2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
36 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
64 ev = (void *) skb_put(skb, sizeof(*ev));
66 put_unaligned_le16(cmd, &ev->opcode);
68 if (sock_queue_rcv_skb(sk, skb) < 0)
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
79 struct mgmt_ev_cmd_complete *ev;
81 BT_DBG("sock %p", sk);
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
97 memcpy(ev->data, rp, rp_len);
99 if (sock_queue_rcv_skb(sk, skb) < 0)
105 static int read_version(struct sock *sk)
107 struct mgmt_rp_read_version rp;
109 BT_DBG("sock %p", sk);
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
118 static int read_index_list(struct sock *sk)
120 struct mgmt_rp_read_index_list *rp;
126 BT_DBG("sock %p", sk);
128 read_lock(&hci_dev_list_lock);
131 list_for_each(p, &hci_dev_list) {
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
138 read_unlock(&hci_dev_list_lock);
142 put_unaligned_le16(count, &rp->num_controllers);
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
148 hci_del_off_timer(d);
150 set_bit(HCI_MGMT, &d->flags);
152 if (test_bit(HCI_SETUP, &d->flags))
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
159 read_unlock(&hci_dev_list_lock);
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
169 static int read_controller_info(struct sock *sk, u16 index)
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
174 BT_DBG("sock %p hci%u", sk, index);
176 hdev = hci_dev_get(index);
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
180 hci_del_off_timer(hdev);
182 hci_dev_lock_bh(hdev);
184 set_bit(HCI_MGMT, &hdev->flags);
186 rp.type = hdev->dev_type;
188 rp.powered = test_bit(HCI_UP, &hdev->flags);
189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
193 if (test_bit(HCI_AUTH, &hdev->flags))
195 else if (hdev->ssp_mode > 0)
200 bacpy(&rp.bdaddr, &hdev->bdaddr);
201 memcpy(rp.features, hdev->features, 8);
202 memcpy(rp.dev_class, hdev->dev_class, 3);
203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
204 rp.hci_ver = hdev->hci_ver;
205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
207 hci_dev_unlock_bh(hdev);
210 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
213 static void mgmt_pending_free(struct pending_cmd *cmd)
220 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
221 u16 index, void *data, u16 len)
223 struct pending_cmd *cmd;
225 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
229 cmd->opcode = opcode;
232 cmd->cmd = kmalloc(len, GFP_ATOMIC);
238 memcpy(cmd->cmd, data, len);
243 list_add(&cmd->list, &cmd_list);
248 static void mgmt_pending_foreach(u16 opcode, int index,
249 void (*cb)(struct pending_cmd *cmd, void *data),
252 struct list_head *p, *n;
254 list_for_each_safe(p, n, &cmd_list) {
255 struct pending_cmd *cmd;
257 cmd = list_entry(p, struct pending_cmd, list);
259 if (cmd->opcode != opcode)
262 if (index >= 0 && cmd->index != index)
269 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
273 list_for_each(p, &cmd_list) {
274 struct pending_cmd *cmd;
276 cmd = list_entry(p, struct pending_cmd, list);
278 if (cmd->opcode != opcode)
281 if (index >= 0 && cmd->index != index)
290 static void mgmt_pending_remove(struct pending_cmd *cmd)
292 list_del(&cmd->list);
293 mgmt_pending_free(cmd);
296 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
298 struct mgmt_mode *cp;
299 struct hci_dev *hdev;
300 struct pending_cmd *cmd;
305 BT_DBG("request for hci%u", index);
307 if (len != sizeof(*cp))
308 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
310 hdev = hci_dev_get(index);
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
314 hci_dev_lock_bh(hdev);
316 up = test_bit(HCI_UP, &hdev->flags);
317 if ((cp->val && up) || (!cp->val && !up)) {
318 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
322 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
334 queue_work(hdev->workqueue, &hdev->power_on);
336 queue_work(hdev->workqueue, &hdev->power_off);
341 hci_dev_unlock_bh(hdev);
346 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
349 struct mgmt_mode *cp;
350 struct hci_dev *hdev;
351 struct pending_cmd *cmd;
357 BT_DBG("request for hci%u", index);
359 if (len != sizeof(*cp))
360 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
362 hdev = hci_dev_get(index);
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
366 hci_dev_lock_bh(hdev);
368 if (!test_bit(HCI_UP, &hdev->flags)) {
369 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
373 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
374 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
379 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
380 test_bit(HCI_PSCAN, &hdev->flags)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
394 scan |= SCAN_INQUIRY;
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
398 mgmt_pending_remove(cmd);
401 hci_dev_unlock_bh(hdev);
407 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
410 struct mgmt_mode *cp;
411 struct hci_dev *hdev;
412 struct pending_cmd *cmd;
418 BT_DBG("request for hci%u", index);
420 if (len != sizeof(*cp))
421 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
423 hdev = hci_dev_get(index);
425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
427 hci_dev_lock_bh(hdev);
429 if (!test_bit(HCI_UP, &hdev->flags)) {
430 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
434 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
435 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
440 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
456 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
458 mgmt_pending_remove(cmd);
461 hci_dev_unlock_bh(hdev);
467 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
468 struct sock *skip_sk)
471 struct mgmt_hdr *hdr;
473 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
477 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
479 hdr = (void *) skb_put(skb, sizeof(*hdr));
480 hdr->opcode = cpu_to_le16(event);
481 hdr->index = cpu_to_le16(index);
482 hdr->len = cpu_to_le16(data_len);
485 memcpy(skb_put(skb, data_len), data, data_len);
487 hci_send_to_sock(NULL, skb, skip_sk);
493 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
502 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
505 struct mgmt_mode *cp, ev;
506 struct hci_dev *hdev;
511 BT_DBG("request for hci%u", index);
513 if (len != sizeof(*cp))
514 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
516 hdev = hci_dev_get(index);
518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
520 hci_dev_lock_bh(hdev);
523 set_bit(HCI_PAIRABLE, &hdev->flags);
525 clear_bit(HCI_PAIRABLE, &hdev->flags);
527 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
536 hci_dev_unlock_bh(hdev);
542 static u8 get_service_classes(struct hci_dev *hdev)
547 list_for_each(p, &hdev->uuids) {
548 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
550 val |= uuid->svc_hint;
556 static int update_class(struct hci_dev *hdev)
560 BT_DBG("%s", hdev->name);
562 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
565 cod[0] = hdev->minor_class;
566 cod[1] = hdev->major_class;
567 cod[2] = get_service_classes(hdev);
569 if (memcmp(cod, hdev->dev_class, 3) == 0)
572 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
575 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
577 struct mgmt_cp_add_uuid *cp;
578 struct hci_dev *hdev;
579 struct bt_uuid *uuid;
584 BT_DBG("request for hci%u", index);
586 if (len != sizeof(*cp))
587 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
589 hdev = hci_dev_get(index);
591 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
593 hci_dev_lock_bh(hdev);
595 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
601 memcpy(uuid->uuid, cp->uuid, 16);
602 uuid->svc_hint = cp->svc_hint;
604 list_add(&uuid->list, &hdev->uuids);
606 err = update_class(hdev);
610 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
613 hci_dev_unlock_bh(hdev);
619 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
621 struct list_head *p, *n;
622 struct mgmt_cp_remove_uuid *cp;
623 struct hci_dev *hdev;
624 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
629 BT_DBG("request for hci%u", index);
631 if (len != sizeof(*cp))
632 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
634 hdev = hci_dev_get(index);
636 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
638 hci_dev_lock_bh(hdev);
640 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
641 err = hci_uuids_clear(hdev);
647 list_for_each_safe(p, n, &hdev->uuids) {
648 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
650 if (memcmp(match->uuid, cp->uuid, 16) != 0)
653 list_del(&match->list);
658 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
662 err = update_class(hdev);
666 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
669 hci_dev_unlock_bh(hdev);
675 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
678 struct hci_dev *hdev;
679 struct mgmt_cp_set_dev_class *cp;
684 BT_DBG("request for hci%u", index);
686 if (len != sizeof(*cp))
687 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
689 hdev = hci_dev_get(index);
691 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
693 hci_dev_lock_bh(hdev);
695 hdev->major_class = cp->major;
696 hdev->minor_class = cp->minor;
698 err = update_class(hdev);
701 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
703 hci_dev_unlock_bh(hdev);
709 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
712 struct hci_dev *hdev;
713 struct mgmt_cp_set_service_cache *cp;
718 if (len != sizeof(*cp))
719 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
721 hdev = hci_dev_get(index);
723 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
725 hci_dev_lock_bh(hdev);
727 BT_DBG("hci%u enable %d", index, cp->enable);
730 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
733 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
734 err = update_class(hdev);
738 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
741 hci_dev_unlock_bh(hdev);
747 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
749 struct hci_dev *hdev;
750 struct mgmt_cp_load_keys *cp;
751 u16 key_count, expected_len;
756 if (len < sizeof(*cp))
759 key_count = get_unaligned_le16(&cp->key_count);
761 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
762 if (expected_len != len) {
763 BT_ERR("load_keys: expected %u bytes, got %u bytes",
768 hdev = hci_dev_get(index);
770 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
772 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
775 hci_dev_lock_bh(hdev);
777 hci_link_keys_clear(hdev);
779 set_bit(HCI_LINK_KEYS, &hdev->flags);
782 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
784 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
786 for (i = 0; i < key_count; i++) {
787 struct mgmt_key_info *key = &cp->keys[i];
789 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type,
793 hci_dev_unlock_bh(hdev);
799 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
801 struct hci_dev *hdev;
802 struct mgmt_cp_remove_key *cp;
803 struct hci_conn *conn;
808 if (len != sizeof(*cp))
809 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
811 hdev = hci_dev_get(index);
813 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
815 hci_dev_lock_bh(hdev);
817 err = hci_remove_link_key(hdev, &cp->bdaddr);
819 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
825 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
828 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
830 struct hci_cp_disconnect dc;
832 put_unaligned_le16(conn->handle, &dc.handle);
833 dc.reason = 0x13; /* Remote User Terminated Connection */
834 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
838 hci_dev_unlock_bh(hdev);
844 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
846 struct hci_dev *hdev;
847 struct mgmt_cp_disconnect *cp;
848 struct hci_cp_disconnect dc;
849 struct pending_cmd *cmd;
850 struct hci_conn *conn;
857 if (len != sizeof(*cp))
858 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
860 hdev = hci_dev_get(index);
862 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
864 hci_dev_lock_bh(hdev);
866 if (!test_bit(HCI_UP, &hdev->flags)) {
867 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
871 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
872 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
876 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
878 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
882 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
888 put_unaligned_le16(conn->handle, &dc.handle);
889 dc.reason = 0x13; /* Remote User Terminated Connection */
891 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
893 mgmt_pending_remove(cmd);
896 hci_dev_unlock_bh(hdev);
902 static int get_connections(struct sock *sk, u16 index)
904 struct mgmt_rp_get_connections *rp;
905 struct hci_dev *hdev;
913 hdev = hci_dev_get(index);
915 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
917 hci_dev_lock_bh(hdev);
920 list_for_each(p, &hdev->conn_hash.list) {
924 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
925 rp = kmalloc(rp_len, GFP_ATOMIC);
931 put_unaligned_le16(count, &rp->conn_count);
933 read_lock(&hci_dev_list_lock);
936 list_for_each(p, &hdev->conn_hash.list) {
937 struct hci_conn *c = list_entry(p, struct hci_conn, list);
939 bacpy(&rp->conn[i++], &c->dst);
942 read_unlock(&hci_dev_list_lock);
944 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
948 hci_dev_unlock_bh(hdev);
953 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
956 struct hci_dev *hdev;
957 struct mgmt_cp_pin_code_reply *cp;
958 struct hci_cp_pin_code_reply reply;
959 struct pending_cmd *cmd;
966 if (len != sizeof(*cp))
967 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
969 hdev = hci_dev_get(index);
971 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
973 hci_dev_lock_bh(hdev);
975 if (!test_bit(HCI_UP, &hdev->flags)) {
976 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
980 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
986 bacpy(&reply.bdaddr, &cp->bdaddr);
987 reply.pin_len = cp->pin_len;
988 memcpy(reply.pin_code, cp->pin_code, 16);
990 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
992 mgmt_pending_remove(cmd);
995 hci_dev_unlock_bh(hdev);
1001 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1004 struct hci_dev *hdev;
1005 struct mgmt_cp_pin_code_neg_reply *cp;
1006 struct pending_cmd *cmd;
1013 if (len != sizeof(*cp))
1014 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1017 hdev = hci_dev_get(index);
1019 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1022 hci_dev_lock_bh(hdev);
1024 if (!test_bit(HCI_UP, &hdev->flags)) {
1025 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1030 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1037 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1040 mgmt_pending_remove(cmd);
1043 hci_dev_unlock_bh(hdev);
1049 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1052 struct hci_dev *hdev;
1053 struct mgmt_cp_set_io_capability *cp;
1059 if (len != sizeof(*cp))
1060 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1062 hdev = hci_dev_get(index);
1064 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1066 hci_dev_lock_bh(hdev);
1068 hdev->io_capability = cp->io_capability;
1070 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1071 hdev->io_capability);
1073 hci_dev_unlock_bh(hdev);
1076 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1079 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1081 struct hci_dev *hdev = conn->hdev;
1082 struct list_head *p;
1084 list_for_each(p, &cmd_list) {
1085 struct pending_cmd *cmd;
1087 cmd = list_entry(p, struct pending_cmd, list);
1089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1092 if (cmd->index != hdev->id)
1095 if (cmd->user_data != conn)
1104 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1106 struct mgmt_rp_pair_device rp;
1107 struct hci_conn *conn = cmd->user_data;
1109 bacpy(&rp.bdaddr, &conn->dst);
1112 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1114 /* So we don't get further callbacks for this connection */
1115 conn->connect_cfm_cb = NULL;
1116 conn->security_cfm_cb = NULL;
1117 conn->disconn_cfm_cb = NULL;
1121 mgmt_pending_remove(cmd);
1124 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1126 struct pending_cmd *cmd;
1128 BT_DBG("status %u", status);
1130 cmd = find_pairing(conn);
1132 BT_DBG("Unable to find a pending command");
1136 pairing_complete(cmd, status);
1139 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1141 struct hci_dev *hdev;
1142 struct mgmt_cp_pair_device *cp;
1143 struct pending_cmd *cmd;
1144 u8 sec_level, auth_type;
1145 struct hci_conn *conn;
1152 if (len != sizeof(*cp))
1153 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1155 hdev = hci_dev_get(index);
1157 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1159 hci_dev_lock_bh(hdev);
1161 if (cp->io_cap == 0x03) {
1162 sec_level = BT_SECURITY_MEDIUM;
1163 auth_type = HCI_AT_DEDICATED_BONDING;
1165 sec_level = BT_SECURITY_HIGH;
1166 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1169 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1171 err = PTR_ERR(conn);
1175 if (conn->connect_cfm_cb) {
1177 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1181 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1188 conn->connect_cfm_cb = pairing_complete_cb;
1189 conn->security_cfm_cb = pairing_complete_cb;
1190 conn->disconn_cfm_cb = pairing_complete_cb;
1191 conn->io_capability = cp->io_cap;
1192 cmd->user_data = conn;
1194 if (conn->state == BT_CONNECTED &&
1195 hci_conn_security(conn, sec_level, auth_type))
1196 pairing_complete(cmd, 0);
1201 hci_dev_unlock_bh(hdev);
1207 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1208 u16 len, int success)
1210 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1211 u16 mgmt_op, hci_op;
1212 struct pending_cmd *cmd;
1213 struct hci_dev *hdev;
1219 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1220 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1222 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1223 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1226 if (len != sizeof(*cp))
1227 return cmd_status(sk, index, mgmt_op, EINVAL);
1229 hdev = hci_dev_get(index);
1231 return cmd_status(sk, index, mgmt_op, ENODEV);
1233 hci_dev_lock_bh(hdev);
1235 if (!test_bit(HCI_UP, &hdev->flags)) {
1236 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1240 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1246 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1248 mgmt_pending_remove(cmd);
1251 hci_dev_unlock_bh(hdev);
1257 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1260 struct mgmt_hdr *hdr;
1261 u16 opcode, index, len;
1264 BT_DBG("got %zu bytes", msglen);
1266 if (msglen < sizeof(*hdr))
1269 buf = kmalloc(msglen, GFP_ATOMIC);
1273 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1278 hdr = (struct mgmt_hdr *) buf;
1279 opcode = get_unaligned_le16(&hdr->opcode);
1280 index = get_unaligned_le16(&hdr->index);
1281 len = get_unaligned_le16(&hdr->len);
1283 if (len != msglen - sizeof(*hdr)) {
1289 case MGMT_OP_READ_VERSION:
1290 err = read_version(sk);
1292 case MGMT_OP_READ_INDEX_LIST:
1293 err = read_index_list(sk);
1295 case MGMT_OP_READ_INFO:
1296 err = read_controller_info(sk, index);
1298 case MGMT_OP_SET_POWERED:
1299 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1301 case MGMT_OP_SET_DISCOVERABLE:
1302 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1304 case MGMT_OP_SET_CONNECTABLE:
1305 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1307 case MGMT_OP_SET_PAIRABLE:
1308 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1310 case MGMT_OP_ADD_UUID:
1311 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1313 case MGMT_OP_REMOVE_UUID:
1314 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1316 case MGMT_OP_SET_DEV_CLASS:
1317 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1319 case MGMT_OP_SET_SERVICE_CACHE:
1320 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1322 case MGMT_OP_LOAD_KEYS:
1323 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1325 case MGMT_OP_REMOVE_KEY:
1326 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1328 case MGMT_OP_DISCONNECT:
1329 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1331 case MGMT_OP_GET_CONNECTIONS:
1332 err = get_connections(sk, index);
1334 case MGMT_OP_PIN_CODE_REPLY:
1335 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1337 case MGMT_OP_PIN_CODE_NEG_REPLY:
1338 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1340 case MGMT_OP_SET_IO_CAPABILITY:
1341 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1343 case MGMT_OP_PAIR_DEVICE:
1344 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1346 case MGMT_OP_USER_CONFIRM_REPLY:
1347 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1349 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1350 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1353 BT_DBG("Unknown op %u", opcode);
1354 err = cmd_status(sk, index, opcode, 0x01);
1368 int mgmt_index_added(u16 index)
1370 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1373 int mgmt_index_removed(u16 index)
1375 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1383 static void mode_rsp(struct pending_cmd *cmd, void *data)
1385 struct mgmt_mode *cp = cmd->cmd;
1386 struct cmd_lookup *match = data;
1388 if (cp->val != match->val)
1391 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1393 list_del(&cmd->list);
1395 if (match->sk == NULL) {
1396 match->sk = cmd->sk;
1397 sock_hold(match->sk);
1400 mgmt_pending_free(cmd);
1403 int mgmt_powered(u16 index, u8 powered)
1405 struct mgmt_mode ev;
1406 struct cmd_lookup match = { powered, NULL };
1409 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1413 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1421 int mgmt_discoverable(u16 index, u8 discoverable)
1423 struct mgmt_mode ev;
1424 struct cmd_lookup match = { discoverable, NULL };
1427 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1429 ev.val = discoverable;
1431 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1440 int mgmt_connectable(u16 index, u8 connectable)
1442 struct mgmt_mode ev;
1443 struct cmd_lookup match = { connectable, NULL };
1446 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1448 ev.val = connectable;
1450 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1458 int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
1460 struct mgmt_ev_new_key ev;
1462 memset(&ev, 0, sizeof(ev));
1464 bacpy(&ev.key.bdaddr, &key->bdaddr);
1465 ev.key.type = key->type;
1466 memcpy(ev.key.val, key->val, 16);
1467 ev.key.pin_len = key->pin_len;
1468 ev.old_key_type = old_key_type;
1470 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1473 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1475 struct mgmt_ev_connected ev;
1477 bacpy(&ev.bdaddr, bdaddr);
1479 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1482 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1484 struct mgmt_cp_disconnect *cp = cmd->cmd;
1485 struct sock **sk = data;
1486 struct mgmt_rp_disconnect rp;
1488 bacpy(&rp.bdaddr, &cp->bdaddr);
1490 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1495 mgmt_pending_remove(cmd);
1498 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1500 struct mgmt_ev_disconnected ev;
1501 struct sock *sk = NULL;
1504 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1506 bacpy(&ev.bdaddr, bdaddr);
1508 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1516 int mgmt_disconnect_failed(u16 index)
1518 struct pending_cmd *cmd;
1521 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1525 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1527 mgmt_pending_remove(cmd);
1532 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1534 struct mgmt_ev_connect_failed ev;
1536 bacpy(&ev.bdaddr, bdaddr);
1539 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1542 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr)
1544 struct mgmt_ev_pin_code_request ev;
1546 bacpy(&ev.bdaddr, bdaddr);
1548 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1552 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1554 struct pending_cmd *cmd;
1555 struct mgmt_rp_pin_code_reply rp;
1558 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1562 bacpy(&rp.bdaddr, bdaddr);
1565 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1568 mgmt_pending_remove(cmd);
1573 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1575 struct pending_cmd *cmd;
1576 struct mgmt_rp_pin_code_reply rp;
1579 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1583 bacpy(&rp.bdaddr, bdaddr);
1586 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1589 mgmt_pending_remove(cmd);
1594 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
1596 struct mgmt_ev_user_confirm_request ev;
1598 BT_DBG("hci%u", index);
1600 bacpy(&ev.bdaddr, bdaddr);
1601 put_unaligned_le32(value, &ev.value);
1603 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
1607 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
1610 struct pending_cmd *cmd;
1611 struct mgmt_rp_user_confirm_reply rp;
1614 cmd = mgmt_pending_find(opcode, index);
1618 bacpy(&rp.bdaddr, bdaddr);
1620 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
1622 mgmt_pending_remove(cmd);
1627 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1629 return confirm_reply_complete(index, bdaddr, status,
1630 MGMT_OP_USER_CONFIRM_REPLY);
1633 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1635 return confirm_reply_complete(index, bdaddr, status,
1636 MGMT_OP_USER_CONFIRM_NEG_REPLY);
1639 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1641 struct mgmt_ev_auth_failed ev;
1643 bacpy(&ev.bdaddr, bdaddr);
1646 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
git.openpandora.org / pandora-kernel.git / blob