2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
36 struct list_head list;
44 static LIST_HEAD(cmd_list);
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
64 ev = (void *) skb_put(skb, sizeof(*ev));
66 put_unaligned_le16(cmd, &ev->opcode);
68 if (sock_queue_rcv_skb(sk, skb) < 0)
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
79 struct mgmt_ev_cmd_complete *ev;
81 BT_DBG("sock %p", sk);
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
97 memcpy(ev->data, rp, rp_len);
99 if (sock_queue_rcv_skb(sk, skb) < 0)
105 static int read_version(struct sock *sk)
107 struct mgmt_rp_read_version rp;
109 BT_DBG("sock %p", sk);
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
118 static int read_index_list(struct sock *sk)
120 struct mgmt_rp_read_index_list *rp;
126 BT_DBG("sock %p", sk);
128 read_lock(&hci_dev_list_lock);
131 list_for_each(p, &hci_dev_list) {
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
138 read_unlock(&hci_dev_list_lock);
142 put_unaligned_le16(count, &rp->num_controllers);
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
148 hci_del_off_timer(d);
150 if (test_bit(HCI_SETUP, &d->flags))
153 put_unaligned_le16(d->id, &rp->index[i++]);
154 BT_DBG("Added hci%u", d->id);
157 read_unlock(&hci_dev_list_lock);
159 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
167 static int read_controller_info(struct sock *sk, u16 index)
169 struct mgmt_rp_read_info rp;
170 struct hci_dev *hdev;
172 BT_DBG("sock %p hci%u", sk, index);
174 hdev = hci_dev_get(index);
176 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
178 hci_del_off_timer(hdev);
180 hci_dev_lock_bh(hdev);
182 set_bit(HCI_MGMT, &hdev->flags);
184 memset(&rp, 0, sizeof(rp));
186 rp.type = hdev->dev_type;
188 rp.powered = test_bit(HCI_UP, &hdev->flags);
189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
193 if (test_bit(HCI_AUTH, &hdev->flags))
195 else if (hdev->ssp_mode > 0)
200 bacpy(&rp.bdaddr, &hdev->bdaddr);
201 memcpy(rp.features, hdev->features, 8);
202 memcpy(rp.dev_class, hdev->dev_class, 3);
203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
204 rp.hci_ver = hdev->hci_ver;
205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
207 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
209 hci_dev_unlock_bh(hdev);
212 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
215 static void mgmt_pending_free(struct pending_cmd *cmd)
222 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
223 u16 index, void *data, u16 len)
225 struct pending_cmd *cmd;
227 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
231 cmd->opcode = opcode;
234 cmd->param = kmalloc(len, GFP_ATOMIC);
241 memcpy(cmd->param, data, len);
246 list_add(&cmd->list, &cmd_list);
251 static void mgmt_pending_foreach(u16 opcode, int index,
252 void (*cb)(struct pending_cmd *cmd, void *data),
255 struct list_head *p, *n;
257 list_for_each_safe(p, n, &cmd_list) {
258 struct pending_cmd *cmd;
260 cmd = list_entry(p, struct pending_cmd, list);
262 if (cmd->opcode != opcode)
265 if (index >= 0 && cmd->index != index)
272 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
276 list_for_each(p, &cmd_list) {
277 struct pending_cmd *cmd;
279 cmd = list_entry(p, struct pending_cmd, list);
281 if (cmd->opcode != opcode)
284 if (index >= 0 && cmd->index != index)
293 static void mgmt_pending_remove(struct pending_cmd *cmd)
295 list_del(&cmd->list);
296 mgmt_pending_free(cmd);
299 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
301 struct mgmt_mode *cp;
302 struct hci_dev *hdev;
303 struct pending_cmd *cmd;
308 BT_DBG("request for hci%u", index);
310 if (len != sizeof(*cp))
311 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
313 hdev = hci_dev_get(index);
315 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
317 hci_dev_lock_bh(hdev);
319 up = test_bit(HCI_UP, &hdev->flags);
320 if ((cp->val && up) || (!cp->val && !up)) {
321 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
325 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
326 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
330 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
337 queue_work(hdev->workqueue, &hdev->power_on);
339 queue_work(hdev->workqueue, &hdev->power_off);
344 hci_dev_unlock_bh(hdev);
349 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352 struct mgmt_mode *cp;
353 struct hci_dev *hdev;
354 struct pending_cmd *cmd;
360 BT_DBG("request for hci%u", index);
362 if (len != sizeof(*cp))
363 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
365 hdev = hci_dev_get(index);
367 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
369 hci_dev_lock_bh(hdev);
371 if (!test_bit(HCI_UP, &hdev->flags)) {
372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
376 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
377 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
382 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
383 test_bit(HCI_PSCAN, &hdev->flags)) {
384 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
388 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
397 scan |= SCAN_INQUIRY;
399 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
401 mgmt_pending_remove(cmd);
404 hci_dev_unlock_bh(hdev);
410 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413 struct mgmt_mode *cp;
414 struct hci_dev *hdev;
415 struct pending_cmd *cmd;
421 BT_DBG("request for hci%u", index);
423 if (len != sizeof(*cp))
424 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
426 hdev = hci_dev_get(index);
428 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
430 hci_dev_lock_bh(hdev);
432 if (!test_bit(HCI_UP, &hdev->flags)) {
433 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
437 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
438 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
439 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
443 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
444 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
448 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
459 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
461 mgmt_pending_remove(cmd);
464 hci_dev_unlock_bh(hdev);
470 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
471 struct sock *skip_sk)
474 struct mgmt_hdr *hdr;
476 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
480 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
482 hdr = (void *) skb_put(skb, sizeof(*hdr));
483 hdr->opcode = cpu_to_le16(event);
484 hdr->index = cpu_to_le16(index);
485 hdr->len = cpu_to_le16(data_len);
488 memcpy(skb_put(skb, data_len), data, data_len);
490 hci_send_to_sock(NULL, skb, skip_sk);
496 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
502 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
505 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508 struct mgmt_mode *cp, ev;
509 struct hci_dev *hdev;
514 BT_DBG("request for hci%u", index);
516 if (len != sizeof(*cp))
517 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
519 hdev = hci_dev_get(index);
521 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
523 hci_dev_lock_bh(hdev);
526 set_bit(HCI_PAIRABLE, &hdev->flags);
528 clear_bit(HCI_PAIRABLE, &hdev->flags);
530 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
536 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539 hci_dev_unlock_bh(hdev);
545 #define EIR_FLAGS 0x01 /* flags */
546 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
547 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
548 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
549 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
550 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
551 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
552 #define EIR_NAME_SHORT 0x08 /* shortened local name */
553 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
554 #define EIR_TX_POWER 0x0A /* transmit power level */
555 #define EIR_DEVICE_ID 0x10 /* device ID */
557 #define PNP_INFO_SVCLASS_ID 0x1200
559 static u8 bluetooth_base_uuid[] = {
560 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
561 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564 static u16 get_uuid16(u8 *uuid128)
569 for (i = 0; i < 12; i++) {
570 if (bluetooth_base_uuid[i] != uuid128[i])
574 memcpy(&val, &uuid128[12], 4);
576 val = le32_to_cpu(val);
583 static void create_eir(struct hci_dev *hdev, u8 *data)
587 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
588 int i, truncated = 0;
592 name_len = strlen(hdev->dev_name);
598 ptr[1] = EIR_NAME_SHORT;
600 ptr[1] = EIR_NAME_COMPLETE;
602 /* EIR Data length */
603 ptr[0] = name_len + 1;
605 memcpy(ptr + 2, hdev->dev_name, name_len);
607 eir_len += (name_len + 2);
608 ptr += (name_len + 2);
611 memset(uuid16_list, 0, sizeof(uuid16_list));
613 /* Group all UUID16 types */
614 list_for_each(p, &hdev->uuids) {
615 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618 uuid16 = get_uuid16(uuid->uuid);
625 if (uuid16 == PNP_INFO_SVCLASS_ID)
628 /* Stop if not enough space to put next UUID */
629 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
634 /* Check for duplicates */
635 for (i = 0; uuid16_list[i] != 0; i++)
636 if (uuid16_list[i] == uuid16)
639 if (uuid16_list[i] == 0) {
640 uuid16_list[i] = uuid16;
641 eir_len += sizeof(u16);
645 if (uuid16_list[0] != 0) {
649 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
654 for (i = 0; uuid16_list[i] != 0; i++) {
655 *ptr++ = (uuid16_list[i] & 0x00ff);
656 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659 /* EIR Data length */
660 *length = (i * sizeof(u16)) + 1;
664 static int update_eir(struct hci_dev *hdev)
666 struct hci_cp_write_eir cp;
668 if (!(hdev->features[6] & LMP_EXT_INQ))
671 if (hdev->ssp_mode == 0)
674 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677 memset(&cp, 0, sizeof(cp));
679 create_eir(hdev, cp.data);
681 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684 memcpy(hdev->eir, cp.data, sizeof(cp.data));
686 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689 static u8 get_service_classes(struct hci_dev *hdev)
694 list_for_each(p, &hdev->uuids) {
695 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
697 val |= uuid->svc_hint;
703 static int update_class(struct hci_dev *hdev)
707 BT_DBG("%s", hdev->name);
709 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712 cod[0] = hdev->minor_class;
713 cod[1] = hdev->major_class;
714 cod[2] = get_service_classes(hdev);
716 if (memcmp(cod, hdev->dev_class, 3) == 0)
719 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
724 struct mgmt_cp_add_uuid *cp;
725 struct hci_dev *hdev;
726 struct bt_uuid *uuid;
731 BT_DBG("request for hci%u", index);
733 if (len != sizeof(*cp))
734 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
736 hdev = hci_dev_get(index);
738 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
740 hci_dev_lock_bh(hdev);
742 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
748 memcpy(uuid->uuid, cp->uuid, 16);
749 uuid->svc_hint = cp->svc_hint;
751 list_add(&uuid->list, &hdev->uuids);
753 err = update_class(hdev);
757 err = update_eir(hdev);
761 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764 hci_dev_unlock_bh(hdev);
770 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
772 struct list_head *p, *n;
773 struct mgmt_cp_remove_uuid *cp;
774 struct hci_dev *hdev;
775 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
780 BT_DBG("request for hci%u", index);
782 if (len != sizeof(*cp))
783 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
785 hdev = hci_dev_get(index);
787 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
789 hci_dev_lock_bh(hdev);
791 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
792 err = hci_uuids_clear(hdev);
798 list_for_each_safe(p, n, &hdev->uuids) {
799 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
801 if (memcmp(match->uuid, cp->uuid, 16) != 0)
804 list_del(&match->list);
809 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
813 err = update_class(hdev);
817 err = update_eir(hdev);
821 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824 hci_dev_unlock_bh(hdev);
830 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833 struct hci_dev *hdev;
834 struct mgmt_cp_set_dev_class *cp;
839 BT_DBG("request for hci%u", index);
841 if (len != sizeof(*cp))
842 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
844 hdev = hci_dev_get(index);
846 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
848 hci_dev_lock_bh(hdev);
850 hdev->major_class = cp->major;
851 hdev->minor_class = cp->minor;
853 err = update_class(hdev);
856 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
858 hci_dev_unlock_bh(hdev);
864 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
867 struct hci_dev *hdev;
868 struct mgmt_cp_set_service_cache *cp;
873 if (len != sizeof(*cp))
874 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
876 hdev = hci_dev_get(index);
878 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
880 hci_dev_lock_bh(hdev);
882 BT_DBG("hci%u enable %d", index, cp->enable);
885 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
889 err = update_class(hdev);
891 err = update_eir(hdev);
895 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898 hci_dev_unlock_bh(hdev);
904 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
906 struct hci_dev *hdev;
907 struct mgmt_cp_load_keys *cp;
908 u16 key_count, expected_len;
913 if (len < sizeof(*cp))
916 key_count = get_unaligned_le16(&cp->key_count);
918 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
919 if (expected_len != len) {
920 BT_ERR("load_keys: expected %u bytes, got %u bytes",
925 hdev = hci_dev_get(index);
927 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
929 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932 hci_dev_lock_bh(hdev);
934 hci_link_keys_clear(hdev);
936 set_bit(HCI_LINK_KEYS, &hdev->flags);
939 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
941 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
943 for (i = 0; i < key_count; i++) {
944 struct mgmt_key_info *key = &cp->keys[i];
946 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
950 hci_dev_unlock_bh(hdev);
956 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
958 struct hci_dev *hdev;
959 struct mgmt_cp_remove_key *cp;
960 struct hci_conn *conn;
965 if (len != sizeof(*cp))
966 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
968 hdev = hci_dev_get(index);
970 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
972 hci_dev_lock_bh(hdev);
974 err = hci_remove_link_key(hdev, &cp->bdaddr);
976 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
982 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
985 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
987 struct hci_cp_disconnect dc;
989 put_unaligned_le16(conn->handle, &dc.handle);
990 dc.reason = 0x13; /* Remote User Terminated Connection */
991 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
995 hci_dev_unlock_bh(hdev);
1001 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1003 struct hci_dev *hdev;
1004 struct mgmt_cp_disconnect *cp;
1005 struct hci_cp_disconnect dc;
1006 struct pending_cmd *cmd;
1007 struct hci_conn *conn;
1014 if (len != sizeof(*cp))
1015 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1017 hdev = hci_dev_get(index);
1019 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1021 hci_dev_lock_bh(hdev);
1023 if (!test_bit(HCI_UP, &hdev->flags)) {
1024 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1028 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1029 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1033 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1035 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1038 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1042 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1048 put_unaligned_le16(conn->handle, &dc.handle);
1049 dc.reason = 0x13; /* Remote User Terminated Connection */
1051 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1053 mgmt_pending_remove(cmd);
1056 hci_dev_unlock_bh(hdev);
1062 static int get_connections(struct sock *sk, u16 index)
1064 struct mgmt_rp_get_connections *rp;
1065 struct hci_dev *hdev;
1066 struct list_head *p;
1073 hdev = hci_dev_get(index);
1075 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1077 hci_dev_lock_bh(hdev);
1080 list_for_each(p, &hdev->conn_hash.list) {
1084 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1085 rp = kmalloc(rp_len, GFP_ATOMIC);
1091 put_unaligned_le16(count, &rp->conn_count);
1094 list_for_each(p, &hdev->conn_hash.list) {
1095 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1097 bacpy(&rp->conn[i++], &c->dst);
1100 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1104 hci_dev_unlock_bh(hdev);
1109 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1110 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1112 struct pending_cmd *cmd;
1115 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1120 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1123 mgmt_pending_remove(cmd);
1128 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1131 struct hci_dev *hdev;
1132 struct hci_conn *conn;
1133 struct mgmt_cp_pin_code_reply *cp;
1134 struct mgmt_cp_pin_code_neg_reply ncp;
1135 struct hci_cp_pin_code_reply reply;
1136 struct pending_cmd *cmd;
1143 if (len != sizeof(*cp))
1144 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1146 hdev = hci_dev_get(index);
1148 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1150 hci_dev_lock_bh(hdev);
1152 if (!test_bit(HCI_UP, &hdev->flags)) {
1153 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1157 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1159 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1163 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1164 bacpy(&ncp.bdaddr, &cp->bdaddr);
1166 BT_ERR("PIN code is not 16 bytes long");
1168 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1170 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1176 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1182 bacpy(&reply.bdaddr, &cp->bdaddr);
1183 reply.pin_len = cp->pin_len;
1184 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1186 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1188 mgmt_pending_remove(cmd);
1191 hci_dev_unlock_bh(hdev);
1197 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1200 struct hci_dev *hdev;
1201 struct mgmt_cp_pin_code_neg_reply *cp;
1208 if (len != sizeof(*cp))
1209 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1212 hdev = hci_dev_get(index);
1214 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1217 hci_dev_lock_bh(hdev);
1219 if (!test_bit(HCI_UP, &hdev->flags)) {
1220 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1225 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1228 hci_dev_unlock_bh(hdev);
1234 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1237 struct hci_dev *hdev;
1238 struct mgmt_cp_set_io_capability *cp;
1244 if (len != sizeof(*cp))
1245 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1247 hdev = hci_dev_get(index);
1249 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1251 hci_dev_lock_bh(hdev);
1253 hdev->io_capability = cp->io_capability;
1255 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1256 hdev->io_capability);
1258 hci_dev_unlock_bh(hdev);
1261 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1264 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1266 struct hci_dev *hdev = conn->hdev;
1267 struct list_head *p;
1269 list_for_each(p, &cmd_list) {
1270 struct pending_cmd *cmd;
1272 cmd = list_entry(p, struct pending_cmd, list);
1274 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1277 if (cmd->index != hdev->id)
1280 if (cmd->user_data != conn)
1289 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1291 struct mgmt_rp_pair_device rp;
1292 struct hci_conn *conn = cmd->user_data;
1294 bacpy(&rp.bdaddr, &conn->dst);
1297 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1299 /* So we don't get further callbacks for this connection */
1300 conn->connect_cfm_cb = NULL;
1301 conn->security_cfm_cb = NULL;
1302 conn->disconn_cfm_cb = NULL;
1306 mgmt_pending_remove(cmd);
1309 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1311 struct pending_cmd *cmd;
1313 BT_DBG("status %u", status);
1315 cmd = find_pairing(conn);
1317 BT_DBG("Unable to find a pending command");
1321 pairing_complete(cmd, status);
1324 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1326 struct hci_dev *hdev;
1327 struct mgmt_cp_pair_device *cp;
1328 struct pending_cmd *cmd;
1329 struct adv_entry *entry;
1330 u8 sec_level, auth_type;
1331 struct hci_conn *conn;
1338 if (len != sizeof(*cp))
1339 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1341 hdev = hci_dev_get(index);
1343 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1345 hci_dev_lock_bh(hdev);
1347 sec_level = BT_SECURITY_MEDIUM;
1348 if (cp->io_cap == 0x03)
1349 auth_type = HCI_AT_DEDICATED_BONDING;
1351 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1353 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1355 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1358 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1362 err = PTR_ERR(conn);
1366 if (conn->connect_cfm_cb) {
1368 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1372 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1379 /* For LE, just connecting isn't a proof that the pairing finished */
1381 conn->connect_cfm_cb = pairing_complete_cb;
1383 conn->security_cfm_cb = pairing_complete_cb;
1384 conn->disconn_cfm_cb = pairing_complete_cb;
1385 conn->io_capability = cp->io_cap;
1386 cmd->user_data = conn;
1388 if (conn->state == BT_CONNECTED &&
1389 hci_conn_security(conn, sec_level, auth_type))
1390 pairing_complete(cmd, 0);
1395 hci_dev_unlock_bh(hdev);
1401 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1402 u16 len, int success)
1404 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1405 u16 mgmt_op, hci_op;
1406 struct pending_cmd *cmd;
1407 struct hci_dev *hdev;
1413 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1414 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1416 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1417 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1420 if (len != sizeof(*cp))
1421 return cmd_status(sk, index, mgmt_op, EINVAL);
1423 hdev = hci_dev_get(index);
1425 return cmd_status(sk, index, mgmt_op, ENODEV);
1427 hci_dev_lock_bh(hdev);
1429 if (!test_bit(HCI_UP, &hdev->flags)) {
1430 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1434 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1440 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1442 mgmt_pending_remove(cmd);
1445 hci_dev_unlock_bh(hdev);
1451 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1454 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1455 struct hci_cp_write_local_name hci_cp;
1456 struct hci_dev *hdev;
1457 struct pending_cmd *cmd;
1462 if (len != sizeof(*mgmt_cp))
1463 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1465 hdev = hci_dev_get(index);
1467 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1469 hci_dev_lock_bh(hdev);
1471 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1477 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1478 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1481 mgmt_pending_remove(cmd);
1484 hci_dev_unlock_bh(hdev);
1490 static int read_local_oob_data(struct sock *sk, u16 index)
1492 struct hci_dev *hdev;
1493 struct pending_cmd *cmd;
1496 BT_DBG("hci%u", index);
1498 hdev = hci_dev_get(index);
1500 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1503 hci_dev_lock_bh(hdev);
1505 if (!test_bit(HCI_UP, &hdev->flags)) {
1506 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1511 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1512 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1517 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1518 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1522 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1528 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1530 mgmt_pending_remove(cmd);
1533 hci_dev_unlock_bh(hdev);
1539 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1542 struct hci_dev *hdev;
1543 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1546 BT_DBG("hci%u ", index);
1548 if (len != sizeof(*cp))
1549 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1552 hdev = hci_dev_get(index);
1554 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1557 hci_dev_lock_bh(hdev);
1559 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1562 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1564 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1567 hci_dev_unlock_bh(hdev);
1573 static int remove_remote_oob_data(struct sock *sk, u16 index,
1574 unsigned char *data, u16 len)
1576 struct hci_dev *hdev;
1577 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1580 BT_DBG("hci%u ", index);
1582 if (len != sizeof(*cp))
1583 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1586 hdev = hci_dev_get(index);
1588 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1591 hci_dev_lock_bh(hdev);
1593 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1595 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1598 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1601 hci_dev_unlock_bh(hdev);
1607 static int start_discovery(struct sock *sk, u16 index)
1609 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1610 struct hci_cp_inquiry cp;
1611 struct pending_cmd *cmd;
1612 struct hci_dev *hdev;
1615 BT_DBG("hci%u", index);
1617 hdev = hci_dev_get(index);
1619 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1621 hci_dev_lock_bh(hdev);
1623 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1629 memset(&cp, 0, sizeof(cp));
1630 memcpy(&cp.lap, lap, 3);
1634 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1636 mgmt_pending_remove(cmd);
1639 hci_dev_unlock_bh(hdev);
1645 static int stop_discovery(struct sock *sk, u16 index)
1647 struct hci_dev *hdev;
1648 struct pending_cmd *cmd;
1651 BT_DBG("hci%u", index);
1653 hdev = hci_dev_get(index);
1655 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1657 hci_dev_lock_bh(hdev);
1659 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1665 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1667 mgmt_pending_remove(cmd);
1670 hci_dev_unlock_bh(hdev);
1676 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1679 struct hci_dev *hdev;
1680 struct pending_cmd *cmd;
1681 struct mgmt_cp_block_device *cp = (void *) data;
1684 BT_DBG("hci%u", index);
1686 if (len != sizeof(*cp))
1687 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1690 hdev = hci_dev_get(index);
1692 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1695 hci_dev_lock_bh(hdev);
1697 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0);
1703 err = hci_blacklist_add(hdev, &cp->bdaddr);
1706 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1708 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1711 mgmt_pending_remove(cmd);
1714 hci_dev_unlock_bh(hdev);
1720 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1723 struct hci_dev *hdev;
1724 struct pending_cmd *cmd;
1725 struct mgmt_cp_unblock_device *cp = (void *) data;
1728 BT_DBG("hci%u", index);
1730 if (len != sizeof(*cp))
1731 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1734 hdev = hci_dev_get(index);
1736 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1739 hci_dev_lock_bh(hdev);
1741 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0);
1747 err = hci_blacklist_del(hdev, &cp->bdaddr);
1750 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1752 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1755 mgmt_pending_remove(cmd);
1758 hci_dev_unlock_bh(hdev);
1764 static int set_fast_connectable(struct sock *sk, u16 index,
1765 unsigned char *data, u16 len)
1767 struct hci_dev *hdev;
1768 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1769 struct hci_cp_write_page_scan_activity acp;
1773 BT_DBG("hci%u", index);
1775 if (len != sizeof(*cp))
1776 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1779 hdev = hci_dev_get(index);
1781 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1787 type = PAGE_SCAN_TYPE_INTERLACED;
1788 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1790 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1791 acp.interval = 0x0800; /* default 1.28 sec page scan */
1794 acp.window = 0x0012; /* default 11.25 msec page scan window */
1796 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1799 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1804 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1806 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1811 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1814 hci_dev_unlock(hdev);
1820 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1823 struct mgmt_hdr *hdr;
1824 u16 opcode, index, len;
1827 BT_DBG("got %zu bytes", msglen);
1829 if (msglen < sizeof(*hdr))
1832 buf = kmalloc(msglen, GFP_KERNEL);
1836 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1841 hdr = (struct mgmt_hdr *) buf;
1842 opcode = get_unaligned_le16(&hdr->opcode);
1843 index = get_unaligned_le16(&hdr->index);
1844 len = get_unaligned_le16(&hdr->len);
1846 if (len != msglen - sizeof(*hdr)) {
1852 case MGMT_OP_READ_VERSION:
1853 err = read_version(sk);
1855 case MGMT_OP_READ_INDEX_LIST:
1856 err = read_index_list(sk);
1858 case MGMT_OP_READ_INFO:
1859 err = read_controller_info(sk, index);
1861 case MGMT_OP_SET_POWERED:
1862 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1864 case MGMT_OP_SET_DISCOVERABLE:
1865 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1867 case MGMT_OP_SET_CONNECTABLE:
1868 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1870 case MGMT_OP_SET_PAIRABLE:
1871 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1873 case MGMT_OP_ADD_UUID:
1874 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1876 case MGMT_OP_REMOVE_UUID:
1877 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1879 case MGMT_OP_SET_DEV_CLASS:
1880 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1882 case MGMT_OP_SET_SERVICE_CACHE:
1883 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1885 case MGMT_OP_LOAD_KEYS:
1886 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1888 case MGMT_OP_REMOVE_KEY:
1889 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1891 case MGMT_OP_DISCONNECT:
1892 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1894 case MGMT_OP_GET_CONNECTIONS:
1895 err = get_connections(sk, index);
1897 case MGMT_OP_PIN_CODE_REPLY:
1898 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1900 case MGMT_OP_PIN_CODE_NEG_REPLY:
1901 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1903 case MGMT_OP_SET_IO_CAPABILITY:
1904 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1906 case MGMT_OP_PAIR_DEVICE:
1907 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1909 case MGMT_OP_USER_CONFIRM_REPLY:
1910 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1912 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1913 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1915 case MGMT_OP_SET_LOCAL_NAME:
1916 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1918 case MGMT_OP_READ_LOCAL_OOB_DATA:
1919 err = read_local_oob_data(sk, index);
1921 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1922 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1924 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1925 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1928 case MGMT_OP_START_DISCOVERY:
1929 err = start_discovery(sk, index);
1931 case MGMT_OP_STOP_DISCOVERY:
1932 err = stop_discovery(sk, index);
1934 case MGMT_OP_BLOCK_DEVICE:
1935 err = block_device(sk, index, buf + sizeof(*hdr), len);
1937 case MGMT_OP_UNBLOCK_DEVICE:
1938 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1940 case MGMT_OP_SET_FAST_CONNECTABLE:
1941 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1945 BT_DBG("Unknown op %u", opcode);
1946 err = cmd_status(sk, index, opcode, 0x01);
1960 int mgmt_index_added(u16 index)
1962 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1965 int mgmt_index_removed(u16 index)
1967 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1975 static void mode_rsp(struct pending_cmd *cmd, void *data)
1977 struct mgmt_mode *cp = cmd->param;
1978 struct cmd_lookup *match = data;
1980 if (cp->val != match->val)
1983 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1985 list_del(&cmd->list);
1987 if (match->sk == NULL) {
1988 match->sk = cmd->sk;
1989 sock_hold(match->sk);
1992 mgmt_pending_free(cmd);
1995 int mgmt_powered(u16 index, u8 powered)
1997 struct mgmt_mode ev;
1998 struct cmd_lookup match = { powered, NULL };
2001 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2005 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2013 int mgmt_discoverable(u16 index, u8 discoverable)
2015 struct mgmt_mode ev;
2016 struct cmd_lookup match = { discoverable, NULL };
2019 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2021 ev.val = discoverable;
2023 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2032 int mgmt_connectable(u16 index, u8 connectable)
2034 struct mgmt_mode ev;
2035 struct cmd_lookup match = { connectable, NULL };
2038 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2040 ev.val = connectable;
2042 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2050 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2052 struct mgmt_ev_new_key ev;
2054 memset(&ev, 0, sizeof(ev));
2056 ev.store_hint = persistent;
2057 bacpy(&ev.key.bdaddr, &key->bdaddr);
2058 ev.key.type = key->type;
2059 memcpy(ev.key.val, key->val, 16);
2060 ev.key.pin_len = key->pin_len;
2062 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2065 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2067 struct mgmt_ev_connected ev;
2069 bacpy(&ev.bdaddr, bdaddr);
2070 ev.link_type = link_type;
2072 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2075 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2077 struct mgmt_cp_disconnect *cp = cmd->param;
2078 struct sock **sk = data;
2079 struct mgmt_rp_disconnect rp;
2081 bacpy(&rp.bdaddr, &cp->bdaddr);
2083 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2088 mgmt_pending_remove(cmd);
2091 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2093 struct mgmt_ev_disconnected ev;
2094 struct sock *sk = NULL;
2097 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2099 bacpy(&ev.bdaddr, bdaddr);
2101 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2109 int mgmt_disconnect_failed(u16 index)
2111 struct pending_cmd *cmd;
2114 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2118 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2120 mgmt_pending_remove(cmd);
2125 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2127 struct mgmt_ev_connect_failed ev;
2129 bacpy(&ev.bdaddr, bdaddr);
2132 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2135 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2137 struct mgmt_ev_pin_code_request ev;
2139 bacpy(&ev.bdaddr, bdaddr);
2142 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2146 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2148 struct pending_cmd *cmd;
2149 struct mgmt_rp_pin_code_reply rp;
2152 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2156 bacpy(&rp.bdaddr, bdaddr);
2159 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2162 mgmt_pending_remove(cmd);
2167 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2169 struct pending_cmd *cmd;
2170 struct mgmt_rp_pin_code_reply rp;
2173 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2177 bacpy(&rp.bdaddr, bdaddr);
2180 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2183 mgmt_pending_remove(cmd);
2188 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2191 struct mgmt_ev_user_confirm_request ev;
2193 BT_DBG("hci%u", index);
2195 bacpy(&ev.bdaddr, bdaddr);
2196 ev.confirm_hint = confirm_hint;
2197 put_unaligned_le32(value, &ev.value);
2199 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2203 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2206 struct pending_cmd *cmd;
2207 struct mgmt_rp_user_confirm_reply rp;
2210 cmd = mgmt_pending_find(opcode, index);
2214 bacpy(&rp.bdaddr, bdaddr);
2216 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2218 mgmt_pending_remove(cmd);
2223 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2225 return confirm_reply_complete(index, bdaddr, status,
2226 MGMT_OP_USER_CONFIRM_REPLY);
2229 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2231 return confirm_reply_complete(index, bdaddr, status,
2232 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2235 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2237 struct mgmt_ev_auth_failed ev;
2239 bacpy(&ev.bdaddr, bdaddr);
2242 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2245 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2247 struct pending_cmd *cmd;
2248 struct hci_dev *hdev;
2249 struct mgmt_cp_set_local_name ev;
2252 memset(&ev, 0, sizeof(ev));
2253 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2255 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2260 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2264 hdev = hci_dev_get(index);
2266 hci_dev_lock_bh(hdev);
2268 hci_dev_unlock_bh(hdev);
2272 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2278 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2279 cmd ? cmd->sk : NULL);
2283 mgmt_pending_remove(cmd);
2287 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2290 struct pending_cmd *cmd;
2293 BT_DBG("hci%u status %u", index, status);
2295 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2300 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2303 struct mgmt_rp_read_local_oob_data rp;
2305 memcpy(rp.hash, hash, sizeof(rp.hash));
2306 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2308 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2312 mgmt_pending_remove(cmd);
2317 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2320 struct mgmt_ev_device_found ev;
2322 memset(&ev, 0, sizeof(ev));
2324 bacpy(&ev.bdaddr, bdaddr);
2328 memcpy(ev.eir, eir, sizeof(ev.eir));
2331 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2333 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2336 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2338 struct mgmt_ev_remote_name ev;
2340 memset(&ev, 0, sizeof(ev));
2342 bacpy(&ev.bdaddr, bdaddr);
2343 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2345 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2348 int mgmt_discovering(u16 index, u8 discovering)
2350 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2351 sizeof(discovering), NULL);
2354 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2356 struct pending_cmd *cmd;
2357 struct mgmt_ev_device_blocked ev;
2359 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2361 bacpy(&ev.bdaddr, bdaddr);
2363 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2364 cmd ? cmd->sk : NULL);
2367 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2369 struct pending_cmd *cmd;
2370 struct mgmt_ev_device_unblocked ev;
2372 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2374 bacpy(&ev.bdaddr, bdaddr);
2376 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2377 cmd ? cmd->sk : NULL);