2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
35 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
38 struct list_head list;
46 static LIST_HEAD(cmd_list);
48 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
52 struct mgmt_ev_cmd_status *ev;
55 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
57 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
61 hdr = (void *) skb_put(skb, sizeof(*hdr));
63 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
64 hdr->index = cpu_to_le16(index);
65 hdr->len = cpu_to_le16(sizeof(*ev));
67 ev = (void *) skb_put(skb, sizeof(*ev));
69 put_unaligned_le16(cmd, &ev->opcode);
71 err = sock_queue_rcv_skb(sk, skb);
78 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
83 struct mgmt_ev_cmd_complete *ev;
86 BT_DBG("sock %p", sk);
88 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
92 hdr = (void *) skb_put(skb, sizeof(*hdr));
94 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
95 hdr->index = cpu_to_le16(index);
96 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
98 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
99 put_unaligned_le16(cmd, &ev->opcode);
102 memcpy(ev->data, rp, rp_len);
104 err = sock_queue_rcv_skb(sk, skb);
111 static int read_version(struct sock *sk)
113 struct mgmt_rp_read_version rp;
115 BT_DBG("sock %p", sk);
117 rp.version = MGMT_VERSION;
118 put_unaligned_le16(MGMT_REVISION, &rp.revision);
120 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
124 static int read_index_list(struct sock *sk)
126 struct mgmt_rp_read_index_list *rp;
133 BT_DBG("sock %p", sk);
135 read_lock(&hci_dev_list_lock);
138 list_for_each(p, &hci_dev_list) {
142 rp_len = sizeof(*rp) + (2 * count);
143 rp = kmalloc(rp_len, GFP_ATOMIC);
145 read_unlock(&hci_dev_list_lock);
149 put_unaligned_le16(count, &rp->num_controllers);
152 list_for_each_entry(d, &hci_dev_list, list) {
153 hci_del_off_timer(d);
155 if (test_bit(HCI_SETUP, &d->flags))
158 put_unaligned_le16(d->id, &rp->index[i++]);
159 BT_DBG("Added hci%u", d->id);
162 read_unlock(&hci_dev_list_lock);
164 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
172 static int read_controller_info(struct sock *sk, u16 index)
174 struct mgmt_rp_read_info rp;
175 struct hci_dev *hdev;
177 BT_DBG("sock %p hci%u", sk, index);
179 hdev = hci_dev_get(index);
181 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
183 hci_del_off_timer(hdev);
185 hci_dev_lock_bh(hdev);
187 set_bit(HCI_MGMT, &hdev->flags);
189 memset(&rp, 0, sizeof(rp));
191 rp.type = hdev->dev_type;
193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
198 if (test_bit(HCI_AUTH, &hdev->flags))
200 else if (hdev->ssp_mode > 0)
205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
214 hci_dev_unlock_bh(hdev);
217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
220 static void mgmt_pending_free(struct pending_cmd *cmd)
227 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
228 u16 index, void *data, u16 len)
230 struct pending_cmd *cmd;
232 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
236 cmd->opcode = opcode;
239 cmd->param = kmalloc(len, GFP_ATOMIC);
246 memcpy(cmd->param, data, len);
251 list_add(&cmd->list, &cmd_list);
256 static void mgmt_pending_foreach(u16 opcode, int index,
257 void (*cb)(struct pending_cmd *cmd, void *data),
260 struct list_head *p, *n;
262 list_for_each_safe(p, n, &cmd_list) {
263 struct pending_cmd *cmd;
265 cmd = list_entry(p, struct pending_cmd, list);
267 if (opcode > 0 && cmd->opcode != opcode)
270 if (index >= 0 && cmd->index != index)
277 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
279 struct pending_cmd *cmd;
281 list_for_each_entry(cmd, &cmd_list, list) {
282 if (cmd->opcode != opcode)
285 if (index >= 0 && cmd->index != index)
294 static void mgmt_pending_remove(struct pending_cmd *cmd)
296 list_del(&cmd->list);
297 mgmt_pending_free(cmd);
300 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
302 struct mgmt_mode *cp;
303 struct hci_dev *hdev;
304 struct pending_cmd *cmd;
309 BT_DBG("request for hci%u", index);
311 if (len != sizeof(*cp))
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314 hdev = hci_dev_get(index);
316 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318 hci_dev_lock_bh(hdev);
320 up = test_bit(HCI_UP, &hdev->flags);
321 if ((cp->val && up) || (!cp->val && !up)) {
322 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
326 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
327 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
331 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
338 queue_work(hdev->workqueue, &hdev->power_on);
340 queue_work(hdev->workqueue, &hdev->power_off);
345 hci_dev_unlock_bh(hdev);
350 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
353 struct mgmt_cp_set_discoverable *cp;
354 struct hci_dev *hdev;
355 struct pending_cmd *cmd;
361 BT_DBG("request for hci%u", index);
363 if (len != sizeof(*cp))
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366 hdev = hci_dev_get(index);
368 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370 hci_dev_lock_bh(hdev);
372 if (!test_bit(HCI_UP, &hdev->flags)) {
373 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
377 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
378 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
379 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
383 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
384 test_bit(HCI_PSCAN, &hdev->flags)) {
385 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
389 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
398 scan |= SCAN_INQUIRY;
400 cancel_delayed_work_sync(&hdev->discov_off);
402 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
404 mgmt_pending_remove(cmd);
407 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
410 hci_dev_unlock_bh(hdev);
416 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
419 struct mgmt_mode *cp;
420 struct hci_dev *hdev;
421 struct pending_cmd *cmd;
427 BT_DBG("request for hci%u", index);
429 if (len != sizeof(*cp))
430 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
432 hdev = hci_dev_get(index);
434 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
436 hci_dev_lock_bh(hdev);
438 if (!test_bit(HCI_UP, &hdev->flags)) {
439 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
443 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
444 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
445 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
449 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
450 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
454 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
465 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
467 mgmt_pending_remove(cmd);
470 hci_dev_unlock_bh(hdev);
476 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
477 struct sock *skip_sk)
480 struct mgmt_hdr *hdr;
482 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
486 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
488 hdr = (void *) skb_put(skb, sizeof(*hdr));
489 hdr->opcode = cpu_to_le16(event);
490 hdr->index = cpu_to_le16(index);
491 hdr->len = cpu_to_le16(data_len);
494 memcpy(skb_put(skb, data_len), data, data_len);
496 hci_send_to_sock(NULL, skb, skip_sk);
502 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
508 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
511 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
514 struct mgmt_mode *cp, ev;
515 struct hci_dev *hdev;
520 BT_DBG("request for hci%u", index);
522 if (len != sizeof(*cp))
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
525 hdev = hci_dev_get(index);
527 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
529 hci_dev_lock_bh(hdev);
532 set_bit(HCI_PAIRABLE, &hdev->flags);
534 clear_bit(HCI_PAIRABLE, &hdev->flags);
536 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
542 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
545 hci_dev_unlock_bh(hdev);
551 #define EIR_FLAGS 0x01 /* flags */
552 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
553 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
554 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
555 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
556 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
557 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
558 #define EIR_NAME_SHORT 0x08 /* shortened local name */
559 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
560 #define EIR_TX_POWER 0x0A /* transmit power level */
561 #define EIR_DEVICE_ID 0x10 /* device ID */
563 #define PNP_INFO_SVCLASS_ID 0x1200
565 static u8 bluetooth_base_uuid[] = {
566 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
567 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
570 static u16 get_uuid16(u8 *uuid128)
575 for (i = 0; i < 12; i++) {
576 if (bluetooth_base_uuid[i] != uuid128[i])
580 memcpy(&val, &uuid128[12], 4);
582 val = le32_to_cpu(val);
589 static void create_eir(struct hci_dev *hdev, u8 *data)
593 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
594 int i, truncated = 0;
595 struct bt_uuid *uuid;
598 name_len = strlen(hdev->dev_name);
604 ptr[1] = EIR_NAME_SHORT;
606 ptr[1] = EIR_NAME_COMPLETE;
608 /* EIR Data length */
609 ptr[0] = name_len + 1;
611 memcpy(ptr + 2, hdev->dev_name, name_len);
613 eir_len += (name_len + 2);
614 ptr += (name_len + 2);
617 memset(uuid16_list, 0, sizeof(uuid16_list));
619 /* Group all UUID16 types */
620 list_for_each_entry(uuid, &hdev->uuids, list) {
623 uuid16 = get_uuid16(uuid->uuid);
630 if (uuid16 == PNP_INFO_SVCLASS_ID)
633 /* Stop if not enough space to put next UUID */
634 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
639 /* Check for duplicates */
640 for (i = 0; uuid16_list[i] != 0; i++)
641 if (uuid16_list[i] == uuid16)
644 if (uuid16_list[i] == 0) {
645 uuid16_list[i] = uuid16;
646 eir_len += sizeof(u16);
650 if (uuid16_list[0] != 0) {
654 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
659 for (i = 0; uuid16_list[i] != 0; i++) {
660 *ptr++ = (uuid16_list[i] & 0x00ff);
661 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
664 /* EIR Data length */
665 *length = (i * sizeof(u16)) + 1;
669 static int update_eir(struct hci_dev *hdev)
671 struct hci_cp_write_eir cp;
673 if (!(hdev->features[6] & LMP_EXT_INQ))
676 if (hdev->ssp_mode == 0)
679 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
682 memset(&cp, 0, sizeof(cp));
684 create_eir(hdev, cp.data);
686 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
689 memcpy(hdev->eir, cp.data, sizeof(cp.data));
691 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
694 static u8 get_service_classes(struct hci_dev *hdev)
696 struct bt_uuid *uuid;
699 list_for_each_entry(uuid, &hdev->uuids, list)
700 val |= uuid->svc_hint;
705 static int update_class(struct hci_dev *hdev)
709 BT_DBG("%s", hdev->name);
711 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
714 cod[0] = hdev->minor_class;
715 cod[1] = hdev->major_class;
716 cod[2] = get_service_classes(hdev);
718 if (memcmp(cod, hdev->dev_class, 3) == 0)
721 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
724 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
726 struct mgmt_cp_add_uuid *cp;
727 struct hci_dev *hdev;
728 struct bt_uuid *uuid;
733 BT_DBG("request for hci%u", index);
735 if (len != sizeof(*cp))
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
738 hdev = hci_dev_get(index);
740 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
742 hci_dev_lock_bh(hdev);
744 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
750 memcpy(uuid->uuid, cp->uuid, 16);
751 uuid->svc_hint = cp->svc_hint;
753 list_add(&uuid->list, &hdev->uuids);
755 err = update_class(hdev);
759 err = update_eir(hdev);
763 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
766 hci_dev_unlock_bh(hdev);
772 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
774 struct list_head *p, *n;
775 struct mgmt_cp_remove_uuid *cp;
776 struct hci_dev *hdev;
777 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
782 BT_DBG("request for hci%u", index);
784 if (len != sizeof(*cp))
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
787 hdev = hci_dev_get(index);
789 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
791 hci_dev_lock_bh(hdev);
793 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794 err = hci_uuids_clear(hdev);
800 list_for_each_safe(p, n, &hdev->uuids) {
801 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
803 if (memcmp(match->uuid, cp->uuid, 16) != 0)
806 list_del(&match->list);
811 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
815 err = update_class(hdev);
819 err = update_eir(hdev);
823 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
826 hci_dev_unlock_bh(hdev);
832 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
835 struct hci_dev *hdev;
836 struct mgmt_cp_set_dev_class *cp;
841 BT_DBG("request for hci%u", index);
843 if (len != sizeof(*cp))
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
846 hdev = hci_dev_get(index);
848 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
850 hci_dev_lock_bh(hdev);
852 hdev->major_class = cp->major;
853 hdev->minor_class = cp->minor;
855 err = update_class(hdev);
858 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
860 hci_dev_unlock_bh(hdev);
866 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
869 struct hci_dev *hdev;
870 struct mgmt_cp_set_service_cache *cp;
875 if (len != sizeof(*cp))
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
878 hdev = hci_dev_get(index);
880 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
882 hci_dev_lock_bh(hdev);
884 BT_DBG("hci%u enable %d", index, cp->enable);
887 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
890 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891 err = update_class(hdev);
893 err = update_eir(hdev);
897 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
900 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
903 hci_dev_unlock_bh(hdev);
909 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
911 struct hci_dev *hdev;
912 struct mgmt_cp_load_keys *cp;
913 u16 key_count, expected_len;
918 if (len < sizeof(*cp))
919 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
921 key_count = get_unaligned_le16(&cp->key_count);
923 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
924 if (expected_len != len) {
925 BT_ERR("load_keys: expected %u bytes, got %u bytes",
927 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
930 hdev = hci_dev_get(index);
932 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
934 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
937 hci_dev_lock_bh(hdev);
939 hci_link_keys_clear(hdev);
941 set_bit(HCI_LINK_KEYS, &hdev->flags);
944 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
946 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
948 for (i = 0; i < key_count; i++) {
949 struct mgmt_key_info *key = &cp->keys[i];
951 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
955 hci_dev_unlock_bh(hdev);
961 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
963 struct hci_dev *hdev;
964 struct mgmt_cp_remove_key *cp;
965 struct hci_conn *conn;
970 if (len != sizeof(*cp))
971 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
973 hdev = hci_dev_get(index);
975 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
977 hci_dev_lock_bh(hdev);
979 err = hci_remove_link_key(hdev, &cp->bdaddr);
981 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
987 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
990 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
992 struct hci_cp_disconnect dc;
994 put_unaligned_le16(conn->handle, &dc.handle);
995 dc.reason = 0x13; /* Remote User Terminated Connection */
996 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1000 hci_dev_unlock_bh(hdev);
1006 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1008 struct hci_dev *hdev;
1009 struct mgmt_cp_disconnect *cp;
1010 struct hci_cp_disconnect dc;
1011 struct pending_cmd *cmd;
1012 struct hci_conn *conn;
1019 if (len != sizeof(*cp))
1020 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1022 hdev = hci_dev_get(index);
1024 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1026 hci_dev_lock_bh(hdev);
1028 if (!test_bit(HCI_UP, &hdev->flags)) {
1029 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1033 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1034 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1040 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1043 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1047 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1053 put_unaligned_le16(conn->handle, &dc.handle);
1054 dc.reason = 0x13; /* Remote User Terminated Connection */
1056 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1058 mgmt_pending_remove(cmd);
1061 hci_dev_unlock_bh(hdev);
1067 static int get_connections(struct sock *sk, u16 index)
1069 struct mgmt_rp_get_connections *rp;
1070 struct hci_dev *hdev;
1072 struct list_head *p;
1079 hdev = hci_dev_get(index);
1081 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1083 hci_dev_lock_bh(hdev);
1086 list_for_each(p, &hdev->conn_hash.list) {
1090 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1091 rp = kmalloc(rp_len, GFP_ATOMIC);
1097 put_unaligned_le16(count, &rp->conn_count);
1100 list_for_each_entry(c, &hdev->conn_hash.list, list)
1101 bacpy(&rp->conn[i++], &c->dst);
1103 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1107 hci_dev_unlock_bh(hdev);
1112 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1113 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1115 struct pending_cmd *cmd;
1118 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1123 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1126 mgmt_pending_remove(cmd);
1131 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1134 struct hci_dev *hdev;
1135 struct hci_conn *conn;
1136 struct mgmt_cp_pin_code_reply *cp;
1137 struct mgmt_cp_pin_code_neg_reply ncp;
1138 struct hci_cp_pin_code_reply reply;
1139 struct pending_cmd *cmd;
1146 if (len != sizeof(*cp))
1147 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1149 hdev = hci_dev_get(index);
1151 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1153 hci_dev_lock_bh(hdev);
1155 if (!test_bit(HCI_UP, &hdev->flags)) {
1156 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1160 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1162 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1166 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1167 bacpy(&ncp.bdaddr, &cp->bdaddr);
1169 BT_ERR("PIN code is not 16 bytes long");
1171 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1173 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1179 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1185 bacpy(&reply.bdaddr, &cp->bdaddr);
1186 reply.pin_len = cp->pin_len;
1187 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1189 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1191 mgmt_pending_remove(cmd);
1194 hci_dev_unlock_bh(hdev);
1200 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1203 struct hci_dev *hdev;
1204 struct mgmt_cp_pin_code_neg_reply *cp;
1211 if (len != sizeof(*cp))
1212 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1215 hdev = hci_dev_get(index);
1217 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1220 hci_dev_lock_bh(hdev);
1222 if (!test_bit(HCI_UP, &hdev->flags)) {
1223 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1228 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1231 hci_dev_unlock_bh(hdev);
1237 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1240 struct hci_dev *hdev;
1241 struct mgmt_cp_set_io_capability *cp;
1247 if (len != sizeof(*cp))
1248 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1250 hdev = hci_dev_get(index);
1252 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1254 hci_dev_lock_bh(hdev);
1256 hdev->io_capability = cp->io_capability;
1258 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1259 hdev->io_capability);
1261 hci_dev_unlock_bh(hdev);
1264 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1267 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1269 struct hci_dev *hdev = conn->hdev;
1270 struct pending_cmd *cmd;
1272 list_for_each_entry(cmd, &cmd_list, list) {
1273 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1276 if (cmd->index != hdev->id)
1279 if (cmd->user_data != conn)
1288 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1290 struct mgmt_rp_pair_device rp;
1291 struct hci_conn *conn = cmd->user_data;
1293 bacpy(&rp.bdaddr, &conn->dst);
1296 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1298 /* So we don't get further callbacks for this connection */
1299 conn->connect_cfm_cb = NULL;
1300 conn->security_cfm_cb = NULL;
1301 conn->disconn_cfm_cb = NULL;
1305 mgmt_pending_remove(cmd);
1308 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1310 struct pending_cmd *cmd;
1312 BT_DBG("status %u", status);
1314 cmd = find_pairing(conn);
1316 BT_DBG("Unable to find a pending command");
1320 pairing_complete(cmd, status);
1323 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1325 struct hci_dev *hdev;
1326 struct mgmt_cp_pair_device *cp;
1327 struct pending_cmd *cmd;
1328 struct adv_entry *entry;
1329 u8 sec_level, auth_type;
1330 struct hci_conn *conn;
1337 if (len != sizeof(*cp))
1338 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1340 hdev = hci_dev_get(index);
1342 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1344 hci_dev_lock_bh(hdev);
1346 sec_level = BT_SECURITY_MEDIUM;
1347 if (cp->io_cap == 0x03)
1348 auth_type = HCI_AT_DEDICATED_BONDING;
1350 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1352 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1354 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1357 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1361 err = PTR_ERR(conn);
1365 if (conn->connect_cfm_cb) {
1367 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1371 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1378 /* For LE, just connecting isn't a proof that the pairing finished */
1380 conn->connect_cfm_cb = pairing_complete_cb;
1382 conn->security_cfm_cb = pairing_complete_cb;
1383 conn->disconn_cfm_cb = pairing_complete_cb;
1384 conn->io_capability = cp->io_cap;
1385 cmd->user_data = conn;
1387 if (conn->state == BT_CONNECTED &&
1388 hci_conn_security(conn, sec_level, auth_type))
1389 pairing_complete(cmd, 0);
1394 hci_dev_unlock_bh(hdev);
1400 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1401 u16 len, int success)
1403 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1404 u16 mgmt_op, hci_op;
1405 struct pending_cmd *cmd;
1406 struct hci_dev *hdev;
1412 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1413 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1415 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1416 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1419 if (len != sizeof(*cp))
1420 return cmd_status(sk, index, mgmt_op, EINVAL);
1422 hdev = hci_dev_get(index);
1424 return cmd_status(sk, index, mgmt_op, ENODEV);
1426 hci_dev_lock_bh(hdev);
1428 if (!test_bit(HCI_UP, &hdev->flags)) {
1429 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1433 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1439 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1441 mgmt_pending_remove(cmd);
1444 hci_dev_unlock_bh(hdev);
1450 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1453 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1454 struct hci_cp_write_local_name hci_cp;
1455 struct hci_dev *hdev;
1456 struct pending_cmd *cmd;
1461 if (len != sizeof(*mgmt_cp))
1462 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1464 hdev = hci_dev_get(index);
1466 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1468 hci_dev_lock_bh(hdev);
1470 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1476 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1477 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1480 mgmt_pending_remove(cmd);
1483 hci_dev_unlock_bh(hdev);
1489 static int read_local_oob_data(struct sock *sk, u16 index)
1491 struct hci_dev *hdev;
1492 struct pending_cmd *cmd;
1495 BT_DBG("hci%u", index);
1497 hdev = hci_dev_get(index);
1499 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1502 hci_dev_lock_bh(hdev);
1504 if (!test_bit(HCI_UP, &hdev->flags)) {
1505 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1510 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1511 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1516 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1517 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1521 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1527 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1529 mgmt_pending_remove(cmd);
1532 hci_dev_unlock_bh(hdev);
1538 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1541 struct hci_dev *hdev;
1542 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1545 BT_DBG("hci%u ", index);
1547 if (len != sizeof(*cp))
1548 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1551 hdev = hci_dev_get(index);
1553 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1556 hci_dev_lock_bh(hdev);
1558 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1561 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1563 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1566 hci_dev_unlock_bh(hdev);
1572 static int remove_remote_oob_data(struct sock *sk, u16 index,
1573 unsigned char *data, u16 len)
1575 struct hci_dev *hdev;
1576 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1579 BT_DBG("hci%u ", index);
1581 if (len != sizeof(*cp))
1582 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1585 hdev = hci_dev_get(index);
1587 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1590 hci_dev_lock_bh(hdev);
1592 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1594 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1597 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1600 hci_dev_unlock_bh(hdev);
1606 static int start_discovery(struct sock *sk, u16 index)
1608 struct pending_cmd *cmd;
1609 struct hci_dev *hdev;
1612 BT_DBG("hci%u", index);
1614 hdev = hci_dev_get(index);
1616 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1618 hci_dev_lock_bh(hdev);
1620 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1626 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1628 mgmt_pending_remove(cmd);
1631 hci_dev_unlock_bh(hdev);
1637 static int stop_discovery(struct sock *sk, u16 index)
1639 struct hci_dev *hdev;
1640 struct pending_cmd *cmd;
1643 BT_DBG("hci%u", index);
1645 hdev = hci_dev_get(index);
1647 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1649 hci_dev_lock_bh(hdev);
1651 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1657 err = hci_cancel_inquiry(hdev);
1659 mgmt_pending_remove(cmd);
1662 hci_dev_unlock_bh(hdev);
1668 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1671 struct hci_dev *hdev;
1672 struct pending_cmd *cmd;
1673 struct mgmt_cp_block_device *cp = (void *) data;
1676 BT_DBG("hci%u", index);
1678 if (len != sizeof(*cp))
1679 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1682 hdev = hci_dev_get(index);
1684 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1687 hci_dev_lock_bh(hdev);
1689 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0);
1695 err = hci_blacklist_add(hdev, &cp->bdaddr);
1698 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1700 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1703 mgmt_pending_remove(cmd);
1706 hci_dev_unlock_bh(hdev);
1712 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1715 struct hci_dev *hdev;
1716 struct pending_cmd *cmd;
1717 struct mgmt_cp_unblock_device *cp = (void *) data;
1720 BT_DBG("hci%u", index);
1722 if (len != sizeof(*cp))
1723 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1726 hdev = hci_dev_get(index);
1728 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1731 hci_dev_lock_bh(hdev);
1733 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0);
1739 err = hci_blacklist_del(hdev, &cp->bdaddr);
1742 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1744 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1747 mgmt_pending_remove(cmd);
1750 hci_dev_unlock_bh(hdev);
1756 static int set_fast_connectable(struct sock *sk, u16 index,
1757 unsigned char *data, u16 len)
1759 struct hci_dev *hdev;
1760 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1761 struct hci_cp_write_page_scan_activity acp;
1765 BT_DBG("hci%u", index);
1767 if (len != sizeof(*cp))
1768 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1771 hdev = hci_dev_get(index);
1773 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1779 type = PAGE_SCAN_TYPE_INTERLACED;
1780 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1782 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1783 acp.interval = 0x0800; /* default 1.28 sec page scan */
1786 acp.window = 0x0012; /* default 11.25 msec page scan window */
1788 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1791 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1796 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1798 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1803 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1806 hci_dev_unlock(hdev);
1812 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1815 struct mgmt_hdr *hdr;
1816 u16 opcode, index, len;
1819 BT_DBG("got %zu bytes", msglen);
1821 if (msglen < sizeof(*hdr))
1824 buf = kmalloc(msglen, GFP_KERNEL);
1828 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1833 hdr = (struct mgmt_hdr *) buf;
1834 opcode = get_unaligned_le16(&hdr->opcode);
1835 index = get_unaligned_le16(&hdr->index);
1836 len = get_unaligned_le16(&hdr->len);
1838 if (len != msglen - sizeof(*hdr)) {
1844 case MGMT_OP_READ_VERSION:
1845 err = read_version(sk);
1847 case MGMT_OP_READ_INDEX_LIST:
1848 err = read_index_list(sk);
1850 case MGMT_OP_READ_INFO:
1851 err = read_controller_info(sk, index);
1853 case MGMT_OP_SET_POWERED:
1854 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1856 case MGMT_OP_SET_DISCOVERABLE:
1857 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1859 case MGMT_OP_SET_CONNECTABLE:
1860 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1862 case MGMT_OP_SET_PAIRABLE:
1863 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1865 case MGMT_OP_ADD_UUID:
1866 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1868 case MGMT_OP_REMOVE_UUID:
1869 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1871 case MGMT_OP_SET_DEV_CLASS:
1872 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1874 case MGMT_OP_SET_SERVICE_CACHE:
1875 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1877 case MGMT_OP_LOAD_KEYS:
1878 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1880 case MGMT_OP_REMOVE_KEY:
1881 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1883 case MGMT_OP_DISCONNECT:
1884 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1886 case MGMT_OP_GET_CONNECTIONS:
1887 err = get_connections(sk, index);
1889 case MGMT_OP_PIN_CODE_REPLY:
1890 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1892 case MGMT_OP_PIN_CODE_NEG_REPLY:
1893 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1895 case MGMT_OP_SET_IO_CAPABILITY:
1896 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1898 case MGMT_OP_PAIR_DEVICE:
1899 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1901 case MGMT_OP_USER_CONFIRM_REPLY:
1902 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1904 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1905 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1907 case MGMT_OP_SET_LOCAL_NAME:
1908 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1910 case MGMT_OP_READ_LOCAL_OOB_DATA:
1911 err = read_local_oob_data(sk, index);
1913 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1914 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1916 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1917 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1920 case MGMT_OP_START_DISCOVERY:
1921 err = start_discovery(sk, index);
1923 case MGMT_OP_STOP_DISCOVERY:
1924 err = stop_discovery(sk, index);
1926 case MGMT_OP_BLOCK_DEVICE:
1927 err = block_device(sk, index, buf + sizeof(*hdr), len);
1929 case MGMT_OP_UNBLOCK_DEVICE:
1930 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1932 case MGMT_OP_SET_FAST_CONNECTABLE:
1933 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1937 BT_DBG("Unknown op %u", opcode);
1938 err = cmd_status(sk, index, opcode, 0x01);
1952 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1956 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1957 mgmt_pending_remove(cmd);
1960 int mgmt_index_added(u16 index)
1962 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1965 int mgmt_index_removed(u16 index)
1969 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
1971 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1979 static void mode_rsp(struct pending_cmd *cmd, void *data)
1981 struct mgmt_mode *cp = cmd->param;
1982 struct cmd_lookup *match = data;
1984 if (cp->val != match->val)
1987 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1989 list_del(&cmd->list);
1991 if (match->sk == NULL) {
1992 match->sk = cmd->sk;
1993 sock_hold(match->sk);
1996 mgmt_pending_free(cmd);
1999 int mgmt_powered(u16 index, u8 powered)
2001 struct mgmt_mode ev;
2002 struct cmd_lookup match = { powered, NULL };
2005 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2008 u8 status = ENETDOWN;
2009 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
2014 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2022 int mgmt_discoverable(u16 index, u8 discoverable)
2024 struct mgmt_mode ev;
2025 struct cmd_lookup match = { discoverable, NULL };
2028 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2030 ev.val = discoverable;
2032 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2041 int mgmt_connectable(u16 index, u8 connectable)
2043 struct mgmt_mode ev;
2044 struct cmd_lookup match = { connectable, NULL };
2047 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2049 ev.val = connectable;
2051 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2059 int mgmt_write_scan_failed(u16 index, u8 scan, u8 status)
2061 if (scan & SCAN_PAGE)
2062 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index,
2063 cmd_status_rsp, &status);
2065 if (scan & SCAN_INQUIRY)
2066 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index,
2067 cmd_status_rsp, &status);
2072 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2074 struct mgmt_ev_new_key ev;
2076 memset(&ev, 0, sizeof(ev));
2078 ev.store_hint = persistent;
2079 bacpy(&ev.key.bdaddr, &key->bdaddr);
2080 ev.key.type = key->type;
2081 memcpy(ev.key.val, key->val, 16);
2082 ev.key.pin_len = key->pin_len;
2084 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2087 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2089 struct mgmt_ev_connected ev;
2091 bacpy(&ev.bdaddr, bdaddr);
2092 ev.link_type = link_type;
2094 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2097 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2099 struct mgmt_cp_disconnect *cp = cmd->param;
2100 struct sock **sk = data;
2101 struct mgmt_rp_disconnect rp;
2103 bacpy(&rp.bdaddr, &cp->bdaddr);
2105 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2110 mgmt_pending_remove(cmd);
2113 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2115 struct mgmt_ev_disconnected ev;
2116 struct sock *sk = NULL;
2119 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2121 bacpy(&ev.bdaddr, bdaddr);
2123 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2131 int mgmt_disconnect_failed(u16 index)
2133 struct pending_cmd *cmd;
2136 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2140 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2142 mgmt_pending_remove(cmd);
2147 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2149 struct mgmt_ev_connect_failed ev;
2151 bacpy(&ev.bdaddr, bdaddr);
2154 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2157 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2159 struct mgmt_ev_pin_code_request ev;
2161 bacpy(&ev.bdaddr, bdaddr);
2164 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2168 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2170 struct pending_cmd *cmd;
2171 struct mgmt_rp_pin_code_reply rp;
2174 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2178 bacpy(&rp.bdaddr, bdaddr);
2181 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2184 mgmt_pending_remove(cmd);
2189 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2191 struct pending_cmd *cmd;
2192 struct mgmt_rp_pin_code_reply rp;
2195 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2199 bacpy(&rp.bdaddr, bdaddr);
2202 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2205 mgmt_pending_remove(cmd);
2210 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2213 struct mgmt_ev_user_confirm_request ev;
2215 BT_DBG("hci%u", index);
2217 bacpy(&ev.bdaddr, bdaddr);
2218 ev.confirm_hint = confirm_hint;
2219 put_unaligned_le32(value, &ev.value);
2221 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2225 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2228 struct pending_cmd *cmd;
2229 struct mgmt_rp_user_confirm_reply rp;
2232 cmd = mgmt_pending_find(opcode, index);
2236 bacpy(&rp.bdaddr, bdaddr);
2238 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2240 mgmt_pending_remove(cmd);
2245 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2247 return confirm_reply_complete(index, bdaddr, status,
2248 MGMT_OP_USER_CONFIRM_REPLY);
2251 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2253 return confirm_reply_complete(index, bdaddr, status,
2254 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2257 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2259 struct mgmt_ev_auth_failed ev;
2261 bacpy(&ev.bdaddr, bdaddr);
2264 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2267 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2269 struct pending_cmd *cmd;
2270 struct hci_dev *hdev;
2271 struct mgmt_cp_set_local_name ev;
2274 memset(&ev, 0, sizeof(ev));
2275 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2277 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2282 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2286 hdev = hci_dev_get(index);
2288 hci_dev_lock_bh(hdev);
2290 hci_dev_unlock_bh(hdev);
2294 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2300 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2301 cmd ? cmd->sk : NULL);
2305 mgmt_pending_remove(cmd);
2309 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2312 struct pending_cmd *cmd;
2315 BT_DBG("hci%u status %u", index, status);
2317 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2322 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2325 struct mgmt_rp_read_local_oob_data rp;
2327 memcpy(rp.hash, hash, sizeof(rp.hash));
2328 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2330 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2334 mgmt_pending_remove(cmd);
2339 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2342 struct mgmt_ev_device_found ev;
2344 memset(&ev, 0, sizeof(ev));
2346 bacpy(&ev.bdaddr, bdaddr);
2350 memcpy(ev.eir, eir, sizeof(ev.eir));
2353 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2355 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2358 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2360 struct mgmt_ev_remote_name ev;
2362 memset(&ev, 0, sizeof(ev));
2364 bacpy(&ev.bdaddr, bdaddr);
2365 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2367 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2370 int mgmt_inquiry_failed(u16 index, u8 status)
2372 struct pending_cmd *cmd;
2375 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2379 err = cmd_status(cmd->sk, index, cmd->opcode, status);
2380 mgmt_pending_remove(cmd);
2385 int mgmt_discovering(u16 index, u8 discovering)
2387 struct pending_cmd *cmd;
2390 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2392 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
2395 cmd_complete(cmd->sk, index, cmd->opcode, NULL, 0);
2396 mgmt_pending_remove(cmd);
2399 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2400 sizeof(discovering), NULL);
2403 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2405 struct pending_cmd *cmd;
2406 struct mgmt_ev_device_blocked ev;
2408 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2410 bacpy(&ev.bdaddr, bdaddr);
2412 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2413 cmd ? cmd->sk : NULL);
2416 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2418 struct pending_cmd *cmd;
2419 struct mgmt_ev_device_unblocked ev;
2421 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2423 bacpy(&ev.bdaddr, bdaddr);
2425 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2426 cmd ? cmd->sk : NULL);