2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
36 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
64 ev = (void *) skb_put(skb, sizeof(*ev));
66 put_unaligned_le16(cmd, &ev->opcode);
68 if (sock_queue_rcv_skb(sk, skb) < 0)
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
79 struct mgmt_ev_cmd_complete *ev;
81 BT_DBG("sock %p", sk);
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
97 memcpy(ev->data, rp, rp_len);
99 if (sock_queue_rcv_skb(sk, skb) < 0)
105 static int read_version(struct sock *sk)
107 struct mgmt_rp_read_version rp;
109 BT_DBG("sock %p", sk);
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
118 static int read_index_list(struct sock *sk)
120 struct mgmt_rp_read_index_list *rp;
126 BT_DBG("sock %p", sk);
128 read_lock(&hci_dev_list_lock);
131 list_for_each(p, &hci_dev_list) {
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
138 read_unlock(&hci_dev_list_lock);
142 put_unaligned_le16(count, &rp->num_controllers);
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
148 hci_del_off_timer(d);
150 set_bit(HCI_MGMT, &d->flags);
152 if (test_bit(HCI_SETUP, &d->flags))
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
159 read_unlock(&hci_dev_list_lock);
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
169 static int read_controller_info(struct sock *sk, u16 index)
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
174 BT_DBG("sock %p hci%u", sk, index);
176 hdev = hci_dev_get(index);
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
180 hci_del_off_timer(hdev);
182 hci_dev_lock_bh(hdev);
184 set_bit(HCI_MGMT, &hdev->flags);
186 rp.type = hdev->dev_type;
188 rp.powered = test_bit(HCI_UP, &hdev->flags);
189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
193 if (test_bit(HCI_AUTH, &hdev->flags))
195 else if (hdev->ssp_mode > 0)
200 bacpy(&rp.bdaddr, &hdev->bdaddr);
201 memcpy(rp.features, hdev->features, 8);
202 memcpy(rp.dev_class, hdev->dev_class, 3);
203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
204 rp.hci_ver = hdev->hci_ver;
205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
207 hci_dev_unlock_bh(hdev);
210 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
213 static void mgmt_pending_free(struct pending_cmd *cmd)
220 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
221 u16 index, void *data, u16 len)
223 struct pending_cmd *cmd;
225 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
229 cmd->opcode = opcode;
232 cmd->cmd = kmalloc(len, GFP_ATOMIC);
238 memcpy(cmd->cmd, data, len);
243 list_add(&cmd->list, &cmd_list);
248 static void mgmt_pending_foreach(u16 opcode, int index,
249 void (*cb)(struct pending_cmd *cmd, void *data),
252 struct list_head *p, *n;
254 list_for_each_safe(p, n, &cmd_list) {
255 struct pending_cmd *cmd;
257 cmd = list_entry(p, struct pending_cmd, list);
259 if (cmd->opcode != opcode)
262 if (index >= 0 && cmd->index != index)
269 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
273 list_for_each(p, &cmd_list) {
274 struct pending_cmd *cmd;
276 cmd = list_entry(p, struct pending_cmd, list);
278 if (cmd->opcode != opcode)
281 if (index >= 0 && cmd->index != index)
290 static void mgmt_pending_remove(struct pending_cmd *cmd)
292 list_del(&cmd->list);
293 mgmt_pending_free(cmd);
296 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
298 struct mgmt_mode *cp;
299 struct hci_dev *hdev;
300 struct pending_cmd *cmd;
305 BT_DBG("request for hci%u", index);
307 if (len != sizeof(*cp))
308 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
310 hdev = hci_dev_get(index);
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
314 hci_dev_lock_bh(hdev);
316 up = test_bit(HCI_UP, &hdev->flags);
317 if ((cp->val && up) || (!cp->val && !up)) {
318 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
322 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
334 queue_work(hdev->workqueue, &hdev->power_on);
336 queue_work(hdev->workqueue, &hdev->power_off);
341 hci_dev_unlock_bh(hdev);
346 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
349 struct mgmt_mode *cp;
350 struct hci_dev *hdev;
351 struct pending_cmd *cmd;
357 BT_DBG("request for hci%u", index);
359 if (len != sizeof(*cp))
360 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
362 hdev = hci_dev_get(index);
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
366 hci_dev_lock_bh(hdev);
368 if (!test_bit(HCI_UP, &hdev->flags)) {
369 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
373 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
374 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
379 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
380 test_bit(HCI_PSCAN, &hdev->flags)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
394 scan |= SCAN_INQUIRY;
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
398 mgmt_pending_remove(cmd);
401 hci_dev_unlock_bh(hdev);
407 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
410 struct mgmt_mode *cp;
411 struct hci_dev *hdev;
412 struct pending_cmd *cmd;
418 BT_DBG("request for hci%u", index);
420 if (len != sizeof(*cp))
421 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
423 hdev = hci_dev_get(index);
425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
427 hci_dev_lock_bh(hdev);
429 if (!test_bit(HCI_UP, &hdev->flags)) {
430 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
434 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
435 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
440 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
456 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
458 mgmt_pending_remove(cmd);
461 hci_dev_unlock_bh(hdev);
467 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
468 struct sock *skip_sk)
471 struct mgmt_hdr *hdr;
473 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
477 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
479 hdr = (void *) skb_put(skb, sizeof(*hdr));
480 hdr->opcode = cpu_to_le16(event);
481 hdr->index = cpu_to_le16(index);
482 hdr->len = cpu_to_le16(data_len);
485 memcpy(skb_put(skb, data_len), data, data_len);
487 hci_send_to_sock(NULL, skb, skip_sk);
493 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
502 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
505 struct mgmt_mode *cp, ev;
506 struct hci_dev *hdev;
511 BT_DBG("request for hci%u", index);
513 if (len != sizeof(*cp))
514 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
516 hdev = hci_dev_get(index);
518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
520 hci_dev_lock_bh(hdev);
523 set_bit(HCI_PAIRABLE, &hdev->flags);
525 clear_bit(HCI_PAIRABLE, &hdev->flags);
527 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
536 hci_dev_unlock_bh(hdev);
542 static u8 get_service_classes(struct hci_dev *hdev)
547 list_for_each(p, &hdev->uuids) {
548 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
550 val |= uuid->svc_hint;
556 static int update_class(struct hci_dev *hdev)
560 BT_DBG("%s", hdev->name);
562 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
565 cod[0] = hdev->minor_class;
566 cod[1] = hdev->major_class;
567 cod[2] = get_service_classes(hdev);
569 if (memcmp(cod, hdev->dev_class, 3) == 0)
572 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
575 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
577 struct mgmt_cp_add_uuid *cp;
578 struct hci_dev *hdev;
579 struct bt_uuid *uuid;
584 BT_DBG("request for hci%u", index);
586 if (len != sizeof(*cp))
587 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
589 hdev = hci_dev_get(index);
591 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
593 hci_dev_lock_bh(hdev);
595 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
601 memcpy(uuid->uuid, cp->uuid, 16);
602 uuid->svc_hint = cp->svc_hint;
604 list_add(&uuid->list, &hdev->uuids);
606 err = update_class(hdev);
610 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
613 hci_dev_unlock_bh(hdev);
619 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
621 struct list_head *p, *n;
622 struct mgmt_cp_remove_uuid *cp;
623 struct hci_dev *hdev;
624 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
629 BT_DBG("request for hci%u", index);
631 if (len != sizeof(*cp))
632 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
634 hdev = hci_dev_get(index);
636 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
638 hci_dev_lock_bh(hdev);
640 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
641 err = hci_uuids_clear(hdev);
647 list_for_each_safe(p, n, &hdev->uuids) {
648 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
650 if (memcmp(match->uuid, cp->uuid, 16) != 0)
653 list_del(&match->list);
658 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
662 err = update_class(hdev);
666 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
669 hci_dev_unlock_bh(hdev);
675 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
678 struct hci_dev *hdev;
679 struct mgmt_cp_set_dev_class *cp;
684 BT_DBG("request for hci%u", index);
686 if (len != sizeof(*cp))
687 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
689 hdev = hci_dev_get(index);
691 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
693 hci_dev_lock_bh(hdev);
695 hdev->major_class = cp->major;
696 hdev->minor_class = cp->minor;
698 err = update_class(hdev);
701 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
703 hci_dev_unlock_bh(hdev);
709 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
712 struct hci_dev *hdev;
713 struct mgmt_cp_set_service_cache *cp;
718 if (len != sizeof(*cp))
719 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
721 hdev = hci_dev_get(index);
723 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
725 hci_dev_lock_bh(hdev);
727 BT_DBG("hci%u enable %d", index, cp->enable);
730 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
733 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
734 err = update_class(hdev);
738 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
741 hci_dev_unlock_bh(hdev);
747 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
749 struct hci_dev *hdev;
750 struct mgmt_cp_load_keys *cp;
751 u16 key_count, expected_len;
756 if (len < sizeof(*cp))
759 key_count = get_unaligned_le16(&cp->key_count);
761 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
762 if (expected_len != len) {
763 BT_ERR("load_keys: expected %u bytes, got %u bytes",
768 hdev = hci_dev_get(index);
770 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
772 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
775 hci_dev_lock_bh(hdev);
777 hci_link_keys_clear(hdev);
779 set_bit(HCI_LINK_KEYS, &hdev->flags);
782 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
784 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
786 for (i = 0; i < key_count; i++) {
787 struct mgmt_key_info *key = &cp->keys[i];
789 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type,
793 hci_dev_unlock_bh(hdev);
799 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
801 struct hci_dev *hdev;
802 struct mgmt_cp_remove_key *cp;
803 struct hci_conn *conn;
808 if (len != sizeof(*cp))
809 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
811 hdev = hci_dev_get(index);
813 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
815 hci_dev_lock_bh(hdev);
817 err = hci_remove_link_key(hdev, &cp->bdaddr);
819 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
825 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
828 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
830 struct hci_cp_disconnect dc;
832 put_unaligned_le16(conn->handle, &dc.handle);
833 dc.reason = 0x13; /* Remote User Terminated Connection */
834 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
838 hci_dev_unlock_bh(hdev);
844 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
846 struct hci_dev *hdev;
847 struct mgmt_cp_disconnect *cp;
848 struct hci_cp_disconnect dc;
849 struct pending_cmd *cmd;
850 struct hci_conn *conn;
857 if (len != sizeof(*cp))
858 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
860 hdev = hci_dev_get(index);
862 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
864 hci_dev_lock_bh(hdev);
866 if (!test_bit(HCI_UP, &hdev->flags)) {
867 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
871 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
872 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
876 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
878 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
882 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
888 put_unaligned_le16(conn->handle, &dc.handle);
889 dc.reason = 0x13; /* Remote User Terminated Connection */
891 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
893 mgmt_pending_remove(cmd);
896 hci_dev_unlock_bh(hdev);
902 static int get_connections(struct sock *sk, u16 index)
904 struct mgmt_rp_get_connections *rp;
905 struct hci_dev *hdev;
913 hdev = hci_dev_get(index);
915 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
917 hci_dev_lock_bh(hdev);
920 list_for_each(p, &hdev->conn_hash.list) {
924 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
925 rp = kmalloc(rp_len, GFP_ATOMIC);
931 put_unaligned_le16(count, &rp->conn_count);
933 read_lock(&hci_dev_list_lock);
936 list_for_each(p, &hdev->conn_hash.list) {
937 struct hci_conn *c = list_entry(p, struct hci_conn, list);
939 bacpy(&rp->conn[i++], &c->dst);
942 read_unlock(&hci_dev_list_lock);
944 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
948 hci_dev_unlock_bh(hdev);
953 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
956 struct hci_dev *hdev;
957 struct mgmt_cp_pin_code_reply *cp;
958 struct hci_cp_pin_code_reply reply;
959 struct pending_cmd *cmd;
966 if (len != sizeof(*cp))
967 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
969 hdev = hci_dev_get(index);
971 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
973 hci_dev_lock_bh(hdev);
975 if (!test_bit(HCI_UP, &hdev->flags)) {
976 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
980 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
986 bacpy(&reply.bdaddr, &cp->bdaddr);
987 reply.pin_len = cp->pin_len;
988 memcpy(reply.pin_code, cp->pin_code, 16);
990 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
992 mgmt_pending_remove(cmd);
995 hci_dev_unlock_bh(hdev);
1001 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1004 struct hci_dev *hdev;
1005 struct mgmt_cp_pin_code_neg_reply *cp;
1006 struct pending_cmd *cmd;
1013 if (len != sizeof(*cp))
1014 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1017 hdev = hci_dev_get(index);
1019 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1022 hci_dev_lock_bh(hdev);
1024 if (!test_bit(HCI_UP, &hdev->flags)) {
1025 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1030 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1037 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1040 mgmt_pending_remove(cmd);
1043 hci_dev_unlock_bh(hdev);
1049 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1052 struct hci_dev *hdev;
1053 struct mgmt_cp_set_io_capability *cp;
1059 if (len != sizeof(*cp))
1060 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1062 hdev = hci_dev_get(index);
1064 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1066 hci_dev_lock_bh(hdev);
1068 hdev->io_capability = cp->io_capability;
1070 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1071 hdev->io_capability);
1073 hci_dev_unlock_bh(hdev);
1076 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1079 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1081 struct hci_dev *hdev = conn->hdev;
1082 struct list_head *p;
1084 list_for_each(p, &cmd_list) {
1085 struct pending_cmd *cmd;
1087 cmd = list_entry(p, struct pending_cmd, list);
1089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1092 if (cmd->index != hdev->id)
1095 if (cmd->user_data != conn)
1104 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1106 struct mgmt_rp_pair_device rp;
1107 struct hci_conn *conn = cmd->user_data;
1109 bacpy(&rp.bdaddr, &conn->dst);
1112 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1114 /* So we don't get further callbacks for this connection */
1115 conn->connect_cfm_cb = NULL;
1116 conn->security_cfm_cb = NULL;
1117 conn->disconn_cfm_cb = NULL;
1121 mgmt_pending_remove(cmd);
1124 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1126 struct pending_cmd *cmd;
1128 BT_DBG("status %u", status);
1130 cmd = find_pairing(conn);
1132 BT_DBG("Unable to find a pending command");
1136 pairing_complete(cmd, status);
1139 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1141 struct hci_dev *hdev;
1142 struct mgmt_cp_pair_device *cp;
1143 struct pending_cmd *cmd;
1144 u8 sec_level, auth_type;
1145 struct hci_conn *conn;
1152 if (len != sizeof(*cp))
1153 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1155 hdev = hci_dev_get(index);
1157 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1159 hci_dev_lock_bh(hdev);
1161 if (cp->io_cap == 0x03) {
1162 sec_level = BT_SECURITY_MEDIUM;
1163 auth_type = HCI_AT_DEDICATED_BONDING;
1165 sec_level = BT_SECURITY_HIGH;
1166 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1169 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1171 err = PTR_ERR(conn);
1175 if (conn->connect_cfm_cb) {
1177 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1181 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1188 conn->connect_cfm_cb = pairing_complete_cb;
1189 conn->security_cfm_cb = pairing_complete_cb;
1190 conn->disconn_cfm_cb = pairing_complete_cb;
1191 conn->io_capability = cp->io_cap;
1192 cmd->user_data = conn;
1194 if (conn->state == BT_CONNECTED &&
1195 hci_conn_security(conn, sec_level, auth_type))
1196 pairing_complete(cmd, 0);
1201 hci_dev_unlock_bh(hdev);
1207 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1208 u16 len, int success)
1210 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1211 u16 mgmt_op, hci_op;
1212 struct pending_cmd *cmd;
1213 struct hci_dev *hdev;
1219 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1220 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1222 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1223 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1226 if (len != sizeof(*cp))
1227 return cmd_status(sk, index, mgmt_op, EINVAL);
1229 hdev = hci_dev_get(index);
1231 return cmd_status(sk, index, mgmt_op, ENODEV);
1233 if (!test_bit(HCI_UP, &hdev->flags)) {
1234 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1238 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1244 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1246 mgmt_pending_remove(cmd);
1249 hci_dev_unlock_bh(hdev);
1255 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1258 struct mgmt_hdr *hdr;
1259 u16 opcode, index, len;
1262 BT_DBG("got %zu bytes", msglen);
1264 if (msglen < sizeof(*hdr))
1267 buf = kmalloc(msglen, GFP_ATOMIC);
1271 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1276 hdr = (struct mgmt_hdr *) buf;
1277 opcode = get_unaligned_le16(&hdr->opcode);
1278 index = get_unaligned_le16(&hdr->index);
1279 len = get_unaligned_le16(&hdr->len);
1281 if (len != msglen - sizeof(*hdr)) {
1287 case MGMT_OP_READ_VERSION:
1288 err = read_version(sk);
1290 case MGMT_OP_READ_INDEX_LIST:
1291 err = read_index_list(sk);
1293 case MGMT_OP_READ_INFO:
1294 err = read_controller_info(sk, index);
1296 case MGMT_OP_SET_POWERED:
1297 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1299 case MGMT_OP_SET_DISCOVERABLE:
1300 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1302 case MGMT_OP_SET_CONNECTABLE:
1303 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1305 case MGMT_OP_SET_PAIRABLE:
1306 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1308 case MGMT_OP_ADD_UUID:
1309 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1311 case MGMT_OP_REMOVE_UUID:
1312 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1314 case MGMT_OP_SET_DEV_CLASS:
1315 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1317 case MGMT_OP_SET_SERVICE_CACHE:
1318 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1320 case MGMT_OP_LOAD_KEYS:
1321 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1323 case MGMT_OP_REMOVE_KEY:
1324 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1326 case MGMT_OP_DISCONNECT:
1327 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1329 case MGMT_OP_GET_CONNECTIONS:
1330 err = get_connections(sk, index);
1332 case MGMT_OP_PIN_CODE_REPLY:
1333 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1335 case MGMT_OP_PIN_CODE_NEG_REPLY:
1336 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1338 case MGMT_OP_SET_IO_CAPABILITY:
1339 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1341 case MGMT_OP_PAIR_DEVICE:
1342 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1344 case MGMT_OP_USER_CONFIRM_REPLY:
1345 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1347 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1348 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1351 BT_DBG("Unknown op %u", opcode);
1352 err = cmd_status(sk, index, opcode, 0x01);
1366 int mgmt_index_added(u16 index)
1368 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1371 int mgmt_index_removed(u16 index)
1373 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1381 static void mode_rsp(struct pending_cmd *cmd, void *data)
1383 struct mgmt_mode *cp = cmd->cmd;
1384 struct cmd_lookup *match = data;
1386 if (cp->val != match->val)
1389 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1391 list_del(&cmd->list);
1393 if (match->sk == NULL) {
1394 match->sk = cmd->sk;
1395 sock_hold(match->sk);
1398 mgmt_pending_free(cmd);
1401 int mgmt_powered(u16 index, u8 powered)
1403 struct mgmt_mode ev;
1404 struct cmd_lookup match = { powered, NULL };
1407 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1411 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1419 int mgmt_discoverable(u16 index, u8 discoverable)
1421 struct mgmt_mode ev;
1422 struct cmd_lookup match = { discoverable, NULL };
1425 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1427 ev.val = discoverable;
1429 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1438 int mgmt_connectable(u16 index, u8 connectable)
1440 struct mgmt_mode ev;
1441 struct cmd_lookup match = { connectable, NULL };
1444 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1446 ev.val = connectable;
1448 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1456 int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
1458 struct mgmt_ev_new_key ev;
1460 memset(&ev, 0, sizeof(ev));
1462 bacpy(&ev.key.bdaddr, &key->bdaddr);
1463 ev.key.type = key->type;
1464 memcpy(ev.key.val, key->val, 16);
1465 ev.key.pin_len = key->pin_len;
1466 ev.old_key_type = old_key_type;
1468 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1471 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1473 struct mgmt_ev_connected ev;
1475 bacpy(&ev.bdaddr, bdaddr);
1477 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1480 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1482 struct mgmt_cp_disconnect *cp = cmd->cmd;
1483 struct sock **sk = data;
1484 struct mgmt_rp_disconnect rp;
1486 bacpy(&rp.bdaddr, &cp->bdaddr);
1488 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1493 mgmt_pending_remove(cmd);
1496 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1498 struct mgmt_ev_disconnected ev;
1499 struct sock *sk = NULL;
1502 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1504 bacpy(&ev.bdaddr, bdaddr);
1506 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1514 int mgmt_disconnect_failed(u16 index)
1516 struct pending_cmd *cmd;
1519 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1523 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1525 mgmt_pending_remove(cmd);
1530 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1532 struct mgmt_ev_connect_failed ev;
1534 bacpy(&ev.bdaddr, bdaddr);
1537 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1540 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr)
1542 struct mgmt_ev_pin_code_request ev;
1544 bacpy(&ev.bdaddr, bdaddr);
1546 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1550 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1552 struct pending_cmd *cmd;
1553 struct mgmt_rp_pin_code_reply rp;
1556 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1560 bacpy(&rp.bdaddr, bdaddr);
1563 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1566 mgmt_pending_remove(cmd);
1571 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1573 struct pending_cmd *cmd;
1574 struct mgmt_rp_pin_code_reply rp;
1577 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1581 bacpy(&rp.bdaddr, bdaddr);
1584 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1587 mgmt_pending_remove(cmd);
1592 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
1594 struct mgmt_ev_user_confirm_request ev;
1596 BT_DBG("hci%u", index);
1598 bacpy(&ev.bdaddr, bdaddr);
1599 put_unaligned_le32(value, &ev.value);
1601 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
1605 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
1608 struct pending_cmd *cmd;
1609 struct mgmt_rp_user_confirm_reply rp;
1612 cmd = mgmt_pending_find(opcode, index);
1616 bacpy(&rp.bdaddr, bdaddr);
1618 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
1620 mgmt_pending_remove(cmd);
1625 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1627 return confirm_reply_complete(index, bdaddr, status,
1628 MGMT_OP_USER_CONFIRM_REPLY);
1631 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1633 return confirm_reply_complete(index, bdaddr, status,
1634 MGMT_OP_USER_CONFIRM_NEG_REPLY);
1637 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1639 struct mgmt_ev_auth_failed ev;
1641 bacpy(&ev.bdaddr, bdaddr);
1644 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
git.openpandora.org / pandora-kernel.git / blob