1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2010 Nokia Corporation 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 /* Bluetooth HCI Management interface */ 24 25 #include <linux/uaccess.h> 26 #include <linux/module.h> 27 #include <asm/unaligned.h> 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/mgmt.h> 32 33 #define MGMT_VERSION 0 34 #define MGMT_REVISION 1 35 36 struct pending_cmd { 37 struct list_head list; 38 __u16 opcode; 39 int index; 40 void *param; 41 struct sock *sk; 42 void *user_data; 43 }; 44 45 static LIST_HEAD(cmd_list); 46 47 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 48 { 49 struct sk_buff *skb; 50 struct mgmt_hdr *hdr; 51 struct mgmt_ev_cmd_status *ev; 52 53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 54 55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 56 if (!skb) 57 return -ENOMEM; 58 59 hdr = (void *) skb_put(skb, sizeof(*hdr)); 60 61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 62 hdr->index = cpu_to_le16(index); 63 hdr->len = cpu_to_le16(sizeof(*ev)); 64 65 ev = (void *) skb_put(skb, sizeof(*ev)); 66 ev->status = status; 67 put_unaligned_le16(cmd, &ev->opcode); 68 69 if (sock_queue_rcv_skb(sk, skb) < 0) 70 kfree_skb(skb); 71 72 return 0; 73 } 74 75 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 76 size_t rp_len) 77 { 78 struct sk_buff *skb; 79 struct mgmt_hdr *hdr; 80 struct mgmt_ev_cmd_complete *ev; 81 82 BT_DBG("sock %p", sk); 83 84 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 85 if (!skb) 86 return -ENOMEM; 87 88 hdr = (void *) skb_put(skb, sizeof(*hdr)); 89 90 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 91 hdr->index = cpu_to_le16(index); 92 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 93 94 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 95 put_unaligned_le16(cmd, &ev->opcode); 96 97 if (rp) 98 memcpy(ev->data, rp, rp_len); 99 100 if (sock_queue_rcv_skb(sk, skb) < 0) 101 kfree_skb(skb); 102 103 return 0; 104 } 105 106 static int read_version(struct sock *sk) 107 { 108 struct mgmt_rp_read_version rp; 109 110 BT_DBG("sock %p", sk); 111 112 rp.version = MGMT_VERSION; 113 put_unaligned_le16(MGMT_REVISION, &rp.revision); 114 115 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 116 sizeof(rp)); 117 } 118 119 static int read_index_list(struct sock *sk) 120 { 121 struct mgmt_rp_read_index_list *rp; 122 struct list_head *p; 123 size_t rp_len; 124 u16 count; 125 int i, err; 126 127 BT_DBG("sock %p", sk); 128 129 read_lock(&hci_dev_list_lock); 130 131 count = 0; 132 list_for_each(p, &hci_dev_list) { 133 count++; 134 } 135 136 rp_len = sizeof(*rp) + (2 * count); 137 rp = kmalloc(rp_len, GFP_ATOMIC); 138 if (!rp) { 139 read_unlock(&hci_dev_list_lock); 140 return -ENOMEM; 141 } 142 143 put_unaligned_le16(count, &rp->num_controllers); 144 145 i = 0; 146 list_for_each(p, &hci_dev_list) { 147 struct hci_dev *d = list_entry(p, struct hci_dev, list); 148 149 hci_del_off_timer(d); 150 151 if (test_bit(HCI_SETUP, &d->flags)) 152 continue; 153 154 put_unaligned_le16(d->id, &rp->index[i++]); 155 BT_DBG("Added hci%u", d->id); 156 } 157 158 read_unlock(&hci_dev_list_lock); 159 160 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 161 rp_len); 162 163 kfree(rp); 164 165 return err; 166 } 167 168 static int read_controller_info(struct sock *sk, u16 index) 169 { 170 struct mgmt_rp_read_info rp; 171 struct hci_dev *hdev; 172 173 BT_DBG("sock %p hci%u", sk, index); 174 175 hdev = hci_dev_get(index); 176 if (!hdev) 177 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV); 178 179 hci_del_off_timer(hdev); 180 181 hci_dev_lock_bh(hdev); 182 183 set_bit(HCI_MGMT, &hdev->flags); 184 185 memset(&rp, 0, sizeof(rp)); 186 187 rp.type = hdev->dev_type; 188 189 rp.powered = test_bit(HCI_UP, &hdev->flags); 190 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags); 191 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags); 192 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags); 193 194 if (test_bit(HCI_AUTH, &hdev->flags)) 195 rp.sec_mode = 3; 196 else if (hdev->ssp_mode > 0) 197 rp.sec_mode = 4; 198 else 199 rp.sec_mode = 2; 200 201 bacpy(&rp.bdaddr, &hdev->bdaddr); 202 memcpy(rp.features, hdev->features, 8); 203 memcpy(rp.dev_class, hdev->dev_class, 3); 204 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 205 rp.hci_ver = hdev->hci_ver; 206 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev); 207 208 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 209 210 hci_dev_unlock_bh(hdev); 211 hci_dev_put(hdev); 212 213 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 214 } 215 216 static void mgmt_pending_free(struct pending_cmd *cmd) 217 { 218 sock_put(cmd->sk); 219 kfree(cmd->param); 220 kfree(cmd); 221 } 222 223 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 224 u16 index, void *data, u16 len) 225 { 226 struct pending_cmd *cmd; 227 228 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 229 if (!cmd) 230 return NULL; 231 232 cmd->opcode = opcode; 233 cmd->index = index; 234 235 cmd->param = kmalloc(len, GFP_ATOMIC); 236 if (!cmd->param) { 237 kfree(cmd); 238 return NULL; 239 } 240 241 if (data) 242 memcpy(cmd->param, data, len); 243 244 cmd->sk = sk; 245 sock_hold(sk); 246 247 list_add(&cmd->list, &cmd_list); 248 249 return cmd; 250 } 251 252 static void mgmt_pending_foreach(u16 opcode, int index, 253 void (*cb)(struct pending_cmd *cmd, void *data), 254 void *data) 255 { 256 struct list_head *p, *n; 257 258 list_for_each_safe(p, n, &cmd_list) { 259 struct pending_cmd *cmd; 260 261 cmd = list_entry(p, struct pending_cmd, list); 262 263 if (cmd->opcode != opcode) 264 continue; 265 266 if (index >= 0 && cmd->index != index) 267 continue; 268 269 cb(cmd, data); 270 } 271 } 272 273 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index) 274 { 275 struct list_head *p; 276 277 list_for_each(p, &cmd_list) { 278 struct pending_cmd *cmd; 279 280 cmd = list_entry(p, struct pending_cmd, list); 281 282 if (cmd->opcode != opcode) 283 continue; 284 285 if (index >= 0 && cmd->index != index) 286 continue; 287 288 return cmd; 289 } 290 291 return NULL; 292 } 293 294 static void mgmt_pending_remove(struct pending_cmd *cmd) 295 { 296 list_del(&cmd->list); 297 mgmt_pending_free(cmd); 298 } 299 300 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 301 { 302 struct mgmt_mode *cp; 303 struct hci_dev *hdev; 304 struct pending_cmd *cmd; 305 int err, up; 306 307 cp = (void *) data; 308 309 BT_DBG("request for hci%u", index); 310 311 if (len != sizeof(*cp)) 312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL); 313 314 hdev = hci_dev_get(index); 315 if (!hdev) 316 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV); 317 318 hci_dev_lock_bh(hdev); 319 320 up = test_bit(HCI_UP, &hdev->flags); 321 if ((cp->val && up) || (!cp->val && !up)) { 322 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY); 323 goto failed; 324 } 325 326 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) { 327 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY); 328 goto failed; 329 } 330 331 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len); 332 if (!cmd) { 333 err = -ENOMEM; 334 goto failed; 335 } 336 337 if (cp->val) 338 queue_work(hdev->workqueue, &hdev->power_on); 339 else 340 queue_work(hdev->workqueue, &hdev->power_off); 341 342 err = 0; 343 344 failed: 345 hci_dev_unlock_bh(hdev); 346 hci_dev_put(hdev); 347 return err; 348 } 349 350 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 351 u16 len) 352 { 353 struct mgmt_mode *cp; 354 struct hci_dev *hdev; 355 struct pending_cmd *cmd; 356 u8 scan; 357 int err; 358 359 cp = (void *) data; 360 361 BT_DBG("request for hci%u", index); 362 363 if (len != sizeof(*cp)) 364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL); 365 366 hdev = hci_dev_get(index); 367 if (!hdev) 368 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV); 369 370 hci_dev_lock_bh(hdev); 371 372 if (!test_bit(HCI_UP, &hdev->flags)) { 373 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN); 374 goto failed; 375 } 376 377 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 378 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 379 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY); 380 goto failed; 381 } 382 383 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 384 test_bit(HCI_PSCAN, &hdev->flags)) { 385 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY); 386 goto failed; 387 } 388 389 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len); 390 if (!cmd) { 391 err = -ENOMEM; 392 goto failed; 393 } 394 395 scan = SCAN_PAGE; 396 397 if (cp->val) 398 scan |= SCAN_INQUIRY; 399 400 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 401 if (err < 0) 402 mgmt_pending_remove(cmd); 403 404 failed: 405 hci_dev_unlock_bh(hdev); 406 hci_dev_put(hdev); 407 408 return err; 409 } 410 411 static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 412 u16 len) 413 { 414 struct mgmt_mode *cp; 415 struct hci_dev *hdev; 416 struct pending_cmd *cmd; 417 u8 scan; 418 int err; 419 420 cp = (void *) data; 421 422 BT_DBG("request for hci%u", index); 423 424 if (len != sizeof(*cp)) 425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL); 426 427 hdev = hci_dev_get(index); 428 if (!hdev) 429 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV); 430 431 hci_dev_lock_bh(hdev); 432 433 if (!test_bit(HCI_UP, &hdev->flags)) { 434 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN); 435 goto failed; 436 } 437 438 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 439 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 440 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY); 441 goto failed; 442 } 443 444 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 445 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY); 446 goto failed; 447 } 448 449 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len); 450 if (!cmd) { 451 err = -ENOMEM; 452 goto failed; 453 } 454 455 if (cp->val) 456 scan = SCAN_PAGE; 457 else 458 scan = 0; 459 460 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 461 if (err < 0) 462 mgmt_pending_remove(cmd); 463 464 failed: 465 hci_dev_unlock_bh(hdev); 466 hci_dev_put(hdev); 467 468 return err; 469 } 470 471 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len, 472 struct sock *skip_sk) 473 { 474 struct sk_buff *skb; 475 struct mgmt_hdr *hdr; 476 477 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 478 if (!skb) 479 return -ENOMEM; 480 481 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 482 483 hdr = (void *) skb_put(skb, sizeof(*hdr)); 484 hdr->opcode = cpu_to_le16(event); 485 hdr->index = cpu_to_le16(index); 486 hdr->len = cpu_to_le16(data_len); 487 488 if (data) 489 memcpy(skb_put(skb, data_len), data, data_len); 490 491 hci_send_to_sock(NULL, skb, skip_sk); 492 kfree_skb(skb); 493 494 return 0; 495 } 496 497 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val) 498 { 499 struct mgmt_mode rp; 500 501 rp.val = val; 502 503 return cmd_complete(sk, index, opcode, &rp, sizeof(rp)); 504 } 505 506 static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 507 u16 len) 508 { 509 struct mgmt_mode *cp, ev; 510 struct hci_dev *hdev; 511 int err; 512 513 cp = (void *) data; 514 515 BT_DBG("request for hci%u", index); 516 517 if (len != sizeof(*cp)) 518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL); 519 520 hdev = hci_dev_get(index); 521 if (!hdev) 522 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV); 523 524 hci_dev_lock_bh(hdev); 525 526 if (cp->val) 527 set_bit(HCI_PAIRABLE, &hdev->flags); 528 else 529 clear_bit(HCI_PAIRABLE, &hdev->flags); 530 531 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val); 532 if (err < 0) 533 goto failed; 534 535 ev.val = cp->val; 536 537 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk); 538 539 failed: 540 hci_dev_unlock_bh(hdev); 541 hci_dev_put(hdev); 542 543 return err; 544 } 545 546 #define EIR_FLAGS 0x01 /* flags */ 547 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */ 548 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */ 549 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */ 550 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */ 551 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */ 552 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */ 553 #define EIR_NAME_SHORT 0x08 /* shortened local name */ 554 #define EIR_NAME_COMPLETE 0x09 /* complete local name */ 555 #define EIR_TX_POWER 0x0A /* transmit power level */ 556 #define EIR_DEVICE_ID 0x10 /* device ID */ 557 558 #define PNP_INFO_SVCLASS_ID 0x1200 559 560 static u8 bluetooth_base_uuid[] = { 561 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 562 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 563 }; 564 565 static u16 get_uuid16(u8 *uuid128) 566 { 567 u32 val; 568 int i; 569 570 for (i = 0; i < 12; i++) { 571 if (bluetooth_base_uuid[i] != uuid128[i]) 572 return 0; 573 } 574 575 memcpy(&val, &uuid128[12], 4); 576 577 val = le32_to_cpu(val); 578 if (val > 0xffff) 579 return 0; 580 581 return (u16) val; 582 } 583 584 static void create_eir(struct hci_dev *hdev, u8 *data) 585 { 586 u8 *ptr = data; 587 u16 eir_len = 0; 588 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 589 int i, truncated = 0; 590 struct list_head *p; 591 size_t name_len; 592 593 name_len = strlen(hdev->dev_name); 594 595 if (name_len > 0) { 596 /* EIR Data type */ 597 if (name_len > 48) { 598 name_len = 48; 599 ptr[1] = EIR_NAME_SHORT; 600 } else 601 ptr[1] = EIR_NAME_COMPLETE; 602 603 /* EIR Data length */ 604 ptr[0] = name_len + 1; 605 606 memcpy(ptr + 2, hdev->dev_name, name_len); 607 608 eir_len += (name_len + 2); 609 ptr += (name_len + 2); 610 } 611 612 memset(uuid16_list, 0, sizeof(uuid16_list)); 613 614 /* Group all UUID16 types */ 615 list_for_each(p, &hdev->uuids) { 616 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list); 617 u16 uuid16; 618 619 uuid16 = get_uuid16(uuid->uuid); 620 if (uuid16 == 0) 621 return; 622 623 if (uuid16 < 0x1100) 624 continue; 625 626 if (uuid16 == PNP_INFO_SVCLASS_ID) 627 continue; 628 629 /* Stop if not enough space to put next UUID */ 630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 631 truncated = 1; 632 break; 633 } 634 635 /* Check for duplicates */ 636 for (i = 0; uuid16_list[i] != 0; i++) 637 if (uuid16_list[i] == uuid16) 638 break; 639 640 if (uuid16_list[i] == 0) { 641 uuid16_list[i] = uuid16; 642 eir_len += sizeof(u16); 643 } 644 } 645 646 if (uuid16_list[0] != 0) { 647 u8 *length = ptr; 648 649 /* EIR Data type */ 650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 651 652 ptr += 2; 653 eir_len += 2; 654 655 for (i = 0; uuid16_list[i] != 0; i++) { 656 *ptr++ = (uuid16_list[i] & 0x00ff); 657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 658 } 659 660 /* EIR Data length */ 661 *length = (i * sizeof(u16)) + 1; 662 } 663 } 664 665 static int update_eir(struct hci_dev *hdev) 666 { 667 struct hci_cp_write_eir cp; 668 669 if (!(hdev->features[6] & LMP_EXT_INQ)) 670 return 0; 671 672 if (hdev->ssp_mode == 0) 673 return 0; 674 675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 676 return 0; 677 678 memset(&cp, 0, sizeof(cp)); 679 680 create_eir(hdev, cp.data); 681 682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 683 return 0; 684 685 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 686 687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 688 } 689 690 static u8 get_service_classes(struct hci_dev *hdev) 691 { 692 struct list_head *p; 693 u8 val = 0; 694 695 list_for_each(p, &hdev->uuids) { 696 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list); 697 698 val |= uuid->svc_hint; 699 } 700 701 return val; 702 } 703 704 static int update_class(struct hci_dev *hdev) 705 { 706 u8 cod[3]; 707 708 BT_DBG("%s", hdev->name); 709 710 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 711 return 0; 712 713 cod[0] = hdev->minor_class; 714 cod[1] = hdev->major_class; 715 cod[2] = get_service_classes(hdev); 716 717 if (memcmp(cod, hdev->dev_class, 3) == 0) 718 return 0; 719 720 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 721 } 722 723 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 724 { 725 struct mgmt_cp_add_uuid *cp; 726 struct hci_dev *hdev; 727 struct bt_uuid *uuid; 728 int err; 729 730 cp = (void *) data; 731 732 BT_DBG("request for hci%u", index); 733 734 if (len != sizeof(*cp)) 735 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL); 736 737 hdev = hci_dev_get(index); 738 if (!hdev) 739 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV); 740 741 hci_dev_lock_bh(hdev); 742 743 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 744 if (!uuid) { 745 err = -ENOMEM; 746 goto failed; 747 } 748 749 memcpy(uuid->uuid, cp->uuid, 16); 750 uuid->svc_hint = cp->svc_hint; 751 752 list_add(&uuid->list, &hdev->uuids); 753 754 err = update_class(hdev); 755 if (err < 0) 756 goto failed; 757 758 err = update_eir(hdev); 759 if (err < 0) 760 goto failed; 761 762 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 763 764 failed: 765 hci_dev_unlock_bh(hdev); 766 hci_dev_put(hdev); 767 768 return err; 769 } 770 771 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 772 { 773 struct list_head *p, *n; 774 struct mgmt_cp_remove_uuid *cp; 775 struct hci_dev *hdev; 776 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 777 int err, found; 778 779 cp = (void *) data; 780 781 BT_DBG("request for hci%u", index); 782 783 if (len != sizeof(*cp)) 784 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL); 785 786 hdev = hci_dev_get(index); 787 if (!hdev) 788 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV); 789 790 hci_dev_lock_bh(hdev); 791 792 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 793 err = hci_uuids_clear(hdev); 794 goto unlock; 795 } 796 797 found = 0; 798 799 list_for_each_safe(p, n, &hdev->uuids) { 800 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 801 802 if (memcmp(match->uuid, cp->uuid, 16) != 0) 803 continue; 804 805 list_del(&match->list); 806 found++; 807 } 808 809 if (found == 0) { 810 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT); 811 goto unlock; 812 } 813 814 err = update_class(hdev); 815 if (err < 0) 816 goto unlock; 817 818 err = update_eir(hdev); 819 if (err < 0) 820 goto unlock; 821 822 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 823 824 unlock: 825 hci_dev_unlock_bh(hdev); 826 hci_dev_put(hdev); 827 828 return err; 829 } 830 831 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 832 u16 len) 833 { 834 struct hci_dev *hdev; 835 struct mgmt_cp_set_dev_class *cp; 836 int err; 837 838 cp = (void *) data; 839 840 BT_DBG("request for hci%u", index); 841 842 if (len != sizeof(*cp)) 843 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL); 844 845 hdev = hci_dev_get(index); 846 if (!hdev) 847 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV); 848 849 hci_dev_lock_bh(hdev); 850 851 hdev->major_class = cp->major; 852 hdev->minor_class = cp->minor; 853 854 err = update_class(hdev); 855 856 if (err == 0) 857 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 858 859 hci_dev_unlock_bh(hdev); 860 hci_dev_put(hdev); 861 862 return err; 863 } 864 865 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data, 866 u16 len) 867 { 868 struct hci_dev *hdev; 869 struct mgmt_cp_set_service_cache *cp; 870 int err; 871 872 cp = (void *) data; 873 874 if (len != sizeof(*cp)) 875 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL); 876 877 hdev = hci_dev_get(index); 878 if (!hdev) 879 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV); 880 881 hci_dev_lock_bh(hdev); 882 883 BT_DBG("hci%u enable %d", index, cp->enable); 884 885 if (cp->enable) { 886 set_bit(HCI_SERVICE_CACHE, &hdev->flags); 887 err = 0; 888 } else { 889 clear_bit(HCI_SERVICE_CACHE, &hdev->flags); 890 err = update_class(hdev); 891 if (err == 0) 892 err = update_eir(hdev); 893 } 894 895 if (err == 0) 896 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL, 897 0); 898 899 hci_dev_unlock_bh(hdev); 900 hci_dev_put(hdev); 901 902 return err; 903 } 904 905 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) 906 { 907 struct hci_dev *hdev; 908 struct mgmt_cp_load_keys *cp; 909 u16 key_count, expected_len; 910 int i; 911 912 cp = (void *) data; 913 914 if (len < sizeof(*cp)) 915 return -EINVAL; 916 917 key_count = get_unaligned_le16(&cp->key_count); 918 919 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info); 920 if (expected_len != len) { 921 BT_ERR("load_keys: expected %u bytes, got %u bytes", 922 len, expected_len); 923 return -EINVAL; 924 } 925 926 hdev = hci_dev_get(index); 927 if (!hdev) 928 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV); 929 930 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 931 key_count); 932 933 hci_dev_lock_bh(hdev); 934 935 hci_link_keys_clear(hdev); 936 937 set_bit(HCI_LINK_KEYS, &hdev->flags); 938 939 if (cp->debug_keys) 940 set_bit(HCI_DEBUG_KEYS, &hdev->flags); 941 else 942 clear_bit(HCI_DEBUG_KEYS, &hdev->flags); 943 944 for (i = 0; i < key_count; i++) { 945 struct mgmt_key_info *key = &cp->keys[i]; 946 947 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, 948 key->pin_len); 949 } 950 951 hci_dev_unlock_bh(hdev); 952 hci_dev_put(hdev); 953 954 return 0; 955 } 956 957 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) 958 { 959 struct hci_dev *hdev; 960 struct mgmt_cp_remove_key *cp; 961 struct hci_conn *conn; 962 int err; 963 964 cp = (void *) data; 965 966 if (len != sizeof(*cp)) 967 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL); 968 969 hdev = hci_dev_get(index); 970 if (!hdev) 971 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV); 972 973 hci_dev_lock_bh(hdev); 974 975 err = hci_remove_link_key(hdev, &cp->bdaddr); 976 if (err < 0) { 977 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err); 978 goto unlock; 979 } 980 981 err = 0; 982 983 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) 984 goto unlock; 985 986 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 987 if (conn) { 988 struct hci_cp_disconnect dc; 989 990 put_unaligned_le16(conn->handle, &dc.handle); 991 dc.reason = 0x13; /* Remote User Terminated Connection */ 992 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 993 } 994 995 unlock: 996 hci_dev_unlock_bh(hdev); 997 hci_dev_put(hdev); 998 999 return err; 1000 } 1001 1002 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 1003 { 1004 struct hci_dev *hdev; 1005 struct mgmt_cp_disconnect *cp; 1006 struct hci_cp_disconnect dc; 1007 struct pending_cmd *cmd; 1008 struct hci_conn *conn; 1009 int err; 1010 1011 BT_DBG(""); 1012 1013 cp = (void *) data; 1014 1015 if (len != sizeof(*cp)) 1016 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL); 1017 1018 hdev = hci_dev_get(index); 1019 if (!hdev) 1020 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV); 1021 1022 hci_dev_lock_bh(hdev); 1023 1024 if (!test_bit(HCI_UP, &hdev->flags)) { 1025 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN); 1026 goto failed; 1027 } 1028 1029 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) { 1030 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY); 1031 goto failed; 1032 } 1033 1034 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1035 if (!conn) 1036 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr); 1037 1038 if (!conn) { 1039 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN); 1040 goto failed; 1041 } 1042 1043 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len); 1044 if (!cmd) { 1045 err = -ENOMEM; 1046 goto failed; 1047 } 1048 1049 put_unaligned_le16(conn->handle, &dc.handle); 1050 dc.reason = 0x13; /* Remote User Terminated Connection */ 1051 1052 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1053 if (err < 0) 1054 mgmt_pending_remove(cmd); 1055 1056 failed: 1057 hci_dev_unlock_bh(hdev); 1058 hci_dev_put(hdev); 1059 1060 return err; 1061 } 1062 1063 static int get_connections(struct sock *sk, u16 index) 1064 { 1065 struct mgmt_rp_get_connections *rp; 1066 struct hci_dev *hdev; 1067 struct list_head *p; 1068 size_t rp_len; 1069 u16 count; 1070 int i, err; 1071 1072 BT_DBG(""); 1073 1074 hdev = hci_dev_get(index); 1075 if (!hdev) 1076 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV); 1077 1078 hci_dev_lock_bh(hdev); 1079 1080 count = 0; 1081 list_for_each(p, &hdev->conn_hash.list) { 1082 count++; 1083 } 1084 1085 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t)); 1086 rp = kmalloc(rp_len, GFP_ATOMIC); 1087 if (!rp) { 1088 err = -ENOMEM; 1089 goto unlock; 1090 } 1091 1092 put_unaligned_le16(count, &rp->conn_count); 1093 1094 i = 0; 1095 list_for_each(p, &hdev->conn_hash.list) { 1096 struct hci_conn *c = list_entry(p, struct hci_conn, list); 1097 1098 bacpy(&rp->conn[i++], &c->dst); 1099 } 1100 1101 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 1102 1103 unlock: 1104 kfree(rp); 1105 hci_dev_unlock_bh(hdev); 1106 hci_dev_put(hdev); 1107 return err; 1108 } 1109 1110 static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1111 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1112 { 1113 struct pending_cmd *cmd; 1114 int err; 1115 1116 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp, 1117 sizeof(*cp)); 1118 if (!cmd) 1119 return -ENOMEM; 1120 1121 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1122 &cp->bdaddr); 1123 if (err < 0) 1124 mgmt_pending_remove(cmd); 1125 1126 return err; 1127 } 1128 1129 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 1130 u16 len) 1131 { 1132 struct hci_dev *hdev; 1133 struct hci_conn *conn; 1134 struct mgmt_cp_pin_code_reply *cp; 1135 struct mgmt_cp_pin_code_neg_reply ncp; 1136 struct hci_cp_pin_code_reply reply; 1137 struct pending_cmd *cmd; 1138 int err; 1139 1140 BT_DBG(""); 1141 1142 cp = (void *) data; 1143 1144 if (len != sizeof(*cp)) 1145 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL); 1146 1147 hdev = hci_dev_get(index); 1148 if (!hdev) 1149 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV); 1150 1151 hci_dev_lock_bh(hdev); 1152 1153 if (!test_bit(HCI_UP, &hdev->flags)) { 1154 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN); 1155 goto failed; 1156 } 1157 1158 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1159 if (!conn) { 1160 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN); 1161 goto failed; 1162 } 1163 1164 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1165 bacpy(&ncp.bdaddr, &cp->bdaddr); 1166 1167 BT_ERR("PIN code is not 16 bytes long"); 1168 1169 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1170 if (err >= 0) 1171 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1172 EINVAL); 1173 1174 goto failed; 1175 } 1176 1177 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len); 1178 if (!cmd) { 1179 err = -ENOMEM; 1180 goto failed; 1181 } 1182 1183 bacpy(&reply.bdaddr, &cp->bdaddr); 1184 reply.pin_len = cp->pin_len; 1185 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1186 1187 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1188 if (err < 0) 1189 mgmt_pending_remove(cmd); 1190 1191 failed: 1192 hci_dev_unlock_bh(hdev); 1193 hci_dev_put(hdev); 1194 1195 return err; 1196 } 1197 1198 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1199 u16 len) 1200 { 1201 struct hci_dev *hdev; 1202 struct mgmt_cp_pin_code_neg_reply *cp; 1203 int err; 1204 1205 BT_DBG(""); 1206 1207 cp = (void *) data; 1208 1209 if (len != sizeof(*cp)) 1210 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1211 EINVAL); 1212 1213 hdev = hci_dev_get(index); 1214 if (!hdev) 1215 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1216 ENODEV); 1217 1218 hci_dev_lock_bh(hdev); 1219 1220 if (!test_bit(HCI_UP, &hdev->flags)) { 1221 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1222 ENETDOWN); 1223 goto failed; 1224 } 1225 1226 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1227 1228 failed: 1229 hci_dev_unlock_bh(hdev); 1230 hci_dev_put(hdev); 1231 1232 return err; 1233 } 1234 1235 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1236 u16 len) 1237 { 1238 struct hci_dev *hdev; 1239 struct mgmt_cp_set_io_capability *cp; 1240 1241 BT_DBG(""); 1242 1243 cp = (void *) data; 1244 1245 if (len != sizeof(*cp)) 1246 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL); 1247 1248 hdev = hci_dev_get(index); 1249 if (!hdev) 1250 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV); 1251 1252 hci_dev_lock_bh(hdev); 1253 1254 hdev->io_capability = cp->io_capability; 1255 1256 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1257 hdev->io_capability); 1258 1259 hci_dev_unlock_bh(hdev); 1260 hci_dev_put(hdev); 1261 1262 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1263 } 1264 1265 static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1266 { 1267 struct hci_dev *hdev = conn->hdev; 1268 struct list_head *p; 1269 1270 list_for_each(p, &cmd_list) { 1271 struct pending_cmd *cmd; 1272 1273 cmd = list_entry(p, struct pending_cmd, list); 1274 1275 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1276 continue; 1277 1278 if (cmd->index != hdev->id) 1279 continue; 1280 1281 if (cmd->user_data != conn) 1282 continue; 1283 1284 return cmd; 1285 } 1286 1287 return NULL; 1288 } 1289 1290 static void pairing_complete(struct pending_cmd *cmd, u8 status) 1291 { 1292 struct mgmt_rp_pair_device rp; 1293 struct hci_conn *conn = cmd->user_data; 1294 1295 bacpy(&rp.bdaddr, &conn->dst); 1296 rp.status = status; 1297 1298 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1299 1300 /* So we don't get further callbacks for this connection */ 1301 conn->connect_cfm_cb = NULL; 1302 conn->security_cfm_cb = NULL; 1303 conn->disconn_cfm_cb = NULL; 1304 1305 hci_conn_put(conn); 1306 1307 mgmt_pending_remove(cmd); 1308 } 1309 1310 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1311 { 1312 struct pending_cmd *cmd; 1313 1314 BT_DBG("status %u", status); 1315 1316 cmd = find_pairing(conn); 1317 if (!cmd) { 1318 BT_DBG("Unable to find a pending command"); 1319 return; 1320 } 1321 1322 pairing_complete(cmd, status); 1323 } 1324 1325 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1326 { 1327 struct hci_dev *hdev; 1328 struct mgmt_cp_pair_device *cp; 1329 struct pending_cmd *cmd; 1330 struct adv_entry *entry; 1331 u8 sec_level, auth_type; 1332 struct hci_conn *conn; 1333 int err; 1334 1335 BT_DBG(""); 1336 1337 cp = (void *) data; 1338 1339 if (len != sizeof(*cp)) 1340 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL); 1341 1342 hdev = hci_dev_get(index); 1343 if (!hdev) 1344 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV); 1345 1346 hci_dev_lock_bh(hdev); 1347 1348 sec_level = BT_SECURITY_MEDIUM; 1349 if (cp->io_cap == 0x03) 1350 auth_type = HCI_AT_DEDICATED_BONDING; 1351 else 1352 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1353 1354 entry = hci_find_adv_entry(hdev, &cp->bdaddr); 1355 if (entry) 1356 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level, 1357 auth_type); 1358 else 1359 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, 1360 auth_type); 1361 1362 if (IS_ERR(conn)) { 1363 err = PTR_ERR(conn); 1364 goto unlock; 1365 } 1366 1367 if (conn->connect_cfm_cb) { 1368 hci_conn_put(conn); 1369 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY); 1370 goto unlock; 1371 } 1372 1373 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len); 1374 if (!cmd) { 1375 err = -ENOMEM; 1376 hci_conn_put(conn); 1377 goto unlock; 1378 } 1379 1380 /* For LE, just connecting isn't a proof that the pairing finished */ 1381 if (!entry) 1382 conn->connect_cfm_cb = pairing_complete_cb; 1383 1384 conn->security_cfm_cb = pairing_complete_cb; 1385 conn->disconn_cfm_cb = pairing_complete_cb; 1386 conn->io_capability = cp->io_cap; 1387 cmd->user_data = conn; 1388 1389 if (conn->state == BT_CONNECTED && 1390 hci_conn_security(conn, sec_level, auth_type)) 1391 pairing_complete(cmd, 0); 1392 1393 err = 0; 1394 1395 unlock: 1396 hci_dev_unlock_bh(hdev); 1397 hci_dev_put(hdev); 1398 1399 return err; 1400 } 1401 1402 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data, 1403 u16 len, int success) 1404 { 1405 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 1406 u16 mgmt_op, hci_op; 1407 struct pending_cmd *cmd; 1408 struct hci_dev *hdev; 1409 int err; 1410 1411 BT_DBG(""); 1412 1413 if (success) { 1414 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY; 1415 hci_op = HCI_OP_USER_CONFIRM_REPLY; 1416 } else { 1417 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY; 1418 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY; 1419 } 1420 1421 if (len != sizeof(*cp)) 1422 return cmd_status(sk, index, mgmt_op, EINVAL); 1423 1424 hdev = hci_dev_get(index); 1425 if (!hdev) 1426 return cmd_status(sk, index, mgmt_op, ENODEV); 1427 1428 hci_dev_lock_bh(hdev); 1429 1430 if (!test_bit(HCI_UP, &hdev->flags)) { 1431 err = cmd_status(sk, index, mgmt_op, ENETDOWN); 1432 goto failed; 1433 } 1434 1435 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len); 1436 if (!cmd) { 1437 err = -ENOMEM; 1438 goto failed; 1439 } 1440 1441 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr); 1442 if (err < 0) 1443 mgmt_pending_remove(cmd); 1444 1445 failed: 1446 hci_dev_unlock_bh(hdev); 1447 hci_dev_put(hdev); 1448 1449 return err; 1450 } 1451 1452 static int set_local_name(struct sock *sk, u16 index, unsigned char *data, 1453 u16 len) 1454 { 1455 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data; 1456 struct hci_cp_write_local_name hci_cp; 1457 struct hci_dev *hdev; 1458 struct pending_cmd *cmd; 1459 int err; 1460 1461 BT_DBG(""); 1462 1463 if (len != sizeof(*mgmt_cp)) 1464 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL); 1465 1466 hdev = hci_dev_get(index); 1467 if (!hdev) 1468 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV); 1469 1470 hci_dev_lock_bh(hdev); 1471 1472 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len); 1473 if (!cmd) { 1474 err = -ENOMEM; 1475 goto failed; 1476 } 1477 1478 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 1479 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 1480 &hci_cp); 1481 if (err < 0) 1482 mgmt_pending_remove(cmd); 1483 1484 failed: 1485 hci_dev_unlock_bh(hdev); 1486 hci_dev_put(hdev); 1487 1488 return err; 1489 } 1490 1491 static int read_local_oob_data(struct sock *sk, u16 index) 1492 { 1493 struct hci_dev *hdev; 1494 struct pending_cmd *cmd; 1495 int err; 1496 1497 BT_DBG("hci%u", index); 1498 1499 hdev = hci_dev_get(index); 1500 if (!hdev) 1501 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1502 ENODEV); 1503 1504 hci_dev_lock_bh(hdev); 1505 1506 if (!test_bit(HCI_UP, &hdev->flags)) { 1507 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1508 ENETDOWN); 1509 goto unlock; 1510 } 1511 1512 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1513 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1514 EOPNOTSUPP); 1515 goto unlock; 1516 } 1517 1518 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) { 1519 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY); 1520 goto unlock; 1521 } 1522 1523 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0); 1524 if (!cmd) { 1525 err = -ENOMEM; 1526 goto unlock; 1527 } 1528 1529 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 1530 if (err < 0) 1531 mgmt_pending_remove(cmd); 1532 1533 unlock: 1534 hci_dev_unlock_bh(hdev); 1535 hci_dev_put(hdev); 1536 1537 return err; 1538 } 1539 1540 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, 1541 u16 len) 1542 { 1543 struct hci_dev *hdev; 1544 struct mgmt_cp_add_remote_oob_data *cp = (void *) data; 1545 int err; 1546 1547 BT_DBG("hci%u ", index); 1548 1549 if (len != sizeof(*cp)) 1550 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1551 EINVAL); 1552 1553 hdev = hci_dev_get(index); 1554 if (!hdev) 1555 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1556 ENODEV); 1557 1558 hci_dev_lock_bh(hdev); 1559 1560 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, 1561 cp->randomizer); 1562 if (err < 0) 1563 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err); 1564 else 1565 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, 1566 0); 1567 1568 hci_dev_unlock_bh(hdev); 1569 hci_dev_put(hdev); 1570 1571 return err; 1572 } 1573 1574 static int remove_remote_oob_data(struct sock *sk, u16 index, 1575 unsigned char *data, u16 len) 1576 { 1577 struct hci_dev *hdev; 1578 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data; 1579 int err; 1580 1581 BT_DBG("hci%u ", index); 1582 1583 if (len != sizeof(*cp)) 1584 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1585 EINVAL); 1586 1587 hdev = hci_dev_get(index); 1588 if (!hdev) 1589 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1590 ENODEV); 1591 1592 hci_dev_lock_bh(hdev); 1593 1594 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); 1595 if (err < 0) 1596 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1597 -err); 1598 else 1599 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1600 NULL, 0); 1601 1602 hci_dev_unlock_bh(hdev); 1603 hci_dev_put(hdev); 1604 1605 return err; 1606 } 1607 1608 static int start_discovery(struct sock *sk, u16 index) 1609 { 1610 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 1611 struct hci_cp_inquiry cp; 1612 struct pending_cmd *cmd; 1613 struct hci_dev *hdev; 1614 int err; 1615 1616 BT_DBG("hci%u", index); 1617 1618 hdev = hci_dev_get(index); 1619 if (!hdev) 1620 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV); 1621 1622 hci_dev_lock_bh(hdev); 1623 1624 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0); 1625 if (!cmd) { 1626 err = -ENOMEM; 1627 goto failed; 1628 } 1629 1630 memset(&cp, 0, sizeof(cp)); 1631 memcpy(&cp.lap, lap, 3); 1632 cp.length = 0x08; 1633 cp.num_rsp = 0x00; 1634 1635 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 1636 if (err < 0) 1637 mgmt_pending_remove(cmd); 1638 1639 failed: 1640 hci_dev_unlock_bh(hdev); 1641 hci_dev_put(hdev); 1642 1643 return err; 1644 } 1645 1646 static int stop_discovery(struct sock *sk, u16 index) 1647 { 1648 struct hci_dev *hdev; 1649 struct pending_cmd *cmd; 1650 int err; 1651 1652 BT_DBG("hci%u", index); 1653 1654 hdev = hci_dev_get(index); 1655 if (!hdev) 1656 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV); 1657 1658 hci_dev_lock_bh(hdev); 1659 1660 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0); 1661 if (!cmd) { 1662 err = -ENOMEM; 1663 goto failed; 1664 } 1665 1666 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); 1667 if (err < 0) 1668 mgmt_pending_remove(cmd); 1669 1670 failed: 1671 hci_dev_unlock_bh(hdev); 1672 hci_dev_put(hdev); 1673 1674 return err; 1675 } 1676 1677 static int block_device(struct sock *sk, u16 index, unsigned char *data, 1678 u16 len) 1679 { 1680 struct hci_dev *hdev; 1681 struct pending_cmd *cmd; 1682 struct mgmt_cp_block_device *cp = (void *) data; 1683 int err; 1684 1685 BT_DBG("hci%u", index); 1686 1687 if (len != sizeof(*cp)) 1688 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1689 EINVAL); 1690 1691 hdev = hci_dev_get(index); 1692 if (!hdev) 1693 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1694 ENODEV); 1695 1696 hci_dev_lock_bh(hdev); 1697 1698 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0); 1699 if (!cmd) { 1700 err = -ENOMEM; 1701 goto failed; 1702 } 1703 1704 err = hci_blacklist_add(hdev, &cp->bdaddr); 1705 1706 if (err < 0) 1707 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err); 1708 else 1709 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 1710 NULL, 0); 1711 1712 mgmt_pending_remove(cmd); 1713 1714 failed: 1715 hci_dev_unlock_bh(hdev); 1716 hci_dev_put(hdev); 1717 1718 return err; 1719 } 1720 1721 static int unblock_device(struct sock *sk, u16 index, unsigned char *data, 1722 u16 len) 1723 { 1724 struct hci_dev *hdev; 1725 struct pending_cmd *cmd; 1726 struct mgmt_cp_unblock_device *cp = (void *) data; 1727 int err; 1728 1729 BT_DBG("hci%u", index); 1730 1731 if (len != sizeof(*cp)) 1732 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1733 EINVAL); 1734 1735 hdev = hci_dev_get(index); 1736 if (!hdev) 1737 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1738 ENODEV); 1739 1740 hci_dev_lock_bh(hdev); 1741 1742 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0); 1743 if (!cmd) { 1744 err = -ENOMEM; 1745 goto failed; 1746 } 1747 1748 err = hci_blacklist_del(hdev, &cp->bdaddr); 1749 1750 if (err < 0) 1751 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err); 1752 else 1753 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1754 NULL, 0); 1755 1756 mgmt_pending_remove(cmd); 1757 1758 failed: 1759 hci_dev_unlock_bh(hdev); 1760 hci_dev_put(hdev); 1761 1762 return err; 1763 } 1764 1765 static int set_fast_connectable(struct sock *sk, u16 index, 1766 unsigned char *data, u16 len) 1767 { 1768 struct hci_dev *hdev; 1769 struct mgmt_cp_set_fast_connectable *cp = (void *) data; 1770 struct hci_cp_write_page_scan_activity acp; 1771 u8 type; 1772 int err; 1773 1774 BT_DBG("hci%u", index); 1775 1776 if (len != sizeof(*cp)) 1777 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1778 EINVAL); 1779 1780 hdev = hci_dev_get(index); 1781 if (!hdev) 1782 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1783 ENODEV); 1784 1785 hci_dev_lock(hdev); 1786 1787 if (cp->enable) { 1788 type = PAGE_SCAN_TYPE_INTERLACED; 1789 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 1790 } else { 1791 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 1792 acp.interval = 0x0800; /* default 1.28 sec page scan */ 1793 } 1794 1795 acp.window = 0x0012; /* default 11.25 msec page scan window */ 1796 1797 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 1798 sizeof(acp), &acp); 1799 if (err < 0) { 1800 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1801 -err); 1802 goto done; 1803 } 1804 1805 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 1806 if (err < 0) { 1807 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1808 -err); 1809 goto done; 1810 } 1811 1812 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1813 NULL, 0); 1814 done: 1815 hci_dev_unlock(hdev); 1816 hci_dev_put(hdev); 1817 1818 return err; 1819 } 1820 1821 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 1822 { 1823 unsigned char *buf; 1824 struct mgmt_hdr *hdr; 1825 u16 opcode, index, len; 1826 int err; 1827 1828 BT_DBG("got %zu bytes", msglen); 1829 1830 if (msglen < sizeof(*hdr)) 1831 return -EINVAL; 1832 1833 buf = kmalloc(msglen, GFP_KERNEL); 1834 if (!buf) 1835 return -ENOMEM; 1836 1837 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 1838 err = -EFAULT; 1839 goto done; 1840 } 1841 1842 hdr = (struct mgmt_hdr *) buf; 1843 opcode = get_unaligned_le16(&hdr->opcode); 1844 index = get_unaligned_le16(&hdr->index); 1845 len = get_unaligned_le16(&hdr->len); 1846 1847 if (len != msglen - sizeof(*hdr)) { 1848 err = -EINVAL; 1849 goto done; 1850 } 1851 1852 switch (opcode) { 1853 case MGMT_OP_READ_VERSION: 1854 err = read_version(sk); 1855 break; 1856 case MGMT_OP_READ_INDEX_LIST: 1857 err = read_index_list(sk); 1858 break; 1859 case MGMT_OP_READ_INFO: 1860 err = read_controller_info(sk, index); 1861 break; 1862 case MGMT_OP_SET_POWERED: 1863 err = set_powered(sk, index, buf + sizeof(*hdr), len); 1864 break; 1865 case MGMT_OP_SET_DISCOVERABLE: 1866 err = set_discoverable(sk, index, buf + sizeof(*hdr), len); 1867 break; 1868 case MGMT_OP_SET_CONNECTABLE: 1869 err = set_connectable(sk, index, buf + sizeof(*hdr), len); 1870 break; 1871 case MGMT_OP_SET_PAIRABLE: 1872 err = set_pairable(sk, index, buf + sizeof(*hdr), len); 1873 break; 1874 case MGMT_OP_ADD_UUID: 1875 err = add_uuid(sk, index, buf + sizeof(*hdr), len); 1876 break; 1877 case MGMT_OP_REMOVE_UUID: 1878 err = remove_uuid(sk, index, buf + sizeof(*hdr), len); 1879 break; 1880 case MGMT_OP_SET_DEV_CLASS: 1881 err = set_dev_class(sk, index, buf + sizeof(*hdr), len); 1882 break; 1883 case MGMT_OP_SET_SERVICE_CACHE: 1884 err = set_service_cache(sk, index, buf + sizeof(*hdr), len); 1885 break; 1886 case MGMT_OP_LOAD_KEYS: 1887 err = load_keys(sk, index, buf + sizeof(*hdr), len); 1888 break; 1889 case MGMT_OP_REMOVE_KEY: 1890 err = remove_key(sk, index, buf + sizeof(*hdr), len); 1891 break; 1892 case MGMT_OP_DISCONNECT: 1893 err = disconnect(sk, index, buf + sizeof(*hdr), len); 1894 break; 1895 case MGMT_OP_GET_CONNECTIONS: 1896 err = get_connections(sk, index); 1897 break; 1898 case MGMT_OP_PIN_CODE_REPLY: 1899 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len); 1900 break; 1901 case MGMT_OP_PIN_CODE_NEG_REPLY: 1902 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len); 1903 break; 1904 case MGMT_OP_SET_IO_CAPABILITY: 1905 err = set_io_capability(sk, index, buf + sizeof(*hdr), len); 1906 break; 1907 case MGMT_OP_PAIR_DEVICE: 1908 err = pair_device(sk, index, buf + sizeof(*hdr), len); 1909 break; 1910 case MGMT_OP_USER_CONFIRM_REPLY: 1911 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1); 1912 break; 1913 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 1914 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0); 1915 break; 1916 case MGMT_OP_SET_LOCAL_NAME: 1917 err = set_local_name(sk, index, buf + sizeof(*hdr), len); 1918 break; 1919 case MGMT_OP_READ_LOCAL_OOB_DATA: 1920 err = read_local_oob_data(sk, index); 1921 break; 1922 case MGMT_OP_ADD_REMOTE_OOB_DATA: 1923 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len); 1924 break; 1925 case MGMT_OP_REMOVE_REMOTE_OOB_DATA: 1926 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr), 1927 len); 1928 break; 1929 case MGMT_OP_START_DISCOVERY: 1930 err = start_discovery(sk, index); 1931 break; 1932 case MGMT_OP_STOP_DISCOVERY: 1933 err = stop_discovery(sk, index); 1934 break; 1935 case MGMT_OP_BLOCK_DEVICE: 1936 err = block_device(sk, index, buf + sizeof(*hdr), len); 1937 break; 1938 case MGMT_OP_UNBLOCK_DEVICE: 1939 err = unblock_device(sk, index, buf + sizeof(*hdr), len); 1940 break; 1941 case MGMT_OP_SET_FAST_CONNECTABLE: 1942 err = set_fast_connectable(sk, index, buf + sizeof(*hdr), 1943 len); 1944 break; 1945 default: 1946 BT_DBG("Unknown op %u", opcode); 1947 err = cmd_status(sk, index, opcode, 0x01); 1948 break; 1949 } 1950 1951 if (err < 0) 1952 goto done; 1953 1954 err = msglen; 1955 1956 done: 1957 kfree(buf); 1958 return err; 1959 } 1960 1961 int mgmt_index_added(u16 index) 1962 { 1963 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL); 1964 } 1965 1966 int mgmt_index_removed(u16 index) 1967 { 1968 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL); 1969 } 1970 1971 struct cmd_lookup { 1972 u8 val; 1973 struct sock *sk; 1974 }; 1975 1976 static void mode_rsp(struct pending_cmd *cmd, void *data) 1977 { 1978 struct mgmt_mode *cp = cmd->param; 1979 struct cmd_lookup *match = data; 1980 1981 if (cp->val != match->val) 1982 return; 1983 1984 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val); 1985 1986 list_del(&cmd->list); 1987 1988 if (match->sk == NULL) { 1989 match->sk = cmd->sk; 1990 sock_hold(match->sk); 1991 } 1992 1993 mgmt_pending_free(cmd); 1994 } 1995 1996 int mgmt_powered(u16 index, u8 powered) 1997 { 1998 struct mgmt_mode ev; 1999 struct cmd_lookup match = { powered, NULL }; 2000 int ret; 2001 2002 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match); 2003 2004 ev.val = powered; 2005 2006 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk); 2007 2008 if (match.sk) 2009 sock_put(match.sk); 2010 2011 return ret; 2012 } 2013 2014 int mgmt_discoverable(u16 index, u8 discoverable) 2015 { 2016 struct mgmt_mode ev; 2017 struct cmd_lookup match = { discoverable, NULL }; 2018 int ret; 2019 2020 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match); 2021 2022 ev.val = discoverable; 2023 2024 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev), 2025 match.sk); 2026 2027 if (match.sk) 2028 sock_put(match.sk); 2029 2030 return ret; 2031 } 2032 2033 int mgmt_connectable(u16 index, u8 connectable) 2034 { 2035 struct mgmt_mode ev; 2036 struct cmd_lookup match = { connectable, NULL }; 2037 int ret; 2038 2039 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match); 2040 2041 ev.val = connectable; 2042 2043 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk); 2044 2045 if (match.sk) 2046 sock_put(match.sk); 2047 2048 return ret; 2049 } 2050 2051 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent) 2052 { 2053 struct mgmt_ev_new_key ev; 2054 2055 memset(&ev, 0, sizeof(ev)); 2056 2057 ev.store_hint = persistent; 2058 bacpy(&ev.key.bdaddr, &key->bdaddr); 2059 ev.key.type = key->type; 2060 memcpy(ev.key.val, key->val, 16); 2061 ev.key.pin_len = key->pin_len; 2062 2063 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL); 2064 } 2065 2066 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type) 2067 { 2068 struct mgmt_ev_connected ev; 2069 2070 bacpy(&ev.bdaddr, bdaddr); 2071 ev.link_type = link_type; 2072 2073 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL); 2074 } 2075 2076 static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2077 { 2078 struct mgmt_cp_disconnect *cp = cmd->param; 2079 struct sock **sk = data; 2080 struct mgmt_rp_disconnect rp; 2081 2082 bacpy(&rp.bdaddr, &cp->bdaddr); 2083 2084 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 2085 2086 *sk = cmd->sk; 2087 sock_hold(*sk); 2088 2089 mgmt_pending_remove(cmd); 2090 } 2091 2092 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr) 2093 { 2094 struct mgmt_ev_disconnected ev; 2095 struct sock *sk = NULL; 2096 int err; 2097 2098 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk); 2099 2100 bacpy(&ev.bdaddr, bdaddr); 2101 2102 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk); 2103 2104 if (sk) 2105 sock_put(sk); 2106 2107 return err; 2108 } 2109 2110 int mgmt_disconnect_failed(u16 index) 2111 { 2112 struct pending_cmd *cmd; 2113 int err; 2114 2115 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index); 2116 if (!cmd) 2117 return -ENOENT; 2118 2119 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO); 2120 2121 mgmt_pending_remove(cmd); 2122 2123 return err; 2124 } 2125 2126 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status) 2127 { 2128 struct mgmt_ev_connect_failed ev; 2129 2130 bacpy(&ev.bdaddr, bdaddr); 2131 ev.status = status; 2132 2133 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL); 2134 } 2135 2136 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure) 2137 { 2138 struct mgmt_ev_pin_code_request ev; 2139 2140 bacpy(&ev.bdaddr, bdaddr); 2141 ev.secure = secure; 2142 2143 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev), 2144 NULL); 2145 } 2146 2147 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2148 { 2149 struct pending_cmd *cmd; 2150 struct mgmt_rp_pin_code_reply rp; 2151 int err; 2152 2153 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index); 2154 if (!cmd) 2155 return -ENOENT; 2156 2157 bacpy(&rp.bdaddr, bdaddr); 2158 rp.status = status; 2159 2160 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp, 2161 sizeof(rp)); 2162 2163 mgmt_pending_remove(cmd); 2164 2165 return err; 2166 } 2167 2168 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2169 { 2170 struct pending_cmd *cmd; 2171 struct mgmt_rp_pin_code_reply rp; 2172 int err; 2173 2174 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index); 2175 if (!cmd) 2176 return -ENOENT; 2177 2178 bacpy(&rp.bdaddr, bdaddr); 2179 rp.status = status; 2180 2181 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 2182 sizeof(rp)); 2183 2184 mgmt_pending_remove(cmd); 2185 2186 return err; 2187 } 2188 2189 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value, 2190 u8 confirm_hint) 2191 { 2192 struct mgmt_ev_user_confirm_request ev; 2193 2194 BT_DBG("hci%u", index); 2195 2196 bacpy(&ev.bdaddr, bdaddr); 2197 ev.confirm_hint = confirm_hint; 2198 put_unaligned_le32(value, &ev.value); 2199 2200 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev), 2201 NULL); 2202 } 2203 2204 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status, 2205 u8 opcode) 2206 { 2207 struct pending_cmd *cmd; 2208 struct mgmt_rp_user_confirm_reply rp; 2209 int err; 2210 2211 cmd = mgmt_pending_find(opcode, index); 2212 if (!cmd) 2213 return -ENOENT; 2214 2215 bacpy(&rp.bdaddr, bdaddr); 2216 rp.status = status; 2217 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp)); 2218 2219 mgmt_pending_remove(cmd); 2220 2221 return err; 2222 } 2223 2224 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2225 { 2226 return confirm_reply_complete(index, bdaddr, status, 2227 MGMT_OP_USER_CONFIRM_REPLY); 2228 } 2229 2230 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2231 { 2232 return confirm_reply_complete(index, bdaddr, status, 2233 MGMT_OP_USER_CONFIRM_NEG_REPLY); 2234 } 2235 2236 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status) 2237 { 2238 struct mgmt_ev_auth_failed ev; 2239 2240 bacpy(&ev.bdaddr, bdaddr); 2241 ev.status = status; 2242 2243 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL); 2244 } 2245 2246 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status) 2247 { 2248 struct pending_cmd *cmd; 2249 struct hci_dev *hdev; 2250 struct mgmt_cp_set_local_name ev; 2251 int err; 2252 2253 memset(&ev, 0, sizeof(ev)); 2254 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2255 2256 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index); 2257 if (!cmd) 2258 goto send_event; 2259 2260 if (status) { 2261 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO); 2262 goto failed; 2263 } 2264 2265 hdev = hci_dev_get(index); 2266 if (hdev) { 2267 hci_dev_lock_bh(hdev); 2268 update_eir(hdev); 2269 hci_dev_unlock_bh(hdev); 2270 hci_dev_put(hdev); 2271 } 2272 2273 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev, 2274 sizeof(ev)); 2275 if (err < 0) 2276 goto failed; 2277 2278 send_event: 2279 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev), 2280 cmd ? cmd->sk : NULL); 2281 2282 failed: 2283 if (cmd) 2284 mgmt_pending_remove(cmd); 2285 return err; 2286 } 2287 2288 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer, 2289 u8 status) 2290 { 2291 struct pending_cmd *cmd; 2292 int err; 2293 2294 BT_DBG("hci%u status %u", index, status); 2295 2296 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index); 2297 if (!cmd) 2298 return -ENOENT; 2299 2300 if (status) { 2301 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2302 EIO); 2303 } else { 2304 struct mgmt_rp_read_local_oob_data rp; 2305 2306 memcpy(rp.hash, hash, sizeof(rp.hash)); 2307 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 2308 2309 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2310 &rp, sizeof(rp)); 2311 } 2312 2313 mgmt_pending_remove(cmd); 2314 2315 return err; 2316 } 2317 2318 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi, 2319 u8 *eir) 2320 { 2321 struct mgmt_ev_device_found ev; 2322 2323 memset(&ev, 0, sizeof(ev)); 2324 2325 bacpy(&ev.bdaddr, bdaddr); 2326 ev.rssi = rssi; 2327 2328 if (eir) 2329 memcpy(ev.eir, eir, sizeof(ev.eir)); 2330 2331 if (dev_class) 2332 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class)); 2333 2334 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL); 2335 } 2336 2337 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name) 2338 { 2339 struct mgmt_ev_remote_name ev; 2340 2341 memset(&ev, 0, sizeof(ev)); 2342 2343 bacpy(&ev.bdaddr, bdaddr); 2344 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2345 2346 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL); 2347 } 2348 2349 int mgmt_discovering(u16 index, u8 discovering) 2350 { 2351 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering, 2352 sizeof(discovering), NULL); 2353 } 2354 2355 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr) 2356 { 2357 struct pending_cmd *cmd; 2358 struct mgmt_ev_device_blocked ev; 2359 2360 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index); 2361 2362 bacpy(&ev.bdaddr, bdaddr); 2363 2364 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev), 2365 cmd ? cmd->sk : NULL); 2366 } 2367 2368 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr) 2369 { 2370 struct pending_cmd *cmd; 2371 struct mgmt_ev_device_unblocked ev; 2372 2373 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index); 2374 2375 bacpy(&ev.bdaddr, bdaddr); 2376 2377 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev), 2378 cmd ? cmd->sk : NULL); 2379 } 2380