1 /* 2 BlueZ - Bluetooth protocol stack for Linux 3 Copyright (C) 2010 Nokia Corporation 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 /* Bluetooth HCI Management interface */ 24 25 #include <linux/uaccess.h> 26 #include <linux/module.h> 27 #include <asm/unaligned.h> 28 29 #include <net/bluetooth/bluetooth.h> 30 #include <net/bluetooth/hci_core.h> 31 #include <net/bluetooth/mgmt.h> 32 33 #define MGMT_VERSION 0 34 #define MGMT_REVISION 1 35 36 struct pending_cmd { 37 struct list_head list; 38 __u16 opcode; 39 int index; 40 void *param; 41 struct sock *sk; 42 void *user_data; 43 }; 44 45 static LIST_HEAD(cmd_list); 46 47 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status) 48 { 49 struct sk_buff *skb; 50 struct mgmt_hdr *hdr; 51 struct mgmt_ev_cmd_status *ev; 52 53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status); 54 55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 56 if (!skb) 57 return -ENOMEM; 58 59 hdr = (void *) skb_put(skb, sizeof(*hdr)); 60 61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 62 hdr->index = cpu_to_le16(index); 63 hdr->len = cpu_to_le16(sizeof(*ev)); 64 65 ev = (void *) skb_put(skb, sizeof(*ev)); 66 ev->status = status; 67 put_unaligned_le16(cmd, &ev->opcode); 68 69 if (sock_queue_rcv_skb(sk, skb) < 0) 70 kfree_skb(skb); 71 72 return 0; 73 } 74 75 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp, 76 size_t rp_len) 77 { 78 struct sk_buff *skb; 79 struct mgmt_hdr *hdr; 80 struct mgmt_ev_cmd_complete *ev; 81 82 BT_DBG("sock %p", sk); 83 84 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC); 85 if (!skb) 86 return -ENOMEM; 87 88 hdr = (void *) skb_put(skb, sizeof(*hdr)); 89 90 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 91 hdr->index = cpu_to_le16(index); 92 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len); 93 94 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len); 95 put_unaligned_le16(cmd, &ev->opcode); 96 97 if (rp) 98 memcpy(ev->data, rp, rp_len); 99 100 if (sock_queue_rcv_skb(sk, skb) < 0) 101 kfree_skb(skb); 102 103 return 0; 104 } 105 106 static int read_version(struct sock *sk) 107 { 108 struct mgmt_rp_read_version rp; 109 110 BT_DBG("sock %p", sk); 111 112 rp.version = MGMT_VERSION; 113 put_unaligned_le16(MGMT_REVISION, &rp.revision); 114 115 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp, 116 sizeof(rp)); 117 } 118 119 static int read_index_list(struct sock *sk) 120 { 121 struct mgmt_rp_read_index_list *rp; 122 struct list_head *p; 123 size_t rp_len; 124 u16 count; 125 int i, err; 126 127 BT_DBG("sock %p", sk); 128 129 read_lock(&hci_dev_list_lock); 130 131 count = 0; 132 list_for_each(p, &hci_dev_list) { 133 count++; 134 } 135 136 rp_len = sizeof(*rp) + (2 * count); 137 rp = kmalloc(rp_len, GFP_ATOMIC); 138 if (!rp) { 139 read_unlock(&hci_dev_list_lock); 140 return -ENOMEM; 141 } 142 143 put_unaligned_le16(count, &rp->num_controllers); 144 145 i = 0; 146 list_for_each(p, &hci_dev_list) { 147 struct hci_dev *d = list_entry(p, struct hci_dev, list); 148 149 hci_del_off_timer(d); 150 151 set_bit(HCI_MGMT, &d->flags); 152 153 if (test_bit(HCI_SETUP, &d->flags)) 154 continue; 155 156 put_unaligned_le16(d->id, &rp->index[i++]); 157 BT_DBG("Added hci%u", d->id); 158 } 159 160 read_unlock(&hci_dev_list_lock); 161 162 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp, 163 rp_len); 164 165 kfree(rp); 166 167 return err; 168 } 169 170 static int read_controller_info(struct sock *sk, u16 index) 171 { 172 struct mgmt_rp_read_info rp; 173 struct hci_dev *hdev; 174 175 BT_DBG("sock %p hci%u", sk, index); 176 177 hdev = hci_dev_get(index); 178 if (!hdev) 179 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV); 180 181 hci_del_off_timer(hdev); 182 183 hci_dev_lock_bh(hdev); 184 185 set_bit(HCI_MGMT, &hdev->flags); 186 187 memset(&rp, 0, sizeof(rp)); 188 189 rp.type = hdev->dev_type; 190 191 rp.powered = test_bit(HCI_UP, &hdev->flags); 192 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags); 193 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags); 194 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags); 195 196 if (test_bit(HCI_AUTH, &hdev->flags)) 197 rp.sec_mode = 3; 198 else if (hdev->ssp_mode > 0) 199 rp.sec_mode = 4; 200 else 201 rp.sec_mode = 2; 202 203 bacpy(&rp.bdaddr, &hdev->bdaddr); 204 memcpy(rp.features, hdev->features, 8); 205 memcpy(rp.dev_class, hdev->dev_class, 3); 206 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer); 207 rp.hci_ver = hdev->hci_ver; 208 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev); 209 210 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name)); 211 212 hci_dev_unlock_bh(hdev); 213 hci_dev_put(hdev); 214 215 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp)); 216 } 217 218 static void mgmt_pending_free(struct pending_cmd *cmd) 219 { 220 sock_put(cmd->sk); 221 kfree(cmd->param); 222 kfree(cmd); 223 } 224 225 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode, 226 u16 index, void *data, u16 len) 227 { 228 struct pending_cmd *cmd; 229 230 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); 231 if (!cmd) 232 return NULL; 233 234 cmd->opcode = opcode; 235 cmd->index = index; 236 237 cmd->param = kmalloc(len, GFP_ATOMIC); 238 if (!cmd->param) { 239 kfree(cmd); 240 return NULL; 241 } 242 243 if (data) 244 memcpy(cmd->param, data, len); 245 246 cmd->sk = sk; 247 sock_hold(sk); 248 249 list_add(&cmd->list, &cmd_list); 250 251 return cmd; 252 } 253 254 static void mgmt_pending_foreach(u16 opcode, int index, 255 void (*cb)(struct pending_cmd *cmd, void *data), 256 void *data) 257 { 258 struct list_head *p, *n; 259 260 list_for_each_safe(p, n, &cmd_list) { 261 struct pending_cmd *cmd; 262 263 cmd = list_entry(p, struct pending_cmd, list); 264 265 if (cmd->opcode != opcode) 266 continue; 267 268 if (index >= 0 && cmd->index != index) 269 continue; 270 271 cb(cmd, data); 272 } 273 } 274 275 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index) 276 { 277 struct list_head *p; 278 279 list_for_each(p, &cmd_list) { 280 struct pending_cmd *cmd; 281 282 cmd = list_entry(p, struct pending_cmd, list); 283 284 if (cmd->opcode != opcode) 285 continue; 286 287 if (index >= 0 && cmd->index != index) 288 continue; 289 290 return cmd; 291 } 292 293 return NULL; 294 } 295 296 static void mgmt_pending_remove(struct pending_cmd *cmd) 297 { 298 list_del(&cmd->list); 299 mgmt_pending_free(cmd); 300 } 301 302 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len) 303 { 304 struct mgmt_mode *cp; 305 struct hci_dev *hdev; 306 struct pending_cmd *cmd; 307 int err, up; 308 309 cp = (void *) data; 310 311 BT_DBG("request for hci%u", index); 312 313 if (len != sizeof(*cp)) 314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL); 315 316 hdev = hci_dev_get(index); 317 if (!hdev) 318 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV); 319 320 hci_dev_lock_bh(hdev); 321 322 up = test_bit(HCI_UP, &hdev->flags); 323 if ((cp->val && up) || (!cp->val && !up)) { 324 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY); 325 goto failed; 326 } 327 328 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) { 329 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY); 330 goto failed; 331 } 332 333 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len); 334 if (!cmd) { 335 err = -ENOMEM; 336 goto failed; 337 } 338 339 if (cp->val) 340 queue_work(hdev->workqueue, &hdev->power_on); 341 else 342 queue_work(hdev->workqueue, &hdev->power_off); 343 344 err = 0; 345 346 failed: 347 hci_dev_unlock_bh(hdev); 348 hci_dev_put(hdev); 349 return err; 350 } 351 352 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data, 353 u16 len) 354 { 355 struct mgmt_mode *cp; 356 struct hci_dev *hdev; 357 struct pending_cmd *cmd; 358 u8 scan; 359 int err; 360 361 cp = (void *) data; 362 363 BT_DBG("request for hci%u", index); 364 365 if (len != sizeof(*cp)) 366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL); 367 368 hdev = hci_dev_get(index); 369 if (!hdev) 370 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV); 371 372 hci_dev_lock_bh(hdev); 373 374 if (!test_bit(HCI_UP, &hdev->flags)) { 375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN); 376 goto failed; 377 } 378 379 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 380 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY); 382 goto failed; 383 } 384 385 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) && 386 test_bit(HCI_PSCAN, &hdev->flags)) { 387 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY); 388 goto failed; 389 } 390 391 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len); 392 if (!cmd) { 393 err = -ENOMEM; 394 goto failed; 395 } 396 397 scan = SCAN_PAGE; 398 399 if (cp->val) 400 scan |= SCAN_INQUIRY; 401 402 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 403 if (err < 0) 404 mgmt_pending_remove(cmd); 405 406 failed: 407 hci_dev_unlock_bh(hdev); 408 hci_dev_put(hdev); 409 410 return err; 411 } 412 413 static int set_connectable(struct sock *sk, u16 index, unsigned char *data, 414 u16 len) 415 { 416 struct mgmt_mode *cp; 417 struct hci_dev *hdev; 418 struct pending_cmd *cmd; 419 u8 scan; 420 int err; 421 422 cp = (void *) data; 423 424 BT_DBG("request for hci%u", index); 425 426 if (len != sizeof(*cp)) 427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL); 428 429 hdev = hci_dev_get(index); 430 if (!hdev) 431 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV); 432 433 hci_dev_lock_bh(hdev); 434 435 if (!test_bit(HCI_UP, &hdev->flags)) { 436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN); 437 goto failed; 438 } 439 440 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) || 441 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) { 442 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY); 443 goto failed; 444 } 445 446 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) { 447 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY); 448 goto failed; 449 } 450 451 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len); 452 if (!cmd) { 453 err = -ENOMEM; 454 goto failed; 455 } 456 457 if (cp->val) 458 scan = SCAN_PAGE; 459 else 460 scan = 0; 461 462 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan); 463 if (err < 0) 464 mgmt_pending_remove(cmd); 465 466 failed: 467 hci_dev_unlock_bh(hdev); 468 hci_dev_put(hdev); 469 470 return err; 471 } 472 473 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len, 474 struct sock *skip_sk) 475 { 476 struct sk_buff *skb; 477 struct mgmt_hdr *hdr; 478 479 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 480 if (!skb) 481 return -ENOMEM; 482 483 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 484 485 hdr = (void *) skb_put(skb, sizeof(*hdr)); 486 hdr->opcode = cpu_to_le16(event); 487 hdr->index = cpu_to_le16(index); 488 hdr->len = cpu_to_le16(data_len); 489 490 if (data) 491 memcpy(skb_put(skb, data_len), data, data_len); 492 493 hci_send_to_sock(NULL, skb, skip_sk); 494 kfree_skb(skb); 495 496 return 0; 497 } 498 499 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val) 500 { 501 struct mgmt_mode rp; 502 503 rp.val = val; 504 505 return cmd_complete(sk, index, opcode, &rp, sizeof(rp)); 506 } 507 508 static int set_pairable(struct sock *sk, u16 index, unsigned char *data, 509 u16 len) 510 { 511 struct mgmt_mode *cp, ev; 512 struct hci_dev *hdev; 513 int err; 514 515 cp = (void *) data; 516 517 BT_DBG("request for hci%u", index); 518 519 if (len != sizeof(*cp)) 520 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL); 521 522 hdev = hci_dev_get(index); 523 if (!hdev) 524 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV); 525 526 hci_dev_lock_bh(hdev); 527 528 if (cp->val) 529 set_bit(HCI_PAIRABLE, &hdev->flags); 530 else 531 clear_bit(HCI_PAIRABLE, &hdev->flags); 532 533 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val); 534 if (err < 0) 535 goto failed; 536 537 ev.val = cp->val; 538 539 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk); 540 541 failed: 542 hci_dev_unlock_bh(hdev); 543 hci_dev_put(hdev); 544 545 return err; 546 } 547 548 #define EIR_FLAGS 0x01 /* flags */ 549 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */ 550 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */ 551 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */ 552 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */ 553 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */ 554 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */ 555 #define EIR_NAME_SHORT 0x08 /* shortened local name */ 556 #define EIR_NAME_COMPLETE 0x09 /* complete local name */ 557 #define EIR_TX_POWER 0x0A /* transmit power level */ 558 #define EIR_DEVICE_ID 0x10 /* device ID */ 559 560 #define PNP_INFO_SVCLASS_ID 0x1200 561 562 static u8 bluetooth_base_uuid[] = { 563 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, 564 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 565 }; 566 567 static u16 get_uuid16(u8 *uuid128) 568 { 569 u32 val; 570 int i; 571 572 for (i = 0; i < 12; i++) { 573 if (bluetooth_base_uuid[i] != uuid128[i]) 574 return 0; 575 } 576 577 memcpy(&val, &uuid128[12], 4); 578 579 val = le32_to_cpu(val); 580 if (val > 0xffff) 581 return 0; 582 583 return (u16) val; 584 } 585 586 static void create_eir(struct hci_dev *hdev, u8 *data) 587 { 588 u8 *ptr = data; 589 u16 eir_len = 0; 590 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)]; 591 int i, truncated = 0; 592 struct list_head *p; 593 size_t name_len; 594 595 name_len = strlen(hdev->dev_name); 596 597 if (name_len > 0) { 598 /* EIR Data type */ 599 if (name_len > 48) { 600 name_len = 48; 601 ptr[1] = EIR_NAME_SHORT; 602 } else 603 ptr[1] = EIR_NAME_COMPLETE; 604 605 /* EIR Data length */ 606 ptr[0] = name_len + 1; 607 608 memcpy(ptr + 2, hdev->dev_name, name_len); 609 610 eir_len += (name_len + 2); 611 ptr += (name_len + 2); 612 } 613 614 memset(uuid16_list, 0, sizeof(uuid16_list)); 615 616 /* Group all UUID16 types */ 617 list_for_each(p, &hdev->uuids) { 618 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list); 619 u16 uuid16; 620 621 uuid16 = get_uuid16(uuid->uuid); 622 if (uuid16 == 0) 623 return; 624 625 if (uuid16 < 0x1100) 626 continue; 627 628 if (uuid16 == PNP_INFO_SVCLASS_ID) 629 continue; 630 631 /* Stop if not enough space to put next UUID */ 632 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) { 633 truncated = 1; 634 break; 635 } 636 637 /* Check for duplicates */ 638 for (i = 0; uuid16_list[i] != 0; i++) 639 if (uuid16_list[i] == uuid16) 640 break; 641 642 if (uuid16_list[i] == 0) { 643 uuid16_list[i] = uuid16; 644 eir_len += sizeof(u16); 645 } 646 } 647 648 if (uuid16_list[0] != 0) { 649 u8 *length = ptr; 650 651 /* EIR Data type */ 652 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL; 653 654 ptr += 2; 655 eir_len += 2; 656 657 for (i = 0; uuid16_list[i] != 0; i++) { 658 *ptr++ = (uuid16_list[i] & 0x00ff); 659 *ptr++ = (uuid16_list[i] & 0xff00) >> 8; 660 } 661 662 /* EIR Data length */ 663 *length = (i * sizeof(u16)) + 1; 664 } 665 } 666 667 static int update_eir(struct hci_dev *hdev) 668 { 669 struct hci_cp_write_eir cp; 670 671 if (!(hdev->features[6] & LMP_EXT_INQ)) 672 return 0; 673 674 if (hdev->ssp_mode == 0) 675 return 0; 676 677 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 678 return 0; 679 680 memset(&cp, 0, sizeof(cp)); 681 682 create_eir(hdev, cp.data); 683 684 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0) 685 return 0; 686 687 memcpy(hdev->eir, cp.data, sizeof(cp.data)); 688 689 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp); 690 } 691 692 static u8 get_service_classes(struct hci_dev *hdev) 693 { 694 struct list_head *p; 695 u8 val = 0; 696 697 list_for_each(p, &hdev->uuids) { 698 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list); 699 700 val |= uuid->svc_hint; 701 } 702 703 return val; 704 } 705 706 static int update_class(struct hci_dev *hdev) 707 { 708 u8 cod[3]; 709 710 BT_DBG("%s", hdev->name); 711 712 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags)) 713 return 0; 714 715 cod[0] = hdev->minor_class; 716 cod[1] = hdev->major_class; 717 cod[2] = get_service_classes(hdev); 718 719 if (memcmp(cod, hdev->dev_class, 3) == 0) 720 return 0; 721 722 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod); 723 } 724 725 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 726 { 727 struct mgmt_cp_add_uuid *cp; 728 struct hci_dev *hdev; 729 struct bt_uuid *uuid; 730 int err; 731 732 cp = (void *) data; 733 734 BT_DBG("request for hci%u", index); 735 736 if (len != sizeof(*cp)) 737 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL); 738 739 hdev = hci_dev_get(index); 740 if (!hdev) 741 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV); 742 743 hci_dev_lock_bh(hdev); 744 745 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC); 746 if (!uuid) { 747 err = -ENOMEM; 748 goto failed; 749 } 750 751 memcpy(uuid->uuid, cp->uuid, 16); 752 uuid->svc_hint = cp->svc_hint; 753 754 list_add(&uuid->list, &hdev->uuids); 755 756 err = update_class(hdev); 757 if (err < 0) 758 goto failed; 759 760 err = update_eir(hdev); 761 if (err < 0) 762 goto failed; 763 764 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0); 765 766 failed: 767 hci_dev_unlock_bh(hdev); 768 hci_dev_put(hdev); 769 770 return err; 771 } 772 773 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len) 774 { 775 struct list_head *p, *n; 776 struct mgmt_cp_remove_uuid *cp; 777 struct hci_dev *hdev; 778 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 779 int err, found; 780 781 cp = (void *) data; 782 783 BT_DBG("request for hci%u", index); 784 785 if (len != sizeof(*cp)) 786 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL); 787 788 hdev = hci_dev_get(index); 789 if (!hdev) 790 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV); 791 792 hci_dev_lock_bh(hdev); 793 794 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) { 795 err = hci_uuids_clear(hdev); 796 goto unlock; 797 } 798 799 found = 0; 800 801 list_for_each_safe(p, n, &hdev->uuids) { 802 struct bt_uuid *match = list_entry(p, struct bt_uuid, list); 803 804 if (memcmp(match->uuid, cp->uuid, 16) != 0) 805 continue; 806 807 list_del(&match->list); 808 found++; 809 } 810 811 if (found == 0) { 812 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT); 813 goto unlock; 814 } 815 816 err = update_class(hdev); 817 if (err < 0) 818 goto unlock; 819 820 err = update_eir(hdev); 821 if (err < 0) 822 goto unlock; 823 824 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0); 825 826 unlock: 827 hci_dev_unlock_bh(hdev); 828 hci_dev_put(hdev); 829 830 return err; 831 } 832 833 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data, 834 u16 len) 835 { 836 struct hci_dev *hdev; 837 struct mgmt_cp_set_dev_class *cp; 838 int err; 839 840 cp = (void *) data; 841 842 BT_DBG("request for hci%u", index); 843 844 if (len != sizeof(*cp)) 845 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL); 846 847 hdev = hci_dev_get(index); 848 if (!hdev) 849 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV); 850 851 hci_dev_lock_bh(hdev); 852 853 hdev->major_class = cp->major; 854 hdev->minor_class = cp->minor; 855 856 err = update_class(hdev); 857 858 if (err == 0) 859 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0); 860 861 hci_dev_unlock_bh(hdev); 862 hci_dev_put(hdev); 863 864 return err; 865 } 866 867 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data, 868 u16 len) 869 { 870 struct hci_dev *hdev; 871 struct mgmt_cp_set_service_cache *cp; 872 int err; 873 874 cp = (void *) data; 875 876 if (len != sizeof(*cp)) 877 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL); 878 879 hdev = hci_dev_get(index); 880 if (!hdev) 881 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV); 882 883 hci_dev_lock_bh(hdev); 884 885 BT_DBG("hci%u enable %d", index, cp->enable); 886 887 if (cp->enable) { 888 set_bit(HCI_SERVICE_CACHE, &hdev->flags); 889 err = 0; 890 } else { 891 clear_bit(HCI_SERVICE_CACHE, &hdev->flags); 892 err = update_class(hdev); 893 if (err == 0) 894 err = update_eir(hdev); 895 } 896 897 if (err == 0) 898 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL, 899 0); 900 901 hci_dev_unlock_bh(hdev); 902 hci_dev_put(hdev); 903 904 return err; 905 } 906 907 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len) 908 { 909 struct hci_dev *hdev; 910 struct mgmt_cp_load_keys *cp; 911 u16 key_count, expected_len; 912 int i; 913 914 cp = (void *) data; 915 916 if (len < sizeof(*cp)) 917 return -EINVAL; 918 919 key_count = get_unaligned_le16(&cp->key_count); 920 921 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info); 922 if (expected_len != len) { 923 BT_ERR("load_keys: expected %u bytes, got %u bytes", 924 len, expected_len); 925 return -EINVAL; 926 } 927 928 hdev = hci_dev_get(index); 929 if (!hdev) 930 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV); 931 932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys, 933 key_count); 934 935 hci_dev_lock_bh(hdev); 936 937 hci_link_keys_clear(hdev); 938 939 set_bit(HCI_LINK_KEYS, &hdev->flags); 940 941 if (cp->debug_keys) 942 set_bit(HCI_DEBUG_KEYS, &hdev->flags); 943 else 944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags); 945 946 for (i = 0; i < key_count; i++) { 947 struct mgmt_key_info *key = &cp->keys[i]; 948 949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type, 950 key->pin_len); 951 } 952 953 hci_dev_unlock_bh(hdev); 954 hci_dev_put(hdev); 955 956 return 0; 957 } 958 959 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len) 960 { 961 struct hci_dev *hdev; 962 struct mgmt_cp_remove_key *cp; 963 struct hci_conn *conn; 964 int err; 965 966 cp = (void *) data; 967 968 if (len != sizeof(*cp)) 969 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL); 970 971 hdev = hci_dev_get(index); 972 if (!hdev) 973 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV); 974 975 hci_dev_lock_bh(hdev); 976 977 err = hci_remove_link_key(hdev, &cp->bdaddr); 978 if (err < 0) { 979 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err); 980 goto unlock; 981 } 982 983 err = 0; 984 985 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) 986 goto unlock; 987 988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 989 if (conn) { 990 struct hci_cp_disconnect dc; 991 992 put_unaligned_le16(conn->handle, &dc.handle); 993 dc.reason = 0x13; /* Remote User Terminated Connection */ 994 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 995 } 996 997 unlock: 998 hci_dev_unlock_bh(hdev); 999 hci_dev_put(hdev); 1000 1001 return err; 1002 } 1003 1004 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len) 1005 { 1006 struct hci_dev *hdev; 1007 struct mgmt_cp_disconnect *cp; 1008 struct hci_cp_disconnect dc; 1009 struct pending_cmd *cmd; 1010 struct hci_conn *conn; 1011 int err; 1012 1013 BT_DBG(""); 1014 1015 cp = (void *) data; 1016 1017 if (len != sizeof(*cp)) 1018 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL); 1019 1020 hdev = hci_dev_get(index); 1021 if (!hdev) 1022 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV); 1023 1024 hci_dev_lock_bh(hdev); 1025 1026 if (!test_bit(HCI_UP, &hdev->flags)) { 1027 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN); 1028 goto failed; 1029 } 1030 1031 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) { 1032 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY); 1033 goto failed; 1034 } 1035 1036 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1037 if (!conn) 1038 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr); 1039 1040 if (!conn) { 1041 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN); 1042 goto failed; 1043 } 1044 1045 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len); 1046 if (!cmd) { 1047 err = -ENOMEM; 1048 goto failed; 1049 } 1050 1051 put_unaligned_le16(conn->handle, &dc.handle); 1052 dc.reason = 0x13; /* Remote User Terminated Connection */ 1053 1054 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc); 1055 if (err < 0) 1056 mgmt_pending_remove(cmd); 1057 1058 failed: 1059 hci_dev_unlock_bh(hdev); 1060 hci_dev_put(hdev); 1061 1062 return err; 1063 } 1064 1065 static int get_connections(struct sock *sk, u16 index) 1066 { 1067 struct mgmt_rp_get_connections *rp; 1068 struct hci_dev *hdev; 1069 struct list_head *p; 1070 size_t rp_len; 1071 u16 count; 1072 int i, err; 1073 1074 BT_DBG(""); 1075 1076 hdev = hci_dev_get(index); 1077 if (!hdev) 1078 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV); 1079 1080 hci_dev_lock_bh(hdev); 1081 1082 count = 0; 1083 list_for_each(p, &hdev->conn_hash.list) { 1084 count++; 1085 } 1086 1087 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t)); 1088 rp = kmalloc(rp_len, GFP_ATOMIC); 1089 if (!rp) { 1090 err = -ENOMEM; 1091 goto unlock; 1092 } 1093 1094 put_unaligned_le16(count, &rp->conn_count); 1095 1096 i = 0; 1097 list_for_each(p, &hdev->conn_hash.list) { 1098 struct hci_conn *c = list_entry(p, struct hci_conn, list); 1099 1100 bacpy(&rp->conn[i++], &c->dst); 1101 } 1102 1103 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len); 1104 1105 unlock: 1106 kfree(rp); 1107 hci_dev_unlock_bh(hdev); 1108 hci_dev_put(hdev); 1109 return err; 1110 } 1111 1112 static int send_pin_code_neg_reply(struct sock *sk, u16 index, 1113 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) 1114 { 1115 struct pending_cmd *cmd; 1116 int err; 1117 1118 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp, 1119 sizeof(*cp)); 1120 if (!cmd) 1121 return -ENOMEM; 1122 1123 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), 1124 &cp->bdaddr); 1125 if (err < 0) 1126 mgmt_pending_remove(cmd); 1127 1128 return err; 1129 } 1130 1131 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, 1132 u16 len) 1133 { 1134 struct hci_dev *hdev; 1135 struct hci_conn *conn; 1136 struct mgmt_cp_pin_code_reply *cp; 1137 struct mgmt_cp_pin_code_neg_reply ncp; 1138 struct hci_cp_pin_code_reply reply; 1139 struct pending_cmd *cmd; 1140 int err; 1141 1142 BT_DBG(""); 1143 1144 cp = (void *) data; 1145 1146 if (len != sizeof(*cp)) 1147 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL); 1148 1149 hdev = hci_dev_get(index); 1150 if (!hdev) 1151 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV); 1152 1153 hci_dev_lock_bh(hdev); 1154 1155 if (!test_bit(HCI_UP, &hdev->flags)) { 1156 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN); 1157 goto failed; 1158 } 1159 1160 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); 1161 if (!conn) { 1162 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN); 1163 goto failed; 1164 } 1165 1166 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { 1167 bacpy(&ncp.bdaddr, &cp->bdaddr); 1168 1169 BT_ERR("PIN code is not 16 bytes long"); 1170 1171 err = send_pin_code_neg_reply(sk, index, hdev, &ncp); 1172 if (err >= 0) 1173 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, 1174 EINVAL); 1175 1176 goto failed; 1177 } 1178 1179 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len); 1180 if (!cmd) { 1181 err = -ENOMEM; 1182 goto failed; 1183 } 1184 1185 bacpy(&reply.bdaddr, &cp->bdaddr); 1186 reply.pin_len = cp->pin_len; 1187 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); 1188 1189 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); 1190 if (err < 0) 1191 mgmt_pending_remove(cmd); 1192 1193 failed: 1194 hci_dev_unlock_bh(hdev); 1195 hci_dev_put(hdev); 1196 1197 return err; 1198 } 1199 1200 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, 1201 u16 len) 1202 { 1203 struct hci_dev *hdev; 1204 struct mgmt_cp_pin_code_neg_reply *cp; 1205 int err; 1206 1207 BT_DBG(""); 1208 1209 cp = (void *) data; 1210 1211 if (len != sizeof(*cp)) 1212 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1213 EINVAL); 1214 1215 hdev = hci_dev_get(index); 1216 if (!hdev) 1217 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1218 ENODEV); 1219 1220 hci_dev_lock_bh(hdev); 1221 1222 if (!test_bit(HCI_UP, &hdev->flags)) { 1223 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, 1224 ENETDOWN); 1225 goto failed; 1226 } 1227 1228 err = send_pin_code_neg_reply(sk, index, hdev, cp); 1229 1230 failed: 1231 hci_dev_unlock_bh(hdev); 1232 hci_dev_put(hdev); 1233 1234 return err; 1235 } 1236 1237 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data, 1238 u16 len) 1239 { 1240 struct hci_dev *hdev; 1241 struct mgmt_cp_set_io_capability *cp; 1242 1243 BT_DBG(""); 1244 1245 cp = (void *) data; 1246 1247 if (len != sizeof(*cp)) 1248 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL); 1249 1250 hdev = hci_dev_get(index); 1251 if (!hdev) 1252 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV); 1253 1254 hci_dev_lock_bh(hdev); 1255 1256 hdev->io_capability = cp->io_capability; 1257 1258 BT_DBG("%s IO capability set to 0x%02x", hdev->name, 1259 hdev->io_capability); 1260 1261 hci_dev_unlock_bh(hdev); 1262 hci_dev_put(hdev); 1263 1264 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0); 1265 } 1266 1267 static inline struct pending_cmd *find_pairing(struct hci_conn *conn) 1268 { 1269 struct hci_dev *hdev = conn->hdev; 1270 struct list_head *p; 1271 1272 list_for_each(p, &cmd_list) { 1273 struct pending_cmd *cmd; 1274 1275 cmd = list_entry(p, struct pending_cmd, list); 1276 1277 if (cmd->opcode != MGMT_OP_PAIR_DEVICE) 1278 continue; 1279 1280 if (cmd->index != hdev->id) 1281 continue; 1282 1283 if (cmd->user_data != conn) 1284 continue; 1285 1286 return cmd; 1287 } 1288 1289 return NULL; 1290 } 1291 1292 static void pairing_complete(struct pending_cmd *cmd, u8 status) 1293 { 1294 struct mgmt_rp_pair_device rp; 1295 struct hci_conn *conn = cmd->user_data; 1296 1297 bacpy(&rp.bdaddr, &conn->dst); 1298 rp.status = status; 1299 1300 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp)); 1301 1302 /* So we don't get further callbacks for this connection */ 1303 conn->connect_cfm_cb = NULL; 1304 conn->security_cfm_cb = NULL; 1305 conn->disconn_cfm_cb = NULL; 1306 1307 hci_conn_put(conn); 1308 1309 mgmt_pending_remove(cmd); 1310 } 1311 1312 static void pairing_complete_cb(struct hci_conn *conn, u8 status) 1313 { 1314 struct pending_cmd *cmd; 1315 1316 BT_DBG("status %u", status); 1317 1318 cmd = find_pairing(conn); 1319 if (!cmd) { 1320 BT_DBG("Unable to find a pending command"); 1321 return; 1322 } 1323 1324 pairing_complete(cmd, status); 1325 } 1326 1327 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len) 1328 { 1329 struct hci_dev *hdev; 1330 struct mgmt_cp_pair_device *cp; 1331 struct pending_cmd *cmd; 1332 struct adv_entry *entry; 1333 u8 sec_level, auth_type; 1334 struct hci_conn *conn; 1335 int err; 1336 1337 BT_DBG(""); 1338 1339 cp = (void *) data; 1340 1341 if (len != sizeof(*cp)) 1342 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL); 1343 1344 hdev = hci_dev_get(index); 1345 if (!hdev) 1346 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV); 1347 1348 hci_dev_lock_bh(hdev); 1349 1350 sec_level = BT_SECURITY_MEDIUM; 1351 if (cp->io_cap == 0x03) 1352 auth_type = HCI_AT_DEDICATED_BONDING; 1353 else 1354 auth_type = HCI_AT_DEDICATED_BONDING_MITM; 1355 1356 entry = hci_find_adv_entry(hdev, &cp->bdaddr); 1357 if (entry) 1358 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level, 1359 auth_type); 1360 else 1361 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, 1362 auth_type); 1363 1364 if (IS_ERR(conn)) { 1365 err = PTR_ERR(conn); 1366 goto unlock; 1367 } 1368 1369 if (conn->connect_cfm_cb) { 1370 hci_conn_put(conn); 1371 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY); 1372 goto unlock; 1373 } 1374 1375 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len); 1376 if (!cmd) { 1377 err = -ENOMEM; 1378 hci_conn_put(conn); 1379 goto unlock; 1380 } 1381 1382 /* For LE, just connecting isn't a proof that the pairing finished */ 1383 if (!entry) 1384 conn->connect_cfm_cb = pairing_complete_cb; 1385 1386 conn->security_cfm_cb = pairing_complete_cb; 1387 conn->disconn_cfm_cb = pairing_complete_cb; 1388 conn->io_capability = cp->io_cap; 1389 cmd->user_data = conn; 1390 1391 if (conn->state == BT_CONNECTED && 1392 hci_conn_security(conn, sec_level, auth_type)) 1393 pairing_complete(cmd, 0); 1394 1395 err = 0; 1396 1397 unlock: 1398 hci_dev_unlock_bh(hdev); 1399 hci_dev_put(hdev); 1400 1401 return err; 1402 } 1403 1404 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data, 1405 u16 len, int success) 1406 { 1407 struct mgmt_cp_user_confirm_reply *cp = (void *) data; 1408 u16 mgmt_op, hci_op; 1409 struct pending_cmd *cmd; 1410 struct hci_dev *hdev; 1411 int err; 1412 1413 BT_DBG(""); 1414 1415 if (success) { 1416 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY; 1417 hci_op = HCI_OP_USER_CONFIRM_REPLY; 1418 } else { 1419 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY; 1420 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY; 1421 } 1422 1423 if (len != sizeof(*cp)) 1424 return cmd_status(sk, index, mgmt_op, EINVAL); 1425 1426 hdev = hci_dev_get(index); 1427 if (!hdev) 1428 return cmd_status(sk, index, mgmt_op, ENODEV); 1429 1430 hci_dev_lock_bh(hdev); 1431 1432 if (!test_bit(HCI_UP, &hdev->flags)) { 1433 err = cmd_status(sk, index, mgmt_op, ENETDOWN); 1434 goto failed; 1435 } 1436 1437 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len); 1438 if (!cmd) { 1439 err = -ENOMEM; 1440 goto failed; 1441 } 1442 1443 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr); 1444 if (err < 0) 1445 mgmt_pending_remove(cmd); 1446 1447 failed: 1448 hci_dev_unlock_bh(hdev); 1449 hci_dev_put(hdev); 1450 1451 return err; 1452 } 1453 1454 static int set_local_name(struct sock *sk, u16 index, unsigned char *data, 1455 u16 len) 1456 { 1457 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data; 1458 struct hci_cp_write_local_name hci_cp; 1459 struct hci_dev *hdev; 1460 struct pending_cmd *cmd; 1461 int err; 1462 1463 BT_DBG(""); 1464 1465 if (len != sizeof(*mgmt_cp)) 1466 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL); 1467 1468 hdev = hci_dev_get(index); 1469 if (!hdev) 1470 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV); 1471 1472 hci_dev_lock_bh(hdev); 1473 1474 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len); 1475 if (!cmd) { 1476 err = -ENOMEM; 1477 goto failed; 1478 } 1479 1480 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name)); 1481 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp), 1482 &hci_cp); 1483 if (err < 0) 1484 mgmt_pending_remove(cmd); 1485 1486 failed: 1487 hci_dev_unlock_bh(hdev); 1488 hci_dev_put(hdev); 1489 1490 return err; 1491 } 1492 1493 static int read_local_oob_data(struct sock *sk, u16 index) 1494 { 1495 struct hci_dev *hdev; 1496 struct pending_cmd *cmd; 1497 int err; 1498 1499 BT_DBG("hci%u", index); 1500 1501 hdev = hci_dev_get(index); 1502 if (!hdev) 1503 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1504 ENODEV); 1505 1506 hci_dev_lock_bh(hdev); 1507 1508 if (!test_bit(HCI_UP, &hdev->flags)) { 1509 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1510 ENETDOWN); 1511 goto unlock; 1512 } 1513 1514 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) { 1515 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 1516 EOPNOTSUPP); 1517 goto unlock; 1518 } 1519 1520 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) { 1521 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY); 1522 goto unlock; 1523 } 1524 1525 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0); 1526 if (!cmd) { 1527 err = -ENOMEM; 1528 goto unlock; 1529 } 1530 1531 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL); 1532 if (err < 0) 1533 mgmt_pending_remove(cmd); 1534 1535 unlock: 1536 hci_dev_unlock_bh(hdev); 1537 hci_dev_put(hdev); 1538 1539 return err; 1540 } 1541 1542 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data, 1543 u16 len) 1544 { 1545 struct hci_dev *hdev; 1546 struct mgmt_cp_add_remote_oob_data *cp = (void *) data; 1547 int err; 1548 1549 BT_DBG("hci%u ", index); 1550 1551 if (len != sizeof(*cp)) 1552 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1553 EINVAL); 1554 1555 hdev = hci_dev_get(index); 1556 if (!hdev) 1557 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, 1558 ENODEV); 1559 1560 hci_dev_lock_bh(hdev); 1561 1562 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash, 1563 cp->randomizer); 1564 if (err < 0) 1565 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err); 1566 else 1567 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL, 1568 0); 1569 1570 hci_dev_unlock_bh(hdev); 1571 hci_dev_put(hdev); 1572 1573 return err; 1574 } 1575 1576 static int remove_remote_oob_data(struct sock *sk, u16 index, 1577 unsigned char *data, u16 len) 1578 { 1579 struct hci_dev *hdev; 1580 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data; 1581 int err; 1582 1583 BT_DBG("hci%u ", index); 1584 1585 if (len != sizeof(*cp)) 1586 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1587 EINVAL); 1588 1589 hdev = hci_dev_get(index); 1590 if (!hdev) 1591 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1592 ENODEV); 1593 1594 hci_dev_lock_bh(hdev); 1595 1596 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr); 1597 if (err < 0) 1598 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1599 -err); 1600 else 1601 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, 1602 NULL, 0); 1603 1604 hci_dev_unlock_bh(hdev); 1605 hci_dev_put(hdev); 1606 1607 return err; 1608 } 1609 1610 static int start_discovery(struct sock *sk, u16 index) 1611 { 1612 u8 lap[3] = { 0x33, 0x8b, 0x9e }; 1613 struct hci_cp_inquiry cp; 1614 struct pending_cmd *cmd; 1615 struct hci_dev *hdev; 1616 int err; 1617 1618 BT_DBG("hci%u", index); 1619 1620 hdev = hci_dev_get(index); 1621 if (!hdev) 1622 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV); 1623 1624 hci_dev_lock_bh(hdev); 1625 1626 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0); 1627 if (!cmd) { 1628 err = -ENOMEM; 1629 goto failed; 1630 } 1631 1632 memset(&cp, 0, sizeof(cp)); 1633 memcpy(&cp.lap, lap, 3); 1634 cp.length = 0x08; 1635 cp.num_rsp = 0x00; 1636 1637 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp); 1638 if (err < 0) 1639 mgmt_pending_remove(cmd); 1640 1641 failed: 1642 hci_dev_unlock_bh(hdev); 1643 hci_dev_put(hdev); 1644 1645 return err; 1646 } 1647 1648 static int stop_discovery(struct sock *sk, u16 index) 1649 { 1650 struct hci_dev *hdev; 1651 struct pending_cmd *cmd; 1652 int err; 1653 1654 BT_DBG("hci%u", index); 1655 1656 hdev = hci_dev_get(index); 1657 if (!hdev) 1658 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV); 1659 1660 hci_dev_lock_bh(hdev); 1661 1662 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0); 1663 if (!cmd) { 1664 err = -ENOMEM; 1665 goto failed; 1666 } 1667 1668 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL); 1669 if (err < 0) 1670 mgmt_pending_remove(cmd); 1671 1672 failed: 1673 hci_dev_unlock_bh(hdev); 1674 hci_dev_put(hdev); 1675 1676 return err; 1677 } 1678 1679 static int block_device(struct sock *sk, u16 index, unsigned char *data, 1680 u16 len) 1681 { 1682 struct hci_dev *hdev; 1683 struct pending_cmd *cmd; 1684 struct mgmt_cp_block_device *cp = (void *) data; 1685 int err; 1686 1687 BT_DBG("hci%u", index); 1688 1689 if (len != sizeof(*cp)) 1690 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1691 EINVAL); 1692 1693 hdev = hci_dev_get(index); 1694 if (!hdev) 1695 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, 1696 ENODEV); 1697 1698 hci_dev_lock_bh(hdev); 1699 1700 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0); 1701 if (!cmd) { 1702 err = -ENOMEM; 1703 goto failed; 1704 } 1705 1706 err = hci_blacklist_add(hdev, &cp->bdaddr); 1707 1708 if (err < 0) 1709 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err); 1710 else 1711 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, 1712 NULL, 0); 1713 1714 mgmt_pending_remove(cmd); 1715 1716 failed: 1717 hci_dev_unlock_bh(hdev); 1718 hci_dev_put(hdev); 1719 1720 return err; 1721 } 1722 1723 static int unblock_device(struct sock *sk, u16 index, unsigned char *data, 1724 u16 len) 1725 { 1726 struct hci_dev *hdev; 1727 struct pending_cmd *cmd; 1728 struct mgmt_cp_unblock_device *cp = (void *) data; 1729 int err; 1730 1731 BT_DBG("hci%u", index); 1732 1733 if (len != sizeof(*cp)) 1734 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1735 EINVAL); 1736 1737 hdev = hci_dev_get(index); 1738 if (!hdev) 1739 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1740 ENODEV); 1741 1742 hci_dev_lock_bh(hdev); 1743 1744 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0); 1745 if (!cmd) { 1746 err = -ENOMEM; 1747 goto failed; 1748 } 1749 1750 err = hci_blacklist_del(hdev, &cp->bdaddr); 1751 1752 if (err < 0) 1753 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err); 1754 else 1755 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, 1756 NULL, 0); 1757 1758 mgmt_pending_remove(cmd); 1759 1760 failed: 1761 hci_dev_unlock_bh(hdev); 1762 hci_dev_put(hdev); 1763 1764 return err; 1765 } 1766 1767 static int set_fast_connectable(struct sock *sk, u16 index, 1768 unsigned char *data, u16 len) 1769 { 1770 struct hci_dev *hdev; 1771 struct mgmt_cp_set_fast_connectable *cp = (void *) data; 1772 struct hci_cp_write_page_scan_activity acp; 1773 u8 type; 1774 int err; 1775 1776 BT_DBG("hci%u", index); 1777 1778 if (len != sizeof(*cp)) 1779 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1780 EINVAL); 1781 1782 hdev = hci_dev_get(index); 1783 if (!hdev) 1784 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1785 ENODEV); 1786 1787 hci_dev_lock(hdev); 1788 1789 if (cp->enable) { 1790 type = PAGE_SCAN_TYPE_INTERLACED; 1791 acp.interval = 0x0024; /* 22.5 msec page scan interval */ 1792 } else { 1793 type = PAGE_SCAN_TYPE_STANDARD; /* default */ 1794 acp.interval = 0x0800; /* default 1.28 sec page scan */ 1795 } 1796 1797 acp.window = 0x0012; /* default 11.25 msec page scan window */ 1798 1799 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, 1800 sizeof(acp), &acp); 1801 if (err < 0) { 1802 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1803 -err); 1804 goto done; 1805 } 1806 1807 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type); 1808 if (err < 0) { 1809 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1810 -err); 1811 goto done; 1812 } 1813 1814 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 1815 NULL, 0); 1816 done: 1817 hci_dev_unlock(hdev); 1818 hci_dev_put(hdev); 1819 1820 return err; 1821 } 1822 1823 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 1824 { 1825 unsigned char *buf; 1826 struct mgmt_hdr *hdr; 1827 u16 opcode, index, len; 1828 int err; 1829 1830 BT_DBG("got %zu bytes", msglen); 1831 1832 if (msglen < sizeof(*hdr)) 1833 return -EINVAL; 1834 1835 buf = kmalloc(msglen, GFP_KERNEL); 1836 if (!buf) 1837 return -ENOMEM; 1838 1839 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) { 1840 err = -EFAULT; 1841 goto done; 1842 } 1843 1844 hdr = (struct mgmt_hdr *) buf; 1845 opcode = get_unaligned_le16(&hdr->opcode); 1846 index = get_unaligned_le16(&hdr->index); 1847 len = get_unaligned_le16(&hdr->len); 1848 1849 if (len != msglen - sizeof(*hdr)) { 1850 err = -EINVAL; 1851 goto done; 1852 } 1853 1854 switch (opcode) { 1855 case MGMT_OP_READ_VERSION: 1856 err = read_version(sk); 1857 break; 1858 case MGMT_OP_READ_INDEX_LIST: 1859 err = read_index_list(sk); 1860 break; 1861 case MGMT_OP_READ_INFO: 1862 err = read_controller_info(sk, index); 1863 break; 1864 case MGMT_OP_SET_POWERED: 1865 err = set_powered(sk, index, buf + sizeof(*hdr), len); 1866 break; 1867 case MGMT_OP_SET_DISCOVERABLE: 1868 err = set_discoverable(sk, index, buf + sizeof(*hdr), len); 1869 break; 1870 case MGMT_OP_SET_CONNECTABLE: 1871 err = set_connectable(sk, index, buf + sizeof(*hdr), len); 1872 break; 1873 case MGMT_OP_SET_PAIRABLE: 1874 err = set_pairable(sk, index, buf + sizeof(*hdr), len); 1875 break; 1876 case MGMT_OP_ADD_UUID: 1877 err = add_uuid(sk, index, buf + sizeof(*hdr), len); 1878 break; 1879 case MGMT_OP_REMOVE_UUID: 1880 err = remove_uuid(sk, index, buf + sizeof(*hdr), len); 1881 break; 1882 case MGMT_OP_SET_DEV_CLASS: 1883 err = set_dev_class(sk, index, buf + sizeof(*hdr), len); 1884 break; 1885 case MGMT_OP_SET_SERVICE_CACHE: 1886 err = set_service_cache(sk, index, buf + sizeof(*hdr), len); 1887 break; 1888 case MGMT_OP_LOAD_KEYS: 1889 err = load_keys(sk, index, buf + sizeof(*hdr), len); 1890 break; 1891 case MGMT_OP_REMOVE_KEY: 1892 err = remove_key(sk, index, buf + sizeof(*hdr), len); 1893 break; 1894 case MGMT_OP_DISCONNECT: 1895 err = disconnect(sk, index, buf + sizeof(*hdr), len); 1896 break; 1897 case MGMT_OP_GET_CONNECTIONS: 1898 err = get_connections(sk, index); 1899 break; 1900 case MGMT_OP_PIN_CODE_REPLY: 1901 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len); 1902 break; 1903 case MGMT_OP_PIN_CODE_NEG_REPLY: 1904 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len); 1905 break; 1906 case MGMT_OP_SET_IO_CAPABILITY: 1907 err = set_io_capability(sk, index, buf + sizeof(*hdr), len); 1908 break; 1909 case MGMT_OP_PAIR_DEVICE: 1910 err = pair_device(sk, index, buf + sizeof(*hdr), len); 1911 break; 1912 case MGMT_OP_USER_CONFIRM_REPLY: 1913 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1); 1914 break; 1915 case MGMT_OP_USER_CONFIRM_NEG_REPLY: 1916 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0); 1917 break; 1918 case MGMT_OP_SET_LOCAL_NAME: 1919 err = set_local_name(sk, index, buf + sizeof(*hdr), len); 1920 break; 1921 case MGMT_OP_READ_LOCAL_OOB_DATA: 1922 err = read_local_oob_data(sk, index); 1923 break; 1924 case MGMT_OP_ADD_REMOTE_OOB_DATA: 1925 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len); 1926 break; 1927 case MGMT_OP_REMOVE_REMOTE_OOB_DATA: 1928 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr), 1929 len); 1930 break; 1931 case MGMT_OP_START_DISCOVERY: 1932 err = start_discovery(sk, index); 1933 break; 1934 case MGMT_OP_STOP_DISCOVERY: 1935 err = stop_discovery(sk, index); 1936 break; 1937 case MGMT_OP_BLOCK_DEVICE: 1938 err = block_device(sk, index, buf + sizeof(*hdr), len); 1939 break; 1940 case MGMT_OP_UNBLOCK_DEVICE: 1941 err = unblock_device(sk, index, buf + sizeof(*hdr), len); 1942 break; 1943 case MGMT_OP_SET_FAST_CONNECTABLE: 1944 err = set_fast_connectable(sk, index, buf + sizeof(*hdr), 1945 len); 1946 break; 1947 default: 1948 BT_DBG("Unknown op %u", opcode); 1949 err = cmd_status(sk, index, opcode, 0x01); 1950 break; 1951 } 1952 1953 if (err < 0) 1954 goto done; 1955 1956 err = msglen; 1957 1958 done: 1959 kfree(buf); 1960 return err; 1961 } 1962 1963 int mgmt_index_added(u16 index) 1964 { 1965 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL); 1966 } 1967 1968 int mgmt_index_removed(u16 index) 1969 { 1970 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL); 1971 } 1972 1973 struct cmd_lookup { 1974 u8 val; 1975 struct sock *sk; 1976 }; 1977 1978 static void mode_rsp(struct pending_cmd *cmd, void *data) 1979 { 1980 struct mgmt_mode *cp = cmd->param; 1981 struct cmd_lookup *match = data; 1982 1983 if (cp->val != match->val) 1984 return; 1985 1986 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val); 1987 1988 list_del(&cmd->list); 1989 1990 if (match->sk == NULL) { 1991 match->sk = cmd->sk; 1992 sock_hold(match->sk); 1993 } 1994 1995 mgmt_pending_free(cmd); 1996 } 1997 1998 int mgmt_powered(u16 index, u8 powered) 1999 { 2000 struct mgmt_mode ev; 2001 struct cmd_lookup match = { powered, NULL }; 2002 int ret; 2003 2004 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match); 2005 2006 ev.val = powered; 2007 2008 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk); 2009 2010 if (match.sk) 2011 sock_put(match.sk); 2012 2013 return ret; 2014 } 2015 2016 int mgmt_discoverable(u16 index, u8 discoverable) 2017 { 2018 struct mgmt_mode ev; 2019 struct cmd_lookup match = { discoverable, NULL }; 2020 int ret; 2021 2022 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match); 2023 2024 ev.val = discoverable; 2025 2026 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev), 2027 match.sk); 2028 2029 if (match.sk) 2030 sock_put(match.sk); 2031 2032 return ret; 2033 } 2034 2035 int mgmt_connectable(u16 index, u8 connectable) 2036 { 2037 struct mgmt_mode ev; 2038 struct cmd_lookup match = { connectable, NULL }; 2039 int ret; 2040 2041 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match); 2042 2043 ev.val = connectable; 2044 2045 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk); 2046 2047 if (match.sk) 2048 sock_put(match.sk); 2049 2050 return ret; 2051 } 2052 2053 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent) 2054 { 2055 struct mgmt_ev_new_key ev; 2056 2057 memset(&ev, 0, sizeof(ev)); 2058 2059 ev.store_hint = persistent; 2060 bacpy(&ev.key.bdaddr, &key->bdaddr); 2061 ev.key.type = key->type; 2062 memcpy(ev.key.val, key->val, 16); 2063 ev.key.pin_len = key->pin_len; 2064 2065 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL); 2066 } 2067 2068 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type) 2069 { 2070 struct mgmt_ev_connected ev; 2071 2072 bacpy(&ev.bdaddr, bdaddr); 2073 ev.link_type = link_type; 2074 2075 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL); 2076 } 2077 2078 static void disconnect_rsp(struct pending_cmd *cmd, void *data) 2079 { 2080 struct mgmt_cp_disconnect *cp = cmd->param; 2081 struct sock **sk = data; 2082 struct mgmt_rp_disconnect rp; 2083 2084 bacpy(&rp.bdaddr, &cp->bdaddr); 2085 2086 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp)); 2087 2088 *sk = cmd->sk; 2089 sock_hold(*sk); 2090 2091 mgmt_pending_remove(cmd); 2092 } 2093 2094 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr) 2095 { 2096 struct mgmt_ev_disconnected ev; 2097 struct sock *sk = NULL; 2098 int err; 2099 2100 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk); 2101 2102 bacpy(&ev.bdaddr, bdaddr); 2103 2104 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk); 2105 2106 if (sk) 2107 sock_put(sk); 2108 2109 return err; 2110 } 2111 2112 int mgmt_disconnect_failed(u16 index) 2113 { 2114 struct pending_cmd *cmd; 2115 int err; 2116 2117 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index); 2118 if (!cmd) 2119 return -ENOENT; 2120 2121 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO); 2122 2123 mgmt_pending_remove(cmd); 2124 2125 return err; 2126 } 2127 2128 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status) 2129 { 2130 struct mgmt_ev_connect_failed ev; 2131 2132 bacpy(&ev.bdaddr, bdaddr); 2133 ev.status = status; 2134 2135 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL); 2136 } 2137 2138 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure) 2139 { 2140 struct mgmt_ev_pin_code_request ev; 2141 2142 bacpy(&ev.bdaddr, bdaddr); 2143 ev.secure = secure; 2144 2145 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev), 2146 NULL); 2147 } 2148 2149 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2150 { 2151 struct pending_cmd *cmd; 2152 struct mgmt_rp_pin_code_reply rp; 2153 int err; 2154 2155 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index); 2156 if (!cmd) 2157 return -ENOENT; 2158 2159 bacpy(&rp.bdaddr, bdaddr); 2160 rp.status = status; 2161 2162 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp, 2163 sizeof(rp)); 2164 2165 mgmt_pending_remove(cmd); 2166 2167 return err; 2168 } 2169 2170 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2171 { 2172 struct pending_cmd *cmd; 2173 struct mgmt_rp_pin_code_reply rp; 2174 int err; 2175 2176 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index); 2177 if (!cmd) 2178 return -ENOENT; 2179 2180 bacpy(&rp.bdaddr, bdaddr); 2181 rp.status = status; 2182 2183 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp, 2184 sizeof(rp)); 2185 2186 mgmt_pending_remove(cmd); 2187 2188 return err; 2189 } 2190 2191 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value, 2192 u8 confirm_hint) 2193 { 2194 struct mgmt_ev_user_confirm_request ev; 2195 2196 BT_DBG("hci%u", index); 2197 2198 bacpy(&ev.bdaddr, bdaddr); 2199 ev.confirm_hint = confirm_hint; 2200 put_unaligned_le32(value, &ev.value); 2201 2202 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev), 2203 NULL); 2204 } 2205 2206 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status, 2207 u8 opcode) 2208 { 2209 struct pending_cmd *cmd; 2210 struct mgmt_rp_user_confirm_reply rp; 2211 int err; 2212 2213 cmd = mgmt_pending_find(opcode, index); 2214 if (!cmd) 2215 return -ENOENT; 2216 2217 bacpy(&rp.bdaddr, bdaddr); 2218 rp.status = status; 2219 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp)); 2220 2221 mgmt_pending_remove(cmd); 2222 2223 return err; 2224 } 2225 2226 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2227 { 2228 return confirm_reply_complete(index, bdaddr, status, 2229 MGMT_OP_USER_CONFIRM_REPLY); 2230 } 2231 2232 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status) 2233 { 2234 return confirm_reply_complete(index, bdaddr, status, 2235 MGMT_OP_USER_CONFIRM_NEG_REPLY); 2236 } 2237 2238 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status) 2239 { 2240 struct mgmt_ev_auth_failed ev; 2241 2242 bacpy(&ev.bdaddr, bdaddr); 2243 ev.status = status; 2244 2245 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL); 2246 } 2247 2248 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status) 2249 { 2250 struct pending_cmd *cmd; 2251 struct hci_dev *hdev; 2252 struct mgmt_cp_set_local_name ev; 2253 int err; 2254 2255 memset(&ev, 0, sizeof(ev)); 2256 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2257 2258 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index); 2259 if (!cmd) 2260 goto send_event; 2261 2262 if (status) { 2263 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO); 2264 goto failed; 2265 } 2266 2267 hdev = hci_dev_get(index); 2268 if (hdev) { 2269 hci_dev_lock_bh(hdev); 2270 update_eir(hdev); 2271 hci_dev_unlock_bh(hdev); 2272 hci_dev_put(hdev); 2273 } 2274 2275 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev, 2276 sizeof(ev)); 2277 if (err < 0) 2278 goto failed; 2279 2280 send_event: 2281 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev), 2282 cmd ? cmd->sk : NULL); 2283 2284 failed: 2285 if (cmd) 2286 mgmt_pending_remove(cmd); 2287 return err; 2288 } 2289 2290 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer, 2291 u8 status) 2292 { 2293 struct pending_cmd *cmd; 2294 int err; 2295 2296 BT_DBG("hci%u status %u", index, status); 2297 2298 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index); 2299 if (!cmd) 2300 return -ENOENT; 2301 2302 if (status) { 2303 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2304 EIO); 2305 } else { 2306 struct mgmt_rp_read_local_oob_data rp; 2307 2308 memcpy(rp.hash, hash, sizeof(rp.hash)); 2309 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer)); 2310 2311 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, 2312 &rp, sizeof(rp)); 2313 } 2314 2315 mgmt_pending_remove(cmd); 2316 2317 return err; 2318 } 2319 2320 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi, 2321 u8 *eir) 2322 { 2323 struct mgmt_ev_device_found ev; 2324 2325 memset(&ev, 0, sizeof(ev)); 2326 2327 bacpy(&ev.bdaddr, bdaddr); 2328 ev.rssi = rssi; 2329 2330 if (eir) 2331 memcpy(ev.eir, eir, sizeof(ev.eir)); 2332 2333 if (dev_class) 2334 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class)); 2335 2336 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL); 2337 } 2338 2339 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name) 2340 { 2341 struct mgmt_ev_remote_name ev; 2342 2343 memset(&ev, 0, sizeof(ev)); 2344 2345 bacpy(&ev.bdaddr, bdaddr); 2346 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH); 2347 2348 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL); 2349 } 2350 2351 int mgmt_discovering(u16 index, u8 discovering) 2352 { 2353 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering, 2354 sizeof(discovering), NULL); 2355 } 2356 2357 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr) 2358 { 2359 struct pending_cmd *cmd; 2360 struct mgmt_ev_device_blocked ev; 2361 2362 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index); 2363 2364 bacpy(&ev.bdaddr, bdaddr); 2365 2366 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev), 2367 cmd ? cmd->sk : NULL); 2368 } 2369 2370 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr) 2371 { 2372 struct pending_cmd *cmd; 2373 struct mgmt_ev_device_unblocked ev; 2374 2375 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index); 2376 2377 bacpy(&ev.bdaddr, bdaddr); 2378 2379 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev), 2380 cmd ? cmd->sk : NULL); 2381 } 2382