2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <linux/module.h>
27 #include <asm/unaligned.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/mgmt.h>
33 #define MGMT_VERSION 0
34 #define MGMT_REVISION 1
37 struct list_head list;
45 static LIST_HEAD(cmd_list);
47 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
51 struct mgmt_ev_cmd_status *ev;
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
65 ev = (void *) skb_put(skb, sizeof(*ev));
67 put_unaligned_le16(cmd, &ev->opcode);
69 if (sock_queue_rcv_skb(sk, skb) < 0)
75 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
80 struct mgmt_ev_cmd_complete *ev;
82 BT_DBG("sock %p", sk);
84 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
88 hdr = (void *) skb_put(skb, sizeof(*hdr));
90 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
91 hdr->index = cpu_to_le16(index);
92 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
94 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
95 put_unaligned_le16(cmd, &ev->opcode);
98 memcpy(ev->data, rp, rp_len);
100 if (sock_queue_rcv_skb(sk, skb) < 0)
106 static int read_version(struct sock *sk)
108 struct mgmt_rp_read_version rp;
110 BT_DBG("sock %p", sk);
112 rp.version = MGMT_VERSION;
113 put_unaligned_le16(MGMT_REVISION, &rp.revision);
115 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
119 static int read_index_list(struct sock *sk)
121 struct mgmt_rp_read_index_list *rp;
127 BT_DBG("sock %p", sk);
129 read_lock(&hci_dev_list_lock);
132 list_for_each(p, &hci_dev_list) {
136 rp_len = sizeof(*rp) + (2 * count);
137 rp = kmalloc(rp_len, GFP_ATOMIC);
139 read_unlock(&hci_dev_list_lock);
143 put_unaligned_le16(count, &rp->num_controllers);
146 list_for_each(p, &hci_dev_list) {
147 struct hci_dev *d = list_entry(p, struct hci_dev, list);
149 hci_del_off_timer(d);
151 set_bit(HCI_MGMT, &d->flags);
153 if (test_bit(HCI_SETUP, &d->flags))
156 put_unaligned_le16(d->id, &rp->index[i++]);
157 BT_DBG("Added hci%u", d->id);
160 read_unlock(&hci_dev_list_lock);
162 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
170 static int read_controller_info(struct sock *sk, u16 index)
172 struct mgmt_rp_read_info rp;
173 struct hci_dev *hdev;
175 BT_DBG("sock %p hci%u", sk, index);
177 hdev = hci_dev_get(index);
179 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
181 hci_del_off_timer(hdev);
183 hci_dev_lock_bh(hdev);
185 set_bit(HCI_MGMT, &hdev->flags);
187 memset(&rp, 0, sizeof(rp));
189 rp.type = hdev->dev_type;
191 rp.powered = test_bit(HCI_UP, &hdev->flags);
192 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
193 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
194 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
196 if (test_bit(HCI_AUTH, &hdev->flags))
198 else if (hdev->ssp_mode > 0)
203 bacpy(&rp.bdaddr, &hdev->bdaddr);
204 memcpy(rp.features, hdev->features, 8);
205 memcpy(rp.dev_class, hdev->dev_class, 3);
206 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
207 rp.hci_ver = hdev->hci_ver;
208 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
210 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
212 hci_dev_unlock_bh(hdev);
215 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
218 static void mgmt_pending_free(struct pending_cmd *cmd)
225 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
226 u16 index, void *data, u16 len)
228 struct pending_cmd *cmd;
230 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
234 cmd->opcode = opcode;
237 cmd->param = kmalloc(len, GFP_ATOMIC);
244 memcpy(cmd->param, data, len);
249 list_add(&cmd->list, &cmd_list);
254 static void mgmt_pending_foreach(u16 opcode, int index,
255 void (*cb)(struct pending_cmd *cmd, void *data),
258 struct list_head *p, *n;
260 list_for_each_safe(p, n, &cmd_list) {
261 struct pending_cmd *cmd;
263 cmd = list_entry(p, struct pending_cmd, list);
265 if (cmd->opcode != opcode)
268 if (index >= 0 && cmd->index != index)
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
279 list_for_each(p, &cmd_list) {
280 struct pending_cmd *cmd;
282 cmd = list_entry(p, struct pending_cmd, list);
284 if (cmd->opcode != opcode)
287 if (index >= 0 && cmd->index != index)
296 static void mgmt_pending_remove(struct pending_cmd *cmd)
298 list_del(&cmd->list);
299 mgmt_pending_free(cmd);
302 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
304 struct mgmt_mode *cp;
305 struct hci_dev *hdev;
306 struct pending_cmd *cmd;
311 BT_DBG("request for hci%u", index);
313 if (len != sizeof(*cp))
314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
316 hdev = hci_dev_get(index);
318 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
320 hci_dev_lock_bh(hdev);
322 up = test_bit(HCI_UP, &hdev->flags);
323 if ((cp->val && up) || (!cp->val && !up)) {
324 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
328 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
329 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
333 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
340 queue_work(hdev->workqueue, &hdev->power_on);
342 queue_work(hdev->workqueue, &hdev->power_off);
347 hci_dev_unlock_bh(hdev);
352 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
355 struct mgmt_mode *cp;
356 struct hci_dev *hdev;
357 struct pending_cmd *cmd;
363 BT_DBG("request for hci%u", index);
365 if (len != sizeof(*cp))
366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
368 hdev = hci_dev_get(index);
370 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
372 hci_dev_lock_bh(hdev);
374 if (!test_bit(HCI_UP, &hdev->flags)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
379 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
380 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
385 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
386 test_bit(HCI_PSCAN, &hdev->flags)) {
387 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
391 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
400 scan |= SCAN_INQUIRY;
402 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
404 mgmt_pending_remove(cmd);
407 hci_dev_unlock_bh(hdev);
413 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
416 struct mgmt_mode *cp;
417 struct hci_dev *hdev;
418 struct pending_cmd *cmd;
424 BT_DBG("request for hci%u", index);
426 if (len != sizeof(*cp))
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
429 hdev = hci_dev_get(index);
431 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
433 hci_dev_lock_bh(hdev);
435 if (!test_bit(HCI_UP, &hdev->flags)) {
436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
440 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
441 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
442 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
446 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
447 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
451 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
462 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
464 mgmt_pending_remove(cmd);
467 hci_dev_unlock_bh(hdev);
473 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
474 struct sock *skip_sk)
477 struct mgmt_hdr *hdr;
479 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
483 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
485 hdr = (void *) skb_put(skb, sizeof(*hdr));
486 hdr->opcode = cpu_to_le16(event);
487 hdr->index = cpu_to_le16(index);
488 hdr->len = cpu_to_le16(data_len);
491 memcpy(skb_put(skb, data_len), data, data_len);
493 hci_send_to_sock(NULL, skb, skip_sk);
499 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
505 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
508 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
511 struct mgmt_mode *cp, ev;
512 struct hci_dev *hdev;
517 BT_DBG("request for hci%u", index);
519 if (len != sizeof(*cp))
520 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
522 hdev = hci_dev_get(index);
524 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
526 hci_dev_lock_bh(hdev);
529 set_bit(HCI_PAIRABLE, &hdev->flags);
531 clear_bit(HCI_PAIRABLE, &hdev->flags);
533 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
539 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
542 hci_dev_unlock_bh(hdev);
548 #define EIR_FLAGS 0x01 /* flags */
549 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
550 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
551 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
552 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
553 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
554 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
555 #define EIR_NAME_SHORT 0x08 /* shortened local name */
556 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
557 #define EIR_TX_POWER 0x0A /* transmit power level */
558 #define EIR_DEVICE_ID 0x10 /* device ID */
560 #define PNP_INFO_SVCLASS_ID 0x1200
562 static u8 bluetooth_base_uuid[] = {
563 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
564 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
567 static u16 get_uuid16(u8 *uuid128)
572 for (i = 0; i < 12; i++) {
573 if (bluetooth_base_uuid[i] != uuid128[i])
577 memcpy(&val, &uuid128[12], 4);
579 val = le32_to_cpu(val);
586 static void create_eir(struct hci_dev *hdev, u8 *data)
590 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
591 int i, truncated = 0;
595 name_len = strlen(hdev->dev_name);
601 ptr[1] = EIR_NAME_SHORT;
603 ptr[1] = EIR_NAME_COMPLETE;
605 /* EIR Data length */
606 ptr[0] = name_len + 1;
608 memcpy(ptr + 2, hdev->dev_name, name_len);
610 eir_len += (name_len + 2);
611 ptr += (name_len + 2);
614 memset(uuid16_list, 0, sizeof(uuid16_list));
616 /* Group all UUID16 types */
617 list_for_each(p, &hdev->uuids) {
618 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
621 uuid16 = get_uuid16(uuid->uuid);
628 if (uuid16 == PNP_INFO_SVCLASS_ID)
631 /* Stop if not enough space to put next UUID */
632 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
637 /* Check for duplicates */
638 for (i = 0; uuid16_list[i] != 0; i++)
639 if (uuid16_list[i] == uuid16)
642 if (uuid16_list[i] == 0) {
643 uuid16_list[i] = uuid16;
644 eir_len += sizeof(u16);
648 if (uuid16_list[0] != 0) {
652 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
657 for (i = 0; uuid16_list[i] != 0; i++) {
658 *ptr++ = (uuid16_list[i] & 0x00ff);
659 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
662 /* EIR Data length */
663 *length = (i * sizeof(u16)) + 1;
667 static int update_eir(struct hci_dev *hdev)
669 struct hci_cp_write_eir cp;
671 if (!(hdev->features[6] & LMP_EXT_INQ))
674 if (hdev->ssp_mode == 0)
677 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
680 memset(&cp, 0, sizeof(cp));
682 create_eir(hdev, cp.data);
684 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
687 memcpy(hdev->eir, cp.data, sizeof(cp.data));
689 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
692 static u8 get_service_classes(struct hci_dev *hdev)
697 list_for_each(p, &hdev->uuids) {
698 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
700 val |= uuid->svc_hint;
706 static int update_class(struct hci_dev *hdev)
710 BT_DBG("%s", hdev->name);
712 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
715 cod[0] = hdev->minor_class;
716 cod[1] = hdev->major_class;
717 cod[2] = get_service_classes(hdev);
719 if (memcmp(cod, hdev->dev_class, 3) == 0)
722 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
725 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
727 struct mgmt_cp_add_uuid *cp;
728 struct hci_dev *hdev;
729 struct bt_uuid *uuid;
734 BT_DBG("request for hci%u", index);
736 if (len != sizeof(*cp))
737 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
739 hdev = hci_dev_get(index);
741 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
743 hci_dev_lock_bh(hdev);
745 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
751 memcpy(uuid->uuid, cp->uuid, 16);
752 uuid->svc_hint = cp->svc_hint;
754 list_add(&uuid->list, &hdev->uuids);
756 err = update_class(hdev);
760 err = update_eir(hdev);
764 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
767 hci_dev_unlock_bh(hdev);
773 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
775 struct list_head *p, *n;
776 struct mgmt_cp_remove_uuid *cp;
777 struct hci_dev *hdev;
778 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
783 BT_DBG("request for hci%u", index);
785 if (len != sizeof(*cp))
786 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
788 hdev = hci_dev_get(index);
790 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
792 hci_dev_lock_bh(hdev);
794 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
795 err = hci_uuids_clear(hdev);
801 list_for_each_safe(p, n, &hdev->uuids) {
802 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
804 if (memcmp(match->uuid, cp->uuid, 16) != 0)
807 list_del(&match->list);
812 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
816 err = update_class(hdev);
820 err = update_eir(hdev);
824 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
827 hci_dev_unlock_bh(hdev);
833 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
836 struct hci_dev *hdev;
837 struct mgmt_cp_set_dev_class *cp;
842 BT_DBG("request for hci%u", index);
844 if (len != sizeof(*cp))
845 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
847 hdev = hci_dev_get(index);
849 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
851 hci_dev_lock_bh(hdev);
853 hdev->major_class = cp->major;
854 hdev->minor_class = cp->minor;
856 err = update_class(hdev);
859 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
861 hci_dev_unlock_bh(hdev);
867 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
870 struct hci_dev *hdev;
871 struct mgmt_cp_set_service_cache *cp;
876 if (len != sizeof(*cp))
877 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
879 hdev = hci_dev_get(index);
881 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
883 hci_dev_lock_bh(hdev);
885 BT_DBG("hci%u enable %d", index, cp->enable);
888 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
891 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
892 err = update_class(hdev);
894 err = update_eir(hdev);
898 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
901 hci_dev_unlock_bh(hdev);
907 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
909 struct hci_dev *hdev;
910 struct mgmt_cp_load_keys *cp;
911 u16 key_count, expected_len;
916 if (len < sizeof(*cp))
919 key_count = get_unaligned_le16(&cp->key_count);
921 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
922 if (expected_len != len) {
923 BT_ERR("load_keys: expected %u bytes, got %u bytes",
928 hdev = hci_dev_get(index);
930 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
935 hci_dev_lock_bh(hdev);
937 hci_link_keys_clear(hdev);
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
946 for (i = 0; i < key_count; i++) {
947 struct mgmt_key_info *key = &cp->keys[i];
949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
953 hci_dev_unlock_bh(hdev);
959 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
961 struct hci_dev *hdev;
962 struct mgmt_cp_remove_key *cp;
963 struct hci_conn *conn;
968 if (len != sizeof(*cp))
969 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
971 hdev = hci_dev_get(index);
973 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
975 hci_dev_lock_bh(hdev);
977 err = hci_remove_link_key(hdev, &cp->bdaddr);
979 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
985 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
990 struct hci_cp_disconnect dc;
992 put_unaligned_le16(conn->handle, &dc.handle);
993 dc.reason = 0x13; /* Remote User Terminated Connection */
994 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
998 hci_dev_unlock_bh(hdev);
1004 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1006 struct hci_dev *hdev;
1007 struct mgmt_cp_disconnect *cp;
1008 struct hci_cp_disconnect dc;
1009 struct pending_cmd *cmd;
1010 struct hci_conn *conn;
1017 if (len != sizeof(*cp))
1018 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1020 hdev = hci_dev_get(index);
1022 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1024 hci_dev_lock_bh(hdev);
1026 if (!test_bit(HCI_UP, &hdev->flags)) {
1027 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1031 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1032 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1036 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1038 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1041 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1045 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1051 put_unaligned_le16(conn->handle, &dc.handle);
1052 dc.reason = 0x13; /* Remote User Terminated Connection */
1054 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1056 mgmt_pending_remove(cmd);
1059 hci_dev_unlock_bh(hdev);
1065 static int get_connections(struct sock *sk, u16 index)
1067 struct mgmt_rp_get_connections *rp;
1068 struct hci_dev *hdev;
1069 struct list_head *p;
1076 hdev = hci_dev_get(index);
1078 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1080 hci_dev_lock_bh(hdev);
1083 list_for_each(p, &hdev->conn_hash.list) {
1087 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1088 rp = kmalloc(rp_len, GFP_ATOMIC);
1094 put_unaligned_le16(count, &rp->conn_count);
1097 list_for_each(p, &hdev->conn_hash.list) {
1098 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1100 bacpy(&rp->conn[i++], &c->dst);
1103 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1107 hci_dev_unlock_bh(hdev);
1112 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1113 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1115 struct pending_cmd *cmd;
1118 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1123 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1126 mgmt_pending_remove(cmd);
1131 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1134 struct hci_dev *hdev;
1135 struct hci_conn *conn;
1136 struct mgmt_cp_pin_code_reply *cp;
1137 struct mgmt_cp_pin_code_neg_reply ncp;
1138 struct hci_cp_pin_code_reply reply;
1139 struct pending_cmd *cmd;
1146 if (len != sizeof(*cp))
1147 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1149 hdev = hci_dev_get(index);
1151 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1153 hci_dev_lock_bh(hdev);
1155 if (!test_bit(HCI_UP, &hdev->flags)) {
1156 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1160 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1162 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1166 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1167 bacpy(&ncp.bdaddr, &cp->bdaddr);
1169 BT_ERR("PIN code is not 16 bytes long");
1171 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1173 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1179 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1185 bacpy(&reply.bdaddr, &cp->bdaddr);
1186 reply.pin_len = cp->pin_len;
1187 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1189 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1191 mgmt_pending_remove(cmd);
1194 hci_dev_unlock_bh(hdev);
1200 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1203 struct hci_dev *hdev;
1204 struct mgmt_cp_pin_code_neg_reply *cp;
1211 if (len != sizeof(*cp))
1212 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1215 hdev = hci_dev_get(index);
1217 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1220 hci_dev_lock_bh(hdev);
1222 if (!test_bit(HCI_UP, &hdev->flags)) {
1223 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1228 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1231 hci_dev_unlock_bh(hdev);
1237 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1240 struct hci_dev *hdev;
1241 struct mgmt_cp_set_io_capability *cp;
1247 if (len != sizeof(*cp))
1248 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1250 hdev = hci_dev_get(index);
1252 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1254 hci_dev_lock_bh(hdev);
1256 hdev->io_capability = cp->io_capability;
1258 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1259 hdev->io_capability);
1261 hci_dev_unlock_bh(hdev);
1264 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1267 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1269 struct hci_dev *hdev = conn->hdev;
1270 struct list_head *p;
1272 list_for_each(p, &cmd_list) {
1273 struct pending_cmd *cmd;
1275 cmd = list_entry(p, struct pending_cmd, list);
1277 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1280 if (cmd->index != hdev->id)
1283 if (cmd->user_data != conn)
1292 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1294 struct mgmt_rp_pair_device rp;
1295 struct hci_conn *conn = cmd->user_data;
1297 bacpy(&rp.bdaddr, &conn->dst);
1300 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1302 /* So we don't get further callbacks for this connection */
1303 conn->connect_cfm_cb = NULL;
1304 conn->security_cfm_cb = NULL;
1305 conn->disconn_cfm_cb = NULL;
1309 mgmt_pending_remove(cmd);
1312 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1314 struct pending_cmd *cmd;
1316 BT_DBG("status %u", status);
1318 cmd = find_pairing(conn);
1320 BT_DBG("Unable to find a pending command");
1324 pairing_complete(cmd, status);
1327 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1329 struct hci_dev *hdev;
1330 struct mgmt_cp_pair_device *cp;
1331 struct pending_cmd *cmd;
1332 struct adv_entry *entry;
1333 u8 sec_level, auth_type;
1334 struct hci_conn *conn;
1341 if (len != sizeof(*cp))
1342 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1344 hdev = hci_dev_get(index);
1346 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1348 hci_dev_lock_bh(hdev);
1350 sec_level = BT_SECURITY_MEDIUM;
1351 if (cp->io_cap == 0x03)
1352 auth_type = HCI_AT_DEDICATED_BONDING;
1354 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1356 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1358 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1361 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1365 err = PTR_ERR(conn);
1369 if (conn->connect_cfm_cb) {
1371 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1375 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1382 /* For LE, just connecting isn't a proof that the pairing finished */
1384 conn->connect_cfm_cb = pairing_complete_cb;
1386 conn->security_cfm_cb = pairing_complete_cb;
1387 conn->disconn_cfm_cb = pairing_complete_cb;
1388 conn->io_capability = cp->io_cap;
1389 cmd->user_data = conn;
1391 if (conn->state == BT_CONNECTED &&
1392 hci_conn_security(conn, sec_level, auth_type))
1393 pairing_complete(cmd, 0);
1398 hci_dev_unlock_bh(hdev);
1404 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1405 u16 len, int success)
1407 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1408 u16 mgmt_op, hci_op;
1409 struct pending_cmd *cmd;
1410 struct hci_dev *hdev;
1416 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1417 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1419 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1420 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1423 if (len != sizeof(*cp))
1424 return cmd_status(sk, index, mgmt_op, EINVAL);
1426 hdev = hci_dev_get(index);
1428 return cmd_status(sk, index, mgmt_op, ENODEV);
1430 hci_dev_lock_bh(hdev);
1432 if (!test_bit(HCI_UP, &hdev->flags)) {
1433 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1437 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1443 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1445 mgmt_pending_remove(cmd);
1448 hci_dev_unlock_bh(hdev);
1454 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1457 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1458 struct hci_cp_write_local_name hci_cp;
1459 struct hci_dev *hdev;
1460 struct pending_cmd *cmd;
1465 if (len != sizeof(*mgmt_cp))
1466 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1468 hdev = hci_dev_get(index);
1470 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1472 hci_dev_lock_bh(hdev);
1474 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1480 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1481 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1484 mgmt_pending_remove(cmd);
1487 hci_dev_unlock_bh(hdev);
1493 static int read_local_oob_data(struct sock *sk, u16 index)
1495 struct hci_dev *hdev;
1496 struct pending_cmd *cmd;
1499 BT_DBG("hci%u", index);
1501 hdev = hci_dev_get(index);
1503 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1506 hci_dev_lock_bh(hdev);
1508 if (!test_bit(HCI_UP, &hdev->flags)) {
1509 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1514 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1515 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1520 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1521 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1525 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1531 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1533 mgmt_pending_remove(cmd);
1536 hci_dev_unlock_bh(hdev);
1542 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1545 struct hci_dev *hdev;
1546 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1549 BT_DBG("hci%u ", index);
1551 if (len != sizeof(*cp))
1552 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1555 hdev = hci_dev_get(index);
1557 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1560 hci_dev_lock_bh(hdev);
1562 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1565 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1567 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1570 hci_dev_unlock_bh(hdev);
1576 static int remove_remote_oob_data(struct sock *sk, u16 index,
1577 unsigned char *data, u16 len)
1579 struct hci_dev *hdev;
1580 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1583 BT_DBG("hci%u ", index);
1585 if (len != sizeof(*cp))
1586 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1589 hdev = hci_dev_get(index);
1591 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1594 hci_dev_lock_bh(hdev);
1596 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1598 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1601 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1604 hci_dev_unlock_bh(hdev);
1610 static int start_discovery(struct sock *sk, u16 index)
1612 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1613 struct hci_cp_inquiry cp;
1614 struct pending_cmd *cmd;
1615 struct hci_dev *hdev;
1618 BT_DBG("hci%u", index);
1620 hdev = hci_dev_get(index);
1622 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1624 hci_dev_lock_bh(hdev);
1626 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1632 memset(&cp, 0, sizeof(cp));
1633 memcpy(&cp.lap, lap, 3);
1637 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1639 mgmt_pending_remove(cmd);
1642 hci_dev_unlock_bh(hdev);
1648 static int stop_discovery(struct sock *sk, u16 index)
1650 struct hci_dev *hdev;
1651 struct pending_cmd *cmd;
1654 BT_DBG("hci%u", index);
1656 hdev = hci_dev_get(index);
1658 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1660 hci_dev_lock_bh(hdev);
1662 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1668 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1670 mgmt_pending_remove(cmd);
1673 hci_dev_unlock_bh(hdev);
1679 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1682 struct hci_dev *hdev;
1683 struct pending_cmd *cmd;
1684 struct mgmt_cp_block_device *cp = (void *) data;
1687 BT_DBG("hci%u", index);
1689 if (len != sizeof(*cp))
1690 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1693 hdev = hci_dev_get(index);
1695 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1698 hci_dev_lock_bh(hdev);
1700 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0);
1706 err = hci_blacklist_add(hdev, &cp->bdaddr);
1709 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1711 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1714 mgmt_pending_remove(cmd);
1717 hci_dev_unlock_bh(hdev);
1723 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1726 struct hci_dev *hdev;
1727 struct pending_cmd *cmd;
1728 struct mgmt_cp_unblock_device *cp = (void *) data;
1731 BT_DBG("hci%u", index);
1733 if (len != sizeof(*cp))
1734 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1737 hdev = hci_dev_get(index);
1739 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1742 hci_dev_lock_bh(hdev);
1744 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0);
1750 err = hci_blacklist_del(hdev, &cp->bdaddr);
1753 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1755 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1758 mgmt_pending_remove(cmd);
1761 hci_dev_unlock_bh(hdev);
1767 static int set_fast_connectable(struct sock *sk, u16 index,
1768 unsigned char *data, u16 len)
1770 struct hci_dev *hdev;
1771 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1772 struct hci_cp_write_page_scan_activity acp;
1776 BT_DBG("hci%u", index);
1778 if (len != sizeof(*cp))
1779 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1782 hdev = hci_dev_get(index);
1784 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1790 type = PAGE_SCAN_TYPE_INTERLACED;
1791 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1793 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1794 acp.interval = 0x0800; /* default 1.28 sec page scan */
1797 acp.window = 0x0012; /* default 11.25 msec page scan window */
1799 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1802 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1807 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1809 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1814 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1817 hci_dev_unlock(hdev);
1823 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1826 struct mgmt_hdr *hdr;
1827 u16 opcode, index, len;
1830 BT_DBG("got %zu bytes", msglen);
1832 if (msglen < sizeof(*hdr))
1835 buf = kmalloc(msglen, GFP_KERNEL);
1839 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1844 hdr = (struct mgmt_hdr *) buf;
1845 opcode = get_unaligned_le16(&hdr->opcode);
1846 index = get_unaligned_le16(&hdr->index);
1847 len = get_unaligned_le16(&hdr->len);
1849 if (len != msglen - sizeof(*hdr)) {
1855 case MGMT_OP_READ_VERSION:
1856 err = read_version(sk);
1858 case MGMT_OP_READ_INDEX_LIST:
1859 err = read_index_list(sk);
1861 case MGMT_OP_READ_INFO:
1862 err = read_controller_info(sk, index);
1864 case MGMT_OP_SET_POWERED:
1865 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1867 case MGMT_OP_SET_DISCOVERABLE:
1868 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1870 case MGMT_OP_SET_CONNECTABLE:
1871 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1873 case MGMT_OP_SET_PAIRABLE:
1874 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1876 case MGMT_OP_ADD_UUID:
1877 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1879 case MGMT_OP_REMOVE_UUID:
1880 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1882 case MGMT_OP_SET_DEV_CLASS:
1883 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1885 case MGMT_OP_SET_SERVICE_CACHE:
1886 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1888 case MGMT_OP_LOAD_KEYS:
1889 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1891 case MGMT_OP_REMOVE_KEY:
1892 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1894 case MGMT_OP_DISCONNECT:
1895 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1897 case MGMT_OP_GET_CONNECTIONS:
1898 err = get_connections(sk, index);
1900 case MGMT_OP_PIN_CODE_REPLY:
1901 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1903 case MGMT_OP_PIN_CODE_NEG_REPLY:
1904 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1906 case MGMT_OP_SET_IO_CAPABILITY:
1907 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1909 case MGMT_OP_PAIR_DEVICE:
1910 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1912 case MGMT_OP_USER_CONFIRM_REPLY:
1913 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1915 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1916 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1918 case MGMT_OP_SET_LOCAL_NAME:
1919 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1921 case MGMT_OP_READ_LOCAL_OOB_DATA:
1922 err = read_local_oob_data(sk, index);
1924 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1925 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1927 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1928 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1931 case MGMT_OP_START_DISCOVERY:
1932 err = start_discovery(sk, index);
1934 case MGMT_OP_STOP_DISCOVERY:
1935 err = stop_discovery(sk, index);
1937 case MGMT_OP_BLOCK_DEVICE:
1938 err = block_device(sk, index, buf + sizeof(*hdr), len);
1940 case MGMT_OP_UNBLOCK_DEVICE:
1941 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1943 case MGMT_OP_SET_FAST_CONNECTABLE:
1944 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1948 BT_DBG("Unknown op %u", opcode);
1949 err = cmd_status(sk, index, opcode, 0x01);
1963 int mgmt_index_added(u16 index)
1965 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1968 int mgmt_index_removed(u16 index)
1970 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1978 static void mode_rsp(struct pending_cmd *cmd, void *data)
1980 struct mgmt_mode *cp = cmd->param;
1981 struct cmd_lookup *match = data;
1983 if (cp->val != match->val)
1986 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1988 list_del(&cmd->list);
1990 if (match->sk == NULL) {
1991 match->sk = cmd->sk;
1992 sock_hold(match->sk);
1995 mgmt_pending_free(cmd);
1998 int mgmt_powered(u16 index, u8 powered)
2000 struct mgmt_mode ev;
2001 struct cmd_lookup match = { powered, NULL };
2004 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2008 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2016 int mgmt_discoverable(u16 index, u8 discoverable)
2018 struct mgmt_mode ev;
2019 struct cmd_lookup match = { discoverable, NULL };
2022 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2024 ev.val = discoverable;
2026 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2035 int mgmt_connectable(u16 index, u8 connectable)
2037 struct mgmt_mode ev;
2038 struct cmd_lookup match = { connectable, NULL };
2041 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2043 ev.val = connectable;
2045 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2053 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2055 struct mgmt_ev_new_key ev;
2057 memset(&ev, 0, sizeof(ev));
2059 ev.store_hint = persistent;
2060 bacpy(&ev.key.bdaddr, &key->bdaddr);
2061 ev.key.type = key->type;
2062 memcpy(ev.key.val, key->val, 16);
2063 ev.key.pin_len = key->pin_len;
2065 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2068 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2070 struct mgmt_ev_connected ev;
2072 bacpy(&ev.bdaddr, bdaddr);
2073 ev.link_type = link_type;
2075 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2078 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2080 struct mgmt_cp_disconnect *cp = cmd->param;
2081 struct sock **sk = data;
2082 struct mgmt_rp_disconnect rp;
2084 bacpy(&rp.bdaddr, &cp->bdaddr);
2086 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2091 mgmt_pending_remove(cmd);
2094 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2096 struct mgmt_ev_disconnected ev;
2097 struct sock *sk = NULL;
2100 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2102 bacpy(&ev.bdaddr, bdaddr);
2104 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2112 int mgmt_disconnect_failed(u16 index)
2114 struct pending_cmd *cmd;
2117 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2121 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2123 mgmt_pending_remove(cmd);
2128 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2130 struct mgmt_ev_connect_failed ev;
2132 bacpy(&ev.bdaddr, bdaddr);
2135 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2138 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2140 struct mgmt_ev_pin_code_request ev;
2142 bacpy(&ev.bdaddr, bdaddr);
2145 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2149 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2151 struct pending_cmd *cmd;
2152 struct mgmt_rp_pin_code_reply rp;
2155 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2159 bacpy(&rp.bdaddr, bdaddr);
2162 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2165 mgmt_pending_remove(cmd);
2170 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2172 struct pending_cmd *cmd;
2173 struct mgmt_rp_pin_code_reply rp;
2176 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2180 bacpy(&rp.bdaddr, bdaddr);
2183 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2186 mgmt_pending_remove(cmd);
2191 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2194 struct mgmt_ev_user_confirm_request ev;
2196 BT_DBG("hci%u", index);
2198 bacpy(&ev.bdaddr, bdaddr);
2199 ev.confirm_hint = confirm_hint;
2200 put_unaligned_le32(value, &ev.value);
2202 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2206 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2209 struct pending_cmd *cmd;
2210 struct mgmt_rp_user_confirm_reply rp;
2213 cmd = mgmt_pending_find(opcode, index);
2217 bacpy(&rp.bdaddr, bdaddr);
2219 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2221 mgmt_pending_remove(cmd);
2226 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2228 return confirm_reply_complete(index, bdaddr, status,
2229 MGMT_OP_USER_CONFIRM_REPLY);
2232 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2234 return confirm_reply_complete(index, bdaddr, status,
2235 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2238 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2240 struct mgmt_ev_auth_failed ev;
2242 bacpy(&ev.bdaddr, bdaddr);
2245 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2248 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2250 struct pending_cmd *cmd;
2251 struct hci_dev *hdev;
2252 struct mgmt_cp_set_local_name ev;
2255 memset(&ev, 0, sizeof(ev));
2256 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2258 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2263 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2267 hdev = hci_dev_get(index);
2269 hci_dev_lock_bh(hdev);
2271 hci_dev_unlock_bh(hdev);
2275 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2281 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2282 cmd ? cmd->sk : NULL);
2286 mgmt_pending_remove(cmd);
2290 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2293 struct pending_cmd *cmd;
2296 BT_DBG("hci%u status %u", index, status);
2298 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2303 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2306 struct mgmt_rp_read_local_oob_data rp;
2308 memcpy(rp.hash, hash, sizeof(rp.hash));
2309 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2311 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2315 mgmt_pending_remove(cmd);
2320 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2323 struct mgmt_ev_device_found ev;
2325 memset(&ev, 0, sizeof(ev));
2327 bacpy(&ev.bdaddr, bdaddr);
2331 memcpy(ev.eir, eir, sizeof(ev.eir));
2334 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2336 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2339 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2341 struct mgmt_ev_remote_name ev;
2343 memset(&ev, 0, sizeof(ev));
2345 bacpy(&ev.bdaddr, bdaddr);
2346 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2348 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2351 int mgmt_discovering(u16 index, u8 discovering)
2353 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2354 sizeof(discovering), NULL);
2357 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2359 struct pending_cmd *cmd;
2360 struct mgmt_ev_device_blocked ev;
2362 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2364 bacpy(&ev.bdaddr, bdaddr);
2366 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2367 cmd ? cmd->sk : NULL);
2370 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2372 struct pending_cmd *cmd;
2373 struct mgmt_ev_device_unblocked ev;
2375 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2377 bacpy(&ev.bdaddr, bdaddr);
2379 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2380 cmd ? cmd->sk : NULL);