2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 err = sock_queue_rcv_skb(sk, skb);
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
81 struct mgmt_ev_cmd_complete *ev;
84 BT_DBG("sock %p", sk);
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
100 memcpy(ev->data, rp, rp_len);
102 err = sock_queue_rcv_skb(sk, skb);
109 static int read_version(struct sock *sk)
111 struct mgmt_rp_read_version rp;
113 BT_DBG("sock %p", sk);
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
122 static int read_index_list(struct sock *sk)
124 struct mgmt_rp_read_index_list *rp;
131 BT_DBG("sock %p", sk);
133 read_lock(&hci_dev_list_lock);
136 list_for_each(p, &hci_dev_list) {
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
143 read_unlock(&hci_dev_list_lock);
147 put_unaligned_le16(count, &rp->num_controllers);
150 list_for_each_entry(d, &hci_dev_list, list) {
151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
152 cancel_delayed_work(&d->power_off);
154 if (test_bit(HCI_SETUP, &d->flags))
157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
161 read_unlock(&hci_dev_list_lock);
163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
171 static int read_controller_info(struct sock *sk, u16 index)
173 struct mgmt_rp_read_info rp;
174 struct hci_dev *hdev;
176 BT_DBG("sock %p hci%u", sk, index);
178 hdev = hci_dev_get(index);
180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
185 hci_dev_lock_bh(hdev);
187 set_bit(HCI_MGMT, &hdev->flags);
189 memset(&rp, 0, sizeof(rp));
191 rp.type = hdev->dev_type;
193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198 if (test_bit(HCI_AUTH, &hdev->flags))
200 else if (hdev->ssp_mode > 0)
205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214 hci_dev_unlock_bh(hdev);
217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
220 static void mgmt_pending_free(struct pending_cmd *cmd)
227 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
228 struct hci_dev *hdev,
231 struct pending_cmd *cmd;
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
237 cmd->opcode = opcode;
238 cmd->index = hdev->id;
240 cmd->param = kmalloc(len, GFP_ATOMIC);
247 memcpy(cmd->param, data, len);
252 list_add(&cmd->list, &hdev->mgmt_pending);
257 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
258 void (*cb)(struct pending_cmd *cmd, void *data),
261 struct list_head *p, *n;
263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
264 struct pending_cmd *cmd;
266 cmd = list_entry(p, struct pending_cmd, list);
268 if (opcode > 0 && cmd->opcode != opcode)
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
277 struct pending_cmd *cmd;
279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
280 if (cmd->opcode == opcode)
287 static void mgmt_pending_remove(struct pending_cmd *cmd)
289 list_del(&cmd->list);
290 mgmt_pending_free(cmd);
293 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
295 struct mgmt_mode *cp;
296 struct hci_dev *hdev;
297 struct pending_cmd *cmd;
302 BT_DBG("request for hci%u", index);
304 if (len != sizeof(*cp))
305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
307 hdev = hci_dev_get(index);
309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
311 hci_dev_lock_bh(hdev);
313 up = test_bit(HCI_UP, &hdev->flags);
314 if ((cp->val && up) || (!cp->val && !up)) {
315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
331 queue_work(hdev->workqueue, &hdev->power_on);
333 queue_work(hdev->workqueue, &hdev->power_off.work);
338 hci_dev_unlock_bh(hdev);
343 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
346 struct mgmt_cp_set_discoverable *cp;
347 struct hci_dev *hdev;
348 struct pending_cmd *cmd;
354 BT_DBG("request for hci%u", index);
356 if (len != sizeof(*cp))
357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
359 hdev = hci_dev_get(index);
361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
363 hci_dev_lock_bh(hdev);
365 if (!test_bit(HCI_UP, &hdev->flags)) {
366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
377 test_bit(HCI_PSCAN, &hdev->flags)) {
378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
391 scan |= SCAN_INQUIRY;
393 cancel_delayed_work(&hdev->discov_off);
395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 mgmt_pending_remove(cmd);
400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
403 hci_dev_unlock_bh(hdev);
409 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
412 struct mgmt_mode *cp;
413 struct hci_dev *hdev;
414 struct pending_cmd *cmd;
420 BT_DBG("request for hci%u", index);
422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
425 hdev = hci_dev_get(index);
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
429 hci_dev_lock_bh(hdev);
431 if (!test_bit(HCI_UP, &hdev->flags)) {
432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
460 mgmt_pending_remove(cmd);
463 hci_dev_unlock_bh(hdev);
469 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
470 u16 data_len, struct sock *skip_sk)
473 struct mgmt_hdr *hdr;
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
484 hdr->index = cpu_to_le16(hdev->id);
486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
487 hdr->len = cpu_to_le16(data_len);
490 memcpy(skb_put(skb, data_len), data, data_len);
492 hci_send_to_sock(NULL, skb, skip_sk);
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
516 BT_DBG("request for hci%u", index);
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
521 hdev = hci_dev_get(index);
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
525 hci_dev_lock_bh(hdev);
528 set_bit(HCI_PAIRABLE, &hdev->flags);
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
541 hci_dev_unlock_bh(hdev);
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
559 #define PNP_INFO_SVCLASS_ID 0x1200
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566 static u16 get_uuid16(u8 *uuid128)
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
576 memcpy(&val, &uuid128[12], 4);
578 val = le32_to_cpu(val);
585 static void create_eir(struct hci_dev *hdev, u8 *data)
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct bt_uuid *uuid;
594 name_len = strlen(hdev->dev_name);
600 ptr[1] = EIR_NAME_SHORT;
602 ptr[1] = EIR_NAME_COMPLETE;
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
607 memcpy(ptr + 2, hdev->dev_name, name_len);
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
613 memset(uuid16_list, 0, sizeof(uuid16_list));
615 /* Group all UUID16 types */
616 list_for_each_entry(uuid, &hdev->uuids, list) {
619 uuid16 = get_uuid16(uuid->uuid);
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
646 if (uuid16_list[0] != 0) {
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
665 static int update_eir(struct hci_dev *hdev)
667 struct hci_cp_write_eir cp;
669 if (!(hdev->features[6] & LMP_EXT_INQ))
672 if (hdev->ssp_mode == 0)
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
678 memset(&cp, 0, sizeof(cp));
680 create_eir(hdev, cp.data);
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
690 static u8 get_service_classes(struct hci_dev *hdev)
692 struct bt_uuid *uuid;
695 list_for_each_entry(uuid, &hdev->uuids, list)
696 val |= uuid->svc_hint;
701 static int update_class(struct hci_dev *hdev)
705 BT_DBG("%s", hdev->name);
707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
710 cod[0] = hdev->minor_class;
711 cod[1] = hdev->major_class;
712 cod[2] = get_service_classes(hdev);
714 if (memcmp(cod, hdev->dev_class, 3) == 0)
717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
720 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
722 struct mgmt_cp_add_uuid *cp;
723 struct hci_dev *hdev;
724 struct bt_uuid *uuid;
729 BT_DBG("request for hci%u", index);
731 if (len != sizeof(*cp))
732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
734 hdev = hci_dev_get(index);
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
738 hci_dev_lock_bh(hdev);
740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
746 memcpy(uuid->uuid, cp->uuid, 16);
747 uuid->svc_hint = cp->svc_hint;
749 list_add(&uuid->list, &hdev->uuids);
751 err = update_class(hdev);
755 err = update_eir(hdev);
759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
762 hci_dev_unlock_bh(hdev);
768 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
770 struct list_head *p, *n;
771 struct mgmt_cp_remove_uuid *cp;
772 struct hci_dev *hdev;
773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 BT_DBG("request for hci%u", index);
780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
783 hdev = hci_dev_get(index);
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
787 hci_dev_lock_bh(hdev);
789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
790 err = hci_uuids_clear(hdev);
796 list_for_each_safe(p, n, &hdev->uuids) {
797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
799 if (memcmp(match->uuid, cp->uuid, 16) != 0)
802 list_del(&match->list);
807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
811 err = update_class(hdev);
815 err = update_eir(hdev);
819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
822 hci_dev_unlock_bh(hdev);
828 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
831 struct hci_dev *hdev;
832 struct mgmt_cp_set_dev_class *cp;
837 BT_DBG("request for hci%u", index);
839 if (len != sizeof(*cp))
840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
842 hdev = hci_dev_get(index);
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
846 hci_dev_lock_bh(hdev);
848 hdev->major_class = cp->major;
849 hdev->minor_class = cp->minor;
851 err = update_class(hdev);
854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
856 hci_dev_unlock_bh(hdev);
862 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
865 struct hci_dev *hdev;
866 struct mgmt_cp_set_service_cache *cp;
871 if (len != sizeof(*cp))
872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
874 hdev = hci_dev_get(index);
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
878 hci_dev_lock_bh(hdev);
880 BT_DBG("hci%u enable %d", index, cp->enable);
883 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = update_class(hdev);
889 err = update_eir(hdev);
893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
899 hci_dev_unlock_bh(hdev);
905 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_link_keys *cp;
910 u16 key_count, expected_len;
915 if (len < sizeof(*cp))
916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
918 key_count = get_unaligned_le16(&cp->key_count);
920 expected_len = sizeof(*cp) + key_count *
921 sizeof(struct mgmt_link_key_info);
922 if (expected_len != len) {
923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
928 hdev = hci_dev_get(index);
930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
935 hci_dev_lock_bh(hdev);
937 hci_link_keys_clear(hdev);
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
946 for (i = 0; i < key_count; i++) {
947 struct mgmt_link_key_info *key = &cp->keys[i];
949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
953 hci_dev_unlock_bh(hdev);
959 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
962 struct hci_dev *hdev;
963 struct mgmt_cp_remove_keys *cp;
964 struct mgmt_rp_remove_keys rp;
965 struct hci_cp_disconnect dc;
966 struct pending_cmd *cmd;
967 struct hci_conn *conn;
972 if (len != sizeof(*cp))
973 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
975 hdev = hci_dev_get(index);
977 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
979 hci_dev_lock_bh(hdev);
981 memset(&rp, 0, sizeof(rp));
982 bacpy(&rp.bdaddr, &cp->bdaddr);
984 err = hci_remove_link_key(hdev, &cp->bdaddr);
988 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
996 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1001 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1007 put_unaligned_le16(conn->handle, &dc.handle);
1008 dc.reason = 0x13; /* Remote User Terminated Connection */
1009 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1011 mgmt_pending_remove(cmd);
1016 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1019 hci_dev_unlock_bh(hdev);
1025 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1027 struct hci_dev *hdev;
1028 struct mgmt_cp_disconnect *cp;
1029 struct hci_cp_disconnect dc;
1030 struct pending_cmd *cmd;
1031 struct hci_conn *conn;
1038 if (len != sizeof(*cp))
1039 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1041 hdev = hci_dev_get(index);
1043 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1045 hci_dev_lock_bh(hdev);
1047 if (!test_bit(HCI_UP, &hdev->flags)) {
1048 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1052 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1053 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1059 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1062 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1066 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1072 put_unaligned_le16(conn->handle, &dc.handle);
1073 dc.reason = 0x13; /* Remote User Terminated Connection */
1075 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1077 mgmt_pending_remove(cmd);
1080 hci_dev_unlock_bh(hdev);
1086 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1088 switch (link_type) {
1090 switch (addr_type) {
1091 case ADDR_LE_DEV_PUBLIC:
1092 return MGMT_ADDR_LE_PUBLIC;
1093 case ADDR_LE_DEV_RANDOM:
1094 return MGMT_ADDR_LE_RANDOM;
1096 return MGMT_ADDR_INVALID;
1099 return MGMT_ADDR_BREDR;
1101 return MGMT_ADDR_INVALID;
1105 static int get_connections(struct sock *sk, u16 index)
1107 struct mgmt_rp_get_connections *rp;
1108 struct hci_dev *hdev;
1110 struct list_head *p;
1117 hdev = hci_dev_get(index);
1119 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1121 hci_dev_lock_bh(hdev);
1124 list_for_each(p, &hdev->conn_hash.list) {
1128 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1129 rp = kmalloc(rp_len, GFP_ATOMIC);
1135 put_unaligned_le16(count, &rp->conn_count);
1138 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1139 bacpy(&rp->addr[i].bdaddr, &c->dst);
1140 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1141 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1146 /* Recalculate length in case of filtered SCO connections, etc */
1147 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1149 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1153 hci_dev_unlock_bh(hdev);
1158 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1159 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1161 struct pending_cmd *cmd;
1164 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1169 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1172 mgmt_pending_remove(cmd);
1177 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1180 struct hci_dev *hdev;
1181 struct hci_conn *conn;
1182 struct mgmt_cp_pin_code_reply *cp;
1183 struct mgmt_cp_pin_code_neg_reply ncp;
1184 struct hci_cp_pin_code_reply reply;
1185 struct pending_cmd *cmd;
1192 if (len != sizeof(*cp))
1193 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1195 hdev = hci_dev_get(index);
1197 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1199 hci_dev_lock_bh(hdev);
1201 if (!test_bit(HCI_UP, &hdev->flags)) {
1202 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1206 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1208 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1212 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1213 bacpy(&ncp.bdaddr, &cp->bdaddr);
1215 BT_ERR("PIN code is not 16 bytes long");
1217 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1219 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1225 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1231 bacpy(&reply.bdaddr, &cp->bdaddr);
1232 reply.pin_len = cp->pin_len;
1233 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1235 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1237 mgmt_pending_remove(cmd);
1240 hci_dev_unlock_bh(hdev);
1246 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1249 struct hci_dev *hdev;
1250 struct mgmt_cp_pin_code_neg_reply *cp;
1257 if (len != sizeof(*cp))
1258 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1261 hdev = hci_dev_get(index);
1263 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1266 hci_dev_lock_bh(hdev);
1268 if (!test_bit(HCI_UP, &hdev->flags)) {
1269 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1274 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1277 hci_dev_unlock_bh(hdev);
1283 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1286 struct hci_dev *hdev;
1287 struct mgmt_cp_set_io_capability *cp;
1293 if (len != sizeof(*cp))
1294 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1296 hdev = hci_dev_get(index);
1298 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1300 hci_dev_lock_bh(hdev);
1302 hdev->io_capability = cp->io_capability;
1304 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1305 hdev->io_capability);
1307 hci_dev_unlock_bh(hdev);
1310 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1313 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1315 struct hci_dev *hdev = conn->hdev;
1316 struct pending_cmd *cmd;
1318 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1319 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1322 if (cmd->user_data != conn)
1331 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1333 struct mgmt_rp_pair_device rp;
1334 struct hci_conn *conn = cmd->user_data;
1336 bacpy(&rp.addr.bdaddr, &conn->dst);
1337 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1340 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1342 /* So we don't get further callbacks for this connection */
1343 conn->connect_cfm_cb = NULL;
1344 conn->security_cfm_cb = NULL;
1345 conn->disconn_cfm_cb = NULL;
1349 mgmt_pending_remove(cmd);
1352 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1354 struct pending_cmd *cmd;
1356 BT_DBG("status %u", status);
1358 cmd = find_pairing(conn);
1360 BT_DBG("Unable to find a pending command");
1362 pairing_complete(cmd, status);
1365 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1367 struct hci_dev *hdev;
1368 struct mgmt_cp_pair_device *cp;
1369 struct pending_cmd *cmd;
1370 u8 sec_level, auth_type;
1371 struct hci_conn *conn;
1378 if (len != sizeof(*cp))
1379 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1381 hdev = hci_dev_get(index);
1383 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1385 hci_dev_lock_bh(hdev);
1387 sec_level = BT_SECURITY_MEDIUM;
1388 if (cp->io_cap == 0x03)
1389 auth_type = HCI_AT_DEDICATED_BONDING;
1391 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1393 if (cp->addr.type == MGMT_ADDR_BREDR)
1394 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1397 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1401 err = PTR_ERR(conn);
1405 if (conn->connect_cfm_cb) {
1407 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1411 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1418 /* For LE, just connecting isn't a proof that the pairing finished */
1419 if (cp->addr.type == MGMT_ADDR_BREDR)
1420 conn->connect_cfm_cb = pairing_complete_cb;
1422 conn->security_cfm_cb = pairing_complete_cb;
1423 conn->disconn_cfm_cb = pairing_complete_cb;
1424 conn->io_capability = cp->io_cap;
1425 cmd->user_data = conn;
1427 if (conn->state == BT_CONNECTED &&
1428 hci_conn_security(conn, sec_level, auth_type))
1429 pairing_complete(cmd, 0);
1434 hci_dev_unlock_bh(hdev);
1440 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1441 u16 len, int success)
1443 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1444 u16 mgmt_op, hci_op;
1445 struct pending_cmd *cmd;
1446 struct hci_dev *hdev;
1452 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1453 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1455 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1456 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1459 if (len != sizeof(*cp))
1460 return cmd_status(sk, index, mgmt_op, EINVAL);
1462 hdev = hci_dev_get(index);
1464 return cmd_status(sk, index, mgmt_op, ENODEV);
1466 hci_dev_lock_bh(hdev);
1468 if (!test_bit(HCI_UP, &hdev->flags)) {
1469 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1473 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1479 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1481 mgmt_pending_remove(cmd);
1484 hci_dev_unlock_bh(hdev);
1490 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1493 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1494 struct hci_cp_write_local_name hci_cp;
1495 struct hci_dev *hdev;
1496 struct pending_cmd *cmd;
1501 if (len != sizeof(*mgmt_cp))
1502 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1504 hdev = hci_dev_get(index);
1506 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1508 hci_dev_lock_bh(hdev);
1510 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1516 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1517 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1520 mgmt_pending_remove(cmd);
1523 hci_dev_unlock_bh(hdev);
1529 static int read_local_oob_data(struct sock *sk, u16 index)
1531 struct hci_dev *hdev;
1532 struct pending_cmd *cmd;
1535 BT_DBG("hci%u", index);
1537 hdev = hci_dev_get(index);
1539 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1542 hci_dev_lock_bh(hdev);
1544 if (!test_bit(HCI_UP, &hdev->flags)) {
1545 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1550 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1551 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1556 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1557 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1561 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1567 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1569 mgmt_pending_remove(cmd);
1572 hci_dev_unlock_bh(hdev);
1578 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1581 struct hci_dev *hdev;
1582 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1585 BT_DBG("hci%u ", index);
1587 if (len != sizeof(*cp))
1588 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1591 hdev = hci_dev_get(index);
1593 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1596 hci_dev_lock_bh(hdev);
1598 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1601 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1603 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1606 hci_dev_unlock_bh(hdev);
1612 static int remove_remote_oob_data(struct sock *sk, u16 index,
1613 unsigned char *data, u16 len)
1615 struct hci_dev *hdev;
1616 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1619 BT_DBG("hci%u ", index);
1621 if (len != sizeof(*cp))
1622 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1625 hdev = hci_dev_get(index);
1627 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1630 hci_dev_lock_bh(hdev);
1632 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1634 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1637 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1640 hci_dev_unlock_bh(hdev);
1646 static int start_discovery(struct sock *sk, u16 index)
1648 struct pending_cmd *cmd;
1649 struct hci_dev *hdev;
1652 BT_DBG("hci%u", index);
1654 hdev = hci_dev_get(index);
1656 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1658 hci_dev_lock_bh(hdev);
1660 if (!test_bit(HCI_UP, &hdev->flags)) {
1661 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1665 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1671 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1673 mgmt_pending_remove(cmd);
1676 hci_dev_unlock_bh(hdev);
1682 static int stop_discovery(struct sock *sk, u16 index)
1684 struct hci_dev *hdev;
1685 struct pending_cmd *cmd;
1688 BT_DBG("hci%u", index);
1690 hdev = hci_dev_get(index);
1692 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1694 hci_dev_lock_bh(hdev);
1696 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1702 err = hci_cancel_inquiry(hdev);
1704 mgmt_pending_remove(cmd);
1707 hci_dev_unlock_bh(hdev);
1713 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1716 struct hci_dev *hdev;
1717 struct mgmt_cp_block_device *cp = (void *) data;
1720 BT_DBG("hci%u", index);
1722 if (len != sizeof(*cp))
1723 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1726 hdev = hci_dev_get(index);
1728 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1731 hci_dev_lock_bh(hdev);
1733 err = hci_blacklist_add(hdev, &cp->bdaddr);
1735 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1737 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1740 hci_dev_unlock_bh(hdev);
1746 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1749 struct hci_dev *hdev;
1750 struct mgmt_cp_unblock_device *cp = (void *) data;
1753 BT_DBG("hci%u", index);
1755 if (len != sizeof(*cp))
1756 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1759 hdev = hci_dev_get(index);
1761 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1764 hci_dev_lock_bh(hdev);
1766 err = hci_blacklist_del(hdev, &cp->bdaddr);
1769 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1771 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1774 hci_dev_unlock_bh(hdev);
1780 static int set_fast_connectable(struct sock *sk, u16 index,
1781 unsigned char *data, u16 len)
1783 struct hci_dev *hdev;
1784 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1785 struct hci_cp_write_page_scan_activity acp;
1789 BT_DBG("hci%u", index);
1791 if (len != sizeof(*cp))
1792 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1795 hdev = hci_dev_get(index);
1797 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1803 type = PAGE_SCAN_TYPE_INTERLACED;
1804 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1806 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1807 acp.interval = 0x0800; /* default 1.28 sec page scan */
1810 acp.window = 0x0012; /* default 11.25 msec page scan window */
1812 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1815 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1820 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1822 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1827 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1830 hci_dev_unlock(hdev);
1836 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1839 struct mgmt_hdr *hdr;
1840 u16 opcode, index, len;
1843 BT_DBG("got %zu bytes", msglen);
1845 if (msglen < sizeof(*hdr))
1848 buf = kmalloc(msglen, GFP_KERNEL);
1852 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1857 hdr = (struct mgmt_hdr *) buf;
1858 opcode = get_unaligned_le16(&hdr->opcode);
1859 index = get_unaligned_le16(&hdr->index);
1860 len = get_unaligned_le16(&hdr->len);
1862 if (len != msglen - sizeof(*hdr)) {
1868 case MGMT_OP_READ_VERSION:
1869 err = read_version(sk);
1871 case MGMT_OP_READ_INDEX_LIST:
1872 err = read_index_list(sk);
1874 case MGMT_OP_READ_INFO:
1875 err = read_controller_info(sk, index);
1877 case MGMT_OP_SET_POWERED:
1878 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1880 case MGMT_OP_SET_DISCOVERABLE:
1881 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1883 case MGMT_OP_SET_CONNECTABLE:
1884 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1886 case MGMT_OP_SET_PAIRABLE:
1887 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1889 case MGMT_OP_ADD_UUID:
1890 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1892 case MGMT_OP_REMOVE_UUID:
1893 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1895 case MGMT_OP_SET_DEV_CLASS:
1896 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1898 case MGMT_OP_SET_SERVICE_CACHE:
1899 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1901 case MGMT_OP_LOAD_LINK_KEYS:
1902 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1904 case MGMT_OP_REMOVE_KEYS:
1905 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1907 case MGMT_OP_DISCONNECT:
1908 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1910 case MGMT_OP_GET_CONNECTIONS:
1911 err = get_connections(sk, index);
1913 case MGMT_OP_PIN_CODE_REPLY:
1914 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1916 case MGMT_OP_PIN_CODE_NEG_REPLY:
1917 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1919 case MGMT_OP_SET_IO_CAPABILITY:
1920 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1922 case MGMT_OP_PAIR_DEVICE:
1923 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1925 case MGMT_OP_USER_CONFIRM_REPLY:
1926 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1928 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1929 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1931 case MGMT_OP_SET_LOCAL_NAME:
1932 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1934 case MGMT_OP_READ_LOCAL_OOB_DATA:
1935 err = read_local_oob_data(sk, index);
1937 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1938 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1940 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1941 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1944 case MGMT_OP_START_DISCOVERY:
1945 err = start_discovery(sk, index);
1947 case MGMT_OP_STOP_DISCOVERY:
1948 err = stop_discovery(sk, index);
1950 case MGMT_OP_BLOCK_DEVICE:
1951 err = block_device(sk, index, buf + sizeof(*hdr), len);
1953 case MGMT_OP_UNBLOCK_DEVICE:
1954 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1956 case MGMT_OP_SET_FAST_CONNECTABLE:
1957 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1961 BT_DBG("Unknown op %u", opcode);
1962 err = cmd_status(sk, index, opcode, 0x01);
1976 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1980 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1981 mgmt_pending_remove(cmd);
1984 int mgmt_index_added(struct hci_dev *hdev)
1986 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1989 int mgmt_index_removed(struct hci_dev *hdev)
1993 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1995 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2003 static void mode_rsp(struct pending_cmd *cmd, void *data)
2005 struct mgmt_mode *cp = cmd->param;
2006 struct cmd_lookup *match = data;
2008 if (cp->val != match->val)
2011 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
2013 list_del(&cmd->list);
2015 if (match->sk == NULL) {
2016 match->sk = cmd->sk;
2017 sock_hold(match->sk);
2020 mgmt_pending_free(cmd);
2023 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2025 struct mgmt_mode ev;
2026 struct cmd_lookup match = { powered, NULL };
2029 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2032 u8 status = ENETDOWN;
2033 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2038 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2046 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2048 struct mgmt_mode ev;
2049 struct cmd_lookup match = { discoverable, NULL };
2052 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2054 ev.val = discoverable;
2056 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2065 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2067 struct mgmt_mode ev;
2068 struct cmd_lookup match = { connectable, NULL };
2071 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2073 ev.val = connectable;
2075 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2083 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2085 if (scan & SCAN_PAGE)
2086 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2087 cmd_status_rsp, &status);
2089 if (scan & SCAN_INQUIRY)
2090 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2091 cmd_status_rsp, &status);
2096 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2099 struct mgmt_ev_new_link_key ev;
2101 memset(&ev, 0, sizeof(ev));
2103 ev.store_hint = persistent;
2104 bacpy(&ev.key.bdaddr, &key->bdaddr);
2105 ev.key.type = key->type;
2106 memcpy(ev.key.val, key->val, 16);
2107 ev.key.pin_len = key->pin_len;
2109 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2112 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2115 struct mgmt_addr_info ev;
2117 bacpy(&ev.bdaddr, bdaddr);
2118 ev.type = link_to_mgmt(link_type, addr_type);
2120 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2123 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2125 struct mgmt_cp_disconnect *cp = cmd->param;
2126 struct sock **sk = data;
2127 struct mgmt_rp_disconnect rp;
2129 bacpy(&rp.bdaddr, &cp->bdaddr);
2132 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2137 mgmt_pending_remove(cmd);
2140 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2143 struct mgmt_cp_remove_keys *cp = cmd->param;
2144 struct mgmt_rp_remove_keys rp;
2146 memset(&rp, 0, sizeof(rp));
2147 bacpy(&rp.bdaddr, &cp->bdaddr);
2149 rp.status = *status;
2151 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2154 mgmt_pending_remove(cmd);
2157 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2160 struct mgmt_addr_info ev;
2161 struct sock *sk = NULL;
2164 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2166 bacpy(&ev.bdaddr, bdaddr);
2167 ev.type = link_to_mgmt(link_type, addr_type);
2169 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2174 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2179 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2181 struct pending_cmd *cmd;
2184 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2189 struct mgmt_rp_disconnect rp;
2191 bacpy(&rp.bdaddr, bdaddr);
2194 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2197 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2200 mgmt_pending_remove(cmd);
2205 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2206 u8 addr_type, u8 status)
2208 struct mgmt_ev_connect_failed ev;
2210 bacpy(&ev.addr.bdaddr, bdaddr);
2211 ev.addr.type = link_to_mgmt(link_type, addr_type);
2214 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2217 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2219 struct mgmt_ev_pin_code_request ev;
2221 bacpy(&ev.bdaddr, bdaddr);
2224 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2228 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2231 struct pending_cmd *cmd;
2232 struct mgmt_rp_pin_code_reply rp;
2235 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2239 bacpy(&rp.bdaddr, bdaddr);
2242 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2245 mgmt_pending_remove(cmd);
2250 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2253 struct pending_cmd *cmd;
2254 struct mgmt_rp_pin_code_reply rp;
2257 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2261 bacpy(&rp.bdaddr, bdaddr);
2264 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2267 mgmt_pending_remove(cmd);
2272 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2273 __le32 value, u8 confirm_hint)
2275 struct mgmt_ev_user_confirm_request ev;
2277 BT_DBG("%s", hdev->name);
2279 bacpy(&ev.bdaddr, bdaddr);
2280 ev.confirm_hint = confirm_hint;
2281 put_unaligned_le32(value, &ev.value);
2283 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2287 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2288 u8 status, u8 opcode)
2290 struct pending_cmd *cmd;
2291 struct mgmt_rp_user_confirm_reply rp;
2294 cmd = mgmt_pending_find(opcode, hdev);
2298 bacpy(&rp.bdaddr, bdaddr);
2300 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2302 mgmt_pending_remove(cmd);
2307 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2310 return confirm_reply_complete(hdev, bdaddr, status,
2311 MGMT_OP_USER_CONFIRM_REPLY);
2314 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2315 bdaddr_t *bdaddr, u8 status)
2317 return confirm_reply_complete(hdev, bdaddr, status,
2318 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2321 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2323 struct mgmt_ev_auth_failed ev;
2325 bacpy(&ev.bdaddr, bdaddr);
2328 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2331 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2333 struct pending_cmd *cmd;
2334 struct mgmt_cp_set_local_name ev;
2337 memset(&ev, 0, sizeof(ev));
2338 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2340 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2345 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2352 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2358 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2359 cmd ? cmd->sk : NULL);
2363 mgmt_pending_remove(cmd);
2367 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2368 u8 *randomizer, u8 status)
2370 struct pending_cmd *cmd;
2373 BT_DBG("%s status %u", hdev->name, status);
2375 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2380 err = cmd_status(cmd->sk, hdev->id,
2381 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2383 struct mgmt_rp_read_local_oob_data rp;
2385 memcpy(rp.hash, hash, sizeof(rp.hash));
2386 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2388 err = cmd_complete(cmd->sk, hdev->id,
2389 MGMT_OP_READ_LOCAL_OOB_DATA,
2393 mgmt_pending_remove(cmd);
2398 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2399 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2401 struct mgmt_ev_device_found ev;
2403 memset(&ev, 0, sizeof(ev));
2405 bacpy(&ev.addr.bdaddr, bdaddr);
2406 ev.addr.type = link_to_mgmt(link_type, addr_type);
2410 memcpy(ev.eir, eir, sizeof(ev.eir));
2413 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2415 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2418 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2420 struct mgmt_ev_remote_name ev;
2422 memset(&ev, 0, sizeof(ev));
2424 bacpy(&ev.bdaddr, bdaddr);
2425 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2427 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2430 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2432 struct pending_cmd *cmd;
2435 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2439 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2440 mgmt_pending_remove(cmd);
2445 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2447 struct pending_cmd *cmd;
2450 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2454 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2455 mgmt_pending_remove(cmd);
2460 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2462 struct pending_cmd *cmd;
2465 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2467 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2470 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2471 mgmt_pending_remove(cmd);
2474 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2475 sizeof(discovering), NULL);
2478 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2480 struct pending_cmd *cmd;
2481 struct mgmt_ev_device_blocked ev;
2483 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2485 bacpy(&ev.bdaddr, bdaddr);
2487 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2488 cmd ? cmd->sk : NULL);
2491 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2493 struct pending_cmd *cmd;
2494 struct mgmt_ev_device_unblocked ev;
2496 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2498 bacpy(&ev.bdaddr, bdaddr);
2500 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2501 cmd ? cmd->sk : NULL);
projects / ~andy / linux / blob