2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 err = sock_queue_rcv_skb(sk, skb);
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
81 struct mgmt_ev_cmd_complete *ev;
84 BT_DBG("sock %p", sk);
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
100 memcpy(ev->data, rp, rp_len);
102 err = sock_queue_rcv_skb(sk, skb);
109 static int read_version(struct sock *sk)
111 struct mgmt_rp_read_version rp;
113 BT_DBG("sock %p", sk);
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
122 static int read_index_list(struct sock *sk)
124 struct mgmt_rp_read_index_list *rp;
131 BT_DBG("sock %p", sk);
133 read_lock(&hci_dev_list_lock);
136 list_for_each(p, &hci_dev_list) {
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
143 read_unlock(&hci_dev_list_lock);
147 put_unaligned_le16(count, &rp->num_controllers);
150 list_for_each_entry(d, &hci_dev_list, list) {
151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
152 cancel_delayed_work(&d->power_off);
154 if (test_bit(HCI_SETUP, &d->flags))
157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
161 read_unlock(&hci_dev_list_lock);
163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
171 static int read_controller_info(struct sock *sk, u16 index)
173 struct mgmt_rp_read_info rp;
174 struct hci_dev *hdev;
176 BT_DBG("sock %p hci%u", sk, index);
178 hdev = hci_dev_get(index);
180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
185 hci_dev_lock_bh(hdev);
187 set_bit(HCI_MGMT, &hdev->flags);
189 memset(&rp, 0, sizeof(rp));
191 rp.type = hdev->dev_type;
193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198 if (test_bit(HCI_AUTH, &hdev->flags))
200 else if (hdev->ssp_mode > 0)
205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214 hci_dev_unlock_bh(hdev);
217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
220 static void mgmt_pending_free(struct pending_cmd *cmd)
227 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
228 struct hci_dev *hdev,
231 struct pending_cmd *cmd;
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
237 cmd->opcode = opcode;
238 cmd->index = hdev->id;
240 cmd->param = kmalloc(len, GFP_ATOMIC);
247 memcpy(cmd->param, data, len);
252 list_add(&cmd->list, &hdev->mgmt_pending);
257 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
258 void (*cb)(struct pending_cmd *cmd, void *data),
261 struct list_head *p, *n;
263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
264 struct pending_cmd *cmd;
266 cmd = list_entry(p, struct pending_cmd, list);
268 if (opcode > 0 && cmd->opcode != opcode)
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
277 struct pending_cmd *cmd;
279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
280 if (cmd->opcode == opcode)
287 static void mgmt_pending_remove(struct pending_cmd *cmd)
289 list_del(&cmd->list);
290 mgmt_pending_free(cmd);
293 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
295 struct mgmt_mode *cp;
296 struct hci_dev *hdev;
297 struct pending_cmd *cmd;
302 BT_DBG("request for hci%u", index);
304 if (len != sizeof(*cp))
305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
307 hdev = hci_dev_get(index);
309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
311 hci_dev_lock_bh(hdev);
313 up = test_bit(HCI_UP, &hdev->flags);
314 if ((cp->val && up) || (!cp->val && !up)) {
315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
331 queue_work(hdev->workqueue, &hdev->power_on);
333 queue_work(hdev->workqueue, &hdev->power_off.work);
338 hci_dev_unlock_bh(hdev);
343 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
346 struct mgmt_cp_set_discoverable *cp;
347 struct hci_dev *hdev;
348 struct pending_cmd *cmd;
354 BT_DBG("request for hci%u", index);
356 if (len != sizeof(*cp))
357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
359 hdev = hci_dev_get(index);
361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
363 hci_dev_lock_bh(hdev);
365 if (!test_bit(HCI_UP, &hdev->flags)) {
366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
377 test_bit(HCI_PSCAN, &hdev->flags)) {
378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
391 scan |= SCAN_INQUIRY;
393 cancel_delayed_work(&hdev->discov_off);
395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 mgmt_pending_remove(cmd);
400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
403 hci_dev_unlock_bh(hdev);
409 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
412 struct mgmt_mode *cp;
413 struct hci_dev *hdev;
414 struct pending_cmd *cmd;
420 BT_DBG("request for hci%u", index);
422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
425 hdev = hci_dev_get(index);
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
429 hci_dev_lock_bh(hdev);
431 if (!test_bit(HCI_UP, &hdev->flags)) {
432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
460 mgmt_pending_remove(cmd);
463 hci_dev_unlock_bh(hdev);
469 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
470 u16 data_len, struct sock *skip_sk)
473 struct mgmt_hdr *hdr;
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
484 hdr->index = cpu_to_le16(hdev->id);
486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
487 hdr->len = cpu_to_le16(data_len);
490 memcpy(skb_put(skb, data_len), data, data_len);
492 hci_send_to_sock(NULL, skb, skip_sk);
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
516 BT_DBG("request for hci%u", index);
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
521 hdev = hci_dev_get(index);
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
525 hci_dev_lock_bh(hdev);
528 set_bit(HCI_PAIRABLE, &hdev->flags);
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
541 hci_dev_unlock_bh(hdev);
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
559 #define PNP_INFO_SVCLASS_ID 0x1200
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566 static u16 get_uuid16(u8 *uuid128)
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
576 memcpy(&val, &uuid128[12], 4);
578 val = le32_to_cpu(val);
585 static void create_eir(struct hci_dev *hdev, u8 *data)
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct bt_uuid *uuid;
594 name_len = strlen(hdev->dev_name);
600 ptr[1] = EIR_NAME_SHORT;
602 ptr[1] = EIR_NAME_COMPLETE;
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
607 memcpy(ptr + 2, hdev->dev_name, name_len);
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
613 memset(uuid16_list, 0, sizeof(uuid16_list));
615 /* Group all UUID16 types */
616 list_for_each_entry(uuid, &hdev->uuids, list) {
619 uuid16 = get_uuid16(uuid->uuid);
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
646 if (uuid16_list[0] != 0) {
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
665 static int update_eir(struct hci_dev *hdev)
667 struct hci_cp_write_eir cp;
669 if (!(hdev->features[6] & LMP_EXT_INQ))
672 if (hdev->ssp_mode == 0)
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
678 memset(&cp, 0, sizeof(cp));
680 create_eir(hdev, cp.data);
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
690 static u8 get_service_classes(struct hci_dev *hdev)
692 struct bt_uuid *uuid;
695 list_for_each_entry(uuid, &hdev->uuids, list)
696 val |= uuid->svc_hint;
701 static int update_class(struct hci_dev *hdev)
705 BT_DBG("%s", hdev->name);
707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
710 cod[0] = hdev->minor_class;
711 cod[1] = hdev->major_class;
712 cod[2] = get_service_classes(hdev);
714 if (memcmp(cod, hdev->dev_class, 3) == 0)
717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
720 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
722 struct mgmt_cp_add_uuid *cp;
723 struct hci_dev *hdev;
724 struct bt_uuid *uuid;
729 BT_DBG("request for hci%u", index);
731 if (len != sizeof(*cp))
732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
734 hdev = hci_dev_get(index);
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
738 hci_dev_lock_bh(hdev);
740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
746 memcpy(uuid->uuid, cp->uuid, 16);
747 uuid->svc_hint = cp->svc_hint;
749 list_add(&uuid->list, &hdev->uuids);
751 err = update_class(hdev);
755 err = update_eir(hdev);
759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
762 hci_dev_unlock_bh(hdev);
768 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
770 struct list_head *p, *n;
771 struct mgmt_cp_remove_uuid *cp;
772 struct hci_dev *hdev;
773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 BT_DBG("request for hci%u", index);
780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
783 hdev = hci_dev_get(index);
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
787 hci_dev_lock_bh(hdev);
789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
790 err = hci_uuids_clear(hdev);
796 list_for_each_safe(p, n, &hdev->uuids) {
797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
799 if (memcmp(match->uuid, cp->uuid, 16) != 0)
802 list_del(&match->list);
807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
811 err = update_class(hdev);
815 err = update_eir(hdev);
819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
822 hci_dev_unlock_bh(hdev);
828 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
831 struct hci_dev *hdev;
832 struct mgmt_cp_set_dev_class *cp;
837 BT_DBG("request for hci%u", index);
839 if (len != sizeof(*cp))
840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
842 hdev = hci_dev_get(index);
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
846 hci_dev_lock_bh(hdev);
848 hdev->major_class = cp->major;
849 hdev->minor_class = cp->minor;
851 err = update_class(hdev);
854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
856 hci_dev_unlock_bh(hdev);
862 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
865 struct hci_dev *hdev;
866 struct mgmt_cp_set_service_cache *cp;
871 if (len != sizeof(*cp))
872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
874 hdev = hci_dev_get(index);
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
878 hci_dev_lock_bh(hdev);
880 BT_DBG("hci%u enable %d", index, cp->enable);
883 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = update_class(hdev);
889 err = update_eir(hdev);
893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
899 hci_dev_unlock_bh(hdev);
905 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_link_keys *cp;
910 u16 key_count, expected_len;
915 if (len < sizeof(*cp))
916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
918 key_count = get_unaligned_le16(&cp->key_count);
920 expected_len = sizeof(*cp) + key_count *
921 sizeof(struct mgmt_link_key_info);
922 if (expected_len != len) {
923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
928 hdev = hci_dev_get(index);
930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
935 hci_dev_lock_bh(hdev);
937 hci_link_keys_clear(hdev);
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
946 for (i = 0; i < key_count; i++) {
947 struct mgmt_link_key_info *key = &cp->keys[i];
949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
953 hci_dev_unlock_bh(hdev);
959 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
962 struct hci_dev *hdev;
963 struct mgmt_cp_remove_keys *cp;
964 struct hci_conn *conn;
969 if (len != sizeof(*cp))
970 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
972 hdev = hci_dev_get(index);
974 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
976 hci_dev_lock_bh(hdev);
978 err = hci_remove_link_key(hdev, &cp->bdaddr);
980 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
986 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
989 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
991 struct hci_cp_disconnect dc;
993 put_unaligned_le16(conn->handle, &dc.handle);
994 dc.reason = 0x13; /* Remote User Terminated Connection */
995 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
999 hci_dev_unlock_bh(hdev);
1005 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1007 struct hci_dev *hdev;
1008 struct mgmt_cp_disconnect *cp;
1009 struct hci_cp_disconnect dc;
1010 struct pending_cmd *cmd;
1011 struct hci_conn *conn;
1018 if (len != sizeof(*cp))
1019 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1021 hdev = hci_dev_get(index);
1023 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1025 hci_dev_lock_bh(hdev);
1027 if (!test_bit(HCI_UP, &hdev->flags)) {
1028 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1032 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1033 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1039 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1042 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1046 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1052 put_unaligned_le16(conn->handle, &dc.handle);
1053 dc.reason = 0x13; /* Remote User Terminated Connection */
1055 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1057 mgmt_pending_remove(cmd);
1060 hci_dev_unlock_bh(hdev);
1066 static u8 link_to_mgmt(u8 link_type)
1068 switch (link_type) {
1070 return MGMT_ADDR_LE;
1072 return MGMT_ADDR_BREDR;
1074 return MGMT_ADDR_INVALID;
1078 static int get_connections(struct sock *sk, u16 index)
1080 struct mgmt_rp_get_connections *rp;
1081 struct hci_dev *hdev;
1083 struct list_head *p;
1090 hdev = hci_dev_get(index);
1092 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1094 hci_dev_lock_bh(hdev);
1097 list_for_each(p, &hdev->conn_hash.list) {
1101 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1102 rp = kmalloc(rp_len, GFP_ATOMIC);
1108 put_unaligned_le16(count, &rp->conn_count);
1111 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1112 bacpy(&rp->addr[i].bdaddr, &c->dst);
1113 rp->addr[i].type = link_to_mgmt(c->type);
1114 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1119 /* Recalculate length in case of filtered SCO connections, etc */
1120 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1122 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1126 hci_dev_unlock_bh(hdev);
1131 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1132 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1134 struct pending_cmd *cmd;
1137 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1142 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1145 mgmt_pending_remove(cmd);
1150 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1153 struct hci_dev *hdev;
1154 struct hci_conn *conn;
1155 struct mgmt_cp_pin_code_reply *cp;
1156 struct mgmt_cp_pin_code_neg_reply ncp;
1157 struct hci_cp_pin_code_reply reply;
1158 struct pending_cmd *cmd;
1165 if (len != sizeof(*cp))
1166 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1168 hdev = hci_dev_get(index);
1170 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1172 hci_dev_lock_bh(hdev);
1174 if (!test_bit(HCI_UP, &hdev->flags)) {
1175 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1179 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1181 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1185 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1186 bacpy(&ncp.bdaddr, &cp->bdaddr);
1188 BT_ERR("PIN code is not 16 bytes long");
1190 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1192 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1198 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1204 bacpy(&reply.bdaddr, &cp->bdaddr);
1205 reply.pin_len = cp->pin_len;
1206 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1208 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1210 mgmt_pending_remove(cmd);
1213 hci_dev_unlock_bh(hdev);
1219 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1222 struct hci_dev *hdev;
1223 struct mgmt_cp_pin_code_neg_reply *cp;
1230 if (len != sizeof(*cp))
1231 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1234 hdev = hci_dev_get(index);
1236 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1239 hci_dev_lock_bh(hdev);
1241 if (!test_bit(HCI_UP, &hdev->flags)) {
1242 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1247 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1250 hci_dev_unlock_bh(hdev);
1256 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1259 struct hci_dev *hdev;
1260 struct mgmt_cp_set_io_capability *cp;
1266 if (len != sizeof(*cp))
1267 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1269 hdev = hci_dev_get(index);
1271 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1273 hci_dev_lock_bh(hdev);
1275 hdev->io_capability = cp->io_capability;
1277 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1278 hdev->io_capability);
1280 hci_dev_unlock_bh(hdev);
1283 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1286 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1288 struct hci_dev *hdev = conn->hdev;
1289 struct pending_cmd *cmd;
1291 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1292 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1295 if (cmd->user_data != conn)
1304 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1306 struct mgmt_rp_pair_device rp;
1307 struct hci_conn *conn = cmd->user_data;
1309 bacpy(&rp.bdaddr, &conn->dst);
1312 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1314 /* So we don't get further callbacks for this connection */
1315 conn->connect_cfm_cb = NULL;
1316 conn->security_cfm_cb = NULL;
1317 conn->disconn_cfm_cb = NULL;
1321 mgmt_pending_remove(cmd);
1324 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1326 struct pending_cmd *cmd;
1327 struct hci_dev *hdev = conn->hdev;
1329 BT_DBG("status %u", status);
1331 hci_dev_lock_bh(hdev);
1333 cmd = find_pairing(conn);
1335 BT_DBG("Unable to find a pending command");
1337 pairing_complete(cmd, status);
1339 hci_dev_unlock_bh(hdev);
1342 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1344 struct hci_dev *hdev;
1345 struct mgmt_cp_pair_device *cp;
1346 struct pending_cmd *cmd;
1347 struct adv_entry *entry;
1348 u8 sec_level, auth_type;
1349 struct hci_conn *conn;
1356 if (len != sizeof(*cp))
1357 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1359 hdev = hci_dev_get(index);
1361 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1363 hci_dev_lock_bh(hdev);
1365 sec_level = BT_SECURITY_MEDIUM;
1366 if (cp->io_cap == 0x03)
1367 auth_type = HCI_AT_DEDICATED_BONDING;
1369 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1371 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1373 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1376 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1380 err = PTR_ERR(conn);
1384 if (conn->connect_cfm_cb) {
1386 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1390 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1397 /* For LE, just connecting isn't a proof that the pairing finished */
1399 conn->connect_cfm_cb = pairing_complete_cb;
1401 conn->security_cfm_cb = pairing_complete_cb;
1402 conn->disconn_cfm_cb = pairing_complete_cb;
1403 conn->io_capability = cp->io_cap;
1404 cmd->user_data = conn;
1406 if (conn->state == BT_CONNECTED &&
1407 hci_conn_security(conn, sec_level, auth_type))
1408 pairing_complete(cmd, 0);
1413 hci_dev_unlock_bh(hdev);
1419 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1420 u16 len, int success)
1422 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1423 u16 mgmt_op, hci_op;
1424 struct pending_cmd *cmd;
1425 struct hci_dev *hdev;
1431 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1432 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1434 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1435 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1438 if (len != sizeof(*cp))
1439 return cmd_status(sk, index, mgmt_op, EINVAL);
1441 hdev = hci_dev_get(index);
1443 return cmd_status(sk, index, mgmt_op, ENODEV);
1445 hci_dev_lock_bh(hdev);
1447 if (!test_bit(HCI_UP, &hdev->flags)) {
1448 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1452 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1458 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1460 mgmt_pending_remove(cmd);
1463 hci_dev_unlock_bh(hdev);
1469 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1472 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1473 struct hci_cp_write_local_name hci_cp;
1474 struct hci_dev *hdev;
1475 struct pending_cmd *cmd;
1480 if (len != sizeof(*mgmt_cp))
1481 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1483 hdev = hci_dev_get(index);
1485 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1487 hci_dev_lock_bh(hdev);
1489 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1495 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1496 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1499 mgmt_pending_remove(cmd);
1502 hci_dev_unlock_bh(hdev);
1508 static int read_local_oob_data(struct sock *sk, u16 index)
1510 struct hci_dev *hdev;
1511 struct pending_cmd *cmd;
1514 BT_DBG("hci%u", index);
1516 hdev = hci_dev_get(index);
1518 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1521 hci_dev_lock_bh(hdev);
1523 if (!test_bit(HCI_UP, &hdev->flags)) {
1524 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1529 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1530 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1535 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1536 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1540 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1546 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1548 mgmt_pending_remove(cmd);
1551 hci_dev_unlock_bh(hdev);
1557 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1560 struct hci_dev *hdev;
1561 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1564 BT_DBG("hci%u ", index);
1566 if (len != sizeof(*cp))
1567 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1570 hdev = hci_dev_get(index);
1572 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1575 hci_dev_lock_bh(hdev);
1577 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1580 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1582 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1585 hci_dev_unlock_bh(hdev);
1591 static int remove_remote_oob_data(struct sock *sk, u16 index,
1592 unsigned char *data, u16 len)
1594 struct hci_dev *hdev;
1595 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1598 BT_DBG("hci%u ", index);
1600 if (len != sizeof(*cp))
1601 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1604 hdev = hci_dev_get(index);
1606 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1609 hci_dev_lock_bh(hdev);
1611 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1613 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1616 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1619 hci_dev_unlock_bh(hdev);
1625 static int start_discovery(struct sock *sk, u16 index)
1627 struct pending_cmd *cmd;
1628 struct hci_dev *hdev;
1631 BT_DBG("hci%u", index);
1633 hdev = hci_dev_get(index);
1635 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1637 hci_dev_lock_bh(hdev);
1639 if (!test_bit(HCI_UP, &hdev->flags)) {
1640 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1644 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1650 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1652 mgmt_pending_remove(cmd);
1655 hci_dev_unlock_bh(hdev);
1661 static int stop_discovery(struct sock *sk, u16 index)
1663 struct hci_dev *hdev;
1664 struct pending_cmd *cmd;
1667 BT_DBG("hci%u", index);
1669 hdev = hci_dev_get(index);
1671 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1673 hci_dev_lock_bh(hdev);
1675 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1681 err = hci_cancel_inquiry(hdev);
1683 mgmt_pending_remove(cmd);
1686 hci_dev_unlock_bh(hdev);
1692 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1695 struct hci_dev *hdev;
1696 struct mgmt_cp_block_device *cp = (void *) data;
1699 BT_DBG("hci%u", index);
1701 if (len != sizeof(*cp))
1702 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1705 hdev = hci_dev_get(index);
1707 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1710 hci_dev_lock_bh(hdev);
1712 err = hci_blacklist_add(hdev, &cp->bdaddr);
1714 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1716 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1719 hci_dev_unlock_bh(hdev);
1725 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1728 struct hci_dev *hdev;
1729 struct mgmt_cp_unblock_device *cp = (void *) data;
1732 BT_DBG("hci%u", index);
1734 if (len != sizeof(*cp))
1735 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1738 hdev = hci_dev_get(index);
1740 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1743 hci_dev_lock_bh(hdev);
1745 err = hci_blacklist_del(hdev, &cp->bdaddr);
1748 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1750 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1753 hci_dev_unlock_bh(hdev);
1759 static int set_fast_connectable(struct sock *sk, u16 index,
1760 unsigned char *data, u16 len)
1762 struct hci_dev *hdev;
1763 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1764 struct hci_cp_write_page_scan_activity acp;
1768 BT_DBG("hci%u", index);
1770 if (len != sizeof(*cp))
1771 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1774 hdev = hci_dev_get(index);
1776 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1782 type = PAGE_SCAN_TYPE_INTERLACED;
1783 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1785 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1786 acp.interval = 0x0800; /* default 1.28 sec page scan */
1789 acp.window = 0x0012; /* default 11.25 msec page scan window */
1791 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1794 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1799 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1801 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1806 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1809 hci_dev_unlock(hdev);
1815 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1818 struct mgmt_hdr *hdr;
1819 u16 opcode, index, len;
1822 BT_DBG("got %zu bytes", msglen);
1824 if (msglen < sizeof(*hdr))
1827 buf = kmalloc(msglen, GFP_KERNEL);
1831 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1836 hdr = (struct mgmt_hdr *) buf;
1837 opcode = get_unaligned_le16(&hdr->opcode);
1838 index = get_unaligned_le16(&hdr->index);
1839 len = get_unaligned_le16(&hdr->len);
1841 if (len != msglen - sizeof(*hdr)) {
1847 case MGMT_OP_READ_VERSION:
1848 err = read_version(sk);
1850 case MGMT_OP_READ_INDEX_LIST:
1851 err = read_index_list(sk);
1853 case MGMT_OP_READ_INFO:
1854 err = read_controller_info(sk, index);
1856 case MGMT_OP_SET_POWERED:
1857 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1859 case MGMT_OP_SET_DISCOVERABLE:
1860 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1862 case MGMT_OP_SET_CONNECTABLE:
1863 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1865 case MGMT_OP_SET_PAIRABLE:
1866 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1868 case MGMT_OP_ADD_UUID:
1869 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1871 case MGMT_OP_REMOVE_UUID:
1872 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1874 case MGMT_OP_SET_DEV_CLASS:
1875 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1877 case MGMT_OP_SET_SERVICE_CACHE:
1878 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1880 case MGMT_OP_LOAD_LINK_KEYS:
1881 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1883 case MGMT_OP_REMOVE_KEYS:
1884 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1886 case MGMT_OP_DISCONNECT:
1887 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1889 case MGMT_OP_GET_CONNECTIONS:
1890 err = get_connections(sk, index);
1892 case MGMT_OP_PIN_CODE_REPLY:
1893 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1895 case MGMT_OP_PIN_CODE_NEG_REPLY:
1896 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1898 case MGMT_OP_SET_IO_CAPABILITY:
1899 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1901 case MGMT_OP_PAIR_DEVICE:
1902 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1904 case MGMT_OP_USER_CONFIRM_REPLY:
1905 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1907 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1908 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1910 case MGMT_OP_SET_LOCAL_NAME:
1911 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1913 case MGMT_OP_READ_LOCAL_OOB_DATA:
1914 err = read_local_oob_data(sk, index);
1916 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1917 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1919 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1920 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1923 case MGMT_OP_START_DISCOVERY:
1924 err = start_discovery(sk, index);
1926 case MGMT_OP_STOP_DISCOVERY:
1927 err = stop_discovery(sk, index);
1929 case MGMT_OP_BLOCK_DEVICE:
1930 err = block_device(sk, index, buf + sizeof(*hdr), len);
1932 case MGMT_OP_UNBLOCK_DEVICE:
1933 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1935 case MGMT_OP_SET_FAST_CONNECTABLE:
1936 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1940 BT_DBG("Unknown op %u", opcode);
1941 err = cmd_status(sk, index, opcode, 0x01);
1955 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1959 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1960 mgmt_pending_remove(cmd);
1963 int mgmt_index_added(struct hci_dev *hdev)
1965 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1968 int mgmt_index_removed(struct hci_dev *hdev)
1972 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1974 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
1982 static void mode_rsp(struct pending_cmd *cmd, void *data)
1984 struct mgmt_mode *cp = cmd->param;
1985 struct cmd_lookup *match = data;
1987 if (cp->val != match->val)
1990 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1992 list_del(&cmd->list);
1994 if (match->sk == NULL) {
1995 match->sk = cmd->sk;
1996 sock_hold(match->sk);
1999 mgmt_pending_free(cmd);
2002 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2004 struct mgmt_mode ev;
2005 struct cmd_lookup match = { powered, NULL };
2008 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2011 u8 status = ENETDOWN;
2012 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2017 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2025 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2027 struct mgmt_mode ev;
2028 struct cmd_lookup match = { discoverable, NULL };
2031 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2033 ev.val = discoverable;
2035 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2044 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2046 struct mgmt_mode ev;
2047 struct cmd_lookup match = { connectable, NULL };
2050 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2052 ev.val = connectable;
2054 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2062 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2064 if (scan & SCAN_PAGE)
2065 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2066 cmd_status_rsp, &status);
2068 if (scan & SCAN_INQUIRY)
2069 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2070 cmd_status_rsp, &status);
2075 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2078 struct mgmt_ev_new_link_key ev;
2080 memset(&ev, 0, sizeof(ev));
2082 ev.store_hint = persistent;
2083 bacpy(&ev.key.bdaddr, &key->bdaddr);
2084 ev.key.type = key->type;
2085 memcpy(ev.key.val, key->val, 16);
2086 ev.key.pin_len = key->pin_len;
2088 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2091 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type)
2093 struct mgmt_addr_info ev;
2095 bacpy(&ev.bdaddr, bdaddr);
2096 ev.type = link_to_mgmt(link_type);
2098 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2101 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2103 struct mgmt_cp_disconnect *cp = cmd->param;
2104 struct sock **sk = data;
2105 struct mgmt_rp_disconnect rp;
2107 bacpy(&rp.bdaddr, &cp->bdaddr);
2109 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2114 mgmt_pending_remove(cmd);
2117 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2119 struct mgmt_addr_info ev;
2120 struct sock *sk = NULL;
2123 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2125 bacpy(&ev.bdaddr, bdaddr);
2126 ev.type = link_to_mgmt(type);
2128 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2136 int mgmt_disconnect_failed(struct hci_dev *hdev)
2138 struct pending_cmd *cmd;
2141 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2145 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2147 mgmt_pending_remove(cmd);
2152 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2155 struct mgmt_ev_connect_failed ev;
2157 bacpy(&ev.addr.bdaddr, bdaddr);
2158 ev.addr.type = link_to_mgmt(type);
2161 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2164 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2166 struct mgmt_ev_pin_code_request ev;
2168 bacpy(&ev.bdaddr, bdaddr);
2171 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2175 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2178 struct pending_cmd *cmd;
2179 struct mgmt_rp_pin_code_reply rp;
2182 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2186 bacpy(&rp.bdaddr, bdaddr);
2189 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2192 mgmt_pending_remove(cmd);
2197 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2200 struct pending_cmd *cmd;
2201 struct mgmt_rp_pin_code_reply rp;
2204 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2208 bacpy(&rp.bdaddr, bdaddr);
2211 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2214 mgmt_pending_remove(cmd);
2219 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2220 __le32 value, u8 confirm_hint)
2222 struct mgmt_ev_user_confirm_request ev;
2224 BT_DBG("%s", hdev->name);
2226 bacpy(&ev.bdaddr, bdaddr);
2227 ev.confirm_hint = confirm_hint;
2228 put_unaligned_le32(value, &ev.value);
2230 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2234 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2235 u8 status, u8 opcode)
2237 struct pending_cmd *cmd;
2238 struct mgmt_rp_user_confirm_reply rp;
2241 cmd = mgmt_pending_find(opcode, hdev);
2245 bacpy(&rp.bdaddr, bdaddr);
2247 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2249 mgmt_pending_remove(cmd);
2254 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2257 return confirm_reply_complete(hdev, bdaddr, status,
2258 MGMT_OP_USER_CONFIRM_REPLY);
2261 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2262 bdaddr_t *bdaddr, u8 status)
2264 return confirm_reply_complete(hdev, bdaddr, status,
2265 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2268 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2270 struct mgmt_ev_auth_failed ev;
2272 bacpy(&ev.bdaddr, bdaddr);
2275 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2278 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2280 struct pending_cmd *cmd;
2281 struct mgmt_cp_set_local_name ev;
2284 memset(&ev, 0, sizeof(ev));
2285 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2287 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2292 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2299 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2305 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2306 cmd ? cmd->sk : NULL);
2310 mgmt_pending_remove(cmd);
2314 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2315 u8 *randomizer, u8 status)
2317 struct pending_cmd *cmd;
2320 BT_DBG("%s status %u", hdev->name, status);
2322 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2327 err = cmd_status(cmd->sk, hdev->id,
2328 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2330 struct mgmt_rp_read_local_oob_data rp;
2332 memcpy(rp.hash, hash, sizeof(rp.hash));
2333 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2335 err = cmd_complete(cmd->sk, hdev->id,
2336 MGMT_OP_READ_LOCAL_OOB_DATA,
2340 mgmt_pending_remove(cmd);
2345 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2346 u8 *dev_class, s8 rssi, u8 *eir)
2348 struct mgmt_ev_device_found ev;
2350 memset(&ev, 0, sizeof(ev));
2352 bacpy(&ev.addr.bdaddr, bdaddr);
2353 ev.addr.type = link_to_mgmt(type);
2357 memcpy(ev.eir, eir, sizeof(ev.eir));
2360 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2362 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2365 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2367 struct mgmt_ev_remote_name ev;
2369 memset(&ev, 0, sizeof(ev));
2371 bacpy(&ev.bdaddr, bdaddr);
2372 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2374 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2377 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2379 struct pending_cmd *cmd;
2382 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2386 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2387 mgmt_pending_remove(cmd);
2392 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2394 struct pending_cmd *cmd;
2397 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2399 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2402 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2403 mgmt_pending_remove(cmd);
2406 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2407 sizeof(discovering), NULL);
2410 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2412 struct pending_cmd *cmd;
2413 struct mgmt_ev_device_blocked ev;
2415 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2417 bacpy(&ev.bdaddr, bdaddr);
2419 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2420 cmd ? cmd->sk : NULL);
2423 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2425 struct pending_cmd *cmd;
2426 struct mgmt_ev_device_unblocked ev;
2428 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2430 bacpy(&ev.bdaddr, bdaddr);
2432 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2433 cmd ? cmd->sk : NULL);
projects / karo-tx-linux.git / blob