2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 err = sock_queue_rcv_skb(sk, skb);
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
81 struct mgmt_ev_cmd_complete *ev;
84 BT_DBG("sock %p", sk);
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
100 memcpy(ev->data, rp, rp_len);
102 err = sock_queue_rcv_skb(sk, skb);
109 static int read_version(struct sock *sk)
111 struct mgmt_rp_read_version rp;
113 BT_DBG("sock %p", sk);
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
122 static int read_index_list(struct sock *sk)
124 struct mgmt_rp_read_index_list *rp;
131 BT_DBG("sock %p", sk);
133 read_lock(&hci_dev_list_lock);
136 list_for_each(p, &hci_dev_list) {
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
143 read_unlock(&hci_dev_list_lock);
147 put_unaligned_le16(count, &rp->num_controllers);
150 list_for_each_entry(d, &hci_dev_list, list) {
151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
152 cancel_delayed_work_sync(&d->power_off);
154 if (test_bit(HCI_SETUP, &d->flags))
157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
161 read_unlock(&hci_dev_list_lock);
163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
171 static int read_controller_info(struct sock *sk, u16 index)
173 struct mgmt_rp_read_info rp;
174 struct hci_dev *hdev;
176 BT_DBG("sock %p hci%u", sk, index);
178 hdev = hci_dev_get(index);
180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
185 hci_dev_lock_bh(hdev);
187 set_bit(HCI_MGMT, &hdev->flags);
189 memset(&rp, 0, sizeof(rp));
191 rp.type = hdev->dev_type;
193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198 if (test_bit(HCI_AUTH, &hdev->flags))
200 else if (hdev->ssp_mode > 0)
205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214 hci_dev_unlock_bh(hdev);
217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
220 static void mgmt_pending_free(struct pending_cmd *cmd)
227 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
228 struct hci_dev *hdev,
231 struct pending_cmd *cmd;
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
237 cmd->opcode = opcode;
238 cmd->index = hdev->id;
240 cmd->param = kmalloc(len, GFP_ATOMIC);
247 memcpy(cmd->param, data, len);
252 list_add(&cmd->list, &hdev->mgmt_pending);
257 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
258 void (*cb)(struct pending_cmd *cmd, void *data),
261 struct list_head *p, *n;
263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
264 struct pending_cmd *cmd;
266 cmd = list_entry(p, struct pending_cmd, list);
268 if (opcode > 0 && cmd->opcode != opcode)
271 if (hdev && cmd->index != hdev->id)
278 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
280 struct pending_cmd *cmd;
282 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
283 if (cmd->opcode != opcode)
286 if (hdev && cmd->index != hdev->id)
295 static void mgmt_pending_remove(struct pending_cmd *cmd)
297 list_del(&cmd->list);
298 mgmt_pending_free(cmd);
301 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
303 struct mgmt_mode *cp;
304 struct hci_dev *hdev;
305 struct pending_cmd *cmd;
310 BT_DBG("request for hci%u", index);
312 if (len != sizeof(*cp))
313 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
315 hdev = hci_dev_get(index);
317 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
319 hci_dev_lock_bh(hdev);
321 up = test_bit(HCI_UP, &hdev->flags);
322 if ((cp->val && up) || (!cp->val && !up)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
327 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
328 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
332 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
339 queue_work(hdev->workqueue, &hdev->power_on);
341 queue_work(hdev->workqueue, &hdev->power_off.work);
346 hci_dev_unlock_bh(hdev);
351 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
354 struct mgmt_cp_set_discoverable *cp;
355 struct hci_dev *hdev;
356 struct pending_cmd *cmd;
362 BT_DBG("request for hci%u", index);
364 if (len != sizeof(*cp))
365 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
367 hdev = hci_dev_get(index);
369 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
371 hci_dev_lock_bh(hdev);
373 if (!test_bit(HCI_UP, &hdev->flags)) {
374 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
378 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
379 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
380 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
384 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
385 test_bit(HCI_PSCAN, &hdev->flags)) {
386 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
399 scan |= SCAN_INQUIRY;
401 cancel_delayed_work_sync(&hdev->discov_off);
403 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
405 mgmt_pending_remove(cmd);
408 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
411 hci_dev_unlock_bh(hdev);
417 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
420 struct mgmt_mode *cp;
421 struct hci_dev *hdev;
422 struct pending_cmd *cmd;
428 BT_DBG("request for hci%u", index);
430 if (len != sizeof(*cp))
431 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
433 hdev = hci_dev_get(index);
435 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
437 hci_dev_lock_bh(hdev);
439 if (!test_bit(HCI_UP, &hdev->flags)) {
440 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
444 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
445 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
446 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
450 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
451 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
455 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
466 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
468 mgmt_pending_remove(cmd);
471 hci_dev_unlock_bh(hdev);
477 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
478 u16 data_len, struct sock *skip_sk)
481 struct mgmt_hdr *hdr;
483 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
487 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
489 hdr = (void *) skb_put(skb, sizeof(*hdr));
490 hdr->opcode = cpu_to_le16(event);
492 hdr->index = cpu_to_le16(hdev->id);
494 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
495 hdr->len = cpu_to_le16(data_len);
498 memcpy(skb_put(skb, data_len), data, data_len);
500 hci_send_to_sock(NULL, skb, skip_sk);
506 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
512 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
515 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
518 struct mgmt_mode *cp, ev;
519 struct hci_dev *hdev;
524 BT_DBG("request for hci%u", index);
526 if (len != sizeof(*cp))
527 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
529 hdev = hci_dev_get(index);
531 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
533 hci_dev_lock_bh(hdev);
536 set_bit(HCI_PAIRABLE, &hdev->flags);
538 clear_bit(HCI_PAIRABLE, &hdev->flags);
540 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
546 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
549 hci_dev_unlock_bh(hdev);
555 #define EIR_FLAGS 0x01 /* flags */
556 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
557 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
558 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
559 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
560 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
561 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
562 #define EIR_NAME_SHORT 0x08 /* shortened local name */
563 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
564 #define EIR_TX_POWER 0x0A /* transmit power level */
565 #define EIR_DEVICE_ID 0x10 /* device ID */
567 #define PNP_INFO_SVCLASS_ID 0x1200
569 static u8 bluetooth_base_uuid[] = {
570 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
571 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
574 static u16 get_uuid16(u8 *uuid128)
579 for (i = 0; i < 12; i++) {
580 if (bluetooth_base_uuid[i] != uuid128[i])
584 memcpy(&val, &uuid128[12], 4);
586 val = le32_to_cpu(val);
593 static void create_eir(struct hci_dev *hdev, u8 *data)
597 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
598 int i, truncated = 0;
599 struct bt_uuid *uuid;
602 name_len = strlen(hdev->dev_name);
608 ptr[1] = EIR_NAME_SHORT;
610 ptr[1] = EIR_NAME_COMPLETE;
612 /* EIR Data length */
613 ptr[0] = name_len + 1;
615 memcpy(ptr + 2, hdev->dev_name, name_len);
617 eir_len += (name_len + 2);
618 ptr += (name_len + 2);
621 memset(uuid16_list, 0, sizeof(uuid16_list));
623 /* Group all UUID16 types */
624 list_for_each_entry(uuid, &hdev->uuids, list) {
627 uuid16 = get_uuid16(uuid->uuid);
634 if (uuid16 == PNP_INFO_SVCLASS_ID)
637 /* Stop if not enough space to put next UUID */
638 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
643 /* Check for duplicates */
644 for (i = 0; uuid16_list[i] != 0; i++)
645 if (uuid16_list[i] == uuid16)
648 if (uuid16_list[i] == 0) {
649 uuid16_list[i] = uuid16;
650 eir_len += sizeof(u16);
654 if (uuid16_list[0] != 0) {
658 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
663 for (i = 0; uuid16_list[i] != 0; i++) {
664 *ptr++ = (uuid16_list[i] & 0x00ff);
665 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
668 /* EIR Data length */
669 *length = (i * sizeof(u16)) + 1;
673 static int update_eir(struct hci_dev *hdev)
675 struct hci_cp_write_eir cp;
677 if (!(hdev->features[6] & LMP_EXT_INQ))
680 if (hdev->ssp_mode == 0)
683 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
686 memset(&cp, 0, sizeof(cp));
688 create_eir(hdev, cp.data);
690 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
693 memcpy(hdev->eir, cp.data, sizeof(cp.data));
695 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
698 static u8 get_service_classes(struct hci_dev *hdev)
700 struct bt_uuid *uuid;
703 list_for_each_entry(uuid, &hdev->uuids, list)
704 val |= uuid->svc_hint;
709 static int update_class(struct hci_dev *hdev)
713 BT_DBG("%s", hdev->name);
715 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
718 cod[0] = hdev->minor_class;
719 cod[1] = hdev->major_class;
720 cod[2] = get_service_classes(hdev);
722 if (memcmp(cod, hdev->dev_class, 3) == 0)
725 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
728 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
730 struct mgmt_cp_add_uuid *cp;
731 struct hci_dev *hdev;
732 struct bt_uuid *uuid;
737 BT_DBG("request for hci%u", index);
739 if (len != sizeof(*cp))
740 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
742 hdev = hci_dev_get(index);
744 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
746 hci_dev_lock_bh(hdev);
748 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
754 memcpy(uuid->uuid, cp->uuid, 16);
755 uuid->svc_hint = cp->svc_hint;
757 list_add(&uuid->list, &hdev->uuids);
759 err = update_class(hdev);
763 err = update_eir(hdev);
767 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
770 hci_dev_unlock_bh(hdev);
776 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
778 struct list_head *p, *n;
779 struct mgmt_cp_remove_uuid *cp;
780 struct hci_dev *hdev;
781 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
786 BT_DBG("request for hci%u", index);
788 if (len != sizeof(*cp))
789 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
791 hdev = hci_dev_get(index);
793 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
795 hci_dev_lock_bh(hdev);
797 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
798 err = hci_uuids_clear(hdev);
804 list_for_each_safe(p, n, &hdev->uuids) {
805 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
807 if (memcmp(match->uuid, cp->uuid, 16) != 0)
810 list_del(&match->list);
815 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
819 err = update_class(hdev);
823 err = update_eir(hdev);
827 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
830 hci_dev_unlock_bh(hdev);
836 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
839 struct hci_dev *hdev;
840 struct mgmt_cp_set_dev_class *cp;
845 BT_DBG("request for hci%u", index);
847 if (len != sizeof(*cp))
848 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
850 hdev = hci_dev_get(index);
852 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
854 hci_dev_lock_bh(hdev);
856 hdev->major_class = cp->major;
857 hdev->minor_class = cp->minor;
859 err = update_class(hdev);
862 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
864 hci_dev_unlock_bh(hdev);
870 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
873 struct hci_dev *hdev;
874 struct mgmt_cp_set_service_cache *cp;
879 if (len != sizeof(*cp))
880 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
882 hdev = hci_dev_get(index);
884 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
886 hci_dev_lock_bh(hdev);
888 BT_DBG("hci%u enable %d", index, cp->enable);
891 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
894 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
895 err = update_class(hdev);
897 err = update_eir(hdev);
901 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
904 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
907 hci_dev_unlock_bh(hdev);
913 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
916 struct hci_dev *hdev;
917 struct mgmt_cp_load_link_keys *cp;
918 u16 key_count, expected_len;
923 if (len < sizeof(*cp))
924 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
926 key_count = get_unaligned_le16(&cp->key_count);
928 expected_len = sizeof(*cp) + key_count *
929 sizeof(struct mgmt_link_key_info);
930 if (expected_len != len) {
931 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
933 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
936 hdev = hci_dev_get(index);
938 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
940 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
943 hci_dev_lock_bh(hdev);
945 hci_link_keys_clear(hdev);
947 set_bit(HCI_LINK_KEYS, &hdev->flags);
950 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
952 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
954 for (i = 0; i < key_count; i++) {
955 struct mgmt_link_key_info *key = &cp->keys[i];
957 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
961 hci_dev_unlock_bh(hdev);
967 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
970 struct hci_dev *hdev;
971 struct mgmt_cp_remove_keys *cp;
972 struct hci_conn *conn;
977 if (len != sizeof(*cp))
978 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
980 hdev = hci_dev_get(index);
982 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
984 hci_dev_lock_bh(hdev);
986 err = hci_remove_link_key(hdev, &cp->bdaddr);
988 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
994 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
997 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
999 struct hci_cp_disconnect dc;
1001 put_unaligned_le16(conn->handle, &dc.handle);
1002 dc.reason = 0x13; /* Remote User Terminated Connection */
1003 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1007 hci_dev_unlock_bh(hdev);
1013 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1015 struct hci_dev *hdev;
1016 struct mgmt_cp_disconnect *cp;
1017 struct hci_cp_disconnect dc;
1018 struct pending_cmd *cmd;
1019 struct hci_conn *conn;
1026 if (len != sizeof(*cp))
1027 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1029 hdev = hci_dev_get(index);
1031 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1033 hci_dev_lock_bh(hdev);
1035 if (!test_bit(HCI_UP, &hdev->flags)) {
1036 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1040 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1041 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1045 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1047 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1050 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1054 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1060 put_unaligned_le16(conn->handle, &dc.handle);
1061 dc.reason = 0x13; /* Remote User Terminated Connection */
1063 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1065 mgmt_pending_remove(cmd);
1068 hci_dev_unlock_bh(hdev);
1074 static u8 link_to_mgmt(u8 link_type)
1076 switch (link_type) {
1078 return MGMT_ADDR_LE;
1080 return MGMT_ADDR_BREDR;
1082 return MGMT_ADDR_INVALID;
1086 static int get_connections(struct sock *sk, u16 index)
1088 struct mgmt_rp_get_connections *rp;
1089 struct hci_dev *hdev;
1091 struct list_head *p;
1098 hdev = hci_dev_get(index);
1100 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1102 hci_dev_lock_bh(hdev);
1105 list_for_each(p, &hdev->conn_hash.list) {
1109 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1110 rp = kmalloc(rp_len, GFP_ATOMIC);
1116 put_unaligned_le16(count, &rp->conn_count);
1119 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1120 bacpy(&rp->addr[i].bdaddr, &c->dst);
1121 rp->addr[i].type = link_to_mgmt(c->type);
1122 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1127 /* Recalculate length in case of filtered SCO connections, etc */
1128 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1130 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1134 hci_dev_unlock_bh(hdev);
1139 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1140 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1142 struct pending_cmd *cmd;
1145 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1150 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1153 mgmt_pending_remove(cmd);
1158 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1161 struct hci_dev *hdev;
1162 struct hci_conn *conn;
1163 struct mgmt_cp_pin_code_reply *cp;
1164 struct mgmt_cp_pin_code_neg_reply ncp;
1165 struct hci_cp_pin_code_reply reply;
1166 struct pending_cmd *cmd;
1173 if (len != sizeof(*cp))
1174 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1176 hdev = hci_dev_get(index);
1178 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1180 hci_dev_lock_bh(hdev);
1182 if (!test_bit(HCI_UP, &hdev->flags)) {
1183 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1187 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1189 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1193 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1194 bacpy(&ncp.bdaddr, &cp->bdaddr);
1196 BT_ERR("PIN code is not 16 bytes long");
1198 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1200 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1206 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1212 bacpy(&reply.bdaddr, &cp->bdaddr);
1213 reply.pin_len = cp->pin_len;
1214 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1216 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1218 mgmt_pending_remove(cmd);
1221 hci_dev_unlock_bh(hdev);
1227 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1230 struct hci_dev *hdev;
1231 struct mgmt_cp_pin_code_neg_reply *cp;
1238 if (len != sizeof(*cp))
1239 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1242 hdev = hci_dev_get(index);
1244 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1247 hci_dev_lock_bh(hdev);
1249 if (!test_bit(HCI_UP, &hdev->flags)) {
1250 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1255 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1258 hci_dev_unlock_bh(hdev);
1264 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1267 struct hci_dev *hdev;
1268 struct mgmt_cp_set_io_capability *cp;
1274 if (len != sizeof(*cp))
1275 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1277 hdev = hci_dev_get(index);
1279 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1281 hci_dev_lock_bh(hdev);
1283 hdev->io_capability = cp->io_capability;
1285 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1286 hdev->io_capability);
1288 hci_dev_unlock_bh(hdev);
1291 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1294 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1296 struct hci_dev *hdev = conn->hdev;
1297 struct pending_cmd *cmd;
1299 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1300 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1303 if (cmd->index != hdev->id)
1306 if (cmd->user_data != conn)
1315 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1317 struct mgmt_rp_pair_device rp;
1318 struct hci_conn *conn = cmd->user_data;
1320 bacpy(&rp.bdaddr, &conn->dst);
1323 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1325 /* So we don't get further callbacks for this connection */
1326 conn->connect_cfm_cb = NULL;
1327 conn->security_cfm_cb = NULL;
1328 conn->disconn_cfm_cb = NULL;
1332 mgmt_pending_remove(cmd);
1335 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1337 struct pending_cmd *cmd;
1339 BT_DBG("status %u", status);
1341 cmd = find_pairing(conn);
1343 BT_DBG("Unable to find a pending command");
1347 pairing_complete(cmd, status);
1350 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1352 struct hci_dev *hdev;
1353 struct mgmt_cp_pair_device *cp;
1354 struct pending_cmd *cmd;
1355 struct adv_entry *entry;
1356 u8 sec_level, auth_type;
1357 struct hci_conn *conn;
1364 if (len != sizeof(*cp))
1365 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1367 hdev = hci_dev_get(index);
1369 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1371 hci_dev_lock_bh(hdev);
1373 sec_level = BT_SECURITY_MEDIUM;
1374 if (cp->io_cap == 0x03)
1375 auth_type = HCI_AT_DEDICATED_BONDING;
1377 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1379 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1381 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1384 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1388 err = PTR_ERR(conn);
1392 if (conn->connect_cfm_cb) {
1394 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1398 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1405 /* For LE, just connecting isn't a proof that the pairing finished */
1407 conn->connect_cfm_cb = pairing_complete_cb;
1409 conn->security_cfm_cb = pairing_complete_cb;
1410 conn->disconn_cfm_cb = pairing_complete_cb;
1411 conn->io_capability = cp->io_cap;
1412 cmd->user_data = conn;
1414 if (conn->state == BT_CONNECTED &&
1415 hci_conn_security(conn, sec_level, auth_type))
1416 pairing_complete(cmd, 0);
1421 hci_dev_unlock_bh(hdev);
1427 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1428 u16 len, int success)
1430 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1431 u16 mgmt_op, hci_op;
1432 struct pending_cmd *cmd;
1433 struct hci_dev *hdev;
1439 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1440 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1442 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1443 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1446 if (len != sizeof(*cp))
1447 return cmd_status(sk, index, mgmt_op, EINVAL);
1449 hdev = hci_dev_get(index);
1451 return cmd_status(sk, index, mgmt_op, ENODEV);
1453 hci_dev_lock_bh(hdev);
1455 if (!test_bit(HCI_UP, &hdev->flags)) {
1456 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1460 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1466 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1468 mgmt_pending_remove(cmd);
1471 hci_dev_unlock_bh(hdev);
1477 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1480 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1481 struct hci_cp_write_local_name hci_cp;
1482 struct hci_dev *hdev;
1483 struct pending_cmd *cmd;
1488 if (len != sizeof(*mgmt_cp))
1489 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1491 hdev = hci_dev_get(index);
1493 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1495 hci_dev_lock_bh(hdev);
1497 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1503 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1504 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1507 mgmt_pending_remove(cmd);
1510 hci_dev_unlock_bh(hdev);
1516 static int read_local_oob_data(struct sock *sk, u16 index)
1518 struct hci_dev *hdev;
1519 struct pending_cmd *cmd;
1522 BT_DBG("hci%u", index);
1524 hdev = hci_dev_get(index);
1526 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1529 hci_dev_lock_bh(hdev);
1531 if (!test_bit(HCI_UP, &hdev->flags)) {
1532 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1537 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1538 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1543 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1544 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1548 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1554 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1556 mgmt_pending_remove(cmd);
1559 hci_dev_unlock_bh(hdev);
1565 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1568 struct hci_dev *hdev;
1569 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1572 BT_DBG("hci%u ", index);
1574 if (len != sizeof(*cp))
1575 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1578 hdev = hci_dev_get(index);
1580 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1583 hci_dev_lock_bh(hdev);
1585 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1588 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1590 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1593 hci_dev_unlock_bh(hdev);
1599 static int remove_remote_oob_data(struct sock *sk, u16 index,
1600 unsigned char *data, u16 len)
1602 struct hci_dev *hdev;
1603 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1606 BT_DBG("hci%u ", index);
1608 if (len != sizeof(*cp))
1609 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1612 hdev = hci_dev_get(index);
1614 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1617 hci_dev_lock_bh(hdev);
1619 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1621 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1624 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1627 hci_dev_unlock_bh(hdev);
1633 static int start_discovery(struct sock *sk, u16 index)
1635 struct pending_cmd *cmd;
1636 struct hci_dev *hdev;
1639 BT_DBG("hci%u", index);
1641 hdev = hci_dev_get(index);
1643 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1645 hci_dev_lock_bh(hdev);
1647 if (!test_bit(HCI_UP, &hdev->flags)) {
1648 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1652 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1658 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1660 mgmt_pending_remove(cmd);
1663 hci_dev_unlock_bh(hdev);
1669 static int stop_discovery(struct sock *sk, u16 index)
1671 struct hci_dev *hdev;
1672 struct pending_cmd *cmd;
1675 BT_DBG("hci%u", index);
1677 hdev = hci_dev_get(index);
1679 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1681 hci_dev_lock_bh(hdev);
1683 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1689 err = hci_cancel_inquiry(hdev);
1691 mgmt_pending_remove(cmd);
1694 hci_dev_unlock_bh(hdev);
1700 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1703 struct hci_dev *hdev;
1704 struct mgmt_cp_block_device *cp = (void *) data;
1707 BT_DBG("hci%u", index);
1709 if (len != sizeof(*cp))
1710 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1713 hdev = hci_dev_get(index);
1715 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1718 hci_dev_lock_bh(hdev);
1720 err = hci_blacklist_add(hdev, &cp->bdaddr);
1722 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1724 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1727 hci_dev_unlock_bh(hdev);
1733 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1736 struct hci_dev *hdev;
1737 struct mgmt_cp_unblock_device *cp = (void *) data;
1740 BT_DBG("hci%u", index);
1742 if (len != sizeof(*cp))
1743 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1746 hdev = hci_dev_get(index);
1748 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1751 hci_dev_lock_bh(hdev);
1753 err = hci_blacklist_del(hdev, &cp->bdaddr);
1756 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1758 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1761 hci_dev_unlock_bh(hdev);
1767 static int set_fast_connectable(struct sock *sk, u16 index,
1768 unsigned char *data, u16 len)
1770 struct hci_dev *hdev;
1771 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1772 struct hci_cp_write_page_scan_activity acp;
1776 BT_DBG("hci%u", index);
1778 if (len != sizeof(*cp))
1779 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1782 hdev = hci_dev_get(index);
1784 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1790 type = PAGE_SCAN_TYPE_INTERLACED;
1791 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1793 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1794 acp.interval = 0x0800; /* default 1.28 sec page scan */
1797 acp.window = 0x0012; /* default 11.25 msec page scan window */
1799 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1802 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1807 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1809 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1814 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1817 hci_dev_unlock(hdev);
1823 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1826 struct mgmt_hdr *hdr;
1827 u16 opcode, index, len;
1830 BT_DBG("got %zu bytes", msglen);
1832 if (msglen < sizeof(*hdr))
1835 buf = kmalloc(msglen, GFP_KERNEL);
1839 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1844 hdr = (struct mgmt_hdr *) buf;
1845 opcode = get_unaligned_le16(&hdr->opcode);
1846 index = get_unaligned_le16(&hdr->index);
1847 len = get_unaligned_le16(&hdr->len);
1849 if (len != msglen - sizeof(*hdr)) {
1855 case MGMT_OP_READ_VERSION:
1856 err = read_version(sk);
1858 case MGMT_OP_READ_INDEX_LIST:
1859 err = read_index_list(sk);
1861 case MGMT_OP_READ_INFO:
1862 err = read_controller_info(sk, index);
1864 case MGMT_OP_SET_POWERED:
1865 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1867 case MGMT_OP_SET_DISCOVERABLE:
1868 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1870 case MGMT_OP_SET_CONNECTABLE:
1871 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1873 case MGMT_OP_SET_PAIRABLE:
1874 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1876 case MGMT_OP_ADD_UUID:
1877 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1879 case MGMT_OP_REMOVE_UUID:
1880 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1882 case MGMT_OP_SET_DEV_CLASS:
1883 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1885 case MGMT_OP_SET_SERVICE_CACHE:
1886 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1888 case MGMT_OP_LOAD_LINK_KEYS:
1889 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1891 case MGMT_OP_REMOVE_KEYS:
1892 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1894 case MGMT_OP_DISCONNECT:
1895 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1897 case MGMT_OP_GET_CONNECTIONS:
1898 err = get_connections(sk, index);
1900 case MGMT_OP_PIN_CODE_REPLY:
1901 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1903 case MGMT_OP_PIN_CODE_NEG_REPLY:
1904 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1906 case MGMT_OP_SET_IO_CAPABILITY:
1907 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1909 case MGMT_OP_PAIR_DEVICE:
1910 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1912 case MGMT_OP_USER_CONFIRM_REPLY:
1913 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1915 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1916 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1918 case MGMT_OP_SET_LOCAL_NAME:
1919 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1921 case MGMT_OP_READ_LOCAL_OOB_DATA:
1922 err = read_local_oob_data(sk, index);
1924 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1925 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1927 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1928 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1931 case MGMT_OP_START_DISCOVERY:
1932 err = start_discovery(sk, index);
1934 case MGMT_OP_STOP_DISCOVERY:
1935 err = stop_discovery(sk, index);
1937 case MGMT_OP_BLOCK_DEVICE:
1938 err = block_device(sk, index, buf + sizeof(*hdr), len);
1940 case MGMT_OP_UNBLOCK_DEVICE:
1941 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1943 case MGMT_OP_SET_FAST_CONNECTABLE:
1944 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1948 BT_DBG("Unknown op %u", opcode);
1949 err = cmd_status(sk, index, opcode, 0x01);
1963 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1967 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1968 mgmt_pending_remove(cmd);
1971 int mgmt_index_added(struct hci_dev *hdev)
1973 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1976 int mgmt_index_removed(struct hci_dev *hdev)
1980 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1982 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
1990 static void mode_rsp(struct pending_cmd *cmd, void *data)
1992 struct mgmt_mode *cp = cmd->param;
1993 struct cmd_lookup *match = data;
1995 if (cp->val != match->val)
1998 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
2000 list_del(&cmd->list);
2002 if (match->sk == NULL) {
2003 match->sk = cmd->sk;
2004 sock_hold(match->sk);
2007 mgmt_pending_free(cmd);
2010 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2012 struct mgmt_mode ev;
2013 struct cmd_lookup match = { powered, NULL };
2016 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2019 u8 status = ENETDOWN;
2020 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2025 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2033 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2035 struct mgmt_mode ev;
2036 struct cmd_lookup match = { discoverable, NULL };
2039 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2041 ev.val = discoverable;
2043 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2052 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2054 struct mgmt_mode ev;
2055 struct cmd_lookup match = { connectable, NULL };
2058 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2060 ev.val = connectable;
2062 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2070 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2072 if (scan & SCAN_PAGE)
2073 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2074 cmd_status_rsp, &status);
2076 if (scan & SCAN_INQUIRY)
2077 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2078 cmd_status_rsp, &status);
2083 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2086 struct mgmt_ev_new_link_key ev;
2088 memset(&ev, 0, sizeof(ev));
2090 ev.store_hint = persistent;
2091 bacpy(&ev.key.bdaddr, &key->bdaddr);
2092 ev.key.type = key->type;
2093 memcpy(ev.key.val, key->val, 16);
2094 ev.key.pin_len = key->pin_len;
2096 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2099 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type)
2101 struct mgmt_addr_info ev;
2103 bacpy(&ev.bdaddr, bdaddr);
2104 ev.type = link_to_mgmt(link_type);
2106 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2109 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2111 struct mgmt_cp_disconnect *cp = cmd->param;
2112 struct sock **sk = data;
2113 struct mgmt_rp_disconnect rp;
2115 bacpy(&rp.bdaddr, &cp->bdaddr);
2117 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2122 mgmt_pending_remove(cmd);
2125 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2127 struct mgmt_addr_info ev;
2128 struct sock *sk = NULL;
2131 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2133 bacpy(&ev.bdaddr, bdaddr);
2134 ev.type = link_to_mgmt(type);
2136 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2144 int mgmt_disconnect_failed(struct hci_dev *hdev)
2146 struct pending_cmd *cmd;
2149 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2153 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2155 mgmt_pending_remove(cmd);
2160 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2163 struct mgmt_ev_connect_failed ev;
2165 bacpy(&ev.addr.bdaddr, bdaddr);
2166 ev.addr.type = link_to_mgmt(type);
2169 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2172 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2174 struct mgmt_ev_pin_code_request ev;
2176 bacpy(&ev.bdaddr, bdaddr);
2179 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2183 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2186 struct pending_cmd *cmd;
2187 struct mgmt_rp_pin_code_reply rp;
2190 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2194 bacpy(&rp.bdaddr, bdaddr);
2197 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2200 mgmt_pending_remove(cmd);
2205 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2208 struct pending_cmd *cmd;
2209 struct mgmt_rp_pin_code_reply rp;
2212 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2216 bacpy(&rp.bdaddr, bdaddr);
2219 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2222 mgmt_pending_remove(cmd);
2227 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2228 __le32 value, u8 confirm_hint)
2230 struct mgmt_ev_user_confirm_request ev;
2232 BT_DBG("%s", hdev->name);
2234 bacpy(&ev.bdaddr, bdaddr);
2235 ev.confirm_hint = confirm_hint;
2236 put_unaligned_le32(value, &ev.value);
2238 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2242 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2243 u8 status, u8 opcode)
2245 struct pending_cmd *cmd;
2246 struct mgmt_rp_user_confirm_reply rp;
2249 cmd = mgmt_pending_find(opcode, hdev);
2253 bacpy(&rp.bdaddr, bdaddr);
2255 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2257 mgmt_pending_remove(cmd);
2262 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2265 return confirm_reply_complete(hdev, bdaddr, status,
2266 MGMT_OP_USER_CONFIRM_REPLY);
2269 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2270 bdaddr_t *bdaddr, u8 status)
2272 return confirm_reply_complete(hdev, bdaddr, status,
2273 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2276 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2278 struct mgmt_ev_auth_failed ev;
2280 bacpy(&ev.bdaddr, bdaddr);
2283 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2286 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2288 struct pending_cmd *cmd;
2289 struct mgmt_cp_set_local_name ev;
2292 memset(&ev, 0, sizeof(ev));
2293 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2295 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2300 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2305 hci_dev_lock_bh(hdev);
2307 hci_dev_unlock_bh(hdev);
2309 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2315 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2316 cmd ? cmd->sk : NULL);
2320 mgmt_pending_remove(cmd);
2324 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2325 u8 *randomizer, u8 status)
2327 struct pending_cmd *cmd;
2330 BT_DBG("%s status %u", hdev->name, status);
2332 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2337 err = cmd_status(cmd->sk, hdev->id,
2338 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2340 struct mgmt_rp_read_local_oob_data rp;
2342 memcpy(rp.hash, hash, sizeof(rp.hash));
2343 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2345 err = cmd_complete(cmd->sk, hdev->id,
2346 MGMT_OP_READ_LOCAL_OOB_DATA,
2350 mgmt_pending_remove(cmd);
2355 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2356 u8 *dev_class, s8 rssi, u8 *eir)
2358 struct mgmt_ev_device_found ev;
2360 memset(&ev, 0, sizeof(ev));
2362 bacpy(&ev.addr.bdaddr, bdaddr);
2363 ev.addr.type = link_to_mgmt(type);
2367 memcpy(ev.eir, eir, sizeof(ev.eir));
2370 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2372 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2375 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2377 struct mgmt_ev_remote_name ev;
2379 memset(&ev, 0, sizeof(ev));
2381 bacpy(&ev.bdaddr, bdaddr);
2382 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2384 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2387 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2389 struct pending_cmd *cmd;
2392 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2396 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2397 mgmt_pending_remove(cmd);
2402 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2404 struct pending_cmd *cmd;
2407 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2409 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2412 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2413 mgmt_pending_remove(cmd);
2416 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2417 sizeof(discovering), NULL);
2420 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2422 struct pending_cmd *cmd;
2423 struct mgmt_ev_device_blocked ev;
2425 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2427 bacpy(&ev.bdaddr, bdaddr);
2429 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2430 cmd ? cmd->sk : NULL);
2433 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2435 struct pending_cmd *cmd;
2436 struct mgmt_ev_device_unblocked ev;
2438 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2440 bacpy(&ev.bdaddr, bdaddr);
2442 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2443 cmd ? cmd->sk : NULL);
projects / karo-tx-linux.git / blob