1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2010 Nokia Corporation 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 /* Bluetooth HCI Management interface */ 24 25 #include <linux/uaccess.h> 26 #include <asm/unaligned.h> 27 28 #include <net/bluetooth/bluetooth.h> 29 #include <net/bluetooth/hci_core.h> 30 #include <net/bluetooth/mgmt.h> 31 32 #define MGMT_VERSION 0 33 #define MGMT_REVISION 1 34 35 struct pending_cmd { 36 struct list_head list; 37 __u16 opcode; 38 int index; 39 void *cmd; 40 struct sock *sk; 41 void *user_data; 42 }; 43 44 LIST_HEAD(cmd_list); 45 46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 47 { 48 struct sk_buff *skb; 49 struct mgmt_hdr *hdr; 50 struct mgmt_ev_cmd_status *ev; 51 52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 53 54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 55 if (!skb) 56 return -ENOMEM; 57 58 hdr = (void *) skb_put(skb, sizeof(*hdr)); 59 60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 61 hdr->index = cpu_to_le16(index); 62 hdr->len = cpu_to_le16(sizeof(*ev)); 63 64 ev = (void *) skb_put(skb, sizeof(*ev)); 65 ev->status = status; 66 put_unaligned_le16(cmd, &ev->opcode); 67 68 if (sock_queue_rcv_skb(sk, skb) < 0) 69 kfree_skb(skb); 70 71 return 0; 72 } 73 74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 75 size_t rp_len) 76 { 77 struct sk_buff *skb; 78 struct mgmt_hdr *hdr; 79 struct mgmt_ev_cmd_complete *ev; 80 81 BT_DBG("sock %p", sk); 82 83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 84 if (!skb) 85 return -ENOMEM; 86 87 hdr = (void *) skb_put(skb, sizeof(*hdr)); 88 89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 90 hdr->index = cpu_to_le16(index); 91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 92 93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 94 put_unaligned_le16(cmd, &ev->opcode); 95 96 if (rp) 97 memcpy(ev->data, rp, rp_len); 98 99 if (sock_queue_rcv_skb(sk, skb) < 0) 100 kfree_skb(skb); 101 102 return 0; 103 } 104 105 static int read_version(struct sock *sk) 106 { 107 struct mgmt_rp_read_version rp; 108 109 BT_DBG("sock %p", sk); 110 111 rp.version = MGMT_VERSION; 112 put_unaligned_le16(MGMT_REVISION, &rp.revision); 113 114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 115 sizeof(rp)); 116 } 117 118 static int read_index_list(struct sock *sk) 119 { 120 struct mgmt_rp_read_index_list *rp; 121 struct list_head *p; 122 size_t rp_len; 123 u16 count; 124 int i, err; 125 126 BT_DBG("sock %p", sk); 127 128 read_lock(&hci_dev_list_lock); 129 130 count = 0; 131 list_for_each(p, &hci_dev_list) { 132 count++; 133 } 134 135 rp_len = sizeof(*rp) + (2 * count); 136 rp = kmalloc(rp_len, GFP_ATOMIC); 137 if (!rp) { 138 read_unlock(&hci_dev_list_lock); 139 return -ENOMEM; 140 } 141 142 put_unaligned_le16(count, &rp->num_controllers); 143 144 i = 0; 145 list_for_each(p, &hci_dev_list) { 146 struct hci_dev *d = list_entry(p, struct hci_dev, list); 147 148 hci_del_off_timer(d); 149 150 set_bit(HCI_MGMT, &d->flags); 151 152 if (test_bit(HCI_SETUP, &d->flags)) 153 continue; 154 155 put_unaligned_le16(d->id, &rp->index[i++]); 156 BT_DBG("Added hci%u", d->id); 157 } 158 159 read_unlock(&hci_dev_list_lock); 160 161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 162 rp_len); 163 164 kfree(rp); 165 166 return err; 167 } 168 169 static int read_controller_info(struct sock *sk, u16 index) 170 { 171 struct mgmt_rp_read_info rp; 172 struct hci_dev *hdev; 173 174 BT_DBG("sock %p hci%u", sk, index); 175 176 hdev = hci_dev_get(index); 177 if (!hdev) 178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV); 179 180 hci_del_off_timer(hdev); 181 182 hci_dev_lock_bh(hdev); 183 184 set_bit(HCI_MGMT, &hdev->flags); 185 186 rp.type = hdev->dev_type; 187 188 rp.powered = test_bit(HCI_UP, &hdev->flags); 189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags); 190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags); 191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags); 192 193 if (test_bit(HCI_AUTH, &hdev->flags)) 194 rp.sec_mode = 3; 195 else if (hdev->ssp_mode > 0) 196 rp.sec_mode = 4; 197 else 198 rp.sec_mode = 2; 199 200 bacpy(&rp.bdaddr, &hdev->bdaddr); 201 memcpy(rp.features, hdev->features, 8); 202 memcpy(rp.dev_class, hdev->dev_class, 3); 203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 204 rp.hci_ver = hdev->hci_ver; 205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev); 206 207 hci_dev_unlock_bh(hdev); 208 hci_dev_put(hdev); 209 210 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 211 } 212 213 static void mgmt_pending_free(struct pending_cmd *cmd) 214 { 215 sock_put(cmd->sk); 216 kfree(cmd->cmd); 217 kfree(cmd); 218 } 219 220 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 221 u16 index, void *data, u16 len) 222 { 223 struct pending_cmd *cmd; 224 225 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 226 if (!cmd) 227 return NULL; 228 229 cmd->opcode = opcode; 230 cmd->index = index; 231 232 cmd->cmd = kmalloc(len, GFP_ATOMIC); 233 if (!cmd->cmd) { 234 kfree(cmd); 235 return NULL; 236 } 237 238 memcpy(cmd->cmd, data, len); 239 240 cmd->sk = sk; 241 sock_hold(sk); 242 243 list_add(&cmd->list, &cmd_list); 244 245 return cmd; 246 } 247 248 static void mgmt_pending_foreach(u16 opcode, int index, 249 void (*cb)(struct pending_cmd *cmd, void *data), 250 void *data) 251 { 252 struct list_head *p, *n; 253 254 list_for_each_safe(p, n, &cmd_list) { 255 struct pending_cmd *cmd; 256 257 cmd = list_entry(p, struct pending_cmd, list); 258 259 if (cmd->opcode != opcode) 260 continue; 261 262 if (index >= 0 && cmd->index != index) 263 continue; 264 265 cb(cmd, data); 266 } 267 } 268 269 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index) 270 { 271 struct list_head *p; 272 273 list_for_each(p, &cmd_list) { 274 struct pending_cmd *cmd; 275 276 cmd = list_entry(p, struct pending_cmd, list); 277 278 if (cmd->opcode != opcode) 279 continue; 280 281 if (index >= 0 && cmd->index != index) 282 continue; 283 284 return cmd; 285 } 286 287 return NULL; 288 } 289 290 static void mgmt_pending_remove(struct pending_cmd *cmd) 291 { 292 list_del(&cmd->list); 293 mgmt_pending_free(cmd); 294 } 295 296 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 297 { 298 struct mgmt_mode *cp; 299 struct hci_dev *hdev; 300 struct pending_cmd *cmd; 301 int err, up; 302 303 cp = (void *) data; 304 305 BT_DBG("request for hci%u", index); 306 307 if (len != sizeof(*cp)) 308 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL); 309 310 hdev = hci_dev_get(index); 311 if (!hdev) 312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV); 313 314 hci_dev_lock_bh(hdev); 315 316 up = test_bit(HCI_UP, &hdev->flags); 317 if ((cp->val && up) || (!cp->val && !up)) { 318 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY); 319 goto failed; 320 } 321 322 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) { 323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY); 324 goto failed; 325 } 326 327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len); 328 if (!cmd) { 329 err = -ENOMEM; 330 goto failed; 331 } 332 333 if (cp->val) 334 queue_work(hdev->workqueue, &hdev->power_on); 335 else 336 queue_work(hdev->workqueue, &hdev->power_off); 337 338 err = 0; 339 340 failed: 341 hci_dev_unlock_bh(hdev); 342 hci_dev_put(hdev); 343 return err; 344 } 345 346 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 347 u16 len) 348 { 349 struct mgmt_mode *cp; 350 struct hci_dev *hdev; 351 struct pending_cmd *cmd; 352 u8 scan; 353 int err; 354 355 cp = (void *) data; 356 357 BT_DBG("request for hci%u", index); 358 359 if (len != sizeof(*cp)) 360 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL); 361 362 hdev = hci_dev_get(index); 363 if (!hdev) 364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV); 365 366 hci_dev_lock_bh(hdev); 367 368 if (!test_bit(HCI_UP, &hdev->flags)) { 369 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN); 370 goto failed; 371 } 372 373 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 374 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY); 376 goto failed; 377 } 378 379 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 380 test_bit(HCI_PSCAN, &hdev->flags)) { 381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY); 382 goto failed; 383 } 384 385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len); 386 if (!cmd) { 387 err = -ENOMEM; 388 goto failed; 389 } 390 391 scan = SCAN_PAGE; 392 393 if (cp->val) 394 scan |= SCAN_INQUIRY; 395 396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 397 if (err < 0) 398 mgmt_pending_remove(cmd); 399 400 failed: 401 hci_dev_unlock_bh(hdev); 402 hci_dev_put(hdev); 403 404 return err; 405 } 406 407 static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 408 u16 len) 409 { 410 struct mgmt_mode *cp; 411 struct hci_dev *hdev; 412 struct pending_cmd *cmd; 413 u8 scan; 414 int err; 415 416 cp = (void *) data; 417 418 BT_DBG("request for hci%u", index); 419 420 if (len != sizeof(*cp)) 421 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL); 422 423 hdev = hci_dev_get(index); 424 if (!hdev) 425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV); 426 427 hci_dev_lock_bh(hdev); 428 429 if (!test_bit(HCI_UP, &hdev->flags)) { 430 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN); 431 goto failed; 432 } 433 434 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 435 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY); 437 goto failed; 438 } 439 440 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY); 442 goto failed; 443 } 444 445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len); 446 if (!cmd) { 447 err = -ENOMEM; 448 goto failed; 449 } 450 451 if (cp->val) 452 scan = SCAN_PAGE; 453 else 454 scan = 0; 455 456 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 457 if (err < 0) 458 mgmt_pending_remove(cmd); 459 460 failed: 461 hci_dev_unlock_bh(hdev); 462 hci_dev_put(hdev); 463 464 return err; 465 } 466 467 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len, 468 struct sock *skip_sk) 469 { 470 struct sk_buff *skb; 471 struct mgmt_hdr *hdr; 472 473 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 474 if (!skb) 475 return -ENOMEM; 476 477 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 478 479 hdr = (void *) skb_put(skb, sizeof(*hdr)); 480 hdr->opcode = cpu_to_le16(event); 481 hdr->index = cpu_to_le16(index); 482 hdr->len = cpu_to_le16(data_len); 483 484 if (data) 485 memcpy(skb_put(skb, data_len), data, data_len); 486 487 hci_send_to_sock(NULL, skb, skip_sk); 488 kfree_skb(skb); 489 490 return 0; 491 } 492 493 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val) 494 { 495 struct mgmt_mode rp; 496 497 rp.val = val; 498 499 return cmd_complete(sk, index, opcode, &rp, sizeof(rp)); 500 } 501 502 static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 503 u16 len) 504 { 505 struct mgmt_mode *cp, ev; 506 struct hci_dev *hdev; 507 int err; 508 509 cp = (void *) data; 510 511 BT_DBG("request for hci%u", index); 512 513 if (len != sizeof(*cp)) 514 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL); 515 516 hdev = hci_dev_get(index); 517 if (!hdev) 518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV); 519 520 hci_dev_lock_bh(hdev); 521 522 if (cp->val) 523 set_bit(HCI_PAIRABLE, &hdev->flags); 524 else 525 clear_bit(HCI_PAIRABLE, &hdev->flags); 526 527 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val); 528 if (err < 0) 529 goto failed; 530 531 ev.val = cp->val; 532 533 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk); 534 535 failed: 536 hci_dev_unlock_bh(hdev); 537 hci_dev_put(hdev); 538 539 return err; 540 } 541 542 static u8 get_service_classes(struct hci_dev *hdev) 543 { 544 struct list_head *p; 545 u8 val = 0; 546 547 list_for_each(p, &hdev->uuids) { 548 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list); 549 550 val |= uuid->svc_hint; 551 } 552 553 return val; 554 } 555 556 static int update_class(struct hci_dev *hdev) 557 { 558 u8 cod[3]; 559 560 BT_DBG("%s", hdev->name); 561 562 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 563 return 0; 564 565 cod[0] = hdev->minor_class; 566 cod[1] = hdev->major_class; 567 cod[2] = get_service_classes(hdev); 568 569 if (memcmp(cod, hdev->dev_class, 3) == 0) 570 return 0; 571 572 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 573 } 574 575 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 576 { 577 struct mgmt_cp_add_uuid *cp; 578 struct hci_dev *hdev; 579 struct bt_uuid *uuid; 580 int err; 581 582 cp = (void *) data; 583 584 BT_DBG("request for hci%u", index); 585 586 if (len != sizeof(*cp)) 587 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL); 588 589 hdev = hci_dev_get(index); 590 if (!hdev) 591 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV); 592 593 hci_dev_lock_bh(hdev); 594 595 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 596 if (!uuid) { 597 err = -ENOMEM; 598 goto failed; 599 } 600 601 memcpy(uuid->uuid, cp->uuid, 16); 602 uuid->svc_hint = cp->svc_hint; 603 604 list_add(&uuid->list, &hdev->uuids); 605 606 err = update_class(hdev); 607 if (err < 0) 608 goto failed; 609 610 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 611 612 failed: 613 hci_dev_unlock_bh(hdev); 614 hci_dev_put(hdev); 615 616 return err; 617 } 618 619 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 620 { 621 struct list_head *p, *n; 622 struct mgmt_cp_remove_uuid *cp; 623 struct hci_dev *hdev; 624 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 625 int err, found; 626 627 cp = (void *) data; 628 629 BT_DBG("request for hci%u", index); 630 631 if (len != sizeof(*cp)) 632 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL); 633 634 hdev = hci_dev_get(index); 635 if (!hdev) 636 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV); 637 638 hci_dev_lock_bh(hdev); 639 640 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 641 err = hci_uuids_clear(hdev); 642 goto unlock; 643 } 644 645 found = 0; 646 647 list_for_each_safe(p, n, &hdev->uuids) { 648 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 649 650 if (memcmp(match->uuid, cp->uuid, 16) != 0) 651 continue; 652 653 list_del(&match->list); 654 found++; 655 } 656 657 if (found == 0) { 658 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT); 659 goto unlock; 660 } 661 662 err = update_class(hdev); 663 if (err < 0) 664 goto unlock; 665 666 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 667 668 unlock: 669 hci_dev_unlock_bh(hdev); 670 hci_dev_put(hdev); 671 672 return err; 673 } 674 675 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 676 u16 len) 677 { 678 struct hci_dev *hdev; 679 struct mgmt_cp_set_dev_class *cp; 680 int err; 681 682 cp = (void *) data; 683 684 BT_DBG("request for hci%u", index); 685 686 if (len != sizeof(*cp)) 687 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL); 688 689 hdev = hci_dev_get(index); 690 if (!hdev) 691 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV); 692 693 hci_dev_lock_bh(hdev); 694 695 hdev->major_class = cp->major; 696 hdev->minor_class = cp->minor; 697 698 err = update_class(hdev); 699 700 if (err == 0) 701 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 702 703 hci_dev_unlock_bh(hdev); 704 hci_dev_put(hdev); 705 706 return err; 707 } 708 709 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data, 710 u16 len) 711 { 712 struct hci_dev *hdev; 713 struct mgmt_cp_set_service_cache *cp; 714 int err; 715 716 cp = (void *) data; 717 718 if (len != sizeof(*cp)) 719 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL); 720 721 hdev = hci_dev_get(index); 722 if (!hdev) 723 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV); 724 725 hci_dev_lock_bh(hdev); 726 727 BT_DBG("hci%u enable %d", index, cp->enable); 728 729 if (cp->enable) { 730 set_bit(HCI_SERVICE_CACHE, &hdev->flags); 731 err = 0; 732 } else { 733 clear_bit(HCI_SERVICE_CACHE, &hdev->flags); 734 err = update_class(hdev); 735 } 736 737 if (err == 0) 738 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL, 739 0); 740 741 hci_dev_unlock_bh(hdev); 742 hci_dev_put(hdev); 743 744 return err; 745 } 746 747 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) 748 { 749 struct hci_dev *hdev; 750 struct mgmt_cp_load_keys *cp; 751 u16 key_count, expected_len; 752 int i; 753 754 cp = (void *) data; 755 756 if (len < sizeof(*cp)) 757 return -EINVAL; 758 759 key_count = get_unaligned_le16(&cp->key_count); 760 761 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info); 762 if (expected_len != len) { 763 BT_ERR("load_keys: expected %u bytes, got %u bytes", 764 len, expected_len); 765 return -EINVAL; 766 } 767 768 hdev = hci_dev_get(index); 769 if (!hdev) 770 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV); 771 772 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 773 key_count); 774 775 hci_dev_lock_bh(hdev); 776 777 hci_link_keys_clear(hdev); 778 779 set_bit(HCI_LINK_KEYS, &hdev->flags); 780 781 if (cp->debug_keys) 782 set_bit(HCI_DEBUG_KEYS, &hdev->flags); 783 else 784 clear_bit(HCI_DEBUG_KEYS, &hdev->flags); 785 786 for (i = 0; i < key_count; i++) { 787 struct mgmt_key_info *key = &cp->keys[i]; 788 789 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type, 790 key->pin_len); 791 } 792 793 hci_dev_unlock_bh(hdev); 794 hci_dev_put(hdev); 795 796 return 0; 797 } 798 799 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) 800 { 801 struct hci_dev *hdev; 802 struct mgmt_cp_remove_key *cp; 803 struct hci_conn *conn; 804 int err; 805 806 cp = (void *) data; 807 808 if (len != sizeof(*cp)) 809 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL); 810 811 hdev = hci_dev_get(index); 812 if (!hdev) 813 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV); 814 815 hci_dev_lock_bh(hdev); 816 817 err = hci_remove_link_key(hdev, &cp->bdaddr); 818 if (err < 0) { 819 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err); 820 goto unlock; 821 } 822 823 err = 0; 824 825 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) 826 goto unlock; 827 828 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 829 if (conn) { 830 struct hci_cp_disconnect dc; 831 832 put_unaligned_le16(conn->handle, &dc.handle); 833 dc.reason = 0x13; /* Remote User Terminated Connection */ 834 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL); 835 } 836 837 unlock: 838 hci_dev_unlock_bh(hdev); 839 hci_dev_put(hdev); 840 841 return err; 842 } 843 844 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 845 { 846 struct hci_dev *hdev; 847 struct mgmt_cp_disconnect *cp; 848 struct hci_cp_disconnect dc; 849 struct pending_cmd *cmd; 850 struct hci_conn *conn; 851 int err; 852 853 BT_DBG(""); 854 855 cp = (void *) data; 856 857 if (len != sizeof(*cp)) 858 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL); 859 860 hdev = hci_dev_get(index); 861 if (!hdev) 862 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV); 863 864 hci_dev_lock_bh(hdev); 865 866 if (!test_bit(HCI_UP, &hdev->flags)) { 867 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN); 868 goto failed; 869 } 870 871 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) { 872 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY); 873 goto failed; 874 } 875 876 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 877 if (!conn) { 878 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN); 879 goto failed; 880 } 881 882 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len); 883 if (!cmd) { 884 err = -ENOMEM; 885 goto failed; 886 } 887 888 put_unaligned_le16(conn->handle, &dc.handle); 889 dc.reason = 0x13; /* Remote User Terminated Connection */ 890 891 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 892 if (err < 0) 893 mgmt_pending_remove(cmd); 894 895 failed: 896 hci_dev_unlock_bh(hdev); 897 hci_dev_put(hdev); 898 899 return err; 900 } 901 902 static int get_connections(struct sock *sk, u16 index) 903 { 904 struct mgmt_rp_get_connections *rp; 905 struct hci_dev *hdev; 906 struct list_head *p; 907 size_t rp_len; 908 u16 count; 909 int i, err; 910 911 BT_DBG(""); 912 913 hdev = hci_dev_get(index); 914 if (!hdev) 915 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV); 916 917 hci_dev_lock_bh(hdev); 918 919 count = 0; 920 list_for_each(p, &hdev->conn_hash.list) { 921 count++; 922 } 923 924 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t)); 925 rp = kmalloc(rp_len, GFP_ATOMIC); 926 if (!rp) { 927 err = -ENOMEM; 928 goto unlock; 929 } 930 931 put_unaligned_le16(count, &rp->conn_count); 932 933 read_lock(&hci_dev_list_lock); 934 935 i = 0; 936 list_for_each(p, &hdev->conn_hash.list) { 937 struct hci_conn *c = list_entry(p, struct hci_conn, list); 938 939 bacpy(&rp->conn[i++], &c->dst); 940 } 941 942 read_unlock(&hci_dev_list_lock); 943 944 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 945 946 unlock: 947 kfree(rp); 948 hci_dev_unlock_bh(hdev); 949 hci_dev_put(hdev); 950 return err; 951 } 952 953 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 954 u16 len) 955 { 956 struct hci_dev *hdev; 957 struct mgmt_cp_pin_code_reply *cp; 958 struct hci_cp_pin_code_reply reply; 959 struct pending_cmd *cmd; 960 int err; 961 962 BT_DBG(""); 963 964 cp = (void *) data; 965 966 if (len != sizeof(*cp)) 967 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL); 968 969 hdev = hci_dev_get(index); 970 if (!hdev) 971 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV); 972 973 hci_dev_lock_bh(hdev); 974 975 if (!test_bit(HCI_UP, &hdev->flags)) { 976 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN); 977 goto failed; 978 } 979 980 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len); 981 if (!cmd) { 982 err = -ENOMEM; 983 goto failed; 984 } 985 986 bacpy(&reply.bdaddr, &cp->bdaddr); 987 reply.pin_len = cp->pin_len; 988 memcpy(reply.pin_code, cp->pin_code, 16); 989 990 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 991 if (err < 0) 992 mgmt_pending_remove(cmd); 993 994 failed: 995 hci_dev_unlock_bh(hdev); 996 hci_dev_put(hdev); 997 998 return err; 999 } 1000 1001 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1002 u16 len) 1003 { 1004 struct hci_dev *hdev; 1005 struct mgmt_cp_pin_code_neg_reply *cp; 1006 struct pending_cmd *cmd; 1007 int err; 1008 1009 BT_DBG(""); 1010 1011 cp = (void *) data; 1012 1013 if (len != sizeof(*cp)) 1014 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1015 EINVAL); 1016 1017 hdev = hci_dev_get(index); 1018 if (!hdev) 1019 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1020 ENODEV); 1021 1022 hci_dev_lock_bh(hdev); 1023 1024 if (!test_bit(HCI_UP, &hdev->flags)) { 1025 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1026 ENETDOWN); 1027 goto failed; 1028 } 1029 1030 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, 1031 data, len); 1032 if (!cmd) { 1033 err = -ENOMEM; 1034 goto failed; 1035 } 1036 1037 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1038 &cp->bdaddr); 1039 if (err < 0) 1040 mgmt_pending_remove(cmd); 1041 1042 failed: 1043 hci_dev_unlock_bh(hdev); 1044 hci_dev_put(hdev); 1045 1046 return err; 1047 } 1048 1049 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1050 u16 len) 1051 { 1052 struct hci_dev *hdev; 1053 struct mgmt_cp_set_io_capability *cp; 1054 1055 BT_DBG(""); 1056 1057 cp = (void *) data; 1058 1059 if (len != sizeof(*cp)) 1060 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL); 1061 1062 hdev = hci_dev_get(index); 1063 if (!hdev) 1064 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV); 1065 1066 hci_dev_lock_bh(hdev); 1067 1068 hdev->io_capability = cp->io_capability; 1069 1070 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1071 hdev->io_capability); 1072 1073 hci_dev_unlock_bh(hdev); 1074 hci_dev_put(hdev); 1075 1076 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1077 } 1078 1079 static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1080 { 1081 struct hci_dev *hdev = conn->hdev; 1082 struct list_head *p; 1083 1084 list_for_each(p, &cmd_list) { 1085 struct pending_cmd *cmd; 1086 1087 cmd = list_entry(p, struct pending_cmd, list); 1088 1089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1090 continue; 1091 1092 if (cmd->index != hdev->id) 1093 continue; 1094 1095 if (cmd->user_data != conn) 1096 continue; 1097 1098 return cmd; 1099 } 1100 1101 return NULL; 1102 } 1103 1104 static void pairing_complete(struct pending_cmd *cmd, u8 status) 1105 { 1106 struct mgmt_rp_pair_device rp; 1107 struct hci_conn *conn = cmd->user_data; 1108 1109 bacpy(&rp.bdaddr, &conn->dst); 1110 rp.status = status; 1111 1112 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1113 1114 /* So we don't get further callbacks for this connection */ 1115 conn->connect_cfm_cb = NULL; 1116 conn->security_cfm_cb = NULL; 1117 conn->disconn_cfm_cb = NULL; 1118 1119 hci_conn_put(conn); 1120 1121 mgmt_pending_remove(cmd); 1122 } 1123 1124 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1125 { 1126 struct pending_cmd *cmd; 1127 1128 BT_DBG("status %u", status); 1129 1130 cmd = find_pairing(conn); 1131 if (!cmd) { 1132 BT_DBG("Unable to find a pending command"); 1133 return; 1134 } 1135 1136 pairing_complete(cmd, status); 1137 } 1138 1139 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1140 { 1141 struct hci_dev *hdev; 1142 struct mgmt_cp_pair_device *cp; 1143 struct pending_cmd *cmd; 1144 u8 sec_level, auth_type; 1145 struct hci_conn *conn; 1146 int err; 1147 1148 BT_DBG(""); 1149 1150 cp = (void *) data; 1151 1152 if (len != sizeof(*cp)) 1153 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL); 1154 1155 hdev = hci_dev_get(index); 1156 if (!hdev) 1157 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV); 1158 1159 hci_dev_lock_bh(hdev); 1160 1161 if (cp->io_cap == 0x03) { 1162 sec_level = BT_SECURITY_MEDIUM; 1163 auth_type = HCI_AT_DEDICATED_BONDING; 1164 } else { 1165 sec_level = BT_SECURITY_HIGH; 1166 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1167 } 1168 1169 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type); 1170 if (IS_ERR(conn)) { 1171 err = PTR_ERR(conn); 1172 goto unlock; 1173 } 1174 1175 if (conn->connect_cfm_cb) { 1176 hci_conn_put(conn); 1177 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY); 1178 goto unlock; 1179 } 1180 1181 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len); 1182 if (!cmd) { 1183 err = -ENOMEM; 1184 hci_conn_put(conn); 1185 goto unlock; 1186 } 1187 1188 conn->connect_cfm_cb = pairing_complete_cb; 1189 conn->security_cfm_cb = pairing_complete_cb; 1190 conn->disconn_cfm_cb = pairing_complete_cb; 1191 conn->io_capability = cp->io_cap; 1192 cmd->user_data = conn; 1193 1194 if (conn->state == BT_CONNECTED && 1195 hci_conn_security(conn, sec_level, auth_type)) 1196 pairing_complete(cmd, 0); 1197 1198 err = 0; 1199 1200 unlock: 1201 hci_dev_unlock_bh(hdev); 1202 hci_dev_put(hdev); 1203 1204 return err; 1205 } 1206 1207 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data, 1208 u16 len, int success) 1209 { 1210 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 1211 u16 mgmt_op, hci_op; 1212 struct pending_cmd *cmd; 1213 struct hci_dev *hdev; 1214 int err; 1215 1216 BT_DBG(""); 1217 1218 if (success) { 1219 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY; 1220 hci_op = HCI_OP_USER_CONFIRM_REPLY; 1221 } else { 1222 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY; 1223 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY; 1224 } 1225 1226 if (len != sizeof(*cp)) 1227 return cmd_status(sk, index, mgmt_op, EINVAL); 1228 1229 hdev = hci_dev_get(index); 1230 if (!hdev) 1231 return cmd_status(sk, index, mgmt_op, ENODEV); 1232 1233 if (!test_bit(HCI_UP, &hdev->flags)) { 1234 err = cmd_status(sk, index, mgmt_op, ENETDOWN); 1235 goto failed; 1236 } 1237 1238 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len); 1239 if (!cmd) { 1240 err = -ENOMEM; 1241 goto failed; 1242 } 1243 1244 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr); 1245 if (err < 0) 1246 mgmt_pending_remove(cmd); 1247 1248 failed: 1249 hci_dev_unlock_bh(hdev); 1250 hci_dev_put(hdev); 1251 1252 return err; 1253 } 1254 1255 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 1256 { 1257 unsigned char *buf; 1258 struct mgmt_hdr *hdr; 1259 u16 opcode, index, len; 1260 int err; 1261 1262 BT_DBG("got %zu bytes", msglen); 1263 1264 if (msglen < sizeof(*hdr)) 1265 return -EINVAL; 1266 1267 buf = kmalloc(msglen, GFP_ATOMIC); 1268 if (!buf) 1269 return -ENOMEM; 1270 1271 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 1272 err = -EFAULT; 1273 goto done; 1274 } 1275 1276 hdr = (struct mgmt_hdr *) buf; 1277 opcode = get_unaligned_le16(&hdr->opcode); 1278 index = get_unaligned_le16(&hdr->index); 1279 len = get_unaligned_le16(&hdr->len); 1280 1281 if (len != msglen - sizeof(*hdr)) { 1282 err = -EINVAL; 1283 goto done; 1284 } 1285 1286 switch (opcode) { 1287 case MGMT_OP_READ_VERSION: 1288 err = read_version(sk); 1289 break; 1290 case MGMT_OP_READ_INDEX_LIST: 1291 err = read_index_list(sk); 1292 break; 1293 case MGMT_OP_READ_INFO: 1294 err = read_controller_info(sk, index); 1295 break; 1296 case MGMT_OP_SET_POWERED: 1297 err = set_powered(sk, index, buf + sizeof(*hdr), len); 1298 break; 1299 case MGMT_OP_SET_DISCOVERABLE: 1300 err = set_discoverable(sk, index, buf + sizeof(*hdr), len); 1301 break; 1302 case MGMT_OP_SET_CONNECTABLE: 1303 err = set_connectable(sk, index, buf + sizeof(*hdr), len); 1304 break; 1305 case MGMT_OP_SET_PAIRABLE: 1306 err = set_pairable(sk, index, buf + sizeof(*hdr), len); 1307 break; 1308 case MGMT_OP_ADD_UUID: 1309 err = add_uuid(sk, index, buf + sizeof(*hdr), len); 1310 break; 1311 case MGMT_OP_REMOVE_UUID: 1312 err = remove_uuid(sk, index, buf + sizeof(*hdr), len); 1313 break; 1314 case MGMT_OP_SET_DEV_CLASS: 1315 err = set_dev_class(sk, index, buf + sizeof(*hdr), len); 1316 break; 1317 case MGMT_OP_SET_SERVICE_CACHE: 1318 err = set_service_cache(sk, index, buf + sizeof(*hdr), len); 1319 break; 1320 case MGMT_OP_LOAD_KEYS: 1321 err = load_keys(sk, index, buf + sizeof(*hdr), len); 1322 break; 1323 case MGMT_OP_REMOVE_KEY: 1324 err = remove_key(sk, index, buf + sizeof(*hdr), len); 1325 break; 1326 case MGMT_OP_DISCONNECT: 1327 err = disconnect(sk, index, buf + sizeof(*hdr), len); 1328 break; 1329 case MGMT_OP_GET_CONNECTIONS: 1330 err = get_connections(sk, index); 1331 break; 1332 case MGMT_OP_PIN_CODE_REPLY: 1333 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len); 1334 break; 1335 case MGMT_OP_PIN_CODE_NEG_REPLY: 1336 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len); 1337 break; 1338 case MGMT_OP_SET_IO_CAPABILITY: 1339 err = set_io_capability(sk, index, buf + sizeof(*hdr), len); 1340 break; 1341 case MGMT_OP_PAIR_DEVICE: 1342 err = pair_device(sk, index, buf + sizeof(*hdr), len); 1343 break; 1344 case MGMT_OP_USER_CONFIRM_REPLY: 1345 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1); 1346 break; 1347 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 1348 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0); 1349 break; 1350 default: 1351 BT_DBG("Unknown op %u", opcode); 1352 err = cmd_status(sk, index, opcode, 0x01); 1353 break; 1354 } 1355 1356 if (err < 0) 1357 goto done; 1358 1359 err = msglen; 1360 1361 done: 1362 kfree(buf); 1363 return err; 1364 } 1365 1366 int mgmt_index_added(u16 index) 1367 { 1368 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL); 1369 } 1370 1371 int mgmt_index_removed(u16 index) 1372 { 1373 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL); 1374 } 1375 1376 struct cmd_lookup { 1377 u8 val; 1378 struct sock *sk; 1379 }; 1380 1381 static void mode_rsp(struct pending_cmd *cmd, void *data) 1382 { 1383 struct mgmt_mode *cp = cmd->cmd; 1384 struct cmd_lookup *match = data; 1385 1386 if (cp->val != match->val) 1387 return; 1388 1389 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val); 1390 1391 list_del(&cmd->list); 1392 1393 if (match->sk == NULL) { 1394 match->sk = cmd->sk; 1395 sock_hold(match->sk); 1396 } 1397 1398 mgmt_pending_free(cmd); 1399 } 1400 1401 int mgmt_powered(u16 index, u8 powered) 1402 { 1403 struct mgmt_mode ev; 1404 struct cmd_lookup match = { powered, NULL }; 1405 int ret; 1406 1407 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match); 1408 1409 ev.val = powered; 1410 1411 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk); 1412 1413 if (match.sk) 1414 sock_put(match.sk); 1415 1416 return ret; 1417 } 1418 1419 int mgmt_discoverable(u16 index, u8 discoverable) 1420 { 1421 struct mgmt_mode ev; 1422 struct cmd_lookup match = { discoverable, NULL }; 1423 int ret; 1424 1425 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match); 1426 1427 ev.val = discoverable; 1428 1429 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev), 1430 match.sk); 1431 1432 if (match.sk) 1433 sock_put(match.sk); 1434 1435 return ret; 1436 } 1437 1438 int mgmt_connectable(u16 index, u8 connectable) 1439 { 1440 struct mgmt_mode ev; 1441 struct cmd_lookup match = { connectable, NULL }; 1442 int ret; 1443 1444 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match); 1445 1446 ev.val = connectable; 1447 1448 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk); 1449 1450 if (match.sk) 1451 sock_put(match.sk); 1452 1453 return ret; 1454 } 1455 1456 int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type) 1457 { 1458 struct mgmt_ev_new_key ev; 1459 1460 memset(&ev, 0, sizeof(ev)); 1461 1462 bacpy(&ev.key.bdaddr, &key->bdaddr); 1463 ev.key.type = key->type; 1464 memcpy(ev.key.val, key->val, 16); 1465 ev.key.pin_len = key->pin_len; 1466 ev.old_key_type = old_key_type; 1467 1468 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL); 1469 } 1470 1471 int mgmt_connected(u16 index, bdaddr_t *bdaddr) 1472 { 1473 struct mgmt_ev_connected ev; 1474 1475 bacpy(&ev.bdaddr, bdaddr); 1476 1477 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL); 1478 } 1479 1480 static void disconnect_rsp(struct pending_cmd *cmd, void *data) 1481 { 1482 struct mgmt_cp_disconnect *cp = cmd->cmd; 1483 struct sock **sk = data; 1484 struct mgmt_rp_disconnect rp; 1485 1486 bacpy(&rp.bdaddr, &cp->bdaddr); 1487 1488 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 1489 1490 *sk = cmd->sk; 1491 sock_hold(*sk); 1492 1493 mgmt_pending_remove(cmd); 1494 } 1495 1496 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr) 1497 { 1498 struct mgmt_ev_disconnected ev; 1499 struct sock *sk = NULL; 1500 int err; 1501 1502 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk); 1503 1504 bacpy(&ev.bdaddr, bdaddr); 1505 1506 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk); 1507 1508 if (sk) 1509 sock_put(sk); 1510 1511 return err; 1512 } 1513 1514 int mgmt_disconnect_failed(u16 index) 1515 { 1516 struct pending_cmd *cmd; 1517 int err; 1518 1519 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index); 1520 if (!cmd) 1521 return -ENOENT; 1522 1523 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO); 1524 1525 mgmt_pending_remove(cmd); 1526 1527 return err; 1528 } 1529 1530 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status) 1531 { 1532 struct mgmt_ev_connect_failed ev; 1533 1534 bacpy(&ev.bdaddr, bdaddr); 1535 ev.status = status; 1536 1537 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL); 1538 } 1539 1540 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr) 1541 { 1542 struct mgmt_ev_pin_code_request ev; 1543 1544 bacpy(&ev.bdaddr, bdaddr); 1545 1546 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev), 1547 NULL); 1548 } 1549 1550 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 1551 { 1552 struct pending_cmd *cmd; 1553 struct mgmt_rp_pin_code_reply rp; 1554 int err; 1555 1556 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index); 1557 if (!cmd) 1558 return -ENOENT; 1559 1560 bacpy(&rp.bdaddr, bdaddr); 1561 rp.status = status; 1562 1563 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp, 1564 sizeof(rp)); 1565 1566 mgmt_pending_remove(cmd); 1567 1568 return err; 1569 } 1570 1571 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 1572 { 1573 struct pending_cmd *cmd; 1574 struct mgmt_rp_pin_code_reply rp; 1575 int err; 1576 1577 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index); 1578 if (!cmd) 1579 return -ENOENT; 1580 1581 bacpy(&rp.bdaddr, bdaddr); 1582 rp.status = status; 1583 1584 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 1585 sizeof(rp)); 1586 1587 mgmt_pending_remove(cmd); 1588 1589 return err; 1590 } 1591 1592 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value) 1593 { 1594 struct mgmt_ev_user_confirm_request ev; 1595 1596 BT_DBG("hci%u", index); 1597 1598 bacpy(&ev.bdaddr, bdaddr); 1599 put_unaligned_le32(value, &ev.value); 1600 1601 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev), 1602 NULL); 1603 } 1604 1605 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status, 1606 u8 opcode) 1607 { 1608 struct pending_cmd *cmd; 1609 struct mgmt_rp_user_confirm_reply rp; 1610 int err; 1611 1612 cmd = mgmt_pending_find(opcode, index); 1613 if (!cmd) 1614 return -ENOENT; 1615 1616 bacpy(&rp.bdaddr, bdaddr); 1617 rp.status = status; 1618 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp)); 1619 1620 mgmt_pending_remove(cmd); 1621 1622 return err; 1623 } 1624 1625 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 1626 { 1627 return confirm_reply_complete(index, bdaddr, status, 1628 MGMT_OP_USER_CONFIRM_REPLY); 1629 } 1630 1631 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 1632 { 1633 return confirm_reply_complete(index, bdaddr, status, 1634 MGMT_OP_USER_CONFIRM_NEG_REPLY); 1635 } 1636 1637 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status) 1638 { 1639 struct mgmt_ev_auth_failed ev; 1640 1641 bacpy(&ev.bdaddr, bdaddr); 1642 ev.status = status; 1643 1644 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL); 1645 } 1646