2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 err = sock_queue_rcv_skb(sk, skb);
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
81 struct mgmt_ev_cmd_complete *ev;
84 BT_DBG("sock %p", sk);
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
100 memcpy(ev->data, rp, rp_len);
102 err = sock_queue_rcv_skb(sk, skb);
109 static int read_version(struct sock *sk)
111 struct mgmt_rp_read_version rp;
113 BT_DBG("sock %p", sk);
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
122 static int read_index_list(struct sock *sk)
124 struct mgmt_rp_read_index_list *rp;
131 BT_DBG("sock %p", sk);
133 read_lock(&hci_dev_list_lock);
136 list_for_each(p, &hci_dev_list) {
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
143 read_unlock(&hci_dev_list_lock);
147 put_unaligned_le16(count, &rp->num_controllers);
150 list_for_each_entry(d, &hci_dev_list, list) {
151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
152 cancel_delayed_work(&d->power_off);
154 if (test_bit(HCI_SETUP, &d->flags))
157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
161 read_unlock(&hci_dev_list_lock);
163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
171 static int read_controller_info(struct sock *sk, u16 index)
173 struct mgmt_rp_read_info rp;
174 struct hci_dev *hdev;
176 BT_DBG("sock %p hci%u", sk, index);
178 hdev = hci_dev_get(index);
180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
185 hci_dev_lock_bh(hdev);
187 set_bit(HCI_MGMT, &hdev->flags);
189 memset(&rp, 0, sizeof(rp));
191 rp.type = hdev->dev_type;
193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198 if (test_bit(HCI_AUTH, &hdev->flags))
200 else if (hdev->ssp_mode > 0)
205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214 hci_dev_unlock_bh(hdev);
217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
220 static void mgmt_pending_free(struct pending_cmd *cmd)
227 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
228 struct hci_dev *hdev,
231 struct pending_cmd *cmd;
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
237 cmd->opcode = opcode;
238 cmd->index = hdev->id;
240 cmd->param = kmalloc(len, GFP_ATOMIC);
247 memcpy(cmd->param, data, len);
252 list_add(&cmd->list, &hdev->mgmt_pending);
257 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
258 void (*cb)(struct pending_cmd *cmd, void *data),
261 struct list_head *p, *n;
263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
264 struct pending_cmd *cmd;
266 cmd = list_entry(p, struct pending_cmd, list);
268 if (opcode > 0 && cmd->opcode != opcode)
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
277 struct pending_cmd *cmd;
279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
280 if (cmd->opcode == opcode)
287 static void mgmt_pending_remove(struct pending_cmd *cmd)
289 list_del(&cmd->list);
290 mgmt_pending_free(cmd);
293 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
295 struct mgmt_mode *cp;
296 struct hci_dev *hdev;
297 struct pending_cmd *cmd;
302 BT_DBG("request for hci%u", index);
304 if (len != sizeof(*cp))
305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
307 hdev = hci_dev_get(index);
309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
311 hci_dev_lock_bh(hdev);
313 up = test_bit(HCI_UP, &hdev->flags);
314 if ((cp->val && up) || (!cp->val && !up)) {
315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
331 queue_work(hdev->workqueue, &hdev->power_on);
333 queue_work(hdev->workqueue, &hdev->power_off.work);
338 hci_dev_unlock_bh(hdev);
343 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
346 struct mgmt_cp_set_discoverable *cp;
347 struct hci_dev *hdev;
348 struct pending_cmd *cmd;
354 BT_DBG("request for hci%u", index);
356 if (len != sizeof(*cp))
357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
359 hdev = hci_dev_get(index);
361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
363 hci_dev_lock_bh(hdev);
365 if (!test_bit(HCI_UP, &hdev->flags)) {
366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
377 test_bit(HCI_PSCAN, &hdev->flags)) {
378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
391 scan |= SCAN_INQUIRY;
393 cancel_delayed_work(&hdev->discov_off);
395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 mgmt_pending_remove(cmd);
400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
403 hci_dev_unlock_bh(hdev);
409 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
412 struct mgmt_mode *cp;
413 struct hci_dev *hdev;
414 struct pending_cmd *cmd;
420 BT_DBG("request for hci%u", index);
422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
425 hdev = hci_dev_get(index);
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
429 hci_dev_lock_bh(hdev);
431 if (!test_bit(HCI_UP, &hdev->flags)) {
432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
460 mgmt_pending_remove(cmd);
463 hci_dev_unlock_bh(hdev);
469 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
470 u16 data_len, struct sock *skip_sk)
473 struct mgmt_hdr *hdr;
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
484 hdr->index = cpu_to_le16(hdev->id);
486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
487 hdr->len = cpu_to_le16(data_len);
490 memcpy(skb_put(skb, data_len), data, data_len);
492 hci_send_to_sock(NULL, skb, skip_sk);
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
516 BT_DBG("request for hci%u", index);
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
521 hdev = hci_dev_get(index);
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
525 hci_dev_lock_bh(hdev);
528 set_bit(HCI_PAIRABLE, &hdev->flags);
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
541 hci_dev_unlock_bh(hdev);
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
559 #define PNP_INFO_SVCLASS_ID 0x1200
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566 static u16 get_uuid16(u8 *uuid128)
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
576 memcpy(&val, &uuid128[12], 4);
578 val = le32_to_cpu(val);
585 static void create_eir(struct hci_dev *hdev, u8 *data)
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct bt_uuid *uuid;
594 name_len = strlen(hdev->dev_name);
600 ptr[1] = EIR_NAME_SHORT;
602 ptr[1] = EIR_NAME_COMPLETE;
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
607 memcpy(ptr + 2, hdev->dev_name, name_len);
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
613 memset(uuid16_list, 0, sizeof(uuid16_list));
615 /* Group all UUID16 types */
616 list_for_each_entry(uuid, &hdev->uuids, list) {
619 uuid16 = get_uuid16(uuid->uuid);
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
646 if (uuid16_list[0] != 0) {
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
665 static int update_eir(struct hci_dev *hdev)
667 struct hci_cp_write_eir cp;
669 if (!(hdev->features[6] & LMP_EXT_INQ))
672 if (hdev->ssp_mode == 0)
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
678 memset(&cp, 0, sizeof(cp));
680 create_eir(hdev, cp.data);
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
690 static u8 get_service_classes(struct hci_dev *hdev)
692 struct bt_uuid *uuid;
695 list_for_each_entry(uuid, &hdev->uuids, list)
696 val |= uuid->svc_hint;
701 static int update_class(struct hci_dev *hdev)
705 BT_DBG("%s", hdev->name);
707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
710 cod[0] = hdev->minor_class;
711 cod[1] = hdev->major_class;
712 cod[2] = get_service_classes(hdev);
714 if (memcmp(cod, hdev->dev_class, 3) == 0)
717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
720 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
722 struct mgmt_cp_add_uuid *cp;
723 struct hci_dev *hdev;
724 struct bt_uuid *uuid;
729 BT_DBG("request for hci%u", index);
731 if (len != sizeof(*cp))
732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
734 hdev = hci_dev_get(index);
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
738 hci_dev_lock_bh(hdev);
740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
746 memcpy(uuid->uuid, cp->uuid, 16);
747 uuid->svc_hint = cp->svc_hint;
749 list_add(&uuid->list, &hdev->uuids);
751 err = update_class(hdev);
755 err = update_eir(hdev);
759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
762 hci_dev_unlock_bh(hdev);
768 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
770 struct list_head *p, *n;
771 struct mgmt_cp_remove_uuid *cp;
772 struct hci_dev *hdev;
773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 BT_DBG("request for hci%u", index);
780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
783 hdev = hci_dev_get(index);
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
787 hci_dev_lock_bh(hdev);
789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
790 err = hci_uuids_clear(hdev);
796 list_for_each_safe(p, n, &hdev->uuids) {
797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
799 if (memcmp(match->uuid, cp->uuid, 16) != 0)
802 list_del(&match->list);
807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
811 err = update_class(hdev);
815 err = update_eir(hdev);
819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
822 hci_dev_unlock_bh(hdev);
828 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
831 struct hci_dev *hdev;
832 struct mgmt_cp_set_dev_class *cp;
837 BT_DBG("request for hci%u", index);
839 if (len != sizeof(*cp))
840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
842 hdev = hci_dev_get(index);
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
846 hci_dev_lock_bh(hdev);
848 hdev->major_class = cp->major;
849 hdev->minor_class = cp->minor;
851 err = update_class(hdev);
854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
856 hci_dev_unlock_bh(hdev);
862 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
865 struct hci_dev *hdev;
866 struct mgmt_cp_set_service_cache *cp;
871 if (len != sizeof(*cp))
872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
874 hdev = hci_dev_get(index);
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
878 hci_dev_lock_bh(hdev);
880 BT_DBG("hci%u enable %d", index, cp->enable);
883 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = update_class(hdev);
889 err = update_eir(hdev);
893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
899 hci_dev_unlock_bh(hdev);
905 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_link_keys *cp;
910 u16 key_count, expected_len;
915 if (len < sizeof(*cp))
916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
918 key_count = get_unaligned_le16(&cp->key_count);
920 expected_len = sizeof(*cp) + key_count *
921 sizeof(struct mgmt_link_key_info);
922 if (expected_len != len) {
923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
928 hdev = hci_dev_get(index);
930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
935 hci_dev_lock_bh(hdev);
937 hci_link_keys_clear(hdev);
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
946 for (i = 0; i < key_count; i++) {
947 struct mgmt_link_key_info *key = &cp->keys[i];
949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
953 hci_dev_unlock_bh(hdev);
959 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
962 struct hci_dev *hdev;
963 struct mgmt_cp_remove_keys *cp;
964 struct hci_conn *conn;
969 if (len != sizeof(*cp))
970 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
972 hdev = hci_dev_get(index);
974 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
976 hci_dev_lock_bh(hdev);
978 err = hci_remove_link_key(hdev, &cp->bdaddr);
980 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
986 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
989 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
991 struct hci_cp_disconnect dc;
993 put_unaligned_le16(conn->handle, &dc.handle);
994 dc.reason = 0x13; /* Remote User Terminated Connection */
995 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
999 hci_dev_unlock_bh(hdev);
1005 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1007 struct hci_dev *hdev;
1008 struct mgmt_cp_disconnect *cp;
1009 struct hci_cp_disconnect dc;
1010 struct pending_cmd *cmd;
1011 struct hci_conn *conn;
1018 if (len != sizeof(*cp))
1019 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1021 hdev = hci_dev_get(index);
1023 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1025 hci_dev_lock_bh(hdev);
1027 if (!test_bit(HCI_UP, &hdev->flags)) {
1028 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1032 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1033 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1039 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1042 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1046 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1052 put_unaligned_le16(conn->handle, &dc.handle);
1053 dc.reason = 0x13; /* Remote User Terminated Connection */
1055 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1057 mgmt_pending_remove(cmd);
1060 hci_dev_unlock_bh(hdev);
1066 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1068 switch (link_type) {
1070 switch (addr_type) {
1071 case ADDR_LE_DEV_PUBLIC:
1072 return MGMT_ADDR_LE_PUBLIC;
1073 case ADDR_LE_DEV_RANDOM:
1074 return MGMT_ADDR_LE_RANDOM;
1076 return MGMT_ADDR_INVALID;
1079 return MGMT_ADDR_BREDR;
1081 return MGMT_ADDR_INVALID;
1085 static int get_connections(struct sock *sk, u16 index)
1087 struct mgmt_rp_get_connections *rp;
1088 struct hci_dev *hdev;
1090 struct list_head *p;
1097 hdev = hci_dev_get(index);
1099 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1101 hci_dev_lock_bh(hdev);
1104 list_for_each(p, &hdev->conn_hash.list) {
1108 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1109 rp = kmalloc(rp_len, GFP_ATOMIC);
1115 put_unaligned_le16(count, &rp->conn_count);
1118 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1119 bacpy(&rp->addr[i].bdaddr, &c->dst);
1120 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1121 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1126 /* Recalculate length in case of filtered SCO connections, etc */
1127 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1129 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1133 hci_dev_unlock_bh(hdev);
1138 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1139 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1141 struct pending_cmd *cmd;
1144 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1149 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1152 mgmt_pending_remove(cmd);
1157 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1160 struct hci_dev *hdev;
1161 struct hci_conn *conn;
1162 struct mgmt_cp_pin_code_reply *cp;
1163 struct mgmt_cp_pin_code_neg_reply ncp;
1164 struct hci_cp_pin_code_reply reply;
1165 struct pending_cmd *cmd;
1172 if (len != sizeof(*cp))
1173 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1175 hdev = hci_dev_get(index);
1177 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1179 hci_dev_lock_bh(hdev);
1181 if (!test_bit(HCI_UP, &hdev->flags)) {
1182 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1186 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1188 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1192 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1193 bacpy(&ncp.bdaddr, &cp->bdaddr);
1195 BT_ERR("PIN code is not 16 bytes long");
1197 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1199 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1205 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1211 bacpy(&reply.bdaddr, &cp->bdaddr);
1212 reply.pin_len = cp->pin_len;
1213 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1215 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1217 mgmt_pending_remove(cmd);
1220 hci_dev_unlock_bh(hdev);
1226 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1229 struct hci_dev *hdev;
1230 struct mgmt_cp_pin_code_neg_reply *cp;
1237 if (len != sizeof(*cp))
1238 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1241 hdev = hci_dev_get(index);
1243 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1246 hci_dev_lock_bh(hdev);
1248 if (!test_bit(HCI_UP, &hdev->flags)) {
1249 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1254 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1257 hci_dev_unlock_bh(hdev);
1263 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1266 struct hci_dev *hdev;
1267 struct mgmt_cp_set_io_capability *cp;
1273 if (len != sizeof(*cp))
1274 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1276 hdev = hci_dev_get(index);
1278 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1280 hci_dev_lock_bh(hdev);
1282 hdev->io_capability = cp->io_capability;
1284 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1285 hdev->io_capability);
1287 hci_dev_unlock_bh(hdev);
1290 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1293 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1295 struct hci_dev *hdev = conn->hdev;
1296 struct pending_cmd *cmd;
1298 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1299 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1302 if (cmd->user_data != conn)
1311 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1313 struct mgmt_rp_pair_device rp;
1314 struct hci_conn *conn = cmd->user_data;
1316 bacpy(&rp.bdaddr, &conn->dst);
1319 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1321 /* So we don't get further callbacks for this connection */
1322 conn->connect_cfm_cb = NULL;
1323 conn->security_cfm_cb = NULL;
1324 conn->disconn_cfm_cb = NULL;
1328 mgmt_pending_remove(cmd);
1331 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1333 struct pending_cmd *cmd;
1335 BT_DBG("status %u", status);
1337 cmd = find_pairing(conn);
1339 BT_DBG("Unable to find a pending command");
1341 pairing_complete(cmd, status);
1344 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1346 struct hci_dev *hdev;
1347 struct mgmt_cp_pair_device *cp;
1348 struct pending_cmd *cmd;
1349 struct adv_entry *entry;
1350 u8 sec_level, auth_type;
1351 struct hci_conn *conn;
1358 if (len != sizeof(*cp))
1359 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1361 hdev = hci_dev_get(index);
1363 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1365 hci_dev_lock_bh(hdev);
1367 sec_level = BT_SECURITY_MEDIUM;
1368 if (cp->io_cap == 0x03)
1369 auth_type = HCI_AT_DEDICATED_BONDING;
1371 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1373 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1375 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1378 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1382 err = PTR_ERR(conn);
1386 if (conn->connect_cfm_cb) {
1388 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1392 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1399 /* For LE, just connecting isn't a proof that the pairing finished */
1401 conn->connect_cfm_cb = pairing_complete_cb;
1403 conn->security_cfm_cb = pairing_complete_cb;
1404 conn->disconn_cfm_cb = pairing_complete_cb;
1405 conn->io_capability = cp->io_cap;
1406 cmd->user_data = conn;
1408 if (conn->state == BT_CONNECTED &&
1409 hci_conn_security(conn, sec_level, auth_type))
1410 pairing_complete(cmd, 0);
1415 hci_dev_unlock_bh(hdev);
1421 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1422 u16 len, int success)
1424 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1425 u16 mgmt_op, hci_op;
1426 struct pending_cmd *cmd;
1427 struct hci_dev *hdev;
1433 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1434 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1436 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1437 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1440 if (len != sizeof(*cp))
1441 return cmd_status(sk, index, mgmt_op, EINVAL);
1443 hdev = hci_dev_get(index);
1445 return cmd_status(sk, index, mgmt_op, ENODEV);
1447 hci_dev_lock_bh(hdev);
1449 if (!test_bit(HCI_UP, &hdev->flags)) {
1450 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1454 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1460 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1462 mgmt_pending_remove(cmd);
1465 hci_dev_unlock_bh(hdev);
1471 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1474 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1475 struct hci_cp_write_local_name hci_cp;
1476 struct hci_dev *hdev;
1477 struct pending_cmd *cmd;
1482 if (len != sizeof(*mgmt_cp))
1483 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1485 hdev = hci_dev_get(index);
1487 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1489 hci_dev_lock_bh(hdev);
1491 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1497 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1498 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1501 mgmt_pending_remove(cmd);
1504 hci_dev_unlock_bh(hdev);
1510 static int read_local_oob_data(struct sock *sk, u16 index)
1512 struct hci_dev *hdev;
1513 struct pending_cmd *cmd;
1516 BT_DBG("hci%u", index);
1518 hdev = hci_dev_get(index);
1520 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1523 hci_dev_lock_bh(hdev);
1525 if (!test_bit(HCI_UP, &hdev->flags)) {
1526 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1531 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1532 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1537 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1538 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1542 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1548 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1550 mgmt_pending_remove(cmd);
1553 hci_dev_unlock_bh(hdev);
1559 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1562 struct hci_dev *hdev;
1563 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1566 BT_DBG("hci%u ", index);
1568 if (len != sizeof(*cp))
1569 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1572 hdev = hci_dev_get(index);
1574 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1577 hci_dev_lock_bh(hdev);
1579 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1582 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1584 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1587 hci_dev_unlock_bh(hdev);
1593 static int remove_remote_oob_data(struct sock *sk, u16 index,
1594 unsigned char *data, u16 len)
1596 struct hci_dev *hdev;
1597 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1600 BT_DBG("hci%u ", index);
1602 if (len != sizeof(*cp))
1603 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1606 hdev = hci_dev_get(index);
1608 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1611 hci_dev_lock_bh(hdev);
1613 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1615 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1618 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1621 hci_dev_unlock_bh(hdev);
1627 static int start_discovery(struct sock *sk, u16 index)
1629 struct pending_cmd *cmd;
1630 struct hci_dev *hdev;
1633 BT_DBG("hci%u", index);
1635 hdev = hci_dev_get(index);
1637 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1639 hci_dev_lock_bh(hdev);
1641 if (!test_bit(HCI_UP, &hdev->flags)) {
1642 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1646 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1652 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1654 mgmt_pending_remove(cmd);
1657 hci_dev_unlock_bh(hdev);
1663 static int stop_discovery(struct sock *sk, u16 index)
1665 struct hci_dev *hdev;
1666 struct pending_cmd *cmd;
1669 BT_DBG("hci%u", index);
1671 hdev = hci_dev_get(index);
1673 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1675 hci_dev_lock_bh(hdev);
1677 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1683 err = hci_cancel_inquiry(hdev);
1685 mgmt_pending_remove(cmd);
1688 hci_dev_unlock_bh(hdev);
1694 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1697 struct hci_dev *hdev;
1698 struct mgmt_cp_block_device *cp = (void *) data;
1701 BT_DBG("hci%u", index);
1703 if (len != sizeof(*cp))
1704 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1707 hdev = hci_dev_get(index);
1709 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1712 hci_dev_lock_bh(hdev);
1714 err = hci_blacklist_add(hdev, &cp->bdaddr);
1716 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1718 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1721 hci_dev_unlock_bh(hdev);
1727 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1730 struct hci_dev *hdev;
1731 struct mgmt_cp_unblock_device *cp = (void *) data;
1734 BT_DBG("hci%u", index);
1736 if (len != sizeof(*cp))
1737 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1740 hdev = hci_dev_get(index);
1742 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1745 hci_dev_lock_bh(hdev);
1747 err = hci_blacklist_del(hdev, &cp->bdaddr);
1750 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1752 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1755 hci_dev_unlock_bh(hdev);
1761 static int set_fast_connectable(struct sock *sk, u16 index,
1762 unsigned char *data, u16 len)
1764 struct hci_dev *hdev;
1765 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1766 struct hci_cp_write_page_scan_activity acp;
1770 BT_DBG("hci%u", index);
1772 if (len != sizeof(*cp))
1773 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1776 hdev = hci_dev_get(index);
1778 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1784 type = PAGE_SCAN_TYPE_INTERLACED;
1785 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1787 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1788 acp.interval = 0x0800; /* default 1.28 sec page scan */
1791 acp.window = 0x0012; /* default 11.25 msec page scan window */
1793 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1796 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1801 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1803 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1808 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1811 hci_dev_unlock(hdev);
1817 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1820 struct mgmt_hdr *hdr;
1821 u16 opcode, index, len;
1824 BT_DBG("got %zu bytes", msglen);
1826 if (msglen < sizeof(*hdr))
1829 buf = kmalloc(msglen, GFP_KERNEL);
1833 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1838 hdr = (struct mgmt_hdr *) buf;
1839 opcode = get_unaligned_le16(&hdr->opcode);
1840 index = get_unaligned_le16(&hdr->index);
1841 len = get_unaligned_le16(&hdr->len);
1843 if (len != msglen - sizeof(*hdr)) {
1849 case MGMT_OP_READ_VERSION:
1850 err = read_version(sk);
1852 case MGMT_OP_READ_INDEX_LIST:
1853 err = read_index_list(sk);
1855 case MGMT_OP_READ_INFO:
1856 err = read_controller_info(sk, index);
1858 case MGMT_OP_SET_POWERED:
1859 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1861 case MGMT_OP_SET_DISCOVERABLE:
1862 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1864 case MGMT_OP_SET_CONNECTABLE:
1865 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1867 case MGMT_OP_SET_PAIRABLE:
1868 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1870 case MGMT_OP_ADD_UUID:
1871 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1873 case MGMT_OP_REMOVE_UUID:
1874 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1876 case MGMT_OP_SET_DEV_CLASS:
1877 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1879 case MGMT_OP_SET_SERVICE_CACHE:
1880 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1882 case MGMT_OP_LOAD_LINK_KEYS:
1883 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1885 case MGMT_OP_REMOVE_KEYS:
1886 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1888 case MGMT_OP_DISCONNECT:
1889 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1891 case MGMT_OP_GET_CONNECTIONS:
1892 err = get_connections(sk, index);
1894 case MGMT_OP_PIN_CODE_REPLY:
1895 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1897 case MGMT_OP_PIN_CODE_NEG_REPLY:
1898 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1900 case MGMT_OP_SET_IO_CAPABILITY:
1901 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1903 case MGMT_OP_PAIR_DEVICE:
1904 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1906 case MGMT_OP_USER_CONFIRM_REPLY:
1907 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1909 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1910 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1912 case MGMT_OP_SET_LOCAL_NAME:
1913 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1915 case MGMT_OP_READ_LOCAL_OOB_DATA:
1916 err = read_local_oob_data(sk, index);
1918 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1919 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1921 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1922 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1925 case MGMT_OP_START_DISCOVERY:
1926 err = start_discovery(sk, index);
1928 case MGMT_OP_STOP_DISCOVERY:
1929 err = stop_discovery(sk, index);
1931 case MGMT_OP_BLOCK_DEVICE:
1932 err = block_device(sk, index, buf + sizeof(*hdr), len);
1934 case MGMT_OP_UNBLOCK_DEVICE:
1935 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1937 case MGMT_OP_SET_FAST_CONNECTABLE:
1938 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1942 BT_DBG("Unknown op %u", opcode);
1943 err = cmd_status(sk, index, opcode, 0x01);
1957 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1961 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1962 mgmt_pending_remove(cmd);
1965 int mgmt_index_added(struct hci_dev *hdev)
1967 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1970 int mgmt_index_removed(struct hci_dev *hdev)
1974 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1976 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
1984 static void mode_rsp(struct pending_cmd *cmd, void *data)
1986 struct mgmt_mode *cp = cmd->param;
1987 struct cmd_lookup *match = data;
1989 if (cp->val != match->val)
1992 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1994 list_del(&cmd->list);
1996 if (match->sk == NULL) {
1997 match->sk = cmd->sk;
1998 sock_hold(match->sk);
2001 mgmt_pending_free(cmd);
2004 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2006 struct mgmt_mode ev;
2007 struct cmd_lookup match = { powered, NULL };
2010 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2013 u8 status = ENETDOWN;
2014 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2019 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2027 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2029 struct mgmt_mode ev;
2030 struct cmd_lookup match = { discoverable, NULL };
2033 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2035 ev.val = discoverable;
2037 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2046 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2048 struct mgmt_mode ev;
2049 struct cmd_lookup match = { connectable, NULL };
2052 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2054 ev.val = connectable;
2056 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2064 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2066 if (scan & SCAN_PAGE)
2067 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2068 cmd_status_rsp, &status);
2070 if (scan & SCAN_INQUIRY)
2071 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2072 cmd_status_rsp, &status);
2077 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2080 struct mgmt_ev_new_link_key ev;
2082 memset(&ev, 0, sizeof(ev));
2084 ev.store_hint = persistent;
2085 bacpy(&ev.key.bdaddr, &key->bdaddr);
2086 ev.key.type = key->type;
2087 memcpy(ev.key.val, key->val, 16);
2088 ev.key.pin_len = key->pin_len;
2090 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2093 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2096 struct mgmt_addr_info ev;
2098 bacpy(&ev.bdaddr, bdaddr);
2099 ev.type = link_to_mgmt(link_type, addr_type);
2101 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2104 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2106 struct mgmt_cp_disconnect *cp = cmd->param;
2107 struct sock **sk = data;
2108 struct mgmt_rp_disconnect rp;
2110 bacpy(&rp.bdaddr, &cp->bdaddr);
2112 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2117 mgmt_pending_remove(cmd);
2120 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2123 struct mgmt_addr_info ev;
2124 struct sock *sk = NULL;
2127 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2129 bacpy(&ev.bdaddr, bdaddr);
2130 ev.type = link_to_mgmt(link_type, addr_type);
2132 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2140 int mgmt_disconnect_failed(struct hci_dev *hdev)
2142 struct pending_cmd *cmd;
2145 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2149 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2151 mgmt_pending_remove(cmd);
2156 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2157 u8 addr_type, u8 status)
2159 struct mgmt_ev_connect_failed ev;
2161 bacpy(&ev.addr.bdaddr, bdaddr);
2162 ev.addr.type = link_to_mgmt(link_type, addr_type);
2165 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2168 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2170 struct mgmt_ev_pin_code_request ev;
2172 bacpy(&ev.bdaddr, bdaddr);
2175 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2179 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2182 struct pending_cmd *cmd;
2183 struct mgmt_rp_pin_code_reply rp;
2186 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2190 bacpy(&rp.bdaddr, bdaddr);
2193 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2196 mgmt_pending_remove(cmd);
2201 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2204 struct pending_cmd *cmd;
2205 struct mgmt_rp_pin_code_reply rp;
2208 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2212 bacpy(&rp.bdaddr, bdaddr);
2215 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2218 mgmt_pending_remove(cmd);
2223 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2224 __le32 value, u8 confirm_hint)
2226 struct mgmt_ev_user_confirm_request ev;
2228 BT_DBG("%s", hdev->name);
2230 bacpy(&ev.bdaddr, bdaddr);
2231 ev.confirm_hint = confirm_hint;
2232 put_unaligned_le32(value, &ev.value);
2234 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2238 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2239 u8 status, u8 opcode)
2241 struct pending_cmd *cmd;
2242 struct mgmt_rp_user_confirm_reply rp;
2245 cmd = mgmt_pending_find(opcode, hdev);
2249 bacpy(&rp.bdaddr, bdaddr);
2251 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2253 mgmt_pending_remove(cmd);
2258 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2261 return confirm_reply_complete(hdev, bdaddr, status,
2262 MGMT_OP_USER_CONFIRM_REPLY);
2265 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2266 bdaddr_t *bdaddr, u8 status)
2268 return confirm_reply_complete(hdev, bdaddr, status,
2269 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2272 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2274 struct mgmt_ev_auth_failed ev;
2276 bacpy(&ev.bdaddr, bdaddr);
2279 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2282 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2284 struct pending_cmd *cmd;
2285 struct mgmt_cp_set_local_name ev;
2288 memset(&ev, 0, sizeof(ev));
2289 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2291 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2296 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2303 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2309 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2310 cmd ? cmd->sk : NULL);
2314 mgmt_pending_remove(cmd);
2318 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2319 u8 *randomizer, u8 status)
2321 struct pending_cmd *cmd;
2324 BT_DBG("%s status %u", hdev->name, status);
2326 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2331 err = cmd_status(cmd->sk, hdev->id,
2332 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2334 struct mgmt_rp_read_local_oob_data rp;
2336 memcpy(rp.hash, hash, sizeof(rp.hash));
2337 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2339 err = cmd_complete(cmd->sk, hdev->id,
2340 MGMT_OP_READ_LOCAL_OOB_DATA,
2344 mgmt_pending_remove(cmd);
2349 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2350 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2352 struct mgmt_ev_device_found ev;
2354 memset(&ev, 0, sizeof(ev));
2356 bacpy(&ev.addr.bdaddr, bdaddr);
2357 ev.addr.type = link_to_mgmt(link_type, addr_type);
2361 memcpy(ev.eir, eir, sizeof(ev.eir));
2364 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2366 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2369 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2371 struct mgmt_ev_remote_name ev;
2373 memset(&ev, 0, sizeof(ev));
2375 bacpy(&ev.bdaddr, bdaddr);
2376 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2378 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2381 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2383 struct pending_cmd *cmd;
2386 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2390 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2391 mgmt_pending_remove(cmd);
2396 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2398 struct pending_cmd *cmd;
2401 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2403 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2406 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2407 mgmt_pending_remove(cmd);
2410 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2411 sizeof(discovering), NULL);
2414 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2416 struct pending_cmd *cmd;
2417 struct mgmt_ev_device_blocked ev;
2419 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2421 bacpy(&ev.bdaddr, bdaddr);
2423 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2424 cmd ? cmd->sk : NULL);
2427 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2429 struct pending_cmd *cmd;
2430 struct mgmt_ev_device_unblocked ev;
2432 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2434 bacpy(&ev.bdaddr, bdaddr);
2436 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2437 cmd ? cmd->sk : NULL);
projects / ~andy / linux / blob