1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2010 Nokia Corporation 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 /* Bluetooth HCI Management interface */ 24 25 #include <linux/kernel.h> 26 #include <linux/uaccess.h> 27 #include <linux/module.h> 28 #include <asm/unaligned.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/mgmt.h> 33 #include <net/bluetooth/smp.h> 34 35 #define MGMT_VERSION 0 36 #define MGMT_REVISION 1 37 38 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 39 40 #define SERVICE_CACHE_TIMEOUT (5 * 1000) 41 42 struct pending_cmd { 43 struct list_head list; 44 u16 opcode; 45 int index; 46 void *param; 47 struct sock *sk; 48 void *user_data; 49 }; 50 51 /* HCI to MGMT error code conversion table */ 52 static u8 mgmt_status_table[] = { 53 MGMT_STATUS_SUCCESS, 54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */ 55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */ 56 MGMT_STATUS_FAILED, /* Hardware Failure */ 57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */ 58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */ 59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */ 60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */ 61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */ 62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */ 63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */ 64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */ 65 MGMT_STATUS_BUSY, /* Command Disallowed */ 66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */ 67 MGMT_STATUS_REJECTED, /* Rejected Security */ 68 MGMT_STATUS_REJECTED, /* Rejected Personal */ 69 MGMT_STATUS_TIMEOUT, /* Host Timeout */ 70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */ 71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */ 72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */ 73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */ 74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */ 75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */ 76 MGMT_STATUS_BUSY, /* Repeated Attempts */ 77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */ 78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */ 79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */ 80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */ 81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */ 82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */ 83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */ 84 MGMT_STATUS_FAILED, /* Unspecified Error */ 85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */ 86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */ 87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */ 88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */ 89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */ 90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */ 91 MGMT_STATUS_FAILED, /* Unit Link Key Used */ 92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */ 93 MGMT_STATUS_TIMEOUT, /* Instant Passed */ 94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */ 95 MGMT_STATUS_FAILED, /* Transaction Collision */ 96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */ 97 MGMT_STATUS_REJECTED, /* QoS Rejected */ 98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */ 99 MGMT_STATUS_REJECTED, /* Insufficient Security */ 100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */ 101 MGMT_STATUS_BUSY, /* Role Switch Pending */ 102 MGMT_STATUS_FAILED, /* Slot Violation */ 103 MGMT_STATUS_FAILED, /* Role Switch Failed */ 104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */ 105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */ 106 MGMT_STATUS_BUSY, /* Host Busy Pairing */ 107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */ 108 MGMT_STATUS_BUSY, /* Controller Busy */ 109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */ 110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */ 111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */ 112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */ 113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */ 114 }; 115 116 static u8 mgmt_status(u8 hci_status) 117 { 118 if (hci_status < ARRAY_SIZE(mgmt_status_table)) 119 return mgmt_status_table[hci_status]; 120 121 return MGMT_STATUS_FAILED; 122 } 123 124 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 125 { 126 struct sk_buff *skb; 127 struct mgmt_hdr *hdr; 128 struct mgmt_ev_cmd_status *ev; 129 int err; 130 131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 132 133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 134 if (!skb) 135 return -ENOMEM; 136 137 hdr = (void *) skb_put(skb, sizeof(*hdr)); 138 139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 140 hdr->index = cpu_to_le16(index); 141 hdr->len = cpu_to_le16(sizeof(*ev)); 142 143 ev = (void *) skb_put(skb, sizeof(*ev)); 144 ev->status = status; 145 put_unaligned_le16(cmd, &ev->opcode); 146 147 err = sock_queue_rcv_skb(sk, skb); 148 if (err < 0) 149 kfree_skb(skb); 150 151 return err; 152 } 153 154 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 155 size_t rp_len) 156 { 157 struct sk_buff *skb; 158 struct mgmt_hdr *hdr; 159 struct mgmt_ev_cmd_complete *ev; 160 int err; 161 162 BT_DBG("sock %p", sk); 163 164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 165 if (!skb) 166 return -ENOMEM; 167 168 hdr = (void *) skb_put(skb, sizeof(*hdr)); 169 170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 171 hdr->index = cpu_to_le16(index); 172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 173 174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 175 put_unaligned_le16(cmd, &ev->opcode); 176 177 if (rp) 178 memcpy(ev->data, rp, rp_len); 179 180 err = sock_queue_rcv_skb(sk, skb); 181 if (err < 0) 182 kfree_skb(skb); 183 184 return err;; 185 } 186 187 static int read_version(struct sock *sk) 188 { 189 struct mgmt_rp_read_version rp; 190 191 BT_DBG("sock %p", sk); 192 193 rp.version = MGMT_VERSION; 194 put_unaligned_le16(MGMT_REVISION, &rp.revision); 195 196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 197 sizeof(rp)); 198 } 199 200 static int read_index_list(struct sock *sk) 201 { 202 struct mgmt_rp_read_index_list *rp; 203 struct list_head *p; 204 struct hci_dev *d; 205 size_t rp_len; 206 u16 count; 207 int i, err; 208 209 BT_DBG("sock %p", sk); 210 211 read_lock(&hci_dev_list_lock); 212 213 count = 0; 214 list_for_each(p, &hci_dev_list) { 215 count++; 216 } 217 218 rp_len = sizeof(*rp) + (2 * count); 219 rp = kmalloc(rp_len, GFP_ATOMIC); 220 if (!rp) { 221 read_unlock(&hci_dev_list_lock); 222 return -ENOMEM; 223 } 224 225 put_unaligned_le16(count, &rp->num_controllers); 226 227 i = 0; 228 list_for_each_entry(d, &hci_dev_list, list) { 229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags)) 230 cancel_delayed_work(&d->power_off); 231 232 if (test_bit(HCI_SETUP, &d->flags)) 233 continue; 234 235 put_unaligned_le16(d->id, &rp->index[i++]); 236 BT_DBG("Added hci%u", d->id); 237 } 238 239 read_unlock(&hci_dev_list_lock); 240 241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 242 rp_len); 243 244 kfree(rp); 245 246 return err; 247 } 248 249 static u32 get_supported_settings(struct hci_dev *hdev) 250 { 251 u32 settings = 0; 252 253 settings |= MGMT_SETTING_POWERED; 254 settings |= MGMT_SETTING_CONNECTABLE; 255 settings |= MGMT_SETTING_FAST_CONNECTABLE; 256 settings |= MGMT_SETTING_DISCOVERABLE; 257 settings |= MGMT_SETTING_PAIRABLE; 258 259 if (hdev->features[6] & LMP_SIMPLE_PAIR) 260 settings |= MGMT_SETTING_SSP; 261 262 if (!(hdev->features[4] & LMP_NO_BREDR)) { 263 settings |= MGMT_SETTING_BREDR; 264 settings |= MGMT_SETTING_LINK_SECURITY; 265 } 266 267 if (hdev->features[4] & LMP_LE) 268 settings |= MGMT_SETTING_LE; 269 270 return settings; 271 } 272 273 static u32 get_current_settings(struct hci_dev *hdev) 274 { 275 u32 settings = 0; 276 277 if (test_bit(HCI_UP, &hdev->flags)) 278 settings |= MGMT_SETTING_POWERED; 279 else 280 return settings; 281 282 if (test_bit(HCI_PSCAN, &hdev->flags)) 283 settings |= MGMT_SETTING_CONNECTABLE; 284 285 if (test_bit(HCI_ISCAN, &hdev->flags)) 286 settings |= MGMT_SETTING_DISCOVERABLE; 287 288 if (test_bit(HCI_PAIRABLE, &hdev->flags)) 289 settings |= MGMT_SETTING_PAIRABLE; 290 291 if (!(hdev->features[4] & LMP_NO_BREDR)) 292 settings |= MGMT_SETTING_BREDR; 293 294 if (hdev->host_features[0] & LMP_HOST_LE) 295 settings |= MGMT_SETTING_LE; 296 297 if (test_bit(HCI_AUTH, &hdev->flags)) 298 settings |= MGMT_SETTING_LINK_SECURITY; 299 300 if (hdev->ssp_mode > 0) 301 settings |= MGMT_SETTING_SSP; 302 303 return settings; 304 } 305 306 #define EIR_FLAGS 0x01 /* flags */ 307 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */ 308 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */ 309 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */ 310 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */ 311 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */ 312 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */ 313 #define EIR_NAME_SHORT 0x08 /* shortened local name */ 314 #define EIR_NAME_COMPLETE 0x09 /* complete local name */ 315 #define EIR_TX_POWER 0x0A /* transmit power level */ 316 #define EIR_DEVICE_ID 0x10 /* device ID */ 317 318 #define PNP_INFO_SVCLASS_ID 0x1200 319 320 static u8 bluetooth_base_uuid[] = { 321 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 322 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 323 }; 324 325 static u16 get_uuid16(u8 *uuid128) 326 { 327 u32 val; 328 int i; 329 330 for (i = 0; i < 12; i++) { 331 if (bluetooth_base_uuid[i] != uuid128[i]) 332 return 0; 333 } 334 335 memcpy(&val, &uuid128[12], 4); 336 337 val = le32_to_cpu(val); 338 if (val > 0xffff) 339 return 0; 340 341 return (u16) val; 342 } 343 344 static void create_eir(struct hci_dev *hdev, u8 *data) 345 { 346 u8 *ptr = data; 347 u16 eir_len = 0; 348 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 349 int i, truncated = 0; 350 struct bt_uuid *uuid; 351 size_t name_len; 352 353 name_len = strlen(hdev->dev_name); 354 355 if (name_len > 0) { 356 /* EIR Data type */ 357 if (name_len > 48) { 358 name_len = 48; 359 ptr[1] = EIR_NAME_SHORT; 360 } else 361 ptr[1] = EIR_NAME_COMPLETE; 362 363 /* EIR Data length */ 364 ptr[0] = name_len + 1; 365 366 memcpy(ptr + 2, hdev->dev_name, name_len); 367 368 eir_len += (name_len + 2); 369 ptr += (name_len + 2); 370 } 371 372 memset(uuid16_list, 0, sizeof(uuid16_list)); 373 374 /* Group all UUID16 types */ 375 list_for_each_entry(uuid, &hdev->uuids, list) { 376 u16 uuid16; 377 378 uuid16 = get_uuid16(uuid->uuid); 379 if (uuid16 == 0) 380 return; 381 382 if (uuid16 < 0x1100) 383 continue; 384 385 if (uuid16 == PNP_INFO_SVCLASS_ID) 386 continue; 387 388 /* Stop if not enough space to put next UUID */ 389 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 390 truncated = 1; 391 break; 392 } 393 394 /* Check for duplicates */ 395 for (i = 0; uuid16_list[i] != 0; i++) 396 if (uuid16_list[i] == uuid16) 397 break; 398 399 if (uuid16_list[i] == 0) { 400 uuid16_list[i] = uuid16; 401 eir_len += sizeof(u16); 402 } 403 } 404 405 if (uuid16_list[0] != 0) { 406 u8 *length = ptr; 407 408 /* EIR Data type */ 409 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 410 411 ptr += 2; 412 eir_len += 2; 413 414 for (i = 0; uuid16_list[i] != 0; i++) { 415 *ptr++ = (uuid16_list[i] & 0x00ff); 416 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 417 } 418 419 /* EIR Data length */ 420 *length = (i * sizeof(u16)) + 1; 421 } 422 } 423 424 static int update_eir(struct hci_dev *hdev) 425 { 426 struct hci_cp_write_eir cp; 427 428 if (!(hdev->features[6] & LMP_EXT_INQ)) 429 return 0; 430 431 if (hdev->ssp_mode == 0) 432 return 0; 433 434 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 435 return 0; 436 437 memset(&cp, 0, sizeof(cp)); 438 439 create_eir(hdev, cp.data); 440 441 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 442 return 0; 443 444 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 445 446 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 447 } 448 449 static u8 get_service_classes(struct hci_dev *hdev) 450 { 451 struct bt_uuid *uuid; 452 u8 val = 0; 453 454 list_for_each_entry(uuid, &hdev->uuids, list) 455 val |= uuid->svc_hint; 456 457 return val; 458 } 459 460 static int update_class(struct hci_dev *hdev) 461 { 462 u8 cod[3]; 463 464 BT_DBG("%s", hdev->name); 465 466 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 467 return 0; 468 469 cod[0] = hdev->minor_class; 470 cod[1] = hdev->major_class; 471 cod[2] = get_service_classes(hdev); 472 473 if (memcmp(cod, hdev->dev_class, 3) == 0) 474 return 0; 475 476 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 477 } 478 479 static void service_cache_off(struct work_struct *work) 480 { 481 struct hci_dev *hdev = container_of(work, struct hci_dev, 482 service_cache.work); 483 484 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) 485 return; 486 487 hci_dev_lock(hdev); 488 489 update_eir(hdev); 490 update_class(hdev); 491 492 hci_dev_unlock(hdev); 493 } 494 495 static void mgmt_init_hdev(struct hci_dev *hdev) 496 { 497 if (!test_and_set_bit(HCI_MGMT, &hdev->flags)) 498 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off); 499 500 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->flags)) 501 schedule_delayed_work(&hdev->service_cache, 502 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT)); 503 } 504 505 static int read_controller_info(struct sock *sk, u16 index) 506 { 507 struct mgmt_rp_read_info rp; 508 struct hci_dev *hdev; 509 510 BT_DBG("sock %p hci%u", sk, index); 511 512 hdev = hci_dev_get(index); 513 if (!hdev) 514 return cmd_status(sk, index, MGMT_OP_READ_INFO, 515 MGMT_STATUS_INVALID_PARAMS); 516 517 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags)) 518 cancel_delayed_work_sync(&hdev->power_off); 519 520 hci_dev_lock(hdev); 521 522 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags)) 523 mgmt_init_hdev(hdev); 524 525 memset(&rp, 0, sizeof(rp)); 526 527 bacpy(&rp.bdaddr, &hdev->bdaddr); 528 529 rp.version = hdev->hci_ver; 530 531 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 532 533 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev)); 534 rp.current_settings = cpu_to_le32(get_current_settings(hdev)); 535 536 memcpy(rp.dev_class, hdev->dev_class, 3); 537 538 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 539 540 hci_dev_unlock(hdev); 541 hci_dev_put(hdev); 542 543 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 544 } 545 546 static void mgmt_pending_free(struct pending_cmd *cmd) 547 { 548 sock_put(cmd->sk); 549 kfree(cmd->param); 550 kfree(cmd); 551 } 552 553 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 554 struct hci_dev *hdev, 555 void *data, u16 len) 556 { 557 struct pending_cmd *cmd; 558 559 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 560 if (!cmd) 561 return NULL; 562 563 cmd->opcode = opcode; 564 cmd->index = hdev->id; 565 566 cmd->param = kmalloc(len, GFP_ATOMIC); 567 if (!cmd->param) { 568 kfree(cmd); 569 return NULL; 570 } 571 572 if (data) 573 memcpy(cmd->param, data, len); 574 575 cmd->sk = sk; 576 sock_hold(sk); 577 578 list_add(&cmd->list, &hdev->mgmt_pending); 579 580 return cmd; 581 } 582 583 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, 584 void (*cb)(struct pending_cmd *cmd, void *data), 585 void *data) 586 { 587 struct list_head *p, *n; 588 589 list_for_each_safe(p, n, &hdev->mgmt_pending) { 590 struct pending_cmd *cmd; 591 592 cmd = list_entry(p, struct pending_cmd, list); 593 594 if (opcode > 0 && cmd->opcode != opcode) 595 continue; 596 597 cb(cmd, data); 598 } 599 } 600 601 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev) 602 { 603 struct pending_cmd *cmd; 604 605 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 606 if (cmd->opcode == opcode) 607 return cmd; 608 } 609 610 return NULL; 611 } 612 613 static void mgmt_pending_remove(struct pending_cmd *cmd) 614 { 615 list_del(&cmd->list); 616 mgmt_pending_free(cmd); 617 } 618 619 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev) 620 { 621 __le32 settings = cpu_to_le32(get_current_settings(hdev)); 622 623 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings)); 624 } 625 626 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 627 { 628 struct mgmt_mode *cp; 629 struct hci_dev *hdev; 630 struct pending_cmd *cmd; 631 int err, up; 632 633 cp = (void *) data; 634 635 BT_DBG("request for hci%u", index); 636 637 if (len != sizeof(*cp)) 638 return cmd_status(sk, index, MGMT_OP_SET_POWERED, 639 MGMT_STATUS_INVALID_PARAMS); 640 641 hdev = hci_dev_get(index); 642 if (!hdev) 643 return cmd_status(sk, index, MGMT_OP_SET_POWERED, 644 MGMT_STATUS_INVALID_PARAMS); 645 646 hci_dev_lock(hdev); 647 648 up = test_bit(HCI_UP, &hdev->flags); 649 if ((cp->val && up) || (!cp->val && !up)) { 650 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev); 651 goto failed; 652 } 653 654 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) { 655 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, 656 MGMT_STATUS_BUSY); 657 goto failed; 658 } 659 660 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 661 if (!cmd) { 662 err = -ENOMEM; 663 goto failed; 664 } 665 666 if (cp->val) 667 schedule_work(&hdev->power_on); 668 else 669 schedule_work(&hdev->power_off.work); 670 671 err = 0; 672 673 failed: 674 hci_dev_unlock(hdev); 675 hci_dev_put(hdev); 676 return err; 677 } 678 679 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 680 u16 len) 681 { 682 struct mgmt_cp_set_discoverable *cp; 683 struct hci_dev *hdev; 684 struct pending_cmd *cmd; 685 u8 scan; 686 int err; 687 688 cp = (void *) data; 689 690 BT_DBG("request for hci%u", index); 691 692 if (len != sizeof(*cp)) 693 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 694 MGMT_STATUS_INVALID_PARAMS); 695 696 hdev = hci_dev_get(index); 697 if (!hdev) 698 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 699 MGMT_STATUS_INVALID_PARAMS); 700 701 hci_dev_lock(hdev); 702 703 if (!test_bit(HCI_UP, &hdev->flags)) { 704 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 705 MGMT_STATUS_NOT_POWERED); 706 goto failed; 707 } 708 709 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 710 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 711 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, 712 MGMT_STATUS_BUSY); 713 goto failed; 714 } 715 716 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 717 test_bit(HCI_PSCAN, &hdev->flags)) { 718 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev); 719 goto failed; 720 } 721 722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 723 if (!cmd) { 724 err = -ENOMEM; 725 goto failed; 726 } 727 728 scan = SCAN_PAGE; 729 730 if (cp->val) 731 scan |= SCAN_INQUIRY; 732 else 733 cancel_delayed_work(&hdev->discov_off); 734 735 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 736 if (err < 0) 737 mgmt_pending_remove(cmd); 738 739 if (cp->val) 740 hdev->discov_timeout = get_unaligned_le16(&cp->timeout); 741 742 failed: 743 hci_dev_unlock(hdev); 744 hci_dev_put(hdev); 745 746 return err; 747 } 748 749 static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 750 u16 len) 751 { 752 struct mgmt_mode *cp; 753 struct hci_dev *hdev; 754 struct pending_cmd *cmd; 755 u8 scan; 756 int err; 757 758 cp = (void *) data; 759 760 BT_DBG("request for hci%u", index); 761 762 if (len != sizeof(*cp)) 763 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 764 MGMT_STATUS_INVALID_PARAMS); 765 766 hdev = hci_dev_get(index); 767 if (!hdev) 768 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 769 MGMT_STATUS_INVALID_PARAMS); 770 771 hci_dev_lock(hdev); 772 773 if (!test_bit(HCI_UP, &hdev->flags)) { 774 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 775 MGMT_STATUS_NOT_POWERED); 776 goto failed; 777 } 778 779 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) || 780 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) { 781 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, 782 MGMT_STATUS_BUSY); 783 goto failed; 784 } 785 786 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 787 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev); 788 goto failed; 789 } 790 791 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 792 if (!cmd) { 793 err = -ENOMEM; 794 goto failed; 795 } 796 797 if (cp->val) 798 scan = SCAN_PAGE; 799 else 800 scan = 0; 801 802 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 803 if (err < 0) 804 mgmt_pending_remove(cmd); 805 806 failed: 807 hci_dev_unlock(hdev); 808 hci_dev_put(hdev); 809 810 return err; 811 } 812 813 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, 814 u16 data_len, struct sock *skip_sk) 815 { 816 struct sk_buff *skb; 817 struct mgmt_hdr *hdr; 818 819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 820 if (!skb) 821 return -ENOMEM; 822 823 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 824 825 hdr = (void *) skb_put(skb, sizeof(*hdr)); 826 hdr->opcode = cpu_to_le16(event); 827 if (hdev) 828 hdr->index = cpu_to_le16(hdev->id); 829 else 830 hdr->index = cpu_to_le16(MGMT_INDEX_NONE); 831 hdr->len = cpu_to_le16(data_len); 832 833 if (data) 834 memcpy(skb_put(skb, data_len), data, data_len); 835 836 hci_send_to_sock(NULL, skb, skip_sk); 837 kfree_skb(skb); 838 839 return 0; 840 } 841 842 static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 843 u16 len) 844 { 845 struct mgmt_mode *cp; 846 struct hci_dev *hdev; 847 __le32 ev; 848 int err; 849 850 cp = (void *) data; 851 852 BT_DBG("request for hci%u", index); 853 854 if (len != sizeof(*cp)) 855 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 856 MGMT_STATUS_INVALID_PARAMS); 857 858 hdev = hci_dev_get(index); 859 if (!hdev) 860 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, 861 MGMT_STATUS_INVALID_PARAMS); 862 863 hci_dev_lock(hdev); 864 865 if (cp->val) 866 set_bit(HCI_PAIRABLE, &hdev->flags); 867 else 868 clear_bit(HCI_PAIRABLE, &hdev->flags); 869 870 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev); 871 if (err < 0) 872 goto failed; 873 874 ev = cpu_to_le32(get_current_settings(hdev)); 875 876 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk); 877 878 failed: 879 hci_dev_unlock(hdev); 880 hci_dev_put(hdev); 881 882 return err; 883 } 884 885 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 886 { 887 struct mgmt_cp_add_uuid *cp; 888 struct hci_dev *hdev; 889 struct bt_uuid *uuid; 890 int err; 891 892 cp = (void *) data; 893 894 BT_DBG("request for hci%u", index); 895 896 if (len != sizeof(*cp)) 897 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 898 MGMT_STATUS_INVALID_PARAMS); 899 900 hdev = hci_dev_get(index); 901 if (!hdev) 902 return cmd_status(sk, index, MGMT_OP_ADD_UUID, 903 MGMT_STATUS_INVALID_PARAMS); 904 905 hci_dev_lock(hdev); 906 907 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 908 if (!uuid) { 909 err = -ENOMEM; 910 goto failed; 911 } 912 913 memcpy(uuid->uuid, cp->uuid, 16); 914 uuid->svc_hint = cp->svc_hint; 915 916 list_add(&uuid->list, &hdev->uuids); 917 918 err = update_class(hdev); 919 if (err < 0) 920 goto failed; 921 922 err = update_eir(hdev); 923 if (err < 0) 924 goto failed; 925 926 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 927 928 failed: 929 hci_dev_unlock(hdev); 930 hci_dev_put(hdev); 931 932 return err; 933 } 934 935 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 936 { 937 struct list_head *p, *n; 938 struct mgmt_cp_remove_uuid *cp; 939 struct hci_dev *hdev; 940 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 941 int err, found; 942 943 cp = (void *) data; 944 945 BT_DBG("request for hci%u", index); 946 947 if (len != sizeof(*cp)) 948 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 949 MGMT_STATUS_INVALID_PARAMS); 950 951 hdev = hci_dev_get(index); 952 if (!hdev) 953 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 954 MGMT_STATUS_INVALID_PARAMS); 955 956 hci_dev_lock(hdev); 957 958 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 959 err = hci_uuids_clear(hdev); 960 goto unlock; 961 } 962 963 found = 0; 964 965 list_for_each_safe(p, n, &hdev->uuids) { 966 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 967 968 if (memcmp(match->uuid, cp->uuid, 16) != 0) 969 continue; 970 971 list_del(&match->list); 972 found++; 973 } 974 975 if (found == 0) { 976 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, 977 MGMT_STATUS_INVALID_PARAMS); 978 goto unlock; 979 } 980 981 err = update_class(hdev); 982 if (err < 0) 983 goto unlock; 984 985 err = update_eir(hdev); 986 if (err < 0) 987 goto unlock; 988 989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 990 991 unlock: 992 hci_dev_unlock(hdev); 993 hci_dev_put(hdev); 994 995 return err; 996 } 997 998 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 999 u16 len) 1000 { 1001 struct hci_dev *hdev; 1002 struct mgmt_cp_set_dev_class *cp; 1003 int err; 1004 1005 cp = (void *) data; 1006 1007 BT_DBG("request for hci%u", index); 1008 1009 if (len != sizeof(*cp)) 1010 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, 1011 MGMT_STATUS_INVALID_PARAMS); 1012 1013 hdev = hci_dev_get(index); 1014 if (!hdev) 1015 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, 1016 MGMT_STATUS_INVALID_PARAMS); 1017 1018 hci_dev_lock(hdev); 1019 1020 hdev->major_class = cp->major; 1021 hdev->minor_class = cp->minor; 1022 1023 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) { 1024 hci_dev_unlock(hdev); 1025 cancel_delayed_work_sync(&hdev->service_cache); 1026 hci_dev_lock(hdev); 1027 update_eir(hdev); 1028 } 1029 1030 err = update_class(hdev); 1031 1032 if (err == 0) 1033 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 1034 1035 hci_dev_unlock(hdev); 1036 hci_dev_put(hdev); 1037 1038 return err; 1039 } 1040 1041 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data, 1042 u16 len) 1043 { 1044 struct hci_dev *hdev; 1045 struct mgmt_cp_load_link_keys *cp; 1046 u16 key_count, expected_len; 1047 int i; 1048 1049 cp = (void *) data; 1050 1051 if (len < sizeof(*cp)) 1052 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1053 MGMT_STATUS_INVALID_PARAMS); 1054 1055 key_count = get_unaligned_le16(&cp->key_count); 1056 1057 expected_len = sizeof(*cp) + key_count * 1058 sizeof(struct mgmt_link_key_info); 1059 if (expected_len != len) { 1060 BT_ERR("load_link_keys: expected %u bytes, got %u bytes", 1061 len, expected_len); 1062 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1063 MGMT_STATUS_INVALID_PARAMS); 1064 } 1065 1066 hdev = hci_dev_get(index); 1067 if (!hdev) 1068 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, 1069 MGMT_STATUS_INVALID_PARAMS); 1070 1071 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 1072 key_count); 1073 1074 hci_dev_lock(hdev); 1075 1076 hci_link_keys_clear(hdev); 1077 1078 set_bit(HCI_LINK_KEYS, &hdev->flags); 1079 1080 if (cp->debug_keys) 1081 set_bit(HCI_DEBUG_KEYS, &hdev->flags); 1082 else 1083 clear_bit(HCI_DEBUG_KEYS, &hdev->flags); 1084 1085 for (i = 0; i < key_count; i++) { 1086 struct mgmt_link_key_info *key = &cp->keys[i]; 1087 1088 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, 1089 key->pin_len); 1090 } 1091 1092 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0); 1093 1094 hci_dev_unlock(hdev); 1095 hci_dev_put(hdev); 1096 1097 return 0; 1098 } 1099 1100 static int remove_keys(struct sock *sk, u16 index, unsigned char *data, 1101 u16 len) 1102 { 1103 struct hci_dev *hdev; 1104 struct mgmt_cp_remove_keys *cp; 1105 struct mgmt_rp_remove_keys rp; 1106 struct hci_cp_disconnect dc; 1107 struct pending_cmd *cmd; 1108 struct hci_conn *conn; 1109 int err; 1110 1111 cp = (void *) data; 1112 1113 if (len != sizeof(*cp)) 1114 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, 1115 MGMT_STATUS_INVALID_PARAMS); 1116 1117 hdev = hci_dev_get(index); 1118 if (!hdev) 1119 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, 1120 MGMT_STATUS_INVALID_PARAMS); 1121 1122 hci_dev_lock(hdev); 1123 1124 memset(&rp, 0, sizeof(rp)); 1125 bacpy(&rp.bdaddr, &cp->bdaddr); 1126 rp.status = MGMT_STATUS_FAILED; 1127 1128 err = hci_remove_link_key(hdev, &cp->bdaddr); 1129 if (err < 0) { 1130 rp.status = MGMT_STATUS_NOT_PAIRED; 1131 goto unlock; 1132 } 1133 1134 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) { 1135 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1136 sizeof(rp)); 1137 goto unlock; 1138 } 1139 1140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1141 if (!conn) { 1142 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1143 sizeof(rp)); 1144 goto unlock; 1145 } 1146 1147 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp)); 1148 if (!cmd) { 1149 err = -ENOMEM; 1150 goto unlock; 1151 } 1152 1153 put_unaligned_le16(conn->handle, &dc.handle); 1154 dc.reason = 0x13; /* Remote User Terminated Connection */ 1155 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1156 if (err < 0) 1157 mgmt_pending_remove(cmd); 1158 1159 unlock: 1160 if (err < 0) 1161 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp, 1162 sizeof(rp)); 1163 hci_dev_unlock(hdev); 1164 hci_dev_put(hdev); 1165 1166 return err; 1167 } 1168 1169 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 1170 { 1171 struct hci_dev *hdev; 1172 struct mgmt_cp_disconnect *cp; 1173 struct hci_cp_disconnect dc; 1174 struct pending_cmd *cmd; 1175 struct hci_conn *conn; 1176 int err; 1177 1178 BT_DBG(""); 1179 1180 cp = (void *) data; 1181 1182 if (len != sizeof(*cp)) 1183 return cmd_status(sk, index, MGMT_OP_DISCONNECT, 1184 MGMT_STATUS_INVALID_PARAMS); 1185 1186 hdev = hci_dev_get(index); 1187 if (!hdev) 1188 return cmd_status(sk, index, MGMT_OP_DISCONNECT, 1189 MGMT_STATUS_INVALID_PARAMS); 1190 1191 hci_dev_lock(hdev); 1192 1193 if (!test_bit(HCI_UP, &hdev->flags)) { 1194 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1195 MGMT_STATUS_NOT_POWERED); 1196 goto failed; 1197 } 1198 1199 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) { 1200 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1201 MGMT_STATUS_BUSY); 1202 goto failed; 1203 } 1204 1205 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1206 if (!conn) 1207 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr); 1208 1209 if (!conn) { 1210 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, 1211 MGMT_STATUS_NOT_CONNECTED); 1212 goto failed; 1213 } 1214 1215 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len); 1216 if (!cmd) { 1217 err = -ENOMEM; 1218 goto failed; 1219 } 1220 1221 put_unaligned_le16(conn->handle, &dc.handle); 1222 dc.reason = 0x13; /* Remote User Terminated Connection */ 1223 1224 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1225 if (err < 0) 1226 mgmt_pending_remove(cmd); 1227 1228 failed: 1229 hci_dev_unlock(hdev); 1230 hci_dev_put(hdev); 1231 1232 return err; 1233 } 1234 1235 static u8 link_to_mgmt(u8 link_type, u8 addr_type) 1236 { 1237 switch (link_type) { 1238 case LE_LINK: 1239 switch (addr_type) { 1240 case ADDR_LE_DEV_PUBLIC: 1241 return MGMT_ADDR_LE_PUBLIC; 1242 case ADDR_LE_DEV_RANDOM: 1243 return MGMT_ADDR_LE_RANDOM; 1244 default: 1245 return MGMT_ADDR_INVALID; 1246 } 1247 case ACL_LINK: 1248 return MGMT_ADDR_BREDR; 1249 default: 1250 return MGMT_ADDR_INVALID; 1251 } 1252 } 1253 1254 static int get_connections(struct sock *sk, u16 index) 1255 { 1256 struct mgmt_rp_get_connections *rp; 1257 struct hci_dev *hdev; 1258 struct hci_conn *c; 1259 struct list_head *p; 1260 size_t rp_len; 1261 u16 count; 1262 int i, err; 1263 1264 BT_DBG(""); 1265 1266 hdev = hci_dev_get(index); 1267 if (!hdev) 1268 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, 1269 MGMT_STATUS_INVALID_PARAMS); 1270 1271 hci_dev_lock(hdev); 1272 1273 count = 0; 1274 list_for_each(p, &hdev->conn_hash.list) { 1275 count++; 1276 } 1277 1278 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info)); 1279 rp = kmalloc(rp_len, GFP_ATOMIC); 1280 if (!rp) { 1281 err = -ENOMEM; 1282 goto unlock; 1283 } 1284 1285 put_unaligned_le16(count, &rp->conn_count); 1286 1287 i = 0; 1288 list_for_each_entry(c, &hdev->conn_hash.list, list) { 1289 bacpy(&rp->addr[i].bdaddr, &c->dst); 1290 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type); 1291 if (rp->addr[i].type == MGMT_ADDR_INVALID) 1292 continue; 1293 i++; 1294 } 1295 1296 /* Recalculate length in case of filtered SCO connections, etc */ 1297 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info)); 1298 1299 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 1300 1301 unlock: 1302 kfree(rp); 1303 hci_dev_unlock(hdev); 1304 hci_dev_put(hdev); 1305 return err; 1306 } 1307 1308 static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1309 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1310 { 1311 struct pending_cmd *cmd; 1312 int err; 1313 1314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp, 1315 sizeof(*cp)); 1316 if (!cmd) 1317 return -ENOMEM; 1318 1319 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1320 &cp->bdaddr); 1321 if (err < 0) 1322 mgmt_pending_remove(cmd); 1323 1324 return err; 1325 } 1326 1327 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 1328 u16 len) 1329 { 1330 struct hci_dev *hdev; 1331 struct hci_conn *conn; 1332 struct mgmt_cp_pin_code_reply *cp; 1333 struct mgmt_cp_pin_code_neg_reply ncp; 1334 struct hci_cp_pin_code_reply reply; 1335 struct pending_cmd *cmd; 1336 int err; 1337 1338 BT_DBG(""); 1339 1340 cp = (void *) data; 1341 1342 if (len != sizeof(*cp)) 1343 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1344 MGMT_STATUS_INVALID_PARAMS); 1345 1346 hdev = hci_dev_get(index); 1347 if (!hdev) 1348 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1349 MGMT_STATUS_INVALID_PARAMS); 1350 1351 hci_dev_lock(hdev); 1352 1353 if (!test_bit(HCI_UP, &hdev->flags)) { 1354 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1355 MGMT_STATUS_NOT_POWERED); 1356 goto failed; 1357 } 1358 1359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1360 if (!conn) { 1361 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1362 MGMT_STATUS_NOT_CONNECTED); 1363 goto failed; 1364 } 1365 1366 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1367 bacpy(&ncp.bdaddr, &cp->bdaddr); 1368 1369 BT_ERR("PIN code is not 16 bytes long"); 1370 1371 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1372 if (err >= 0) 1373 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1374 MGMT_STATUS_INVALID_PARAMS); 1375 1376 goto failed; 1377 } 1378 1379 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len); 1380 if (!cmd) { 1381 err = -ENOMEM; 1382 goto failed; 1383 } 1384 1385 bacpy(&reply.bdaddr, &cp->bdaddr); 1386 reply.pin_len = cp->pin_len; 1387 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1388 1389 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1390 if (err < 0) 1391 mgmt_pending_remove(cmd); 1392 1393 failed: 1394 hci_dev_unlock(hdev); 1395 hci_dev_put(hdev); 1396 1397 return err; 1398 } 1399 1400 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1401 u16 len) 1402 { 1403 struct hci_dev *hdev; 1404 struct mgmt_cp_pin_code_neg_reply *cp; 1405 int err; 1406 1407 BT_DBG(""); 1408 1409 cp = (void *) data; 1410 1411 if (len != sizeof(*cp)) 1412 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1413 MGMT_STATUS_INVALID_PARAMS); 1414 1415 hdev = hci_dev_get(index); 1416 if (!hdev) 1417 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1418 MGMT_STATUS_INVALID_PARAMS); 1419 1420 hci_dev_lock(hdev); 1421 1422 if (!test_bit(HCI_UP, &hdev->flags)) { 1423 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1424 MGMT_STATUS_NOT_POWERED); 1425 goto failed; 1426 } 1427 1428 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1429 1430 failed: 1431 hci_dev_unlock(hdev); 1432 hci_dev_put(hdev); 1433 1434 return err; 1435 } 1436 1437 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1438 u16 len) 1439 { 1440 struct hci_dev *hdev; 1441 struct mgmt_cp_set_io_capability *cp; 1442 1443 BT_DBG(""); 1444 1445 cp = (void *) data; 1446 1447 if (len != sizeof(*cp)) 1448 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, 1449 MGMT_STATUS_INVALID_PARAMS); 1450 1451 hdev = hci_dev_get(index); 1452 if (!hdev) 1453 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, 1454 MGMT_STATUS_INVALID_PARAMS); 1455 1456 hci_dev_lock(hdev); 1457 1458 hdev->io_capability = cp->io_capability; 1459 1460 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1461 hdev->io_capability); 1462 1463 hci_dev_unlock(hdev); 1464 hci_dev_put(hdev); 1465 1466 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1467 } 1468 1469 static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1470 { 1471 struct hci_dev *hdev = conn->hdev; 1472 struct pending_cmd *cmd; 1473 1474 list_for_each_entry(cmd, &hdev->mgmt_pending, list) { 1475 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1476 continue; 1477 1478 if (cmd->user_data != conn) 1479 continue; 1480 1481 return cmd; 1482 } 1483 1484 return NULL; 1485 } 1486 1487 static void pairing_complete(struct pending_cmd *cmd, u8 status) 1488 { 1489 struct mgmt_rp_pair_device rp; 1490 struct hci_conn *conn = cmd->user_data; 1491 1492 bacpy(&rp.addr.bdaddr, &conn->dst); 1493 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type); 1494 rp.status = status; 1495 1496 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1497 1498 /* So we don't get further callbacks for this connection */ 1499 conn->connect_cfm_cb = NULL; 1500 conn->security_cfm_cb = NULL; 1501 conn->disconn_cfm_cb = NULL; 1502 1503 hci_conn_put(conn); 1504 1505 mgmt_pending_remove(cmd); 1506 } 1507 1508 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1509 { 1510 struct pending_cmd *cmd; 1511 1512 BT_DBG("status %u", status); 1513 1514 cmd = find_pairing(conn); 1515 if (!cmd) 1516 BT_DBG("Unable to find a pending command"); 1517 else 1518 pairing_complete(cmd, status); 1519 } 1520 1521 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1522 { 1523 struct hci_dev *hdev; 1524 struct mgmt_cp_pair_device *cp; 1525 struct mgmt_rp_pair_device rp; 1526 struct pending_cmd *cmd; 1527 u8 sec_level, auth_type; 1528 struct hci_conn *conn; 1529 int err; 1530 1531 BT_DBG(""); 1532 1533 cp = (void *) data; 1534 1535 if (len != sizeof(*cp)) 1536 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, 1537 MGMT_STATUS_INVALID_PARAMS); 1538 1539 hdev = hci_dev_get(index); 1540 if (!hdev) 1541 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, 1542 MGMT_STATUS_INVALID_PARAMS); 1543 1544 hci_dev_lock(hdev); 1545 1546 sec_level = BT_SECURITY_MEDIUM; 1547 if (cp->io_cap == 0x03) 1548 auth_type = HCI_AT_DEDICATED_BONDING; 1549 else 1550 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1551 1552 if (cp->addr.type == MGMT_ADDR_BREDR) 1553 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level, 1554 auth_type); 1555 else 1556 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level, 1557 auth_type); 1558 1559 memset(&rp, 0, sizeof(rp)); 1560 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr); 1561 rp.addr.type = cp->addr.type; 1562 1563 if (IS_ERR(conn)) { 1564 rp.status = -PTR_ERR(conn); 1565 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1566 &rp, sizeof(rp)); 1567 goto unlock; 1568 } 1569 1570 if (conn->connect_cfm_cb) { 1571 hci_conn_put(conn); 1572 rp.status = EBUSY; 1573 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE, 1574 &rp, sizeof(rp)); 1575 goto unlock; 1576 } 1577 1578 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 1579 if (!cmd) { 1580 err = -ENOMEM; 1581 hci_conn_put(conn); 1582 goto unlock; 1583 } 1584 1585 /* For LE, just connecting isn't a proof that the pairing finished */ 1586 if (cp->addr.type == MGMT_ADDR_BREDR) 1587 conn->connect_cfm_cb = pairing_complete_cb; 1588 1589 conn->security_cfm_cb = pairing_complete_cb; 1590 conn->disconn_cfm_cb = pairing_complete_cb; 1591 conn->io_capability = cp->io_cap; 1592 cmd->user_data = conn; 1593 1594 if (conn->state == BT_CONNECTED && 1595 hci_conn_security(conn, sec_level, auth_type)) 1596 pairing_complete(cmd, 0); 1597 1598 err = 0; 1599 1600 unlock: 1601 hci_dev_unlock(hdev); 1602 hci_dev_put(hdev); 1603 1604 return err; 1605 } 1606 1607 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr, 1608 u16 mgmt_op, u16 hci_op, __le32 passkey) 1609 { 1610 struct pending_cmd *cmd; 1611 struct hci_dev *hdev; 1612 struct hci_conn *conn; 1613 int err; 1614 1615 hdev = hci_dev_get(index); 1616 if (!hdev) 1617 return cmd_status(sk, index, mgmt_op, 1618 MGMT_STATUS_INVALID_PARAMS); 1619 1620 hci_dev_lock(hdev); 1621 1622 if (!test_bit(HCI_UP, &hdev->flags)) { 1623 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED); 1624 goto done; 1625 } 1626 1627 /* 1628 * Check for an existing ACL link, if present pair via 1629 * HCI commands. 1630 * 1631 * If no ACL link is present, check for an LE link and if 1632 * present, pair via the SMP engine. 1633 * 1634 * If neither ACL nor LE links are present, fail with error. 1635 */ 1636 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr); 1637 if (!conn) { 1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr); 1639 if (!conn) { 1640 err = cmd_status(sk, index, mgmt_op, 1641 MGMT_STATUS_NOT_CONNECTED); 1642 goto done; 1643 } 1644 1645 /* Continue with pairing via SMP */ 1646 err = smp_user_confirm_reply(conn, mgmt_op, passkey); 1647 1648 if (!err) 1649 err = cmd_status(sk, index, mgmt_op, 1650 MGMT_STATUS_SUCCESS); 1651 else 1652 err = cmd_status(sk, index, mgmt_op, 1653 MGMT_STATUS_FAILED); 1654 1655 goto done; 1656 } 1657 1658 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr)); 1659 if (!cmd) { 1660 err = -ENOMEM; 1661 goto done; 1662 } 1663 1664 /* Continue with pairing via HCI */ 1665 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) { 1666 struct hci_cp_user_passkey_reply cp; 1667 1668 bacpy(&cp.bdaddr, bdaddr); 1669 cp.passkey = passkey; 1670 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp); 1671 } else 1672 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr); 1673 1674 if (err < 0) 1675 mgmt_pending_remove(cmd); 1676 1677 done: 1678 hci_dev_unlock(hdev); 1679 hci_dev_put(hdev); 1680 1681 return err; 1682 } 1683 1684 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len) 1685 { 1686 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 1687 1688 BT_DBG(""); 1689 1690 if (len != sizeof(*cp)) 1691 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY, 1692 MGMT_STATUS_INVALID_PARAMS); 1693 1694 return user_pairing_resp(sk, index, &cp->bdaddr, 1695 MGMT_OP_USER_CONFIRM_REPLY, 1696 HCI_OP_USER_CONFIRM_REPLY, 0); 1697 } 1698 1699 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data, 1700 u16 len) 1701 { 1702 struct mgmt_cp_user_confirm_neg_reply *cp = data; 1703 1704 BT_DBG(""); 1705 1706 if (len != sizeof(*cp)) 1707 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY, 1708 MGMT_STATUS_INVALID_PARAMS); 1709 1710 return user_pairing_resp(sk, index, &cp->bdaddr, 1711 MGMT_OP_USER_CONFIRM_NEG_REPLY, 1712 HCI_OP_USER_CONFIRM_NEG_REPLY, 0); 1713 } 1714 1715 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len) 1716 { 1717 struct mgmt_cp_user_passkey_reply *cp = (void *) data; 1718 1719 BT_DBG(""); 1720 1721 if (len != sizeof(*cp)) 1722 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY, 1723 EINVAL); 1724 1725 return user_pairing_resp(sk, index, &cp->bdaddr, 1726 MGMT_OP_USER_PASSKEY_REPLY, 1727 HCI_OP_USER_PASSKEY_REPLY, cp->passkey); 1728 } 1729 1730 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data, 1731 u16 len) 1732 { 1733 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data; 1734 1735 BT_DBG(""); 1736 1737 if (len != sizeof(*cp)) 1738 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY, 1739 EINVAL); 1740 1741 return user_pairing_resp(sk, index, &cp->bdaddr, 1742 MGMT_OP_USER_PASSKEY_NEG_REPLY, 1743 HCI_OP_USER_PASSKEY_NEG_REPLY, 0); 1744 } 1745 1746 static int set_local_name(struct sock *sk, u16 index, unsigned char *data, 1747 u16 len) 1748 { 1749 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data; 1750 struct hci_cp_write_local_name hci_cp; 1751 struct hci_dev *hdev; 1752 struct pending_cmd *cmd; 1753 int err; 1754 1755 BT_DBG(""); 1756 1757 if (len != sizeof(*mgmt_cp)) 1758 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, 1759 MGMT_STATUS_INVALID_PARAMS); 1760 1761 hdev = hci_dev_get(index); 1762 if (!hdev) 1763 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, 1764 MGMT_STATUS_INVALID_PARAMS); 1765 1766 hci_dev_lock(hdev); 1767 1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len); 1769 if (!cmd) { 1770 err = -ENOMEM; 1771 goto failed; 1772 } 1773 1774 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 1775 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 1776 &hci_cp); 1777 if (err < 0) 1778 mgmt_pending_remove(cmd); 1779 1780 failed: 1781 hci_dev_unlock(hdev); 1782 hci_dev_put(hdev); 1783 1784 return err; 1785 } 1786 1787 static int read_local_oob_data(struct sock *sk, u16 index) 1788 { 1789 struct hci_dev *hdev; 1790 struct pending_cmd *cmd; 1791 int err; 1792 1793 BT_DBG("hci%u", index); 1794 1795 hdev = hci_dev_get(index); 1796 if (!hdev) 1797 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1798 MGMT_STATUS_INVALID_PARAMS); 1799 1800 hci_dev_lock(hdev); 1801 1802 if (!test_bit(HCI_UP, &hdev->flags)) { 1803 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1804 MGMT_STATUS_NOT_POWERED); 1805 goto unlock; 1806 } 1807 1808 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1809 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1810 MGMT_STATUS_NOT_SUPPORTED); 1811 goto unlock; 1812 } 1813 1814 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 1815 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1816 MGMT_STATUS_BUSY); 1817 goto unlock; 1818 } 1819 1820 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 1821 if (!cmd) { 1822 err = -ENOMEM; 1823 goto unlock; 1824 } 1825 1826 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 1827 if (err < 0) 1828 mgmt_pending_remove(cmd); 1829 1830 unlock: 1831 hci_dev_unlock(hdev); 1832 hci_dev_put(hdev); 1833 1834 return err; 1835 } 1836 1837 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, 1838 u16 len) 1839 { 1840 struct hci_dev *hdev; 1841 struct mgmt_cp_add_remote_oob_data *cp = (void *) data; 1842 int err; 1843 1844 BT_DBG("hci%u ", index); 1845 1846 if (len != sizeof(*cp)) 1847 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1848 MGMT_STATUS_INVALID_PARAMS); 1849 1850 hdev = hci_dev_get(index); 1851 if (!hdev) 1852 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1853 MGMT_STATUS_INVALID_PARAMS); 1854 1855 hci_dev_lock(hdev); 1856 1857 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, 1858 cp->randomizer); 1859 if (err < 0) 1860 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1861 MGMT_STATUS_FAILED); 1862 else 1863 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, 1864 0); 1865 1866 hci_dev_unlock(hdev); 1867 hci_dev_put(hdev); 1868 1869 return err; 1870 } 1871 1872 static int remove_remote_oob_data(struct sock *sk, u16 index, 1873 unsigned char *data, u16 len) 1874 { 1875 struct hci_dev *hdev; 1876 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data; 1877 int err; 1878 1879 BT_DBG("hci%u ", index); 1880 1881 if (len != sizeof(*cp)) 1882 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1883 MGMT_STATUS_INVALID_PARAMS); 1884 1885 hdev = hci_dev_get(index); 1886 if (!hdev) 1887 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1888 MGMT_STATUS_INVALID_PARAMS); 1889 1890 hci_dev_lock(hdev); 1891 1892 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); 1893 if (err < 0) 1894 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1895 MGMT_STATUS_INVALID_PARAMS); 1896 else 1897 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1898 NULL, 0); 1899 1900 hci_dev_unlock(hdev); 1901 hci_dev_put(hdev); 1902 1903 return err; 1904 } 1905 1906 static int start_discovery(struct sock *sk, u16 index, 1907 unsigned char *data, u16 len) 1908 { 1909 struct mgmt_cp_start_discovery *cp = (void *) data; 1910 struct pending_cmd *cmd; 1911 struct hci_dev *hdev; 1912 int err; 1913 1914 BT_DBG("hci%u", index); 1915 1916 if (len != sizeof(*cp)) 1917 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 1918 MGMT_STATUS_INVALID_PARAMS); 1919 1920 hdev = hci_dev_get(index); 1921 if (!hdev) 1922 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 1923 MGMT_STATUS_INVALID_PARAMS); 1924 1925 hci_dev_lock(hdev); 1926 1927 if (!test_bit(HCI_UP, &hdev->flags)) { 1928 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, 1929 MGMT_STATUS_NOT_POWERED); 1930 goto failed; 1931 } 1932 1933 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0); 1934 if (!cmd) { 1935 err = -ENOMEM; 1936 goto failed; 1937 } 1938 1939 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR); 1940 if (err < 0) 1941 mgmt_pending_remove(cmd); 1942 1943 failed: 1944 hci_dev_unlock(hdev); 1945 hci_dev_put(hdev); 1946 1947 return err; 1948 } 1949 1950 static int stop_discovery(struct sock *sk, u16 index) 1951 { 1952 struct hci_dev *hdev; 1953 struct pending_cmd *cmd; 1954 int err; 1955 1956 BT_DBG("hci%u", index); 1957 1958 hdev = hci_dev_get(index); 1959 if (!hdev) 1960 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, 1961 MGMT_STATUS_INVALID_PARAMS); 1962 1963 hci_dev_lock(hdev); 1964 1965 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0); 1966 if (!cmd) { 1967 err = -ENOMEM; 1968 goto failed; 1969 } 1970 1971 err = hci_cancel_inquiry(hdev); 1972 if (err < 0) 1973 mgmt_pending_remove(cmd); 1974 1975 failed: 1976 hci_dev_unlock(hdev); 1977 hci_dev_put(hdev); 1978 1979 return err; 1980 } 1981 1982 static int block_device(struct sock *sk, u16 index, unsigned char *data, 1983 u16 len) 1984 { 1985 struct hci_dev *hdev; 1986 struct mgmt_cp_block_device *cp = (void *) data; 1987 int err; 1988 1989 BT_DBG("hci%u", index); 1990 1991 if (len != sizeof(*cp)) 1992 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1993 MGMT_STATUS_INVALID_PARAMS); 1994 1995 hdev = hci_dev_get(index); 1996 if (!hdev) 1997 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1998 MGMT_STATUS_INVALID_PARAMS); 1999 2000 hci_dev_lock(hdev); 2001 2002 err = hci_blacklist_add(hdev, &cp->bdaddr); 2003 if (err < 0) 2004 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 2005 MGMT_STATUS_FAILED); 2006 else 2007 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 2008 NULL, 0); 2009 2010 hci_dev_unlock(hdev); 2011 hci_dev_put(hdev); 2012 2013 return err; 2014 } 2015 2016 static int unblock_device(struct sock *sk, u16 index, unsigned char *data, 2017 u16 len) 2018 { 2019 struct hci_dev *hdev; 2020 struct mgmt_cp_unblock_device *cp = (void *) data; 2021 int err; 2022 2023 BT_DBG("hci%u", index); 2024 2025 if (len != sizeof(*cp)) 2026 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2027 MGMT_STATUS_INVALID_PARAMS); 2028 2029 hdev = hci_dev_get(index); 2030 if (!hdev) 2031 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2032 MGMT_STATUS_INVALID_PARAMS); 2033 2034 hci_dev_lock(hdev); 2035 2036 err = hci_blacklist_del(hdev, &cp->bdaddr); 2037 2038 if (err < 0) 2039 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2040 MGMT_STATUS_INVALID_PARAMS); 2041 else 2042 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 2043 NULL, 0); 2044 2045 hci_dev_unlock(hdev); 2046 hci_dev_put(hdev); 2047 2048 return err; 2049 } 2050 2051 static int set_fast_connectable(struct sock *sk, u16 index, 2052 unsigned char *data, u16 len) 2053 { 2054 struct hci_dev *hdev; 2055 struct mgmt_mode *cp = (void *) data; 2056 struct hci_cp_write_page_scan_activity acp; 2057 u8 type; 2058 int err; 2059 2060 BT_DBG("hci%u", index); 2061 2062 if (len != sizeof(*cp)) 2063 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2064 MGMT_STATUS_INVALID_PARAMS); 2065 2066 hdev = hci_dev_get(index); 2067 if (!hdev) 2068 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2069 MGMT_STATUS_INVALID_PARAMS); 2070 2071 hci_dev_lock(hdev); 2072 2073 if (cp->val) { 2074 type = PAGE_SCAN_TYPE_INTERLACED; 2075 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 2076 } else { 2077 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 2078 acp.interval = 0x0800; /* default 1.28 sec page scan */ 2079 } 2080 2081 acp.window = 0x0012; /* default 11.25 msec page scan window */ 2082 2083 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 2084 sizeof(acp), &acp); 2085 if (err < 0) { 2086 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2087 MGMT_STATUS_FAILED); 2088 goto done; 2089 } 2090 2091 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 2092 if (err < 0) { 2093 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2094 MGMT_STATUS_FAILED); 2095 goto done; 2096 } 2097 2098 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 2099 NULL, 0); 2100 done: 2101 hci_dev_unlock(hdev); 2102 hci_dev_put(hdev); 2103 2104 return err; 2105 } 2106 2107 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 2108 { 2109 unsigned char *buf; 2110 struct mgmt_hdr *hdr; 2111 u16 opcode, index, len; 2112 int err; 2113 2114 BT_DBG("got %zu bytes", msglen); 2115 2116 if (msglen < sizeof(*hdr)) 2117 return -EINVAL; 2118 2119 buf = kmalloc(msglen, GFP_KERNEL); 2120 if (!buf) 2121 return -ENOMEM; 2122 2123 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 2124 err = -EFAULT; 2125 goto done; 2126 } 2127 2128 hdr = (struct mgmt_hdr *) buf; 2129 opcode = get_unaligned_le16(&hdr->opcode); 2130 index = get_unaligned_le16(&hdr->index); 2131 len = get_unaligned_le16(&hdr->len); 2132 2133 if (len != msglen - sizeof(*hdr)) { 2134 err = -EINVAL; 2135 goto done; 2136 } 2137 2138 switch (opcode) { 2139 case MGMT_OP_READ_VERSION: 2140 err = read_version(sk); 2141 break; 2142 case MGMT_OP_READ_INDEX_LIST: 2143 err = read_index_list(sk); 2144 break; 2145 case MGMT_OP_READ_INFO: 2146 err = read_controller_info(sk, index); 2147 break; 2148 case MGMT_OP_SET_POWERED: 2149 err = set_powered(sk, index, buf + sizeof(*hdr), len); 2150 break; 2151 case MGMT_OP_SET_DISCOVERABLE: 2152 err = set_discoverable(sk, index, buf + sizeof(*hdr), len); 2153 break; 2154 case MGMT_OP_SET_CONNECTABLE: 2155 err = set_connectable(sk, index, buf + sizeof(*hdr), len); 2156 break; 2157 case MGMT_OP_SET_FAST_CONNECTABLE: 2158 err = set_fast_connectable(sk, index, buf + sizeof(*hdr), 2159 len); 2160 break; 2161 case MGMT_OP_SET_PAIRABLE: 2162 err = set_pairable(sk, index, buf + sizeof(*hdr), len); 2163 break; 2164 case MGMT_OP_ADD_UUID: 2165 err = add_uuid(sk, index, buf + sizeof(*hdr), len); 2166 break; 2167 case MGMT_OP_REMOVE_UUID: 2168 err = remove_uuid(sk, index, buf + sizeof(*hdr), len); 2169 break; 2170 case MGMT_OP_SET_DEV_CLASS: 2171 err = set_dev_class(sk, index, buf + sizeof(*hdr), len); 2172 break; 2173 case MGMT_OP_LOAD_LINK_KEYS: 2174 err = load_link_keys(sk, index, buf + sizeof(*hdr), len); 2175 break; 2176 case MGMT_OP_REMOVE_KEYS: 2177 err = remove_keys(sk, index, buf + sizeof(*hdr), len); 2178 break; 2179 case MGMT_OP_DISCONNECT: 2180 err = disconnect(sk, index, buf + sizeof(*hdr), len); 2181 break; 2182 case MGMT_OP_GET_CONNECTIONS: 2183 err = get_connections(sk, index); 2184 break; 2185 case MGMT_OP_PIN_CODE_REPLY: 2186 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len); 2187 break; 2188 case MGMT_OP_PIN_CODE_NEG_REPLY: 2189 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len); 2190 break; 2191 case MGMT_OP_SET_IO_CAPABILITY: 2192 err = set_io_capability(sk, index, buf + sizeof(*hdr), len); 2193 break; 2194 case MGMT_OP_PAIR_DEVICE: 2195 err = pair_device(sk, index, buf + sizeof(*hdr), len); 2196 break; 2197 case MGMT_OP_USER_CONFIRM_REPLY: 2198 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len); 2199 break; 2200 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 2201 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr), 2202 len); 2203 break; 2204 case MGMT_OP_USER_PASSKEY_REPLY: 2205 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len); 2206 break; 2207 case MGMT_OP_USER_PASSKEY_NEG_REPLY: 2208 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr), 2209 len); 2210 break; 2211 case MGMT_OP_SET_LOCAL_NAME: 2212 err = set_local_name(sk, index, buf + sizeof(*hdr), len); 2213 break; 2214 case MGMT_OP_READ_LOCAL_OOB_DATA: 2215 err = read_local_oob_data(sk, index); 2216 break; 2217 case MGMT_OP_ADD_REMOTE_OOB_DATA: 2218 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len); 2219 break; 2220 case MGMT_OP_REMOVE_REMOTE_OOB_DATA: 2221 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr), 2222 len); 2223 break; 2224 case MGMT_OP_START_DISCOVERY: 2225 err = start_discovery(sk, index, buf + sizeof(*hdr), len); 2226 break; 2227 case MGMT_OP_STOP_DISCOVERY: 2228 err = stop_discovery(sk, index); 2229 break; 2230 case MGMT_OP_BLOCK_DEVICE: 2231 err = block_device(sk, index, buf + sizeof(*hdr), len); 2232 break; 2233 case MGMT_OP_UNBLOCK_DEVICE: 2234 err = unblock_device(sk, index, buf + sizeof(*hdr), len); 2235 break; 2236 default: 2237 BT_DBG("Unknown op %u", opcode); 2238 err = cmd_status(sk, index, opcode, 2239 MGMT_STATUS_UNKNOWN_COMMAND); 2240 break; 2241 } 2242 2243 if (err < 0) 2244 goto done; 2245 2246 err = msglen; 2247 2248 done: 2249 kfree(buf); 2250 return err; 2251 } 2252 2253 static void cmd_status_rsp(struct pending_cmd *cmd, void *data) 2254 { 2255 u8 *status = data; 2256 2257 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status); 2258 mgmt_pending_remove(cmd); 2259 } 2260 2261 int mgmt_index_added(struct hci_dev *hdev) 2262 { 2263 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL); 2264 } 2265 2266 int mgmt_index_removed(struct hci_dev *hdev) 2267 { 2268 u8 status = ENODEV; 2269 2270 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2271 2272 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL); 2273 } 2274 2275 struct cmd_lookup { 2276 u8 val; 2277 struct sock *sk; 2278 struct hci_dev *hdev; 2279 }; 2280 2281 static void settings_rsp(struct pending_cmd *cmd, void *data) 2282 { 2283 struct cmd_lookup *match = data; 2284 2285 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev); 2286 2287 list_del(&cmd->list); 2288 2289 if (match->sk == NULL) { 2290 match->sk = cmd->sk; 2291 sock_hold(match->sk); 2292 } 2293 2294 mgmt_pending_free(cmd); 2295 } 2296 2297 int mgmt_powered(struct hci_dev *hdev, u8 powered) 2298 { 2299 struct cmd_lookup match = { powered, NULL, hdev }; 2300 __le32 ev; 2301 int ret; 2302 2303 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match); 2304 2305 if (!powered) { 2306 u8 status = ENETDOWN; 2307 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status); 2308 } 2309 2310 ev = cpu_to_le32(get_current_settings(hdev)); 2311 2312 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), 2313 match.sk); 2314 2315 if (match.sk) 2316 sock_put(match.sk); 2317 2318 return ret; 2319 } 2320 2321 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable) 2322 { 2323 struct cmd_lookup match = { discoverable, NULL, hdev }; 2324 __le32 ev; 2325 int ret; 2326 2327 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match); 2328 2329 ev = cpu_to_le32(get_current_settings(hdev)); 2330 2331 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), 2332 match.sk); 2333 if (match.sk) 2334 sock_put(match.sk); 2335 2336 return ret; 2337 } 2338 2339 int mgmt_connectable(struct hci_dev *hdev, u8 connectable) 2340 { 2341 __le32 ev; 2342 struct cmd_lookup match = { connectable, NULL, hdev }; 2343 int ret; 2344 2345 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp, 2346 &match); 2347 2348 ev = cpu_to_le32(get_current_settings(hdev)); 2349 2350 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk); 2351 2352 if (match.sk) 2353 sock_put(match.sk); 2354 2355 return ret; 2356 } 2357 2358 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status) 2359 { 2360 u8 mgmt_err = mgmt_status(status); 2361 2362 if (scan & SCAN_PAGE) 2363 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, 2364 cmd_status_rsp, &mgmt_err); 2365 2366 if (scan & SCAN_INQUIRY) 2367 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, 2368 cmd_status_rsp, &mgmt_err); 2369 2370 return 0; 2371 } 2372 2373 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, 2374 u8 persistent) 2375 { 2376 struct mgmt_ev_new_link_key ev; 2377 2378 memset(&ev, 0, sizeof(ev)); 2379 2380 ev.store_hint = persistent; 2381 bacpy(&ev.key.bdaddr, &key->bdaddr); 2382 ev.key.type = key->type; 2383 memcpy(ev.key.val, key->val, 16); 2384 ev.key.pin_len = key->pin_len; 2385 2386 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL); 2387 } 2388 2389 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2390 u8 addr_type) 2391 { 2392 struct mgmt_addr_info ev; 2393 2394 bacpy(&ev.bdaddr, bdaddr); 2395 ev.type = link_to_mgmt(link_type, addr_type); 2396 2397 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL); 2398 } 2399 2400 static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2401 { 2402 struct mgmt_cp_disconnect *cp = cmd->param; 2403 struct sock **sk = data; 2404 struct mgmt_rp_disconnect rp; 2405 2406 bacpy(&rp.bdaddr, &cp->bdaddr); 2407 rp.status = 0; 2408 2409 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 2410 2411 *sk = cmd->sk; 2412 sock_hold(*sk); 2413 2414 mgmt_pending_remove(cmd); 2415 } 2416 2417 static void remove_keys_rsp(struct pending_cmd *cmd, void *data) 2418 { 2419 u8 *status = data; 2420 struct mgmt_cp_remove_keys *cp = cmd->param; 2421 struct mgmt_rp_remove_keys rp; 2422 2423 memset(&rp, 0, sizeof(rp)); 2424 bacpy(&rp.bdaddr, &cp->bdaddr); 2425 if (status != NULL) 2426 rp.status = *status; 2427 2428 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp, 2429 sizeof(rp)); 2430 2431 mgmt_pending_remove(cmd); 2432 } 2433 2434 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2435 u8 addr_type) 2436 { 2437 struct mgmt_addr_info ev; 2438 struct sock *sk = NULL; 2439 int err; 2440 2441 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk); 2442 2443 bacpy(&ev.bdaddr, bdaddr); 2444 ev.type = link_to_mgmt(link_type, addr_type); 2445 2446 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk); 2447 2448 if (sk) 2449 sock_put(sk); 2450 2451 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL); 2452 2453 return err; 2454 } 2455 2456 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 2457 { 2458 struct pending_cmd *cmd; 2459 u8 mgmt_err = mgmt_status(status); 2460 int err; 2461 2462 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev); 2463 if (!cmd) 2464 return -ENOENT; 2465 2466 if (bdaddr) { 2467 struct mgmt_rp_disconnect rp; 2468 2469 bacpy(&rp.bdaddr, bdaddr); 2470 rp.status = status; 2471 2472 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 2473 &rp, sizeof(rp)); 2474 } else 2475 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, 2476 mgmt_err); 2477 2478 mgmt_pending_remove(cmd); 2479 2480 return err; 2481 } 2482 2483 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2484 u8 addr_type, u8 status) 2485 { 2486 struct mgmt_ev_connect_failed ev; 2487 2488 bacpy(&ev.addr.bdaddr, bdaddr); 2489 ev.addr.type = link_to_mgmt(link_type, addr_type); 2490 ev.status = mgmt_status(status); 2491 2492 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL); 2493 } 2494 2495 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure) 2496 { 2497 struct mgmt_ev_pin_code_request ev; 2498 2499 bacpy(&ev.bdaddr, bdaddr); 2500 ev.secure = secure; 2501 2502 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), 2503 NULL); 2504 } 2505 2506 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2507 u8 status) 2508 { 2509 struct pending_cmd *cmd; 2510 struct mgmt_rp_pin_code_reply rp; 2511 int err; 2512 2513 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev); 2514 if (!cmd) 2515 return -ENOENT; 2516 2517 bacpy(&rp.bdaddr, bdaddr); 2518 rp.status = mgmt_status(status); 2519 2520 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp, 2521 sizeof(rp)); 2522 2523 mgmt_pending_remove(cmd); 2524 2525 return err; 2526 } 2527 2528 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2529 u8 status) 2530 { 2531 struct pending_cmd *cmd; 2532 struct mgmt_rp_pin_code_reply rp; 2533 int err; 2534 2535 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev); 2536 if (!cmd) 2537 return -ENOENT; 2538 2539 bacpy(&rp.bdaddr, bdaddr); 2540 rp.status = mgmt_status(status); 2541 2542 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 2543 sizeof(rp)); 2544 2545 mgmt_pending_remove(cmd); 2546 2547 return err; 2548 } 2549 2550 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr, 2551 __le32 value, u8 confirm_hint) 2552 { 2553 struct mgmt_ev_user_confirm_request ev; 2554 2555 BT_DBG("%s", hdev->name); 2556 2557 bacpy(&ev.bdaddr, bdaddr); 2558 ev.confirm_hint = confirm_hint; 2559 put_unaligned_le32(value, &ev.value); 2560 2561 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev), 2562 NULL); 2563 } 2564 2565 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr) 2566 { 2567 struct mgmt_ev_user_passkey_request ev; 2568 2569 BT_DBG("%s", hdev->name); 2570 2571 bacpy(&ev.bdaddr, bdaddr); 2572 2573 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev), 2574 NULL); 2575 } 2576 2577 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2578 u8 status, u8 opcode) 2579 { 2580 struct pending_cmd *cmd; 2581 struct mgmt_rp_user_confirm_reply rp; 2582 int err; 2583 2584 cmd = mgmt_pending_find(opcode, hdev); 2585 if (!cmd) 2586 return -ENOENT; 2587 2588 bacpy(&rp.bdaddr, bdaddr); 2589 rp.status = mgmt_status(status); 2590 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp)); 2591 2592 mgmt_pending_remove(cmd); 2593 2594 return err; 2595 } 2596 2597 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2598 u8 status) 2599 { 2600 return user_pairing_resp_complete(hdev, bdaddr, status, 2601 MGMT_OP_USER_CONFIRM_REPLY); 2602 } 2603 2604 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, 2605 bdaddr_t *bdaddr, u8 status) 2606 { 2607 return user_pairing_resp_complete(hdev, bdaddr, status, 2608 MGMT_OP_USER_CONFIRM_NEG_REPLY); 2609 } 2610 2611 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr, 2612 u8 status) 2613 { 2614 return user_pairing_resp_complete(hdev, bdaddr, status, 2615 MGMT_OP_USER_PASSKEY_REPLY); 2616 } 2617 2618 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, 2619 bdaddr_t *bdaddr, u8 status) 2620 { 2621 return user_pairing_resp_complete(hdev, bdaddr, status, 2622 MGMT_OP_USER_PASSKEY_NEG_REPLY); 2623 } 2624 2625 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status) 2626 { 2627 struct mgmt_ev_auth_failed ev; 2628 2629 bacpy(&ev.bdaddr, bdaddr); 2630 ev.status = mgmt_status(status); 2631 2632 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL); 2633 } 2634 2635 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status) 2636 { 2637 struct pending_cmd *cmd; 2638 struct mgmt_cp_set_local_name ev; 2639 int err; 2640 2641 memset(&ev, 0, sizeof(ev)); 2642 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2643 2644 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev); 2645 if (!cmd) 2646 goto send_event; 2647 2648 if (status) { 2649 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 2650 mgmt_status(status)); 2651 goto failed; 2652 } 2653 2654 update_eir(hdev); 2655 2656 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev, 2657 sizeof(ev)); 2658 if (err < 0) 2659 goto failed; 2660 2661 send_event: 2662 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev), 2663 cmd ? cmd->sk : NULL); 2664 2665 failed: 2666 if (cmd) 2667 mgmt_pending_remove(cmd); 2668 return err; 2669 } 2670 2671 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash, 2672 u8 *randomizer, u8 status) 2673 { 2674 struct pending_cmd *cmd; 2675 int err; 2676 2677 BT_DBG("%s status %u", hdev->name, status); 2678 2679 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev); 2680 if (!cmd) 2681 return -ENOENT; 2682 2683 if (status) { 2684 err = cmd_status(cmd->sk, hdev->id, 2685 MGMT_OP_READ_LOCAL_OOB_DATA, 2686 mgmt_status(status)); 2687 } else { 2688 struct mgmt_rp_read_local_oob_data rp; 2689 2690 memcpy(rp.hash, hash, sizeof(rp.hash)); 2691 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 2692 2693 err = cmd_complete(cmd->sk, hdev->id, 2694 MGMT_OP_READ_LOCAL_OOB_DATA, 2695 &rp, sizeof(rp)); 2696 } 2697 2698 mgmt_pending_remove(cmd); 2699 2700 return err; 2701 } 2702 2703 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type, 2704 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir) 2705 { 2706 struct mgmt_ev_device_found ev; 2707 2708 memset(&ev, 0, sizeof(ev)); 2709 2710 bacpy(&ev.addr.bdaddr, bdaddr); 2711 ev.addr.type = link_to_mgmt(link_type, addr_type); 2712 ev.rssi = rssi; 2713 2714 if (eir) 2715 memcpy(ev.eir, eir, sizeof(ev.eir)); 2716 2717 if (dev_class) 2718 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class)); 2719 2720 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL); 2721 } 2722 2723 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name) 2724 { 2725 struct mgmt_ev_remote_name ev; 2726 2727 memset(&ev, 0, sizeof(ev)); 2728 2729 bacpy(&ev.bdaddr, bdaddr); 2730 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2731 2732 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL); 2733 } 2734 2735 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status) 2736 { 2737 struct pending_cmd *cmd; 2738 int err; 2739 2740 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 2741 if (!cmd) 2742 return -ENOENT; 2743 2744 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); 2745 mgmt_pending_remove(cmd); 2746 2747 return err; 2748 } 2749 2750 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status) 2751 { 2752 struct pending_cmd *cmd; 2753 int err; 2754 2755 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 2756 if (!cmd) 2757 return -ENOENT; 2758 2759 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status)); 2760 mgmt_pending_remove(cmd); 2761 2762 return err; 2763 } 2764 2765 int mgmt_discovering(struct hci_dev *hdev, u8 discovering) 2766 { 2767 struct pending_cmd *cmd; 2768 2769 if (discovering) 2770 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev); 2771 else 2772 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev); 2773 2774 if (cmd != NULL) { 2775 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0); 2776 mgmt_pending_remove(cmd); 2777 } 2778 2779 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering, 2780 sizeof(discovering), NULL); 2781 } 2782 2783 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 2784 { 2785 struct pending_cmd *cmd; 2786 struct mgmt_ev_device_blocked ev; 2787 2788 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev); 2789 2790 bacpy(&ev.bdaddr, bdaddr); 2791 2792 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev), 2793 cmd ? cmd->sk : NULL); 2794 } 2795 2796 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr) 2797 { 2798 struct pending_cmd *cmd; 2799 struct mgmt_ev_device_unblocked ev; 2800 2801 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev); 2802 2803 bacpy(&ev.bdaddr, bdaddr); 2804 2805 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev), 2806 cmd ? cmd->sk : NULL); 2807 } 2808