]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-focal-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
[mirror_ubuntu-focal-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <linux/module.h>
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #define MGMT_VERSION 0
34 #define MGMT_REVISION 1
35
36 struct pending_cmd {
37 struct list_head list;
38 __u16 opcode;
39 int index;
40 void *param;
41 struct sock *sk;
42 void *user_data;
43 };
44
45 static LIST_HEAD(cmd_list);
46
47 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
48 {
49 struct sk_buff *skb;
50 struct mgmt_hdr *hdr;
51 struct mgmt_ev_cmd_status *ev;
52
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
54
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
56 if (!skb)
57 return -ENOMEM;
58
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
60
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
64
65 ev = (void *) skb_put(skb, sizeof(*ev));
66 ev->status = status;
67 put_unaligned_le16(cmd, &ev->opcode);
68
69 if (sock_queue_rcv_skb(sk, skb) < 0)
70 kfree_skb(skb);
71
72 return 0;
73 }
74
75 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
76 size_t rp_len)
77 {
78 struct sk_buff *skb;
79 struct mgmt_hdr *hdr;
80 struct mgmt_ev_cmd_complete *ev;
81
82 BT_DBG("sock %p", sk);
83
84 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
85 if (!skb)
86 return -ENOMEM;
87
88 hdr = (void *) skb_put(skb, sizeof(*hdr));
89
90 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
91 hdr->index = cpu_to_le16(index);
92 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
93
94 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
95 put_unaligned_le16(cmd, &ev->opcode);
96
97 if (rp)
98 memcpy(ev->data, rp, rp_len);
99
100 if (sock_queue_rcv_skb(sk, skb) < 0)
101 kfree_skb(skb);
102
103 return 0;
104 }
105
106 static int read_version(struct sock *sk)
107 {
108 struct mgmt_rp_read_version rp;
109
110 BT_DBG("sock %p", sk);
111
112 rp.version = MGMT_VERSION;
113 put_unaligned_le16(MGMT_REVISION, &rp.revision);
114
115 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
116 sizeof(rp));
117 }
118
119 static int read_index_list(struct sock *sk)
120 {
121 struct mgmt_rp_read_index_list *rp;
122 struct list_head *p;
123 size_t rp_len;
124 u16 count;
125 int i, err;
126
127 BT_DBG("sock %p", sk);
128
129 read_lock(&hci_dev_list_lock);
130
131 count = 0;
132 list_for_each(p, &hci_dev_list) {
133 count++;
134 }
135
136 rp_len = sizeof(*rp) + (2 * count);
137 rp = kmalloc(rp_len, GFP_ATOMIC);
138 if (!rp) {
139 read_unlock(&hci_dev_list_lock);
140 return -ENOMEM;
141 }
142
143 put_unaligned_le16(count, &rp->num_controllers);
144
145 i = 0;
146 list_for_each(p, &hci_dev_list) {
147 struct hci_dev *d = list_entry(p, struct hci_dev, list);
148
149 hci_del_off_timer(d);
150
151 if (test_bit(HCI_SETUP, &d->flags))
152 continue;
153
154 put_unaligned_le16(d->id, &rp->index[i++]);
155 BT_DBG("Added hci%u", d->id);
156 }
157
158 read_unlock(&hci_dev_list_lock);
159
160 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
161 rp_len);
162
163 kfree(rp);
164
165 return err;
166 }
167
168 static int read_controller_info(struct sock *sk, u16 index)
169 {
170 struct mgmt_rp_read_info rp;
171 struct hci_dev *hdev;
172
173 BT_DBG("sock %p hci%u", sk, index);
174
175 hdev = hci_dev_get(index);
176 if (!hdev)
177 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
178
179 hci_del_off_timer(hdev);
180
181 hci_dev_lock_bh(hdev);
182
183 set_bit(HCI_MGMT, &hdev->flags);
184
185 memset(&rp, 0, sizeof(rp));
186
187 rp.type = hdev->dev_type;
188
189 rp.powered = test_bit(HCI_UP, &hdev->flags);
190 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
191 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
192 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
193
194 if (test_bit(HCI_AUTH, &hdev->flags))
195 rp.sec_mode = 3;
196 else if (hdev->ssp_mode > 0)
197 rp.sec_mode = 4;
198 else
199 rp.sec_mode = 2;
200
201 bacpy(&rp.bdaddr, &hdev->bdaddr);
202 memcpy(rp.features, hdev->features, 8);
203 memcpy(rp.dev_class, hdev->dev_class, 3);
204 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
205 rp.hci_ver = hdev->hci_ver;
206 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
207
208 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
209
210 hci_dev_unlock_bh(hdev);
211 hci_dev_put(hdev);
212
213 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
214 }
215
216 static void mgmt_pending_free(struct pending_cmd *cmd)
217 {
218 sock_put(cmd->sk);
219 kfree(cmd->param);
220 kfree(cmd);
221 }
222
223 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
224 u16 index, void *data, u16 len)
225 {
226 struct pending_cmd *cmd;
227
228 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
229 if (!cmd)
230 return NULL;
231
232 cmd->opcode = opcode;
233 cmd->index = index;
234
235 cmd->param = kmalloc(len, GFP_ATOMIC);
236 if (!cmd->param) {
237 kfree(cmd);
238 return NULL;
239 }
240
241 if (data)
242 memcpy(cmd->param, data, len);
243
244 cmd->sk = sk;
245 sock_hold(sk);
246
247 list_add(&cmd->list, &cmd_list);
248
249 return cmd;
250 }
251
252 static void mgmt_pending_foreach(u16 opcode, int index,
253 void (*cb)(struct pending_cmd *cmd, void *data),
254 void *data)
255 {
256 struct list_head *p, *n;
257
258 list_for_each_safe(p, n, &cmd_list) {
259 struct pending_cmd *cmd;
260
261 cmd = list_entry(p, struct pending_cmd, list);
262
263 if (cmd->opcode != opcode)
264 continue;
265
266 if (index >= 0 && cmd->index != index)
267 continue;
268
269 cb(cmd, data);
270 }
271 }
272
273 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
274 {
275 struct list_head *p;
276
277 list_for_each(p, &cmd_list) {
278 struct pending_cmd *cmd;
279
280 cmd = list_entry(p, struct pending_cmd, list);
281
282 if (cmd->opcode != opcode)
283 continue;
284
285 if (index >= 0 && cmd->index != index)
286 continue;
287
288 return cmd;
289 }
290
291 return NULL;
292 }
293
294 static void mgmt_pending_remove(struct pending_cmd *cmd)
295 {
296 list_del(&cmd->list);
297 mgmt_pending_free(cmd);
298 }
299
300 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
301 {
302 struct mgmt_mode *cp;
303 struct hci_dev *hdev;
304 struct pending_cmd *cmd;
305 int err, up;
306
307 cp = (void *) data;
308
309 BT_DBG("request for hci%u", index);
310
311 if (len != sizeof(*cp))
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
313
314 hdev = hci_dev_get(index);
315 if (!hdev)
316 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
317
318 hci_dev_lock_bh(hdev);
319
320 up = test_bit(HCI_UP, &hdev->flags);
321 if ((cp->val && up) || (!cp->val && !up)) {
322 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
323 goto failed;
324 }
325
326 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
327 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
328 goto failed;
329 }
330
331 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
332 if (!cmd) {
333 err = -ENOMEM;
334 goto failed;
335 }
336
337 if (cp->val)
338 queue_work(hdev->workqueue, &hdev->power_on);
339 else
340 queue_work(hdev->workqueue, &hdev->power_off);
341
342 err = 0;
343
344 failed:
345 hci_dev_unlock_bh(hdev);
346 hci_dev_put(hdev);
347 return err;
348 }
349
350 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
351 u16 len)
352 {
353 struct mgmt_mode *cp;
354 struct hci_dev *hdev;
355 struct pending_cmd *cmd;
356 u8 scan;
357 int err;
358
359 cp = (void *) data;
360
361 BT_DBG("request for hci%u", index);
362
363 if (len != sizeof(*cp))
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
365
366 hdev = hci_dev_get(index);
367 if (!hdev)
368 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
369
370 hci_dev_lock_bh(hdev);
371
372 if (!test_bit(HCI_UP, &hdev->flags)) {
373 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
374 goto failed;
375 }
376
377 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
378 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
379 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
380 goto failed;
381 }
382
383 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
384 test_bit(HCI_PSCAN, &hdev->flags)) {
385 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
386 goto failed;
387 }
388
389 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
390 if (!cmd) {
391 err = -ENOMEM;
392 goto failed;
393 }
394
395 scan = SCAN_PAGE;
396
397 if (cp->val)
398 scan |= SCAN_INQUIRY;
399
400 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
401 if (err < 0)
402 mgmt_pending_remove(cmd);
403
404 failed:
405 hci_dev_unlock_bh(hdev);
406 hci_dev_put(hdev);
407
408 return err;
409 }
410
411 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
412 u16 len)
413 {
414 struct mgmt_mode *cp;
415 struct hci_dev *hdev;
416 struct pending_cmd *cmd;
417 u8 scan;
418 int err;
419
420 cp = (void *) data;
421
422 BT_DBG("request for hci%u", index);
423
424 if (len != sizeof(*cp))
425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
426
427 hdev = hci_dev_get(index);
428 if (!hdev)
429 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
430
431 hci_dev_lock_bh(hdev);
432
433 if (!test_bit(HCI_UP, &hdev->flags)) {
434 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
435 goto failed;
436 }
437
438 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
439 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
440 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
441 goto failed;
442 }
443
444 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
445 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
446 goto failed;
447 }
448
449 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
450 if (!cmd) {
451 err = -ENOMEM;
452 goto failed;
453 }
454
455 if (cp->val)
456 scan = SCAN_PAGE;
457 else
458 scan = 0;
459
460 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
461 if (err < 0)
462 mgmt_pending_remove(cmd);
463
464 failed:
465 hci_dev_unlock_bh(hdev);
466 hci_dev_put(hdev);
467
468 return err;
469 }
470
471 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
472 struct sock *skip_sk)
473 {
474 struct sk_buff *skb;
475 struct mgmt_hdr *hdr;
476
477 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
478 if (!skb)
479 return -ENOMEM;
480
481 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
482
483 hdr = (void *) skb_put(skb, sizeof(*hdr));
484 hdr->opcode = cpu_to_le16(event);
485 hdr->index = cpu_to_le16(index);
486 hdr->len = cpu_to_le16(data_len);
487
488 if (data)
489 memcpy(skb_put(skb, data_len), data, data_len);
490
491 hci_send_to_sock(NULL, skb, skip_sk);
492 kfree_skb(skb);
493
494 return 0;
495 }
496
497 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
498 {
499 struct mgmt_mode rp;
500
501 rp.val = val;
502
503 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
504 }
505
506 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
507 u16 len)
508 {
509 struct mgmt_mode *cp, ev;
510 struct hci_dev *hdev;
511 int err;
512
513 cp = (void *) data;
514
515 BT_DBG("request for hci%u", index);
516
517 if (len != sizeof(*cp))
518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
519
520 hdev = hci_dev_get(index);
521 if (!hdev)
522 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
523
524 hci_dev_lock_bh(hdev);
525
526 if (cp->val)
527 set_bit(HCI_PAIRABLE, &hdev->flags);
528 else
529 clear_bit(HCI_PAIRABLE, &hdev->flags);
530
531 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
532 if (err < 0)
533 goto failed;
534
535 ev.val = cp->val;
536
537 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
538
539 failed:
540 hci_dev_unlock_bh(hdev);
541 hci_dev_put(hdev);
542
543 return err;
544 }
545
546 #define EIR_FLAGS 0x01 /* flags */
547 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
548 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
549 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
550 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
551 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
552 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
553 #define EIR_NAME_SHORT 0x08 /* shortened local name */
554 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
555 #define EIR_TX_POWER 0x0A /* transmit power level */
556 #define EIR_DEVICE_ID 0x10 /* device ID */
557
558 #define PNP_INFO_SVCLASS_ID 0x1200
559
560 static u8 bluetooth_base_uuid[] = {
561 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
562 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
563 };
564
565 static u16 get_uuid16(u8 *uuid128)
566 {
567 u32 val;
568 int i;
569
570 for (i = 0; i < 12; i++) {
571 if (bluetooth_base_uuid[i] != uuid128[i])
572 return 0;
573 }
574
575 memcpy(&val, &uuid128[12], 4);
576
577 val = le32_to_cpu(val);
578 if (val > 0xffff)
579 return 0;
580
581 return (u16) val;
582 }
583
584 static void create_eir(struct hci_dev *hdev, u8 *data)
585 {
586 u8 *ptr = data;
587 u16 eir_len = 0;
588 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
589 int i, truncated = 0;
590 struct list_head *p;
591 size_t name_len;
592
593 name_len = strlen(hdev->dev_name);
594
595 if (name_len > 0) {
596 /* EIR Data type */
597 if (name_len > 48) {
598 name_len = 48;
599 ptr[1] = EIR_NAME_SHORT;
600 } else
601 ptr[1] = EIR_NAME_COMPLETE;
602
603 /* EIR Data length */
604 ptr[0] = name_len + 1;
605
606 memcpy(ptr + 2, hdev->dev_name, name_len);
607
608 eir_len += (name_len + 2);
609 ptr += (name_len + 2);
610 }
611
612 memset(uuid16_list, 0, sizeof(uuid16_list));
613
614 /* Group all UUID16 types */
615 list_for_each(p, &hdev->uuids) {
616 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
617 u16 uuid16;
618
619 uuid16 = get_uuid16(uuid->uuid);
620 if (uuid16 == 0)
621 return;
622
623 if (uuid16 < 0x1100)
624 continue;
625
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
627 continue;
628
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
631 truncated = 1;
632 break;
633 }
634
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
638 break;
639
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
643 }
644 }
645
646 if (uuid16_list[0] != 0) {
647 u8 *length = ptr;
648
649 /* EIR Data type */
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
651
652 ptr += 2;
653 eir_len += 2;
654
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
658 }
659
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
662 }
663 }
664
665 static int update_eir(struct hci_dev *hdev)
666 {
667 struct hci_cp_write_eir cp;
668
669 if (!(hdev->features[6] & LMP_EXT_INQ))
670 return 0;
671
672 if (hdev->ssp_mode == 0)
673 return 0;
674
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
676 return 0;
677
678 memset(&cp, 0, sizeof(cp));
679
680 create_eir(hdev, cp.data);
681
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
683 return 0;
684
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
686
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
688 }
689
690 static u8 get_service_classes(struct hci_dev *hdev)
691 {
692 struct list_head *p;
693 u8 val = 0;
694
695 list_for_each(p, &hdev->uuids) {
696 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
697
698 val |= uuid->svc_hint;
699 }
700
701 return val;
702 }
703
704 static int update_class(struct hci_dev *hdev)
705 {
706 u8 cod[3];
707
708 BT_DBG("%s", hdev->name);
709
710 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
711 return 0;
712
713 cod[0] = hdev->minor_class;
714 cod[1] = hdev->major_class;
715 cod[2] = get_service_classes(hdev);
716
717 if (memcmp(cod, hdev->dev_class, 3) == 0)
718 return 0;
719
720 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
721 }
722
723 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
724 {
725 struct mgmt_cp_add_uuid *cp;
726 struct hci_dev *hdev;
727 struct bt_uuid *uuid;
728 int err;
729
730 cp = (void *) data;
731
732 BT_DBG("request for hci%u", index);
733
734 if (len != sizeof(*cp))
735 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
736
737 hdev = hci_dev_get(index);
738 if (!hdev)
739 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
740
741 hci_dev_lock_bh(hdev);
742
743 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
744 if (!uuid) {
745 err = -ENOMEM;
746 goto failed;
747 }
748
749 memcpy(uuid->uuid, cp->uuid, 16);
750 uuid->svc_hint = cp->svc_hint;
751
752 list_add(&uuid->list, &hdev->uuids);
753
754 err = update_class(hdev);
755 if (err < 0)
756 goto failed;
757
758 err = update_eir(hdev);
759 if (err < 0)
760 goto failed;
761
762 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
763
764 failed:
765 hci_dev_unlock_bh(hdev);
766 hci_dev_put(hdev);
767
768 return err;
769 }
770
771 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
772 {
773 struct list_head *p, *n;
774 struct mgmt_cp_remove_uuid *cp;
775 struct hci_dev *hdev;
776 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
777 int err, found;
778
779 cp = (void *) data;
780
781 BT_DBG("request for hci%u", index);
782
783 if (len != sizeof(*cp))
784 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
785
786 hdev = hci_dev_get(index);
787 if (!hdev)
788 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
789
790 hci_dev_lock_bh(hdev);
791
792 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
793 err = hci_uuids_clear(hdev);
794 goto unlock;
795 }
796
797 found = 0;
798
799 list_for_each_safe(p, n, &hdev->uuids) {
800 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
801
802 if (memcmp(match->uuid, cp->uuid, 16) != 0)
803 continue;
804
805 list_del(&match->list);
806 found++;
807 }
808
809 if (found == 0) {
810 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
811 goto unlock;
812 }
813
814 err = update_class(hdev);
815 if (err < 0)
816 goto unlock;
817
818 err = update_eir(hdev);
819 if (err < 0)
820 goto unlock;
821
822 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
823
824 unlock:
825 hci_dev_unlock_bh(hdev);
826 hci_dev_put(hdev);
827
828 return err;
829 }
830
831 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
832 u16 len)
833 {
834 struct hci_dev *hdev;
835 struct mgmt_cp_set_dev_class *cp;
836 int err;
837
838 cp = (void *) data;
839
840 BT_DBG("request for hci%u", index);
841
842 if (len != sizeof(*cp))
843 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
844
845 hdev = hci_dev_get(index);
846 if (!hdev)
847 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
848
849 hci_dev_lock_bh(hdev);
850
851 hdev->major_class = cp->major;
852 hdev->minor_class = cp->minor;
853
854 err = update_class(hdev);
855
856 if (err == 0)
857 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
858
859 hci_dev_unlock_bh(hdev);
860 hci_dev_put(hdev);
861
862 return err;
863 }
864
865 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
866 u16 len)
867 {
868 struct hci_dev *hdev;
869 struct mgmt_cp_set_service_cache *cp;
870 int err;
871
872 cp = (void *) data;
873
874 if (len != sizeof(*cp))
875 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
876
877 hdev = hci_dev_get(index);
878 if (!hdev)
879 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
880
881 hci_dev_lock_bh(hdev);
882
883 BT_DBG("hci%u enable %d", index, cp->enable);
884
885 if (cp->enable) {
886 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = 0;
888 } else {
889 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
890 err = update_class(hdev);
891 if (err == 0)
892 err = update_eir(hdev);
893 }
894
895 if (err == 0)
896 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
897 0);
898
899 hci_dev_unlock_bh(hdev);
900 hci_dev_put(hdev);
901
902 return err;
903 }
904
905 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
906 {
907 struct hci_dev *hdev;
908 struct mgmt_cp_load_keys *cp;
909 u16 key_count, expected_len;
910 int i;
911
912 cp = (void *) data;
913
914 if (len < sizeof(*cp))
915 return -EINVAL;
916
917 key_count = get_unaligned_le16(&cp->key_count);
918
919 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
920 if (expected_len != len) {
921 BT_ERR("load_keys: expected %u bytes, got %u bytes",
922 len, expected_len);
923 return -EINVAL;
924 }
925
926 hdev = hci_dev_get(index);
927 if (!hdev)
928 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
929
930 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
931 key_count);
932
933 hci_dev_lock_bh(hdev);
934
935 hci_link_keys_clear(hdev);
936
937 set_bit(HCI_LINK_KEYS, &hdev->flags);
938
939 if (cp->debug_keys)
940 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
941 else
942 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
943
944 for (i = 0; i < key_count; i++) {
945 struct mgmt_key_info *key = &cp->keys[i];
946
947 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
948 key->pin_len);
949 }
950
951 hci_dev_unlock_bh(hdev);
952 hci_dev_put(hdev);
953
954 return 0;
955 }
956
957 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
958 {
959 struct hci_dev *hdev;
960 struct mgmt_cp_remove_key *cp;
961 struct hci_conn *conn;
962 int err;
963
964 cp = (void *) data;
965
966 if (len != sizeof(*cp))
967 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
968
969 hdev = hci_dev_get(index);
970 if (!hdev)
971 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
972
973 hci_dev_lock_bh(hdev);
974
975 err = hci_remove_link_key(hdev, &cp->bdaddr);
976 if (err < 0) {
977 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
978 goto unlock;
979 }
980
981 err = 0;
982
983 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
984 goto unlock;
985
986 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
987 if (conn) {
988 struct hci_cp_disconnect dc;
989
990 put_unaligned_le16(conn->handle, &dc.handle);
991 dc.reason = 0x13; /* Remote User Terminated Connection */
992 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
993 }
994
995 unlock:
996 hci_dev_unlock_bh(hdev);
997 hci_dev_put(hdev);
998
999 return err;
1000 }
1001
1002 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1003 {
1004 struct hci_dev *hdev;
1005 struct mgmt_cp_disconnect *cp;
1006 struct hci_cp_disconnect dc;
1007 struct pending_cmd *cmd;
1008 struct hci_conn *conn;
1009 int err;
1010
1011 BT_DBG("");
1012
1013 cp = (void *) data;
1014
1015 if (len != sizeof(*cp))
1016 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1017
1018 hdev = hci_dev_get(index);
1019 if (!hdev)
1020 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1021
1022 hci_dev_lock_bh(hdev);
1023
1024 if (!test_bit(HCI_UP, &hdev->flags)) {
1025 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1026 goto failed;
1027 }
1028
1029 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1030 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1031 goto failed;
1032 }
1033
1034 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1035 if (!conn)
1036 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1037
1038 if (!conn) {
1039 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1040 goto failed;
1041 }
1042
1043 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1044 if (!cmd) {
1045 err = -ENOMEM;
1046 goto failed;
1047 }
1048
1049 put_unaligned_le16(conn->handle, &dc.handle);
1050 dc.reason = 0x13; /* Remote User Terminated Connection */
1051
1052 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1053 if (err < 0)
1054 mgmt_pending_remove(cmd);
1055
1056 failed:
1057 hci_dev_unlock_bh(hdev);
1058 hci_dev_put(hdev);
1059
1060 return err;
1061 }
1062
1063 static int get_connections(struct sock *sk, u16 index)
1064 {
1065 struct mgmt_rp_get_connections *rp;
1066 struct hci_dev *hdev;
1067 struct list_head *p;
1068 size_t rp_len;
1069 u16 count;
1070 int i, err;
1071
1072 BT_DBG("");
1073
1074 hdev = hci_dev_get(index);
1075 if (!hdev)
1076 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1077
1078 hci_dev_lock_bh(hdev);
1079
1080 count = 0;
1081 list_for_each(p, &hdev->conn_hash.list) {
1082 count++;
1083 }
1084
1085 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1086 rp = kmalloc(rp_len, GFP_ATOMIC);
1087 if (!rp) {
1088 err = -ENOMEM;
1089 goto unlock;
1090 }
1091
1092 put_unaligned_le16(count, &rp->conn_count);
1093
1094 i = 0;
1095 list_for_each(p, &hdev->conn_hash.list) {
1096 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1097
1098 bacpy(&rp->conn[i++], &c->dst);
1099 }
1100
1101 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1102
1103 unlock:
1104 kfree(rp);
1105 hci_dev_unlock_bh(hdev);
1106 hci_dev_put(hdev);
1107 return err;
1108 }
1109
1110 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1111 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1112 {
1113 struct pending_cmd *cmd;
1114 int err;
1115
1116 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1117 sizeof(*cp));
1118 if (!cmd)
1119 return -ENOMEM;
1120
1121 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1122 &cp->bdaddr);
1123 if (err < 0)
1124 mgmt_pending_remove(cmd);
1125
1126 return err;
1127 }
1128
1129 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1130 u16 len)
1131 {
1132 struct hci_dev *hdev;
1133 struct hci_conn *conn;
1134 struct mgmt_cp_pin_code_reply *cp;
1135 struct mgmt_cp_pin_code_neg_reply ncp;
1136 struct hci_cp_pin_code_reply reply;
1137 struct pending_cmd *cmd;
1138 int err;
1139
1140 BT_DBG("");
1141
1142 cp = (void *) data;
1143
1144 if (len != sizeof(*cp))
1145 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1146
1147 hdev = hci_dev_get(index);
1148 if (!hdev)
1149 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1150
1151 hci_dev_lock_bh(hdev);
1152
1153 if (!test_bit(HCI_UP, &hdev->flags)) {
1154 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1155 goto failed;
1156 }
1157
1158 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1159 if (!conn) {
1160 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1161 goto failed;
1162 }
1163
1164 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1165 bacpy(&ncp.bdaddr, &cp->bdaddr);
1166
1167 BT_ERR("PIN code is not 16 bytes long");
1168
1169 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1170 if (err >= 0)
1171 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1172 EINVAL);
1173
1174 goto failed;
1175 }
1176
1177 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1178 if (!cmd) {
1179 err = -ENOMEM;
1180 goto failed;
1181 }
1182
1183 bacpy(&reply.bdaddr, &cp->bdaddr);
1184 reply.pin_len = cp->pin_len;
1185 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1186
1187 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1188 if (err < 0)
1189 mgmt_pending_remove(cmd);
1190
1191 failed:
1192 hci_dev_unlock_bh(hdev);
1193 hci_dev_put(hdev);
1194
1195 return err;
1196 }
1197
1198 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1199 u16 len)
1200 {
1201 struct hci_dev *hdev;
1202 struct mgmt_cp_pin_code_neg_reply *cp;
1203 int err;
1204
1205 BT_DBG("");
1206
1207 cp = (void *) data;
1208
1209 if (len != sizeof(*cp))
1210 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1211 EINVAL);
1212
1213 hdev = hci_dev_get(index);
1214 if (!hdev)
1215 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1216 ENODEV);
1217
1218 hci_dev_lock_bh(hdev);
1219
1220 if (!test_bit(HCI_UP, &hdev->flags)) {
1221 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1222 ENETDOWN);
1223 goto failed;
1224 }
1225
1226 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1227
1228 failed:
1229 hci_dev_unlock_bh(hdev);
1230 hci_dev_put(hdev);
1231
1232 return err;
1233 }
1234
1235 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1236 u16 len)
1237 {
1238 struct hci_dev *hdev;
1239 struct mgmt_cp_set_io_capability *cp;
1240
1241 BT_DBG("");
1242
1243 cp = (void *) data;
1244
1245 if (len != sizeof(*cp))
1246 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1247
1248 hdev = hci_dev_get(index);
1249 if (!hdev)
1250 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1251
1252 hci_dev_lock_bh(hdev);
1253
1254 hdev->io_capability = cp->io_capability;
1255
1256 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1257 hdev->io_capability);
1258
1259 hci_dev_unlock_bh(hdev);
1260 hci_dev_put(hdev);
1261
1262 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1263 }
1264
1265 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1266 {
1267 struct hci_dev *hdev = conn->hdev;
1268 struct list_head *p;
1269
1270 list_for_each(p, &cmd_list) {
1271 struct pending_cmd *cmd;
1272
1273 cmd = list_entry(p, struct pending_cmd, list);
1274
1275 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1276 continue;
1277
1278 if (cmd->index != hdev->id)
1279 continue;
1280
1281 if (cmd->user_data != conn)
1282 continue;
1283
1284 return cmd;
1285 }
1286
1287 return NULL;
1288 }
1289
1290 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1291 {
1292 struct mgmt_rp_pair_device rp;
1293 struct hci_conn *conn = cmd->user_data;
1294
1295 bacpy(&rp.bdaddr, &conn->dst);
1296 rp.status = status;
1297
1298 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1299
1300 /* So we don't get further callbacks for this connection */
1301 conn->connect_cfm_cb = NULL;
1302 conn->security_cfm_cb = NULL;
1303 conn->disconn_cfm_cb = NULL;
1304
1305 hci_conn_put(conn);
1306
1307 mgmt_pending_remove(cmd);
1308 }
1309
1310 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1311 {
1312 struct pending_cmd *cmd;
1313
1314 BT_DBG("status %u", status);
1315
1316 cmd = find_pairing(conn);
1317 if (!cmd) {
1318 BT_DBG("Unable to find a pending command");
1319 return;
1320 }
1321
1322 pairing_complete(cmd, status);
1323 }
1324
1325 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1326 {
1327 struct hci_dev *hdev;
1328 struct mgmt_cp_pair_device *cp;
1329 struct pending_cmd *cmd;
1330 struct adv_entry *entry;
1331 u8 sec_level, auth_type;
1332 struct hci_conn *conn;
1333 int err;
1334
1335 BT_DBG("");
1336
1337 cp = (void *) data;
1338
1339 if (len != sizeof(*cp))
1340 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1341
1342 hdev = hci_dev_get(index);
1343 if (!hdev)
1344 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1345
1346 hci_dev_lock_bh(hdev);
1347
1348 sec_level = BT_SECURITY_MEDIUM;
1349 if (cp->io_cap == 0x03)
1350 auth_type = HCI_AT_DEDICATED_BONDING;
1351 else
1352 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1353
1354 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1355 if (entry)
1356 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1357 auth_type);
1358 else
1359 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1360 auth_type);
1361
1362 if (IS_ERR(conn)) {
1363 err = PTR_ERR(conn);
1364 goto unlock;
1365 }
1366
1367 if (conn->connect_cfm_cb) {
1368 hci_conn_put(conn);
1369 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1370 goto unlock;
1371 }
1372
1373 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1374 if (!cmd) {
1375 err = -ENOMEM;
1376 hci_conn_put(conn);
1377 goto unlock;
1378 }
1379
1380 /* For LE, just connecting isn't a proof that the pairing finished */
1381 if (!entry)
1382 conn->connect_cfm_cb = pairing_complete_cb;
1383
1384 conn->security_cfm_cb = pairing_complete_cb;
1385 conn->disconn_cfm_cb = pairing_complete_cb;
1386 conn->io_capability = cp->io_cap;
1387 cmd->user_data = conn;
1388
1389 if (conn->state == BT_CONNECTED &&
1390 hci_conn_security(conn, sec_level, auth_type))
1391 pairing_complete(cmd, 0);
1392
1393 err = 0;
1394
1395 unlock:
1396 hci_dev_unlock_bh(hdev);
1397 hci_dev_put(hdev);
1398
1399 return err;
1400 }
1401
1402 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1403 u16 len, int success)
1404 {
1405 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1406 u16 mgmt_op, hci_op;
1407 struct pending_cmd *cmd;
1408 struct hci_dev *hdev;
1409 int err;
1410
1411 BT_DBG("");
1412
1413 if (success) {
1414 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1415 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1416 } else {
1417 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1418 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1419 }
1420
1421 if (len != sizeof(*cp))
1422 return cmd_status(sk, index, mgmt_op, EINVAL);
1423
1424 hdev = hci_dev_get(index);
1425 if (!hdev)
1426 return cmd_status(sk, index, mgmt_op, ENODEV);
1427
1428 hci_dev_lock_bh(hdev);
1429
1430 if (!test_bit(HCI_UP, &hdev->flags)) {
1431 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1432 goto failed;
1433 }
1434
1435 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1436 if (!cmd) {
1437 err = -ENOMEM;
1438 goto failed;
1439 }
1440
1441 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1442 if (err < 0)
1443 mgmt_pending_remove(cmd);
1444
1445 failed:
1446 hci_dev_unlock_bh(hdev);
1447 hci_dev_put(hdev);
1448
1449 return err;
1450 }
1451
1452 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1453 u16 len)
1454 {
1455 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1456 struct hci_cp_write_local_name hci_cp;
1457 struct hci_dev *hdev;
1458 struct pending_cmd *cmd;
1459 int err;
1460
1461 BT_DBG("");
1462
1463 if (len != sizeof(*mgmt_cp))
1464 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1465
1466 hdev = hci_dev_get(index);
1467 if (!hdev)
1468 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1469
1470 hci_dev_lock_bh(hdev);
1471
1472 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1473 if (!cmd) {
1474 err = -ENOMEM;
1475 goto failed;
1476 }
1477
1478 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1479 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1480 &hci_cp);
1481 if (err < 0)
1482 mgmt_pending_remove(cmd);
1483
1484 failed:
1485 hci_dev_unlock_bh(hdev);
1486 hci_dev_put(hdev);
1487
1488 return err;
1489 }
1490
1491 static int read_local_oob_data(struct sock *sk, u16 index)
1492 {
1493 struct hci_dev *hdev;
1494 struct pending_cmd *cmd;
1495 int err;
1496
1497 BT_DBG("hci%u", index);
1498
1499 hdev = hci_dev_get(index);
1500 if (!hdev)
1501 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1502 ENODEV);
1503
1504 hci_dev_lock_bh(hdev);
1505
1506 if (!test_bit(HCI_UP, &hdev->flags)) {
1507 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1508 ENETDOWN);
1509 goto unlock;
1510 }
1511
1512 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1513 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1514 EOPNOTSUPP);
1515 goto unlock;
1516 }
1517
1518 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1519 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1520 goto unlock;
1521 }
1522
1523 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1524 if (!cmd) {
1525 err = -ENOMEM;
1526 goto unlock;
1527 }
1528
1529 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1530 if (err < 0)
1531 mgmt_pending_remove(cmd);
1532
1533 unlock:
1534 hci_dev_unlock_bh(hdev);
1535 hci_dev_put(hdev);
1536
1537 return err;
1538 }
1539
1540 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1541 u16 len)
1542 {
1543 struct hci_dev *hdev;
1544 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1545 int err;
1546
1547 BT_DBG("hci%u ", index);
1548
1549 if (len != sizeof(*cp))
1550 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1551 EINVAL);
1552
1553 hdev = hci_dev_get(index);
1554 if (!hdev)
1555 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1556 ENODEV);
1557
1558 hci_dev_lock_bh(hdev);
1559
1560 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1561 cp->randomizer);
1562 if (err < 0)
1563 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1564 else
1565 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1566 0);
1567
1568 hci_dev_unlock_bh(hdev);
1569 hci_dev_put(hdev);
1570
1571 return err;
1572 }
1573
1574 static int remove_remote_oob_data(struct sock *sk, u16 index,
1575 unsigned char *data, u16 len)
1576 {
1577 struct hci_dev *hdev;
1578 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1579 int err;
1580
1581 BT_DBG("hci%u ", index);
1582
1583 if (len != sizeof(*cp))
1584 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1585 EINVAL);
1586
1587 hdev = hci_dev_get(index);
1588 if (!hdev)
1589 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1590 ENODEV);
1591
1592 hci_dev_lock_bh(hdev);
1593
1594 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1595 if (err < 0)
1596 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1597 -err);
1598 else
1599 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1600 NULL, 0);
1601
1602 hci_dev_unlock_bh(hdev);
1603 hci_dev_put(hdev);
1604
1605 return err;
1606 }
1607
1608 static int start_discovery(struct sock *sk, u16 index)
1609 {
1610 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1611 struct hci_cp_inquiry cp;
1612 struct pending_cmd *cmd;
1613 struct hci_dev *hdev;
1614 int err;
1615
1616 BT_DBG("hci%u", index);
1617
1618 hdev = hci_dev_get(index);
1619 if (!hdev)
1620 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1621
1622 hci_dev_lock_bh(hdev);
1623
1624 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1625 if (!cmd) {
1626 err = -ENOMEM;
1627 goto failed;
1628 }
1629
1630 memset(&cp, 0, sizeof(cp));
1631 memcpy(&cp.lap, lap, 3);
1632 cp.length = 0x08;
1633 cp.num_rsp = 0x00;
1634
1635 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1636 if (err < 0)
1637 mgmt_pending_remove(cmd);
1638
1639 failed:
1640 hci_dev_unlock_bh(hdev);
1641 hci_dev_put(hdev);
1642
1643 return err;
1644 }
1645
1646 static int stop_discovery(struct sock *sk, u16 index)
1647 {
1648 struct hci_dev *hdev;
1649 struct pending_cmd *cmd;
1650 int err;
1651
1652 BT_DBG("hci%u", index);
1653
1654 hdev = hci_dev_get(index);
1655 if (!hdev)
1656 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1657
1658 hci_dev_lock_bh(hdev);
1659
1660 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1661 if (!cmd) {
1662 err = -ENOMEM;
1663 goto failed;
1664 }
1665
1666 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1667 if (err < 0)
1668 mgmt_pending_remove(cmd);
1669
1670 failed:
1671 hci_dev_unlock_bh(hdev);
1672 hci_dev_put(hdev);
1673
1674 return err;
1675 }
1676
1677 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1678 u16 len)
1679 {
1680 struct hci_dev *hdev;
1681 struct pending_cmd *cmd;
1682 struct mgmt_cp_block_device *cp = (void *) data;
1683 int err;
1684
1685 BT_DBG("hci%u", index);
1686
1687 if (len != sizeof(*cp))
1688 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1689 EINVAL);
1690
1691 hdev = hci_dev_get(index);
1692 if (!hdev)
1693 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1694 ENODEV);
1695
1696 hci_dev_lock_bh(hdev);
1697
1698 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0);
1699 if (!cmd) {
1700 err = -ENOMEM;
1701 goto failed;
1702 }
1703
1704 err = hci_blacklist_add(hdev, &cp->bdaddr);
1705
1706 if (err < 0)
1707 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1708 else
1709 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1710 NULL, 0);
1711
1712 mgmt_pending_remove(cmd);
1713
1714 failed:
1715 hci_dev_unlock_bh(hdev);
1716 hci_dev_put(hdev);
1717
1718 return err;
1719 }
1720
1721 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1722 u16 len)
1723 {
1724 struct hci_dev *hdev;
1725 struct pending_cmd *cmd;
1726 struct mgmt_cp_unblock_device *cp = (void *) data;
1727 int err;
1728
1729 BT_DBG("hci%u", index);
1730
1731 if (len != sizeof(*cp))
1732 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1733 EINVAL);
1734
1735 hdev = hci_dev_get(index);
1736 if (!hdev)
1737 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1738 ENODEV);
1739
1740 hci_dev_lock_bh(hdev);
1741
1742 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0);
1743 if (!cmd) {
1744 err = -ENOMEM;
1745 goto failed;
1746 }
1747
1748 err = hci_blacklist_del(hdev, &cp->bdaddr);
1749
1750 if (err < 0)
1751 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1752 else
1753 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1754 NULL, 0);
1755
1756 mgmt_pending_remove(cmd);
1757
1758 failed:
1759 hci_dev_unlock_bh(hdev);
1760 hci_dev_put(hdev);
1761
1762 return err;
1763 }
1764
1765 static int set_fast_connectable(struct sock *sk, u16 index,
1766 unsigned char *data, u16 len)
1767 {
1768 struct hci_dev *hdev;
1769 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1770 struct hci_cp_write_page_scan_activity acp;
1771 u8 type;
1772 int err;
1773
1774 BT_DBG("hci%u", index);
1775
1776 if (len != sizeof(*cp))
1777 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1778 EINVAL);
1779
1780 hdev = hci_dev_get(index);
1781 if (!hdev)
1782 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1783 ENODEV);
1784
1785 hci_dev_lock(hdev);
1786
1787 if (cp->enable) {
1788 type = PAGE_SCAN_TYPE_INTERLACED;
1789 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1790 } else {
1791 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1792 acp.interval = 0x0800; /* default 1.28 sec page scan */
1793 }
1794
1795 acp.window = 0x0012; /* default 11.25 msec page scan window */
1796
1797 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1798 sizeof(acp), &acp);
1799 if (err < 0) {
1800 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1801 -err);
1802 goto done;
1803 }
1804
1805 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1806 if (err < 0) {
1807 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1808 -err);
1809 goto done;
1810 }
1811
1812 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1813 NULL, 0);
1814 done:
1815 hci_dev_unlock(hdev);
1816 hci_dev_put(hdev);
1817
1818 return err;
1819 }
1820
1821 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1822 {
1823 unsigned char *buf;
1824 struct mgmt_hdr *hdr;
1825 u16 opcode, index, len;
1826 int err;
1827
1828 BT_DBG("got %zu bytes", msglen);
1829
1830 if (msglen < sizeof(*hdr))
1831 return -EINVAL;
1832
1833 buf = kmalloc(msglen, GFP_KERNEL);
1834 if (!buf)
1835 return -ENOMEM;
1836
1837 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1838 err = -EFAULT;
1839 goto done;
1840 }
1841
1842 hdr = (struct mgmt_hdr *) buf;
1843 opcode = get_unaligned_le16(&hdr->opcode);
1844 index = get_unaligned_le16(&hdr->index);
1845 len = get_unaligned_le16(&hdr->len);
1846
1847 if (len != msglen - sizeof(*hdr)) {
1848 err = -EINVAL;
1849 goto done;
1850 }
1851
1852 switch (opcode) {
1853 case MGMT_OP_READ_VERSION:
1854 err = read_version(sk);
1855 break;
1856 case MGMT_OP_READ_INDEX_LIST:
1857 err = read_index_list(sk);
1858 break;
1859 case MGMT_OP_READ_INFO:
1860 err = read_controller_info(sk, index);
1861 break;
1862 case MGMT_OP_SET_POWERED:
1863 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1864 break;
1865 case MGMT_OP_SET_DISCOVERABLE:
1866 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1867 break;
1868 case MGMT_OP_SET_CONNECTABLE:
1869 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1870 break;
1871 case MGMT_OP_SET_PAIRABLE:
1872 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1873 break;
1874 case MGMT_OP_ADD_UUID:
1875 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1876 break;
1877 case MGMT_OP_REMOVE_UUID:
1878 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1879 break;
1880 case MGMT_OP_SET_DEV_CLASS:
1881 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1882 break;
1883 case MGMT_OP_SET_SERVICE_CACHE:
1884 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1885 break;
1886 case MGMT_OP_LOAD_KEYS:
1887 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1888 break;
1889 case MGMT_OP_REMOVE_KEY:
1890 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1891 break;
1892 case MGMT_OP_DISCONNECT:
1893 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1894 break;
1895 case MGMT_OP_GET_CONNECTIONS:
1896 err = get_connections(sk, index);
1897 break;
1898 case MGMT_OP_PIN_CODE_REPLY:
1899 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1900 break;
1901 case MGMT_OP_PIN_CODE_NEG_REPLY:
1902 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1903 break;
1904 case MGMT_OP_SET_IO_CAPABILITY:
1905 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1906 break;
1907 case MGMT_OP_PAIR_DEVICE:
1908 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1909 break;
1910 case MGMT_OP_USER_CONFIRM_REPLY:
1911 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1912 break;
1913 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1914 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1915 break;
1916 case MGMT_OP_SET_LOCAL_NAME:
1917 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1918 break;
1919 case MGMT_OP_READ_LOCAL_OOB_DATA:
1920 err = read_local_oob_data(sk, index);
1921 break;
1922 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1923 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1924 break;
1925 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1926 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1927 len);
1928 break;
1929 case MGMT_OP_START_DISCOVERY:
1930 err = start_discovery(sk, index);
1931 break;
1932 case MGMT_OP_STOP_DISCOVERY:
1933 err = stop_discovery(sk, index);
1934 break;
1935 case MGMT_OP_BLOCK_DEVICE:
1936 err = block_device(sk, index, buf + sizeof(*hdr), len);
1937 break;
1938 case MGMT_OP_UNBLOCK_DEVICE:
1939 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1940 break;
1941 case MGMT_OP_SET_FAST_CONNECTABLE:
1942 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1943 len);
1944 break;
1945 default:
1946 BT_DBG("Unknown op %u", opcode);
1947 err = cmd_status(sk, index, opcode, 0x01);
1948 break;
1949 }
1950
1951 if (err < 0)
1952 goto done;
1953
1954 err = msglen;
1955
1956 done:
1957 kfree(buf);
1958 return err;
1959 }
1960
1961 int mgmt_index_added(u16 index)
1962 {
1963 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1964 }
1965
1966 int mgmt_index_removed(u16 index)
1967 {
1968 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1969 }
1970
1971 struct cmd_lookup {
1972 u8 val;
1973 struct sock *sk;
1974 };
1975
1976 static void mode_rsp(struct pending_cmd *cmd, void *data)
1977 {
1978 struct mgmt_mode *cp = cmd->param;
1979 struct cmd_lookup *match = data;
1980
1981 if (cp->val != match->val)
1982 return;
1983
1984 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1985
1986 list_del(&cmd->list);
1987
1988 if (match->sk == NULL) {
1989 match->sk = cmd->sk;
1990 sock_hold(match->sk);
1991 }
1992
1993 mgmt_pending_free(cmd);
1994 }
1995
1996 int mgmt_powered(u16 index, u8 powered)
1997 {
1998 struct mgmt_mode ev;
1999 struct cmd_lookup match = { powered, NULL };
2000 int ret;
2001
2002 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2003
2004 ev.val = powered;
2005
2006 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2007
2008 if (match.sk)
2009 sock_put(match.sk);
2010
2011 return ret;
2012 }
2013
2014 int mgmt_discoverable(u16 index, u8 discoverable)
2015 {
2016 struct mgmt_mode ev;
2017 struct cmd_lookup match = { discoverable, NULL };
2018 int ret;
2019
2020 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2021
2022 ev.val = discoverable;
2023
2024 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2025 match.sk);
2026
2027 if (match.sk)
2028 sock_put(match.sk);
2029
2030 return ret;
2031 }
2032
2033 int mgmt_connectable(u16 index, u8 connectable)
2034 {
2035 struct mgmt_mode ev;
2036 struct cmd_lookup match = { connectable, NULL };
2037 int ret;
2038
2039 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2040
2041 ev.val = connectable;
2042
2043 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2044
2045 if (match.sk)
2046 sock_put(match.sk);
2047
2048 return ret;
2049 }
2050
2051 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2052 {
2053 struct mgmt_ev_new_key ev;
2054
2055 memset(&ev, 0, sizeof(ev));
2056
2057 ev.store_hint = persistent;
2058 bacpy(&ev.key.bdaddr, &key->bdaddr);
2059 ev.key.type = key->type;
2060 memcpy(ev.key.val, key->val, 16);
2061 ev.key.pin_len = key->pin_len;
2062
2063 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2064 }
2065
2066 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2067 {
2068 struct mgmt_ev_connected ev;
2069
2070 bacpy(&ev.bdaddr, bdaddr);
2071 ev.link_type = link_type;
2072
2073 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2074 }
2075
2076 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2077 {
2078 struct mgmt_cp_disconnect *cp = cmd->param;
2079 struct sock **sk = data;
2080 struct mgmt_rp_disconnect rp;
2081
2082 bacpy(&rp.bdaddr, &cp->bdaddr);
2083
2084 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2085
2086 *sk = cmd->sk;
2087 sock_hold(*sk);
2088
2089 mgmt_pending_remove(cmd);
2090 }
2091
2092 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2093 {
2094 struct mgmt_ev_disconnected ev;
2095 struct sock *sk = NULL;
2096 int err;
2097
2098 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2099
2100 bacpy(&ev.bdaddr, bdaddr);
2101
2102 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2103
2104 if (sk)
2105 sock_put(sk);
2106
2107 return err;
2108 }
2109
2110 int mgmt_disconnect_failed(u16 index)
2111 {
2112 struct pending_cmd *cmd;
2113 int err;
2114
2115 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2116 if (!cmd)
2117 return -ENOENT;
2118
2119 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2120
2121 mgmt_pending_remove(cmd);
2122
2123 return err;
2124 }
2125
2126 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2127 {
2128 struct mgmt_ev_connect_failed ev;
2129
2130 bacpy(&ev.bdaddr, bdaddr);
2131 ev.status = status;
2132
2133 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2134 }
2135
2136 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2137 {
2138 struct mgmt_ev_pin_code_request ev;
2139
2140 bacpy(&ev.bdaddr, bdaddr);
2141 ev.secure = secure;
2142
2143 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2144 NULL);
2145 }
2146
2147 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2148 {
2149 struct pending_cmd *cmd;
2150 struct mgmt_rp_pin_code_reply rp;
2151 int err;
2152
2153 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2154 if (!cmd)
2155 return -ENOENT;
2156
2157 bacpy(&rp.bdaddr, bdaddr);
2158 rp.status = status;
2159
2160 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2161 sizeof(rp));
2162
2163 mgmt_pending_remove(cmd);
2164
2165 return err;
2166 }
2167
2168 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2169 {
2170 struct pending_cmd *cmd;
2171 struct mgmt_rp_pin_code_reply rp;
2172 int err;
2173
2174 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2175 if (!cmd)
2176 return -ENOENT;
2177
2178 bacpy(&rp.bdaddr, bdaddr);
2179 rp.status = status;
2180
2181 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2182 sizeof(rp));
2183
2184 mgmt_pending_remove(cmd);
2185
2186 return err;
2187 }
2188
2189 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2190 u8 confirm_hint)
2191 {
2192 struct mgmt_ev_user_confirm_request ev;
2193
2194 BT_DBG("hci%u", index);
2195
2196 bacpy(&ev.bdaddr, bdaddr);
2197 ev.confirm_hint = confirm_hint;
2198 put_unaligned_le32(value, &ev.value);
2199
2200 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2201 NULL);
2202 }
2203
2204 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2205 u8 opcode)
2206 {
2207 struct pending_cmd *cmd;
2208 struct mgmt_rp_user_confirm_reply rp;
2209 int err;
2210
2211 cmd = mgmt_pending_find(opcode, index);
2212 if (!cmd)
2213 return -ENOENT;
2214
2215 bacpy(&rp.bdaddr, bdaddr);
2216 rp.status = status;
2217 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2218
2219 mgmt_pending_remove(cmd);
2220
2221 return err;
2222 }
2223
2224 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2225 {
2226 return confirm_reply_complete(index, bdaddr, status,
2227 MGMT_OP_USER_CONFIRM_REPLY);
2228 }
2229
2230 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2231 {
2232 return confirm_reply_complete(index, bdaddr, status,
2233 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2234 }
2235
2236 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2237 {
2238 struct mgmt_ev_auth_failed ev;
2239
2240 bacpy(&ev.bdaddr, bdaddr);
2241 ev.status = status;
2242
2243 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2244 }
2245
2246 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2247 {
2248 struct pending_cmd *cmd;
2249 struct hci_dev *hdev;
2250 struct mgmt_cp_set_local_name ev;
2251 int err;
2252
2253 memset(&ev, 0, sizeof(ev));
2254 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2255
2256 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2257 if (!cmd)
2258 goto send_event;
2259
2260 if (status) {
2261 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2262 goto failed;
2263 }
2264
2265 hdev = hci_dev_get(index);
2266 if (hdev) {
2267 hci_dev_lock_bh(hdev);
2268 update_eir(hdev);
2269 hci_dev_unlock_bh(hdev);
2270 hci_dev_put(hdev);
2271 }
2272
2273 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2274 sizeof(ev));
2275 if (err < 0)
2276 goto failed;
2277
2278 send_event:
2279 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2280 cmd ? cmd->sk : NULL);
2281
2282 failed:
2283 if (cmd)
2284 mgmt_pending_remove(cmd);
2285 return err;
2286 }
2287
2288 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2289 u8 status)
2290 {
2291 struct pending_cmd *cmd;
2292 int err;
2293
2294 BT_DBG("hci%u status %u", index, status);
2295
2296 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2297 if (!cmd)
2298 return -ENOENT;
2299
2300 if (status) {
2301 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2302 EIO);
2303 } else {
2304 struct mgmt_rp_read_local_oob_data rp;
2305
2306 memcpy(rp.hash, hash, sizeof(rp.hash));
2307 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2308
2309 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2310 &rp, sizeof(rp));
2311 }
2312
2313 mgmt_pending_remove(cmd);
2314
2315 return err;
2316 }
2317
2318 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2319 u8 *eir)
2320 {
2321 struct mgmt_ev_device_found ev;
2322
2323 memset(&ev, 0, sizeof(ev));
2324
2325 bacpy(&ev.bdaddr, bdaddr);
2326 ev.rssi = rssi;
2327
2328 if (eir)
2329 memcpy(ev.eir, eir, sizeof(ev.eir));
2330
2331 if (dev_class)
2332 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2333
2334 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2335 }
2336
2337 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2338 {
2339 struct mgmt_ev_remote_name ev;
2340
2341 memset(&ev, 0, sizeof(ev));
2342
2343 bacpy(&ev.bdaddr, bdaddr);
2344 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2345
2346 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2347 }
2348
2349 int mgmt_discovering(u16 index, u8 discovering)
2350 {
2351 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2352 sizeof(discovering), NULL);
2353 }
2354
2355 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2356 {
2357 struct pending_cmd *cmd;
2358 struct mgmt_ev_device_blocked ev;
2359
2360 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2361
2362 bacpy(&ev.bdaddr, bdaddr);
2363
2364 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2365 cmd ? cmd->sk : NULL);
2366 }
2367
2368 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2369 {
2370 struct pending_cmd *cmd;
2371 struct mgmt_ev_device_unblocked ev;
2372
2373 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2374
2375 bacpy(&ev.bdaddr, bdaddr);
2376
2377 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2378 cmd ? cmd->sk : NULL);
2379 }
Ubuntu Focal Linux kernel mirror