search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
[linux-btrfs-devel.git] / net / bluetooth / mgmt.c
blob5a94eec06caa900f9bb422b5cd7376076d67c63d
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
34
35 struct pending_cmd {
36 struct list_head list;
37 __u16 opcode;
38 int index;
39 void *param;
40 struct sock *sk;
41 void *user_data;
42 };
43
44 static LIST_HEAD(cmd_list);
45
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47 {
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
51
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
53
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55 if (!skb)
56 return -ENOMEM;
57
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
59
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
63
64 ev = (void *) skb_put(skb, sizeof(*ev));
65 ev->status = status;
66 put_unaligned_le16(cmd, &ev->opcode);
67
68 if (sock_queue_rcv_skb(sk, skb) < 0)
69 kfree_skb(skb);
70
71 return 0;
72 }
73
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75 size_t rp_len)
76 {
77 struct sk_buff *skb;
78 struct mgmt_hdr *hdr;
79 struct mgmt_ev_cmd_complete *ev;
80
81 BT_DBG("sock %p", sk);
82
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
84 if (!skb)
85 return -ENOMEM;
86
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
88
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
92
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
95
96 if (rp)
97 memcpy(ev->data, rp, rp_len);
98
99 if (sock_queue_rcv_skb(sk, skb) < 0)
100 kfree_skb(skb);
101
102 return 0;
103 }
104
105 static int read_version(struct sock *sk)
106 {
107 struct mgmt_rp_read_version rp;
108
109 BT_DBG("sock %p", sk);
110
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115 sizeof(rp));
116 }
117
118 static int read_index_list(struct sock *sk)
119 {
120 struct mgmt_rp_read_index_list *rp;
121 struct list_head *p;
122 size_t rp_len;
123 u16 count;
124 int i, err;
125
126 BT_DBG("sock %p", sk);
127
128 read_lock(&hci_dev_list_lock);
129
130 count = 0;
131 list_for_each(p, &hci_dev_list) {
132 count++;
133 }
134
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
137 if (!rp) {
138 read_unlock(&hci_dev_list_lock);
139 return -ENOMEM;
140 }
141
142 put_unaligned_le16(count, &rp->num_controllers);
143
144 i = 0;
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
147
148 hci_del_off_timer(d);
149
150 set_bit(HCI_MGMT, &d->flags);
151
152 if (test_bit(HCI_SETUP, &d->flags))
153 continue;
154
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
157 }
158
159 read_unlock(&hci_dev_list_lock);
160
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162 rp_len);
163
164 kfree(rp);
165
166 return err;
167 }
168
169 static int read_controller_info(struct sock *sk, u16 index)
170 {
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
173
174 BT_DBG("sock %p hci%u", sk, index);
175
176 hdev = hci_dev_get(index);
177 if (!hdev)
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179
180 hci_del_off_timer(hdev);
181
182 hci_dev_lock_bh(hdev);
183
184 set_bit(HCI_MGMT, &hdev->flags);
185
186 memset(&rp, 0, sizeof(rp));
187
188 rp.type = hdev->dev_type;
189
190 rp.powered = test_bit(HCI_UP, &hdev->flags);
191 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
192 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
193 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
194
195 if (test_bit(HCI_AUTH, &hdev->flags))
196 rp.sec_mode = 3;
197 else if (hdev->ssp_mode > 0)
198 rp.sec_mode = 4;
199 else
200 rp.sec_mode = 2;
201
202 bacpy(&rp.bdaddr, &hdev->bdaddr);
203 memcpy(rp.features, hdev->features, 8);
204 memcpy(rp.dev_class, hdev->dev_class, 3);
205 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
206 rp.hci_ver = hdev->hci_ver;
207 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
208
209 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210
211 hci_dev_unlock_bh(hdev);
212 hci_dev_put(hdev);
213
214 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
215 }
216
217 static void mgmt_pending_free(struct pending_cmd *cmd)
218 {
219 sock_put(cmd->sk);
220 kfree(cmd->param);
221 kfree(cmd);
222 }
223
224 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
225 u16 index, void *data, u16 len)
226 {
227 struct pending_cmd *cmd;
228
229 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
230 if (!cmd)
231 return NULL;
232
233 cmd->opcode = opcode;
234 cmd->index = index;
235
236 cmd->param = kmalloc(len, GFP_ATOMIC);
237 if (!cmd->param) {
238 kfree(cmd);
239 return NULL;
240 }
241
242 if (data)
243 memcpy(cmd->param, data, len);
244
245 cmd->sk = sk;
246 sock_hold(sk);
247
248 list_add(&cmd->list, &cmd_list);
249
250 return cmd;
251 }
252
253 static void mgmt_pending_foreach(u16 opcode, int index,
254 void (*cb)(struct pending_cmd *cmd, void *data),
255 void *data)
256 {
257 struct list_head *p, *n;
258
259 list_for_each_safe(p, n, &cmd_list) {
260 struct pending_cmd *cmd;
261
262 cmd = list_entry(p, struct pending_cmd, list);
263
264 if (cmd->opcode != opcode)
265 continue;
266
267 if (index >= 0 && cmd->index != index)
268 continue;
269
270 cb(cmd, data);
271 }
272 }
273
274 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
275 {
276 struct list_head *p;
277
278 list_for_each(p, &cmd_list) {
279 struct pending_cmd *cmd;
280
281 cmd = list_entry(p, struct pending_cmd, list);
282
283 if (cmd->opcode != opcode)
284 continue;
285
286 if (index >= 0 && cmd->index != index)
287 continue;
288
289 return cmd;
290 }
291
292 return NULL;
293 }
294
295 static void mgmt_pending_remove(struct pending_cmd *cmd)
296 {
297 list_del(&cmd->list);
298 mgmt_pending_free(cmd);
299 }
300
301 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
302 {
303 struct mgmt_mode *cp;
304 struct hci_dev *hdev;
305 struct pending_cmd *cmd;
306 int err, up;
307
308 cp = (void *) data;
309
310 BT_DBG("request for hci%u", index);
311
312 if (len != sizeof(*cp))
313 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314
315 hdev = hci_dev_get(index);
316 if (!hdev)
317 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318
319 hci_dev_lock_bh(hdev);
320
321 up = test_bit(HCI_UP, &hdev->flags);
322 if ((cp->val && up) || (!cp->val && !up)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
324 goto failed;
325 }
326
327 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
328 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
329 goto failed;
330 }
331
332 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
333 if (!cmd) {
334 err = -ENOMEM;
335 goto failed;
336 }
337
338 if (cp->val)
339 queue_work(hdev->workqueue, &hdev->power_on);
340 else
341 queue_work(hdev->workqueue, &hdev->power_off);
342
343 err = 0;
344
345 failed:
346 hci_dev_unlock_bh(hdev);
347 hci_dev_put(hdev);
348 return err;
349 }
350
351 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352 u16 len)
353 {
354 struct mgmt_mode *cp;
355 struct hci_dev *hdev;
356 struct pending_cmd *cmd;
357 u8 scan;
358 int err;
359
360 cp = (void *) data;
361
362 BT_DBG("request for hci%u", index);
363
364 if (len != sizeof(*cp))
365 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366
367 hdev = hci_dev_get(index);
368 if (!hdev)
369 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370
371 hci_dev_lock_bh(hdev);
372
373 if (!test_bit(HCI_UP, &hdev->flags)) {
374 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
375 goto failed;
376 }
377
378 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
379 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
380 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
381 goto failed;
382 }
383
384 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
385 test_bit(HCI_PSCAN, &hdev->flags)) {
386 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
387 goto failed;
388 }
389
390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
391 if (!cmd) {
392 err = -ENOMEM;
393 goto failed;
394 }
395
396 scan = SCAN_PAGE;
397
398 if (cp->val)
399 scan |= SCAN_INQUIRY;
400
401 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
402 if (err < 0)
403 mgmt_pending_remove(cmd);
404
405 failed:
406 hci_dev_unlock_bh(hdev);
407 hci_dev_put(hdev);
408
409 return err;
410 }
411
412 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413 u16 len)
414 {
415 struct mgmt_mode *cp;
416 struct hci_dev *hdev;
417 struct pending_cmd *cmd;
418 u8 scan;
419 int err;
420
421 cp = (void *) data;
422
423 BT_DBG("request for hci%u", index);
424
425 if (len != sizeof(*cp))
426 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
427
428 hdev = hci_dev_get(index);
429 if (!hdev)
430 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
431
432 hci_dev_lock_bh(hdev);
433
434 if (!test_bit(HCI_UP, &hdev->flags)) {
435 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 goto failed;
437 }
438
439 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
440 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 goto failed;
443 }
444
445 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
446 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 goto failed;
448 }
449
450 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
451 if (!cmd) {
452 err = -ENOMEM;
453 goto failed;
454 }
455
456 if (cp->val)
457 scan = SCAN_PAGE;
458 else
459 scan = 0;
460
461 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
462 if (err < 0)
463 mgmt_pending_remove(cmd);
464
465 failed:
466 hci_dev_unlock_bh(hdev);
467 hci_dev_put(hdev);
468
469 return err;
470 }
471
472 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
473 struct sock *skip_sk)
474 {
475 struct sk_buff *skb;
476 struct mgmt_hdr *hdr;
477
478 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 if (!skb)
480 return -ENOMEM;
481
482 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
483
484 hdr = (void *) skb_put(skb, sizeof(*hdr));
485 hdr->opcode = cpu_to_le16(event);
486 hdr->index = cpu_to_le16(index);
487 hdr->len = cpu_to_le16(data_len);
488
489 if (data)
490 memcpy(skb_put(skb, data_len), data, data_len);
491
492 hci_send_to_sock(NULL, skb, skip_sk);
493 kfree_skb(skb);
494
495 return 0;
496 }
497
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 {
500 struct mgmt_mode rp;
501
502 rp.val = val;
503
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
505 }
506
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508 u16 len)
509 {
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
512 int err;
513
514 cp = (void *) data;
515
516 BT_DBG("request for hci%u", index);
517
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
521 hdev = hci_dev_get(index);
522 if (!hdev)
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
524
525 hci_dev_lock_bh(hdev);
526
527 if (cp->val)
528 set_bit(HCI_PAIRABLE, &hdev->flags);
529 else
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533 if (err < 0)
534 goto failed;
535
536 ev.val = cp->val;
537
538 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539
540 failed:
541 hci_dev_unlock_bh(hdev);
542 hci_dev_put(hdev);
543
544 return err;
545 }
546
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
558
559 #define PNP_INFO_SVCLASS_ID 0x1200
560
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564 };
565
566 static u16 get_uuid16(u8 *uuid128)
567 {
568 u32 val;
569 int i;
570
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
573 return 0;
574 }
575
576 memcpy(&val, &uuid128[12], 4);
577
578 val = le32_to_cpu(val);
579 if (val > 0xffff)
580 return 0;
581
582 return (u16) val;
583 }
584
585 static void create_eir(struct hci_dev *hdev, u8 *data)
586 {
587 u8 *ptr = data;
588 u16 eir_len = 0;
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct list_head *p;
592 size_t name_len;
593
594 name_len = strlen(hdev->dev_name);
595
596 if (name_len > 0) {
597 /* EIR Data type */
598 if (name_len > 48) {
599 name_len = 48;
600 ptr[1] = EIR_NAME_SHORT;
601 } else
602 ptr[1] = EIR_NAME_COMPLETE;
603
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
606
607 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
611 }
612
613 memset(uuid16_list, 0, sizeof(uuid16_list));
614
615 /* Group all UUID16 types */
616 list_for_each(p, &hdev->uuids) {
617 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618 u16 uuid16;
619
620 uuid16 = get_uuid16(uuid->uuid);
621 if (uuid16 == 0)
622 return;
623
624 if (uuid16 < 0x1100)
625 continue;
626
627 if (uuid16 == PNP_INFO_SVCLASS_ID)
628 continue;
629
630 /* Stop if not enough space to put next UUID */
631 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632 truncated = 1;
633 break;
634 }
635
636 /* Check for duplicates */
637 for (i = 0; uuid16_list[i] != 0; i++)
638 if (uuid16_list[i] == uuid16)
639 break;
640
641 if (uuid16_list[i] == 0) {
642 uuid16_list[i] = uuid16;
643 eir_len += sizeof(u16);
644 }
645 }
646
647 if (uuid16_list[0] != 0) {
648 u8 *length = ptr;
649
650 /* EIR Data type */
651 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652
653 ptr += 2;
654 eir_len += 2;
655
656 for (i = 0; uuid16_list[i] != 0; i++) {
657 *ptr++ = (uuid16_list[i] & 0x00ff);
658 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659 }
660
661 /* EIR Data length */
662 *length = (i * sizeof(u16)) + 1;
663 }
664 }
665
666 static int update_eir(struct hci_dev *hdev)
667 {
668 struct hci_cp_write_eir cp;
669
670 if (!(hdev->features[6] & LMP_EXT_INQ))
671 return 0;
672
673 if (hdev->ssp_mode == 0)
674 return 0;
675
676 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677 return 0;
678
679 memset(&cp, 0, sizeof(cp));
680
681 create_eir(hdev, cp.data);
682
683 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684 return 0;
685
686 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687
688 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689 }
690
691 static u8 get_service_classes(struct hci_dev *hdev)
692 {
693 struct list_head *p;
694 u8 val = 0;
695
696 list_for_each(p, &hdev->uuids) {
697 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
698
699 val |= uuid->svc_hint;
700 }
701
702 return val;
703 }
704
705 static int update_class(struct hci_dev *hdev)
706 {
707 u8 cod[3];
708
709 BT_DBG("%s", hdev->name);
710
711 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712 return 0;
713
714 cod[0] = hdev->minor_class;
715 cod[1] = hdev->major_class;
716 cod[2] = get_service_classes(hdev);
717
718 if (memcmp(cod, hdev->dev_class, 3) == 0)
719 return 0;
720
721 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722 }
723
724 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
725 {
726 struct mgmt_cp_add_uuid *cp;
727 struct hci_dev *hdev;
728 struct bt_uuid *uuid;
729 int err;
730
731 cp = (void *) data;
732
733 BT_DBG("request for hci%u", index);
734
735 if (len != sizeof(*cp))
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
737
738 hdev = hci_dev_get(index);
739 if (!hdev)
740 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
741
742 hci_dev_lock_bh(hdev);
743
744 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745 if (!uuid) {
746 err = -ENOMEM;
747 goto failed;
748 }
749
750 memcpy(uuid->uuid, cp->uuid, 16);
751 uuid->svc_hint = cp->svc_hint;
752
753 list_add(&uuid->list, &hdev->uuids);
754
755 err = update_class(hdev);
756 if (err < 0)
757 goto failed;
758
759 err = update_eir(hdev);
760 if (err < 0)
761 goto failed;
762
763 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764
765 failed:
766 hci_dev_unlock_bh(hdev);
767 hci_dev_put(hdev);
768
769 return err;
770 }
771
772 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
773 {
774 struct list_head *p, *n;
775 struct mgmt_cp_remove_uuid *cp;
776 struct hci_dev *hdev;
777 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 int err, found;
779
780 cp = (void *) data;
781
782 BT_DBG("request for hci%u", index);
783
784 if (len != sizeof(*cp))
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
786
787 hdev = hci_dev_get(index);
788 if (!hdev)
789 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
790
791 hci_dev_lock_bh(hdev);
792
793 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794 err = hci_uuids_clear(hdev);
795 goto unlock;
796 }
797
798 found = 0;
799
800 list_for_each_safe(p, n, &hdev->uuids) {
801 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
802
803 if (memcmp(match->uuid, cp->uuid, 16) != 0)
804 continue;
805
806 list_del(&match->list);
807 found++;
808 }
809
810 if (found == 0) {
811 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
812 goto unlock;
813 }
814
815 err = update_class(hdev);
816 if (err < 0)
817 goto unlock;
818
819 err = update_eir(hdev);
820 if (err < 0)
821 goto unlock;
822
823 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824
825 unlock:
826 hci_dev_unlock_bh(hdev);
827 hci_dev_put(hdev);
828
829 return err;
830 }
831
832 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833 u16 len)
834 {
835 struct hci_dev *hdev;
836 struct mgmt_cp_set_dev_class *cp;
837 int err;
838
839 cp = (void *) data;
840
841 BT_DBG("request for hci%u", index);
842
843 if (len != sizeof(*cp))
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
845
846 hdev = hci_dev_get(index);
847 if (!hdev)
848 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
849
850 hci_dev_lock_bh(hdev);
851
852 hdev->major_class = cp->major;
853 hdev->minor_class = cp->minor;
854
855 err = update_class(hdev);
856
857 if (err == 0)
858 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
859
860 hci_dev_unlock_bh(hdev);
861 hci_dev_put(hdev);
862
863 return err;
864 }
865
866 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
867 u16 len)
868 {
869 struct hci_dev *hdev;
870 struct mgmt_cp_set_service_cache *cp;
871 int err;
872
873 cp = (void *) data;
874
875 if (len != sizeof(*cp))
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
877
878 hdev = hci_dev_get(index);
879 if (!hdev)
880 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
881
882 hci_dev_lock_bh(hdev);
883
884 BT_DBG("hci%u enable %d", index, cp->enable);
885
886 if (cp->enable) {
887 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888 err = 0;
889 } else {
890 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891 err = update_class(hdev);
892 if (err == 0)
893 err = update_eir(hdev);
894 }
895
896 if (err == 0)
897 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898 0);
899
900 hci_dev_unlock_bh(hdev);
901 hci_dev_put(hdev);
902
903 return err;
904 }
905
906 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
907 {
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_keys *cp;
910 u16 key_count, expected_len;
911 int i;
912
913 cp = (void *) data;
914
915 if (len < sizeof(*cp))
916 return -EINVAL;
917
918 key_count = get_unaligned_le16(&cp->key_count);
919
920 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
921 if (expected_len != len) {
922 BT_ERR("load_keys: expected %u bytes, got %u bytes",
923 len, expected_len);
924 return -EINVAL;
925 }
926
927 hdev = hci_dev_get(index);
928 if (!hdev)
929 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
930
931 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932 key_count);
933
934 hci_dev_lock_bh(hdev);
935
936 hci_link_keys_clear(hdev);
937
938 set_bit(HCI_LINK_KEYS, &hdev->flags);
939
940 if (cp->debug_keys)
941 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
942 else
943 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
944
945 for (i = 0; i < key_count; i++) {
946 struct mgmt_key_info *key = &cp->keys[i];
947
948 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
949 key->pin_len);
950 }
951
952 hci_dev_unlock_bh(hdev);
953 hci_dev_put(hdev);
954
955 return 0;
956 }
957
958 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
959 {
960 struct hci_dev *hdev;
961 struct mgmt_cp_remove_key *cp;
962 struct hci_conn *conn;
963 int err;
964
965 cp = (void *) data;
966
967 if (len != sizeof(*cp))
968 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
969
970 hdev = hci_dev_get(index);
971 if (!hdev)
972 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
973
974 hci_dev_lock_bh(hdev);
975
976 err = hci_remove_link_key(hdev, &cp->bdaddr);
977 if (err < 0) {
978 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
979 goto unlock;
980 }
981
982 err = 0;
983
984 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
985 goto unlock;
986
987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
988 if (conn) {
989 struct hci_cp_disconnect dc;
990
991 put_unaligned_le16(conn->handle, &dc.handle);
992 dc.reason = 0x13; /* Remote User Terminated Connection */
993 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
994 }
995
996 unlock:
997 hci_dev_unlock_bh(hdev);
998 hci_dev_put(hdev);
999
1000 return err;
1001 }
1002
1003 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1004 {
1005 struct hci_dev *hdev;
1006 struct mgmt_cp_disconnect *cp;
1007 struct hci_cp_disconnect dc;
1008 struct pending_cmd *cmd;
1009 struct hci_conn *conn;
1010 int err;
1011
1012 BT_DBG("");
1013
1014 cp = (void *) data;
1015
1016 if (len != sizeof(*cp))
1017 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1018
1019 hdev = hci_dev_get(index);
1020 if (!hdev)
1021 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1022
1023 hci_dev_lock_bh(hdev);
1024
1025 if (!test_bit(HCI_UP, &hdev->flags)) {
1026 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1027 goto failed;
1028 }
1029
1030 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1031 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1032 goto failed;
1033 }
1034
1035 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1036 if (!conn)
1037 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1038
1039 if (!conn) {
1040 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1041 goto failed;
1042 }
1043
1044 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1045 if (!cmd) {
1046 err = -ENOMEM;
1047 goto failed;
1048 }
1049
1050 put_unaligned_le16(conn->handle, &dc.handle);
1051 dc.reason = 0x13; /* Remote User Terminated Connection */
1052
1053 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1054 if (err < 0)
1055 mgmt_pending_remove(cmd);
1056
1057 failed:
1058 hci_dev_unlock_bh(hdev);
1059 hci_dev_put(hdev);
1060
1061 return err;
1062 }
1063
1064 static int get_connections(struct sock *sk, u16 index)
1065 {
1066 struct mgmt_rp_get_connections *rp;
1067 struct hci_dev *hdev;
1068 struct list_head *p;
1069 size_t rp_len;
1070 u16 count;
1071 int i, err;
1072
1073 BT_DBG("");
1074
1075 hdev = hci_dev_get(index);
1076 if (!hdev)
1077 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1078
1079 hci_dev_lock_bh(hdev);
1080
1081 count = 0;
1082 list_for_each(p, &hdev->conn_hash.list) {
1083 count++;
1084 }
1085
1086 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1087 rp = kmalloc(rp_len, GFP_ATOMIC);
1088 if (!rp) {
1089 err = -ENOMEM;
1090 goto unlock;
1091 }
1092
1093 put_unaligned_le16(count, &rp->conn_count);
1094
1095 i = 0;
1096 list_for_each(p, &hdev->conn_hash.list) {
1097 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1098
1099 bacpy(&rp->conn[i++], &c->dst);
1100 }
1101
1102 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1103
1104 unlock:
1105 kfree(rp);
1106 hci_dev_unlock_bh(hdev);
1107 hci_dev_put(hdev);
1108 return err;
1109 }
1110
1111 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1112 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1113 {
1114 struct pending_cmd *cmd;
1115 int err;
1116
1117 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1118 sizeof(*cp));
1119 if (!cmd)
1120 return -ENOMEM;
1121
1122 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1123 &cp->bdaddr);
1124 if (err < 0)
1125 mgmt_pending_remove(cmd);
1126
1127 return err;
1128 }
1129
1130 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1131 u16 len)
1132 {
1133 struct hci_dev *hdev;
1134 struct hci_conn *conn;
1135 struct mgmt_cp_pin_code_reply *cp;
1136 struct mgmt_cp_pin_code_neg_reply ncp;
1137 struct hci_cp_pin_code_reply reply;
1138 struct pending_cmd *cmd;
1139 int err;
1140
1141 BT_DBG("");
1142
1143 cp = (void *) data;
1144
1145 if (len != sizeof(*cp))
1146 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1147
1148 hdev = hci_dev_get(index);
1149 if (!hdev)
1150 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1151
1152 hci_dev_lock_bh(hdev);
1153
1154 if (!test_bit(HCI_UP, &hdev->flags)) {
1155 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1156 goto failed;
1157 }
1158
1159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1160 if (!conn) {
1161 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1162 goto failed;
1163 }
1164
1165 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1166 bacpy(&ncp.bdaddr, &cp->bdaddr);
1167
1168 BT_ERR("PIN code is not 16 bytes long");
1169
1170 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1171 if (err >= 0)
1172 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1173 EINVAL);
1174
1175 goto failed;
1176 }
1177
1178 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1179 if (!cmd) {
1180 err = -ENOMEM;
1181 goto failed;
1182 }
1183
1184 bacpy(&reply.bdaddr, &cp->bdaddr);
1185 reply.pin_len = cp->pin_len;
1186 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1187
1188 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1189 if (err < 0)
1190 mgmt_pending_remove(cmd);
1191
1192 failed:
1193 hci_dev_unlock_bh(hdev);
1194 hci_dev_put(hdev);
1195
1196 return err;
1197 }
1198
1199 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1200 u16 len)
1201 {
1202 struct hci_dev *hdev;
1203 struct mgmt_cp_pin_code_neg_reply *cp;
1204 int err;
1205
1206 BT_DBG("");
1207
1208 cp = (void *) data;
1209
1210 if (len != sizeof(*cp))
1211 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1212 EINVAL);
1213
1214 hdev = hci_dev_get(index);
1215 if (!hdev)
1216 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1217 ENODEV);
1218
1219 hci_dev_lock_bh(hdev);
1220
1221 if (!test_bit(HCI_UP, &hdev->flags)) {
1222 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1223 ENETDOWN);
1224 goto failed;
1225 }
1226
1227 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1228
1229 failed:
1230 hci_dev_unlock_bh(hdev);
1231 hci_dev_put(hdev);
1232
1233 return err;
1234 }
1235
1236 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1237 u16 len)
1238 {
1239 struct hci_dev *hdev;
1240 struct mgmt_cp_set_io_capability *cp;
1241
1242 BT_DBG("");
1243
1244 cp = (void *) data;
1245
1246 if (len != sizeof(*cp))
1247 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1248
1249 hdev = hci_dev_get(index);
1250 if (!hdev)
1251 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1252
1253 hci_dev_lock_bh(hdev);
1254
1255 hdev->io_capability = cp->io_capability;
1256
1257 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1258 hdev->io_capability);
1259
1260 hci_dev_unlock_bh(hdev);
1261 hci_dev_put(hdev);
1262
1263 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1264 }
1265
1266 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1267 {
1268 struct hci_dev *hdev = conn->hdev;
1269 struct list_head *p;
1270
1271 list_for_each(p, &cmd_list) {
1272 struct pending_cmd *cmd;
1273
1274 cmd = list_entry(p, struct pending_cmd, list);
1275
1276 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1277 continue;
1278
1279 if (cmd->index != hdev->id)
1280 continue;
1281
1282 if (cmd->user_data != conn)
1283 continue;
1284
1285 return cmd;
1286 }
1287
1288 return NULL;
1289 }
1290
1291 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1292 {
1293 struct mgmt_rp_pair_device rp;
1294 struct hci_conn *conn = cmd->user_data;
1295
1296 bacpy(&rp.bdaddr, &conn->dst);
1297 rp.status = status;
1298
1299 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1300
1301 /* So we don't get further callbacks for this connection */
1302 conn->connect_cfm_cb = NULL;
1303 conn->security_cfm_cb = NULL;
1304 conn->disconn_cfm_cb = NULL;
1305
1306 hci_conn_put(conn);
1307
1308 mgmt_pending_remove(cmd);
1309 }
1310
1311 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1312 {
1313 struct pending_cmd *cmd;
1314
1315 BT_DBG("status %u", status);
1316
1317 cmd = find_pairing(conn);
1318 if (!cmd) {
1319 BT_DBG("Unable to find a pending command");
1320 return;
1321 }
1322
1323 pairing_complete(cmd, status);
1324 }
1325
1326 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1327 {
1328 struct hci_dev *hdev;
1329 struct mgmt_cp_pair_device *cp;
1330 struct pending_cmd *cmd;
1331 struct adv_entry *entry;
1332 u8 sec_level, auth_type;
1333 struct hci_conn *conn;
1334 int err;
1335
1336 BT_DBG("");
1337
1338 cp = (void *) data;
1339
1340 if (len != sizeof(*cp))
1341 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1342
1343 hdev = hci_dev_get(index);
1344 if (!hdev)
1345 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1346
1347 hci_dev_lock_bh(hdev);
1348
1349 sec_level = BT_SECURITY_MEDIUM;
1350 if (cp->io_cap == 0x03)
1351 auth_type = HCI_AT_DEDICATED_BONDING;
1352 else
1353 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1354
1355 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1356 if (entry)
1357 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1358 auth_type);
1359 else
1360 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1361 auth_type);
1362
1363 if (IS_ERR(conn)) {
1364 err = PTR_ERR(conn);
1365 goto unlock;
1366 }
1367
1368 if (conn->connect_cfm_cb) {
1369 hci_conn_put(conn);
1370 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1371 goto unlock;
1372 }
1373
1374 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1375 if (!cmd) {
1376 err = -ENOMEM;
1377 hci_conn_put(conn);
1378 goto unlock;
1379 }
1380
1381 /* For LE, just connecting isn't a proof that the pairing finished */
1382 if (!entry)
1383 conn->connect_cfm_cb = pairing_complete_cb;
1384
1385 conn->security_cfm_cb = pairing_complete_cb;
1386 conn->disconn_cfm_cb = pairing_complete_cb;
1387 conn->io_capability = cp->io_cap;
1388 cmd->user_data = conn;
1389
1390 if (conn->state == BT_CONNECTED &&
1391 hci_conn_security(conn, sec_level, auth_type))
1392 pairing_complete(cmd, 0);
1393
1394 err = 0;
1395
1396 unlock:
1397 hci_dev_unlock_bh(hdev);
1398 hci_dev_put(hdev);
1399
1400 return err;
1401 }
1402
1403 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1404 u16 len, int success)
1405 {
1406 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1407 u16 mgmt_op, hci_op;
1408 struct pending_cmd *cmd;
1409 struct hci_dev *hdev;
1410 int err;
1411
1412 BT_DBG("");
1413
1414 if (success) {
1415 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1416 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1417 } else {
1418 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1419 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1420 }
1421
1422 if (len != sizeof(*cp))
1423 return cmd_status(sk, index, mgmt_op, EINVAL);
1424
1425 hdev = hci_dev_get(index);
1426 if (!hdev)
1427 return cmd_status(sk, index, mgmt_op, ENODEV);
1428
1429 hci_dev_lock_bh(hdev);
1430
1431 if (!test_bit(HCI_UP, &hdev->flags)) {
1432 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1433 goto failed;
1434 }
1435
1436 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1437 if (!cmd) {
1438 err = -ENOMEM;
1439 goto failed;
1440 }
1441
1442 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1443 if (err < 0)
1444 mgmt_pending_remove(cmd);
1445
1446 failed:
1447 hci_dev_unlock_bh(hdev);
1448 hci_dev_put(hdev);
1449
1450 return err;
1451 }
1452
1453 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1454 u16 len)
1455 {
1456 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1457 struct hci_cp_write_local_name hci_cp;
1458 struct hci_dev *hdev;
1459 struct pending_cmd *cmd;
1460 int err;
1461
1462 BT_DBG("");
1463
1464 if (len != sizeof(*mgmt_cp))
1465 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1466
1467 hdev = hci_dev_get(index);
1468 if (!hdev)
1469 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1470
1471 hci_dev_lock_bh(hdev);
1472
1473 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1474 if (!cmd) {
1475 err = -ENOMEM;
1476 goto failed;
1477 }
1478
1479 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1480 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1481 &hci_cp);
1482 if (err < 0)
1483 mgmt_pending_remove(cmd);
1484
1485 failed:
1486 hci_dev_unlock_bh(hdev);
1487 hci_dev_put(hdev);
1488
1489 return err;
1490 }
1491
1492 static int read_local_oob_data(struct sock *sk, u16 index)
1493 {
1494 struct hci_dev *hdev;
1495 struct pending_cmd *cmd;
1496 int err;
1497
1498 BT_DBG("hci%u", index);
1499
1500 hdev = hci_dev_get(index);
1501 if (!hdev)
1502 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1503 ENODEV);
1504
1505 hci_dev_lock_bh(hdev);
1506
1507 if (!test_bit(HCI_UP, &hdev->flags)) {
1508 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1509 ENETDOWN);
1510 goto unlock;
1511 }
1512
1513 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1514 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1515 EOPNOTSUPP);
1516 goto unlock;
1517 }
1518
1519 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1520 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1521 goto unlock;
1522 }
1523
1524 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1525 if (!cmd) {
1526 err = -ENOMEM;
1527 goto unlock;
1528 }
1529
1530 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1531 if (err < 0)
1532 mgmt_pending_remove(cmd);
1533
1534 unlock:
1535 hci_dev_unlock_bh(hdev);
1536 hci_dev_put(hdev);
1537
1538 return err;
1539 }
1540
1541 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1542 u16 len)
1543 {
1544 struct hci_dev *hdev;
1545 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1546 int err;
1547
1548 BT_DBG("hci%u ", index);
1549
1550 if (len != sizeof(*cp))
1551 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1552 EINVAL);
1553
1554 hdev = hci_dev_get(index);
1555 if (!hdev)
1556 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1557 ENODEV);
1558
1559 hci_dev_lock_bh(hdev);
1560
1561 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1562 cp->randomizer);
1563 if (err < 0)
1564 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1565 else
1566 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1567 0);
1568
1569 hci_dev_unlock_bh(hdev);
1570 hci_dev_put(hdev);
1571
1572 return err;
1573 }
1574
1575 static int remove_remote_oob_data(struct sock *sk, u16 index,
1576 unsigned char *data, u16 len)
1577 {
1578 struct hci_dev *hdev;
1579 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1580 int err;
1581
1582 BT_DBG("hci%u ", index);
1583
1584 if (len != sizeof(*cp))
1585 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1586 EINVAL);
1587
1588 hdev = hci_dev_get(index);
1589 if (!hdev)
1590 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1591 ENODEV);
1592
1593 hci_dev_lock_bh(hdev);
1594
1595 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1596 if (err < 0)
1597 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1598 -err);
1599 else
1600 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1601 NULL, 0);
1602
1603 hci_dev_unlock_bh(hdev);
1604 hci_dev_put(hdev);
1605
1606 return err;
1607 }
1608
1609 static int start_discovery(struct sock *sk, u16 index)
1610 {
1611 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1612 struct hci_cp_inquiry cp;
1613 struct pending_cmd *cmd;
1614 struct hci_dev *hdev;
1615 int err;
1616
1617 BT_DBG("hci%u", index);
1618
1619 hdev = hci_dev_get(index);
1620 if (!hdev)
1621 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1622
1623 hci_dev_lock_bh(hdev);
1624
1625 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1626 if (!cmd) {
1627 err = -ENOMEM;
1628 goto failed;
1629 }
1630
1631 memset(&cp, 0, sizeof(cp));
1632 memcpy(&cp.lap, lap, 3);
1633 cp.length = 0x08;
1634 cp.num_rsp = 0x00;
1635
1636 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1637 if (err < 0)
1638 mgmt_pending_remove(cmd);
1639
1640 failed:
1641 hci_dev_unlock_bh(hdev);
1642 hci_dev_put(hdev);
1643
1644 return err;
1645 }
1646
1647 static int stop_discovery(struct sock *sk, u16 index)
1648 {
1649 struct hci_dev *hdev;
1650 struct pending_cmd *cmd;
1651 int err;
1652
1653 BT_DBG("hci%u", index);
1654
1655 hdev = hci_dev_get(index);
1656 if (!hdev)
1657 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1658
1659 hci_dev_lock_bh(hdev);
1660
1661 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1662 if (!cmd) {
1663 err = -ENOMEM;
1664 goto failed;
1665 }
1666
1667 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1668 if (err < 0)
1669 mgmt_pending_remove(cmd);
1670
1671 failed:
1672 hci_dev_unlock_bh(hdev);
1673 hci_dev_put(hdev);
1674
1675 return err;
1676 }
1677
1678 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1679 u16 len)
1680 {
1681 struct hci_dev *hdev;
1682 struct pending_cmd *cmd;
1683 struct mgmt_cp_block_device *cp = (void *) data;
1684 int err;
1685
1686 BT_DBG("hci%u", index);
1687
1688 if (len != sizeof(*cp))
1689 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1690 EINVAL);
1691
1692 hdev = hci_dev_get(index);
1693 if (!hdev)
1694 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1695 ENODEV);
1696
1697 hci_dev_lock_bh(hdev);
1698
1699 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0);
1700 if (!cmd) {
1701 err = -ENOMEM;
1702 goto failed;
1703 }
1704
1705 err = hci_blacklist_add(hdev, &cp->bdaddr);
1706
1707 if (err < 0)
1708 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1709 else
1710 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1711 NULL, 0);
1712
1713 mgmt_pending_remove(cmd);
1714
1715 failed:
1716 hci_dev_unlock_bh(hdev);
1717 hci_dev_put(hdev);
1718
1719 return err;
1720 }
1721
1722 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1723 u16 len)
1724 {
1725 struct hci_dev *hdev;
1726 struct pending_cmd *cmd;
1727 struct mgmt_cp_unblock_device *cp = (void *) data;
1728 int err;
1729
1730 BT_DBG("hci%u", index);
1731
1732 if (len != sizeof(*cp))
1733 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1734 EINVAL);
1735
1736 hdev = hci_dev_get(index);
1737 if (!hdev)
1738 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1739 ENODEV);
1740
1741 hci_dev_lock_bh(hdev);
1742
1743 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0);
1744 if (!cmd) {
1745 err = -ENOMEM;
1746 goto failed;
1747 }
1748
1749 err = hci_blacklist_del(hdev, &cp->bdaddr);
1750
1751 if (err < 0)
1752 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1753 else
1754 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1755 NULL, 0);
1756
1757 mgmt_pending_remove(cmd);
1758
1759 failed:
1760 hci_dev_unlock_bh(hdev);
1761 hci_dev_put(hdev);
1762
1763 return err;
1764 }
1765
1766 static int set_fast_connectable(struct sock *sk, u16 index,
1767 unsigned char *data, u16 len)
1768 {
1769 struct hci_dev *hdev;
1770 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1771 struct hci_cp_write_page_scan_activity acp;
1772 u8 type;
1773 int err;
1774
1775 BT_DBG("hci%u", index);
1776
1777 if (len != sizeof(*cp))
1778 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1779 EINVAL);
1780
1781 hdev = hci_dev_get(index);
1782 if (!hdev)
1783 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1784 ENODEV);
1785
1786 hci_dev_lock(hdev);
1787
1788 if (cp->enable) {
1789 type = PAGE_SCAN_TYPE_INTERLACED;
1790 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1791 } else {
1792 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1793 acp.interval = 0x0800; /* default 1.28 sec page scan */
1794 }
1795
1796 acp.window = 0x0012; /* default 11.25 msec page scan window */
1797
1798 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1799 sizeof(acp), &acp);
1800 if (err < 0) {
1801 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1802 -err);
1803 goto done;
1804 }
1805
1806 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1807 if (err < 0) {
1808 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1809 -err);
1810 goto done;
1811 }
1812
1813 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1814 NULL, 0);
1815 done:
1816 hci_dev_unlock(hdev);
1817 hci_dev_put(hdev);
1818
1819 return err;
1820 }
1821
1822 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1823 {
1824 unsigned char *buf;
1825 struct mgmt_hdr *hdr;
1826 u16 opcode, index, len;
1827 int err;
1828
1829 BT_DBG("got %zu bytes", msglen);
1830
1831 if (msglen < sizeof(*hdr))
1832 return -EINVAL;
1833
1834 buf = kmalloc(msglen, GFP_KERNEL);
1835 if (!buf)
1836 return -ENOMEM;
1837
1838 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1839 err = -EFAULT;
1840 goto done;
1841 }
1842
1843 hdr = (struct mgmt_hdr *) buf;
1844 opcode = get_unaligned_le16(&hdr->opcode);
1845 index = get_unaligned_le16(&hdr->index);
1846 len = get_unaligned_le16(&hdr->len);
1847
1848 if (len != msglen - sizeof(*hdr)) {
1849 err = -EINVAL;
1850 goto done;
1851 }
1852
1853 switch (opcode) {
1854 case MGMT_OP_READ_VERSION:
1855 err = read_version(sk);
1856 break;
1857 case MGMT_OP_READ_INDEX_LIST:
1858 err = read_index_list(sk);
1859 break;
1860 case MGMT_OP_READ_INFO:
1861 err = read_controller_info(sk, index);
1862 break;
1863 case MGMT_OP_SET_POWERED:
1864 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1865 break;
1866 case MGMT_OP_SET_DISCOVERABLE:
1867 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1868 break;
1869 case MGMT_OP_SET_CONNECTABLE:
1870 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1871 break;
1872 case MGMT_OP_SET_PAIRABLE:
1873 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1874 break;
1875 case MGMT_OP_ADD_UUID:
1876 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1877 break;
1878 case MGMT_OP_REMOVE_UUID:
1879 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1880 break;
1881 case MGMT_OP_SET_DEV_CLASS:
1882 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1883 break;
1884 case MGMT_OP_SET_SERVICE_CACHE:
1885 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1886 break;
1887 case MGMT_OP_LOAD_KEYS:
1888 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1889 break;
1890 case MGMT_OP_REMOVE_KEY:
1891 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1892 break;
1893 case MGMT_OP_DISCONNECT:
1894 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1895 break;
1896 case MGMT_OP_GET_CONNECTIONS:
1897 err = get_connections(sk, index);
1898 break;
1899 case MGMT_OP_PIN_CODE_REPLY:
1900 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1901 break;
1902 case MGMT_OP_PIN_CODE_NEG_REPLY:
1903 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1904 break;
1905 case MGMT_OP_SET_IO_CAPABILITY:
1906 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1907 break;
1908 case MGMT_OP_PAIR_DEVICE:
1909 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1910 break;
1911 case MGMT_OP_USER_CONFIRM_REPLY:
1912 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1913 break;
1914 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1915 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1916 break;
1917 case MGMT_OP_SET_LOCAL_NAME:
1918 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1919 break;
1920 case MGMT_OP_READ_LOCAL_OOB_DATA:
1921 err = read_local_oob_data(sk, index);
1922 break;
1923 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1924 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1925 break;
1926 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1927 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1928 len);
1929 break;
1930 case MGMT_OP_START_DISCOVERY:
1931 err = start_discovery(sk, index);
1932 break;
1933 case MGMT_OP_STOP_DISCOVERY:
1934 err = stop_discovery(sk, index);
1935 break;
1936 case MGMT_OP_BLOCK_DEVICE:
1937 err = block_device(sk, index, buf + sizeof(*hdr), len);
1938 break;
1939 case MGMT_OP_UNBLOCK_DEVICE:
1940 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1941 break;
1942 case MGMT_OP_SET_FAST_CONNECTABLE:
1943 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1944 len);
1945 break;
1946 default:
1947 BT_DBG("Unknown op %u", opcode);
1948 err = cmd_status(sk, index, opcode, 0x01);
1949 break;
1950 }
1951
1952 if (err < 0)
1953 goto done;
1954
1955 err = msglen;
1956
1957 done:
1958 kfree(buf);
1959 return err;
1960 }
1961
1962 int mgmt_index_added(u16 index)
1963 {
1964 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1965 }
1966
1967 int mgmt_index_removed(u16 index)
1968 {
1969 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1970 }
1971
1972 struct cmd_lookup {
1973 u8 val;
1974 struct sock *sk;
1975 };
1976
1977 static void mode_rsp(struct pending_cmd *cmd, void *data)
1978 {
1979 struct mgmt_mode *cp = cmd->param;
1980 struct cmd_lookup *match = data;
1981
1982 if (cp->val != match->val)
1983 return;
1984
1985 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1986
1987 list_del(&cmd->list);
1988
1989 if (match->sk == NULL) {
1990 match->sk = cmd->sk;
1991 sock_hold(match->sk);
1992 }
1993
1994 mgmt_pending_free(cmd);
1995 }
1996
1997 int mgmt_powered(u16 index, u8 powered)
1998 {
1999 struct mgmt_mode ev;
2000 struct cmd_lookup match = { powered, NULL };
2001 int ret;
2002
2003 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2004
2005 ev.val = powered;
2006
2007 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2008
2009 if (match.sk)
2010 sock_put(match.sk);
2011
2012 return ret;
2013 }
2014
2015 int mgmt_discoverable(u16 index, u8 discoverable)
2016 {
2017 struct mgmt_mode ev;
2018 struct cmd_lookup match = { discoverable, NULL };
2019 int ret;
2020
2021 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2022
2023 ev.val = discoverable;
2024
2025 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2026 match.sk);
2027
2028 if (match.sk)
2029 sock_put(match.sk);
2030
2031 return ret;
2032 }
2033
2034 int mgmt_connectable(u16 index, u8 connectable)
2035 {
2036 struct mgmt_mode ev;
2037 struct cmd_lookup match = { connectable, NULL };
2038 int ret;
2039
2040 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2041
2042 ev.val = connectable;
2043
2044 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2045
2046 if (match.sk)
2047 sock_put(match.sk);
2048
2049 return ret;
2050 }
2051
2052 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2053 {
2054 struct mgmt_ev_new_key ev;
2055
2056 memset(&ev, 0, sizeof(ev));
2057
2058 ev.store_hint = persistent;
2059 bacpy(&ev.key.bdaddr, &key->bdaddr);
2060 ev.key.type = key->type;
2061 memcpy(ev.key.val, key->val, 16);
2062 ev.key.pin_len = key->pin_len;
2063
2064 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2065 }
2066
2067 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2068 {
2069 struct mgmt_ev_connected ev;
2070
2071 bacpy(&ev.bdaddr, bdaddr);
2072 ev.link_type = link_type;
2073
2074 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2075 }
2076
2077 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2078 {
2079 struct mgmt_cp_disconnect *cp = cmd->param;
2080 struct sock **sk = data;
2081 struct mgmt_rp_disconnect rp;
2082
2083 bacpy(&rp.bdaddr, &cp->bdaddr);
2084
2085 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2086
2087 *sk = cmd->sk;
2088 sock_hold(*sk);
2089
2090 mgmt_pending_remove(cmd);
2091 }
2092
2093 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2094 {
2095 struct mgmt_ev_disconnected ev;
2096 struct sock *sk = NULL;
2097 int err;
2098
2099 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2100
2101 bacpy(&ev.bdaddr, bdaddr);
2102
2103 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2104
2105 if (sk)
2106 sock_put(sk);
2107
2108 return err;
2109 }
2110
2111 int mgmt_disconnect_failed(u16 index)
2112 {
2113 struct pending_cmd *cmd;
2114 int err;
2115
2116 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2117 if (!cmd)
2118 return -ENOENT;
2119
2120 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2121
2122 mgmt_pending_remove(cmd);
2123
2124 return err;
2125 }
2126
2127 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2128 {
2129 struct mgmt_ev_connect_failed ev;
2130
2131 bacpy(&ev.bdaddr, bdaddr);
2132 ev.status = status;
2133
2134 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2135 }
2136
2137 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2138 {
2139 struct mgmt_ev_pin_code_request ev;
2140
2141 bacpy(&ev.bdaddr, bdaddr);
2142 ev.secure = secure;
2143
2144 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2145 NULL);
2146 }
2147
2148 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2149 {
2150 struct pending_cmd *cmd;
2151 struct mgmt_rp_pin_code_reply rp;
2152 int err;
2153
2154 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2155 if (!cmd)
2156 return -ENOENT;
2157
2158 bacpy(&rp.bdaddr, bdaddr);
2159 rp.status = status;
2160
2161 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2162 sizeof(rp));
2163
2164 mgmt_pending_remove(cmd);
2165
2166 return err;
2167 }
2168
2169 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2170 {
2171 struct pending_cmd *cmd;
2172 struct mgmt_rp_pin_code_reply rp;
2173 int err;
2174
2175 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2176 if (!cmd)
2177 return -ENOENT;
2178
2179 bacpy(&rp.bdaddr, bdaddr);
2180 rp.status = status;
2181
2182 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2183 sizeof(rp));
2184
2185 mgmt_pending_remove(cmd);
2186
2187 return err;
2188 }
2189
2190 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2191 u8 confirm_hint)
2192 {
2193 struct mgmt_ev_user_confirm_request ev;
2194
2195 BT_DBG("hci%u", index);
2196
2197 bacpy(&ev.bdaddr, bdaddr);
2198 ev.confirm_hint = confirm_hint;
2199 put_unaligned_le32(value, &ev.value);
2200
2201 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2202 NULL);
2203 }
2204
2205 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2206 u8 opcode)
2207 {
2208 struct pending_cmd *cmd;
2209 struct mgmt_rp_user_confirm_reply rp;
2210 int err;
2211
2212 cmd = mgmt_pending_find(opcode, index);
2213 if (!cmd)
2214 return -ENOENT;
2215
2216 bacpy(&rp.bdaddr, bdaddr);
2217 rp.status = status;
2218 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2219
2220 mgmt_pending_remove(cmd);
2221
2222 return err;
2223 }
2224
2225 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2226 {
2227 return confirm_reply_complete(index, bdaddr, status,
2228 MGMT_OP_USER_CONFIRM_REPLY);
2229 }
2230
2231 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2232 {
2233 return confirm_reply_complete(index, bdaddr, status,
2234 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2235 }
2236
2237 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2238 {
2239 struct mgmt_ev_auth_failed ev;
2240
2241 bacpy(&ev.bdaddr, bdaddr);
2242 ev.status = status;
2243
2244 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2245 }
2246
2247 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2248 {
2249 struct pending_cmd *cmd;
2250 struct hci_dev *hdev;
2251 struct mgmt_cp_set_local_name ev;
2252 int err;
2253
2254 memset(&ev, 0, sizeof(ev));
2255 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2256
2257 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2258 if (!cmd)
2259 goto send_event;
2260
2261 if (status) {
2262 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2263 goto failed;
2264 }
2265
2266 hdev = hci_dev_get(index);
2267 if (hdev) {
2268 hci_dev_lock_bh(hdev);
2269 update_eir(hdev);
2270 hci_dev_unlock_bh(hdev);
2271 hci_dev_put(hdev);
2272 }
2273
2274 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2275 sizeof(ev));
2276 if (err < 0)
2277 goto failed;
2278
2279 send_event:
2280 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2281 cmd ? cmd->sk : NULL);
2282
2283 failed:
2284 if (cmd)
2285 mgmt_pending_remove(cmd);
2286 return err;
2287 }
2288
2289 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2290 u8 status)
2291 {
2292 struct pending_cmd *cmd;
2293 int err;
2294
2295 BT_DBG("hci%u status %u", index, status);
2296
2297 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2298 if (!cmd)
2299 return -ENOENT;
2300
2301 if (status) {
2302 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2303 EIO);
2304 } else {
2305 struct mgmt_rp_read_local_oob_data rp;
2306
2307 memcpy(rp.hash, hash, sizeof(rp.hash));
2308 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2309
2310 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2311 &rp, sizeof(rp));
2312 }
2313
2314 mgmt_pending_remove(cmd);
2315
2316 return err;
2317 }
2318
2319 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2320 u8 *eir)
2321 {
2322 struct mgmt_ev_device_found ev;
2323
2324 memset(&ev, 0, sizeof(ev));
2325
2326 bacpy(&ev.bdaddr, bdaddr);
2327 ev.rssi = rssi;
2328
2329 if (eir)
2330 memcpy(ev.eir, eir, sizeof(ev.eir));
2331
2332 if (dev_class)
2333 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2334
2335 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2336 }
2337
2338 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2339 {
2340 struct mgmt_ev_remote_name ev;
2341
2342 memset(&ev, 0, sizeof(ev));
2343
2344 bacpy(&ev.bdaddr, bdaddr);
2345 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2346
2347 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2348 }
2349
2350 int mgmt_discovering(u16 index, u8 discovering)
2351 {
2352 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2353 sizeof(discovering), NULL);
2354 }
2355
2356 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2357 {
2358 struct pending_cmd *cmd;
2359 struct mgmt_ev_device_blocked ev;
2360
2361 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2362
2363 bacpy(&ev.bdaddr, bdaddr);
2364
2365 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2366 cmd ? cmd->sk : NULL);
2367 }
2368
2369 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2370 {
2371 struct pending_cmd *cmd;
2372 struct mgmt_ev_device_unblocked ev;
2373
2374 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2375
2376 bacpy(&ev.bdaddr, bdaddr);
2377
2378 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2379 cmd ? cmd->sk : NULL);
2380 }
Linux Btrfs Development