projects / deliverable / linux.git / blob
? search:


b7e7fdfaee380c31dc54b2e3a4965ed159d82bd8
[deliverable/linux.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
37
38 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
39
40 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
41
42 struct pending_cmd {
43 struct list_head list;
44 u16 opcode;
45 int index;
46 void *param;
47 struct sock *sk;
48 void *user_data;
49 };
50
51 /* HCI to MGMT error code conversion table */
52 static u8 mgmt_status_table[] = {
53 MGMT_STATUS_SUCCESS,
54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
56 MGMT_STATUS_FAILED, /* Hardware Failure */
57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
65 MGMT_STATUS_BUSY, /* Command Disallowed */
66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
67 MGMT_STATUS_REJECTED, /* Rejected Security */
68 MGMT_STATUS_REJECTED, /* Rejected Personal */
69 MGMT_STATUS_TIMEOUT, /* Host Timeout */
70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
76 MGMT_STATUS_BUSY, /* Repeated Attempts */
77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
84 MGMT_STATUS_FAILED, /* Unspecified Error */
85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
91 MGMT_STATUS_FAILED, /* Unit Link Key Used */
92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
93 MGMT_STATUS_TIMEOUT, /* Instant Passed */
94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
95 MGMT_STATUS_FAILED, /* Transaction Collision */
96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
97 MGMT_STATUS_REJECTED, /* QoS Rejected */
98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
99 MGMT_STATUS_REJECTED, /* Insufficient Security */
100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
101 MGMT_STATUS_BUSY, /* Role Switch Pending */
102 MGMT_STATUS_FAILED, /* Slot Violation */
103 MGMT_STATUS_FAILED, /* Role Switch Failed */
104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
106 MGMT_STATUS_BUSY, /* Host Busy Pairing */
107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
108 MGMT_STATUS_BUSY, /* Controller Busy */
109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
114 };
115
116 static u8 mgmt_status(u8 hci_status)
117 {
118 if (hci_status < ARRAY_SIZE(mgmt_status_table))
119 return mgmt_status_table[hci_status];
120
121 return MGMT_STATUS_FAILED;
122 }
123
124 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
125 {
126 struct sk_buff *skb;
127 struct mgmt_hdr *hdr;
128 struct mgmt_ev_cmd_status *ev;
129 int err;
130
131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
132
133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
134 if (!skb)
135 return -ENOMEM;
136
137 hdr = (void *) skb_put(skb, sizeof(*hdr));
138
139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
140 hdr->index = cpu_to_le16(index);
141 hdr->len = cpu_to_le16(sizeof(*ev));
142
143 ev = (void *) skb_put(skb, sizeof(*ev));
144 ev->status = status;
145 put_unaligned_le16(cmd, &ev->opcode);
146
147 err = sock_queue_rcv_skb(sk, skb);
148 if (err < 0)
149 kfree_skb(skb);
150
151 return err;
152 }
153
154 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
155 size_t rp_len)
156 {
157 struct sk_buff *skb;
158 struct mgmt_hdr *hdr;
159 struct mgmt_ev_cmd_complete *ev;
160 int err;
161
162 BT_DBG("sock %p", sk);
163
164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
165 if (!skb)
166 return -ENOMEM;
167
168 hdr = (void *) skb_put(skb, sizeof(*hdr));
169
170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
171 hdr->index = cpu_to_le16(index);
172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
173
174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175 put_unaligned_le16(cmd, &ev->opcode);
176
177 if (rp)
178 memcpy(ev->data, rp, rp_len);
179
180 err = sock_queue_rcv_skb(sk, skb);
181 if (err < 0)
182 kfree_skb(skb);
183
184 return err;;
185 }
186
187 static int read_version(struct sock *sk)
188 {
189 struct mgmt_rp_read_version rp;
190
191 BT_DBG("sock %p", sk);
192
193 rp.version = MGMT_VERSION;
194 put_unaligned_le16(MGMT_REVISION, &rp.revision);
195
196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
197 sizeof(rp));
198 }
199
200 static int read_index_list(struct sock *sk)
201 {
202 struct mgmt_rp_read_index_list *rp;
203 struct list_head *p;
204 struct hci_dev *d;
205 size_t rp_len;
206 u16 count;
207 int i, err;
208
209 BT_DBG("sock %p", sk);
210
211 read_lock(&hci_dev_list_lock);
212
213 count = 0;
214 list_for_each(p, &hci_dev_list) {
215 count++;
216 }
217
218 rp_len = sizeof(*rp) + (2 * count);
219 rp = kmalloc(rp_len, GFP_ATOMIC);
220 if (!rp) {
221 read_unlock(&hci_dev_list_lock);
222 return -ENOMEM;
223 }
224
225 put_unaligned_le16(count, &rp->num_controllers);
226
227 i = 0;
228 list_for_each_entry(d, &hci_dev_list, list) {
229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
230 cancel_delayed_work(&d->power_off);
231
232 if (test_bit(HCI_SETUP, &d->dev_flags))
233 continue;
234
235 put_unaligned_le16(d->id, &rp->index[i++]);
236 BT_DBG("Added hci%u", d->id);
237 }
238
239 read_unlock(&hci_dev_list_lock);
240
241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
242 rp_len);
243
244 kfree(rp);
245
246 return err;
247 }
248
249 static u32 get_supported_settings(struct hci_dev *hdev)
250 {
251 u32 settings = 0;
252
253 settings |= MGMT_SETTING_POWERED;
254 settings |= MGMT_SETTING_CONNECTABLE;
255 settings |= MGMT_SETTING_FAST_CONNECTABLE;
256 settings |= MGMT_SETTING_DISCOVERABLE;
257 settings |= MGMT_SETTING_PAIRABLE;
258
259 if (hdev->features[6] & LMP_SIMPLE_PAIR)
260 settings |= MGMT_SETTING_SSP;
261
262 if (!(hdev->features[4] & LMP_NO_BREDR)) {
263 settings |= MGMT_SETTING_BREDR;
264 settings |= MGMT_SETTING_LINK_SECURITY;
265 }
266
267 if (hdev->features[4] & LMP_LE)
268 settings |= MGMT_SETTING_LE;
269
270 return settings;
271 }
272
273 static u32 get_current_settings(struct hci_dev *hdev)
274 {
275 u32 settings = 0;
276
277 if (test_bit(HCI_UP, &hdev->flags))
278 settings |= MGMT_SETTING_POWERED;
279 else
280 return settings;
281
282 if (test_bit(HCI_PSCAN, &hdev->flags))
283 settings |= MGMT_SETTING_CONNECTABLE;
284
285 if (test_bit(HCI_ISCAN, &hdev->flags))
286 settings |= MGMT_SETTING_DISCOVERABLE;
287
288 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
289 settings |= MGMT_SETTING_PAIRABLE;
290
291 if (!(hdev->features[4] & LMP_NO_BREDR))
292 settings |= MGMT_SETTING_BREDR;
293
294 if (hdev->host_features[0] & LMP_HOST_LE)
295 settings |= MGMT_SETTING_LE;
296
297 if (test_bit(HCI_AUTH, &hdev->flags))
298 settings |= MGMT_SETTING_LINK_SECURITY;
299
300 if (hdev->ssp_mode > 0)
301 settings |= MGMT_SETTING_SSP;
302
303 return settings;
304 }
305
306 #define PNP_INFO_SVCLASS_ID 0x1200
307
308 static u8 bluetooth_base_uuid[] = {
309 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
310 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
311 };
312
313 static u16 get_uuid16(u8 *uuid128)
314 {
315 u32 val;
316 int i;
317
318 for (i = 0; i < 12; i++) {
319 if (bluetooth_base_uuid[i] != uuid128[i])
320 return 0;
321 }
322
323 memcpy(&val, &uuid128[12], 4);
324
325 val = le32_to_cpu(val);
326 if (val > 0xffff)
327 return 0;
328
329 return (u16) val;
330 }
331
332 static void create_eir(struct hci_dev *hdev, u8 *data)
333 {
334 u8 *ptr = data;
335 u16 eir_len = 0;
336 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
337 int i, truncated = 0;
338 struct bt_uuid *uuid;
339 size_t name_len;
340
341 name_len = strlen(hdev->dev_name);
342
343 if (name_len > 0) {
344 /* EIR Data type */
345 if (name_len > 48) {
346 name_len = 48;
347 ptr[1] = EIR_NAME_SHORT;
348 } else
349 ptr[1] = EIR_NAME_COMPLETE;
350
351 /* EIR Data length */
352 ptr[0] = name_len + 1;
353
354 memcpy(ptr + 2, hdev->dev_name, name_len);
355
356 eir_len += (name_len + 2);
357 ptr += (name_len + 2);
358 }
359
360 memset(uuid16_list, 0, sizeof(uuid16_list));
361
362 /* Group all UUID16 types */
363 list_for_each_entry(uuid, &hdev->uuids, list) {
364 u16 uuid16;
365
366 uuid16 = get_uuid16(uuid->uuid);
367 if (uuid16 == 0)
368 return;
369
370 if (uuid16 < 0x1100)
371 continue;
372
373 if (uuid16 == PNP_INFO_SVCLASS_ID)
374 continue;
375
376 /* Stop if not enough space to put next UUID */
377 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
378 truncated = 1;
379 break;
380 }
381
382 /* Check for duplicates */
383 for (i = 0; uuid16_list[i] != 0; i++)
384 if (uuid16_list[i] == uuid16)
385 break;
386
387 if (uuid16_list[i] == 0) {
388 uuid16_list[i] = uuid16;
389 eir_len += sizeof(u16);
390 }
391 }
392
393 if (uuid16_list[0] != 0) {
394 u8 *length = ptr;
395
396 /* EIR Data type */
397 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
398
399 ptr += 2;
400 eir_len += 2;
401
402 for (i = 0; uuid16_list[i] != 0; i++) {
403 *ptr++ = (uuid16_list[i] & 0x00ff);
404 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
405 }
406
407 /* EIR Data length */
408 *length = (i * sizeof(u16)) + 1;
409 }
410 }
411
412 static int update_eir(struct hci_dev *hdev)
413 {
414 struct hci_cp_write_eir cp;
415
416 if (!(hdev->features[6] & LMP_EXT_INQ))
417 return 0;
418
419 if (hdev->ssp_mode == 0)
420 return 0;
421
422 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
423 return 0;
424
425 memset(&cp, 0, sizeof(cp));
426
427 create_eir(hdev, cp.data);
428
429 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
430 return 0;
431
432 memcpy(hdev->eir, cp.data, sizeof(cp.data));
433
434 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
435 }
436
437 static u8 get_service_classes(struct hci_dev *hdev)
438 {
439 struct bt_uuid *uuid;
440 u8 val = 0;
441
442 list_for_each_entry(uuid, &hdev->uuids, list)
443 val |= uuid->svc_hint;
444
445 return val;
446 }
447
448 static int update_class(struct hci_dev *hdev)
449 {
450 u8 cod[3];
451
452 BT_DBG("%s", hdev->name);
453
454 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
455 return 0;
456
457 cod[0] = hdev->minor_class;
458 cod[1] = hdev->major_class;
459 cod[2] = get_service_classes(hdev);
460
461 if (memcmp(cod, hdev->dev_class, 3) == 0)
462 return 0;
463
464 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
465 }
466
467 static void service_cache_off(struct work_struct *work)
468 {
469 struct hci_dev *hdev = container_of(work, struct hci_dev,
470 service_cache.work);
471
472 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
473 return;
474
475 hci_dev_lock(hdev);
476
477 update_eir(hdev);
478 update_class(hdev);
479
480 hci_dev_unlock(hdev);
481 }
482
483 static void mgmt_init_hdev(struct hci_dev *hdev)
484 {
485 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
486 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
487
488 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
489 schedule_delayed_work(&hdev->service_cache,
490 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
491 }
492
493 static int read_controller_info(struct sock *sk, u16 index)
494 {
495 struct mgmt_rp_read_info rp;
496 struct hci_dev *hdev;
497
498 BT_DBG("sock %p hci%u", sk, index);
499
500 hdev = hci_dev_get(index);
501 if (!hdev)
502 return cmd_status(sk, index, MGMT_OP_READ_INFO,
503 MGMT_STATUS_INVALID_PARAMS);
504
505 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
506 cancel_delayed_work_sync(&hdev->power_off);
507
508 hci_dev_lock(hdev);
509
510 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
511 mgmt_init_hdev(hdev);
512
513 memset(&rp, 0, sizeof(rp));
514
515 bacpy(&rp.bdaddr, &hdev->bdaddr);
516
517 rp.version = hdev->hci_ver;
518
519 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
520
521 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
522 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
523
524 memcpy(rp.dev_class, hdev->dev_class, 3);
525
526 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
527
528 hci_dev_unlock(hdev);
529 hci_dev_put(hdev);
530
531 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
532 }
533
534 static void mgmt_pending_free(struct pending_cmd *cmd)
535 {
536 sock_put(cmd->sk);
537 kfree(cmd->param);
538 kfree(cmd);
539 }
540
541 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
542 struct hci_dev *hdev,
543 void *data, u16 len)
544 {
545 struct pending_cmd *cmd;
546
547 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
548 if (!cmd)
549 return NULL;
550
551 cmd->opcode = opcode;
552 cmd->index = hdev->id;
553
554 cmd->param = kmalloc(len, GFP_ATOMIC);
555 if (!cmd->param) {
556 kfree(cmd);
557 return NULL;
558 }
559
560 if (data)
561 memcpy(cmd->param, data, len);
562
563 cmd->sk = sk;
564 sock_hold(sk);
565
566 list_add(&cmd->list, &hdev->mgmt_pending);
567
568 return cmd;
569 }
570
571 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
572 void (*cb)(struct pending_cmd *cmd, void *data),
573 void *data)
574 {
575 struct list_head *p, *n;
576
577 list_for_each_safe(p, n, &hdev->mgmt_pending) {
578 struct pending_cmd *cmd;
579
580 cmd = list_entry(p, struct pending_cmd, list);
581
582 if (opcode > 0 && cmd->opcode != opcode)
583 continue;
584
585 cb(cmd, data);
586 }
587 }
588
589 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
590 {
591 struct pending_cmd *cmd;
592
593 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
594 if (cmd->opcode == opcode)
595 return cmd;
596 }
597
598 return NULL;
599 }
600
601 static void mgmt_pending_remove(struct pending_cmd *cmd)
602 {
603 list_del(&cmd->list);
604 mgmt_pending_free(cmd);
605 }
606
607 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
608 {
609 __le32 settings = cpu_to_le32(get_current_settings(hdev));
610
611 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
612 }
613
614 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
615 {
616 struct mgmt_mode *cp;
617 struct hci_dev *hdev;
618 struct pending_cmd *cmd;
619 int err, up;
620
621 cp = (void *) data;
622
623 BT_DBG("request for hci%u", index);
624
625 if (len != sizeof(*cp))
626 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
627 MGMT_STATUS_INVALID_PARAMS);
628
629 hdev = hci_dev_get(index);
630 if (!hdev)
631 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
632 MGMT_STATUS_INVALID_PARAMS);
633
634 hci_dev_lock(hdev);
635
636 up = test_bit(HCI_UP, &hdev->flags);
637 if ((cp->val && up) || (!cp->val && !up)) {
638 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
639 goto failed;
640 }
641
642 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
643 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
644 MGMT_STATUS_BUSY);
645 goto failed;
646 }
647
648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
649 if (!cmd) {
650 err = -ENOMEM;
651 goto failed;
652 }
653
654 if (cp->val)
655 schedule_work(&hdev->power_on);
656 else
657 schedule_work(&hdev->power_off.work);
658
659 err = 0;
660
661 failed:
662 hci_dev_unlock(hdev);
663 hci_dev_put(hdev);
664 return err;
665 }
666
667 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
668 u16 len)
669 {
670 struct mgmt_cp_set_discoverable *cp;
671 struct hci_dev *hdev;
672 struct pending_cmd *cmd;
673 u8 scan;
674 int err;
675
676 cp = (void *) data;
677
678 BT_DBG("request for hci%u", index);
679
680 if (len != sizeof(*cp))
681 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
682 MGMT_STATUS_INVALID_PARAMS);
683
684 hdev = hci_dev_get(index);
685 if (!hdev)
686 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
687 MGMT_STATUS_INVALID_PARAMS);
688
689 hci_dev_lock(hdev);
690
691 if (!test_bit(HCI_UP, &hdev->flags)) {
692 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
693 MGMT_STATUS_NOT_POWERED);
694 goto failed;
695 }
696
697 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
698 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
699 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
700 MGMT_STATUS_BUSY);
701 goto failed;
702 }
703
704 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
705 test_bit(HCI_PSCAN, &hdev->flags)) {
706 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
707 goto failed;
708 }
709
710 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
711 if (!cmd) {
712 err = -ENOMEM;
713 goto failed;
714 }
715
716 scan = SCAN_PAGE;
717
718 if (cp->val)
719 scan |= SCAN_INQUIRY;
720 else
721 cancel_delayed_work(&hdev->discov_off);
722
723 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
724 if (err < 0)
725 mgmt_pending_remove(cmd);
726
727 if (cp->val)
728 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
729
730 failed:
731 hci_dev_unlock(hdev);
732 hci_dev_put(hdev);
733
734 return err;
735 }
736
737 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
738 u16 len)
739 {
740 struct mgmt_mode *cp;
741 struct hci_dev *hdev;
742 struct pending_cmd *cmd;
743 u8 scan;
744 int err;
745
746 cp = (void *) data;
747
748 BT_DBG("request for hci%u", index);
749
750 if (len != sizeof(*cp))
751 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
752 MGMT_STATUS_INVALID_PARAMS);
753
754 hdev = hci_dev_get(index);
755 if (!hdev)
756 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
757 MGMT_STATUS_INVALID_PARAMS);
758
759 hci_dev_lock(hdev);
760
761 if (!test_bit(HCI_UP, &hdev->flags)) {
762 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
763 MGMT_STATUS_NOT_POWERED);
764 goto failed;
765 }
766
767 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
768 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
769 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
770 MGMT_STATUS_BUSY);
771 goto failed;
772 }
773
774 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
775 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
776 goto failed;
777 }
778
779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
780 if (!cmd) {
781 err = -ENOMEM;
782 goto failed;
783 }
784
785 if (cp->val)
786 scan = SCAN_PAGE;
787 else
788 scan = 0;
789
790 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
791 if (err < 0)
792 mgmt_pending_remove(cmd);
793
794 failed:
795 hci_dev_unlock(hdev);
796 hci_dev_put(hdev);
797
798 return err;
799 }
800
801 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
802 u16 data_len, struct sock *skip_sk)
803 {
804 struct sk_buff *skb;
805 struct mgmt_hdr *hdr;
806
807 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
808 if (!skb)
809 return -ENOMEM;
810
811 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
812
813 hdr = (void *) skb_put(skb, sizeof(*hdr));
814 hdr->opcode = cpu_to_le16(event);
815 if (hdev)
816 hdr->index = cpu_to_le16(hdev->id);
817 else
818 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
819 hdr->len = cpu_to_le16(data_len);
820
821 if (data)
822 memcpy(skb_put(skb, data_len), data, data_len);
823
824 hci_send_to_sock(NULL, skb, skip_sk);
825 kfree_skb(skb);
826
827 return 0;
828 }
829
830 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
831 u16 len)
832 {
833 struct mgmt_mode *cp;
834 struct hci_dev *hdev;
835 __le32 ev;
836 int err;
837
838 cp = (void *) data;
839
840 BT_DBG("request for hci%u", index);
841
842 if (len != sizeof(*cp))
843 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
844 MGMT_STATUS_INVALID_PARAMS);
845
846 hdev = hci_dev_get(index);
847 if (!hdev)
848 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
849 MGMT_STATUS_INVALID_PARAMS);
850
851 hci_dev_lock(hdev);
852
853 if (cp->val)
854 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
855 else
856 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
857
858 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
859 if (err < 0)
860 goto failed;
861
862 ev = cpu_to_le32(get_current_settings(hdev));
863
864 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
865
866 failed:
867 hci_dev_unlock(hdev);
868 hci_dev_put(hdev);
869
870 return err;
871 }
872
873 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
874 {
875 struct mgmt_cp_add_uuid *cp;
876 struct hci_dev *hdev;
877 struct bt_uuid *uuid;
878 int err;
879
880 cp = (void *) data;
881
882 BT_DBG("request for hci%u", index);
883
884 if (len != sizeof(*cp))
885 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
886 MGMT_STATUS_INVALID_PARAMS);
887
888 hdev = hci_dev_get(index);
889 if (!hdev)
890 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
891 MGMT_STATUS_INVALID_PARAMS);
892
893 hci_dev_lock(hdev);
894
895 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
896 if (!uuid) {
897 err = -ENOMEM;
898 goto failed;
899 }
900
901 memcpy(uuid->uuid, cp->uuid, 16);
902 uuid->svc_hint = cp->svc_hint;
903
904 list_add(&uuid->list, &hdev->uuids);
905
906 err = update_class(hdev);
907 if (err < 0)
908 goto failed;
909
910 err = update_eir(hdev);
911 if (err < 0)
912 goto failed;
913
914 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
915
916 failed:
917 hci_dev_unlock(hdev);
918 hci_dev_put(hdev);
919
920 return err;
921 }
922
923 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
924 {
925 struct list_head *p, *n;
926 struct mgmt_cp_remove_uuid *cp;
927 struct hci_dev *hdev;
928 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
929 int err, found;
930
931 cp = (void *) data;
932
933 BT_DBG("request for hci%u", index);
934
935 if (len != sizeof(*cp))
936 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
937 MGMT_STATUS_INVALID_PARAMS);
938
939 hdev = hci_dev_get(index);
940 if (!hdev)
941 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
942 MGMT_STATUS_INVALID_PARAMS);
943
944 hci_dev_lock(hdev);
945
946 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
947 err = hci_uuids_clear(hdev);
948 goto unlock;
949 }
950
951 found = 0;
952
953 list_for_each_safe(p, n, &hdev->uuids) {
954 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
955
956 if (memcmp(match->uuid, cp->uuid, 16) != 0)
957 continue;
958
959 list_del(&match->list);
960 found++;
961 }
962
963 if (found == 0) {
964 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
965 MGMT_STATUS_INVALID_PARAMS);
966 goto unlock;
967 }
968
969 err = update_class(hdev);
970 if (err < 0)
971 goto unlock;
972
973 err = update_eir(hdev);
974 if (err < 0)
975 goto unlock;
976
977 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
978
979 unlock:
980 hci_dev_unlock(hdev);
981 hci_dev_put(hdev);
982
983 return err;
984 }
985
986 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
987 u16 len)
988 {
989 struct hci_dev *hdev;
990 struct mgmt_cp_set_dev_class *cp;
991 int err;
992
993 cp = (void *) data;
994
995 BT_DBG("request for hci%u", index);
996
997 if (len != sizeof(*cp))
998 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
999 MGMT_STATUS_INVALID_PARAMS);
1000
1001 hdev = hci_dev_get(index);
1002 if (!hdev)
1003 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1004 MGMT_STATUS_INVALID_PARAMS);
1005
1006 hci_dev_lock(hdev);
1007
1008 hdev->major_class = cp->major;
1009 hdev->minor_class = cp->minor;
1010
1011 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1012 hci_dev_unlock(hdev);
1013 cancel_delayed_work_sync(&hdev->service_cache);
1014 hci_dev_lock(hdev);
1015 update_eir(hdev);
1016 }
1017
1018 err = update_class(hdev);
1019
1020 if (err == 0)
1021 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1022
1023 hci_dev_unlock(hdev);
1024 hci_dev_put(hdev);
1025
1026 return err;
1027 }
1028
1029 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1030 u16 len)
1031 {
1032 struct hci_dev *hdev;
1033 struct mgmt_cp_load_link_keys *cp;
1034 u16 key_count, expected_len;
1035 int i;
1036
1037 cp = (void *) data;
1038
1039 if (len < sizeof(*cp))
1040 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1041 MGMT_STATUS_INVALID_PARAMS);
1042
1043 key_count = get_unaligned_le16(&cp->key_count);
1044
1045 expected_len = sizeof(*cp) + key_count *
1046 sizeof(struct mgmt_link_key_info);
1047 if (expected_len != len) {
1048 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1049 len, expected_len);
1050 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1051 MGMT_STATUS_INVALID_PARAMS);
1052 }
1053
1054 hdev = hci_dev_get(index);
1055 if (!hdev)
1056 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1057 MGMT_STATUS_INVALID_PARAMS);
1058
1059 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1060 key_count);
1061
1062 hci_dev_lock(hdev);
1063
1064 hci_link_keys_clear(hdev);
1065
1066 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1067
1068 if (cp->debug_keys)
1069 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1070 else
1071 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1072
1073 for (i = 0; i < key_count; i++) {
1074 struct mgmt_link_key_info *key = &cp->keys[i];
1075
1076 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1077 key->pin_len);
1078 }
1079
1080 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1081
1082 hci_dev_unlock(hdev);
1083 hci_dev_put(hdev);
1084
1085 return 0;
1086 }
1087
1088 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1089 u16 len)
1090 {
1091 struct hci_dev *hdev;
1092 struct mgmt_cp_remove_keys *cp;
1093 struct mgmt_rp_remove_keys rp;
1094 struct hci_cp_disconnect dc;
1095 struct pending_cmd *cmd;
1096 struct hci_conn *conn;
1097 int err;
1098
1099 cp = (void *) data;
1100
1101 if (len != sizeof(*cp))
1102 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1103 MGMT_STATUS_INVALID_PARAMS);
1104
1105 hdev = hci_dev_get(index);
1106 if (!hdev)
1107 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1108 MGMT_STATUS_INVALID_PARAMS);
1109
1110 hci_dev_lock(hdev);
1111
1112 memset(&rp, 0, sizeof(rp));
1113 bacpy(&rp.bdaddr, &cp->bdaddr);
1114 rp.status = MGMT_STATUS_FAILED;
1115
1116 err = hci_remove_link_key(hdev, &cp->bdaddr);
1117 if (err < 0) {
1118 rp.status = MGMT_STATUS_NOT_PAIRED;
1119 goto unlock;
1120 }
1121
1122 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1123 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1124 sizeof(rp));
1125 goto unlock;
1126 }
1127
1128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1129 if (!conn) {
1130 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1131 sizeof(rp));
1132 goto unlock;
1133 }
1134
1135 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1136 if (!cmd) {
1137 err = -ENOMEM;
1138 goto unlock;
1139 }
1140
1141 put_unaligned_le16(conn->handle, &dc.handle);
1142 dc.reason = 0x13; /* Remote User Terminated Connection */
1143 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1144 if (err < 0)
1145 mgmt_pending_remove(cmd);
1146
1147 unlock:
1148 if (err < 0)
1149 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1150 sizeof(rp));
1151 hci_dev_unlock(hdev);
1152 hci_dev_put(hdev);
1153
1154 return err;
1155 }
1156
1157 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1158 {
1159 struct hci_dev *hdev;
1160 struct mgmt_cp_disconnect *cp;
1161 struct hci_cp_disconnect dc;
1162 struct pending_cmd *cmd;
1163 struct hci_conn *conn;
1164 int err;
1165
1166 BT_DBG("");
1167
1168 cp = (void *) data;
1169
1170 if (len != sizeof(*cp))
1171 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_INVALID_PARAMS);
1173
1174 hdev = hci_dev_get(index);
1175 if (!hdev)
1176 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1177 MGMT_STATUS_INVALID_PARAMS);
1178
1179 hci_dev_lock(hdev);
1180
1181 if (!test_bit(HCI_UP, &hdev->flags)) {
1182 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1183 MGMT_STATUS_NOT_POWERED);
1184 goto failed;
1185 }
1186
1187 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1188 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1189 MGMT_STATUS_BUSY);
1190 goto failed;
1191 }
1192
1193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1194 if (!conn)
1195 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1196
1197 if (!conn) {
1198 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1199 MGMT_STATUS_NOT_CONNECTED);
1200 goto failed;
1201 }
1202
1203 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1204 if (!cmd) {
1205 err = -ENOMEM;
1206 goto failed;
1207 }
1208
1209 put_unaligned_le16(conn->handle, &dc.handle);
1210 dc.reason = 0x13; /* Remote User Terminated Connection */
1211
1212 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1213 if (err < 0)
1214 mgmt_pending_remove(cmd);
1215
1216 failed:
1217 hci_dev_unlock(hdev);
1218 hci_dev_put(hdev);
1219
1220 return err;
1221 }
1222
1223 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1224 {
1225 switch (link_type) {
1226 case LE_LINK:
1227 switch (addr_type) {
1228 case ADDR_LE_DEV_PUBLIC:
1229 return MGMT_ADDR_LE_PUBLIC;
1230 case ADDR_LE_DEV_RANDOM:
1231 return MGMT_ADDR_LE_RANDOM;
1232 default:
1233 return MGMT_ADDR_INVALID;
1234 }
1235 case ACL_LINK:
1236 return MGMT_ADDR_BREDR;
1237 default:
1238 return MGMT_ADDR_INVALID;
1239 }
1240 }
1241
1242 static int get_connections(struct sock *sk, u16 index)
1243 {
1244 struct mgmt_rp_get_connections *rp;
1245 struct hci_dev *hdev;
1246 struct hci_conn *c;
1247 struct list_head *p;
1248 size_t rp_len;
1249 u16 count;
1250 int i, err;
1251
1252 BT_DBG("");
1253
1254 hdev = hci_dev_get(index);
1255 if (!hdev)
1256 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1257 MGMT_STATUS_INVALID_PARAMS);
1258
1259 hci_dev_lock(hdev);
1260
1261 count = 0;
1262 list_for_each(p, &hdev->conn_hash.list) {
1263 count++;
1264 }
1265
1266 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1267 rp = kmalloc(rp_len, GFP_ATOMIC);
1268 if (!rp) {
1269 err = -ENOMEM;
1270 goto unlock;
1271 }
1272
1273 put_unaligned_le16(count, &rp->conn_count);
1274
1275 i = 0;
1276 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1277 bacpy(&rp->addr[i].bdaddr, &c->dst);
1278 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1279 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1280 continue;
1281 i++;
1282 }
1283
1284 /* Recalculate length in case of filtered SCO connections, etc */
1285 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1286
1287 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1288
1289 unlock:
1290 kfree(rp);
1291 hci_dev_unlock(hdev);
1292 hci_dev_put(hdev);
1293 return err;
1294 }
1295
1296 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1297 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1298 {
1299 struct pending_cmd *cmd;
1300 int err;
1301
1302 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1303 sizeof(*cp));
1304 if (!cmd)
1305 return -ENOMEM;
1306
1307 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1308 &cp->bdaddr);
1309 if (err < 0)
1310 mgmt_pending_remove(cmd);
1311
1312 return err;
1313 }
1314
1315 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1316 u16 len)
1317 {
1318 struct hci_dev *hdev;
1319 struct hci_conn *conn;
1320 struct mgmt_cp_pin_code_reply *cp;
1321 struct mgmt_cp_pin_code_neg_reply ncp;
1322 struct hci_cp_pin_code_reply reply;
1323 struct pending_cmd *cmd;
1324 int err;
1325
1326 BT_DBG("");
1327
1328 cp = (void *) data;
1329
1330 if (len != sizeof(*cp))
1331 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1332 MGMT_STATUS_INVALID_PARAMS);
1333
1334 hdev = hci_dev_get(index);
1335 if (!hdev)
1336 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1337 MGMT_STATUS_INVALID_PARAMS);
1338
1339 hci_dev_lock(hdev);
1340
1341 if (!test_bit(HCI_UP, &hdev->flags)) {
1342 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1343 MGMT_STATUS_NOT_POWERED);
1344 goto failed;
1345 }
1346
1347 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1348 if (!conn) {
1349 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1350 MGMT_STATUS_NOT_CONNECTED);
1351 goto failed;
1352 }
1353
1354 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1355 bacpy(&ncp.bdaddr, &cp->bdaddr);
1356
1357 BT_ERR("PIN code is not 16 bytes long");
1358
1359 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1360 if (err >= 0)
1361 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1362 MGMT_STATUS_INVALID_PARAMS);
1363
1364 goto failed;
1365 }
1366
1367 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1368 if (!cmd) {
1369 err = -ENOMEM;
1370 goto failed;
1371 }
1372
1373 bacpy(&reply.bdaddr, &cp->bdaddr);
1374 reply.pin_len = cp->pin_len;
1375 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1376
1377 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1378 if (err < 0)
1379 mgmt_pending_remove(cmd);
1380
1381 failed:
1382 hci_dev_unlock(hdev);
1383 hci_dev_put(hdev);
1384
1385 return err;
1386 }
1387
1388 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1389 u16 len)
1390 {
1391 struct hci_dev *hdev;
1392 struct mgmt_cp_pin_code_neg_reply *cp;
1393 int err;
1394
1395 BT_DBG("");
1396
1397 cp = (void *) data;
1398
1399 if (len != sizeof(*cp))
1400 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1401 MGMT_STATUS_INVALID_PARAMS);
1402
1403 hdev = hci_dev_get(index);
1404 if (!hdev)
1405 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1406 MGMT_STATUS_INVALID_PARAMS);
1407
1408 hci_dev_lock(hdev);
1409
1410 if (!test_bit(HCI_UP, &hdev->flags)) {
1411 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1412 MGMT_STATUS_NOT_POWERED);
1413 goto failed;
1414 }
1415
1416 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1417
1418 failed:
1419 hci_dev_unlock(hdev);
1420 hci_dev_put(hdev);
1421
1422 return err;
1423 }
1424
1425 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1426 u16 len)
1427 {
1428 struct hci_dev *hdev;
1429 struct mgmt_cp_set_io_capability *cp;
1430
1431 BT_DBG("");
1432
1433 cp = (void *) data;
1434
1435 if (len != sizeof(*cp))
1436 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1437 MGMT_STATUS_INVALID_PARAMS);
1438
1439 hdev = hci_dev_get(index);
1440 if (!hdev)
1441 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1442 MGMT_STATUS_INVALID_PARAMS);
1443
1444 hci_dev_lock(hdev);
1445
1446 hdev->io_capability = cp->io_capability;
1447
1448 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1449 hdev->io_capability);
1450
1451 hci_dev_unlock(hdev);
1452 hci_dev_put(hdev);
1453
1454 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1455 }
1456
1457 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1458 {
1459 struct hci_dev *hdev = conn->hdev;
1460 struct pending_cmd *cmd;
1461
1462 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1463 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1464 continue;
1465
1466 if (cmd->user_data != conn)
1467 continue;
1468
1469 return cmd;
1470 }
1471
1472 return NULL;
1473 }
1474
1475 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1476 {
1477 struct mgmt_rp_pair_device rp;
1478 struct hci_conn *conn = cmd->user_data;
1479
1480 bacpy(&rp.addr.bdaddr, &conn->dst);
1481 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1482 rp.status = status;
1483
1484 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1485
1486 /* So we don't get further callbacks for this connection */
1487 conn->connect_cfm_cb = NULL;
1488 conn->security_cfm_cb = NULL;
1489 conn->disconn_cfm_cb = NULL;
1490
1491 hci_conn_put(conn);
1492
1493 mgmt_pending_remove(cmd);
1494 }
1495
1496 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1497 {
1498 struct pending_cmd *cmd;
1499
1500 BT_DBG("status %u", status);
1501
1502 cmd = find_pairing(conn);
1503 if (!cmd)
1504 BT_DBG("Unable to find a pending command");
1505 else
1506 pairing_complete(cmd, status);
1507 }
1508
1509 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1510 {
1511 struct hci_dev *hdev;
1512 struct mgmt_cp_pair_device *cp;
1513 struct mgmt_rp_pair_device rp;
1514 struct pending_cmd *cmd;
1515 u8 sec_level, auth_type;
1516 struct hci_conn *conn;
1517 int err;
1518
1519 BT_DBG("");
1520
1521 cp = (void *) data;
1522
1523 if (len != sizeof(*cp))
1524 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1525 MGMT_STATUS_INVALID_PARAMS);
1526
1527 hdev = hci_dev_get(index);
1528 if (!hdev)
1529 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1530 MGMT_STATUS_INVALID_PARAMS);
1531
1532 hci_dev_lock(hdev);
1533
1534 sec_level = BT_SECURITY_MEDIUM;
1535 if (cp->io_cap == 0x03)
1536 auth_type = HCI_AT_DEDICATED_BONDING;
1537 else
1538 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1539
1540 if (cp->addr.type == MGMT_ADDR_BREDR)
1541 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1542 auth_type);
1543 else
1544 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1545 auth_type);
1546
1547 memset(&rp, 0, sizeof(rp));
1548 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1549 rp.addr.type = cp->addr.type;
1550
1551 if (IS_ERR(conn)) {
1552 rp.status = -PTR_ERR(conn);
1553 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1554 &rp, sizeof(rp));
1555 goto unlock;
1556 }
1557
1558 if (conn->connect_cfm_cb) {
1559 hci_conn_put(conn);
1560 rp.status = EBUSY;
1561 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1562 &rp, sizeof(rp));
1563 goto unlock;
1564 }
1565
1566 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1567 if (!cmd) {
1568 err = -ENOMEM;
1569 hci_conn_put(conn);
1570 goto unlock;
1571 }
1572
1573 /* For LE, just connecting isn't a proof that the pairing finished */
1574 if (cp->addr.type == MGMT_ADDR_BREDR)
1575 conn->connect_cfm_cb = pairing_complete_cb;
1576
1577 conn->security_cfm_cb = pairing_complete_cb;
1578 conn->disconn_cfm_cb = pairing_complete_cb;
1579 conn->io_capability = cp->io_cap;
1580 cmd->user_data = conn;
1581
1582 if (conn->state == BT_CONNECTED &&
1583 hci_conn_security(conn, sec_level, auth_type))
1584 pairing_complete(cmd, 0);
1585
1586 err = 0;
1587
1588 unlock:
1589 hci_dev_unlock(hdev);
1590 hci_dev_put(hdev);
1591
1592 return err;
1593 }
1594
1595 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1596 u16 mgmt_op, u16 hci_op, __le32 passkey)
1597 {
1598 struct pending_cmd *cmd;
1599 struct hci_dev *hdev;
1600 struct hci_conn *conn;
1601 int err;
1602
1603 hdev = hci_dev_get(index);
1604 if (!hdev)
1605 return cmd_status(sk, index, mgmt_op,
1606 MGMT_STATUS_INVALID_PARAMS);
1607
1608 hci_dev_lock(hdev);
1609
1610 if (!test_bit(HCI_UP, &hdev->flags)) {
1611 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1612 goto done;
1613 }
1614
1615 /*
1616 * Check for an existing ACL link, if present pair via
1617 * HCI commands.
1618 *
1619 * If no ACL link is present, check for an LE link and if
1620 * present, pair via the SMP engine.
1621 *
1622 * If neither ACL nor LE links are present, fail with error.
1623 */
1624 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1625 if (!conn) {
1626 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1627 if (!conn) {
1628 err = cmd_status(sk, index, mgmt_op,
1629 MGMT_STATUS_NOT_CONNECTED);
1630 goto done;
1631 }
1632
1633 /* Continue with pairing via SMP */
1634 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1635
1636 if (!err)
1637 err = cmd_status(sk, index, mgmt_op,
1638 MGMT_STATUS_SUCCESS);
1639 else
1640 err = cmd_status(sk, index, mgmt_op,
1641 MGMT_STATUS_FAILED);
1642
1643 goto done;
1644 }
1645
1646 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1647 if (!cmd) {
1648 err = -ENOMEM;
1649 goto done;
1650 }
1651
1652 /* Continue with pairing via HCI */
1653 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1654 struct hci_cp_user_passkey_reply cp;
1655
1656 bacpy(&cp.bdaddr, bdaddr);
1657 cp.passkey = passkey;
1658 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1659 } else
1660 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1661
1662 if (err < 0)
1663 mgmt_pending_remove(cmd);
1664
1665 done:
1666 hci_dev_unlock(hdev);
1667 hci_dev_put(hdev);
1668
1669 return err;
1670 }
1671
1672 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1673 {
1674 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1675
1676 BT_DBG("");
1677
1678 if (len != sizeof(*cp))
1679 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1680 MGMT_STATUS_INVALID_PARAMS);
1681
1682 return user_pairing_resp(sk, index, &cp->bdaddr,
1683 MGMT_OP_USER_CONFIRM_REPLY,
1684 HCI_OP_USER_CONFIRM_REPLY, 0);
1685 }
1686
1687 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1688 u16 len)
1689 {
1690 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1691
1692 BT_DBG("");
1693
1694 if (len != sizeof(*cp))
1695 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1696 MGMT_STATUS_INVALID_PARAMS);
1697
1698 return user_pairing_resp(sk, index, &cp->bdaddr,
1699 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1700 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1701 }
1702
1703 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1704 {
1705 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1706
1707 BT_DBG("");
1708
1709 if (len != sizeof(*cp))
1710 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1711 EINVAL);
1712
1713 return user_pairing_resp(sk, index, &cp->bdaddr,
1714 MGMT_OP_USER_PASSKEY_REPLY,
1715 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1716 }
1717
1718 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1719 u16 len)
1720 {
1721 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1722
1723 BT_DBG("");
1724
1725 if (len != sizeof(*cp))
1726 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1727 EINVAL);
1728
1729 return user_pairing_resp(sk, index, &cp->bdaddr,
1730 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1731 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1732 }
1733
1734 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1735 u16 len)
1736 {
1737 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1738 struct hci_cp_write_local_name hci_cp;
1739 struct hci_dev *hdev;
1740 struct pending_cmd *cmd;
1741 int err;
1742
1743 BT_DBG("");
1744
1745 if (len != sizeof(*mgmt_cp))
1746 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1747 MGMT_STATUS_INVALID_PARAMS);
1748
1749 hdev = hci_dev_get(index);
1750 if (!hdev)
1751 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1752 MGMT_STATUS_INVALID_PARAMS);
1753
1754 hci_dev_lock(hdev);
1755
1756 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1757 if (!cmd) {
1758 err = -ENOMEM;
1759 goto failed;
1760 }
1761
1762 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1763 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1764 &hci_cp);
1765 if (err < 0)
1766 mgmt_pending_remove(cmd);
1767
1768 failed:
1769 hci_dev_unlock(hdev);
1770 hci_dev_put(hdev);
1771
1772 return err;
1773 }
1774
1775 static int read_local_oob_data(struct sock *sk, u16 index)
1776 {
1777 struct hci_dev *hdev;
1778 struct pending_cmd *cmd;
1779 int err;
1780
1781 BT_DBG("hci%u", index);
1782
1783 hdev = hci_dev_get(index);
1784 if (!hdev)
1785 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1786 MGMT_STATUS_INVALID_PARAMS);
1787
1788 hci_dev_lock(hdev);
1789
1790 if (!test_bit(HCI_UP, &hdev->flags)) {
1791 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1792 MGMT_STATUS_NOT_POWERED);
1793 goto unlock;
1794 }
1795
1796 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1797 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1798 MGMT_STATUS_NOT_SUPPORTED);
1799 goto unlock;
1800 }
1801
1802 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1803 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1804 MGMT_STATUS_BUSY);
1805 goto unlock;
1806 }
1807
1808 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1809 if (!cmd) {
1810 err = -ENOMEM;
1811 goto unlock;
1812 }
1813
1814 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1815 if (err < 0)
1816 mgmt_pending_remove(cmd);
1817
1818 unlock:
1819 hci_dev_unlock(hdev);
1820 hci_dev_put(hdev);
1821
1822 return err;
1823 }
1824
1825 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1826 u16 len)
1827 {
1828 struct hci_dev *hdev;
1829 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1830 int err;
1831
1832 BT_DBG("hci%u ", index);
1833
1834 if (len != sizeof(*cp))
1835 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1836 MGMT_STATUS_INVALID_PARAMS);
1837
1838 hdev = hci_dev_get(index);
1839 if (!hdev)
1840 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1841 MGMT_STATUS_INVALID_PARAMS);
1842
1843 hci_dev_lock(hdev);
1844
1845 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1846 cp->randomizer);
1847 if (err < 0)
1848 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1849 MGMT_STATUS_FAILED);
1850 else
1851 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1852 0);
1853
1854 hci_dev_unlock(hdev);
1855 hci_dev_put(hdev);
1856
1857 return err;
1858 }
1859
1860 static int remove_remote_oob_data(struct sock *sk, u16 index,
1861 unsigned char *data, u16 len)
1862 {
1863 struct hci_dev *hdev;
1864 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1865 int err;
1866
1867 BT_DBG("hci%u ", index);
1868
1869 if (len != sizeof(*cp))
1870 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1871 MGMT_STATUS_INVALID_PARAMS);
1872
1873 hdev = hci_dev_get(index);
1874 if (!hdev)
1875 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1876 MGMT_STATUS_INVALID_PARAMS);
1877
1878 hci_dev_lock(hdev);
1879
1880 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1881 if (err < 0)
1882 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1883 MGMT_STATUS_INVALID_PARAMS);
1884 else
1885 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1886 NULL, 0);
1887
1888 hci_dev_unlock(hdev);
1889 hci_dev_put(hdev);
1890
1891 return err;
1892 }
1893
1894 static int start_discovery(struct sock *sk, u16 index,
1895 unsigned char *data, u16 len)
1896 {
1897 struct mgmt_cp_start_discovery *cp = (void *) data;
1898 struct pending_cmd *cmd;
1899 struct hci_dev *hdev;
1900 int err;
1901
1902 BT_DBG("hci%u", index);
1903
1904 if (len != sizeof(*cp))
1905 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1906 MGMT_STATUS_INVALID_PARAMS);
1907
1908 hdev = hci_dev_get(index);
1909 if (!hdev)
1910 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1911 MGMT_STATUS_INVALID_PARAMS);
1912
1913 hci_dev_lock(hdev);
1914
1915 if (!test_bit(HCI_UP, &hdev->flags)) {
1916 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1917 MGMT_STATUS_NOT_POWERED);
1918 goto failed;
1919 }
1920
1921 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1922 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1923 MGMT_STATUS_BUSY);
1924 goto failed;
1925 }
1926
1927 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1928 if (!cmd) {
1929 err = -ENOMEM;
1930 goto failed;
1931 }
1932
1933 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1934 if (err < 0)
1935 mgmt_pending_remove(cmd);
1936 else
1937 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
1938
1939 failed:
1940 hci_dev_unlock(hdev);
1941 hci_dev_put(hdev);
1942
1943 return err;
1944 }
1945
1946 static int stop_discovery(struct sock *sk, u16 index)
1947 {
1948 struct hci_dev *hdev;
1949 struct pending_cmd *cmd;
1950 struct hci_cp_remote_name_req_cancel cp;
1951 struct inquiry_entry *e;
1952 int err;
1953
1954 BT_DBG("hci%u", index);
1955
1956 hdev = hci_dev_get(index);
1957 if (!hdev)
1958 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1959 MGMT_STATUS_INVALID_PARAMS);
1960
1961 hci_dev_lock(hdev);
1962
1963 if (!hci_discovery_active(hdev)) {
1964 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1965 MGMT_STATUS_REJECTED);
1966 goto unlock;
1967 }
1968
1969 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1970 if (!cmd) {
1971 err = -ENOMEM;
1972 goto unlock;
1973 }
1974
1975 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
1976 err = hci_cancel_inquiry(hdev);
1977 if (err < 0)
1978 mgmt_pending_remove(cmd);
1979 else
1980 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1981 goto unlock;
1982 }
1983
1984 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
1985 if (!e) {
1986 mgmt_pending_remove(cmd);
1987 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
1988 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1989 goto unlock;
1990 }
1991
1992 bacpy(&cp.bdaddr, &e->data.bdaddr);
1993 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
1994 sizeof(cp), &cp);
1995 if (err < 0)
1996 mgmt_pending_remove(cmd);
1997 else
1998 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1999
2000 unlock:
2001 hci_dev_unlock(hdev);
2002 hci_dev_put(hdev);
2003
2004 return err;
2005 }
2006
2007 static int confirm_name(struct sock *sk, u16 index, unsigned char *data,
2008 u16 len)
2009 {
2010 struct mgmt_cp_confirm_name *cp = (void *) data;
2011 struct inquiry_entry *e;
2012 struct hci_dev *hdev;
2013 int err;
2014
2015 BT_DBG("hci%u", index);
2016
2017 if (len != sizeof(*cp))
2018 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2019 MGMT_STATUS_INVALID_PARAMS);
2020
2021 hdev = hci_dev_get(index);
2022 if (!hdev)
2023 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2024 MGMT_STATUS_INVALID_PARAMS);
2025
2026 hci_dev_lock(hdev);
2027
2028 if (!hci_discovery_active(hdev)) {
2029 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2030 MGMT_STATUS_FAILED);
2031 goto failed;
2032 }
2033
2034 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2035 if (!e) {
2036 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2037 MGMT_STATUS_INVALID_PARAMS);
2038 goto failed;
2039 }
2040
2041 if (cp->name_known) {
2042 e->name_state = NAME_KNOWN;
2043 list_del(&e->list);
2044 } else {
2045 e->name_state = NAME_NEEDED;
2046 hci_inquiry_cache_update_resolve(hdev, e);
2047 }
2048
2049 err = 0;
2050
2051 failed:
2052 hci_dev_unlock(hdev);
2053
2054 return err;
2055 }
2056
2057 static int block_device(struct sock *sk, u16 index, unsigned char *data,
2058 u16 len)
2059 {
2060 struct hci_dev *hdev;
2061 struct mgmt_cp_block_device *cp = (void *) data;
2062 int err;
2063
2064 BT_DBG("hci%u", index);
2065
2066 if (len != sizeof(*cp))
2067 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2068 MGMT_STATUS_INVALID_PARAMS);
2069
2070 hdev = hci_dev_get(index);
2071 if (!hdev)
2072 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2073 MGMT_STATUS_INVALID_PARAMS);
2074
2075 hci_dev_lock(hdev);
2076
2077 err = hci_blacklist_add(hdev, &cp->bdaddr);
2078 if (err < 0)
2079 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2080 MGMT_STATUS_FAILED);
2081 else
2082 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2083 NULL, 0);
2084
2085 hci_dev_unlock(hdev);
2086 hci_dev_put(hdev);
2087
2088 return err;
2089 }
2090
2091 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2092 u16 len)
2093 {
2094 struct hci_dev *hdev;
2095 struct mgmt_cp_unblock_device *cp = (void *) data;
2096 int err;
2097
2098 BT_DBG("hci%u", index);
2099
2100 if (len != sizeof(*cp))
2101 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2102 MGMT_STATUS_INVALID_PARAMS);
2103
2104 hdev = hci_dev_get(index);
2105 if (!hdev)
2106 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2107 MGMT_STATUS_INVALID_PARAMS);
2108
2109 hci_dev_lock(hdev);
2110
2111 err = hci_blacklist_del(hdev, &cp->bdaddr);
2112
2113 if (err < 0)
2114 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2115 MGMT_STATUS_INVALID_PARAMS);
2116 else
2117 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2118 NULL, 0);
2119
2120 hci_dev_unlock(hdev);
2121 hci_dev_put(hdev);
2122
2123 return err;
2124 }
2125
2126 static int set_fast_connectable(struct sock *sk, u16 index,
2127 unsigned char *data, u16 len)
2128 {
2129 struct hci_dev *hdev;
2130 struct mgmt_mode *cp = (void *) data;
2131 struct hci_cp_write_page_scan_activity acp;
2132 u8 type;
2133 int err;
2134
2135 BT_DBG("hci%u", index);
2136
2137 if (len != sizeof(*cp))
2138 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2139 MGMT_STATUS_INVALID_PARAMS);
2140
2141 hdev = hci_dev_get(index);
2142 if (!hdev)
2143 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2144 MGMT_STATUS_INVALID_PARAMS);
2145
2146 hci_dev_lock(hdev);
2147
2148 if (cp->val) {
2149 type = PAGE_SCAN_TYPE_INTERLACED;
2150 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2151 } else {
2152 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2153 acp.interval = 0x0800; /* default 1.28 sec page scan */
2154 }
2155
2156 acp.window = 0x0012; /* default 11.25 msec page scan window */
2157
2158 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2159 sizeof(acp), &acp);
2160 if (err < 0) {
2161 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2162 MGMT_STATUS_FAILED);
2163 goto done;
2164 }
2165
2166 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2167 if (err < 0) {
2168 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2169 MGMT_STATUS_FAILED);
2170 goto done;
2171 }
2172
2173 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2174 NULL, 0);
2175 done:
2176 hci_dev_unlock(hdev);
2177 hci_dev_put(hdev);
2178
2179 return err;
2180 }
2181
2182 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2183 {
2184 unsigned char *buf;
2185 struct mgmt_hdr *hdr;
2186 u16 opcode, index, len;
2187 int err;
2188
2189 BT_DBG("got %zu bytes", msglen);
2190
2191 if (msglen < sizeof(*hdr))
2192 return -EINVAL;
2193
2194 buf = kmalloc(msglen, GFP_KERNEL);
2195 if (!buf)
2196 return -ENOMEM;
2197
2198 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2199 err = -EFAULT;
2200 goto done;
2201 }
2202
2203 hdr = (struct mgmt_hdr *) buf;
2204 opcode = get_unaligned_le16(&hdr->opcode);
2205 index = get_unaligned_le16(&hdr->index);
2206 len = get_unaligned_le16(&hdr->len);
2207
2208 if (len != msglen - sizeof(*hdr)) {
2209 err = -EINVAL;
2210 goto done;
2211 }
2212
2213 switch (opcode) {
2214 case MGMT_OP_READ_VERSION:
2215 err = read_version(sk);
2216 break;
2217 case MGMT_OP_READ_INDEX_LIST:
2218 err = read_index_list(sk);
2219 break;
2220 case MGMT_OP_READ_INFO:
2221 err = read_controller_info(sk, index);
2222 break;
2223 case MGMT_OP_SET_POWERED:
2224 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2225 break;
2226 case MGMT_OP_SET_DISCOVERABLE:
2227 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2228 break;
2229 case MGMT_OP_SET_CONNECTABLE:
2230 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2231 break;
2232 case MGMT_OP_SET_FAST_CONNECTABLE:
2233 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2234 len);
2235 break;
2236 case MGMT_OP_SET_PAIRABLE:
2237 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2238 break;
2239 case MGMT_OP_ADD_UUID:
2240 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2241 break;
2242 case MGMT_OP_REMOVE_UUID:
2243 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2244 break;
2245 case MGMT_OP_SET_DEV_CLASS:
2246 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2247 break;
2248 case MGMT_OP_LOAD_LINK_KEYS:
2249 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2250 break;
2251 case MGMT_OP_REMOVE_KEYS:
2252 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2253 break;
2254 case MGMT_OP_DISCONNECT:
2255 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2256 break;
2257 case MGMT_OP_GET_CONNECTIONS:
2258 err = get_connections(sk, index);
2259 break;
2260 case MGMT_OP_PIN_CODE_REPLY:
2261 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2262 break;
2263 case MGMT_OP_PIN_CODE_NEG_REPLY:
2264 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2265 break;
2266 case MGMT_OP_SET_IO_CAPABILITY:
2267 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2268 break;
2269 case MGMT_OP_PAIR_DEVICE:
2270 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2271 break;
2272 case MGMT_OP_USER_CONFIRM_REPLY:
2273 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2274 break;
2275 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2276 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2277 len);
2278 break;
2279 case MGMT_OP_USER_PASSKEY_REPLY:
2280 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2281 break;
2282 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2283 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2284 len);
2285 break;
2286 case MGMT_OP_SET_LOCAL_NAME:
2287 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2288 break;
2289 case MGMT_OP_READ_LOCAL_OOB_DATA:
2290 err = read_local_oob_data(sk, index);
2291 break;
2292 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2293 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2294 break;
2295 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2296 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2297 len);
2298 break;
2299 case MGMT_OP_START_DISCOVERY:
2300 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2301 break;
2302 case MGMT_OP_STOP_DISCOVERY:
2303 err = stop_discovery(sk, index);
2304 break;
2305 case MGMT_OP_CONFIRM_NAME:
2306 err = confirm_name(sk, index, buf + sizeof(*hdr), len);
2307 break;
2308 case MGMT_OP_BLOCK_DEVICE:
2309 err = block_device(sk, index, buf + sizeof(*hdr), len);
2310 break;
2311 case MGMT_OP_UNBLOCK_DEVICE:
2312 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2313 break;
2314 default:
2315 BT_DBG("Unknown op %u", opcode);
2316 err = cmd_status(sk, index, opcode,
2317 MGMT_STATUS_UNKNOWN_COMMAND);
2318 break;
2319 }
2320
2321 if (err < 0)
2322 goto done;
2323
2324 err = msglen;
2325
2326 done:
2327 kfree(buf);
2328 return err;
2329 }
2330
2331 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2332 {
2333 u8 *status = data;
2334
2335 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2336 mgmt_pending_remove(cmd);
2337 }
2338
2339 int mgmt_index_added(struct hci_dev *hdev)
2340 {
2341 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2342 }
2343
2344 int mgmt_index_removed(struct hci_dev *hdev)
2345 {
2346 u8 status = ENODEV;
2347
2348 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2349
2350 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2351 }
2352
2353 struct cmd_lookup {
2354 u8 val;
2355 struct sock *sk;
2356 struct hci_dev *hdev;
2357 };
2358
2359 static void settings_rsp(struct pending_cmd *cmd, void *data)
2360 {
2361 struct cmd_lookup *match = data;
2362
2363 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2364
2365 list_del(&cmd->list);
2366
2367 if (match->sk == NULL) {
2368 match->sk = cmd->sk;
2369 sock_hold(match->sk);
2370 }
2371
2372 mgmt_pending_free(cmd);
2373 }
2374
2375 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2376 {
2377 struct cmd_lookup match = { powered, NULL, hdev };
2378 __le32 ev;
2379 int ret;
2380
2381 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2382
2383 if (!powered) {
2384 u8 status = ENETDOWN;
2385 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2386 }
2387
2388 ev = cpu_to_le32(get_current_settings(hdev));
2389
2390 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2391 match.sk);
2392
2393 if (match.sk)
2394 sock_put(match.sk);
2395
2396 return ret;
2397 }
2398
2399 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2400 {
2401 struct cmd_lookup match = { discoverable, NULL, hdev };
2402 __le32 ev;
2403 int ret;
2404
2405 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2406
2407 ev = cpu_to_le32(get_current_settings(hdev));
2408
2409 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2410 match.sk);
2411 if (match.sk)
2412 sock_put(match.sk);
2413
2414 return ret;
2415 }
2416
2417 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2418 {
2419 __le32 ev;
2420 struct cmd_lookup match = { connectable, NULL, hdev };
2421 int ret;
2422
2423 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2424 &match);
2425
2426 ev = cpu_to_le32(get_current_settings(hdev));
2427
2428 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2429
2430 if (match.sk)
2431 sock_put(match.sk);
2432
2433 return ret;
2434 }
2435
2436 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2437 {
2438 u8 mgmt_err = mgmt_status(status);
2439
2440 if (scan & SCAN_PAGE)
2441 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2442 cmd_status_rsp, &mgmt_err);
2443
2444 if (scan & SCAN_INQUIRY)
2445 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2446 cmd_status_rsp, &mgmt_err);
2447
2448 return 0;
2449 }
2450
2451 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2452 u8 persistent)
2453 {
2454 struct mgmt_ev_new_link_key ev;
2455
2456 memset(&ev, 0, sizeof(ev));
2457
2458 ev.store_hint = persistent;
2459 bacpy(&ev.key.bdaddr, &key->bdaddr);
2460 ev.key.type = key->type;
2461 memcpy(ev.key.val, key->val, 16);
2462 ev.key.pin_len = key->pin_len;
2463
2464 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2465 }
2466
2467 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2468 u8 addr_type)
2469 {
2470 struct mgmt_addr_info ev;
2471
2472 bacpy(&ev.bdaddr, bdaddr);
2473 ev.type = link_to_mgmt(link_type, addr_type);
2474
2475 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, &ev, sizeof(ev),
2476 NULL);
2477 }
2478
2479 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2480 {
2481 struct mgmt_cp_disconnect *cp = cmd->param;
2482 struct sock **sk = data;
2483 struct mgmt_rp_disconnect rp;
2484
2485 bacpy(&rp.bdaddr, &cp->bdaddr);
2486 rp.status = 0;
2487
2488 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2489
2490 *sk = cmd->sk;
2491 sock_hold(*sk);
2492
2493 mgmt_pending_remove(cmd);
2494 }
2495
2496 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2497 {
2498 u8 *status = data;
2499 struct mgmt_cp_remove_keys *cp = cmd->param;
2500 struct mgmt_rp_remove_keys rp;
2501
2502 memset(&rp, 0, sizeof(rp));
2503 bacpy(&rp.bdaddr, &cp->bdaddr);
2504 if (status != NULL)
2505 rp.status = *status;
2506
2507 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2508 sizeof(rp));
2509
2510 mgmt_pending_remove(cmd);
2511 }
2512
2513 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2514 u8 link_type, u8 addr_type)
2515 {
2516 struct mgmt_addr_info ev;
2517 struct sock *sk = NULL;
2518 int err;
2519
2520 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2521
2522 bacpy(&ev.bdaddr, bdaddr);
2523 ev.type = link_to_mgmt(link_type, addr_type);
2524
2525 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2526 sk);
2527
2528 if (sk)
2529 sock_put(sk);
2530
2531 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2532
2533 return err;
2534 }
2535
2536 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2537 {
2538 struct pending_cmd *cmd;
2539 u8 mgmt_err = mgmt_status(status);
2540 int err;
2541
2542 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2543 if (!cmd)
2544 return -ENOENT;
2545
2546 if (bdaddr) {
2547 struct mgmt_rp_disconnect rp;
2548
2549 bacpy(&rp.bdaddr, bdaddr);
2550 rp.status = status;
2551
2552 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2553 &rp, sizeof(rp));
2554 } else
2555 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2556 mgmt_err);
2557
2558 mgmt_pending_remove(cmd);
2559
2560 return err;
2561 }
2562
2563 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2564 u8 addr_type, u8 status)
2565 {
2566 struct mgmt_ev_connect_failed ev;
2567
2568 bacpy(&ev.addr.bdaddr, bdaddr);
2569 ev.addr.type = link_to_mgmt(link_type, addr_type);
2570 ev.status = mgmt_status(status);
2571
2572 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2573 }
2574
2575 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2576 {
2577 struct mgmt_ev_pin_code_request ev;
2578
2579 bacpy(&ev.bdaddr, bdaddr);
2580 ev.secure = secure;
2581
2582 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2583 NULL);
2584 }
2585
2586 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2587 u8 status)
2588 {
2589 struct pending_cmd *cmd;
2590 struct mgmt_rp_pin_code_reply rp;
2591 int err;
2592
2593 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2594 if (!cmd)
2595 return -ENOENT;
2596
2597 bacpy(&rp.bdaddr, bdaddr);
2598 rp.status = mgmt_status(status);
2599
2600 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2601 sizeof(rp));
2602
2603 mgmt_pending_remove(cmd);
2604
2605 return err;
2606 }
2607
2608 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2609 u8 status)
2610 {
2611 struct pending_cmd *cmd;
2612 struct mgmt_rp_pin_code_reply rp;
2613 int err;
2614
2615 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2616 if (!cmd)
2617 return -ENOENT;
2618
2619 bacpy(&rp.bdaddr, bdaddr);
2620 rp.status = mgmt_status(status);
2621
2622 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2623 sizeof(rp));
2624
2625 mgmt_pending_remove(cmd);
2626
2627 return err;
2628 }
2629
2630 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2631 __le32 value, u8 confirm_hint)
2632 {
2633 struct mgmt_ev_user_confirm_request ev;
2634
2635 BT_DBG("%s", hdev->name);
2636
2637 bacpy(&ev.bdaddr, bdaddr);
2638 ev.confirm_hint = confirm_hint;
2639 put_unaligned_le32(value, &ev.value);
2640
2641 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2642 NULL);
2643 }
2644
2645 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2646 {
2647 struct mgmt_ev_user_passkey_request ev;
2648
2649 BT_DBG("%s", hdev->name);
2650
2651 bacpy(&ev.bdaddr, bdaddr);
2652
2653 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2654 NULL);
2655 }
2656
2657 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2658 u8 status, u8 opcode)
2659 {
2660 struct pending_cmd *cmd;
2661 struct mgmt_rp_user_confirm_reply rp;
2662 int err;
2663
2664 cmd = mgmt_pending_find(opcode, hdev);
2665 if (!cmd)
2666 return -ENOENT;
2667
2668 bacpy(&rp.bdaddr, bdaddr);
2669 rp.status = mgmt_status(status);
2670 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2671
2672 mgmt_pending_remove(cmd);
2673
2674 return err;
2675 }
2676
2677 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2678 u8 status)
2679 {
2680 return user_pairing_resp_complete(hdev, bdaddr, status,
2681 MGMT_OP_USER_CONFIRM_REPLY);
2682 }
2683
2684 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2685 bdaddr_t *bdaddr, u8 status)
2686 {
2687 return user_pairing_resp_complete(hdev, bdaddr, status,
2688 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2689 }
2690
2691 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2692 u8 status)
2693 {
2694 return user_pairing_resp_complete(hdev, bdaddr, status,
2695 MGMT_OP_USER_PASSKEY_REPLY);
2696 }
2697
2698 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2699 bdaddr_t *bdaddr, u8 status)
2700 {
2701 return user_pairing_resp_complete(hdev, bdaddr, status,
2702 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2703 }
2704
2705 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2706 {
2707 struct mgmt_ev_auth_failed ev;
2708
2709 bacpy(&ev.bdaddr, bdaddr);
2710 ev.status = mgmt_status(status);
2711
2712 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2713 }
2714
2715 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2716 {
2717 struct pending_cmd *cmd;
2718 struct mgmt_cp_set_local_name ev;
2719 int err;
2720
2721 memset(&ev, 0, sizeof(ev));
2722 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2723
2724 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2725 if (!cmd)
2726 goto send_event;
2727
2728 if (status) {
2729 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2730 mgmt_status(status));
2731 goto failed;
2732 }
2733
2734 update_eir(hdev);
2735
2736 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2737 sizeof(ev));
2738 if (err < 0)
2739 goto failed;
2740
2741 send_event:
2742 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2743 cmd ? cmd->sk : NULL);
2744
2745 failed:
2746 if (cmd)
2747 mgmt_pending_remove(cmd);
2748 return err;
2749 }
2750
2751 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2752 u8 *randomizer, u8 status)
2753 {
2754 struct pending_cmd *cmd;
2755 int err;
2756
2757 BT_DBG("%s status %u", hdev->name, status);
2758
2759 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2760 if (!cmd)
2761 return -ENOENT;
2762
2763 if (status) {
2764 err = cmd_status(cmd->sk, hdev->id,
2765 MGMT_OP_READ_LOCAL_OOB_DATA,
2766 mgmt_status(status));
2767 } else {
2768 struct mgmt_rp_read_local_oob_data rp;
2769
2770 memcpy(rp.hash, hash, sizeof(rp.hash));
2771 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2772
2773 err = cmd_complete(cmd->sk, hdev->id,
2774 MGMT_OP_READ_LOCAL_OOB_DATA,
2775 &rp, sizeof(rp));
2776 }
2777
2778 mgmt_pending_remove(cmd);
2779
2780 return err;
2781 }
2782
2783 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2784 u8 addr_type, u8 *dev_class, s8 rssi,
2785 u8 cfm_name, u8 *eir, u16 eir_len)
2786 {
2787 char buf[512];
2788 struct mgmt_ev_device_found *ev = (void *) buf;
2789 size_t ev_size = sizeof(*ev) + eir_len;
2790
2791 if (ev_size > sizeof(buf))
2792 return -EINVAL;
2793
2794 bacpy(&ev->addr.bdaddr, bdaddr);
2795 ev->addr.type = link_to_mgmt(link_type, addr_type);
2796 ev->rssi = rssi;
2797 ev->confirm_name = cfm_name;
2798
2799 if (eir_len > 0) {
2800 put_unaligned_le16(eir_len, &ev->eir_len);
2801 memcpy(ev->eir, eir, eir_len);
2802 }
2803
2804 if (dev_class)
2805 memcpy(ev->dev_class, dev_class, sizeof(ev->dev_class));
2806
2807 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
2808 }
2809
2810 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2811 {
2812 struct mgmt_ev_remote_name ev;
2813
2814 memset(&ev, 0, sizeof(ev));
2815
2816 bacpy(&ev.bdaddr, bdaddr);
2817 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2818
2819 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2820 }
2821
2822 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2823 {
2824 struct pending_cmd *cmd;
2825 int err;
2826
2827 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2828 if (!cmd)
2829 return -ENOENT;
2830
2831 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2832 mgmt_pending_remove(cmd);
2833
2834 return err;
2835 }
2836
2837 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2838 {
2839 struct pending_cmd *cmd;
2840 int err;
2841
2842 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2843 if (!cmd)
2844 return -ENOENT;
2845
2846 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2847 mgmt_pending_remove(cmd);
2848
2849 return err;
2850 }
2851
2852 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2853 {
2854 struct pending_cmd *cmd;
2855
2856 if (discovering)
2857 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2858 else
2859 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2860
2861 if (cmd != NULL) {
2862 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2863 mgmt_pending_remove(cmd);
2864 }
2865
2866 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2867 sizeof(discovering), NULL);
2868 }
2869
2870 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2871 {
2872 struct pending_cmd *cmd;
2873 struct mgmt_ev_device_blocked ev;
2874
2875 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2876
2877 bacpy(&ev.bdaddr, bdaddr);
2878
2879 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2880 cmd ? cmd->sk : NULL);
2881 }
2882
2883 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2884 {
2885 struct pending_cmd *cmd;
2886 struct mgmt_ev_device_unblocked ev;
2887
2888 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2889
2890 bacpy(&ev.bdaddr, bdaddr);
2891
2892 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2893 cmd ? cmd->sk : NULL);
2894 }
Linux kernel - Deliverables
This page took 0.087276 seconds and 4 git commands to generate.