2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static LIST_HEAD(cmd_list);
48 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
52 struct mgmt_ev_cmd_status *ev;
55 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
57 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
61 hdr = (void *) skb_put(skb, sizeof(*hdr));
63 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
64 hdr->index = cpu_to_le16(index);
65 hdr->len = cpu_to_le16(sizeof(*ev));
67 ev = (void *) skb_put(skb, sizeof(*ev));
69 put_unaligned_le16(cmd, &ev->opcode);
71 err = sock_queue_rcv_skb(sk, skb);
78 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
83 struct mgmt_ev_cmd_complete *ev;
86 BT_DBG("sock %p", sk);
88 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
92 hdr = (void *) skb_put(skb, sizeof(*hdr));
94 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
95 hdr->index = cpu_to_le16(index);
96 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
98 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
99 put_unaligned_le16(cmd, &ev->opcode);
102 memcpy(ev->data, rp, rp_len);
104 err = sock_queue_rcv_skb(sk, skb);
111 static int read_version(struct sock *sk)
113 struct mgmt_rp_read_version rp;
115 BT_DBG("sock %p", sk);
117 rp.version = MGMT_VERSION;
118 put_unaligned_le16(MGMT_REVISION, &rp.revision);
120 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
124 static int read_index_list(struct sock *sk)
126 struct mgmt_rp_read_index_list *rp;
133 BT_DBG("sock %p", sk);
135 read_lock(&hci_dev_list_lock);
138 list_for_each(p, &hci_dev_list) {
142 rp_len = sizeof(*rp) + (2 * count);
143 rp = kmalloc(rp_len, GFP_ATOMIC);
145 read_unlock(&hci_dev_list_lock);
149 put_unaligned_le16(count, &rp->num_controllers);
152 list_for_each_entry(d, &hci_dev_list, list) {
153 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
154 cancel_delayed_work_sync(&d->power_off);
156 if (test_bit(HCI_SETUP, &d->flags))
159 put_unaligned_le16(d->id, &rp->index[i++]);
160 BT_DBG("Added hci%u", d->id);
163 read_unlock(&hci_dev_list_lock);
165 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
173 static int read_controller_info(struct sock *sk, u16 index)
175 struct mgmt_rp_read_info rp;
176 struct hci_dev *hdev;
178 BT_DBG("sock %p hci%u", sk, index);
180 hdev = hci_dev_get(index);
182 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
184 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
185 cancel_delayed_work_sync(&hdev->power_off);
187 hci_dev_lock_bh(hdev);
189 set_bit(HCI_MGMT, &hdev->flags);
191 memset(&rp, 0, sizeof(rp));
193 rp.type = hdev->dev_type;
195 rp.powered = test_bit(HCI_UP, &hdev->flags);
196 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
197 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
198 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
200 if (test_bit(HCI_AUTH, &hdev->flags))
202 else if (hdev->ssp_mode > 0)
207 bacpy(&rp.bdaddr, &hdev->bdaddr);
208 memcpy(rp.features, hdev->features, 8);
209 memcpy(rp.dev_class, hdev->dev_class, 3);
210 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
211 rp.hci_ver = hdev->hci_ver;
212 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
214 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
216 hci_dev_unlock_bh(hdev);
219 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
222 static void mgmt_pending_free(struct pending_cmd *cmd)
229 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
230 u16 index, void *data, u16 len)
232 struct pending_cmd *cmd;
234 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
238 cmd->opcode = opcode;
241 cmd->param = kmalloc(len, GFP_ATOMIC);
248 memcpy(cmd->param, data, len);
253 list_add(&cmd->list, &cmd_list);
258 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
259 void (*cb)(struct pending_cmd *cmd, void *data),
262 struct list_head *p, *n;
264 list_for_each_safe(p, n, &cmd_list) {
265 struct pending_cmd *cmd;
267 cmd = list_entry(p, struct pending_cmd, list);
269 if (opcode > 0 && cmd->opcode != opcode)
272 if (hdev && cmd->index != hdev->id)
279 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
281 struct pending_cmd *cmd;
283 list_for_each_entry(cmd, &cmd_list, list) {
284 if (cmd->opcode != opcode)
287 if (index >= 0 && cmd->index != index)
296 static void mgmt_pending_remove(struct pending_cmd *cmd)
298 list_del(&cmd->list);
299 mgmt_pending_free(cmd);
302 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
304 struct mgmt_mode *cp;
305 struct hci_dev *hdev;
306 struct pending_cmd *cmd;
311 BT_DBG("request for hci%u", index);
313 if (len != sizeof(*cp))
314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
316 hdev = hci_dev_get(index);
318 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
320 hci_dev_lock_bh(hdev);
322 up = test_bit(HCI_UP, &hdev->flags);
323 if ((cp->val && up) || (!cp->val && !up)) {
324 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
328 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
329 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
333 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
340 queue_work(hdev->workqueue, &hdev->power_on);
342 queue_work(hdev->workqueue, &hdev->power_off.work);
347 hci_dev_unlock_bh(hdev);
352 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
355 struct mgmt_cp_set_discoverable *cp;
356 struct hci_dev *hdev;
357 struct pending_cmd *cmd;
363 BT_DBG("request for hci%u", index);
365 if (len != sizeof(*cp))
366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
368 hdev = hci_dev_get(index);
370 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
372 hci_dev_lock_bh(hdev);
374 if (!test_bit(HCI_UP, &hdev->flags)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
379 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
380 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
385 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
386 test_bit(HCI_PSCAN, &hdev->flags)) {
387 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
391 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
400 scan |= SCAN_INQUIRY;
402 cancel_delayed_work_sync(&hdev->discov_off);
404 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
406 mgmt_pending_remove(cmd);
409 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
412 hci_dev_unlock_bh(hdev);
418 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
421 struct mgmt_mode *cp;
422 struct hci_dev *hdev;
423 struct pending_cmd *cmd;
429 BT_DBG("request for hci%u", index);
431 if (len != sizeof(*cp))
432 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
434 hdev = hci_dev_get(index);
436 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
438 hci_dev_lock_bh(hdev);
440 if (!test_bit(HCI_UP, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
445 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
446 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
447 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
451 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
452 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
456 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
467 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
469 mgmt_pending_remove(cmd);
472 hci_dev_unlock_bh(hdev);
478 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
479 u16 data_len, struct sock *skip_sk)
482 struct mgmt_hdr *hdr;
484 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
488 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
490 hdr = (void *) skb_put(skb, sizeof(*hdr));
491 hdr->opcode = cpu_to_le16(event);
493 hdr->index = cpu_to_le16(hdev->id);
495 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
496 hdr->len = cpu_to_le16(data_len);
499 memcpy(skb_put(skb, data_len), data, data_len);
501 hci_send_to_sock(NULL, skb, skip_sk);
507 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
513 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
516 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
519 struct mgmt_mode *cp, ev;
520 struct hci_dev *hdev;
525 BT_DBG("request for hci%u", index);
527 if (len != sizeof(*cp))
528 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
530 hdev = hci_dev_get(index);
532 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
534 hci_dev_lock_bh(hdev);
537 set_bit(HCI_PAIRABLE, &hdev->flags);
539 clear_bit(HCI_PAIRABLE, &hdev->flags);
541 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
547 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
550 hci_dev_unlock_bh(hdev);
556 #define EIR_FLAGS 0x01 /* flags */
557 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
558 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
559 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
560 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
561 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
562 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
563 #define EIR_NAME_SHORT 0x08 /* shortened local name */
564 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
565 #define EIR_TX_POWER 0x0A /* transmit power level */
566 #define EIR_DEVICE_ID 0x10 /* device ID */
568 #define PNP_INFO_SVCLASS_ID 0x1200
570 static u8 bluetooth_base_uuid[] = {
571 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
572 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
575 static u16 get_uuid16(u8 *uuid128)
580 for (i = 0; i < 12; i++) {
581 if (bluetooth_base_uuid[i] != uuid128[i])
585 memcpy(&val, &uuid128[12], 4);
587 val = le32_to_cpu(val);
594 static void create_eir(struct hci_dev *hdev, u8 *data)
598 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
599 int i, truncated = 0;
600 struct bt_uuid *uuid;
603 name_len = strlen(hdev->dev_name);
609 ptr[1] = EIR_NAME_SHORT;
611 ptr[1] = EIR_NAME_COMPLETE;
613 /* EIR Data length */
614 ptr[0] = name_len + 1;
616 memcpy(ptr + 2, hdev->dev_name, name_len);
618 eir_len += (name_len + 2);
619 ptr += (name_len + 2);
622 memset(uuid16_list, 0, sizeof(uuid16_list));
624 /* Group all UUID16 types */
625 list_for_each_entry(uuid, &hdev->uuids, list) {
628 uuid16 = get_uuid16(uuid->uuid);
635 if (uuid16 == PNP_INFO_SVCLASS_ID)
638 /* Stop if not enough space to put next UUID */
639 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
644 /* Check for duplicates */
645 for (i = 0; uuid16_list[i] != 0; i++)
646 if (uuid16_list[i] == uuid16)
649 if (uuid16_list[i] == 0) {
650 uuid16_list[i] = uuid16;
651 eir_len += sizeof(u16);
655 if (uuid16_list[0] != 0) {
659 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
664 for (i = 0; uuid16_list[i] != 0; i++) {
665 *ptr++ = (uuid16_list[i] & 0x00ff);
666 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
669 /* EIR Data length */
670 *length = (i * sizeof(u16)) + 1;
674 static int update_eir(struct hci_dev *hdev)
676 struct hci_cp_write_eir cp;
678 if (!(hdev->features[6] & LMP_EXT_INQ))
681 if (hdev->ssp_mode == 0)
684 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
687 memset(&cp, 0, sizeof(cp));
689 create_eir(hdev, cp.data);
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
696 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
699 static u8 get_service_classes(struct hci_dev *hdev)
701 struct bt_uuid *uuid;
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
710 static int update_class(struct hci_dev *hdev)
714 BT_DBG("%s", hdev->name);
716 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
719 cod[0] = hdev->minor_class;
720 cod[1] = hdev->major_class;
721 cod[2] = get_service_classes(hdev);
723 if (memcmp(cod, hdev->dev_class, 3) == 0)
726 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
729 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
731 struct mgmt_cp_add_uuid *cp;
732 struct hci_dev *hdev;
733 struct bt_uuid *uuid;
738 BT_DBG("request for hci%u", index);
740 if (len != sizeof(*cp))
741 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
743 hdev = hci_dev_get(index);
745 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
747 hci_dev_lock_bh(hdev);
749 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
755 memcpy(uuid->uuid, cp->uuid, 16);
756 uuid->svc_hint = cp->svc_hint;
758 list_add(&uuid->list, &hdev->uuids);
760 err = update_class(hdev);
764 err = update_eir(hdev);
768 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
771 hci_dev_unlock_bh(hdev);
777 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
779 struct list_head *p, *n;
780 struct mgmt_cp_remove_uuid *cp;
781 struct hci_dev *hdev;
782 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
787 BT_DBG("request for hci%u", index);
789 if (len != sizeof(*cp))
790 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
792 hdev = hci_dev_get(index);
794 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
796 hci_dev_lock_bh(hdev);
798 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
799 err = hci_uuids_clear(hdev);
805 list_for_each_safe(p, n, &hdev->uuids) {
806 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
808 if (memcmp(match->uuid, cp->uuid, 16) != 0)
811 list_del(&match->list);
816 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
820 err = update_class(hdev);
824 err = update_eir(hdev);
828 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
831 hci_dev_unlock_bh(hdev);
837 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
840 struct hci_dev *hdev;
841 struct mgmt_cp_set_dev_class *cp;
846 BT_DBG("request for hci%u", index);
848 if (len != sizeof(*cp))
849 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
851 hdev = hci_dev_get(index);
853 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
855 hci_dev_lock_bh(hdev);
857 hdev->major_class = cp->major;
858 hdev->minor_class = cp->minor;
860 err = update_class(hdev);
863 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
865 hci_dev_unlock_bh(hdev);
871 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
874 struct hci_dev *hdev;
875 struct mgmt_cp_set_service_cache *cp;
880 if (len != sizeof(*cp))
881 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
883 hdev = hci_dev_get(index);
885 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
887 hci_dev_lock_bh(hdev);
889 BT_DBG("hci%u enable %d", index, cp->enable);
892 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
895 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
896 err = update_class(hdev);
898 err = update_eir(hdev);
902 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
905 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
908 hci_dev_unlock_bh(hdev);
914 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
917 struct hci_dev *hdev;
918 struct mgmt_cp_load_link_keys *cp;
919 u16 key_count, expected_len;
924 if (len < sizeof(*cp))
925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
927 key_count = get_unaligned_le16(&cp->key_count);
929 expected_len = sizeof(*cp) + key_count *
930 sizeof(struct mgmt_link_key_info);
931 if (expected_len != len) {
932 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
934 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
937 hdev = hci_dev_get(index);
939 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
941 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
944 hci_dev_lock_bh(hdev);
946 hci_link_keys_clear(hdev);
948 set_bit(HCI_LINK_KEYS, &hdev->flags);
951 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
953 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
955 for (i = 0; i < key_count; i++) {
956 struct mgmt_link_key_info *key = &cp->keys[i];
958 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
962 hci_dev_unlock_bh(hdev);
968 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
971 struct hci_dev *hdev;
972 struct mgmt_cp_remove_keys *cp;
973 struct hci_conn *conn;
978 if (len != sizeof(*cp))
979 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
981 hdev = hci_dev_get(index);
983 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
985 hci_dev_lock_bh(hdev);
987 err = hci_remove_link_key(hdev, &cp->bdaddr);
989 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
995 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
998 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1000 struct hci_cp_disconnect dc;
1002 put_unaligned_le16(conn->handle, &dc.handle);
1003 dc.reason = 0x13; /* Remote User Terminated Connection */
1004 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1008 hci_dev_unlock_bh(hdev);
1014 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1016 struct hci_dev *hdev;
1017 struct mgmt_cp_disconnect *cp;
1018 struct hci_cp_disconnect dc;
1019 struct pending_cmd *cmd;
1020 struct hci_conn *conn;
1027 if (len != sizeof(*cp))
1028 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1030 hdev = hci_dev_get(index);
1032 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1034 hci_dev_lock_bh(hdev);
1036 if (!test_bit(HCI_UP, &hdev->flags)) {
1037 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1041 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1042 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1046 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1048 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1051 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1055 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1061 put_unaligned_le16(conn->handle, &dc.handle);
1062 dc.reason = 0x13; /* Remote User Terminated Connection */
1064 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1066 mgmt_pending_remove(cmd);
1069 hci_dev_unlock_bh(hdev);
1075 static u8 link_to_mgmt(u8 link_type)
1077 switch (link_type) {
1079 return MGMT_ADDR_LE;
1081 return MGMT_ADDR_BREDR;
1083 return MGMT_ADDR_INVALID;
1087 static int get_connections(struct sock *sk, u16 index)
1089 struct mgmt_rp_get_connections *rp;
1090 struct hci_dev *hdev;
1092 struct list_head *p;
1099 hdev = hci_dev_get(index);
1101 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1103 hci_dev_lock_bh(hdev);
1106 list_for_each(p, &hdev->conn_hash.list) {
1110 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1111 rp = kmalloc(rp_len, GFP_ATOMIC);
1117 put_unaligned_le16(count, &rp->conn_count);
1120 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1121 bacpy(&rp->addr[i].bdaddr, &c->dst);
1122 rp->addr[i].type = link_to_mgmt(c->type);
1123 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1128 /* Recalculate length in case of filtered SCO connections, etc */
1129 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1131 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1135 hci_dev_unlock_bh(hdev);
1140 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1141 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1143 struct pending_cmd *cmd;
1146 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1151 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1154 mgmt_pending_remove(cmd);
1159 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1162 struct hci_dev *hdev;
1163 struct hci_conn *conn;
1164 struct mgmt_cp_pin_code_reply *cp;
1165 struct mgmt_cp_pin_code_neg_reply ncp;
1166 struct hci_cp_pin_code_reply reply;
1167 struct pending_cmd *cmd;
1174 if (len != sizeof(*cp))
1175 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1177 hdev = hci_dev_get(index);
1179 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1181 hci_dev_lock_bh(hdev);
1183 if (!test_bit(HCI_UP, &hdev->flags)) {
1184 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1190 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1194 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1195 bacpy(&ncp.bdaddr, &cp->bdaddr);
1197 BT_ERR("PIN code is not 16 bytes long");
1199 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1201 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1207 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1213 bacpy(&reply.bdaddr, &cp->bdaddr);
1214 reply.pin_len = cp->pin_len;
1215 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1217 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1219 mgmt_pending_remove(cmd);
1222 hci_dev_unlock_bh(hdev);
1228 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1231 struct hci_dev *hdev;
1232 struct mgmt_cp_pin_code_neg_reply *cp;
1239 if (len != sizeof(*cp))
1240 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1243 hdev = hci_dev_get(index);
1245 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1248 hci_dev_lock_bh(hdev);
1250 if (!test_bit(HCI_UP, &hdev->flags)) {
1251 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1256 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1259 hci_dev_unlock_bh(hdev);
1265 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1268 struct hci_dev *hdev;
1269 struct mgmt_cp_set_io_capability *cp;
1275 if (len != sizeof(*cp))
1276 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1278 hdev = hci_dev_get(index);
1280 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1282 hci_dev_lock_bh(hdev);
1284 hdev->io_capability = cp->io_capability;
1286 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1287 hdev->io_capability);
1289 hci_dev_unlock_bh(hdev);
1292 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1295 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1297 struct hci_dev *hdev = conn->hdev;
1298 struct pending_cmd *cmd;
1300 list_for_each_entry(cmd, &cmd_list, list) {
1301 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1304 if (cmd->index != hdev->id)
1307 if (cmd->user_data != conn)
1316 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1318 struct mgmt_rp_pair_device rp;
1319 struct hci_conn *conn = cmd->user_data;
1321 bacpy(&rp.bdaddr, &conn->dst);
1324 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1326 /* So we don't get further callbacks for this connection */
1327 conn->connect_cfm_cb = NULL;
1328 conn->security_cfm_cb = NULL;
1329 conn->disconn_cfm_cb = NULL;
1333 mgmt_pending_remove(cmd);
1336 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1338 struct pending_cmd *cmd;
1340 BT_DBG("status %u", status);
1342 cmd = find_pairing(conn);
1344 BT_DBG("Unable to find a pending command");
1348 pairing_complete(cmd, status);
1351 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1353 struct hci_dev *hdev;
1354 struct mgmt_cp_pair_device *cp;
1355 struct pending_cmd *cmd;
1356 struct adv_entry *entry;
1357 u8 sec_level, auth_type;
1358 struct hci_conn *conn;
1365 if (len != sizeof(*cp))
1366 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1368 hdev = hci_dev_get(index);
1370 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1372 hci_dev_lock_bh(hdev);
1374 sec_level = BT_SECURITY_MEDIUM;
1375 if (cp->io_cap == 0x03)
1376 auth_type = HCI_AT_DEDICATED_BONDING;
1378 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1380 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1382 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1385 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1389 err = PTR_ERR(conn);
1393 if (conn->connect_cfm_cb) {
1395 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1399 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1406 /* For LE, just connecting isn't a proof that the pairing finished */
1408 conn->connect_cfm_cb = pairing_complete_cb;
1410 conn->security_cfm_cb = pairing_complete_cb;
1411 conn->disconn_cfm_cb = pairing_complete_cb;
1412 conn->io_capability = cp->io_cap;
1413 cmd->user_data = conn;
1415 if (conn->state == BT_CONNECTED &&
1416 hci_conn_security(conn, sec_level, auth_type))
1417 pairing_complete(cmd, 0);
1422 hci_dev_unlock_bh(hdev);
1428 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1429 u16 len, int success)
1431 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1432 u16 mgmt_op, hci_op;
1433 struct pending_cmd *cmd;
1434 struct hci_dev *hdev;
1440 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1441 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1443 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1444 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1447 if (len != sizeof(*cp))
1448 return cmd_status(sk, index, mgmt_op, EINVAL);
1450 hdev = hci_dev_get(index);
1452 return cmd_status(sk, index, mgmt_op, ENODEV);
1454 hci_dev_lock_bh(hdev);
1456 if (!test_bit(HCI_UP, &hdev->flags)) {
1457 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1461 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1467 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1469 mgmt_pending_remove(cmd);
1472 hci_dev_unlock_bh(hdev);
1478 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1481 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1482 struct hci_cp_write_local_name hci_cp;
1483 struct hci_dev *hdev;
1484 struct pending_cmd *cmd;
1489 if (len != sizeof(*mgmt_cp))
1490 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1492 hdev = hci_dev_get(index);
1494 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1496 hci_dev_lock_bh(hdev);
1498 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1504 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1505 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1508 mgmt_pending_remove(cmd);
1511 hci_dev_unlock_bh(hdev);
1517 static int read_local_oob_data(struct sock *sk, u16 index)
1519 struct hci_dev *hdev;
1520 struct pending_cmd *cmd;
1523 BT_DBG("hci%u", index);
1525 hdev = hci_dev_get(index);
1527 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1530 hci_dev_lock_bh(hdev);
1532 if (!test_bit(HCI_UP, &hdev->flags)) {
1533 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1538 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1539 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1544 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1545 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1549 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1555 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1557 mgmt_pending_remove(cmd);
1560 hci_dev_unlock_bh(hdev);
1566 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1569 struct hci_dev *hdev;
1570 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1573 BT_DBG("hci%u ", index);
1575 if (len != sizeof(*cp))
1576 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1579 hdev = hci_dev_get(index);
1581 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1584 hci_dev_lock_bh(hdev);
1586 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1589 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1591 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1594 hci_dev_unlock_bh(hdev);
1600 static int remove_remote_oob_data(struct sock *sk, u16 index,
1601 unsigned char *data, u16 len)
1603 struct hci_dev *hdev;
1604 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1607 BT_DBG("hci%u ", index);
1609 if (len != sizeof(*cp))
1610 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1613 hdev = hci_dev_get(index);
1615 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1618 hci_dev_lock_bh(hdev);
1620 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1622 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1625 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1628 hci_dev_unlock_bh(hdev);
1634 static int start_discovery(struct sock *sk, u16 index)
1636 struct pending_cmd *cmd;
1637 struct hci_dev *hdev;
1640 BT_DBG("hci%u", index);
1642 hdev = hci_dev_get(index);
1644 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1646 hci_dev_lock_bh(hdev);
1648 if (!test_bit(HCI_UP, &hdev->flags)) {
1649 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1653 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1659 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1661 mgmt_pending_remove(cmd);
1664 hci_dev_unlock_bh(hdev);
1670 static int stop_discovery(struct sock *sk, u16 index)
1672 struct hci_dev *hdev;
1673 struct pending_cmd *cmd;
1676 BT_DBG("hci%u", index);
1678 hdev = hci_dev_get(index);
1680 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1682 hci_dev_lock_bh(hdev);
1684 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1690 err = hci_cancel_inquiry(hdev);
1692 mgmt_pending_remove(cmd);
1695 hci_dev_unlock_bh(hdev);
1701 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1704 struct hci_dev *hdev;
1705 struct mgmt_cp_block_device *cp = (void *) data;
1708 BT_DBG("hci%u", index);
1710 if (len != sizeof(*cp))
1711 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1714 hdev = hci_dev_get(index);
1716 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1719 hci_dev_lock_bh(hdev);
1721 err = hci_blacklist_add(hdev, &cp->bdaddr);
1723 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1725 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1728 hci_dev_unlock_bh(hdev);
1734 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1737 struct hci_dev *hdev;
1738 struct mgmt_cp_unblock_device *cp = (void *) data;
1741 BT_DBG("hci%u", index);
1743 if (len != sizeof(*cp))
1744 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1747 hdev = hci_dev_get(index);
1749 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1752 hci_dev_lock_bh(hdev);
1754 err = hci_blacklist_del(hdev, &cp->bdaddr);
1757 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1759 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1762 hci_dev_unlock_bh(hdev);
1768 static int set_fast_connectable(struct sock *sk, u16 index,
1769 unsigned char *data, u16 len)
1771 struct hci_dev *hdev;
1772 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1773 struct hci_cp_write_page_scan_activity acp;
1777 BT_DBG("hci%u", index);
1779 if (len != sizeof(*cp))
1780 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1783 hdev = hci_dev_get(index);
1785 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1791 type = PAGE_SCAN_TYPE_INTERLACED;
1792 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1794 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1795 acp.interval = 0x0800; /* default 1.28 sec page scan */
1798 acp.window = 0x0012; /* default 11.25 msec page scan window */
1800 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1803 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1808 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1810 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1815 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1818 hci_dev_unlock(hdev);
1824 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1827 struct mgmt_hdr *hdr;
1828 u16 opcode, index, len;
1831 BT_DBG("got %zu bytes", msglen);
1833 if (msglen < sizeof(*hdr))
1836 buf = kmalloc(msglen, GFP_KERNEL);
1840 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1845 hdr = (struct mgmt_hdr *) buf;
1846 opcode = get_unaligned_le16(&hdr->opcode);
1847 index = get_unaligned_le16(&hdr->index);
1848 len = get_unaligned_le16(&hdr->len);
1850 if (len != msglen - sizeof(*hdr)) {
1856 case MGMT_OP_READ_VERSION:
1857 err = read_version(sk);
1859 case MGMT_OP_READ_INDEX_LIST:
1860 err = read_index_list(sk);
1862 case MGMT_OP_READ_INFO:
1863 err = read_controller_info(sk, index);
1865 case MGMT_OP_SET_POWERED:
1866 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1868 case MGMT_OP_SET_DISCOVERABLE:
1869 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1871 case MGMT_OP_SET_CONNECTABLE:
1872 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1874 case MGMT_OP_SET_PAIRABLE:
1875 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1877 case MGMT_OP_ADD_UUID:
1878 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1880 case MGMT_OP_REMOVE_UUID:
1881 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1883 case MGMT_OP_SET_DEV_CLASS:
1884 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1886 case MGMT_OP_SET_SERVICE_CACHE:
1887 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1889 case MGMT_OP_LOAD_LINK_KEYS:
1890 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1892 case MGMT_OP_REMOVE_KEYS:
1893 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1895 case MGMT_OP_DISCONNECT:
1896 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1898 case MGMT_OP_GET_CONNECTIONS:
1899 err = get_connections(sk, index);
1901 case MGMT_OP_PIN_CODE_REPLY:
1902 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1904 case MGMT_OP_PIN_CODE_NEG_REPLY:
1905 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1907 case MGMT_OP_SET_IO_CAPABILITY:
1908 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1910 case MGMT_OP_PAIR_DEVICE:
1911 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1913 case MGMT_OP_USER_CONFIRM_REPLY:
1914 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1916 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1917 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1919 case MGMT_OP_SET_LOCAL_NAME:
1920 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1922 case MGMT_OP_READ_LOCAL_OOB_DATA:
1923 err = read_local_oob_data(sk, index);
1925 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1926 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1928 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1929 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1932 case MGMT_OP_START_DISCOVERY:
1933 err = start_discovery(sk, index);
1935 case MGMT_OP_STOP_DISCOVERY:
1936 err = stop_discovery(sk, index);
1938 case MGMT_OP_BLOCK_DEVICE:
1939 err = block_device(sk, index, buf + sizeof(*hdr), len);
1941 case MGMT_OP_UNBLOCK_DEVICE:
1942 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1944 case MGMT_OP_SET_FAST_CONNECTABLE:
1945 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1949 BT_DBG("Unknown op %u", opcode);
1950 err = cmd_status(sk, index, opcode, 0x01);
1964 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1968 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1969 mgmt_pending_remove(cmd);
1972 int mgmt_index_added(struct hci_dev *hdev)
1974 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1977 int mgmt_index_removed(struct hci_dev *hdev)
1981 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1983 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
1991 static void mode_rsp(struct pending_cmd *cmd, void *data)
1993 struct mgmt_mode *cp = cmd->param;
1994 struct cmd_lookup *match = data;
1996 if (cp->val != match->val)
1999 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
2001 list_del(&cmd->list);
2003 if (match->sk == NULL) {
2004 match->sk = cmd->sk;
2005 sock_hold(match->sk);
2008 mgmt_pending_free(cmd);
2011 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2013 struct mgmt_mode ev;
2014 struct cmd_lookup match = { powered, NULL };
2017 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2020 u8 status = ENETDOWN;
2021 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2026 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2034 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2036 struct mgmt_mode ev;
2037 struct cmd_lookup match = { discoverable, NULL };
2040 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2042 ev.val = discoverable;
2044 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2053 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2055 struct mgmt_mode ev;
2056 struct cmd_lookup match = { connectable, NULL };
2059 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2061 ev.val = connectable;
2063 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2071 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2073 if (scan & SCAN_PAGE)
2074 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2075 cmd_status_rsp, &status);
2077 if (scan & SCAN_INQUIRY)
2078 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2079 cmd_status_rsp, &status);
2084 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2087 struct mgmt_ev_new_link_key ev;
2089 memset(&ev, 0, sizeof(ev));
2091 ev.store_hint = persistent;
2092 bacpy(&ev.key.bdaddr, &key->bdaddr);
2093 ev.key.type = key->type;
2094 memcpy(ev.key.val, key->val, 16);
2095 ev.key.pin_len = key->pin_len;
2097 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2100 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type)
2102 struct mgmt_addr_info ev;
2104 bacpy(&ev.bdaddr, bdaddr);
2105 ev.type = link_to_mgmt(link_type);
2107 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2110 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2112 struct mgmt_cp_disconnect *cp = cmd->param;
2113 struct sock **sk = data;
2114 struct mgmt_rp_disconnect rp;
2116 bacpy(&rp.bdaddr, &cp->bdaddr);
2118 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2123 mgmt_pending_remove(cmd);
2126 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2128 struct mgmt_addr_info ev;
2129 struct sock *sk = NULL;
2132 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2134 bacpy(&ev.bdaddr, bdaddr);
2135 ev.type = link_to_mgmt(type);
2137 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2145 int mgmt_disconnect_failed(struct hci_dev *hdev)
2147 struct pending_cmd *cmd;
2150 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev->id);
2154 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2156 mgmt_pending_remove(cmd);
2161 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2164 struct mgmt_ev_connect_failed ev;
2166 bacpy(&ev.addr.bdaddr, bdaddr);
2167 ev.addr.type = link_to_mgmt(type);
2170 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2173 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2175 struct mgmt_ev_pin_code_request ev;
2177 bacpy(&ev.bdaddr, bdaddr);
2180 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2184 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2187 struct pending_cmd *cmd;
2188 struct mgmt_rp_pin_code_reply rp;
2191 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev->id);
2195 bacpy(&rp.bdaddr, bdaddr);
2198 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2201 mgmt_pending_remove(cmd);
2206 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2209 struct pending_cmd *cmd;
2210 struct mgmt_rp_pin_code_reply rp;
2213 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev->id);
2217 bacpy(&rp.bdaddr, bdaddr);
2220 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2223 mgmt_pending_remove(cmd);
2228 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2229 __le32 value, u8 confirm_hint)
2231 struct mgmt_ev_user_confirm_request ev;
2233 BT_DBG("%s", hdev->name);
2235 bacpy(&ev.bdaddr, bdaddr);
2236 ev.confirm_hint = confirm_hint;
2237 put_unaligned_le32(value, &ev.value);
2239 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2243 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2244 u8 status, u8 opcode)
2246 struct pending_cmd *cmd;
2247 struct mgmt_rp_user_confirm_reply rp;
2250 cmd = mgmt_pending_find(opcode, hdev->id);
2254 bacpy(&rp.bdaddr, bdaddr);
2256 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2258 mgmt_pending_remove(cmd);
2263 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2266 return confirm_reply_complete(hdev, bdaddr, status,
2267 MGMT_OP_USER_CONFIRM_REPLY);
2270 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2271 bdaddr_t *bdaddr, u8 status)
2273 return confirm_reply_complete(hdev, bdaddr, status,
2274 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2277 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2279 struct mgmt_ev_auth_failed ev;
2281 bacpy(&ev.bdaddr, bdaddr);
2284 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2287 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2289 struct pending_cmd *cmd;
2290 struct mgmt_cp_set_local_name ev;
2293 memset(&ev, 0, sizeof(ev));
2294 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2296 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev->id);
2301 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2306 hci_dev_lock_bh(hdev);
2308 hci_dev_unlock_bh(hdev);
2310 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2316 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2317 cmd ? cmd->sk : NULL);
2321 mgmt_pending_remove(cmd);
2325 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2326 u8 *randomizer, u8 status)
2328 struct pending_cmd *cmd;
2331 BT_DBG("%s status %u", hdev->name, status);
2333 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev->id);
2338 err = cmd_status(cmd->sk, hdev->id,
2339 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2341 struct mgmt_rp_read_local_oob_data rp;
2343 memcpy(rp.hash, hash, sizeof(rp.hash));
2344 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2346 err = cmd_complete(cmd->sk, hdev->id,
2347 MGMT_OP_READ_LOCAL_OOB_DATA,
2351 mgmt_pending_remove(cmd);
2356 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2357 u8 *dev_class, s8 rssi, u8 *eir)
2359 struct mgmt_ev_device_found ev;
2361 memset(&ev, 0, sizeof(ev));
2363 bacpy(&ev.addr.bdaddr, bdaddr);
2364 ev.addr.type = link_to_mgmt(type);
2368 memcpy(ev.eir, eir, sizeof(ev.eir));
2371 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2373 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2376 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2378 struct mgmt_ev_remote_name ev;
2380 memset(&ev, 0, sizeof(ev));
2382 bacpy(&ev.bdaddr, bdaddr);
2383 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2385 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2388 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2390 struct pending_cmd *cmd;
2393 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev->id);
2397 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2398 mgmt_pending_remove(cmd);
2403 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2405 struct pending_cmd *cmd;
2408 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev->id);
2410 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev->id);
2413 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2414 mgmt_pending_remove(cmd);
2417 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2418 sizeof(discovering), NULL);
2421 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2423 struct pending_cmd *cmd;
2424 struct mgmt_ev_device_blocked ev;
2426 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev->id);
2428 bacpy(&ev.bdaddr, bdaddr);
2430 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2431 cmd ? cmd->sk : NULL);
2434 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2436 struct pending_cmd *cmd;
2437 struct mgmt_ev_device_unblocked ev;
2439 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev->id);
2441 bacpy(&ev.bdaddr, bdaddr);
2443 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2444 cmd ? cmd->sk : NULL);
projects / ~andy / linux / blob