2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static LIST_HEAD(cmd_list);
48 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
52 struct mgmt_ev_cmd_status *ev;
55 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
57 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
61 hdr = (void *) skb_put(skb, sizeof(*hdr));
63 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
64 hdr->index = cpu_to_le16(index);
65 hdr->len = cpu_to_le16(sizeof(*ev));
67 ev = (void *) skb_put(skb, sizeof(*ev));
69 put_unaligned_le16(cmd, &ev->opcode);
71 err = sock_queue_rcv_skb(sk, skb);
78 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
83 struct mgmt_ev_cmd_complete *ev;
86 BT_DBG("sock %p", sk);
88 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
92 hdr = (void *) skb_put(skb, sizeof(*hdr));
94 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
95 hdr->index = cpu_to_le16(index);
96 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
98 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
99 put_unaligned_le16(cmd, &ev->opcode);
102 memcpy(ev->data, rp, rp_len);
104 err = sock_queue_rcv_skb(sk, skb);
111 static int read_version(struct sock *sk)
113 struct mgmt_rp_read_version rp;
115 BT_DBG("sock %p", sk);
117 rp.version = MGMT_VERSION;
118 put_unaligned_le16(MGMT_REVISION, &rp.revision);
120 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
124 static int read_index_list(struct sock *sk)
126 struct mgmt_rp_read_index_list *rp;
133 BT_DBG("sock %p", sk);
135 read_lock(&hci_dev_list_lock);
138 list_for_each(p, &hci_dev_list) {
142 rp_len = sizeof(*rp) + (2 * count);
143 rp = kmalloc(rp_len, GFP_ATOMIC);
145 read_unlock(&hci_dev_list_lock);
149 put_unaligned_le16(count, &rp->num_controllers);
152 list_for_each_entry(d, &hci_dev_list, list) {
153 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
154 cancel_delayed_work_sync(&d->power_off);
156 if (test_bit(HCI_SETUP, &d->flags))
159 put_unaligned_le16(d->id, &rp->index[i++]);
160 BT_DBG("Added hci%u", d->id);
163 read_unlock(&hci_dev_list_lock);
165 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
173 static int read_controller_info(struct sock *sk, u16 index)
175 struct mgmt_rp_read_info rp;
176 struct hci_dev *hdev;
178 BT_DBG("sock %p hci%u", sk, index);
180 hdev = hci_dev_get(index);
182 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
184 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
185 cancel_delayed_work_sync(&hdev->power_off);
187 hci_dev_lock_bh(hdev);
189 set_bit(HCI_MGMT, &hdev->flags);
191 memset(&rp, 0, sizeof(rp));
193 rp.type = hdev->dev_type;
195 rp.powered = test_bit(HCI_UP, &hdev->flags);
196 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
197 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
198 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
200 if (test_bit(HCI_AUTH, &hdev->flags))
202 else if (hdev->ssp_mode > 0)
207 bacpy(&rp.bdaddr, &hdev->bdaddr);
208 memcpy(rp.features, hdev->features, 8);
209 memcpy(rp.dev_class, hdev->dev_class, 3);
210 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
211 rp.hci_ver = hdev->hci_ver;
212 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
214 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
216 hci_dev_unlock_bh(hdev);
219 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
222 static void mgmt_pending_free(struct pending_cmd *cmd)
229 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
230 u16 index, void *data, u16 len)
232 struct pending_cmd *cmd;
234 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
238 cmd->opcode = opcode;
241 cmd->param = kmalloc(len, GFP_ATOMIC);
248 memcpy(cmd->param, data, len);
253 list_add(&cmd->list, &cmd_list);
258 static void mgmt_pending_foreach(u16 opcode, int index,
259 void (*cb)(struct pending_cmd *cmd, void *data),
262 struct list_head *p, *n;
264 list_for_each_safe(p, n, &cmd_list) {
265 struct pending_cmd *cmd;
267 cmd = list_entry(p, struct pending_cmd, list);
269 if (opcode > 0 && cmd->opcode != opcode)
272 if (index >= 0 && cmd->index != index)
279 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
281 struct pending_cmd *cmd;
283 list_for_each_entry(cmd, &cmd_list, list) {
284 if (cmd->opcode != opcode)
287 if (index >= 0 && cmd->index != index)
296 static void mgmt_pending_remove(struct pending_cmd *cmd)
298 list_del(&cmd->list);
299 mgmt_pending_free(cmd);
302 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
304 struct mgmt_mode *cp;
305 struct hci_dev *hdev;
306 struct pending_cmd *cmd;
311 BT_DBG("request for hci%u", index);
313 if (len != sizeof(*cp))
314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
316 hdev = hci_dev_get(index);
318 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
320 hci_dev_lock_bh(hdev);
322 up = test_bit(HCI_UP, &hdev->flags);
323 if ((cp->val && up) || (!cp->val && !up)) {
324 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
328 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
329 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
333 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
340 queue_work(hdev->workqueue, &hdev->power_on);
342 queue_work(hdev->workqueue, &hdev->power_off.work);
347 hci_dev_unlock_bh(hdev);
352 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
355 struct mgmt_cp_set_discoverable *cp;
356 struct hci_dev *hdev;
357 struct pending_cmd *cmd;
363 BT_DBG("request for hci%u", index);
365 if (len != sizeof(*cp))
366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
368 hdev = hci_dev_get(index);
370 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
372 hci_dev_lock_bh(hdev);
374 if (!test_bit(HCI_UP, &hdev->flags)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
379 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
380 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
385 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
386 test_bit(HCI_PSCAN, &hdev->flags)) {
387 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
391 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
400 scan |= SCAN_INQUIRY;
402 cancel_delayed_work_sync(&hdev->discov_off);
404 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
406 mgmt_pending_remove(cmd);
409 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
412 hci_dev_unlock_bh(hdev);
418 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
421 struct mgmt_mode *cp;
422 struct hci_dev *hdev;
423 struct pending_cmd *cmd;
429 BT_DBG("request for hci%u", index);
431 if (len != sizeof(*cp))
432 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
434 hdev = hci_dev_get(index);
436 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
438 hci_dev_lock_bh(hdev);
440 if (!test_bit(HCI_UP, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
445 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
446 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
447 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
451 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
452 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
456 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
467 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
469 mgmt_pending_remove(cmd);
472 hci_dev_unlock_bh(hdev);
478 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
479 struct sock *skip_sk)
482 struct mgmt_hdr *hdr;
484 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
488 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
490 hdr = (void *) skb_put(skb, sizeof(*hdr));
491 hdr->opcode = cpu_to_le16(event);
492 hdr->index = cpu_to_le16(index);
493 hdr->len = cpu_to_le16(data_len);
496 memcpy(skb_put(skb, data_len), data, data_len);
498 hci_send_to_sock(NULL, skb, skip_sk);
504 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
510 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
513 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
516 struct mgmt_mode *cp, ev;
517 struct hci_dev *hdev;
522 BT_DBG("request for hci%u", index);
524 if (len != sizeof(*cp))
525 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
527 hdev = hci_dev_get(index);
529 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
531 hci_dev_lock_bh(hdev);
534 set_bit(HCI_PAIRABLE, &hdev->flags);
536 clear_bit(HCI_PAIRABLE, &hdev->flags);
538 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
544 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
547 hci_dev_unlock_bh(hdev);
553 #define EIR_FLAGS 0x01 /* flags */
554 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
555 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
556 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
557 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
558 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
559 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
560 #define EIR_NAME_SHORT 0x08 /* shortened local name */
561 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
562 #define EIR_TX_POWER 0x0A /* transmit power level */
563 #define EIR_DEVICE_ID 0x10 /* device ID */
565 #define PNP_INFO_SVCLASS_ID 0x1200
567 static u8 bluetooth_base_uuid[] = {
568 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
569 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
572 static u16 get_uuid16(u8 *uuid128)
577 for (i = 0; i < 12; i++) {
578 if (bluetooth_base_uuid[i] != uuid128[i])
582 memcpy(&val, &uuid128[12], 4);
584 val = le32_to_cpu(val);
591 static void create_eir(struct hci_dev *hdev, u8 *data)
595 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
596 int i, truncated = 0;
597 struct bt_uuid *uuid;
600 name_len = strlen(hdev->dev_name);
606 ptr[1] = EIR_NAME_SHORT;
608 ptr[1] = EIR_NAME_COMPLETE;
610 /* EIR Data length */
611 ptr[0] = name_len + 1;
613 memcpy(ptr + 2, hdev->dev_name, name_len);
615 eir_len += (name_len + 2);
616 ptr += (name_len + 2);
619 memset(uuid16_list, 0, sizeof(uuid16_list));
621 /* Group all UUID16 types */
622 list_for_each_entry(uuid, &hdev->uuids, list) {
625 uuid16 = get_uuid16(uuid->uuid);
632 if (uuid16 == PNP_INFO_SVCLASS_ID)
635 /* Stop if not enough space to put next UUID */
636 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
641 /* Check for duplicates */
642 for (i = 0; uuid16_list[i] != 0; i++)
643 if (uuid16_list[i] == uuid16)
646 if (uuid16_list[i] == 0) {
647 uuid16_list[i] = uuid16;
648 eir_len += sizeof(u16);
652 if (uuid16_list[0] != 0) {
656 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
661 for (i = 0; uuid16_list[i] != 0; i++) {
662 *ptr++ = (uuid16_list[i] & 0x00ff);
663 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
666 /* EIR Data length */
667 *length = (i * sizeof(u16)) + 1;
671 static int update_eir(struct hci_dev *hdev)
673 struct hci_cp_write_eir cp;
675 if (!(hdev->features[6] & LMP_EXT_INQ))
678 if (hdev->ssp_mode == 0)
681 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
684 memset(&cp, 0, sizeof(cp));
686 create_eir(hdev, cp.data);
688 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
691 memcpy(hdev->eir, cp.data, sizeof(cp.data));
693 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
696 static u8 get_service_classes(struct hci_dev *hdev)
698 struct bt_uuid *uuid;
701 list_for_each_entry(uuid, &hdev->uuids, list)
702 val |= uuid->svc_hint;
707 static int update_class(struct hci_dev *hdev)
711 BT_DBG("%s", hdev->name);
713 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
716 cod[0] = hdev->minor_class;
717 cod[1] = hdev->major_class;
718 cod[2] = get_service_classes(hdev);
720 if (memcmp(cod, hdev->dev_class, 3) == 0)
723 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
726 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
728 struct mgmt_cp_add_uuid *cp;
729 struct hci_dev *hdev;
730 struct bt_uuid *uuid;
735 BT_DBG("request for hci%u", index);
737 if (len != sizeof(*cp))
738 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
740 hdev = hci_dev_get(index);
742 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
744 hci_dev_lock_bh(hdev);
746 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
752 memcpy(uuid->uuid, cp->uuid, 16);
753 uuid->svc_hint = cp->svc_hint;
755 list_add(&uuid->list, &hdev->uuids);
757 err = update_class(hdev);
761 err = update_eir(hdev);
765 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
768 hci_dev_unlock_bh(hdev);
774 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
776 struct list_head *p, *n;
777 struct mgmt_cp_remove_uuid *cp;
778 struct hci_dev *hdev;
779 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
784 BT_DBG("request for hci%u", index);
786 if (len != sizeof(*cp))
787 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
789 hdev = hci_dev_get(index);
791 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
793 hci_dev_lock_bh(hdev);
795 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
796 err = hci_uuids_clear(hdev);
802 list_for_each_safe(p, n, &hdev->uuids) {
803 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
805 if (memcmp(match->uuid, cp->uuid, 16) != 0)
808 list_del(&match->list);
813 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
817 err = update_class(hdev);
821 err = update_eir(hdev);
825 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
828 hci_dev_unlock_bh(hdev);
834 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
837 struct hci_dev *hdev;
838 struct mgmt_cp_set_dev_class *cp;
843 BT_DBG("request for hci%u", index);
845 if (len != sizeof(*cp))
846 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
848 hdev = hci_dev_get(index);
850 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
852 hci_dev_lock_bh(hdev);
854 hdev->major_class = cp->major;
855 hdev->minor_class = cp->minor;
857 err = update_class(hdev);
860 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
862 hci_dev_unlock_bh(hdev);
868 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
871 struct hci_dev *hdev;
872 struct mgmt_cp_set_service_cache *cp;
877 if (len != sizeof(*cp))
878 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
880 hdev = hci_dev_get(index);
882 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
884 hci_dev_lock_bh(hdev);
886 BT_DBG("hci%u enable %d", index, cp->enable);
889 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
892 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
893 err = update_class(hdev);
895 err = update_eir(hdev);
899 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
902 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
905 hci_dev_unlock_bh(hdev);
911 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
913 struct hci_dev *hdev;
914 struct mgmt_cp_load_keys *cp;
915 u16 key_count, expected_len;
920 if (len < sizeof(*cp))
921 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
923 key_count = get_unaligned_le16(&cp->key_count);
925 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
926 if (expected_len != len) {
927 BT_ERR("load_keys: expected %u bytes, got %u bytes",
929 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
932 hdev = hci_dev_get(index);
934 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
936 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
939 hci_dev_lock_bh(hdev);
941 hci_link_keys_clear(hdev);
943 set_bit(HCI_LINK_KEYS, &hdev->flags);
946 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
948 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
950 for (i = 0; i < key_count; i++) {
951 struct mgmt_key_info *key = &cp->keys[i];
953 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
957 hci_dev_unlock_bh(hdev);
963 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
965 struct hci_dev *hdev;
966 struct mgmt_cp_remove_key *cp;
967 struct hci_conn *conn;
972 if (len != sizeof(*cp))
973 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
975 hdev = hci_dev_get(index);
977 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
979 hci_dev_lock_bh(hdev);
981 err = hci_remove_link_key(hdev, &cp->bdaddr);
983 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
989 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
992 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
994 struct hci_cp_disconnect dc;
996 put_unaligned_le16(conn->handle, &dc.handle);
997 dc.reason = 0x13; /* Remote User Terminated Connection */
998 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1002 hci_dev_unlock_bh(hdev);
1008 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1010 struct hci_dev *hdev;
1011 struct mgmt_cp_disconnect *cp;
1012 struct hci_cp_disconnect dc;
1013 struct pending_cmd *cmd;
1014 struct hci_conn *conn;
1021 if (len != sizeof(*cp))
1022 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1024 hdev = hci_dev_get(index);
1026 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1028 hci_dev_lock_bh(hdev);
1030 if (!test_bit(HCI_UP, &hdev->flags)) {
1031 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1035 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1036 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1040 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1042 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1045 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1049 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1055 put_unaligned_le16(conn->handle, &dc.handle);
1056 dc.reason = 0x13; /* Remote User Terminated Connection */
1058 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1060 mgmt_pending_remove(cmd);
1063 hci_dev_unlock_bh(hdev);
1069 static int get_connections(struct sock *sk, u16 index)
1071 struct mgmt_rp_get_connections *rp;
1072 struct hci_dev *hdev;
1074 struct list_head *p;
1081 hdev = hci_dev_get(index);
1083 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1085 hci_dev_lock_bh(hdev);
1088 list_for_each(p, &hdev->conn_hash.list) {
1092 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1093 rp = kmalloc(rp_len, GFP_ATOMIC);
1099 put_unaligned_le16(count, &rp->conn_count);
1102 list_for_each_entry(c, &hdev->conn_hash.list, list)
1103 bacpy(&rp->conn[i++], &c->dst);
1105 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1109 hci_dev_unlock_bh(hdev);
1114 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1115 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1117 struct pending_cmd *cmd;
1120 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1125 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1128 mgmt_pending_remove(cmd);
1133 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1136 struct hci_dev *hdev;
1137 struct hci_conn *conn;
1138 struct mgmt_cp_pin_code_reply *cp;
1139 struct mgmt_cp_pin_code_neg_reply ncp;
1140 struct hci_cp_pin_code_reply reply;
1141 struct pending_cmd *cmd;
1148 if (len != sizeof(*cp))
1149 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1151 hdev = hci_dev_get(index);
1153 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1155 hci_dev_lock_bh(hdev);
1157 if (!test_bit(HCI_UP, &hdev->flags)) {
1158 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1162 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1164 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1168 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1169 bacpy(&ncp.bdaddr, &cp->bdaddr);
1171 BT_ERR("PIN code is not 16 bytes long");
1173 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1175 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1181 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1187 bacpy(&reply.bdaddr, &cp->bdaddr);
1188 reply.pin_len = cp->pin_len;
1189 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1191 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1193 mgmt_pending_remove(cmd);
1196 hci_dev_unlock_bh(hdev);
1202 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1205 struct hci_dev *hdev;
1206 struct mgmt_cp_pin_code_neg_reply *cp;
1213 if (len != sizeof(*cp))
1214 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1217 hdev = hci_dev_get(index);
1219 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1222 hci_dev_lock_bh(hdev);
1224 if (!test_bit(HCI_UP, &hdev->flags)) {
1225 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1230 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1233 hci_dev_unlock_bh(hdev);
1239 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1242 struct hci_dev *hdev;
1243 struct mgmt_cp_set_io_capability *cp;
1249 if (len != sizeof(*cp))
1250 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1252 hdev = hci_dev_get(index);
1254 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1256 hci_dev_lock_bh(hdev);
1258 hdev->io_capability = cp->io_capability;
1260 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1261 hdev->io_capability);
1263 hci_dev_unlock_bh(hdev);
1266 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1269 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1271 struct hci_dev *hdev = conn->hdev;
1272 struct pending_cmd *cmd;
1274 list_for_each_entry(cmd, &cmd_list, list) {
1275 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1278 if (cmd->index != hdev->id)
1281 if (cmd->user_data != conn)
1290 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1292 struct mgmt_rp_pair_device rp;
1293 struct hci_conn *conn = cmd->user_data;
1295 bacpy(&rp.bdaddr, &conn->dst);
1298 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1300 /* So we don't get further callbacks for this connection */
1301 conn->connect_cfm_cb = NULL;
1302 conn->security_cfm_cb = NULL;
1303 conn->disconn_cfm_cb = NULL;
1307 mgmt_pending_remove(cmd);
1310 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1312 struct pending_cmd *cmd;
1314 BT_DBG("status %u", status);
1316 cmd = find_pairing(conn);
1318 BT_DBG("Unable to find a pending command");
1322 pairing_complete(cmd, status);
1325 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1327 struct hci_dev *hdev;
1328 struct mgmt_cp_pair_device *cp;
1329 struct pending_cmd *cmd;
1330 struct adv_entry *entry;
1331 u8 sec_level, auth_type;
1332 struct hci_conn *conn;
1339 if (len != sizeof(*cp))
1340 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1342 hdev = hci_dev_get(index);
1344 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1346 hci_dev_lock_bh(hdev);
1348 sec_level = BT_SECURITY_MEDIUM;
1349 if (cp->io_cap == 0x03)
1350 auth_type = HCI_AT_DEDICATED_BONDING;
1352 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1354 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1356 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1359 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1363 err = PTR_ERR(conn);
1367 if (conn->connect_cfm_cb) {
1369 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1373 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1380 /* For LE, just connecting isn't a proof that the pairing finished */
1382 conn->connect_cfm_cb = pairing_complete_cb;
1384 conn->security_cfm_cb = pairing_complete_cb;
1385 conn->disconn_cfm_cb = pairing_complete_cb;
1386 conn->io_capability = cp->io_cap;
1387 cmd->user_data = conn;
1389 if (conn->state == BT_CONNECTED &&
1390 hci_conn_security(conn, sec_level, auth_type))
1391 pairing_complete(cmd, 0);
1396 hci_dev_unlock_bh(hdev);
1402 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1403 u16 len, int success)
1405 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1406 u16 mgmt_op, hci_op;
1407 struct pending_cmd *cmd;
1408 struct hci_dev *hdev;
1414 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1415 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1417 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1418 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1421 if (len != sizeof(*cp))
1422 return cmd_status(sk, index, mgmt_op, EINVAL);
1424 hdev = hci_dev_get(index);
1426 return cmd_status(sk, index, mgmt_op, ENODEV);
1428 hci_dev_lock_bh(hdev);
1430 if (!test_bit(HCI_UP, &hdev->flags)) {
1431 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1435 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1441 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1443 mgmt_pending_remove(cmd);
1446 hci_dev_unlock_bh(hdev);
1452 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1455 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1456 struct hci_cp_write_local_name hci_cp;
1457 struct hci_dev *hdev;
1458 struct pending_cmd *cmd;
1463 if (len != sizeof(*mgmt_cp))
1464 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1466 hdev = hci_dev_get(index);
1468 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1470 hci_dev_lock_bh(hdev);
1472 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1478 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1479 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1482 mgmt_pending_remove(cmd);
1485 hci_dev_unlock_bh(hdev);
1491 static int read_local_oob_data(struct sock *sk, u16 index)
1493 struct hci_dev *hdev;
1494 struct pending_cmd *cmd;
1497 BT_DBG("hci%u", index);
1499 hdev = hci_dev_get(index);
1501 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1504 hci_dev_lock_bh(hdev);
1506 if (!test_bit(HCI_UP, &hdev->flags)) {
1507 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1512 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1513 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1518 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1519 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1523 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1529 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1531 mgmt_pending_remove(cmd);
1534 hci_dev_unlock_bh(hdev);
1540 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1543 struct hci_dev *hdev;
1544 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1547 BT_DBG("hci%u ", index);
1549 if (len != sizeof(*cp))
1550 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1553 hdev = hci_dev_get(index);
1555 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1558 hci_dev_lock_bh(hdev);
1560 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1563 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1565 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1568 hci_dev_unlock_bh(hdev);
1574 static int remove_remote_oob_data(struct sock *sk, u16 index,
1575 unsigned char *data, u16 len)
1577 struct hci_dev *hdev;
1578 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1581 BT_DBG("hci%u ", index);
1583 if (len != sizeof(*cp))
1584 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1587 hdev = hci_dev_get(index);
1589 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1592 hci_dev_lock_bh(hdev);
1594 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1596 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1599 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1602 hci_dev_unlock_bh(hdev);
1608 static int start_discovery(struct sock *sk, u16 index)
1610 struct pending_cmd *cmd;
1611 struct hci_dev *hdev;
1614 BT_DBG("hci%u", index);
1616 hdev = hci_dev_get(index);
1618 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1620 hci_dev_lock_bh(hdev);
1622 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1628 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1630 mgmt_pending_remove(cmd);
1633 hci_dev_unlock_bh(hdev);
1639 static int stop_discovery(struct sock *sk, u16 index)
1641 struct hci_dev *hdev;
1642 struct pending_cmd *cmd;
1645 BT_DBG("hci%u", index);
1647 hdev = hci_dev_get(index);
1649 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1651 hci_dev_lock_bh(hdev);
1653 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1659 err = hci_cancel_inquiry(hdev);
1661 mgmt_pending_remove(cmd);
1664 hci_dev_unlock_bh(hdev);
1670 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1673 struct hci_dev *hdev;
1674 struct mgmt_cp_block_device *cp = (void *) data;
1677 BT_DBG("hci%u", index);
1679 if (len != sizeof(*cp))
1680 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1683 hdev = hci_dev_get(index);
1685 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1688 hci_dev_lock_bh(hdev);
1690 err = hci_blacklist_add(hdev, &cp->bdaddr);
1692 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1694 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1697 hci_dev_unlock_bh(hdev);
1703 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1706 struct hci_dev *hdev;
1707 struct mgmt_cp_unblock_device *cp = (void *) data;
1710 BT_DBG("hci%u", index);
1712 if (len != sizeof(*cp))
1713 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1716 hdev = hci_dev_get(index);
1718 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1721 hci_dev_lock_bh(hdev);
1723 err = hci_blacklist_del(hdev, &cp->bdaddr);
1726 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1728 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1731 hci_dev_unlock_bh(hdev);
1737 static int set_fast_connectable(struct sock *sk, u16 index,
1738 unsigned char *data, u16 len)
1740 struct hci_dev *hdev;
1741 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1742 struct hci_cp_write_page_scan_activity acp;
1746 BT_DBG("hci%u", index);
1748 if (len != sizeof(*cp))
1749 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1752 hdev = hci_dev_get(index);
1754 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1760 type = PAGE_SCAN_TYPE_INTERLACED;
1761 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1763 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1764 acp.interval = 0x0800; /* default 1.28 sec page scan */
1767 acp.window = 0x0012; /* default 11.25 msec page scan window */
1769 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1772 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1777 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1779 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1784 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1787 hci_dev_unlock(hdev);
1793 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1796 struct mgmt_hdr *hdr;
1797 u16 opcode, index, len;
1800 BT_DBG("got %zu bytes", msglen);
1802 if (msglen < sizeof(*hdr))
1805 buf = kmalloc(msglen, GFP_KERNEL);
1809 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1814 hdr = (struct mgmt_hdr *) buf;
1815 opcode = get_unaligned_le16(&hdr->opcode);
1816 index = get_unaligned_le16(&hdr->index);
1817 len = get_unaligned_le16(&hdr->len);
1819 if (len != msglen - sizeof(*hdr)) {
1825 case MGMT_OP_READ_VERSION:
1826 err = read_version(sk);
1828 case MGMT_OP_READ_INDEX_LIST:
1829 err = read_index_list(sk);
1831 case MGMT_OP_READ_INFO:
1832 err = read_controller_info(sk, index);
1834 case MGMT_OP_SET_POWERED:
1835 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1837 case MGMT_OP_SET_DISCOVERABLE:
1838 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1840 case MGMT_OP_SET_CONNECTABLE:
1841 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1843 case MGMT_OP_SET_PAIRABLE:
1844 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1846 case MGMT_OP_ADD_UUID:
1847 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1849 case MGMT_OP_REMOVE_UUID:
1850 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1852 case MGMT_OP_SET_DEV_CLASS:
1853 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1855 case MGMT_OP_SET_SERVICE_CACHE:
1856 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1858 case MGMT_OP_LOAD_KEYS:
1859 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1861 case MGMT_OP_REMOVE_KEY:
1862 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1864 case MGMT_OP_DISCONNECT:
1865 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1867 case MGMT_OP_GET_CONNECTIONS:
1868 err = get_connections(sk, index);
1870 case MGMT_OP_PIN_CODE_REPLY:
1871 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1873 case MGMT_OP_PIN_CODE_NEG_REPLY:
1874 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1876 case MGMT_OP_SET_IO_CAPABILITY:
1877 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1879 case MGMT_OP_PAIR_DEVICE:
1880 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1882 case MGMT_OP_USER_CONFIRM_REPLY:
1883 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1885 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1886 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1888 case MGMT_OP_SET_LOCAL_NAME:
1889 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1891 case MGMT_OP_READ_LOCAL_OOB_DATA:
1892 err = read_local_oob_data(sk, index);
1894 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1895 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1897 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1898 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1901 case MGMT_OP_START_DISCOVERY:
1902 err = start_discovery(sk, index);
1904 case MGMT_OP_STOP_DISCOVERY:
1905 err = stop_discovery(sk, index);
1907 case MGMT_OP_BLOCK_DEVICE:
1908 err = block_device(sk, index, buf + sizeof(*hdr), len);
1910 case MGMT_OP_UNBLOCK_DEVICE:
1911 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1913 case MGMT_OP_SET_FAST_CONNECTABLE:
1914 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1918 BT_DBG("Unknown op %u", opcode);
1919 err = cmd_status(sk, index, opcode, 0x01);
1933 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1937 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1938 mgmt_pending_remove(cmd);
1941 int mgmt_index_added(u16 index)
1943 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1946 int mgmt_index_removed(u16 index)
1950 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
1952 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1960 static void mode_rsp(struct pending_cmd *cmd, void *data)
1962 struct mgmt_mode *cp = cmd->param;
1963 struct cmd_lookup *match = data;
1965 if (cp->val != match->val)
1968 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1970 list_del(&cmd->list);
1972 if (match->sk == NULL) {
1973 match->sk = cmd->sk;
1974 sock_hold(match->sk);
1977 mgmt_pending_free(cmd);
1980 int mgmt_powered(u16 index, u8 powered)
1982 struct mgmt_mode ev;
1983 struct cmd_lookup match = { powered, NULL };
1986 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1989 u8 status = ENETDOWN;
1990 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
1995 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2003 int mgmt_discoverable(u16 index, u8 discoverable)
2005 struct mgmt_mode ev;
2006 struct cmd_lookup match = { discoverable, NULL };
2009 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2011 ev.val = discoverable;
2013 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2022 int mgmt_connectable(u16 index, u8 connectable)
2024 struct mgmt_mode ev;
2025 struct cmd_lookup match = { connectable, NULL };
2028 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2030 ev.val = connectable;
2032 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2040 int mgmt_write_scan_failed(u16 index, u8 scan, u8 status)
2042 if (scan & SCAN_PAGE)
2043 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index,
2044 cmd_status_rsp, &status);
2046 if (scan & SCAN_INQUIRY)
2047 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index,
2048 cmd_status_rsp, &status);
2053 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2055 struct mgmt_ev_new_key ev;
2057 memset(&ev, 0, sizeof(ev));
2059 ev.store_hint = persistent;
2060 bacpy(&ev.key.bdaddr, &key->bdaddr);
2061 ev.key.type = key->type;
2062 memcpy(ev.key.val, key->val, 16);
2063 ev.key.pin_len = key->pin_len;
2065 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2068 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2070 struct mgmt_ev_connected ev;
2072 bacpy(&ev.bdaddr, bdaddr);
2073 ev.link_type = link_type;
2075 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2078 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2080 struct mgmt_cp_disconnect *cp = cmd->param;
2081 struct sock **sk = data;
2082 struct mgmt_rp_disconnect rp;
2084 bacpy(&rp.bdaddr, &cp->bdaddr);
2086 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2091 mgmt_pending_remove(cmd);
2094 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2096 struct mgmt_ev_disconnected ev;
2097 struct sock *sk = NULL;
2100 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2102 bacpy(&ev.bdaddr, bdaddr);
2104 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2112 int mgmt_disconnect_failed(u16 index)
2114 struct pending_cmd *cmd;
2117 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2121 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2123 mgmt_pending_remove(cmd);
2128 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2130 struct mgmt_ev_connect_failed ev;
2132 bacpy(&ev.bdaddr, bdaddr);
2135 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2138 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2140 struct mgmt_ev_pin_code_request ev;
2142 bacpy(&ev.bdaddr, bdaddr);
2145 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2149 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2151 struct pending_cmd *cmd;
2152 struct mgmt_rp_pin_code_reply rp;
2155 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2159 bacpy(&rp.bdaddr, bdaddr);
2162 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2165 mgmt_pending_remove(cmd);
2170 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2172 struct pending_cmd *cmd;
2173 struct mgmt_rp_pin_code_reply rp;
2176 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2180 bacpy(&rp.bdaddr, bdaddr);
2183 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2186 mgmt_pending_remove(cmd);
2191 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2194 struct mgmt_ev_user_confirm_request ev;
2196 BT_DBG("hci%u", index);
2198 bacpy(&ev.bdaddr, bdaddr);
2199 ev.confirm_hint = confirm_hint;
2200 put_unaligned_le32(value, &ev.value);
2202 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2206 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2209 struct pending_cmd *cmd;
2210 struct mgmt_rp_user_confirm_reply rp;
2213 cmd = mgmt_pending_find(opcode, index);
2217 bacpy(&rp.bdaddr, bdaddr);
2219 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2221 mgmt_pending_remove(cmd);
2226 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2228 return confirm_reply_complete(index, bdaddr, status,
2229 MGMT_OP_USER_CONFIRM_REPLY);
2232 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2234 return confirm_reply_complete(index, bdaddr, status,
2235 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2238 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2240 struct mgmt_ev_auth_failed ev;
2242 bacpy(&ev.bdaddr, bdaddr);
2245 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2248 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2250 struct pending_cmd *cmd;
2251 struct hci_dev *hdev;
2252 struct mgmt_cp_set_local_name ev;
2255 memset(&ev, 0, sizeof(ev));
2256 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2258 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2263 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2267 hdev = hci_dev_get(index);
2269 hci_dev_lock_bh(hdev);
2271 hci_dev_unlock_bh(hdev);
2275 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2281 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2282 cmd ? cmd->sk : NULL);
2286 mgmt_pending_remove(cmd);
2290 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2293 struct pending_cmd *cmd;
2296 BT_DBG("hci%u status %u", index, status);
2298 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2303 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2306 struct mgmt_rp_read_local_oob_data rp;
2308 memcpy(rp.hash, hash, sizeof(rp.hash));
2309 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2311 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2315 mgmt_pending_remove(cmd);
2320 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2323 struct mgmt_ev_device_found ev;
2325 memset(&ev, 0, sizeof(ev));
2327 bacpy(&ev.bdaddr, bdaddr);
2331 memcpy(ev.eir, eir, sizeof(ev.eir));
2334 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2336 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2339 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2341 struct mgmt_ev_remote_name ev;
2343 memset(&ev, 0, sizeof(ev));
2345 bacpy(&ev.bdaddr, bdaddr);
2346 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2348 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2351 int mgmt_inquiry_failed(u16 index, u8 status)
2353 struct pending_cmd *cmd;
2356 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2360 err = cmd_status(cmd->sk, index, cmd->opcode, status);
2361 mgmt_pending_remove(cmd);
2366 int mgmt_discovering(u16 index, u8 discovering)
2368 struct pending_cmd *cmd;
2371 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2373 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
2376 cmd_complete(cmd->sk, index, cmd->opcode, NULL, 0);
2377 mgmt_pending_remove(cmd);
2380 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2381 sizeof(discovering), NULL);
2384 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2386 struct pending_cmd *cmd;
2387 struct mgmt_ev_device_blocked ev;
2389 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2391 bacpy(&ev.bdaddr, bdaddr);
2393 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2394 cmd ? cmd->sk : NULL);
2397 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2399 struct pending_cmd *cmd;
2400 struct mgmt_ev_device_unblocked ev;
2402 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2404 bacpy(&ev.bdaddr, bdaddr);
2406 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2407 cmd ? cmd->sk : NULL);
projects / ~andy / linux / blob