2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
36 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
64 ev = (void *) skb_put(skb, sizeof(*ev));
66 put_unaligned_le16(cmd, &ev->opcode);
68 if (sock_queue_rcv_skb(sk, skb) < 0)
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
79 struct mgmt_ev_cmd_complete *ev;
81 BT_DBG("sock %p", sk);
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
97 memcpy(ev->data, rp, rp_len);
99 if (sock_queue_rcv_skb(sk, skb) < 0)
105 static int read_version(struct sock *sk)
107 struct mgmt_rp_read_version rp;
109 BT_DBG("sock %p", sk);
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
118 static int read_index_list(struct sock *sk)
120 struct mgmt_rp_read_index_list *rp;
126 BT_DBG("sock %p", sk);
128 read_lock(&hci_dev_list_lock);
131 list_for_each(p, &hci_dev_list) {
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
138 read_unlock(&hci_dev_list_lock);
142 put_unaligned_le16(count, &rp->num_controllers);
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
148 hci_del_off_timer(d);
150 set_bit(HCI_MGMT, &d->flags);
152 if (test_bit(HCI_SETUP, &d->flags))
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
159 read_unlock(&hci_dev_list_lock);
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
169 static int read_controller_info(struct sock *sk, u16 index)
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
174 BT_DBG("sock %p hci%u", sk, index);
176 hdev = hci_dev_get(index);
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
180 hci_del_off_timer(hdev);
182 hci_dev_lock_bh(hdev);
184 set_bit(HCI_MGMT, &hdev->flags);
186 rp.type = hdev->dev_type;
188 rp.powered = test_bit(HCI_UP, &hdev->flags);
189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
193 if (test_bit(HCI_AUTH, &hdev->flags))
195 else if (hdev->ssp_mode > 0)
200 bacpy(&rp.bdaddr, &hdev->bdaddr);
201 memcpy(rp.features, hdev->features, 8);
202 memcpy(rp.dev_class, hdev->dev_class, 3);
203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
204 rp.hci_ver = hdev->hci_ver;
205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
207 hci_dev_unlock_bh(hdev);
210 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
213 static void mgmt_pending_free(struct pending_cmd *cmd)
220 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
221 u16 index, void *data, u16 len)
223 struct pending_cmd *cmd;
225 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
229 cmd->opcode = opcode;
232 cmd->cmd = kmalloc(len, GFP_ATOMIC);
238 memcpy(cmd->cmd, data, len);
243 list_add(&cmd->list, &cmd_list);
248 static void mgmt_pending_foreach(u16 opcode, int index,
249 void (*cb)(struct pending_cmd *cmd, void *data),
252 struct list_head *p, *n;
254 list_for_each_safe(p, n, &cmd_list) {
255 struct pending_cmd *cmd;
257 cmd = list_entry(p, struct pending_cmd, list);
259 if (cmd->opcode != opcode)
262 if (index >= 0 && cmd->index != index)
269 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
273 list_for_each(p, &cmd_list) {
274 struct pending_cmd *cmd;
276 cmd = list_entry(p, struct pending_cmd, list);
278 if (cmd->opcode != opcode)
281 if (index >= 0 && cmd->index != index)
290 static void mgmt_pending_remove(struct pending_cmd *cmd)
292 list_del(&cmd->list);
293 mgmt_pending_free(cmd);
296 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
298 struct mgmt_mode *cp;
299 struct hci_dev *hdev;
300 struct pending_cmd *cmd;
305 BT_DBG("request for hci%u", index);
307 if (len != sizeof(*cp))
308 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
310 hdev = hci_dev_get(index);
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
314 hci_dev_lock_bh(hdev);
316 up = test_bit(HCI_UP, &hdev->flags);
317 if ((cp->val && up) || (!cp->val && !up)) {
318 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
322 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
334 queue_work(hdev->workqueue, &hdev->power_on);
336 queue_work(hdev->workqueue, &hdev->power_off);
341 hci_dev_unlock_bh(hdev);
346 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
349 struct mgmt_mode *cp;
350 struct hci_dev *hdev;
351 struct pending_cmd *cmd;
357 BT_DBG("request for hci%u", index);
359 if (len != sizeof(*cp))
360 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
362 hdev = hci_dev_get(index);
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
366 hci_dev_lock_bh(hdev);
368 if (!test_bit(HCI_UP, &hdev->flags)) {
369 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
373 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
374 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
379 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
380 test_bit(HCI_PSCAN, &hdev->flags)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
394 scan |= SCAN_INQUIRY;
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
398 mgmt_pending_remove(cmd);
401 hci_dev_unlock_bh(hdev);
407 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
410 struct mgmt_mode *cp;
411 struct hci_dev *hdev;
412 struct pending_cmd *cmd;
418 BT_DBG("request for hci%u", index);
420 if (len != sizeof(*cp))
421 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
423 hdev = hci_dev_get(index);
425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
427 hci_dev_lock_bh(hdev);
429 if (!test_bit(HCI_UP, &hdev->flags)) {
430 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
434 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
435 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
440 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
456 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
458 mgmt_pending_remove(cmd);
461 hci_dev_unlock_bh(hdev);
467 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
468 struct sock *skip_sk)
471 struct mgmt_hdr *hdr;
473 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
477 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
479 hdr = (void *) skb_put(skb, sizeof(*hdr));
480 hdr->opcode = cpu_to_le16(event);
481 hdr->index = cpu_to_le16(index);
482 hdr->len = cpu_to_le16(data_len);
485 memcpy(skb_put(skb, data_len), data, data_len);
487 hci_send_to_sock(NULL, skb, skip_sk);
493 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
502 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
505 struct mgmt_mode *cp, ev;
506 struct hci_dev *hdev;
511 BT_DBG("request for hci%u", index);
513 if (len != sizeof(*cp))
514 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
516 hdev = hci_dev_get(index);
518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
520 hci_dev_lock_bh(hdev);
523 set_bit(HCI_PAIRABLE, &hdev->flags);
525 clear_bit(HCI_PAIRABLE, &hdev->flags);
527 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
536 hci_dev_unlock_bh(hdev);
542 static u8 get_service_classes(struct hci_dev *hdev)
547 list_for_each(p, &hdev->uuids) {
548 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
550 val |= uuid->svc_hint;
556 static int update_class(struct hci_dev *hdev)
560 BT_DBG("%s", hdev->name);
562 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
565 cod[0] = hdev->minor_class;
566 cod[1] = hdev->major_class;
567 cod[2] = get_service_classes(hdev);
569 if (memcmp(cod, hdev->dev_class, 3) == 0)
572 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
575 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
577 struct mgmt_cp_add_uuid *cp;
578 struct hci_dev *hdev;
579 struct bt_uuid *uuid;
584 BT_DBG("request for hci%u", index);
586 if (len != sizeof(*cp))
587 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
589 hdev = hci_dev_get(index);
591 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
593 hci_dev_lock_bh(hdev);
595 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
601 memcpy(uuid->uuid, cp->uuid, 16);
602 uuid->svc_hint = cp->svc_hint;
604 list_add(&uuid->list, &hdev->uuids);
606 err = update_class(hdev);
610 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
613 hci_dev_unlock_bh(hdev);
619 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
621 struct list_head *p, *n;
622 struct mgmt_cp_remove_uuid *cp;
623 struct hci_dev *hdev;
624 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
629 BT_DBG("request for hci%u", index);
631 if (len != sizeof(*cp))
632 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
634 hdev = hci_dev_get(index);
636 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
638 hci_dev_lock_bh(hdev);
640 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
641 err = hci_uuids_clear(hdev);
647 list_for_each_safe(p, n, &hdev->uuids) {
648 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
650 if (memcmp(match->uuid, cp->uuid, 16) != 0)
653 list_del(&match->list);
658 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
662 err = update_class(hdev);
666 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
669 hci_dev_unlock_bh(hdev);
675 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
678 struct hci_dev *hdev;
679 struct mgmt_cp_set_dev_class *cp;
684 BT_DBG("request for hci%u", index);
686 if (len != sizeof(*cp))
687 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
689 hdev = hci_dev_get(index);
691 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
693 hci_dev_lock_bh(hdev);
695 hdev->major_class = cp->major;
696 hdev->minor_class = cp->minor;
698 err = update_class(hdev);
701 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
703 hci_dev_unlock_bh(hdev);
709 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
712 struct hci_dev *hdev;
713 struct mgmt_cp_set_service_cache *cp;
718 if (len != sizeof(*cp))
719 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
722 hdev = hci_dev_get(index);
724 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
726 hci_dev_lock_bh(hdev);
728 BT_DBG("hci%u enable %d", index, cp->enable);
731 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
734 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
735 err = update_class(hdev);
739 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
742 hci_dev_unlock_bh(hdev);
748 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
750 struct hci_dev *hdev;
751 struct mgmt_cp_load_keys *cp;
752 u16 key_count, expected_len;
757 if (len < sizeof(*cp))
760 key_count = get_unaligned_le16(&cp->key_count);
762 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
763 if (expected_len != len) {
764 BT_ERR("load_keys: expected %u bytes, got %u bytes",
769 hdev = hci_dev_get(index);
771 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
773 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
776 hci_dev_lock_bh(hdev);
778 hci_link_keys_clear(hdev);
780 set_bit(HCI_LINK_KEYS, &hdev->flags);
783 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
785 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
787 for (i = 0; i < key_count; i++) {
788 struct mgmt_key_info *key = &cp->keys[i];
790 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type,
794 hci_dev_unlock_bh(hdev);
800 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
802 struct hci_dev *hdev;
803 struct mgmt_cp_remove_key *cp;
804 struct hci_conn *conn;
809 if (len != sizeof(*cp))
810 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
812 hdev = hci_dev_get(index);
814 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
816 hci_dev_lock_bh(hdev);
818 err = hci_remove_link_key(hdev, &cp->bdaddr);
820 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
826 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
829 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
831 struct hci_cp_disconnect dc;
833 put_unaligned_le16(conn->handle, &dc.handle);
834 dc.reason = 0x13; /* Remote User Terminated Connection */
835 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
839 hci_dev_unlock_bh(hdev);
845 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
847 struct hci_dev *hdev;
848 struct mgmt_cp_disconnect *cp;
849 struct hci_cp_disconnect dc;
850 struct pending_cmd *cmd;
851 struct hci_conn *conn;
858 if (len != sizeof(*cp))
859 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
861 hdev = hci_dev_get(index);
863 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
865 hci_dev_lock_bh(hdev);
867 if (!test_bit(HCI_UP, &hdev->flags)) {
868 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
872 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
873 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
879 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
883 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
889 put_unaligned_le16(conn->handle, &dc.handle);
890 dc.reason = 0x13; /* Remote User Terminated Connection */
892 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
894 mgmt_pending_remove(cmd);
897 hci_dev_unlock_bh(hdev);
903 static int get_connections(struct sock *sk, u16 index)
905 struct mgmt_rp_get_connections *rp;
906 struct hci_dev *hdev;
914 hdev = hci_dev_get(index);
916 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
918 hci_dev_lock_bh(hdev);
921 list_for_each(p, &hdev->conn_hash.list) {
925 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
926 rp = kmalloc(rp_len, GFP_ATOMIC);
932 put_unaligned_le16(count, &rp->conn_count);
934 read_lock(&hci_dev_list_lock);
937 list_for_each(p, &hdev->conn_hash.list) {
938 struct hci_conn *c = list_entry(p, struct hci_conn, list);
940 bacpy(&rp->conn[i++], &c->dst);
943 read_unlock(&hci_dev_list_lock);
945 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
949 hci_dev_unlock_bh(hdev);
954 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
957 struct hci_dev *hdev;
958 struct mgmt_cp_pin_code_reply *cp;
959 struct hci_cp_pin_code_reply reply;
960 struct pending_cmd *cmd;
967 if (len != sizeof(*cp))
968 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
970 hdev = hci_dev_get(index);
972 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
974 hci_dev_lock_bh(hdev);
976 if (!test_bit(HCI_UP, &hdev->flags)) {
977 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
981 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
987 bacpy(&reply.bdaddr, &cp->bdaddr);
988 reply.pin_len = cp->pin_len;
989 memcpy(reply.pin_code, cp->pin_code, 16);
991 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
993 mgmt_pending_remove(cmd);
996 hci_dev_unlock_bh(hdev);
1002 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1005 struct hci_dev *hdev;
1006 struct mgmt_cp_pin_code_neg_reply *cp;
1007 struct pending_cmd *cmd;
1014 if (len != sizeof(*cp))
1015 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1018 hdev = hci_dev_get(index);
1020 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1023 hci_dev_lock_bh(hdev);
1025 if (!test_bit(HCI_UP, &hdev->flags)) {
1026 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1031 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1038 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(bdaddr_t),
1041 mgmt_pending_remove(cmd);
1044 hci_dev_unlock_bh(hdev);
1050 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1053 struct hci_dev *hdev;
1054 struct mgmt_cp_set_io_capability *cp;
1060 if (len != sizeof(*cp))
1061 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1064 hdev = hci_dev_get(index);
1066 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1068 hci_dev_lock_bh(hdev);
1070 hdev->io_capability = cp->io_capability;
1072 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1073 hdev->io_capability);
1075 hci_dev_unlock_bh(hdev);
1078 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1081 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1083 struct hci_dev *hdev = conn->hdev;
1084 struct list_head *p;
1086 list_for_each(p, &cmd_list) {
1087 struct pending_cmd *cmd;
1089 cmd = list_entry(p, struct pending_cmd, list);
1091 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1094 if (cmd->index != hdev->id)
1097 if (cmd->user_data != conn)
1106 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1108 struct mgmt_rp_pair_device rp;
1109 struct hci_conn *conn = cmd->user_data;
1111 bacpy(&rp.bdaddr, &conn->dst);
1114 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1116 /* So we don't get further callbacks for this connection */
1117 conn->connect_cfm_cb = NULL;
1118 conn->security_cfm_cb = NULL;
1119 conn->disconn_cfm_cb = NULL;
1123 mgmt_pending_remove(cmd);
1126 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1128 struct pending_cmd *cmd;
1130 BT_DBG("status %u", status);
1132 cmd = find_pairing(conn);
1134 BT_DBG("Unable to find a pending command");
1138 pairing_complete(cmd, status);
1141 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1143 struct hci_dev *hdev;
1144 struct mgmt_cp_pair_device *cp;
1145 struct pending_cmd *cmd;
1146 u8 sec_level, auth_type;
1147 struct hci_conn *conn;
1154 if (len != sizeof(*cp))
1155 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1157 hdev = hci_dev_get(index);
1159 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1161 hci_dev_lock_bh(hdev);
1163 if (cp->io_cap == 0x03) {
1164 sec_level = BT_SECURITY_MEDIUM;
1165 auth_type = HCI_AT_DEDICATED_BONDING;
1167 sec_level = BT_SECURITY_HIGH;
1168 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1171 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1173 err = PTR_ERR(conn);
1177 if (conn->connect_cfm_cb) {
1179 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1183 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1190 conn->connect_cfm_cb = pairing_complete_cb;
1191 conn->security_cfm_cb = pairing_complete_cb;
1192 conn->disconn_cfm_cb = pairing_complete_cb;
1193 conn->io_capability = cp->io_cap;
1194 cmd->user_data = conn;
1196 if (conn->state == BT_CONNECTED &&
1197 hci_conn_security(conn, sec_level, auth_type))
1198 pairing_complete(cmd, 0);
1203 hci_dev_unlock_bh(hdev);
1209 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1210 u16 len, int success)
1212 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1213 u16 mgmt_op, hci_op;
1214 struct pending_cmd *cmd;
1215 struct hci_dev *hdev;
1221 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1222 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1224 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1225 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1228 if (len != sizeof(*cp))
1229 return cmd_status(sk, index, mgmt_op, EINVAL);
1231 hdev = hci_dev_get(index);
1233 return cmd_status(sk, index, mgmt_op, ENODEV);
1235 if (!test_bit(HCI_UP, &hdev->flags)) {
1236 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1240 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1246 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1248 mgmt_pending_remove(cmd);
1251 hci_dev_unlock_bh(hdev);
1257 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1260 struct mgmt_hdr *hdr;
1261 u16 opcode, index, len;
1264 BT_DBG("got %zu bytes", msglen);
1266 if (msglen < sizeof(*hdr))
1269 buf = kmalloc(msglen, GFP_ATOMIC);
1273 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1278 hdr = (struct mgmt_hdr *) buf;
1279 opcode = get_unaligned_le16(&hdr->opcode);
1280 index = get_unaligned_le16(&hdr->index);
1281 len = get_unaligned_le16(&hdr->len);
1283 if (len != msglen - sizeof(*hdr)) {
1289 case MGMT_OP_READ_VERSION:
1290 err = read_version(sk);
1292 case MGMT_OP_READ_INDEX_LIST:
1293 err = read_index_list(sk);
1295 case MGMT_OP_READ_INFO:
1296 err = read_controller_info(sk, index);
1298 case MGMT_OP_SET_POWERED:
1299 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1301 case MGMT_OP_SET_DISCOVERABLE:
1302 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1304 case MGMT_OP_SET_CONNECTABLE:
1305 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1307 case MGMT_OP_SET_PAIRABLE:
1308 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1310 case MGMT_OP_ADD_UUID:
1311 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1313 case MGMT_OP_REMOVE_UUID:
1314 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1316 case MGMT_OP_SET_DEV_CLASS:
1317 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1319 case MGMT_OP_SET_SERVICE_CACHE:
1320 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1322 case MGMT_OP_LOAD_KEYS:
1323 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1325 case MGMT_OP_REMOVE_KEY:
1326 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1328 case MGMT_OP_DISCONNECT:
1329 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1331 case MGMT_OP_GET_CONNECTIONS:
1332 err = get_connections(sk, index);
1334 case MGMT_OP_PIN_CODE_REPLY:
1335 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1337 case MGMT_OP_PIN_CODE_NEG_REPLY:
1338 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1340 case MGMT_OP_SET_IO_CAPABILITY:
1341 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1343 case MGMT_OP_PAIR_DEVICE:
1344 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1346 case MGMT_OP_USER_CONFIRM_REPLY:
1347 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1349 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1350 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1353 BT_DBG("Unknown op %u", opcode);
1354 err = cmd_status(sk, index, opcode, 0x01);
1368 int mgmt_index_added(u16 index)
1370 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1373 int mgmt_index_removed(u16 index)
1375 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1383 static void mode_rsp(struct pending_cmd *cmd, void *data)
1385 struct mgmt_mode *cp = cmd->cmd;
1386 struct cmd_lookup *match = data;
1388 if (cp->val != match->val)
1391 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1393 list_del(&cmd->list);
1395 if (match->sk == NULL) {
1396 match->sk = cmd->sk;
1397 sock_hold(match->sk);
1400 mgmt_pending_free(cmd);
1403 int mgmt_powered(u16 index, u8 powered)
1405 struct mgmt_mode ev;
1406 struct cmd_lookup match = { powered, NULL };
1409 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1413 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1421 int mgmt_discoverable(u16 index, u8 discoverable)
1423 struct mgmt_mode ev;
1424 struct cmd_lookup match = { discoverable, NULL };
1427 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index,
1430 ev.val = discoverable;
1432 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1441 int mgmt_connectable(u16 index, u8 connectable)
1443 struct mgmt_mode ev;
1444 struct cmd_lookup match = { connectable, NULL };
1447 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1449 ev.val = connectable;
1451 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1459 int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
1461 struct mgmt_ev_new_key ev;
1463 memset(&ev, 0, sizeof(ev));
1465 bacpy(&ev.key.bdaddr, &key->bdaddr);
1466 ev.key.type = key->type;
1467 memcpy(ev.key.val, key->val, 16);
1468 ev.key.pin_len = key->pin_len;
1469 ev.old_key_type = old_key_type;
1471 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1474 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1476 struct mgmt_ev_connected ev;
1478 bacpy(&ev.bdaddr, bdaddr);
1480 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1483 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1485 struct mgmt_cp_disconnect *cp = cmd->cmd;
1486 struct sock **sk = data;
1487 struct mgmt_rp_disconnect rp;
1489 bacpy(&rp.bdaddr, &cp->bdaddr);
1491 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1496 mgmt_pending_remove(cmd);
1499 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1501 struct mgmt_ev_disconnected ev;
1502 struct sock *sk = NULL;
1505 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1507 bacpy(&ev.bdaddr, bdaddr);
1509 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1517 int mgmt_disconnect_failed(u16 index)
1519 struct pending_cmd *cmd;
1522 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1526 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1528 mgmt_pending_remove(cmd);
1533 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1535 struct mgmt_ev_connect_failed ev;
1537 bacpy(&ev.bdaddr, bdaddr);
1540 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1543 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr)
1545 struct mgmt_ev_pin_code_request ev;
1547 bacpy(&ev.bdaddr, bdaddr);
1549 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1553 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1555 struct pending_cmd *cmd;
1556 struct mgmt_rp_pin_code_reply rp;
1559 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1563 bacpy(&rp.bdaddr, bdaddr);
1566 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1569 mgmt_pending_remove(cmd);
1574 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1576 struct pending_cmd *cmd;
1577 struct mgmt_rp_pin_code_reply rp;
1580 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1584 bacpy(&rp.bdaddr, bdaddr);
1587 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1590 mgmt_pending_remove(cmd);
1595 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
1597 struct mgmt_ev_user_confirm_request ev;
1599 BT_DBG("hci%u", index);
1601 bacpy(&ev.bdaddr, bdaddr);
1602 put_unaligned_le32(value, &ev.value);
1604 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
1608 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
1611 struct pending_cmd *cmd;
1612 struct mgmt_rp_user_confirm_reply rp;
1615 cmd = mgmt_pending_find(opcode, index);
1619 bacpy(&rp.bdaddr, bdaddr);
1621 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
1623 mgmt_pending_remove(cmd);
1628 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1630 return confirm_reply_complete(index, bdaddr, status,
1631 MGMT_OP_USER_CONFIRM_REPLY);
1634 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr,
1637 return confirm_reply_complete(index, bdaddr, status,
1638 MGMT_OP_USER_CONFIRM_NEG_REPLY);
1641 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1643 struct mgmt_ev_auth_failed ev;
1645 bacpy(&ev.bdaddr, bdaddr);
1648 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);