2341int mgmt_index_added(struct hci_dev *hdev) 2342{ 2343 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 2344} 2345 2346int mgmt_index_removed(struct hci_dev *hdev) 2347{ 2348 u8 status = ENODEV; 2349 2350 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2351 2352 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 2353} 2354 2355struct cmd_lookup { 2356 u8 val; 2357 struct sock *sk; 2358 struct hci_dev *hdev; 2359}; 2360 2361static void settings_rsp(struct pending_cmd *cmd, void *data) 2362{ 2363 struct cmd_lookup *match = data; 2364 2365 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 2366 2367 list_del(&cmd->list); 2368 2369 if (match->sk == NULL) { 2370 match->sk = cmd->sk; 2371 sock_hold(match->sk); 2372 } 2373 2374 mgmt_pending_free(cmd); 2375} 2376 2377int mgmt_powered(struct hci_dev *hdev, u8 powered) 2378{ 2379 struct cmd_lookup match = { powered, NULL, hdev }; 2380 __le32 ev; 2381 int ret; 2382 2383 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 2384 2385 if (!powered) { 2386 u8 status = ENETDOWN; 2387 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2388 } 2389 2390 ev = cpu_to_le32(get_current_settings(hdev)); 2391 2392 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), 2393 match.sk); 2394 2395 if (match.sk) 2396 sock_put(match.sk); 2397 2398 return ret; 2399} 2400 2401int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 2402{ 2403 struct cmd_lookup match = { discoverable, NULL, hdev }; 2404 __le32 ev; 2405 int ret; 2406 2407 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match); 2408 2409 ev = cpu_to_le32(get_current_settings(hdev)); 2410 2411 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), 2412 match.sk); 2413 if (match.sk) 2414 sock_put(match.sk); 2415 2416 return ret; 2417} 2418 2419int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 2420{ 2421 __le32 ev; 2422 struct cmd_lookup match = { connectable, NULL, hdev }; 2423 int ret; 2424 2425 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp, 2426 &match); 2427 2428 ev = cpu_to_le32(get_current_settings(hdev)); 2429 2430 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk); 2431 2432 if (match.sk) 2433 sock_put(match.sk); 2434 2435 return ret; 2436} 2437 2438int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 2439{ 2440 u8 mgmt_err = mgmt_status(status); 2441 2442 if (scan & SCAN_PAGE) 2443 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 2444 cmd_status_rsp, &mgmt_err); 2445 2446 if (scan & SCAN_INQUIRY) 2447 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 2448 cmd_status_rsp, &mgmt_err); 2449 2450 return 0; 2451} 2452 2453int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 2454 u8 persistent) 2455{ 2456 struct mgmt_ev_new_link_key ev; 2457 2458 memset(&ev, 0, sizeof(ev)); 2459 2460 ev.store_hint = persistent; 2461 bacpy(&ev.key.bdaddr, &key->bdaddr); 2462 ev.key.type = key->type; 2463 memcpy(ev.key.val, key->val, 16); 2464 ev.key.pin_len = key->pin_len; 2465 2466 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 2467} 2468 2469int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2470 u8 addr_type, u8 *name, u8 name_len, 2471 u8 *dev_class) 2472{ 2473 char buf[512]; 2474 struct mgmt_ev_device_connected *ev = (void *) buf; 2475 u16 eir_len = 0; 2476 2477 bacpy(&ev->addr.bdaddr, bdaddr); 2478 ev->addr.type = link_to_mgmt(link_type, addr_type); 2479 2480 if (name_len > 0) 2481 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, 2482 name, name_len); 2483 2484 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0) 2485 eir_len = eir_append_data(&ev->eir[eir_len], eir_len, 2486 EIR_CLASS_OF_DEV, dev_class, 3); 2487 2488 put_unaligned_le16(eir_len, &ev->eir_len); 2489 2490 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf, 2491 sizeof(*ev) + eir_len, NULL); 2492} 2493 2494static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2495{ 2496 struct mgmt_cp_disconnect *cp = cmd->param; 2497 struct sock **sk = data; 2498 struct mgmt_rp_disconnect rp; 2499 2500 bacpy(&rp.bdaddr, &cp->bdaddr); 2501 rp.status = 0; 2502 2503 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 2504 2505 *sk = cmd->sk; 2506 sock_hold(*sk); 2507 2508 mgmt_pending_remove(cmd); 2509} 2510 2511static void remove_keys_rsp(struct pending_cmd *cmd, void *data) 2512{ 2513 u8 *status = data; 2514 struct mgmt_cp_remove_keys *cp = cmd->param; 2515 struct mgmt_rp_remove_keys rp; 2516 2517 memset(&rp, 0, sizeof(rp)); 2518 bacpy(&rp.bdaddr, &cp->bdaddr); 2519 if (status != NULL) 2520 rp.status = *status; 2521 2522 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp, 2523 sizeof(rp)); 2524 2525 mgmt_pending_remove(cmd); 2526} 2527 2528int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, 2529 u8 link_type, u8 addr_type) 2530{ 2531 struct mgmt_addr_info ev; 2532 struct sock *sk = NULL; 2533 int err; 2534 2535 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 2536 2537 bacpy(&ev.bdaddr, bdaddr); 2538 ev.type = link_to_mgmt(link_type, addr_type); 2539 2540 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), 2541 sk); 2542 2543 if (sk) 2544 sock_put(sk); 2545 2546 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL); 2547 2548 return err; 2549} 2550 2551int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 2552{ 2553 struct pending_cmd *cmd; 2554 u8 mgmt_err = mgmt_status(status); 2555 int err; 2556 2557 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 2558 if (!cmd) 2559 return -ENOENT; 2560 2561 if (bdaddr) { 2562 struct mgmt_rp_disconnect rp; 2563 2564 bacpy(&rp.bdaddr, bdaddr); 2565 rp.status = status; 2566 2567 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 2568 &rp, sizeof(rp)); 2569 } else 2570 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, 2571 mgmt_err); 2572 2573 mgmt_pending_remove(cmd); 2574 2575 return err; 2576} 2577 2578int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2579 u8 addr_type, u8 status) 2580{ 2581 struct mgmt_ev_connect_failed ev; 2582 2583 bacpy(&ev.addr.bdaddr, bdaddr); 2584 ev.addr.type = link_to_mgmt(link_type, addr_type); 2585 ev.status = mgmt_status(status); 2586 2587 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 2588} 2589 2590int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 2591{ 2592 struct mgmt_ev_pin_code_request ev; 2593 2594 bacpy(&ev.bdaddr, bdaddr); 2595 ev.secure = secure; 2596 2597 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 2598 NULL); 2599} 2600 2601int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2602 u8 status) 2603{ 2604 struct pending_cmd *cmd; 2605 struct mgmt_rp_pin_code_reply rp; 2606 int err; 2607 2608 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 2609 if (!cmd) 2610 return -ENOENT; 2611 2612 bacpy(&rp.bdaddr, bdaddr); 2613 rp.status = mgmt_status(status); 2614 2615 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp, 2616 sizeof(rp)); 2617 2618 mgmt_pending_remove(cmd); 2619 2620 return err; 2621} 2622 2623int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2624 u8 status) 2625{ 2626 struct pending_cmd *cmd; 2627 struct mgmt_rp_pin_code_reply rp; 2628 int err; 2629 2630 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 2631 if (!cmd) 2632 return -ENOENT; 2633 2634 bacpy(&rp.bdaddr, bdaddr); 2635 rp.status = mgmt_status(status); 2636 2637 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 2638 sizeof(rp)); 2639 2640 mgmt_pending_remove(cmd); 2641 2642 return err; 2643} 2644 2645int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 2646 __le32 value, u8 confirm_hint) 2647{ 2648 struct mgmt_ev_user_confirm_request ev; 2649 2650 BT_DBG("%s", hdev->name); 2651 2652 bacpy(&ev.bdaddr, bdaddr); 2653 ev.confirm_hint = confirm_hint; 2654 put_unaligned_le32(value, &ev.value); 2655 2656 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 2657 NULL); 2658} 2659 2660int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr) 2661{ 2662 struct mgmt_ev_user_passkey_request ev; 2663 2664 BT_DBG("%s", hdev->name); 2665 2666 bacpy(&ev.bdaddr, bdaddr); 2667 2668 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 2669 NULL); 2670} 2671 2672static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2673 u8 status, u8 opcode) 2674{ 2675 struct pending_cmd *cmd; 2676 struct mgmt_rp_user_confirm_reply rp; 2677 int err; 2678 2679 cmd = mgmt_pending_find(opcode, hdev); 2680 if (!cmd) 2681 return -ENOENT; 2682 2683 bacpy(&rp.bdaddr, bdaddr); 2684 rp.status = mgmt_status(status); 2685 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp)); 2686 2687 mgmt_pending_remove(cmd); 2688 2689 return err; 2690} 2691 2692int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2693 u8 status) 2694{ 2695 return user_pairing_resp_complete(hdev, bdaddr, status, 2696 MGMT_OP_USER_CONFIRM_REPLY); 2697} 2698 2699int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, 2700 bdaddr_t *bdaddr, u8 status) 2701{ 2702 return user_pairing_resp_complete(hdev, bdaddr, status, 2703 MGMT_OP_USER_CONFIRM_NEG_REPLY); 2704} 2705 2706int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2707 u8 status) 2708{ 2709 return user_pairing_resp_complete(hdev, bdaddr, status, 2710 MGMT_OP_USER_PASSKEY_REPLY); 2711} 2712 2713int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, 2714 bdaddr_t *bdaddr, u8 status) 2715{ 2716 return user_pairing_resp_complete(hdev, bdaddr, status, 2717 MGMT_OP_USER_PASSKEY_NEG_REPLY); 2718} 2719 2720int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 2721{ 2722 struct mgmt_ev_auth_failed ev; 2723 2724 bacpy(&ev.bdaddr, bdaddr); 2725 ev.status = mgmt_status(status); 2726 2727 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 2728} 2729 2730int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 2731{ 2732 struct pending_cmd *cmd; 2733 struct mgmt_cp_set_local_name ev; 2734 int err; 2735 2736 memset(&ev, 0, sizeof(ev)); 2737 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2738 2739 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 2740 if (!cmd) 2741 goto send_event; 2742 2743 if (status) { 2744 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 2745 mgmt_status(status)); 2746 goto failed; 2747 } 2748 2749 update_eir(hdev); 2750 2751 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev, 2752 sizeof(ev)); 2753 if (err < 0) 2754 goto failed; 2755 2756send_event: 2757 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 2758 cmd ? cmd->sk : NULL); 2759 2760failed: 2761 if (cmd) 2762 mgmt_pending_remove(cmd); 2763 return err; 2764} 2765 2766int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 2767 u8 *randomizer, u8 status) 2768{ 2769 struct pending_cmd *cmd; 2770 int err; 2771 2772 BT_DBG("%s status %u", hdev->name, status); 2773 2774 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 2775 if (!cmd) 2776 return -ENOENT; 2777 2778 if (status) { 2779 err = cmd_status(cmd->sk, hdev->id, 2780 MGMT_OP_READ_LOCAL_OOB_DATA, 2781 mgmt_status(status)); 2782 } else { 2783 struct mgmt_rp_read_local_oob_data rp; 2784 2785 memcpy(rp.hash, hash, sizeof(rp.hash)); 2786 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 2787 2788 err = cmd_complete(cmd->sk, hdev->id, 2789 MGMT_OP_READ_LOCAL_OOB_DATA, 2790 &rp, sizeof(rp)); 2791 } 2792 2793 mgmt_pending_remove(cmd); 2794 2795 return err; 2796} 2797 2798int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2799 u8 addr_type, u8 *dev_class, s8 rssi, 2800 u8 cfm_name, u8 *eir, u16 eir_len) 2801{ 2802 char buf[512]; 2803 struct mgmt_ev_device_found *ev = (void *) buf; 2804 size_t ev_size; 2805 2806 /* Leave 5 bytes for a potential CoD field */ 2807 if (sizeof(*ev) + eir_len + 5 > sizeof(buf)) 2808 return -EINVAL; 2809 2810 memset(buf, 0, sizeof(buf)); 2811 2812 bacpy(&ev->addr.bdaddr, bdaddr); 2813 ev->addr.type = link_to_mgmt(link_type, addr_type); 2814 ev->rssi = rssi; 2815 ev->confirm_name = cfm_name; 2816 2817 if (eir_len > 0) 2818 memcpy(ev->eir, eir, eir_len); 2819 2820 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV)) 2821 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV, 2822 dev_class, 3); 2823 2824 put_unaligned_le16(eir_len, &ev->eir_len); 2825 2826 ev_size = sizeof(*ev) + eir_len; 2827 2828 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL); 2829} 2830 2831int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2832 u8 addr_type, s8 rssi, u8 *name, u8 name_len) 2833{ 2834 struct mgmt_ev_device_found *ev; 2835 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2]; 2836 u16 eir_len; 2837 2838 ev = (struct mgmt_ev_device_found *) buf; 2839 2840 memset(buf, 0, sizeof(buf)); 2841 2842 bacpy(&ev->addr.bdaddr, bdaddr); 2843 ev->addr.type = link_to_mgmt(link_type, addr_type); 2844 ev->rssi = rssi; 2845 2846 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name, 2847 name_len); 2848 2849 put_unaligned_le16(eir_len, &ev->eir_len); 2850 2851 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL); 2852} 2853 2854int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 2855{ 2856 struct pending_cmd *cmd; 2857 int err; 2858 2859 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 2860 if (!cmd) 2861 return -ENOENT; 2862 2863 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); 2864 mgmt_pending_remove(cmd); 2865 2866 return err; 2867} 2868 2869int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 2870{ 2871 struct pending_cmd *cmd; 2872 int err; 2873 2874 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 2875 if (!cmd) 2876 return -ENOENT; 2877 2878 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); 2879 mgmt_pending_remove(cmd); 2880 2881 return err; 2882} 2883 2884int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 2885{ 2886 struct pending_cmd *cmd; 2887 2888 if (discovering) 2889 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 2890 else 2891 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 2892 2893 if (cmd != NULL) { 2894 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0); 2895 mgmt_pending_remove(cmd); 2896 } 2897 2898 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering, 2899 sizeof(discovering), NULL); 2900} 2901 2902int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 2903{ 2904 struct pending_cmd *cmd; 2905 struct mgmt_ev_device_blocked ev; 2906 2907 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 2908 2909 bacpy(&ev.bdaddr, bdaddr); 2910 2911 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 2912 cmd ? cmd->sk : NULL); 2913} 2914 2915int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 2916{ 2917 struct pending_cmd *cmd; 2918 struct mgmt_ev_device_unblocked ev; 2919 2920 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 2921 2922 bacpy(&ev.bdaddr, bdaddr); 2923 2924 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 2925 cmd ? cmd->sk : NULL); 2926} 2927