2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static LIST_HEAD(cmd_list);
48 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
52 struct mgmt_ev_cmd_status *ev;
55 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
57 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
61 hdr = (void *) skb_put(skb, sizeof(*hdr));
63 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
64 hdr->index = cpu_to_le16(index);
65 hdr->len = cpu_to_le16(sizeof(*ev));
67 ev = (void *) skb_put(skb, sizeof(*ev));
69 put_unaligned_le16(cmd, &ev->opcode);
71 err = sock_queue_rcv_skb(sk, skb);
78 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
83 struct mgmt_ev_cmd_complete *ev;
86 BT_DBG("sock %p", sk);
88 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
92 hdr = (void *) skb_put(skb, sizeof(*hdr));
94 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
95 hdr->index = cpu_to_le16(index);
96 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
98 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
99 put_unaligned_le16(cmd, &ev->opcode);
102 memcpy(ev->data, rp, rp_len);
104 err = sock_queue_rcv_skb(sk, skb);
111 static int read_version(struct sock *sk)
113 struct mgmt_rp_read_version rp;
115 BT_DBG("sock %p", sk);
117 rp.version = MGMT_VERSION;
118 put_unaligned_le16(MGMT_REVISION, &rp.revision);
120 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
124 static int read_index_list(struct sock *sk)
126 struct mgmt_rp_read_index_list *rp;
133 BT_DBG("sock %p", sk);
135 read_lock(&hci_dev_list_lock);
138 list_for_each(p, &hci_dev_list) {
142 rp_len = sizeof(*rp) + (2 * count);
143 rp = kmalloc(rp_len, GFP_ATOMIC);
145 read_unlock(&hci_dev_list_lock);
149 put_unaligned_le16(count, &rp->num_controllers);
152 list_for_each_entry(d, &hci_dev_list, list) {
153 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
154 cancel_delayed_work_sync(&d->power_off);
156 if (test_bit(HCI_SETUP, &d->flags))
159 put_unaligned_le16(d->id, &rp->index[i++]);
160 BT_DBG("Added hci%u", d->id);
163 read_unlock(&hci_dev_list_lock);
165 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
173 static int read_controller_info(struct sock *sk, u16 index)
175 struct mgmt_rp_read_info rp;
176 struct hci_dev *hdev;
178 BT_DBG("sock %p hci%u", sk, index);
180 hdev = hci_dev_get(index);
182 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
184 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
185 cancel_delayed_work_sync(&hdev->power_off);
187 hci_dev_lock_bh(hdev);
189 set_bit(HCI_MGMT, &hdev->flags);
191 memset(&rp, 0, sizeof(rp));
193 rp.type = hdev->dev_type;
195 rp.powered = test_bit(HCI_UP, &hdev->flags);
196 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
197 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
198 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
200 if (test_bit(HCI_AUTH, &hdev->flags))
202 else if (hdev->ssp_mode > 0)
207 bacpy(&rp.bdaddr, &hdev->bdaddr);
208 memcpy(rp.features, hdev->features, 8);
209 memcpy(rp.dev_class, hdev->dev_class, 3);
210 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
211 rp.hci_ver = hdev->hci_ver;
212 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
214 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
216 hci_dev_unlock_bh(hdev);
219 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
222 static void mgmt_pending_free(struct pending_cmd *cmd)
229 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
230 u16 index, void *data, u16 len)
232 struct pending_cmd *cmd;
234 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
238 cmd->opcode = opcode;
241 cmd->param = kmalloc(len, GFP_ATOMIC);
248 memcpy(cmd->param, data, len);
253 list_add(&cmd->list, &cmd_list);
258 static void mgmt_pending_foreach(u16 opcode, int index,
259 void (*cb)(struct pending_cmd *cmd, void *data),
262 struct list_head *p, *n;
264 list_for_each_safe(p, n, &cmd_list) {
265 struct pending_cmd *cmd;
267 cmd = list_entry(p, struct pending_cmd, list);
269 if (opcode > 0 && cmd->opcode != opcode)
272 if (index >= 0 && cmd->index != index)
279 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
281 struct pending_cmd *cmd;
283 list_for_each_entry(cmd, &cmd_list, list) {
284 if (cmd->opcode != opcode)
287 if (index >= 0 && cmd->index != index)
296 static void mgmt_pending_remove(struct pending_cmd *cmd)
298 list_del(&cmd->list);
299 mgmt_pending_free(cmd);
302 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
304 struct mgmt_mode *cp;
305 struct hci_dev *hdev;
306 struct pending_cmd *cmd;
311 BT_DBG("request for hci%u", index);
313 if (len != sizeof(*cp))
314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
316 hdev = hci_dev_get(index);
318 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
320 hci_dev_lock_bh(hdev);
322 up = test_bit(HCI_UP, &hdev->flags);
323 if ((cp->val && up) || (!cp->val && !up)) {
324 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
328 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
329 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
333 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
340 queue_work(hdev->workqueue, &hdev->power_on);
342 queue_work(hdev->workqueue, &hdev->power_off.work);
347 hci_dev_unlock_bh(hdev);
352 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
355 struct mgmt_cp_set_discoverable *cp;
356 struct hci_dev *hdev;
357 struct pending_cmd *cmd;
363 BT_DBG("request for hci%u", index);
365 if (len != sizeof(*cp))
366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
368 hdev = hci_dev_get(index);
370 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
372 hci_dev_lock_bh(hdev);
374 if (!test_bit(HCI_UP, &hdev->flags)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
379 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
380 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
385 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
386 test_bit(HCI_PSCAN, &hdev->flags)) {
387 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
391 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
400 scan |= SCAN_INQUIRY;
402 cancel_delayed_work_sync(&hdev->discov_off);
404 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
406 mgmt_pending_remove(cmd);
409 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
412 hci_dev_unlock_bh(hdev);
418 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
421 struct mgmt_mode *cp;
422 struct hci_dev *hdev;
423 struct pending_cmd *cmd;
429 BT_DBG("request for hci%u", index);
431 if (len != sizeof(*cp))
432 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
434 hdev = hci_dev_get(index);
436 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
438 hci_dev_lock_bh(hdev);
440 if (!test_bit(HCI_UP, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
445 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
446 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
447 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
451 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
452 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
456 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
467 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
469 mgmt_pending_remove(cmd);
472 hci_dev_unlock_bh(hdev);
478 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
479 struct sock *skip_sk)
482 struct mgmt_hdr *hdr;
484 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
488 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
490 hdr = (void *) skb_put(skb, sizeof(*hdr));
491 hdr->opcode = cpu_to_le16(event);
492 hdr->index = cpu_to_le16(index);
493 hdr->len = cpu_to_le16(data_len);
496 memcpy(skb_put(skb, data_len), data, data_len);
498 hci_send_to_sock(NULL, skb, skip_sk);
504 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
510 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
513 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
516 struct mgmt_mode *cp, ev;
517 struct hci_dev *hdev;
522 BT_DBG("request for hci%u", index);
524 if (len != sizeof(*cp))
525 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
527 hdev = hci_dev_get(index);
529 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
531 hci_dev_lock_bh(hdev);
534 set_bit(HCI_PAIRABLE, &hdev->flags);
536 clear_bit(HCI_PAIRABLE, &hdev->flags);
538 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
544 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
547 hci_dev_unlock_bh(hdev);
553 #define EIR_FLAGS 0x01 /* flags */
554 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
555 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
556 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
557 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
558 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
559 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
560 #define EIR_NAME_SHORT 0x08 /* shortened local name */
561 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
562 #define EIR_TX_POWER 0x0A /* transmit power level */
563 #define EIR_DEVICE_ID 0x10 /* device ID */
565 #define PNP_INFO_SVCLASS_ID 0x1200
567 static u8 bluetooth_base_uuid[] = {
568 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
569 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
572 static u16 get_uuid16(u8 *uuid128)
577 for (i = 0; i < 12; i++) {
578 if (bluetooth_base_uuid[i] != uuid128[i])
582 memcpy(&val, &uuid128[12], 4);
584 val = le32_to_cpu(val);
591 static void create_eir(struct hci_dev *hdev, u8 *data)
595 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
596 int i, truncated = 0;
597 struct bt_uuid *uuid;
600 name_len = strlen(hdev->dev_name);
606 ptr[1] = EIR_NAME_SHORT;
608 ptr[1] = EIR_NAME_COMPLETE;
610 /* EIR Data length */
611 ptr[0] = name_len + 1;
613 memcpy(ptr + 2, hdev->dev_name, name_len);
615 eir_len += (name_len + 2);
616 ptr += (name_len + 2);
619 memset(uuid16_list, 0, sizeof(uuid16_list));
621 /* Group all UUID16 types */
622 list_for_each_entry(uuid, &hdev->uuids, list) {
625 uuid16 = get_uuid16(uuid->uuid);
632 if (uuid16 == PNP_INFO_SVCLASS_ID)
635 /* Stop if not enough space to put next UUID */
636 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
641 /* Check for duplicates */
642 for (i = 0; uuid16_list[i] != 0; i++)
643 if (uuid16_list[i] == uuid16)
646 if (uuid16_list[i] == 0) {
647 uuid16_list[i] = uuid16;
648 eir_len += sizeof(u16);
652 if (uuid16_list[0] != 0) {
656 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
661 for (i = 0; uuid16_list[i] != 0; i++) {
662 *ptr++ = (uuid16_list[i] & 0x00ff);
663 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
666 /* EIR Data length */
667 *length = (i * sizeof(u16)) + 1;
671 static int update_eir(struct hci_dev *hdev)
673 struct hci_cp_write_eir cp;
675 if (!(hdev->features[6] & LMP_EXT_INQ))
678 if (hdev->ssp_mode == 0)
681 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
684 memset(&cp, 0, sizeof(cp));
686 create_eir(hdev, cp.data);
688 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
691 memcpy(hdev->eir, cp.data, sizeof(cp.data));
693 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
696 static u8 get_service_classes(struct hci_dev *hdev)
698 struct bt_uuid *uuid;
701 list_for_each_entry(uuid, &hdev->uuids, list)
702 val |= uuid->svc_hint;
707 static int update_class(struct hci_dev *hdev)
711 BT_DBG("%s", hdev->name);
713 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
716 cod[0] = hdev->minor_class;
717 cod[1] = hdev->major_class;
718 cod[2] = get_service_classes(hdev);
720 if (memcmp(cod, hdev->dev_class, 3) == 0)
723 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
726 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
728 struct mgmt_cp_add_uuid *cp;
729 struct hci_dev *hdev;
730 struct bt_uuid *uuid;
735 BT_DBG("request for hci%u", index);
737 if (len != sizeof(*cp))
738 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
740 hdev = hci_dev_get(index);
742 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
744 hci_dev_lock_bh(hdev);
746 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
752 memcpy(uuid->uuid, cp->uuid, 16);
753 uuid->svc_hint = cp->svc_hint;
755 list_add(&uuid->list, &hdev->uuids);
757 err = update_class(hdev);
761 err = update_eir(hdev);
765 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
768 hci_dev_unlock_bh(hdev);
774 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
776 struct list_head *p, *n;
777 struct mgmt_cp_remove_uuid *cp;
778 struct hci_dev *hdev;
779 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
784 BT_DBG("request for hci%u", index);
786 if (len != sizeof(*cp))
787 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
789 hdev = hci_dev_get(index);
791 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
793 hci_dev_lock_bh(hdev);
795 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
796 err = hci_uuids_clear(hdev);
802 list_for_each_safe(p, n, &hdev->uuids) {
803 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
805 if (memcmp(match->uuid, cp->uuid, 16) != 0)
808 list_del(&match->list);
813 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
817 err = update_class(hdev);
821 err = update_eir(hdev);
825 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
828 hci_dev_unlock_bh(hdev);
834 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
837 struct hci_dev *hdev;
838 struct mgmt_cp_set_dev_class *cp;
843 BT_DBG("request for hci%u", index);
845 if (len != sizeof(*cp))
846 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
848 hdev = hci_dev_get(index);
850 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
852 hci_dev_lock_bh(hdev);
854 hdev->major_class = cp->major;
855 hdev->minor_class = cp->minor;
857 err = update_class(hdev);
860 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
862 hci_dev_unlock_bh(hdev);
868 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
871 struct hci_dev *hdev;
872 struct mgmt_cp_set_service_cache *cp;
877 if (len != sizeof(*cp))
878 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
880 hdev = hci_dev_get(index);
882 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
884 hci_dev_lock_bh(hdev);
886 BT_DBG("hci%u enable %d", index, cp->enable);
889 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
892 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
893 err = update_class(hdev);
895 err = update_eir(hdev);
899 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
902 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
905 hci_dev_unlock_bh(hdev);
911 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
914 struct hci_dev *hdev;
915 struct mgmt_cp_load_link_keys *cp;
916 u16 key_count, expected_len;
921 if (len < sizeof(*cp))
922 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
924 key_count = get_unaligned_le16(&cp->key_count);
926 expected_len = sizeof(*cp) + key_count *
927 sizeof(struct mgmt_link_key_info);
928 if (expected_len != len) {
929 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
931 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
934 hdev = hci_dev_get(index);
936 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
938 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
941 hci_dev_lock_bh(hdev);
943 hci_link_keys_clear(hdev);
945 set_bit(HCI_LINK_KEYS, &hdev->flags);
948 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
950 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
952 for (i = 0; i < key_count; i++) {
953 struct mgmt_link_key_info *key = &cp->keys[i];
955 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
959 hci_dev_unlock_bh(hdev);
965 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
968 struct hci_dev *hdev;
969 struct mgmt_cp_remove_keys *cp;
970 struct hci_conn *conn;
975 if (len != sizeof(*cp))
976 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
978 hdev = hci_dev_get(index);
980 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
982 hci_dev_lock_bh(hdev);
984 err = hci_remove_link_key(hdev, &cp->bdaddr);
986 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
992 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
995 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
997 struct hci_cp_disconnect dc;
999 put_unaligned_le16(conn->handle, &dc.handle);
1000 dc.reason = 0x13; /* Remote User Terminated Connection */
1001 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1005 hci_dev_unlock_bh(hdev);
1011 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1013 struct hci_dev *hdev;
1014 struct mgmt_cp_disconnect *cp;
1015 struct hci_cp_disconnect dc;
1016 struct pending_cmd *cmd;
1017 struct hci_conn *conn;
1024 if (len != sizeof(*cp))
1025 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1027 hdev = hci_dev_get(index);
1029 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1031 hci_dev_lock_bh(hdev);
1033 if (!test_bit(HCI_UP, &hdev->flags)) {
1034 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1038 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1039 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1043 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1045 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1048 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1052 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1058 put_unaligned_le16(conn->handle, &dc.handle);
1059 dc.reason = 0x13; /* Remote User Terminated Connection */
1061 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1063 mgmt_pending_remove(cmd);
1066 hci_dev_unlock_bh(hdev);
1072 static u8 link_to_mgmt(u8 link_type)
1074 switch (link_type) {
1076 return MGMT_ADDR_LE;
1078 return MGMT_ADDR_BREDR;
1080 return MGMT_ADDR_INVALID;
1084 static int get_connections(struct sock *sk, u16 index)
1086 struct mgmt_rp_get_connections *rp;
1087 struct hci_dev *hdev;
1089 struct list_head *p;
1096 hdev = hci_dev_get(index);
1098 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1100 hci_dev_lock_bh(hdev);
1103 list_for_each(p, &hdev->conn_hash.list) {
1107 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1108 rp = kmalloc(rp_len, GFP_ATOMIC);
1114 put_unaligned_le16(count, &rp->conn_count);
1117 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1118 bacpy(&rp->addr[i].bdaddr, &c->dst);
1119 rp->addr[i].type = link_to_mgmt(c->type);
1120 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1125 /* Recalculate length in case of filtered SCO connections, etc */
1126 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1128 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1132 hci_dev_unlock_bh(hdev);
1137 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1138 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1140 struct pending_cmd *cmd;
1143 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1148 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1151 mgmt_pending_remove(cmd);
1156 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1159 struct hci_dev *hdev;
1160 struct hci_conn *conn;
1161 struct mgmt_cp_pin_code_reply *cp;
1162 struct mgmt_cp_pin_code_neg_reply ncp;
1163 struct hci_cp_pin_code_reply reply;
1164 struct pending_cmd *cmd;
1171 if (len != sizeof(*cp))
1172 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1174 hdev = hci_dev_get(index);
1176 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1178 hci_dev_lock_bh(hdev);
1180 if (!test_bit(HCI_UP, &hdev->flags)) {
1181 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1185 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1187 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1191 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1192 bacpy(&ncp.bdaddr, &cp->bdaddr);
1194 BT_ERR("PIN code is not 16 bytes long");
1196 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1198 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1204 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1210 bacpy(&reply.bdaddr, &cp->bdaddr);
1211 reply.pin_len = cp->pin_len;
1212 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1214 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1216 mgmt_pending_remove(cmd);
1219 hci_dev_unlock_bh(hdev);
1225 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1228 struct hci_dev *hdev;
1229 struct mgmt_cp_pin_code_neg_reply *cp;
1236 if (len != sizeof(*cp))
1237 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1240 hdev = hci_dev_get(index);
1242 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1245 hci_dev_lock_bh(hdev);
1247 if (!test_bit(HCI_UP, &hdev->flags)) {
1248 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1253 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1256 hci_dev_unlock_bh(hdev);
1262 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1265 struct hci_dev *hdev;
1266 struct mgmt_cp_set_io_capability *cp;
1272 if (len != sizeof(*cp))
1273 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1275 hdev = hci_dev_get(index);
1277 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1279 hci_dev_lock_bh(hdev);
1281 hdev->io_capability = cp->io_capability;
1283 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1284 hdev->io_capability);
1286 hci_dev_unlock_bh(hdev);
1289 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1292 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1294 struct hci_dev *hdev = conn->hdev;
1295 struct pending_cmd *cmd;
1297 list_for_each_entry(cmd, &cmd_list, list) {
1298 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1301 if (cmd->index != hdev->id)
1304 if (cmd->user_data != conn)
1313 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1315 struct mgmt_rp_pair_device rp;
1316 struct hci_conn *conn = cmd->user_data;
1318 bacpy(&rp.bdaddr, &conn->dst);
1321 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1323 /* So we don't get further callbacks for this connection */
1324 conn->connect_cfm_cb = NULL;
1325 conn->security_cfm_cb = NULL;
1326 conn->disconn_cfm_cb = NULL;
1330 mgmt_pending_remove(cmd);
1333 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1335 struct pending_cmd *cmd;
1337 BT_DBG("status %u", status);
1339 cmd = find_pairing(conn);
1341 BT_DBG("Unable to find a pending command");
1345 pairing_complete(cmd, status);
1348 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1350 struct hci_dev *hdev;
1351 struct mgmt_cp_pair_device *cp;
1352 struct pending_cmd *cmd;
1353 struct adv_entry *entry;
1354 u8 sec_level, auth_type;
1355 struct hci_conn *conn;
1362 if (len != sizeof(*cp))
1363 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1365 hdev = hci_dev_get(index);
1367 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1369 hci_dev_lock_bh(hdev);
1371 sec_level = BT_SECURITY_MEDIUM;
1372 if (cp->io_cap == 0x03)
1373 auth_type = HCI_AT_DEDICATED_BONDING;
1375 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1377 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1379 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1382 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1386 err = PTR_ERR(conn);
1390 if (conn->connect_cfm_cb) {
1392 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1396 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1403 /* For LE, just connecting isn't a proof that the pairing finished */
1405 conn->connect_cfm_cb = pairing_complete_cb;
1407 conn->security_cfm_cb = pairing_complete_cb;
1408 conn->disconn_cfm_cb = pairing_complete_cb;
1409 conn->io_capability = cp->io_cap;
1410 cmd->user_data = conn;
1412 if (conn->state == BT_CONNECTED &&
1413 hci_conn_security(conn, sec_level, auth_type))
1414 pairing_complete(cmd, 0);
1419 hci_dev_unlock_bh(hdev);
1425 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1426 u16 len, int success)
1428 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1429 u16 mgmt_op, hci_op;
1430 struct pending_cmd *cmd;
1431 struct hci_dev *hdev;
1437 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1438 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1440 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1441 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1444 if (len != sizeof(*cp))
1445 return cmd_status(sk, index, mgmt_op, EINVAL);
1447 hdev = hci_dev_get(index);
1449 return cmd_status(sk, index, mgmt_op, ENODEV);
1451 hci_dev_lock_bh(hdev);
1453 if (!test_bit(HCI_UP, &hdev->flags)) {
1454 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1458 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1464 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1466 mgmt_pending_remove(cmd);
1469 hci_dev_unlock_bh(hdev);
1475 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1478 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1479 struct hci_cp_write_local_name hci_cp;
1480 struct hci_dev *hdev;
1481 struct pending_cmd *cmd;
1486 if (len != sizeof(*mgmt_cp))
1487 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1489 hdev = hci_dev_get(index);
1491 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1493 hci_dev_lock_bh(hdev);
1495 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1501 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1502 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1505 mgmt_pending_remove(cmd);
1508 hci_dev_unlock_bh(hdev);
1514 static int read_local_oob_data(struct sock *sk, u16 index)
1516 struct hci_dev *hdev;
1517 struct pending_cmd *cmd;
1520 BT_DBG("hci%u", index);
1522 hdev = hci_dev_get(index);
1524 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1527 hci_dev_lock_bh(hdev);
1529 if (!test_bit(HCI_UP, &hdev->flags)) {
1530 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1535 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1536 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1541 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1542 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1546 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1552 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1554 mgmt_pending_remove(cmd);
1557 hci_dev_unlock_bh(hdev);
1563 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1566 struct hci_dev *hdev;
1567 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1570 BT_DBG("hci%u ", index);
1572 if (len != sizeof(*cp))
1573 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1576 hdev = hci_dev_get(index);
1578 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1581 hci_dev_lock_bh(hdev);
1583 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1586 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1588 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1591 hci_dev_unlock_bh(hdev);
1597 static int remove_remote_oob_data(struct sock *sk, u16 index,
1598 unsigned char *data, u16 len)
1600 struct hci_dev *hdev;
1601 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1604 BT_DBG("hci%u ", index);
1606 if (len != sizeof(*cp))
1607 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1610 hdev = hci_dev_get(index);
1612 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1615 hci_dev_lock_bh(hdev);
1617 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1619 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1622 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1625 hci_dev_unlock_bh(hdev);
1631 static int start_discovery(struct sock *sk, u16 index)
1633 struct pending_cmd *cmd;
1634 struct hci_dev *hdev;
1637 BT_DBG("hci%u", index);
1639 hdev = hci_dev_get(index);
1641 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1643 hci_dev_lock_bh(hdev);
1645 if (!test_bit(HCI_UP, &hdev->flags)) {
1646 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1650 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1656 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1658 mgmt_pending_remove(cmd);
1661 hci_dev_unlock_bh(hdev);
1667 static int stop_discovery(struct sock *sk, u16 index)
1669 struct hci_dev *hdev;
1670 struct pending_cmd *cmd;
1673 BT_DBG("hci%u", index);
1675 hdev = hci_dev_get(index);
1677 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1679 hci_dev_lock_bh(hdev);
1681 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1687 err = hci_cancel_inquiry(hdev);
1689 mgmt_pending_remove(cmd);
1692 hci_dev_unlock_bh(hdev);
1698 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1701 struct hci_dev *hdev;
1702 struct mgmt_cp_block_device *cp = (void *) data;
1705 BT_DBG("hci%u", index);
1707 if (len != sizeof(*cp))
1708 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1711 hdev = hci_dev_get(index);
1713 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1716 hci_dev_lock_bh(hdev);
1718 err = hci_blacklist_add(hdev, &cp->bdaddr);
1720 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1722 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1725 hci_dev_unlock_bh(hdev);
1731 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1734 struct hci_dev *hdev;
1735 struct mgmt_cp_unblock_device *cp = (void *) data;
1738 BT_DBG("hci%u", index);
1740 if (len != sizeof(*cp))
1741 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1744 hdev = hci_dev_get(index);
1746 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1749 hci_dev_lock_bh(hdev);
1751 err = hci_blacklist_del(hdev, &cp->bdaddr);
1754 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1756 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1759 hci_dev_unlock_bh(hdev);
1765 static int set_fast_connectable(struct sock *sk, u16 index,
1766 unsigned char *data, u16 len)
1768 struct hci_dev *hdev;
1769 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1770 struct hci_cp_write_page_scan_activity acp;
1774 BT_DBG("hci%u", index);
1776 if (len != sizeof(*cp))
1777 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1780 hdev = hci_dev_get(index);
1782 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1788 type = PAGE_SCAN_TYPE_INTERLACED;
1789 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1791 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1792 acp.interval = 0x0800; /* default 1.28 sec page scan */
1795 acp.window = 0x0012; /* default 11.25 msec page scan window */
1797 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1800 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1805 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1807 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1812 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1815 hci_dev_unlock(hdev);
1821 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1824 struct mgmt_hdr *hdr;
1825 u16 opcode, index, len;
1828 BT_DBG("got %zu bytes", msglen);
1830 if (msglen < sizeof(*hdr))
1833 buf = kmalloc(msglen, GFP_KERNEL);
1837 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1842 hdr = (struct mgmt_hdr *) buf;
1843 opcode = get_unaligned_le16(&hdr->opcode);
1844 index = get_unaligned_le16(&hdr->index);
1845 len = get_unaligned_le16(&hdr->len);
1847 if (len != msglen - sizeof(*hdr)) {
1853 case MGMT_OP_READ_VERSION:
1854 err = read_version(sk);
1856 case MGMT_OP_READ_INDEX_LIST:
1857 err = read_index_list(sk);
1859 case MGMT_OP_READ_INFO:
1860 err = read_controller_info(sk, index);
1862 case MGMT_OP_SET_POWERED:
1863 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1865 case MGMT_OP_SET_DISCOVERABLE:
1866 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1868 case MGMT_OP_SET_CONNECTABLE:
1869 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1871 case MGMT_OP_SET_PAIRABLE:
1872 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1874 case MGMT_OP_ADD_UUID:
1875 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1877 case MGMT_OP_REMOVE_UUID:
1878 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1880 case MGMT_OP_SET_DEV_CLASS:
1881 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1883 case MGMT_OP_SET_SERVICE_CACHE:
1884 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1886 case MGMT_OP_LOAD_LINK_KEYS:
1887 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1889 case MGMT_OP_REMOVE_KEYS:
1890 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1892 case MGMT_OP_DISCONNECT:
1893 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1895 case MGMT_OP_GET_CONNECTIONS:
1896 err = get_connections(sk, index);
1898 case MGMT_OP_PIN_CODE_REPLY:
1899 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1901 case MGMT_OP_PIN_CODE_NEG_REPLY:
1902 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1904 case MGMT_OP_SET_IO_CAPABILITY:
1905 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1907 case MGMT_OP_PAIR_DEVICE:
1908 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1910 case MGMT_OP_USER_CONFIRM_REPLY:
1911 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1913 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1914 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1916 case MGMT_OP_SET_LOCAL_NAME:
1917 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1919 case MGMT_OP_READ_LOCAL_OOB_DATA:
1920 err = read_local_oob_data(sk, index);
1922 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1923 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1925 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1926 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1929 case MGMT_OP_START_DISCOVERY:
1930 err = start_discovery(sk, index);
1932 case MGMT_OP_STOP_DISCOVERY:
1933 err = stop_discovery(sk, index);
1935 case MGMT_OP_BLOCK_DEVICE:
1936 err = block_device(sk, index, buf + sizeof(*hdr), len);
1938 case MGMT_OP_UNBLOCK_DEVICE:
1939 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1941 case MGMT_OP_SET_FAST_CONNECTABLE:
1942 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1946 BT_DBG("Unknown op %u", opcode);
1947 err = cmd_status(sk, index, opcode, 0x01);
1961 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1965 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1966 mgmt_pending_remove(cmd);
1969 int mgmt_index_added(u16 index)
1971 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1974 int mgmt_index_removed(u16 index)
1978 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
1980 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1988 static void mode_rsp(struct pending_cmd *cmd, void *data)
1990 struct mgmt_mode *cp = cmd->param;
1991 struct cmd_lookup *match = data;
1993 if (cp->val != match->val)
1996 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1998 list_del(&cmd->list);
2000 if (match->sk == NULL) {
2001 match->sk = cmd->sk;
2002 sock_hold(match->sk);
2005 mgmt_pending_free(cmd);
2008 int mgmt_powered(u16 index, u8 powered)
2010 struct mgmt_mode ev;
2011 struct cmd_lookup match = { powered, NULL };
2014 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2017 u8 status = ENETDOWN;
2018 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
2023 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2031 int mgmt_discoverable(u16 index, u8 discoverable)
2033 struct mgmt_mode ev;
2034 struct cmd_lookup match = { discoverable, NULL };
2037 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2039 ev.val = discoverable;
2041 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2050 int mgmt_connectable(u16 index, u8 connectable)
2052 struct mgmt_mode ev;
2053 struct cmd_lookup match = { connectable, NULL };
2056 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2058 ev.val = connectable;
2060 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2068 int mgmt_write_scan_failed(u16 index, u8 scan, u8 status)
2070 if (scan & SCAN_PAGE)
2071 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index,
2072 cmd_status_rsp, &status);
2074 if (scan & SCAN_INQUIRY)
2075 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index,
2076 cmd_status_rsp, &status);
2081 int mgmt_new_link_key(u16 index, struct link_key *key, u8 persistent)
2083 struct mgmt_ev_new_link_key ev;
2085 memset(&ev, 0, sizeof(ev));
2087 ev.store_hint = persistent;
2088 bacpy(&ev.key.bdaddr, &key->bdaddr);
2089 ev.key.type = key->type;
2090 memcpy(ev.key.val, key->val, 16);
2091 ev.key.pin_len = key->pin_len;
2093 return mgmt_event(MGMT_EV_NEW_LINK_KEY, index, &ev, sizeof(ev), NULL);
2096 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2098 struct mgmt_addr_info ev;
2100 bacpy(&ev.bdaddr, bdaddr);
2101 ev.type = link_to_mgmt(link_type);
2103 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2106 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2108 struct mgmt_cp_disconnect *cp = cmd->param;
2109 struct sock **sk = data;
2110 struct mgmt_rp_disconnect rp;
2112 bacpy(&rp.bdaddr, &cp->bdaddr);
2114 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2119 mgmt_pending_remove(cmd);
2122 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr, u8 type)
2124 struct mgmt_addr_info ev;
2125 struct sock *sk = NULL;
2128 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2130 bacpy(&ev.bdaddr, bdaddr);
2131 ev.type = link_to_mgmt(type);
2133 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2141 int mgmt_disconnect_failed(u16 index)
2143 struct pending_cmd *cmd;
2146 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2150 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2152 mgmt_pending_remove(cmd);
2157 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 type, u8 status)
2159 struct mgmt_ev_connect_failed ev;
2161 bacpy(&ev.addr.bdaddr, bdaddr);
2162 ev.addr.type = link_to_mgmt(type);
2165 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2168 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2170 struct mgmt_ev_pin_code_request ev;
2172 bacpy(&ev.bdaddr, bdaddr);
2175 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2179 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2181 struct pending_cmd *cmd;
2182 struct mgmt_rp_pin_code_reply rp;
2185 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2189 bacpy(&rp.bdaddr, bdaddr);
2192 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2195 mgmt_pending_remove(cmd);
2200 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2202 struct pending_cmd *cmd;
2203 struct mgmt_rp_pin_code_reply rp;
2206 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2210 bacpy(&rp.bdaddr, bdaddr);
2213 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2216 mgmt_pending_remove(cmd);
2221 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2224 struct mgmt_ev_user_confirm_request ev;
2226 BT_DBG("hci%u", index);
2228 bacpy(&ev.bdaddr, bdaddr);
2229 ev.confirm_hint = confirm_hint;
2230 put_unaligned_le32(value, &ev.value);
2232 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2236 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2239 struct pending_cmd *cmd;
2240 struct mgmt_rp_user_confirm_reply rp;
2243 cmd = mgmt_pending_find(opcode, index);
2247 bacpy(&rp.bdaddr, bdaddr);
2249 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2251 mgmt_pending_remove(cmd);
2256 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2258 return confirm_reply_complete(index, bdaddr, status,
2259 MGMT_OP_USER_CONFIRM_REPLY);
2262 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2264 return confirm_reply_complete(index, bdaddr, status,
2265 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2268 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2270 struct mgmt_ev_auth_failed ev;
2272 bacpy(&ev.bdaddr, bdaddr);
2275 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2278 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2280 struct pending_cmd *cmd;
2281 struct hci_dev *hdev;
2282 struct mgmt_cp_set_local_name ev;
2285 memset(&ev, 0, sizeof(ev));
2286 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2288 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2293 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2297 hdev = hci_dev_get(index);
2299 hci_dev_lock_bh(hdev);
2301 hci_dev_unlock_bh(hdev);
2305 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2311 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2312 cmd ? cmd->sk : NULL);
2316 mgmt_pending_remove(cmd);
2320 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2323 struct pending_cmd *cmd;
2326 BT_DBG("hci%u status %u", index, status);
2328 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2333 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2336 struct mgmt_rp_read_local_oob_data rp;
2338 memcpy(rp.hash, hash, sizeof(rp.hash));
2339 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2341 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2345 mgmt_pending_remove(cmd);
2350 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 type, u8 *dev_class,
2353 struct mgmt_ev_device_found ev;
2355 memset(&ev, 0, sizeof(ev));
2357 bacpy(&ev.addr.bdaddr, bdaddr);
2358 ev.addr.type = link_to_mgmt(type);
2362 memcpy(ev.eir, eir, sizeof(ev.eir));
2365 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2367 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2370 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2372 struct mgmt_ev_remote_name ev;
2374 memset(&ev, 0, sizeof(ev));
2376 bacpy(&ev.bdaddr, bdaddr);
2377 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2379 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2382 int mgmt_inquiry_failed(u16 index, u8 status)
2384 struct pending_cmd *cmd;
2387 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2391 err = cmd_status(cmd->sk, index, cmd->opcode, status);
2392 mgmt_pending_remove(cmd);
2397 int mgmt_discovering(u16 index, u8 discovering)
2399 struct pending_cmd *cmd;
2402 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2404 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
2407 cmd_complete(cmd->sk, index, cmd->opcode, NULL, 0);
2408 mgmt_pending_remove(cmd);
2411 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2412 sizeof(discovering), NULL);
2415 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2417 struct pending_cmd *cmd;
2418 struct mgmt_ev_device_blocked ev;
2420 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2422 bacpy(&ev.bdaddr, bdaddr);
2424 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2425 cmd ? cmd->sk : NULL);
2428 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2430 struct pending_cmd *cmd;
2431 struct mgmt_ev_device_unblocked ev;
2433 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2435 bacpy(&ev.bdaddr, bdaddr);
2437 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2438 cmd ? cmd->sk : NULL);
projects / ~andy / linux / blob