]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <linux/module.h>
27 #include <asm/unaligned.h>
28
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
32
33 #define MGMT_VERSION 0
34 #define MGMT_REVISION 1
35
36 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
37
38 struct pending_cmd {
39 struct list_head list;
40 u16 opcode;
41 int index;
42 void *param;
43 struct sock *sk;
44 void *user_data;
45 };
46
47 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
48 {
49 struct sk_buff *skb;
50 struct mgmt_hdr *hdr;
51 struct mgmt_ev_cmd_status *ev;
52 int err;
53
54 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55
56 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
57 if (!skb)
58 return -ENOMEM;
59
60 hdr = (void *) skb_put(skb, sizeof(*hdr));
61
62 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
63 hdr->index = cpu_to_le16(index);
64 hdr->len = cpu_to_le16(sizeof(*ev));
65
66 ev = (void *) skb_put(skb, sizeof(*ev));
67 ev->status = status;
68 put_unaligned_le16(cmd, &ev->opcode);
69
70 err = sock_queue_rcv_skb(sk, skb);
71 if (err < 0)
72 kfree_skb(skb);
73
74 return err;
75 }
76
77 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
78 size_t rp_len)
79 {
80 struct sk_buff *skb;
81 struct mgmt_hdr *hdr;
82 struct mgmt_ev_cmd_complete *ev;
83 int err;
84
85 BT_DBG("sock %p", sk);
86
87 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
88 if (!skb)
89 return -ENOMEM;
90
91 hdr = (void *) skb_put(skb, sizeof(*hdr));
92
93 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
94 hdr->index = cpu_to_le16(index);
95 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
96
97 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
98 put_unaligned_le16(cmd, &ev->opcode);
99
100 if (rp)
101 memcpy(ev->data, rp, rp_len);
102
103 err = sock_queue_rcv_skb(sk, skb);
104 if (err < 0)
105 kfree_skb(skb);
106
107 return err;;
108 }
109
110 static int read_version(struct sock *sk)
111 {
112 struct mgmt_rp_read_version rp;
113
114 BT_DBG("sock %p", sk);
115
116 rp.version = MGMT_VERSION;
117 put_unaligned_le16(MGMT_REVISION, &rp.revision);
118
119 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
120 sizeof(rp));
121 }
122
123 static int read_index_list(struct sock *sk)
124 {
125 struct mgmt_rp_read_index_list *rp;
126 struct list_head *p;
127 struct hci_dev *d;
128 size_t rp_len;
129 u16 count;
130 int i, err;
131
132 BT_DBG("sock %p", sk);
133
134 read_lock(&hci_dev_list_lock);
135
136 count = 0;
137 list_for_each(p, &hci_dev_list) {
138 count++;
139 }
140
141 rp_len = sizeof(*rp) + (2 * count);
142 rp = kmalloc(rp_len, GFP_ATOMIC);
143 if (!rp) {
144 read_unlock(&hci_dev_list_lock);
145 return -ENOMEM;
146 }
147
148 put_unaligned_le16(count, &rp->num_controllers);
149
150 i = 0;
151 list_for_each_entry(d, &hci_dev_list, list) {
152 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
153 cancel_delayed_work(&d->power_off);
154
155 if (test_bit(HCI_SETUP, &d->flags))
156 continue;
157
158 put_unaligned_le16(d->id, &rp->index[i++]);
159 BT_DBG("Added hci%u", d->id);
160 }
161
162 read_unlock(&hci_dev_list_lock);
163
164 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
165 rp_len);
166
167 kfree(rp);
168
169 return err;
170 }
171
172 static int read_controller_info(struct sock *sk, u16 index)
173 {
174 struct mgmt_rp_read_info rp;
175 struct hci_dev *hdev;
176
177 BT_DBG("sock %p hci%u", sk, index);
178
179 hdev = hci_dev_get(index);
180 if (!hdev)
181 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
182
183 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
184 cancel_delayed_work_sync(&hdev->power_off);
185
186 hci_dev_lock_bh(hdev);
187
188 set_bit(HCI_MGMT, &hdev->flags);
189
190 memset(&rp, 0, sizeof(rp));
191
192 rp.type = hdev->dev_type;
193
194 rp.powered = test_bit(HCI_UP, &hdev->flags);
195 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
196 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
197 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198
199 if (test_bit(HCI_AUTH, &hdev->flags))
200 rp.sec_mode = 3;
201 else if (hdev->ssp_mode > 0)
202 rp.sec_mode = 4;
203 else
204 rp.sec_mode = 2;
205
206 bacpy(&rp.bdaddr, &hdev->bdaddr);
207 memcpy(rp.features, hdev->features, 8);
208 memcpy(rp.dev_class, hdev->dev_class, 3);
209 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
210 rp.hci_ver = hdev->hci_ver;
211 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212
213 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214
215 hci_dev_unlock_bh(hdev);
216 hci_dev_put(hdev);
217
218 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
219 }
220
221 static void mgmt_pending_free(struct pending_cmd *cmd)
222 {
223 sock_put(cmd->sk);
224 kfree(cmd->param);
225 kfree(cmd);
226 }
227
228 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
229 struct hci_dev *hdev,
230 void *data, u16 len)
231 {
232 struct pending_cmd *cmd;
233
234 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
235 if (!cmd)
236 return NULL;
237
238 cmd->opcode = opcode;
239 cmd->index = hdev->id;
240
241 cmd->param = kmalloc(len, GFP_ATOMIC);
242 if (!cmd->param) {
243 kfree(cmd);
244 return NULL;
245 }
246
247 if (data)
248 memcpy(cmd->param, data, len);
249
250 cmd->sk = sk;
251 sock_hold(sk);
252
253 list_add(&cmd->list, &hdev->mgmt_pending);
254
255 return cmd;
256 }
257
258 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
259 void (*cb)(struct pending_cmd *cmd, void *data),
260 void *data)
261 {
262 struct list_head *p, *n;
263
264 list_for_each_safe(p, n, &hdev->mgmt_pending) {
265 struct pending_cmd *cmd;
266
267 cmd = list_entry(p, struct pending_cmd, list);
268
269 if (opcode > 0 && cmd->opcode != opcode)
270 continue;
271
272 cb(cmd, data);
273 }
274 }
275
276 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
277 {
278 struct pending_cmd *cmd;
279
280 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
281 if (cmd->opcode == opcode)
282 return cmd;
283 }
284
285 return NULL;
286 }
287
288 static void mgmt_pending_remove(struct pending_cmd *cmd)
289 {
290 list_del(&cmd->list);
291 mgmt_pending_free(cmd);
292 }
293
294 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
295 {
296 struct mgmt_mode *cp;
297 struct hci_dev *hdev;
298 struct pending_cmd *cmd;
299 int err, up;
300
301 cp = (void *) data;
302
303 BT_DBG("request for hci%u", index);
304
305 if (len != sizeof(*cp))
306 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
307
308 hdev = hci_dev_get(index);
309 if (!hdev)
310 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
311
312 hci_dev_lock_bh(hdev);
313
314 up = test_bit(HCI_UP, &hdev->flags);
315 if ((cp->val && up) || (!cp->val && !up)) {
316 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
317 goto failed;
318 }
319
320 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
321 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
322 goto failed;
323 }
324
325 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
326 if (!cmd) {
327 err = -ENOMEM;
328 goto failed;
329 }
330
331 if (cp->val)
332 queue_work(hdev->workqueue, &hdev->power_on);
333 else
334 queue_work(hdev->workqueue, &hdev->power_off.work);
335
336 err = 0;
337
338 failed:
339 hci_dev_unlock_bh(hdev);
340 hci_dev_put(hdev);
341 return err;
342 }
343
344 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
345 u16 len)
346 {
347 struct mgmt_cp_set_discoverable *cp;
348 struct hci_dev *hdev;
349 struct pending_cmd *cmd;
350 u8 scan;
351 int err;
352
353 cp = (void *) data;
354
355 BT_DBG("request for hci%u", index);
356
357 if (len != sizeof(*cp))
358 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
359
360 hdev = hci_dev_get(index);
361 if (!hdev)
362 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
363
364 hci_dev_lock_bh(hdev);
365
366 if (!test_bit(HCI_UP, &hdev->flags)) {
367 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
368 goto failed;
369 }
370
371 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
372 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
373 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
374 goto failed;
375 }
376
377 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
378 test_bit(HCI_PSCAN, &hdev->flags)) {
379 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
380 goto failed;
381 }
382
383 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
384 if (!cmd) {
385 err = -ENOMEM;
386 goto failed;
387 }
388
389 scan = SCAN_PAGE;
390
391 if (cp->val)
392 scan |= SCAN_INQUIRY;
393 else
394 cancel_delayed_work(&hdev->discov_off);
395
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 if (err < 0)
398 mgmt_pending_remove(cmd);
399
400 if (cp->val)
401 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
402
403 failed:
404 hci_dev_unlock_bh(hdev);
405 hci_dev_put(hdev);
406
407 return err;
408 }
409
410 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
411 u16 len)
412 {
413 struct mgmt_mode *cp;
414 struct hci_dev *hdev;
415 struct pending_cmd *cmd;
416 u8 scan;
417 int err;
418
419 cp = (void *) data;
420
421 BT_DBG("request for hci%u", index);
422
423 if (len != sizeof(*cp))
424 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
425
426 hdev = hci_dev_get(index);
427 if (!hdev)
428 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
429
430 hci_dev_lock_bh(hdev);
431
432 if (!test_bit(HCI_UP, &hdev->flags)) {
433 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
434 goto failed;
435 }
436
437 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
438 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
439 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
440 goto failed;
441 }
442
443 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
444 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
445 goto failed;
446 }
447
448 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
449 if (!cmd) {
450 err = -ENOMEM;
451 goto failed;
452 }
453
454 if (cp->val)
455 scan = SCAN_PAGE;
456 else
457 scan = 0;
458
459 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
460 if (err < 0)
461 mgmt_pending_remove(cmd);
462
463 failed:
464 hci_dev_unlock_bh(hdev);
465 hci_dev_put(hdev);
466
467 return err;
468 }
469
470 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
471 u16 data_len, struct sock *skip_sk)
472 {
473 struct sk_buff *skb;
474 struct mgmt_hdr *hdr;
475
476 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
477 if (!skb)
478 return -ENOMEM;
479
480 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
481
482 hdr = (void *) skb_put(skb, sizeof(*hdr));
483 hdr->opcode = cpu_to_le16(event);
484 if (hdev)
485 hdr->index = cpu_to_le16(hdev->id);
486 else
487 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
488 hdr->len = cpu_to_le16(data_len);
489
490 if (data)
491 memcpy(skb_put(skb, data_len), data, data_len);
492
493 hci_send_to_sock(NULL, skb, skip_sk);
494 kfree_skb(skb);
495
496 return 0;
497 }
498
499 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
500 {
501 struct mgmt_mode rp;
502
503 rp.val = val;
504
505 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
506 }
507
508 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
509 u16 len)
510 {
511 struct mgmt_mode *cp, ev;
512 struct hci_dev *hdev;
513 int err;
514
515 cp = (void *) data;
516
517 BT_DBG("request for hci%u", index);
518
519 if (len != sizeof(*cp))
520 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
521
522 hdev = hci_dev_get(index);
523 if (!hdev)
524 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
525
526 hci_dev_lock_bh(hdev);
527
528 if (cp->val)
529 set_bit(HCI_PAIRABLE, &hdev->flags);
530 else
531 clear_bit(HCI_PAIRABLE, &hdev->flags);
532
533 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
534 if (err < 0)
535 goto failed;
536
537 ev.val = cp->val;
538
539 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
540
541 failed:
542 hci_dev_unlock_bh(hdev);
543 hci_dev_put(hdev);
544
545 return err;
546 }
547
548 #define EIR_FLAGS 0x01 /* flags */
549 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
550 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
551 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
552 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
553 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
554 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
555 #define EIR_NAME_SHORT 0x08 /* shortened local name */
556 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
557 #define EIR_TX_POWER 0x0A /* transmit power level */
558 #define EIR_DEVICE_ID 0x10 /* device ID */
559
560 #define PNP_INFO_SVCLASS_ID 0x1200
561
562 static u8 bluetooth_base_uuid[] = {
563 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
564 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
565 };
566
567 static u16 get_uuid16(u8 *uuid128)
568 {
569 u32 val;
570 int i;
571
572 for (i = 0; i < 12; i++) {
573 if (bluetooth_base_uuid[i] != uuid128[i])
574 return 0;
575 }
576
577 memcpy(&val, &uuid128[12], 4);
578
579 val = le32_to_cpu(val);
580 if (val > 0xffff)
581 return 0;
582
583 return (u16) val;
584 }
585
586 static void create_eir(struct hci_dev *hdev, u8 *data)
587 {
588 u8 *ptr = data;
589 u16 eir_len = 0;
590 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
591 int i, truncated = 0;
592 struct bt_uuid *uuid;
593 size_t name_len;
594
595 name_len = strlen(hdev->dev_name);
596
597 if (name_len > 0) {
598 /* EIR Data type */
599 if (name_len > 48) {
600 name_len = 48;
601 ptr[1] = EIR_NAME_SHORT;
602 } else
603 ptr[1] = EIR_NAME_COMPLETE;
604
605 /* EIR Data length */
606 ptr[0] = name_len + 1;
607
608 memcpy(ptr + 2, hdev->dev_name, name_len);
609
610 eir_len += (name_len + 2);
611 ptr += (name_len + 2);
612 }
613
614 memset(uuid16_list, 0, sizeof(uuid16_list));
615
616 /* Group all UUID16 types */
617 list_for_each_entry(uuid, &hdev->uuids, list) {
618 u16 uuid16;
619
620 uuid16 = get_uuid16(uuid->uuid);
621 if (uuid16 == 0)
622 return;
623
624 if (uuid16 < 0x1100)
625 continue;
626
627 if (uuid16 == PNP_INFO_SVCLASS_ID)
628 continue;
629
630 /* Stop if not enough space to put next UUID */
631 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632 truncated = 1;
633 break;
634 }
635
636 /* Check for duplicates */
637 for (i = 0; uuid16_list[i] != 0; i++)
638 if (uuid16_list[i] == uuid16)
639 break;
640
641 if (uuid16_list[i] == 0) {
642 uuid16_list[i] = uuid16;
643 eir_len += sizeof(u16);
644 }
645 }
646
647 if (uuid16_list[0] != 0) {
648 u8 *length = ptr;
649
650 /* EIR Data type */
651 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652
653 ptr += 2;
654 eir_len += 2;
655
656 for (i = 0; uuid16_list[i] != 0; i++) {
657 *ptr++ = (uuid16_list[i] & 0x00ff);
658 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659 }
660
661 /* EIR Data length */
662 *length = (i * sizeof(u16)) + 1;
663 }
664 }
665
666 static int update_eir(struct hci_dev *hdev)
667 {
668 struct hci_cp_write_eir cp;
669
670 if (!(hdev->features[6] & LMP_EXT_INQ))
671 return 0;
672
673 if (hdev->ssp_mode == 0)
674 return 0;
675
676 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677 return 0;
678
679 memset(&cp, 0, sizeof(cp));
680
681 create_eir(hdev, cp.data);
682
683 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684 return 0;
685
686 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687
688 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689 }
690
691 static u8 get_service_classes(struct hci_dev *hdev)
692 {
693 struct bt_uuid *uuid;
694 u8 val = 0;
695
696 list_for_each_entry(uuid, &hdev->uuids, list)
697 val |= uuid->svc_hint;
698
699 return val;
700 }
701
702 static int update_class(struct hci_dev *hdev)
703 {
704 u8 cod[3];
705
706 BT_DBG("%s", hdev->name);
707
708 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
709 return 0;
710
711 cod[0] = hdev->minor_class;
712 cod[1] = hdev->major_class;
713 cod[2] = get_service_classes(hdev);
714
715 if (memcmp(cod, hdev->dev_class, 3) == 0)
716 return 0;
717
718 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
719 }
720
721 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
722 {
723 struct mgmt_cp_add_uuid *cp;
724 struct hci_dev *hdev;
725 struct bt_uuid *uuid;
726 int err;
727
728 cp = (void *) data;
729
730 BT_DBG("request for hci%u", index);
731
732 if (len != sizeof(*cp))
733 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
734
735 hdev = hci_dev_get(index);
736 if (!hdev)
737 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
738
739 hci_dev_lock_bh(hdev);
740
741 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
742 if (!uuid) {
743 err = -ENOMEM;
744 goto failed;
745 }
746
747 memcpy(uuid->uuid, cp->uuid, 16);
748 uuid->svc_hint = cp->svc_hint;
749
750 list_add(&uuid->list, &hdev->uuids);
751
752 err = update_class(hdev);
753 if (err < 0)
754 goto failed;
755
756 err = update_eir(hdev);
757 if (err < 0)
758 goto failed;
759
760 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
761
762 failed:
763 hci_dev_unlock_bh(hdev);
764 hci_dev_put(hdev);
765
766 return err;
767 }
768
769 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
770 {
771 struct list_head *p, *n;
772 struct mgmt_cp_remove_uuid *cp;
773 struct hci_dev *hdev;
774 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
775 int err, found;
776
777 cp = (void *) data;
778
779 BT_DBG("request for hci%u", index);
780
781 if (len != sizeof(*cp))
782 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
783
784 hdev = hci_dev_get(index);
785 if (!hdev)
786 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
787
788 hci_dev_lock_bh(hdev);
789
790 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
791 err = hci_uuids_clear(hdev);
792 goto unlock;
793 }
794
795 found = 0;
796
797 list_for_each_safe(p, n, &hdev->uuids) {
798 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
799
800 if (memcmp(match->uuid, cp->uuid, 16) != 0)
801 continue;
802
803 list_del(&match->list);
804 found++;
805 }
806
807 if (found == 0) {
808 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
809 goto unlock;
810 }
811
812 err = update_class(hdev);
813 if (err < 0)
814 goto unlock;
815
816 err = update_eir(hdev);
817 if (err < 0)
818 goto unlock;
819
820 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
821
822 unlock:
823 hci_dev_unlock_bh(hdev);
824 hci_dev_put(hdev);
825
826 return err;
827 }
828
829 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
830 u16 len)
831 {
832 struct hci_dev *hdev;
833 struct mgmt_cp_set_dev_class *cp;
834 int err;
835
836 cp = (void *) data;
837
838 BT_DBG("request for hci%u", index);
839
840 if (len != sizeof(*cp))
841 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
842
843 hdev = hci_dev_get(index);
844 if (!hdev)
845 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
846
847 hci_dev_lock_bh(hdev);
848
849 hdev->major_class = cp->major;
850 hdev->minor_class = cp->minor;
851
852 err = update_class(hdev);
853
854 if (err == 0)
855 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
856
857 hci_dev_unlock_bh(hdev);
858 hci_dev_put(hdev);
859
860 return err;
861 }
862
863 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
864 u16 len)
865 {
866 struct hci_dev *hdev;
867 struct mgmt_cp_set_service_cache *cp;
868 int err;
869
870 cp = (void *) data;
871
872 if (len != sizeof(*cp))
873 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
874
875 hdev = hci_dev_get(index);
876 if (!hdev)
877 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
878
879 hci_dev_lock_bh(hdev);
880
881 BT_DBG("hci%u enable %d", index, cp->enable);
882
883 if (cp->enable) {
884 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
885 err = 0;
886 } else {
887 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
888 err = update_class(hdev);
889 if (err == 0)
890 err = update_eir(hdev);
891 }
892
893 if (err == 0)
894 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
895 0);
896 else
897 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
898
899
900 hci_dev_unlock_bh(hdev);
901 hci_dev_put(hdev);
902
903 return err;
904 }
905
906 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
907 u16 len)
908 {
909 struct hci_dev *hdev;
910 struct mgmt_cp_load_link_keys *cp;
911 u16 key_count, expected_len;
912 int i;
913
914 cp = (void *) data;
915
916 if (len < sizeof(*cp))
917 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
918
919 key_count = get_unaligned_le16(&cp->key_count);
920
921 expected_len = sizeof(*cp) + key_count *
922 sizeof(struct mgmt_link_key_info);
923 if (expected_len != len) {
924 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
925 len, expected_len);
926 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
927 }
928
929 hdev = hci_dev_get(index);
930 if (!hdev)
931 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
932
933 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
934 key_count);
935
936 hci_dev_lock_bh(hdev);
937
938 hci_link_keys_clear(hdev);
939
940 set_bit(HCI_LINK_KEYS, &hdev->flags);
941
942 if (cp->debug_keys)
943 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
944 else
945 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
946
947 for (i = 0; i < key_count; i++) {
948 struct mgmt_link_key_info *key = &cp->keys[i];
949
950 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
951 key->pin_len);
952 }
953
954 hci_dev_unlock_bh(hdev);
955 hci_dev_put(hdev);
956
957 return 0;
958 }
959
960 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
961 u16 len)
962 {
963 struct hci_dev *hdev;
964 struct mgmt_cp_remove_keys *cp;
965 struct hci_conn *conn;
966 int err;
967
968 cp = (void *) data;
969
970 if (len != sizeof(*cp))
971 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
972
973 hdev = hci_dev_get(index);
974 if (!hdev)
975 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
976
977 hci_dev_lock_bh(hdev);
978
979 err = hci_remove_link_key(hdev, &cp->bdaddr);
980 if (err < 0) {
981 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
982 goto unlock;
983 }
984
985 err = 0;
986
987 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
988 goto unlock;
989
990 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
991 if (conn) {
992 struct hci_cp_disconnect dc;
993
994 put_unaligned_le16(conn->handle, &dc.handle);
995 dc.reason = 0x13; /* Remote User Terminated Connection */
996 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
997 }
998
999 unlock:
1000 hci_dev_unlock_bh(hdev);
1001 hci_dev_put(hdev);
1002
1003 return err;
1004 }
1005
1006 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1007 {
1008 struct hci_dev *hdev;
1009 struct mgmt_cp_disconnect *cp;
1010 struct hci_cp_disconnect dc;
1011 struct pending_cmd *cmd;
1012 struct hci_conn *conn;
1013 int err;
1014
1015 BT_DBG("");
1016
1017 cp = (void *) data;
1018
1019 if (len != sizeof(*cp))
1020 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1021
1022 hdev = hci_dev_get(index);
1023 if (!hdev)
1024 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1025
1026 hci_dev_lock_bh(hdev);
1027
1028 if (!test_bit(HCI_UP, &hdev->flags)) {
1029 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1030 goto failed;
1031 }
1032
1033 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1034 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1035 goto failed;
1036 }
1037
1038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1039 if (!conn)
1040 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1041
1042 if (!conn) {
1043 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1044 goto failed;
1045 }
1046
1047 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1048 if (!cmd) {
1049 err = -ENOMEM;
1050 goto failed;
1051 }
1052
1053 put_unaligned_le16(conn->handle, &dc.handle);
1054 dc.reason = 0x13; /* Remote User Terminated Connection */
1055
1056 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1057 if (err < 0)
1058 mgmt_pending_remove(cmd);
1059
1060 failed:
1061 hci_dev_unlock_bh(hdev);
1062 hci_dev_put(hdev);
1063
1064 return err;
1065 }
1066
1067 static u8 link_to_mgmt(u8 link_type)
1068 {
1069 switch (link_type) {
1070 case LE_LINK:
1071 return MGMT_ADDR_LE;
1072 case ACL_LINK:
1073 return MGMT_ADDR_BREDR;
1074 default:
1075 return MGMT_ADDR_INVALID;
1076 }
1077 }
1078
1079 static int get_connections(struct sock *sk, u16 index)
1080 {
1081 struct mgmt_rp_get_connections *rp;
1082 struct hci_dev *hdev;
1083 struct hci_conn *c;
1084 struct list_head *p;
1085 size_t rp_len;
1086 u16 count;
1087 int i, err;
1088
1089 BT_DBG("");
1090
1091 hdev = hci_dev_get(index);
1092 if (!hdev)
1093 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1094
1095 hci_dev_lock_bh(hdev);
1096
1097 count = 0;
1098 list_for_each(p, &hdev->conn_hash.list) {
1099 count++;
1100 }
1101
1102 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1103 rp = kmalloc(rp_len, GFP_ATOMIC);
1104 if (!rp) {
1105 err = -ENOMEM;
1106 goto unlock;
1107 }
1108
1109 put_unaligned_le16(count, &rp->conn_count);
1110
1111 i = 0;
1112 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1113 bacpy(&rp->addr[i].bdaddr, &c->dst);
1114 rp->addr[i].type = link_to_mgmt(c->type);
1115 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1116 continue;
1117 i++;
1118 }
1119
1120 /* Recalculate length in case of filtered SCO connections, etc */
1121 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1122
1123 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1124
1125 unlock:
1126 kfree(rp);
1127 hci_dev_unlock_bh(hdev);
1128 hci_dev_put(hdev);
1129 return err;
1130 }
1131
1132 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1133 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1134 {
1135 struct pending_cmd *cmd;
1136 int err;
1137
1138 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1139 sizeof(*cp));
1140 if (!cmd)
1141 return -ENOMEM;
1142
1143 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1144 &cp->bdaddr);
1145 if (err < 0)
1146 mgmt_pending_remove(cmd);
1147
1148 return err;
1149 }
1150
1151 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1152 u16 len)
1153 {
1154 struct hci_dev *hdev;
1155 struct hci_conn *conn;
1156 struct mgmt_cp_pin_code_reply *cp;
1157 struct mgmt_cp_pin_code_neg_reply ncp;
1158 struct hci_cp_pin_code_reply reply;
1159 struct pending_cmd *cmd;
1160 int err;
1161
1162 BT_DBG("");
1163
1164 cp = (void *) data;
1165
1166 if (len != sizeof(*cp))
1167 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1168
1169 hdev = hci_dev_get(index);
1170 if (!hdev)
1171 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1172
1173 hci_dev_lock_bh(hdev);
1174
1175 if (!test_bit(HCI_UP, &hdev->flags)) {
1176 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1177 goto failed;
1178 }
1179
1180 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1181 if (!conn) {
1182 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1183 goto failed;
1184 }
1185
1186 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1187 bacpy(&ncp.bdaddr, &cp->bdaddr);
1188
1189 BT_ERR("PIN code is not 16 bytes long");
1190
1191 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1192 if (err >= 0)
1193 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1194 EINVAL);
1195
1196 goto failed;
1197 }
1198
1199 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1200 if (!cmd) {
1201 err = -ENOMEM;
1202 goto failed;
1203 }
1204
1205 bacpy(&reply.bdaddr, &cp->bdaddr);
1206 reply.pin_len = cp->pin_len;
1207 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1208
1209 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1210 if (err < 0)
1211 mgmt_pending_remove(cmd);
1212
1213 failed:
1214 hci_dev_unlock_bh(hdev);
1215 hci_dev_put(hdev);
1216
1217 return err;
1218 }
1219
1220 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1221 u16 len)
1222 {
1223 struct hci_dev *hdev;
1224 struct mgmt_cp_pin_code_neg_reply *cp;
1225 int err;
1226
1227 BT_DBG("");
1228
1229 cp = (void *) data;
1230
1231 if (len != sizeof(*cp))
1232 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1233 EINVAL);
1234
1235 hdev = hci_dev_get(index);
1236 if (!hdev)
1237 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1238 ENODEV);
1239
1240 hci_dev_lock_bh(hdev);
1241
1242 if (!test_bit(HCI_UP, &hdev->flags)) {
1243 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1244 ENETDOWN);
1245 goto failed;
1246 }
1247
1248 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1249
1250 failed:
1251 hci_dev_unlock_bh(hdev);
1252 hci_dev_put(hdev);
1253
1254 return err;
1255 }
1256
1257 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1258 u16 len)
1259 {
1260 struct hci_dev *hdev;
1261 struct mgmt_cp_set_io_capability *cp;
1262
1263 BT_DBG("");
1264
1265 cp = (void *) data;
1266
1267 if (len != sizeof(*cp))
1268 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1269
1270 hdev = hci_dev_get(index);
1271 if (!hdev)
1272 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1273
1274 hci_dev_lock_bh(hdev);
1275
1276 hdev->io_capability = cp->io_capability;
1277
1278 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1279 hdev->io_capability);
1280
1281 hci_dev_unlock_bh(hdev);
1282 hci_dev_put(hdev);
1283
1284 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1285 }
1286
1287 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1288 {
1289 struct hci_dev *hdev = conn->hdev;
1290 struct pending_cmd *cmd;
1291
1292 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1293 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1294 continue;
1295
1296 if (cmd->user_data != conn)
1297 continue;
1298
1299 return cmd;
1300 }
1301
1302 return NULL;
1303 }
1304
1305 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1306 {
1307 struct mgmt_rp_pair_device rp;
1308 struct hci_conn *conn = cmd->user_data;
1309
1310 bacpy(&rp.bdaddr, &conn->dst);
1311 rp.status = status;
1312
1313 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1314
1315 /* So we don't get further callbacks for this connection */
1316 conn->connect_cfm_cb = NULL;
1317 conn->security_cfm_cb = NULL;
1318 conn->disconn_cfm_cb = NULL;
1319
1320 hci_conn_put(conn);
1321
1322 mgmt_pending_remove(cmd);
1323 }
1324
1325 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1326 {
1327 struct pending_cmd *cmd;
1328 struct hci_dev *hdev = conn->hdev;
1329
1330 BT_DBG("status %u", status);
1331
1332 hci_dev_lock_bh(hdev);
1333
1334 cmd = find_pairing(conn);
1335 if (!cmd)
1336 BT_DBG("Unable to find a pending command");
1337 else
1338 pairing_complete(cmd, status);
1339
1340 hci_dev_unlock_bh(hdev);
1341 }
1342
1343 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1344 {
1345 struct hci_dev *hdev;
1346 struct mgmt_cp_pair_device *cp;
1347 struct pending_cmd *cmd;
1348 struct adv_entry *entry;
1349 u8 sec_level, auth_type;
1350 struct hci_conn *conn;
1351 int err;
1352
1353 BT_DBG("");
1354
1355 cp = (void *) data;
1356
1357 if (len != sizeof(*cp))
1358 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1359
1360 hdev = hci_dev_get(index);
1361 if (!hdev)
1362 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1363
1364 hci_dev_lock_bh(hdev);
1365
1366 sec_level = BT_SECURITY_MEDIUM;
1367 if (cp->io_cap == 0x03)
1368 auth_type = HCI_AT_DEDICATED_BONDING;
1369 else
1370 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1371
1372 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1373 if (entry)
1374 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1375 auth_type);
1376 else
1377 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1378 auth_type);
1379
1380 if (IS_ERR(conn)) {
1381 err = PTR_ERR(conn);
1382 goto unlock;
1383 }
1384
1385 if (conn->connect_cfm_cb) {
1386 hci_conn_put(conn);
1387 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1388 goto unlock;
1389 }
1390
1391 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1392 if (!cmd) {
1393 err = -ENOMEM;
1394 hci_conn_put(conn);
1395 goto unlock;
1396 }
1397
1398 /* For LE, just connecting isn't a proof that the pairing finished */
1399 if (!entry)
1400 conn->connect_cfm_cb = pairing_complete_cb;
1401
1402 conn->security_cfm_cb = pairing_complete_cb;
1403 conn->disconn_cfm_cb = pairing_complete_cb;
1404 conn->io_capability = cp->io_cap;
1405 cmd->user_data = conn;
1406
1407 if (conn->state == BT_CONNECTED &&
1408 hci_conn_security(conn, sec_level, auth_type))
1409 pairing_complete(cmd, 0);
1410
1411 err = 0;
1412
1413 unlock:
1414 hci_dev_unlock_bh(hdev);
1415 hci_dev_put(hdev);
1416
1417 return err;
1418 }
1419
1420 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1421 u16 len, int success)
1422 {
1423 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1424 u16 mgmt_op, hci_op;
1425 struct pending_cmd *cmd;
1426 struct hci_dev *hdev;
1427 int err;
1428
1429 BT_DBG("");
1430
1431 if (success) {
1432 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1433 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1434 } else {
1435 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1436 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1437 }
1438
1439 if (len != sizeof(*cp))
1440 return cmd_status(sk, index, mgmt_op, EINVAL);
1441
1442 hdev = hci_dev_get(index);
1443 if (!hdev)
1444 return cmd_status(sk, index, mgmt_op, ENODEV);
1445
1446 hci_dev_lock_bh(hdev);
1447
1448 if (!test_bit(HCI_UP, &hdev->flags)) {
1449 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1450 goto failed;
1451 }
1452
1453 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
1454 if (!cmd) {
1455 err = -ENOMEM;
1456 goto failed;
1457 }
1458
1459 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1460 if (err < 0)
1461 mgmt_pending_remove(cmd);
1462
1463 failed:
1464 hci_dev_unlock_bh(hdev);
1465 hci_dev_put(hdev);
1466
1467 return err;
1468 }
1469
1470 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1471 u16 len)
1472 {
1473 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1474 struct hci_cp_write_local_name hci_cp;
1475 struct hci_dev *hdev;
1476 struct pending_cmd *cmd;
1477 int err;
1478
1479 BT_DBG("");
1480
1481 if (len != sizeof(*mgmt_cp))
1482 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1483
1484 hdev = hci_dev_get(index);
1485 if (!hdev)
1486 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1487
1488 hci_dev_lock_bh(hdev);
1489
1490 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1491 if (!cmd) {
1492 err = -ENOMEM;
1493 goto failed;
1494 }
1495
1496 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1497 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1498 &hci_cp);
1499 if (err < 0)
1500 mgmt_pending_remove(cmd);
1501
1502 failed:
1503 hci_dev_unlock_bh(hdev);
1504 hci_dev_put(hdev);
1505
1506 return err;
1507 }
1508
1509 static int read_local_oob_data(struct sock *sk, u16 index)
1510 {
1511 struct hci_dev *hdev;
1512 struct pending_cmd *cmd;
1513 int err;
1514
1515 BT_DBG("hci%u", index);
1516
1517 hdev = hci_dev_get(index);
1518 if (!hdev)
1519 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1520 ENODEV);
1521
1522 hci_dev_lock_bh(hdev);
1523
1524 if (!test_bit(HCI_UP, &hdev->flags)) {
1525 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1526 ENETDOWN);
1527 goto unlock;
1528 }
1529
1530 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1531 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1532 EOPNOTSUPP);
1533 goto unlock;
1534 }
1535
1536 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1537 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1538 goto unlock;
1539 }
1540
1541 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1542 if (!cmd) {
1543 err = -ENOMEM;
1544 goto unlock;
1545 }
1546
1547 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1548 if (err < 0)
1549 mgmt_pending_remove(cmd);
1550
1551 unlock:
1552 hci_dev_unlock_bh(hdev);
1553 hci_dev_put(hdev);
1554
1555 return err;
1556 }
1557
1558 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1559 u16 len)
1560 {
1561 struct hci_dev *hdev;
1562 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1563 int err;
1564
1565 BT_DBG("hci%u ", index);
1566
1567 if (len != sizeof(*cp))
1568 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1569 EINVAL);
1570
1571 hdev = hci_dev_get(index);
1572 if (!hdev)
1573 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1574 ENODEV);
1575
1576 hci_dev_lock_bh(hdev);
1577
1578 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1579 cp->randomizer);
1580 if (err < 0)
1581 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1582 else
1583 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1584 0);
1585
1586 hci_dev_unlock_bh(hdev);
1587 hci_dev_put(hdev);
1588
1589 return err;
1590 }
1591
1592 static int remove_remote_oob_data(struct sock *sk, u16 index,
1593 unsigned char *data, u16 len)
1594 {
1595 struct hci_dev *hdev;
1596 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1597 int err;
1598
1599 BT_DBG("hci%u ", index);
1600
1601 if (len != sizeof(*cp))
1602 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1603 EINVAL);
1604
1605 hdev = hci_dev_get(index);
1606 if (!hdev)
1607 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1608 ENODEV);
1609
1610 hci_dev_lock_bh(hdev);
1611
1612 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1613 if (err < 0)
1614 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1615 -err);
1616 else
1617 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1618 NULL, 0);
1619
1620 hci_dev_unlock_bh(hdev);
1621 hci_dev_put(hdev);
1622
1623 return err;
1624 }
1625
1626 static int start_discovery(struct sock *sk, u16 index)
1627 {
1628 struct pending_cmd *cmd;
1629 struct hci_dev *hdev;
1630 int err;
1631
1632 BT_DBG("hci%u", index);
1633
1634 hdev = hci_dev_get(index);
1635 if (!hdev)
1636 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1637
1638 hci_dev_lock_bh(hdev);
1639
1640 if (!test_bit(HCI_UP, &hdev->flags)) {
1641 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1642 goto failed;
1643 }
1644
1645 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1646 if (!cmd) {
1647 err = -ENOMEM;
1648 goto failed;
1649 }
1650
1651 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1652 if (err < 0)
1653 mgmt_pending_remove(cmd);
1654
1655 failed:
1656 hci_dev_unlock_bh(hdev);
1657 hci_dev_put(hdev);
1658
1659 return err;
1660 }
1661
1662 static int stop_discovery(struct sock *sk, u16 index)
1663 {
1664 struct hci_dev *hdev;
1665 struct pending_cmd *cmd;
1666 int err;
1667
1668 BT_DBG("hci%u", index);
1669
1670 hdev = hci_dev_get(index);
1671 if (!hdev)
1672 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1673
1674 hci_dev_lock_bh(hdev);
1675
1676 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1677 if (!cmd) {
1678 err = -ENOMEM;
1679 goto failed;
1680 }
1681
1682 err = hci_cancel_inquiry(hdev);
1683 if (err < 0)
1684 mgmt_pending_remove(cmd);
1685
1686 failed:
1687 hci_dev_unlock_bh(hdev);
1688 hci_dev_put(hdev);
1689
1690 return err;
1691 }
1692
1693 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1694 u16 len)
1695 {
1696 struct hci_dev *hdev;
1697 struct mgmt_cp_block_device *cp = (void *) data;
1698 int err;
1699
1700 BT_DBG("hci%u", index);
1701
1702 if (len != sizeof(*cp))
1703 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1704 EINVAL);
1705
1706 hdev = hci_dev_get(index);
1707 if (!hdev)
1708 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1709 ENODEV);
1710
1711 hci_dev_lock_bh(hdev);
1712
1713 err = hci_blacklist_add(hdev, &cp->bdaddr);
1714 if (err < 0)
1715 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1716 else
1717 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1718 NULL, 0);
1719
1720 hci_dev_unlock_bh(hdev);
1721 hci_dev_put(hdev);
1722
1723 return err;
1724 }
1725
1726 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1727 u16 len)
1728 {
1729 struct hci_dev *hdev;
1730 struct mgmt_cp_unblock_device *cp = (void *) data;
1731 int err;
1732
1733 BT_DBG("hci%u", index);
1734
1735 if (len != sizeof(*cp))
1736 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1737 EINVAL);
1738
1739 hdev = hci_dev_get(index);
1740 if (!hdev)
1741 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1742 ENODEV);
1743
1744 hci_dev_lock_bh(hdev);
1745
1746 err = hci_blacklist_del(hdev, &cp->bdaddr);
1747
1748 if (err < 0)
1749 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1750 else
1751 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1752 NULL, 0);
1753
1754 hci_dev_unlock_bh(hdev);
1755 hci_dev_put(hdev);
1756
1757 return err;
1758 }
1759
1760 static int set_fast_connectable(struct sock *sk, u16 index,
1761 unsigned char *data, u16 len)
1762 {
1763 struct hci_dev *hdev;
1764 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1765 struct hci_cp_write_page_scan_activity acp;
1766 u8 type;
1767 int err;
1768
1769 BT_DBG("hci%u", index);
1770
1771 if (len != sizeof(*cp))
1772 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1773 EINVAL);
1774
1775 hdev = hci_dev_get(index);
1776 if (!hdev)
1777 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1778 ENODEV);
1779
1780 hci_dev_lock(hdev);
1781
1782 if (cp->enable) {
1783 type = PAGE_SCAN_TYPE_INTERLACED;
1784 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1785 } else {
1786 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1787 acp.interval = 0x0800; /* default 1.28 sec page scan */
1788 }
1789
1790 acp.window = 0x0012; /* default 11.25 msec page scan window */
1791
1792 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1793 sizeof(acp), &acp);
1794 if (err < 0) {
1795 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1796 -err);
1797 goto done;
1798 }
1799
1800 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1801 if (err < 0) {
1802 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1803 -err);
1804 goto done;
1805 }
1806
1807 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1808 NULL, 0);
1809 done:
1810 hci_dev_unlock(hdev);
1811 hci_dev_put(hdev);
1812
1813 return err;
1814 }
1815
1816 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1817 {
1818 unsigned char *buf;
1819 struct mgmt_hdr *hdr;
1820 u16 opcode, index, len;
1821 int err;
1822
1823 BT_DBG("got %zu bytes", msglen);
1824
1825 if (msglen < sizeof(*hdr))
1826 return -EINVAL;
1827
1828 buf = kmalloc(msglen, GFP_KERNEL);
1829 if (!buf)
1830 return -ENOMEM;
1831
1832 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1833 err = -EFAULT;
1834 goto done;
1835 }
1836
1837 hdr = (struct mgmt_hdr *) buf;
1838 opcode = get_unaligned_le16(&hdr->opcode);
1839 index = get_unaligned_le16(&hdr->index);
1840 len = get_unaligned_le16(&hdr->len);
1841
1842 if (len != msglen - sizeof(*hdr)) {
1843 err = -EINVAL;
1844 goto done;
1845 }
1846
1847 switch (opcode) {
1848 case MGMT_OP_READ_VERSION:
1849 err = read_version(sk);
1850 break;
1851 case MGMT_OP_READ_INDEX_LIST:
1852 err = read_index_list(sk);
1853 break;
1854 case MGMT_OP_READ_INFO:
1855 err = read_controller_info(sk, index);
1856 break;
1857 case MGMT_OP_SET_POWERED:
1858 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1859 break;
1860 case MGMT_OP_SET_DISCOVERABLE:
1861 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1862 break;
1863 case MGMT_OP_SET_CONNECTABLE:
1864 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1865 break;
1866 case MGMT_OP_SET_PAIRABLE:
1867 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1868 break;
1869 case MGMT_OP_ADD_UUID:
1870 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1871 break;
1872 case MGMT_OP_REMOVE_UUID:
1873 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1874 break;
1875 case MGMT_OP_SET_DEV_CLASS:
1876 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1877 break;
1878 case MGMT_OP_SET_SERVICE_CACHE:
1879 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1880 break;
1881 case MGMT_OP_LOAD_LINK_KEYS:
1882 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
1883 break;
1884 case MGMT_OP_REMOVE_KEYS:
1885 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
1886 break;
1887 case MGMT_OP_DISCONNECT:
1888 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1889 break;
1890 case MGMT_OP_GET_CONNECTIONS:
1891 err = get_connections(sk, index);
1892 break;
1893 case MGMT_OP_PIN_CODE_REPLY:
1894 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1895 break;
1896 case MGMT_OP_PIN_CODE_NEG_REPLY:
1897 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1898 break;
1899 case MGMT_OP_SET_IO_CAPABILITY:
1900 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1901 break;
1902 case MGMT_OP_PAIR_DEVICE:
1903 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1904 break;
1905 case MGMT_OP_USER_CONFIRM_REPLY:
1906 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1907 break;
1908 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1909 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1910 break;
1911 case MGMT_OP_SET_LOCAL_NAME:
1912 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1913 break;
1914 case MGMT_OP_READ_LOCAL_OOB_DATA:
1915 err = read_local_oob_data(sk, index);
1916 break;
1917 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1918 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1919 break;
1920 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1921 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1922 len);
1923 break;
1924 case MGMT_OP_START_DISCOVERY:
1925 err = start_discovery(sk, index);
1926 break;
1927 case MGMT_OP_STOP_DISCOVERY:
1928 err = stop_discovery(sk, index);
1929 break;
1930 case MGMT_OP_BLOCK_DEVICE:
1931 err = block_device(sk, index, buf + sizeof(*hdr), len);
1932 break;
1933 case MGMT_OP_UNBLOCK_DEVICE:
1934 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1935 break;
1936 case MGMT_OP_SET_FAST_CONNECTABLE:
1937 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1938 len);
1939 break;
1940 default:
1941 BT_DBG("Unknown op %u", opcode);
1942 err = cmd_status(sk, index, opcode, 0x01);
1943 break;
1944 }
1945
1946 if (err < 0)
1947 goto done;
1948
1949 err = msglen;
1950
1951 done:
1952 kfree(buf);
1953 return err;
1954 }
1955
1956 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1957 {
1958 u8 *status = data;
1959
1960 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1961 mgmt_pending_remove(cmd);
1962 }
1963
1964 int mgmt_index_added(struct hci_dev *hdev)
1965 {
1966 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
1967 }
1968
1969 int mgmt_index_removed(struct hci_dev *hdev)
1970 {
1971 u8 status = ENODEV;
1972
1973 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
1974
1975 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
1976 }
1977
1978 struct cmd_lookup {
1979 u8 val;
1980 struct sock *sk;
1981 };
1982
1983 static void mode_rsp(struct pending_cmd *cmd, void *data)
1984 {
1985 struct mgmt_mode *cp = cmd->param;
1986 struct cmd_lookup *match = data;
1987
1988 if (cp->val != match->val)
1989 return;
1990
1991 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1992
1993 list_del(&cmd->list);
1994
1995 if (match->sk == NULL) {
1996 match->sk = cmd->sk;
1997 sock_hold(match->sk);
1998 }
1999
2000 mgmt_pending_free(cmd);
2001 }
2002
2003 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2004 {
2005 struct mgmt_mode ev;
2006 struct cmd_lookup match = { powered, NULL };
2007 int ret;
2008
2009 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
2010
2011 if (!powered) {
2012 u8 status = ENETDOWN;
2013 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2014 }
2015
2016 ev.val = powered;
2017
2018 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
2019
2020 if (match.sk)
2021 sock_put(match.sk);
2022
2023 return ret;
2024 }
2025
2026 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2027 {
2028 struct mgmt_mode ev;
2029 struct cmd_lookup match = { discoverable, NULL };
2030 int ret;
2031
2032 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
2033
2034 ev.val = discoverable;
2035
2036 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
2037 match.sk);
2038
2039 if (match.sk)
2040 sock_put(match.sk);
2041
2042 return ret;
2043 }
2044
2045 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2046 {
2047 struct mgmt_mode ev;
2048 struct cmd_lookup match = { connectable, NULL };
2049 int ret;
2050
2051 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
2052
2053 ev.val = connectable;
2054
2055 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
2056
2057 if (match.sk)
2058 sock_put(match.sk);
2059
2060 return ret;
2061 }
2062
2063 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2064 {
2065 if (scan & SCAN_PAGE)
2066 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2067 cmd_status_rsp, &status);
2068
2069 if (scan & SCAN_INQUIRY)
2070 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2071 cmd_status_rsp, &status);
2072
2073 return 0;
2074 }
2075
2076 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2077 u8 persistent)
2078 {
2079 struct mgmt_ev_new_link_key ev;
2080
2081 memset(&ev, 0, sizeof(ev));
2082
2083 ev.store_hint = persistent;
2084 bacpy(&ev.key.bdaddr, &key->bdaddr);
2085 ev.key.type = key->type;
2086 memcpy(ev.key.val, key->val, 16);
2087 ev.key.pin_len = key->pin_len;
2088
2089 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2090 }
2091
2092 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type)
2093 {
2094 struct mgmt_addr_info ev;
2095
2096 bacpy(&ev.bdaddr, bdaddr);
2097 ev.type = link_to_mgmt(link_type);
2098
2099 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2100 }
2101
2102 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2103 {
2104 struct mgmt_cp_disconnect *cp = cmd->param;
2105 struct sock **sk = data;
2106 struct mgmt_rp_disconnect rp;
2107
2108 bacpy(&rp.bdaddr, &cp->bdaddr);
2109
2110 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2111
2112 *sk = cmd->sk;
2113 sock_hold(*sk);
2114
2115 mgmt_pending_remove(cmd);
2116 }
2117
2118 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
2119 {
2120 struct mgmt_addr_info ev;
2121 struct sock *sk = NULL;
2122 int err;
2123
2124 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2125
2126 bacpy(&ev.bdaddr, bdaddr);
2127 ev.type = link_to_mgmt(type);
2128
2129 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2130
2131 if (sk)
2132 sock_put(sk);
2133
2134 return err;
2135 }
2136
2137 int mgmt_disconnect_failed(struct hci_dev *hdev)
2138 {
2139 struct pending_cmd *cmd;
2140 int err;
2141
2142 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2143 if (!cmd)
2144 return -ENOENT;
2145
2146 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
2147
2148 mgmt_pending_remove(cmd);
2149
2150 return err;
2151 }
2152
2153 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2154 u8 status)
2155 {
2156 struct mgmt_ev_connect_failed ev;
2157
2158 bacpy(&ev.addr.bdaddr, bdaddr);
2159 ev.addr.type = link_to_mgmt(type);
2160 ev.status = status;
2161
2162 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2163 }
2164
2165 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2166 {
2167 struct mgmt_ev_pin_code_request ev;
2168
2169 bacpy(&ev.bdaddr, bdaddr);
2170 ev.secure = secure;
2171
2172 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2173 NULL);
2174 }
2175
2176 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2177 u8 status)
2178 {
2179 struct pending_cmd *cmd;
2180 struct mgmt_rp_pin_code_reply rp;
2181 int err;
2182
2183 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2184 if (!cmd)
2185 return -ENOENT;
2186
2187 bacpy(&rp.bdaddr, bdaddr);
2188 rp.status = status;
2189
2190 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2191 sizeof(rp));
2192
2193 mgmt_pending_remove(cmd);
2194
2195 return err;
2196 }
2197
2198 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2199 u8 status)
2200 {
2201 struct pending_cmd *cmd;
2202 struct mgmt_rp_pin_code_reply rp;
2203 int err;
2204
2205 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2206 if (!cmd)
2207 return -ENOENT;
2208
2209 bacpy(&rp.bdaddr, bdaddr);
2210 rp.status = status;
2211
2212 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2213 sizeof(rp));
2214
2215 mgmt_pending_remove(cmd);
2216
2217 return err;
2218 }
2219
2220 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2221 __le32 value, u8 confirm_hint)
2222 {
2223 struct mgmt_ev_user_confirm_request ev;
2224
2225 BT_DBG("%s", hdev->name);
2226
2227 bacpy(&ev.bdaddr, bdaddr);
2228 ev.confirm_hint = confirm_hint;
2229 put_unaligned_le32(value, &ev.value);
2230
2231 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2232 NULL);
2233 }
2234
2235 static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2236 u8 status, u8 opcode)
2237 {
2238 struct pending_cmd *cmd;
2239 struct mgmt_rp_user_confirm_reply rp;
2240 int err;
2241
2242 cmd = mgmt_pending_find(opcode, hdev);
2243 if (!cmd)
2244 return -ENOENT;
2245
2246 bacpy(&rp.bdaddr, bdaddr);
2247 rp.status = status;
2248 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2249
2250 mgmt_pending_remove(cmd);
2251
2252 return err;
2253 }
2254
2255 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2256 u8 status)
2257 {
2258 return confirm_reply_complete(hdev, bdaddr, status,
2259 MGMT_OP_USER_CONFIRM_REPLY);
2260 }
2261
2262 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2263 bdaddr_t *bdaddr, u8 status)
2264 {
2265 return confirm_reply_complete(hdev, bdaddr, status,
2266 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2267 }
2268
2269 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2270 {
2271 struct mgmt_ev_auth_failed ev;
2272
2273 bacpy(&ev.bdaddr, bdaddr);
2274 ev.status = status;
2275
2276 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2277 }
2278
2279 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2280 {
2281 struct pending_cmd *cmd;
2282 struct mgmt_cp_set_local_name ev;
2283 int err;
2284
2285 memset(&ev, 0, sizeof(ev));
2286 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2287
2288 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2289 if (!cmd)
2290 goto send_event;
2291
2292 if (status) {
2293 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2294 EIO);
2295 goto failed;
2296 }
2297
2298 update_eir(hdev);
2299
2300 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2301 sizeof(ev));
2302 if (err < 0)
2303 goto failed;
2304
2305 send_event:
2306 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2307 cmd ? cmd->sk : NULL);
2308
2309 failed:
2310 if (cmd)
2311 mgmt_pending_remove(cmd);
2312 return err;
2313 }
2314
2315 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2316 u8 *randomizer, u8 status)
2317 {
2318 struct pending_cmd *cmd;
2319 int err;
2320
2321 BT_DBG("%s status %u", hdev->name, status);
2322
2323 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2324 if (!cmd)
2325 return -ENOENT;
2326
2327 if (status) {
2328 err = cmd_status(cmd->sk, hdev->id,
2329 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
2330 } else {
2331 struct mgmt_rp_read_local_oob_data rp;
2332
2333 memcpy(rp.hash, hash, sizeof(rp.hash));
2334 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2335
2336 err = cmd_complete(cmd->sk, hdev->id,
2337 MGMT_OP_READ_LOCAL_OOB_DATA,
2338 &rp, sizeof(rp));
2339 }
2340
2341 mgmt_pending_remove(cmd);
2342
2343 return err;
2344 }
2345
2346 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2347 u8 *dev_class, s8 rssi, u8 *eir)
2348 {
2349 struct mgmt_ev_device_found ev;
2350
2351 memset(&ev, 0, sizeof(ev));
2352
2353 bacpy(&ev.addr.bdaddr, bdaddr);
2354 ev.addr.type = link_to_mgmt(type);
2355 ev.rssi = rssi;
2356
2357 if (eir)
2358 memcpy(ev.eir, eir, sizeof(ev.eir));
2359
2360 if (dev_class)
2361 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2362
2363 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2364 }
2365
2366 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2367 {
2368 struct mgmt_ev_remote_name ev;
2369
2370 memset(&ev, 0, sizeof(ev));
2371
2372 bacpy(&ev.bdaddr, bdaddr);
2373 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2374
2375 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2376 }
2377
2378 int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
2379 {
2380 struct pending_cmd *cmd;
2381 int err;
2382
2383 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2384 if (!cmd)
2385 return -ENOENT;
2386
2387 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2388 mgmt_pending_remove(cmd);
2389
2390 return err;
2391 }
2392
2393 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2394 {
2395 struct pending_cmd *cmd;
2396
2397 if (discovering)
2398 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2399 else
2400 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2401
2402 if (cmd != NULL) {
2403 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2404 mgmt_pending_remove(cmd);
2405 }
2406
2407 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2408 sizeof(discovering), NULL);
2409 }
2410
2411 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2412 {
2413 struct pending_cmd *cmd;
2414 struct mgmt_ev_device_blocked ev;
2415
2416 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2417
2418 bacpy(&ev.bdaddr, bdaddr);
2419
2420 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2421 cmd ? cmd->sk : NULL);
2422 }
2423
2424 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2425 {
2426 struct pending_cmd *cmd;
2427 struct mgmt_ev_device_unblocked ev;
2428
2429 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2430
2431 bacpy(&ev.bdaddr, bdaddr);
2432
2433 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2434 cmd ? cmd->sk : NULL);
2435 }
Ubuntu Artful kernel mirror