2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
36 struct list_head list;
44 static LIST_HEAD(cmd_list);
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 err = sock_queue_rcv_skb(sk, skb);
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
81 struct mgmt_ev_cmd_complete *ev;
84 BT_DBG("sock %p", sk);
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
100 memcpy(ev->data, rp, rp_len);
102 err = sock_queue_rcv_skb(sk, skb);
109 static int read_version(struct sock *sk)
111 struct mgmt_rp_read_version rp;
113 BT_DBG("sock %p", sk);
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
122 static int read_index_list(struct sock *sk)
124 struct mgmt_rp_read_index_list *rp;
131 BT_DBG("sock %p", sk);
133 read_lock(&hci_dev_list_lock);
136 list_for_each(p, &hci_dev_list) {
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
143 read_unlock(&hci_dev_list_lock);
147 put_unaligned_le16(count, &rp->num_controllers);
150 list_for_each_entry(d, &hci_dev_list, list) {
151 hci_del_off_timer(d);
153 if (test_bit(HCI_SETUP, &d->flags))
156 put_unaligned_le16(d->id, &rp->index[i++]);
157 BT_DBG("Added hci%u", d->id);
160 read_unlock(&hci_dev_list_lock);
162 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
170 static int read_controller_info(struct sock *sk, u16 index)
172 struct mgmt_rp_read_info rp;
173 struct hci_dev *hdev;
175 BT_DBG("sock %p hci%u", sk, index);
177 hdev = hci_dev_get(index);
179 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
181 hci_del_off_timer(hdev);
183 hci_dev_lock_bh(hdev);
185 set_bit(HCI_MGMT, &hdev->flags);
187 memset(&rp, 0, sizeof(rp));
189 rp.type = hdev->dev_type;
191 rp.powered = test_bit(HCI_UP, &hdev->flags);
192 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
193 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
194 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
196 if (test_bit(HCI_AUTH, &hdev->flags))
198 else if (hdev->ssp_mode > 0)
203 bacpy(&rp.bdaddr, &hdev->bdaddr);
204 memcpy(rp.features, hdev->features, 8);
205 memcpy(rp.dev_class, hdev->dev_class, 3);
206 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
207 rp.hci_ver = hdev->hci_ver;
208 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
210 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
212 hci_dev_unlock_bh(hdev);
215 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
218 static void mgmt_pending_free(struct pending_cmd *cmd)
225 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
226 u16 index, void *data, u16 len)
228 struct pending_cmd *cmd;
230 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
234 cmd->opcode = opcode;
237 cmd->param = kmalloc(len, GFP_ATOMIC);
244 memcpy(cmd->param, data, len);
249 list_add(&cmd->list, &cmd_list);
254 static void mgmt_pending_foreach(u16 opcode, int index,
255 void (*cb)(struct pending_cmd *cmd, void *data),
258 struct list_head *p, *n;
260 list_for_each_safe(p, n, &cmd_list) {
261 struct pending_cmd *cmd;
263 cmd = list_entry(p, struct pending_cmd, list);
265 if (opcode > 0 && cmd->opcode != opcode)
268 if (index >= 0 && cmd->index != index)
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
277 struct pending_cmd *cmd;
279 list_for_each_entry(cmd, &cmd_list, list) {
280 if (cmd->opcode != opcode)
283 if (index >= 0 && cmd->index != index)
292 static void mgmt_pending_remove(struct pending_cmd *cmd)
294 list_del(&cmd->list);
295 mgmt_pending_free(cmd);
298 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
300 struct mgmt_mode *cp;
301 struct hci_dev *hdev;
302 struct pending_cmd *cmd;
307 BT_DBG("request for hci%u", index);
309 if (len != sizeof(*cp))
310 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
312 hdev = hci_dev_get(index);
314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
316 hci_dev_lock_bh(hdev);
318 up = test_bit(HCI_UP, &hdev->flags);
319 if ((cp->val && up) || (!cp->val && !up)) {
320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
324 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
325 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
329 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
336 queue_work(hdev->workqueue, &hdev->power_on);
338 queue_work(hdev->workqueue, &hdev->power_off);
343 hci_dev_unlock_bh(hdev);
348 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
351 struct mgmt_mode *cp;
352 struct hci_dev *hdev;
353 struct pending_cmd *cmd;
359 BT_DBG("request for hci%u", index);
361 if (len != sizeof(*cp))
362 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
364 hdev = hci_dev_get(index);
366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
368 hci_dev_lock_bh(hdev);
370 if (!test_bit(HCI_UP, &hdev->flags)) {
371 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
375 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
376 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
377 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
381 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
382 test_bit(HCI_PSCAN, &hdev->flags)) {
383 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
387 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
396 scan |= SCAN_INQUIRY;
398 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
400 mgmt_pending_remove(cmd);
403 hci_dev_unlock_bh(hdev);
409 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
412 struct mgmt_mode *cp;
413 struct hci_dev *hdev;
414 struct pending_cmd *cmd;
420 BT_DBG("request for hci%u", index);
422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
425 hdev = hci_dev_get(index);
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
429 hci_dev_lock_bh(hdev);
431 if (!test_bit(HCI_UP, &hdev->flags)) {
432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
460 mgmt_pending_remove(cmd);
463 hci_dev_unlock_bh(hdev);
469 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
470 struct sock *skip_sk)
473 struct mgmt_hdr *hdr;
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
483 hdr->index = cpu_to_le16(index);
484 hdr->len = cpu_to_le16(data_len);
487 memcpy(skb_put(skb, data_len), data, data_len);
489 hci_send_to_sock(NULL, skb, skip_sk);
495 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
501 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
504 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
507 struct mgmt_mode *cp, ev;
508 struct hci_dev *hdev;
513 BT_DBG("request for hci%u", index);
515 if (len != sizeof(*cp))
516 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
518 hdev = hci_dev_get(index);
520 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
522 hci_dev_lock_bh(hdev);
525 set_bit(HCI_PAIRABLE, &hdev->flags);
527 clear_bit(HCI_PAIRABLE, &hdev->flags);
529 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
535 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
538 hci_dev_unlock_bh(hdev);
544 #define EIR_FLAGS 0x01 /* flags */
545 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
546 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
547 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
548 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
549 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
550 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
551 #define EIR_NAME_SHORT 0x08 /* shortened local name */
552 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
553 #define EIR_TX_POWER 0x0A /* transmit power level */
554 #define EIR_DEVICE_ID 0x10 /* device ID */
556 #define PNP_INFO_SVCLASS_ID 0x1200
558 static u8 bluetooth_base_uuid[] = {
559 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
560 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
563 static u16 get_uuid16(u8 *uuid128)
568 for (i = 0; i < 12; i++) {
569 if (bluetooth_base_uuid[i] != uuid128[i])
573 memcpy(&val, &uuid128[12], 4);
575 val = le32_to_cpu(val);
582 static void create_eir(struct hci_dev *hdev, u8 *data)
586 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
587 int i, truncated = 0;
588 struct bt_uuid *uuid;
591 name_len = strlen(hdev->dev_name);
597 ptr[1] = EIR_NAME_SHORT;
599 ptr[1] = EIR_NAME_COMPLETE;
601 /* EIR Data length */
602 ptr[0] = name_len + 1;
604 memcpy(ptr + 2, hdev->dev_name, name_len);
606 eir_len += (name_len + 2);
607 ptr += (name_len + 2);
610 memset(uuid16_list, 0, sizeof(uuid16_list));
612 /* Group all UUID16 types */
613 list_for_each_entry(uuid, &hdev->uuids, list) {
616 uuid16 = get_uuid16(uuid->uuid);
623 if (uuid16 == PNP_INFO_SVCLASS_ID)
626 /* Stop if not enough space to put next UUID */
627 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632 /* Check for duplicates */
633 for (i = 0; uuid16_list[i] != 0; i++)
634 if (uuid16_list[i] == uuid16)
637 if (uuid16_list[i] == 0) {
638 uuid16_list[i] = uuid16;
639 eir_len += sizeof(u16);
643 if (uuid16_list[0] != 0) {
647 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652 for (i = 0; uuid16_list[i] != 0; i++) {
653 *ptr++ = (uuid16_list[i] & 0x00ff);
654 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
657 /* EIR Data length */
658 *length = (i * sizeof(u16)) + 1;
662 static int update_eir(struct hci_dev *hdev)
664 struct hci_cp_write_eir cp;
666 if (!(hdev->features[6] & LMP_EXT_INQ))
669 if (hdev->ssp_mode == 0)
672 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
675 memset(&cp, 0, sizeof(cp));
677 create_eir(hdev, cp.data);
679 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
682 memcpy(hdev->eir, cp.data, sizeof(cp.data));
684 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
687 static u8 get_service_classes(struct hci_dev *hdev)
689 struct bt_uuid *uuid;
692 list_for_each_entry(uuid, &hdev->uuids, list)
693 val |= uuid->svc_hint;
698 static int update_class(struct hci_dev *hdev)
702 BT_DBG("%s", hdev->name);
704 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
707 cod[0] = hdev->minor_class;
708 cod[1] = hdev->major_class;
709 cod[2] = get_service_classes(hdev);
711 if (memcmp(cod, hdev->dev_class, 3) == 0)
714 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
717 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
719 struct mgmt_cp_add_uuid *cp;
720 struct hci_dev *hdev;
721 struct bt_uuid *uuid;
726 BT_DBG("request for hci%u", index);
728 if (len != sizeof(*cp))
729 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
731 hdev = hci_dev_get(index);
733 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
735 hci_dev_lock_bh(hdev);
737 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
743 memcpy(uuid->uuid, cp->uuid, 16);
744 uuid->svc_hint = cp->svc_hint;
746 list_add(&uuid->list, &hdev->uuids);
748 err = update_class(hdev);
752 err = update_eir(hdev);
756 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
759 hci_dev_unlock_bh(hdev);
765 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
767 struct list_head *p, *n;
768 struct mgmt_cp_remove_uuid *cp;
769 struct hci_dev *hdev;
770 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
775 BT_DBG("request for hci%u", index);
777 if (len != sizeof(*cp))
778 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
780 hdev = hci_dev_get(index);
782 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
784 hci_dev_lock_bh(hdev);
786 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
787 err = hci_uuids_clear(hdev);
793 list_for_each_safe(p, n, &hdev->uuids) {
794 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
796 if (memcmp(match->uuid, cp->uuid, 16) != 0)
799 list_del(&match->list);
804 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
808 err = update_class(hdev);
812 err = update_eir(hdev);
816 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
819 hci_dev_unlock_bh(hdev);
825 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
828 struct hci_dev *hdev;
829 struct mgmt_cp_set_dev_class *cp;
834 BT_DBG("request for hci%u", index);
836 if (len != sizeof(*cp))
837 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
839 hdev = hci_dev_get(index);
841 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
843 hci_dev_lock_bh(hdev);
845 hdev->major_class = cp->major;
846 hdev->minor_class = cp->minor;
848 err = update_class(hdev);
851 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
853 hci_dev_unlock_bh(hdev);
859 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
862 struct hci_dev *hdev;
863 struct mgmt_cp_set_service_cache *cp;
868 if (len != sizeof(*cp))
869 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
871 hdev = hci_dev_get(index);
873 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
875 hci_dev_lock_bh(hdev);
877 BT_DBG("hci%u enable %d", index, cp->enable);
880 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
883 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
884 err = update_class(hdev);
886 err = update_eir(hdev);
890 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
893 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
896 hci_dev_unlock_bh(hdev);
902 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
904 struct hci_dev *hdev;
905 struct mgmt_cp_load_keys *cp;
906 u16 key_count, expected_len;
911 if (len < sizeof(*cp))
912 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
914 key_count = get_unaligned_le16(&cp->key_count);
916 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
917 if (expected_len != len) {
918 BT_ERR("load_keys: expected %u bytes, got %u bytes",
920 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
923 hdev = hci_dev_get(index);
925 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
927 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
930 hci_dev_lock_bh(hdev);
932 hci_link_keys_clear(hdev);
934 set_bit(HCI_LINK_KEYS, &hdev->flags);
937 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
939 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
941 for (i = 0; i < key_count; i++) {
942 struct mgmt_key_info *key = &cp->keys[i];
944 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
948 hci_dev_unlock_bh(hdev);
954 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
956 struct hci_dev *hdev;
957 struct mgmt_cp_remove_key *cp;
958 struct hci_conn *conn;
963 if (len != sizeof(*cp))
964 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
966 hdev = hci_dev_get(index);
968 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
970 hci_dev_lock_bh(hdev);
972 err = hci_remove_link_key(hdev, &cp->bdaddr);
974 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
980 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
985 struct hci_cp_disconnect dc;
987 put_unaligned_le16(conn->handle, &dc.handle);
988 dc.reason = 0x13; /* Remote User Terminated Connection */
989 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
993 hci_dev_unlock_bh(hdev);
999 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1001 struct hci_dev *hdev;
1002 struct mgmt_cp_disconnect *cp;
1003 struct hci_cp_disconnect dc;
1004 struct pending_cmd *cmd;
1005 struct hci_conn *conn;
1012 if (len != sizeof(*cp))
1013 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1015 hdev = hci_dev_get(index);
1017 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1019 hci_dev_lock_bh(hdev);
1021 if (!test_bit(HCI_UP, &hdev->flags)) {
1022 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1026 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1027 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1031 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1033 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1036 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1040 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1046 put_unaligned_le16(conn->handle, &dc.handle);
1047 dc.reason = 0x13; /* Remote User Terminated Connection */
1049 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1051 mgmt_pending_remove(cmd);
1054 hci_dev_unlock_bh(hdev);
1060 static int get_connections(struct sock *sk, u16 index)
1062 struct mgmt_rp_get_connections *rp;
1063 struct hci_dev *hdev;
1065 struct list_head *p;
1072 hdev = hci_dev_get(index);
1074 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1076 hci_dev_lock_bh(hdev);
1079 list_for_each(p, &hdev->conn_hash.list) {
1083 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1084 rp = kmalloc(rp_len, GFP_ATOMIC);
1090 put_unaligned_le16(count, &rp->conn_count);
1093 list_for_each_entry(c, &hdev->conn_hash.list, list)
1094 bacpy(&rp->conn[i++], &c->dst);
1096 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1100 hci_dev_unlock_bh(hdev);
1105 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1106 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1108 struct pending_cmd *cmd;
1111 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1116 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1119 mgmt_pending_remove(cmd);
1124 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1127 struct hci_dev *hdev;
1128 struct hci_conn *conn;
1129 struct mgmt_cp_pin_code_reply *cp;
1130 struct mgmt_cp_pin_code_neg_reply ncp;
1131 struct hci_cp_pin_code_reply reply;
1132 struct pending_cmd *cmd;
1139 if (len != sizeof(*cp))
1140 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1142 hdev = hci_dev_get(index);
1144 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1146 hci_dev_lock_bh(hdev);
1148 if (!test_bit(HCI_UP, &hdev->flags)) {
1149 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1153 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1155 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1159 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1160 bacpy(&ncp.bdaddr, &cp->bdaddr);
1162 BT_ERR("PIN code is not 16 bytes long");
1164 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1166 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1172 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1178 bacpy(&reply.bdaddr, &cp->bdaddr);
1179 reply.pin_len = cp->pin_len;
1180 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1182 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1184 mgmt_pending_remove(cmd);
1187 hci_dev_unlock_bh(hdev);
1193 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1196 struct hci_dev *hdev;
1197 struct mgmt_cp_pin_code_neg_reply *cp;
1204 if (len != sizeof(*cp))
1205 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1208 hdev = hci_dev_get(index);
1210 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1213 hci_dev_lock_bh(hdev);
1215 if (!test_bit(HCI_UP, &hdev->flags)) {
1216 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1221 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1224 hci_dev_unlock_bh(hdev);
1230 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1233 struct hci_dev *hdev;
1234 struct mgmt_cp_set_io_capability *cp;
1240 if (len != sizeof(*cp))
1241 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1243 hdev = hci_dev_get(index);
1245 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1247 hci_dev_lock_bh(hdev);
1249 hdev->io_capability = cp->io_capability;
1251 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1252 hdev->io_capability);
1254 hci_dev_unlock_bh(hdev);
1257 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1260 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1262 struct hci_dev *hdev = conn->hdev;
1263 struct pending_cmd *cmd;
1265 list_for_each_entry(cmd, &cmd_list, list) {
1266 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1269 if (cmd->index != hdev->id)
1272 if (cmd->user_data != conn)
1281 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1283 struct mgmt_rp_pair_device rp;
1284 struct hci_conn *conn = cmd->user_data;
1286 bacpy(&rp.bdaddr, &conn->dst);
1289 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1291 /* So we don't get further callbacks for this connection */
1292 conn->connect_cfm_cb = NULL;
1293 conn->security_cfm_cb = NULL;
1294 conn->disconn_cfm_cb = NULL;
1298 mgmt_pending_remove(cmd);
1301 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1303 struct pending_cmd *cmd;
1305 BT_DBG("status %u", status);
1307 cmd = find_pairing(conn);
1309 BT_DBG("Unable to find a pending command");
1313 pairing_complete(cmd, status);
1316 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1318 struct hci_dev *hdev;
1319 struct mgmt_cp_pair_device *cp;
1320 struct pending_cmd *cmd;
1321 struct adv_entry *entry;
1322 u8 sec_level, auth_type;
1323 struct hci_conn *conn;
1330 if (len != sizeof(*cp))
1331 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1333 hdev = hci_dev_get(index);
1335 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1337 hci_dev_lock_bh(hdev);
1339 sec_level = BT_SECURITY_MEDIUM;
1340 if (cp->io_cap == 0x03)
1341 auth_type = HCI_AT_DEDICATED_BONDING;
1343 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1345 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1347 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1350 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1354 err = PTR_ERR(conn);
1358 if (conn->connect_cfm_cb) {
1360 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1364 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1371 /* For LE, just connecting isn't a proof that the pairing finished */
1373 conn->connect_cfm_cb = pairing_complete_cb;
1375 conn->security_cfm_cb = pairing_complete_cb;
1376 conn->disconn_cfm_cb = pairing_complete_cb;
1377 conn->io_capability = cp->io_cap;
1378 cmd->user_data = conn;
1380 if (conn->state == BT_CONNECTED &&
1381 hci_conn_security(conn, sec_level, auth_type))
1382 pairing_complete(cmd, 0);
1387 hci_dev_unlock_bh(hdev);
1393 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1394 u16 len, int success)
1396 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1397 u16 mgmt_op, hci_op;
1398 struct pending_cmd *cmd;
1399 struct hci_dev *hdev;
1405 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1406 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1408 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1409 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1412 if (len != sizeof(*cp))
1413 return cmd_status(sk, index, mgmt_op, EINVAL);
1415 hdev = hci_dev_get(index);
1417 return cmd_status(sk, index, mgmt_op, ENODEV);
1419 hci_dev_lock_bh(hdev);
1421 if (!test_bit(HCI_UP, &hdev->flags)) {
1422 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1426 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1432 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1434 mgmt_pending_remove(cmd);
1437 hci_dev_unlock_bh(hdev);
1443 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1446 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1447 struct hci_cp_write_local_name hci_cp;
1448 struct hci_dev *hdev;
1449 struct pending_cmd *cmd;
1454 if (len != sizeof(*mgmt_cp))
1455 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1457 hdev = hci_dev_get(index);
1459 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1461 hci_dev_lock_bh(hdev);
1463 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1469 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1470 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1473 mgmt_pending_remove(cmd);
1476 hci_dev_unlock_bh(hdev);
1482 static int read_local_oob_data(struct sock *sk, u16 index)
1484 struct hci_dev *hdev;
1485 struct pending_cmd *cmd;
1488 BT_DBG("hci%u", index);
1490 hdev = hci_dev_get(index);
1492 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1495 hci_dev_lock_bh(hdev);
1497 if (!test_bit(HCI_UP, &hdev->flags)) {
1498 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1503 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1504 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1509 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1510 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1514 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1520 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1522 mgmt_pending_remove(cmd);
1525 hci_dev_unlock_bh(hdev);
1531 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1534 struct hci_dev *hdev;
1535 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1538 BT_DBG("hci%u ", index);
1540 if (len != sizeof(*cp))
1541 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1544 hdev = hci_dev_get(index);
1546 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1549 hci_dev_lock_bh(hdev);
1551 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1554 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1556 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1559 hci_dev_unlock_bh(hdev);
1565 static int remove_remote_oob_data(struct sock *sk, u16 index,
1566 unsigned char *data, u16 len)
1568 struct hci_dev *hdev;
1569 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1572 BT_DBG("hci%u ", index);
1574 if (len != sizeof(*cp))
1575 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1578 hdev = hci_dev_get(index);
1580 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1583 hci_dev_lock_bh(hdev);
1585 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1587 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1590 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1593 hci_dev_unlock_bh(hdev);
1599 static int start_discovery(struct sock *sk, u16 index)
1601 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1602 struct hci_cp_inquiry cp;
1603 struct pending_cmd *cmd;
1604 struct hci_dev *hdev;
1607 BT_DBG("hci%u", index);
1609 hdev = hci_dev_get(index);
1611 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1613 hci_dev_lock_bh(hdev);
1615 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1621 memset(&cp, 0, sizeof(cp));
1622 memcpy(&cp.lap, lap, 3);
1626 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1628 mgmt_pending_remove(cmd);
1631 hci_dev_unlock_bh(hdev);
1637 static int stop_discovery(struct sock *sk, u16 index)
1639 struct hci_dev *hdev;
1640 struct pending_cmd *cmd;
1643 BT_DBG("hci%u", index);
1645 hdev = hci_dev_get(index);
1647 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1649 hci_dev_lock_bh(hdev);
1651 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1657 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1659 mgmt_pending_remove(cmd);
1662 hci_dev_unlock_bh(hdev);
1668 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1671 struct hci_dev *hdev;
1672 struct pending_cmd *cmd;
1673 struct mgmt_cp_block_device *cp = (void *) data;
1676 BT_DBG("hci%u", index);
1678 if (len != sizeof(*cp))
1679 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1682 hdev = hci_dev_get(index);
1684 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1687 hci_dev_lock_bh(hdev);
1689 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0);
1695 err = hci_blacklist_add(hdev, &cp->bdaddr);
1698 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1700 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1703 mgmt_pending_remove(cmd);
1706 hci_dev_unlock_bh(hdev);
1712 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1715 struct hci_dev *hdev;
1716 struct pending_cmd *cmd;
1717 struct mgmt_cp_unblock_device *cp = (void *) data;
1720 BT_DBG("hci%u", index);
1722 if (len != sizeof(*cp))
1723 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1726 hdev = hci_dev_get(index);
1728 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1731 hci_dev_lock_bh(hdev);
1733 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0);
1739 err = hci_blacklist_del(hdev, &cp->bdaddr);
1742 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1744 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1747 mgmt_pending_remove(cmd);
1750 hci_dev_unlock_bh(hdev);
1756 static int set_fast_connectable(struct sock *sk, u16 index,
1757 unsigned char *data, u16 len)
1759 struct hci_dev *hdev;
1760 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1761 struct hci_cp_write_page_scan_activity acp;
1765 BT_DBG("hci%u", index);
1767 if (len != sizeof(*cp))
1768 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1771 hdev = hci_dev_get(index);
1773 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1779 type = PAGE_SCAN_TYPE_INTERLACED;
1780 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1782 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1783 acp.interval = 0x0800; /* default 1.28 sec page scan */
1786 acp.window = 0x0012; /* default 11.25 msec page scan window */
1788 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1791 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1796 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1798 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1803 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1806 hci_dev_unlock(hdev);
1812 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1815 struct mgmt_hdr *hdr;
1816 u16 opcode, index, len;
1819 BT_DBG("got %zu bytes", msglen);
1821 if (msglen < sizeof(*hdr))
1824 buf = kmalloc(msglen, GFP_KERNEL);
1828 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1833 hdr = (struct mgmt_hdr *) buf;
1834 opcode = get_unaligned_le16(&hdr->opcode);
1835 index = get_unaligned_le16(&hdr->index);
1836 len = get_unaligned_le16(&hdr->len);
1838 if (len != msglen - sizeof(*hdr)) {
1844 case MGMT_OP_READ_VERSION:
1845 err = read_version(sk);
1847 case MGMT_OP_READ_INDEX_LIST:
1848 err = read_index_list(sk);
1850 case MGMT_OP_READ_INFO:
1851 err = read_controller_info(sk, index);
1853 case MGMT_OP_SET_POWERED:
1854 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1856 case MGMT_OP_SET_DISCOVERABLE:
1857 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1859 case MGMT_OP_SET_CONNECTABLE:
1860 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1862 case MGMT_OP_SET_PAIRABLE:
1863 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1865 case MGMT_OP_ADD_UUID:
1866 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1868 case MGMT_OP_REMOVE_UUID:
1869 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1871 case MGMT_OP_SET_DEV_CLASS:
1872 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1874 case MGMT_OP_SET_SERVICE_CACHE:
1875 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1877 case MGMT_OP_LOAD_KEYS:
1878 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1880 case MGMT_OP_REMOVE_KEY:
1881 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1883 case MGMT_OP_DISCONNECT:
1884 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1886 case MGMT_OP_GET_CONNECTIONS:
1887 err = get_connections(sk, index);
1889 case MGMT_OP_PIN_CODE_REPLY:
1890 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1892 case MGMT_OP_PIN_CODE_NEG_REPLY:
1893 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1895 case MGMT_OP_SET_IO_CAPABILITY:
1896 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1898 case MGMT_OP_PAIR_DEVICE:
1899 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1901 case MGMT_OP_USER_CONFIRM_REPLY:
1902 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1904 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1905 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1907 case MGMT_OP_SET_LOCAL_NAME:
1908 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1910 case MGMT_OP_READ_LOCAL_OOB_DATA:
1911 err = read_local_oob_data(sk, index);
1913 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1914 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1916 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1917 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1920 case MGMT_OP_START_DISCOVERY:
1921 err = start_discovery(sk, index);
1923 case MGMT_OP_STOP_DISCOVERY:
1924 err = stop_discovery(sk, index);
1926 case MGMT_OP_BLOCK_DEVICE:
1927 err = block_device(sk, index, buf + sizeof(*hdr), len);
1929 case MGMT_OP_UNBLOCK_DEVICE:
1930 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1932 case MGMT_OP_SET_FAST_CONNECTABLE:
1933 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1937 BT_DBG("Unknown op %u", opcode);
1938 err = cmd_status(sk, index, opcode, 0x01);
1952 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1956 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1957 mgmt_pending_remove(cmd);
1960 int mgmt_index_added(u16 index)
1962 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1965 int mgmt_index_removed(u16 index)
1969 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
1971 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1979 static void mode_rsp(struct pending_cmd *cmd, void *data)
1981 struct mgmt_mode *cp = cmd->param;
1982 struct cmd_lookup *match = data;
1984 if (cp->val != match->val)
1987 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1989 list_del(&cmd->list);
1991 if (match->sk == NULL) {
1992 match->sk = cmd->sk;
1993 sock_hold(match->sk);
1996 mgmt_pending_free(cmd);
1999 int mgmt_powered(u16 index, u8 powered)
2001 struct mgmt_mode ev;
2002 struct cmd_lookup match = { powered, NULL };
2005 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2008 u8 status = ENETDOWN;
2009 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
2014 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2022 int mgmt_discoverable(u16 index, u8 discoverable)
2024 struct mgmt_mode ev;
2025 struct cmd_lookup match = { discoverable, NULL };
2028 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2030 ev.val = discoverable;
2032 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2041 int mgmt_connectable(u16 index, u8 connectable)
2043 struct mgmt_mode ev;
2044 struct cmd_lookup match = { connectable, NULL };
2047 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2049 ev.val = connectable;
2051 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2059 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2061 struct mgmt_ev_new_key ev;
2063 memset(&ev, 0, sizeof(ev));
2065 ev.store_hint = persistent;
2066 bacpy(&ev.key.bdaddr, &key->bdaddr);
2067 ev.key.type = key->type;
2068 memcpy(ev.key.val, key->val, 16);
2069 ev.key.pin_len = key->pin_len;
2071 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2074 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2076 struct mgmt_ev_connected ev;
2078 bacpy(&ev.bdaddr, bdaddr);
2079 ev.link_type = link_type;
2081 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2084 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2086 struct mgmt_cp_disconnect *cp = cmd->param;
2087 struct sock **sk = data;
2088 struct mgmt_rp_disconnect rp;
2090 bacpy(&rp.bdaddr, &cp->bdaddr);
2092 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2097 mgmt_pending_remove(cmd);
2100 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2102 struct mgmt_ev_disconnected ev;
2103 struct sock *sk = NULL;
2106 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2108 bacpy(&ev.bdaddr, bdaddr);
2110 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2118 int mgmt_disconnect_failed(u16 index)
2120 struct pending_cmd *cmd;
2123 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2127 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2129 mgmt_pending_remove(cmd);
2134 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2136 struct mgmt_ev_connect_failed ev;
2138 bacpy(&ev.bdaddr, bdaddr);
2141 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2144 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2146 struct mgmt_ev_pin_code_request ev;
2148 bacpy(&ev.bdaddr, bdaddr);
2151 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2155 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2157 struct pending_cmd *cmd;
2158 struct mgmt_rp_pin_code_reply rp;
2161 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2165 bacpy(&rp.bdaddr, bdaddr);
2168 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2171 mgmt_pending_remove(cmd);
2176 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2178 struct pending_cmd *cmd;
2179 struct mgmt_rp_pin_code_reply rp;
2182 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2186 bacpy(&rp.bdaddr, bdaddr);
2189 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2192 mgmt_pending_remove(cmd);
2197 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2200 struct mgmt_ev_user_confirm_request ev;
2202 BT_DBG("hci%u", index);
2204 bacpy(&ev.bdaddr, bdaddr);
2205 ev.confirm_hint = confirm_hint;
2206 put_unaligned_le32(value, &ev.value);
2208 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2212 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2215 struct pending_cmd *cmd;
2216 struct mgmt_rp_user_confirm_reply rp;
2219 cmd = mgmt_pending_find(opcode, index);
2223 bacpy(&rp.bdaddr, bdaddr);
2225 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2227 mgmt_pending_remove(cmd);
2232 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2234 return confirm_reply_complete(index, bdaddr, status,
2235 MGMT_OP_USER_CONFIRM_REPLY);
2238 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2240 return confirm_reply_complete(index, bdaddr, status,
2241 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2244 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2246 struct mgmt_ev_auth_failed ev;
2248 bacpy(&ev.bdaddr, bdaddr);
2251 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2254 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2256 struct pending_cmd *cmd;
2257 struct hci_dev *hdev;
2258 struct mgmt_cp_set_local_name ev;
2261 memset(&ev, 0, sizeof(ev));
2262 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2264 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2269 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2273 hdev = hci_dev_get(index);
2275 hci_dev_lock_bh(hdev);
2277 hci_dev_unlock_bh(hdev);
2281 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2287 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2288 cmd ? cmd->sk : NULL);
2292 mgmt_pending_remove(cmd);
2296 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2299 struct pending_cmd *cmd;
2302 BT_DBG("hci%u status %u", index, status);
2304 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2309 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2312 struct mgmt_rp_read_local_oob_data rp;
2314 memcpy(rp.hash, hash, sizeof(rp.hash));
2315 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2317 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2321 mgmt_pending_remove(cmd);
2326 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2329 struct mgmt_ev_device_found ev;
2331 memset(&ev, 0, sizeof(ev));
2333 bacpy(&ev.bdaddr, bdaddr);
2337 memcpy(ev.eir, eir, sizeof(ev.eir));
2340 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2342 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2345 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2347 struct mgmt_ev_remote_name ev;
2349 memset(&ev, 0, sizeof(ev));
2351 bacpy(&ev.bdaddr, bdaddr);
2352 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2354 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2357 int mgmt_inquiry_failed(u16 index, u8 status)
2359 struct pending_cmd *cmd;
2362 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2366 err = cmd_status(cmd->sk, index, cmd->opcode, status);
2367 mgmt_pending_remove(cmd);
2372 int mgmt_discovering(u16 index, u8 discovering)
2374 struct pending_cmd *cmd;
2377 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2379 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
2382 cmd_complete(cmd->sk, index, cmd->opcode, NULL, 0);
2383 mgmt_pending_remove(cmd);
2386 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2387 sizeof(discovering), NULL);
2390 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2392 struct pending_cmd *cmd;
2393 struct mgmt_ev_device_blocked ev;
2395 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2397 bacpy(&ev.bdaddr, bdaddr);
2399 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2400 cmd ? cmd->sk : NULL);
2403 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2405 struct pending_cmd *cmd;
2406 struct mgmt_ev_device_unblocked ev;
2408 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2410 bacpy(&ev.bdaddr, bdaddr);
2412 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2413 cmd ? cmd->sk : NULL);
projects / karo-tx-linux.git / blob