2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 err = sock_queue_rcv_skb(sk, skb);
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
81 struct mgmt_ev_cmd_complete *ev;
84 BT_DBG("sock %p", sk);
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
100 memcpy(ev->data, rp, rp_len);
102 err = sock_queue_rcv_skb(sk, skb);
109 static int read_version(struct sock *sk)
111 struct mgmt_rp_read_version rp;
113 BT_DBG("sock %p", sk);
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
122 static int read_index_list(struct sock *sk)
124 struct mgmt_rp_read_index_list *rp;
131 BT_DBG("sock %p", sk);
133 read_lock(&hci_dev_list_lock);
136 list_for_each(p, &hci_dev_list) {
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
143 read_unlock(&hci_dev_list_lock);
147 put_unaligned_le16(count, &rp->num_controllers);
150 list_for_each_entry(d, &hci_dev_list, list) {
151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
152 cancel_delayed_work(&d->power_off);
154 if (test_bit(HCI_SETUP, &d->flags))
157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
161 read_unlock(&hci_dev_list_lock);
163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
171 static int read_controller_info(struct sock *sk, u16 index)
173 struct mgmt_rp_read_info rp;
174 struct hci_dev *hdev;
176 BT_DBG("sock %p hci%u", sk, index);
178 hdev = hci_dev_get(index);
180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
185 hci_dev_lock_bh(hdev);
187 set_bit(HCI_MGMT, &hdev->flags);
189 memset(&rp, 0, sizeof(rp));
191 rp.type = hdev->dev_type;
193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198 if (test_bit(HCI_AUTH, &hdev->flags))
200 else if (hdev->ssp_mode > 0)
205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214 hci_dev_unlock_bh(hdev);
217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
220 static void mgmt_pending_free(struct pending_cmd *cmd)
227 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
228 struct hci_dev *hdev,
231 struct pending_cmd *cmd;
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
237 cmd->opcode = opcode;
238 cmd->index = hdev->id;
240 cmd->param = kmalloc(len, GFP_ATOMIC);
247 memcpy(cmd->param, data, len);
252 list_add(&cmd->list, &hdev->mgmt_pending);
257 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
258 void (*cb)(struct pending_cmd *cmd, void *data),
261 struct list_head *p, *n;
263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
264 struct pending_cmd *cmd;
266 cmd = list_entry(p, struct pending_cmd, list);
268 if (opcode > 0 && cmd->opcode != opcode)
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
277 struct pending_cmd *cmd;
279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
280 if (cmd->opcode == opcode)
287 static void mgmt_pending_remove(struct pending_cmd *cmd)
289 list_del(&cmd->list);
290 mgmt_pending_free(cmd);
293 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
295 struct mgmt_mode *cp;
296 struct hci_dev *hdev;
297 struct pending_cmd *cmd;
302 BT_DBG("request for hci%u", index);
304 if (len != sizeof(*cp))
305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
307 hdev = hci_dev_get(index);
309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
311 hci_dev_lock_bh(hdev);
313 up = test_bit(HCI_UP, &hdev->flags);
314 if ((cp->val && up) || (!cp->val && !up)) {
315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
331 queue_work(hdev->workqueue, &hdev->power_on);
333 queue_work(hdev->workqueue, &hdev->power_off.work);
338 hci_dev_unlock_bh(hdev);
343 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
346 struct mgmt_cp_set_discoverable *cp;
347 struct hci_dev *hdev;
348 struct pending_cmd *cmd;
354 BT_DBG("request for hci%u", index);
356 if (len != sizeof(*cp))
357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
359 hdev = hci_dev_get(index);
361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
363 hci_dev_lock_bh(hdev);
365 if (!test_bit(HCI_UP, &hdev->flags)) {
366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
377 test_bit(HCI_PSCAN, &hdev->flags)) {
378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
391 scan |= SCAN_INQUIRY;
393 cancel_delayed_work(&hdev->discov_off);
395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 mgmt_pending_remove(cmd);
400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
403 hci_dev_unlock_bh(hdev);
409 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
412 struct mgmt_mode *cp;
413 struct hci_dev *hdev;
414 struct pending_cmd *cmd;
420 BT_DBG("request for hci%u", index);
422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
425 hdev = hci_dev_get(index);
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
429 hci_dev_lock_bh(hdev);
431 if (!test_bit(HCI_UP, &hdev->flags)) {
432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
460 mgmt_pending_remove(cmd);
463 hci_dev_unlock_bh(hdev);
469 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
470 u16 data_len, struct sock *skip_sk)
473 struct mgmt_hdr *hdr;
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
484 hdr->index = cpu_to_le16(hdev->id);
486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
487 hdr->len = cpu_to_le16(data_len);
490 memcpy(skb_put(skb, data_len), data, data_len);
492 hci_send_to_sock(NULL, skb, skip_sk);
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
516 BT_DBG("request for hci%u", index);
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
521 hdev = hci_dev_get(index);
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
525 hci_dev_lock_bh(hdev);
528 set_bit(HCI_PAIRABLE, &hdev->flags);
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
541 hci_dev_unlock_bh(hdev);
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
559 #define PNP_INFO_SVCLASS_ID 0x1200
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566 static u16 get_uuid16(u8 *uuid128)
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
576 memcpy(&val, &uuid128[12], 4);
578 val = le32_to_cpu(val);
585 static void create_eir(struct hci_dev *hdev, u8 *data)
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct bt_uuid *uuid;
594 name_len = strlen(hdev->dev_name);
600 ptr[1] = EIR_NAME_SHORT;
602 ptr[1] = EIR_NAME_COMPLETE;
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
607 memcpy(ptr + 2, hdev->dev_name, name_len);
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
613 memset(uuid16_list, 0, sizeof(uuid16_list));
615 /* Group all UUID16 types */
616 list_for_each_entry(uuid, &hdev->uuids, list) {
619 uuid16 = get_uuid16(uuid->uuid);
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
646 if (uuid16_list[0] != 0) {
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
665 static int update_eir(struct hci_dev *hdev)
667 struct hci_cp_write_eir cp;
669 if (!(hdev->features[6] & LMP_EXT_INQ))
672 if (hdev->ssp_mode == 0)
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
678 memset(&cp, 0, sizeof(cp));
680 create_eir(hdev, cp.data);
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
690 static u8 get_service_classes(struct hci_dev *hdev)
692 struct bt_uuid *uuid;
695 list_for_each_entry(uuid, &hdev->uuids, list)
696 val |= uuid->svc_hint;
701 static int update_class(struct hci_dev *hdev)
705 BT_DBG("%s", hdev->name);
707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
710 cod[0] = hdev->minor_class;
711 cod[1] = hdev->major_class;
712 cod[2] = get_service_classes(hdev);
714 if (memcmp(cod, hdev->dev_class, 3) == 0)
717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
720 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
722 struct mgmt_cp_add_uuid *cp;
723 struct hci_dev *hdev;
724 struct bt_uuid *uuid;
729 BT_DBG("request for hci%u", index);
731 if (len != sizeof(*cp))
732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
734 hdev = hci_dev_get(index);
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
738 hci_dev_lock_bh(hdev);
740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
746 memcpy(uuid->uuid, cp->uuid, 16);
747 uuid->svc_hint = cp->svc_hint;
749 list_add(&uuid->list, &hdev->uuids);
751 err = update_class(hdev);
755 err = update_eir(hdev);
759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
762 hci_dev_unlock_bh(hdev);
768 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
770 struct list_head *p, *n;
771 struct mgmt_cp_remove_uuid *cp;
772 struct hci_dev *hdev;
773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 BT_DBG("request for hci%u", index);
780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
783 hdev = hci_dev_get(index);
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
787 hci_dev_lock_bh(hdev);
789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
790 err = hci_uuids_clear(hdev);
796 list_for_each_safe(p, n, &hdev->uuids) {
797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
799 if (memcmp(match->uuid, cp->uuid, 16) != 0)
802 list_del(&match->list);
807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
811 err = update_class(hdev);
815 err = update_eir(hdev);
819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
822 hci_dev_unlock_bh(hdev);
828 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
831 struct hci_dev *hdev;
832 struct mgmt_cp_set_dev_class *cp;
837 BT_DBG("request for hci%u", index);
839 if (len != sizeof(*cp))
840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
842 hdev = hci_dev_get(index);
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
846 hci_dev_lock_bh(hdev);
848 hdev->major_class = cp->major;
849 hdev->minor_class = cp->minor;
851 err = update_class(hdev);
854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
856 hci_dev_unlock_bh(hdev);
862 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
865 struct hci_dev *hdev;
866 struct mgmt_cp_set_service_cache *cp;
871 if (len != sizeof(*cp))
872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
874 hdev = hci_dev_get(index);
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
878 hci_dev_lock_bh(hdev);
880 BT_DBG("hci%u enable %d", index, cp->enable);
883 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = update_class(hdev);
889 err = update_eir(hdev);
893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
899 hci_dev_unlock_bh(hdev);
905 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_link_keys *cp;
910 u16 key_count, expected_len;
915 if (len < sizeof(*cp))
916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
918 key_count = get_unaligned_le16(&cp->key_count);
920 expected_len = sizeof(*cp) + key_count *
921 sizeof(struct mgmt_link_key_info);
922 if (expected_len != len) {
923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
928 hdev = hci_dev_get(index);
930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
935 hci_dev_lock_bh(hdev);
937 hci_link_keys_clear(hdev);
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
946 for (i = 0; i < key_count; i++) {
947 struct mgmt_link_key_info *key = &cp->keys[i];
949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
953 hci_dev_unlock_bh(hdev);
959 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
962 struct hci_dev *hdev;
963 struct mgmt_cp_remove_keys *cp;
964 struct hci_conn *conn;
969 if (len != sizeof(*cp))
970 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
972 hdev = hci_dev_get(index);
974 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
976 hci_dev_lock_bh(hdev);
978 err = hci_remove_link_key(hdev, &cp->bdaddr);
980 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
986 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
989 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
991 struct hci_cp_disconnect dc;
993 put_unaligned_le16(conn->handle, &dc.handle);
994 dc.reason = 0x13; /* Remote User Terminated Connection */
995 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
999 hci_dev_unlock_bh(hdev);
1005 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1007 struct hci_dev *hdev;
1008 struct mgmt_cp_disconnect *cp;
1009 struct hci_cp_disconnect dc;
1010 struct pending_cmd *cmd;
1011 struct hci_conn *conn;
1018 if (len != sizeof(*cp))
1019 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1021 hdev = hci_dev_get(index);
1023 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1025 hci_dev_lock_bh(hdev);
1027 if (!test_bit(HCI_UP, &hdev->flags)) {
1028 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1032 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1033 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1039 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1042 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1046 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1052 put_unaligned_le16(conn->handle, &dc.handle);
1053 dc.reason = 0x13; /* Remote User Terminated Connection */
1055 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1057 mgmt_pending_remove(cmd);
1060 hci_dev_unlock_bh(hdev);
1066 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1068 switch (link_type) {
1070 switch (addr_type) {
1071 case ADDR_LE_DEV_PUBLIC:
1072 return MGMT_ADDR_LE_PUBLIC;
1073 case ADDR_LE_DEV_RANDOM:
1074 return MGMT_ADDR_LE_RANDOM;
1076 return MGMT_ADDR_INVALID;
1079 return MGMT_ADDR_BREDR;
1081 return MGMT_ADDR_INVALID;
1085 static int get_connections(struct sock *sk, u16 index)
1087 struct mgmt_rp_get_connections *rp;
1088 struct hci_dev *hdev;
1090 struct list_head *p;
1097 hdev = hci_dev_get(index);
1099 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1101 hci_dev_lock_bh(hdev);
1104 list_for_each(p, &hdev->conn_hash.list) {
1108 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1109 rp = kmalloc(rp_len, GFP_ATOMIC);
1115 put_unaligned_le16(count, &rp->conn_count);
1118 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1119 bacpy(&rp->addr[i].bdaddr, &c->dst);
1120 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1121 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1126 /* Recalculate length in case of filtered SCO connections, etc */
1127 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1129 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1133 hci_dev_unlock_bh(hdev);
1138 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1139 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1141 struct pending_cmd *cmd;
1144 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1149 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1152 mgmt_pending_remove(cmd);
1157 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1160 struct hci_dev *hdev;
1161 struct hci_conn *conn;
1162 struct mgmt_cp_pin_code_reply *cp;
1163 struct mgmt_cp_pin_code_neg_reply ncp;
1164 struct hci_cp_pin_code_reply reply;
1165 struct pending_cmd *cmd;
1172 if (len != sizeof(*cp))
1173 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1175 hdev = hci_dev_get(index);
1177 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1179 hci_dev_lock_bh(hdev);
1181 if (!test_bit(HCI_UP, &hdev->flags)) {
1182 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1186 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1188 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1192 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1193 bacpy(&ncp.bdaddr, &cp->bdaddr);
1195 BT_ERR("PIN code is not 16 bytes long");
1197 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1199 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1205 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1211 bacpy(&reply.bdaddr, &cp->bdaddr);
1212 reply.pin_len = cp->pin_len;
1213 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1215 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1217 mgmt_pending_remove(cmd);
1220 hci_dev_unlock_bh(hdev);
1226 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1229 struct hci_dev *hdev;
1230 struct mgmt_cp_pin_code_neg_reply *cp;
1237 if (len != sizeof(*cp))
1238 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1241 hdev = hci_dev_get(index);
1243 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1246 hci_dev_lock_bh(hdev);
1248 if (!test_bit(HCI_UP, &hdev->flags)) {
1249 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1254 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1257 hci_dev_unlock_bh(hdev);
1263 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1266 struct hci_dev *hdev;
1267 struct mgmt_cp_set_io_capability *cp;
1273 if (len != sizeof(*cp))
1274 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1276 hdev = hci_dev_get(index);
1278 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1280 hci_dev_lock_bh(hdev);
1282 hdev->io_capability = cp->io_capability;
1284 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1285 hdev->io_capability);
1287 hci_dev_unlock_bh(hdev);
1290 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1293 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1295 struct hci_dev *hdev = conn->hdev;
1296 struct pending_cmd *cmd;
1298 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1299 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1302 if (cmd->user_data != conn)
1311 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1313 struct mgmt_rp_pair_device rp;
1314 struct hci_conn *conn = cmd->user_data;
1316 bacpy(&rp.bdaddr, &conn->dst);
1319 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1321 /* So we don't get further callbacks for this connection */
1322 conn->connect_cfm_cb = NULL;
1323 conn->security_cfm_cb = NULL;
1324 conn->disconn_cfm_cb = NULL;
1328 mgmt_pending_remove(cmd);
1331 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1333 struct pending_cmd *cmd;
1334 struct hci_dev *hdev = conn->hdev;
1336 BT_DBG("status %u", status);
1338 hci_dev_lock_bh(hdev);
1340 cmd = find_pairing(conn);
1342 BT_DBG("Unable to find a pending command");
1344 pairing_complete(cmd, status);
1346 hci_dev_unlock_bh(hdev);
1349 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1351 struct hci_dev *hdev;
1352 struct mgmt_cp_pair_device *cp;
1353 struct pending_cmd *cmd;
1354 struct adv_entry *entry;
1355 u8 sec_level, auth_type;
1356 struct hci_conn *conn;
1363 if (len != sizeof(*cp))
1364 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1366 hdev = hci_dev_get(index);
1368 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1370 hci_dev_lock_bh(hdev);
1372 sec_level = BT_SECURITY_MEDIUM;
1373 if (cp->io_cap == 0x03)
1374 auth_type = HCI_AT_DEDICATED_BONDING;
1376 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1378 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1380 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1383 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1387 err = PTR_ERR(conn);
1391 if (conn->connect_cfm_cb) {
1393 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1397 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1404 /* For LE, just connecting isn't a proof that the pairing finished */
1406 conn->connect_cfm_cb = pairing_complete_cb;
1408 conn->security_cfm_cb = pairing_complete_cb;
1409 conn->disconn_cfm_cb = pairing_complete_cb;
1410 conn->io_capability = cp->io_cap;
1411 cmd->user_data = conn;
1413 if (conn->state == BT_CONNECTED &&
1414 hci_conn_security(conn, sec_level, auth_type))
1415 pairing_complete(cmd, 0);
1420 hci_dev_unlock_bh(hdev);
1426 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1427 u16 len, int success)
1429 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1430 u16 mgmt_op, hci_op;
1431 struct pending_cmd *cmd;
1432 struct hci_dev *hdev;
1438 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1439 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1441 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1442 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1445 if (len != sizeof(*cp))
1446 return cmd_status(sk, index, mgmt_op, EINVAL);
1448 hdev = hci_dev_get(index);
1450 return cmd_status(sk, index, mgmt_op, ENODEV);
1452 hci_dev_lock_bh(hdev);
1454 if (!test_bit(HCI_UP, &hdev->flags)) {
1455 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1459 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1465 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1467 mgmt_pending_remove(cmd);
1470 hci_dev_unlock_bh(hdev);
1476 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1479 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1480 struct hci_cp_write_local_name hci_cp;
1481 struct hci_dev *hdev;
1482 struct pending_cmd *cmd;
1487 if (len != sizeof(*mgmt_cp))
1488 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1490 hdev = hci_dev_get(index);
1492 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1494 hci_dev_lock_bh(hdev);
1496 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1502 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1503 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1506 mgmt_pending_remove(cmd);
1509 hci_dev_unlock_bh(hdev);
1515 static int read_local_oob_data(struct sock *sk, u16 index)
1517 struct hci_dev *hdev;
1518 struct pending_cmd *cmd;
1521 BT_DBG("hci%u", index);
1523 hdev = hci_dev_get(index);
1525 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1528 hci_dev_lock_bh(hdev);
1530 if (!test_bit(HCI_UP, &hdev->flags)) {
1531 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1536 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1537 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1542 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1543 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1547 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1553 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1555 mgmt_pending_remove(cmd);
1558 hci_dev_unlock_bh(hdev);
1564 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1567 struct hci_dev *hdev;
1568 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1571 BT_DBG("hci%u ", index);
1573 if (len != sizeof(*cp))
1574 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1577 hdev = hci_dev_get(index);
1579 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1582 hci_dev_lock_bh(hdev);
1584 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1587 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1589 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1592 hci_dev_unlock_bh(hdev);
1598 static int remove_remote_oob_data(struct sock *sk, u16 index,
1599 unsigned char *data, u16 len)
1601 struct hci_dev *hdev;
1602 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1605 BT_DBG("hci%u ", index);
1607 if (len != sizeof(*cp))
1608 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1611 hdev = hci_dev_get(index);
1613 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1616 hci_dev_lock_bh(hdev);
1618 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1620 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1623 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1626 hci_dev_unlock_bh(hdev);
1632 static int start_discovery(struct sock *sk, u16 index)
1634 struct pending_cmd *cmd;
1635 struct hci_dev *hdev;
1638 BT_DBG("hci%u", index);
1640 hdev = hci_dev_get(index);
1642 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1644 hci_dev_lock_bh(hdev);
1646 if (!test_bit(HCI_UP, &hdev->flags)) {
1647 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1651 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1657 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1659 mgmt_pending_remove(cmd);
1662 hci_dev_unlock_bh(hdev);
1668 static int stop_discovery(struct sock *sk, u16 index)
1670 struct hci_dev *hdev;
1671 struct pending_cmd *cmd;
1674 BT_DBG("hci%u", index);
1676 hdev = hci_dev_get(index);
1678 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1680 hci_dev_lock_bh(hdev);
1682 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1688 err = hci_cancel_inquiry(hdev);
1690 mgmt_pending_remove(cmd);
1693 hci_dev_unlock_bh(hdev);
1699 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1702 struct hci_dev *hdev;
1703 struct mgmt_cp_block_device *cp = (void *) data;
1706 BT_DBG("hci%u", index);
1708 if (len != sizeof(*cp))
1709 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1712 hdev = hci_dev_get(index);
1714 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1717 hci_dev_lock_bh(hdev);
1719 err = hci_blacklist_add(hdev, &cp->bdaddr);
1721 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1723 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1726 hci_dev_unlock_bh(hdev);
1732 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1735 struct hci_dev *hdev;
1736 struct mgmt_cp_unblock_device *cp = (void *) data;
1739 BT_DBG("hci%u", index);
1741 if (len != sizeof(*cp))
1742 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1745 hdev = hci_dev_get(index);
1747 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1750 hci_dev_lock_bh(hdev);
1752 err = hci_blacklist_del(hdev, &cp->bdaddr);
1755 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1757 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1760 hci_dev_unlock_bh(hdev);
1766 static int set_fast_connectable(struct sock *sk, u16 index,
1767 unsigned char *data, u16 len)
1769 struct hci_dev *hdev;
1770 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1771 struct hci_cp_write_page_scan_activity acp;
1775 BT_DBG("hci%u", index);
1777 if (len != sizeof(*cp))
1778 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1781 hdev = hci_dev_get(index);
1783 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1789 type = PAGE_SCAN_TYPE_INTERLACED;
1790 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1792 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1793 acp.interval = 0x0800; /* default 1.28 sec page scan */
1796 acp.window = 0x0012; /* default 11.25 msec page scan window */
1798 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1801 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1806 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1808 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1813 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1816 hci_dev_unlock(hdev);
1822 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1825 struct mgmt_hdr *hdr;
1826 u16 opcode, index, len;
1829 BT_DBG("got %zu bytes", msglen);
1831 if (msglen < sizeof(*hdr))
1834 buf = kmalloc(msglen, GFP_KERNEL);
1838 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1843 hdr = (struct mgmt_hdr *) buf;
1844 opcode = get_unaligned_le16(&hdr->opcode);
1845 index = get_unaligned_le16(&hdr->index);
1846 len = get_unaligned_le16(&hdr->len);
1848 if (len != msglen - sizeof(*hdr)) {
1854 case MGMT_OP_READ_VERSION:
1855 err = read_version(sk);
1857 case MGMT_OP_READ_INDEX_LIST:
1858 err = read_index_list(sk);
1860 case MGMT_OP_READ_INFO:
1861 err = read_controller_info(sk, index);
1863 case MGMT_OP_SET_POWERED:
1864 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1866 case MGMT_OP_SET_DISCOVERABLE:
1867 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1869 case MGMT_OP_SET_CONNECTABLE:
1870 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1872 case MGMT_OP_SET_PAIRABLE:
1873 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1875 case MGMT_OP_ADD_UUID:
1876 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1878 case MGMT_OP_REMOVE_UUID:
1879 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1881 case MGMT_OP_SET_DEV_CLASS:
1882 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1884 case MGMT_OP_SET_SERVICE_CACHE:
1885 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1887 case MGMT_OP_LOAD_LINK_KEYS:
1888 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1890 case MGMT_OP_REMOVE_KEYS:
1891 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1893 case MGMT_OP_DISCONNECT:
1894 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1896 case MGMT_OP_GET_CONNECTIONS:
1897 err = get_connections(sk, index);
1899 case MGMT_OP_PIN_CODE_REPLY:
1900 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1902 case MGMT_OP_PIN_CODE_NEG_REPLY:
1903 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1905 case MGMT_OP_SET_IO_CAPABILITY:
1906 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1908 case MGMT_OP_PAIR_DEVICE:
1909 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1911 case MGMT_OP_USER_CONFIRM_REPLY:
1912 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1914 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1915 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1917 case MGMT_OP_SET_LOCAL_NAME:
1918 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1920 case MGMT_OP_READ_LOCAL_OOB_DATA:
1921 err = read_local_oob_data(sk, index);
1923 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1924 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1926 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1927 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1930 case MGMT_OP_START_DISCOVERY:
1931 err = start_discovery(sk, index);
1933 case MGMT_OP_STOP_DISCOVERY:
1934 err = stop_discovery(sk, index);
1936 case MGMT_OP_BLOCK_DEVICE:
1937 err = block_device(sk, index, buf + sizeof(*hdr), len);
1939 case MGMT_OP_UNBLOCK_DEVICE:
1940 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1942 case MGMT_OP_SET_FAST_CONNECTABLE:
1943 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1947 BT_DBG("Unknown op %u", opcode);
1948 err = cmd_status(sk, index, opcode, 0x01);
1962 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1966 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1967 mgmt_pending_remove(cmd);
1970 int mgmt_index_added(struct hci_dev *hdev)
1972 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1975 int mgmt_index_removed(struct hci_dev *hdev)
1979 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1981 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
1989 static void mode_rsp(struct pending_cmd *cmd, void *data)
1991 struct mgmt_mode *cp = cmd->param;
1992 struct cmd_lookup *match = data;
1994 if (cp->val != match->val)
1997 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1999 list_del(&cmd->list);
2001 if (match->sk == NULL) {
2002 match->sk = cmd->sk;
2003 sock_hold(match->sk);
2006 mgmt_pending_free(cmd);
2009 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2011 struct mgmt_mode ev;
2012 struct cmd_lookup match = { powered, NULL };
2015 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2018 u8 status = ENETDOWN;
2019 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2024 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2032 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2034 struct mgmt_mode ev;
2035 struct cmd_lookup match = { discoverable, NULL };
2038 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2040 ev.val = discoverable;
2042 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2051 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2053 struct mgmt_mode ev;
2054 struct cmd_lookup match = { connectable, NULL };
2057 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2059 ev.val = connectable;
2061 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2069 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2071 if (scan & SCAN_PAGE)
2072 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2073 cmd_status_rsp, &status);
2075 if (scan & SCAN_INQUIRY)
2076 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2077 cmd_status_rsp, &status);
2082 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2085 struct mgmt_ev_new_link_key ev;
2087 memset(&ev, 0, sizeof(ev));
2089 ev.store_hint = persistent;
2090 bacpy(&ev.key.bdaddr, &key->bdaddr);
2091 ev.key.type = key->type;
2092 memcpy(ev.key.val, key->val, 16);
2093 ev.key.pin_len = key->pin_len;
2095 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2098 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2101 struct mgmt_addr_info ev;
2103 bacpy(&ev.bdaddr, bdaddr);
2104 ev.type = link_to_mgmt(link_type, addr_type);
2106 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2109 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2111 struct mgmt_cp_disconnect *cp = cmd->param;
2112 struct sock **sk = data;
2113 struct mgmt_rp_disconnect rp;
2115 bacpy(&rp.bdaddr, &cp->bdaddr);
2117 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2122 mgmt_pending_remove(cmd);
2125 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2128 struct mgmt_addr_info ev;
2129 struct sock *sk = NULL;
2132 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2134 bacpy(&ev.bdaddr, bdaddr);
2135 ev.type = link_to_mgmt(link_type, addr_type);
2137 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2145 int mgmt_disconnect_failed(struct hci_dev *hdev)
2147 struct pending_cmd *cmd;
2150 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2154 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2156 mgmt_pending_remove(cmd);
2161 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2162 u8 addr_type, u8 status)
2164 struct mgmt_ev_connect_failed ev;
2166 bacpy(&ev.addr.bdaddr, bdaddr);
2167 ev.addr.type = link_to_mgmt(link_type, addr_type);
2170 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2173 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2175 struct mgmt_ev_pin_code_request ev;
2177 bacpy(&ev.bdaddr, bdaddr);
2180 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2184 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2187 struct pending_cmd *cmd;
2188 struct mgmt_rp_pin_code_reply rp;
2191 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2195 bacpy(&rp.bdaddr, bdaddr);
2198 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2201 mgmt_pending_remove(cmd);
2206 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2209 struct pending_cmd *cmd;
2210 struct mgmt_rp_pin_code_reply rp;
2213 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2217 bacpy(&rp.bdaddr, bdaddr);
2220 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2223 mgmt_pending_remove(cmd);
2228 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2229 __le32 value, u8 confirm_hint)
2231 struct mgmt_ev_user_confirm_request ev;
2233 BT_DBG("%s", hdev->name);
2235 bacpy(&ev.bdaddr, bdaddr);
2236 ev.confirm_hint = confirm_hint;
2237 put_unaligned_le32(value, &ev.value);
2239 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2243 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2244 u8 status, u8 opcode)
2246 struct pending_cmd *cmd;
2247 struct mgmt_rp_user_confirm_reply rp;
2250 cmd = mgmt_pending_find(opcode, hdev);
2254 bacpy(&rp.bdaddr, bdaddr);
2256 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2258 mgmt_pending_remove(cmd);
2263 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2266 return confirm_reply_complete(hdev, bdaddr, status,
2267 MGMT_OP_USER_CONFIRM_REPLY);
2270 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2271 bdaddr_t *bdaddr, u8 status)
2273 return confirm_reply_complete(hdev, bdaddr, status,
2274 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2277 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2279 struct mgmt_ev_auth_failed ev;
2281 bacpy(&ev.bdaddr, bdaddr);
2284 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2287 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2289 struct pending_cmd *cmd;
2290 struct mgmt_cp_set_local_name ev;
2293 memset(&ev, 0, sizeof(ev));
2294 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2296 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2301 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2308 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2314 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2315 cmd ? cmd->sk : NULL);
2319 mgmt_pending_remove(cmd);
2323 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2324 u8 *randomizer, u8 status)
2326 struct pending_cmd *cmd;
2329 BT_DBG("%s status %u", hdev->name, status);
2331 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2336 err = cmd_status(cmd->sk, hdev->id,
2337 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2339 struct mgmt_rp_read_local_oob_data rp;
2341 memcpy(rp.hash, hash, sizeof(rp.hash));
2342 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2344 err = cmd_complete(cmd->sk, hdev->id,
2345 MGMT_OP_READ_LOCAL_OOB_DATA,
2349 mgmt_pending_remove(cmd);
2354 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2355 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2357 struct mgmt_ev_device_found ev;
2359 memset(&ev, 0, sizeof(ev));
2361 bacpy(&ev.addr.bdaddr, bdaddr);
2362 ev.addr.type = link_to_mgmt(link_type, addr_type);
2366 memcpy(ev.eir, eir, sizeof(ev.eir));
2369 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2371 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2374 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2376 struct mgmt_ev_remote_name ev;
2378 memset(&ev, 0, sizeof(ev));
2380 bacpy(&ev.bdaddr, bdaddr);
2381 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2383 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2386 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2388 struct pending_cmd *cmd;
2391 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2395 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2396 mgmt_pending_remove(cmd);
2401 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2403 struct pending_cmd *cmd;
2406 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2408 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2411 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2412 mgmt_pending_remove(cmd);
2415 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2416 sizeof(discovering), NULL);
2419 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2421 struct pending_cmd *cmd;
2422 struct mgmt_ev_device_blocked ev;
2424 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2426 bacpy(&ev.bdaddr, bdaddr);
2428 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2429 cmd ? cmd->sk : NULL);
2432 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2434 struct pending_cmd *cmd;
2435 struct mgmt_ev_device_unblocked ev;
2437 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2439 bacpy(&ev.bdaddr, bdaddr);
2441 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2442 cmd ? cmd->sk : NULL);
projects / ~andy / linux / blob