projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix mgmt response when adapter goes down or is removed
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
34
35 struct pending_cmd {
36 struct list_head list;
37 __u16 opcode;
38 int index;
39 void *param;
40 struct sock *sk;
41 void *user_data;
42 };
43
44 static LIST_HEAD(cmd_list);
45
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47 {
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
51 int err;
52
53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
54
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
56 if (!skb)
57 return -ENOMEM;
58
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
60
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
62 hdr->index = cpu_to_le16(index);
63 hdr->len = cpu_to_le16(sizeof(*ev));
64
65 ev = (void *) skb_put(skb, sizeof(*ev));
66 ev->status = status;
67 put_unaligned_le16(cmd, &ev->opcode);
68
69 err = sock_queue_rcv_skb(sk, skb);
70 if (err < 0)
71 kfree_skb(skb);
72
73 return err;
74 }
75
76 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
77 size_t rp_len)
78 {
79 struct sk_buff *skb;
80 struct mgmt_hdr *hdr;
81 struct mgmt_ev_cmd_complete *ev;
82 int err;
83
84 BT_DBG("sock %p", sk);
85
86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
87 if (!skb)
88 return -ENOMEM;
89
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
91
92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
93 hdr->index = cpu_to_le16(index);
94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
95
96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
98
99 if (rp)
100 memcpy(ev->data, rp, rp_len);
101
102 err = sock_queue_rcv_skb(sk, skb);
103 if (err < 0)
104 kfree_skb(skb);
105
106 return err;;
107 }
108
109 static int read_version(struct sock *sk)
110 {
111 struct mgmt_rp_read_version rp;
112
113 BT_DBG("sock %p", sk);
114
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
117
118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
119 sizeof(rp));
120 }
121
122 static int read_index_list(struct sock *sk)
123 {
124 struct mgmt_rp_read_index_list *rp;
125 struct list_head *p;
126 struct hci_dev *d;
127 size_t rp_len;
128 u16 count;
129 int i, err;
130
131 BT_DBG("sock %p", sk);
132
133 read_lock(&hci_dev_list_lock);
134
135 count = 0;
136 list_for_each(p, &hci_dev_list) {
137 count++;
138 }
139
140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
142 if (!rp) {
143 read_unlock(&hci_dev_list_lock);
144 return -ENOMEM;
145 }
146
147 put_unaligned_le16(count, &rp->num_controllers);
148
149 i = 0;
150 list_for_each_entry(d, &hci_dev_list, list) {
151 hci_del_off_timer(d);
152
153 if (test_bit(HCI_SETUP, &d->flags))
154 continue;
155
156 put_unaligned_le16(d->id, &rp->index[i++]);
157 BT_DBG("Added hci%u", d->id);
158 }
159
160 read_unlock(&hci_dev_list_lock);
161
162 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
163 rp_len);
164
165 kfree(rp);
166
167 return err;
168 }
169
170 static int read_controller_info(struct sock *sk, u16 index)
171 {
172 struct mgmt_rp_read_info rp;
173 struct hci_dev *hdev;
174
175 BT_DBG("sock %p hci%u", sk, index);
176
177 hdev = hci_dev_get(index);
178 if (!hdev)
179 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
180
181 hci_del_off_timer(hdev);
182
183 hci_dev_lock_bh(hdev);
184
185 set_bit(HCI_MGMT, &hdev->flags);
186
187 memset(&rp, 0, sizeof(rp));
188
189 rp.type = hdev->dev_type;
190
191 rp.powered = test_bit(HCI_UP, &hdev->flags);
192 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
193 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
194 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
195
196 if (test_bit(HCI_AUTH, &hdev->flags))
197 rp.sec_mode = 3;
198 else if (hdev->ssp_mode > 0)
199 rp.sec_mode = 4;
200 else
201 rp.sec_mode = 2;
202
203 bacpy(&rp.bdaddr, &hdev->bdaddr);
204 memcpy(rp.features, hdev->features, 8);
205 memcpy(rp.dev_class, hdev->dev_class, 3);
206 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
207 rp.hci_ver = hdev->hci_ver;
208 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
209
210 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
211
212 hci_dev_unlock_bh(hdev);
213 hci_dev_put(hdev);
214
215 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
216 }
217
218 static void mgmt_pending_free(struct pending_cmd *cmd)
219 {
220 sock_put(cmd->sk);
221 kfree(cmd->param);
222 kfree(cmd);
223 }
224
225 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
226 u16 index, void *data, u16 len)
227 {
228 struct pending_cmd *cmd;
229
230 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
231 if (!cmd)
232 return NULL;
233
234 cmd->opcode = opcode;
235 cmd->index = index;
236
237 cmd->param = kmalloc(len, GFP_ATOMIC);
238 if (!cmd->param) {
239 kfree(cmd);
240 return NULL;
241 }
242
243 if (data)
244 memcpy(cmd->param, data, len);
245
246 cmd->sk = sk;
247 sock_hold(sk);
248
249 list_add(&cmd->list, &cmd_list);
250
251 return cmd;
252 }
253
254 static void mgmt_pending_foreach(u16 opcode, int index,
255 void (*cb)(struct pending_cmd *cmd, void *data),
256 void *data)
257 {
258 struct list_head *p, *n;
259
260 list_for_each_safe(p, n, &cmd_list) {
261 struct pending_cmd *cmd;
262
263 cmd = list_entry(p, struct pending_cmd, list);
264
265 if (opcode > 0 && cmd->opcode != opcode)
266 continue;
267
268 if (index >= 0 && cmd->index != index)
269 continue;
270
271 cb(cmd, data);
272 }
273 }
274
275 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
276 {
277 struct pending_cmd *cmd;
278
279 list_for_each_entry(cmd, &cmd_list, list) {
280 if (cmd->opcode != opcode)
281 continue;
282
283 if (index >= 0 && cmd->index != index)
284 continue;
285
286 return cmd;
287 }
288
289 return NULL;
290 }
291
292 static void mgmt_pending_remove(struct pending_cmd *cmd)
293 {
294 list_del(&cmd->list);
295 mgmt_pending_free(cmd);
296 }
297
298 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
299 {
300 struct mgmt_mode *cp;
301 struct hci_dev *hdev;
302 struct pending_cmd *cmd;
303 int err, up;
304
305 cp = (void *) data;
306
307 BT_DBG("request for hci%u", index);
308
309 if (len != sizeof(*cp))
310 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
311
312 hdev = hci_dev_get(index);
313 if (!hdev)
314 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
315
316 hci_dev_lock_bh(hdev);
317
318 up = test_bit(HCI_UP, &hdev->flags);
319 if ((cp->val && up) || (!cp->val && !up)) {
320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
321 goto failed;
322 }
323
324 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
325 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
326 goto failed;
327 }
328
329 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
330 if (!cmd) {
331 err = -ENOMEM;
332 goto failed;
333 }
334
335 if (cp->val)
336 queue_work(hdev->workqueue, &hdev->power_on);
337 else
338 queue_work(hdev->workqueue, &hdev->power_off);
339
340 err = 0;
341
342 failed:
343 hci_dev_unlock_bh(hdev);
344 hci_dev_put(hdev);
345 return err;
346 }
347
348 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
349 u16 len)
350 {
351 struct mgmt_mode *cp;
352 struct hci_dev *hdev;
353 struct pending_cmd *cmd;
354 u8 scan;
355 int err;
356
357 cp = (void *) data;
358
359 BT_DBG("request for hci%u", index);
360
361 if (len != sizeof(*cp))
362 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
363
364 hdev = hci_dev_get(index);
365 if (!hdev)
366 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
367
368 hci_dev_lock_bh(hdev);
369
370 if (!test_bit(HCI_UP, &hdev->flags)) {
371 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
372 goto failed;
373 }
374
375 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
376 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
377 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
378 goto failed;
379 }
380
381 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
382 test_bit(HCI_PSCAN, &hdev->flags)) {
383 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
384 goto failed;
385 }
386
387 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
388 if (!cmd) {
389 err = -ENOMEM;
390 goto failed;
391 }
392
393 scan = SCAN_PAGE;
394
395 if (cp->val)
396 scan |= SCAN_INQUIRY;
397
398 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
399 if (err < 0)
400 mgmt_pending_remove(cmd);
401
402 failed:
403 hci_dev_unlock_bh(hdev);
404 hci_dev_put(hdev);
405
406 return err;
407 }
408
409 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
410 u16 len)
411 {
412 struct mgmt_mode *cp;
413 struct hci_dev *hdev;
414 struct pending_cmd *cmd;
415 u8 scan;
416 int err;
417
418 cp = (void *) data;
419
420 BT_DBG("request for hci%u", index);
421
422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
424
425 hdev = hci_dev_get(index);
426 if (!hdev)
427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
428
429 hci_dev_lock_bh(hdev);
430
431 if (!test_bit(HCI_UP, &hdev->flags)) {
432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
433 goto failed;
434 }
435
436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
439 goto failed;
440 }
441
442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
444 goto failed;
445 }
446
447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
448 if (!cmd) {
449 err = -ENOMEM;
450 goto failed;
451 }
452
453 if (cp->val)
454 scan = SCAN_PAGE;
455 else
456 scan = 0;
457
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
459 if (err < 0)
460 mgmt_pending_remove(cmd);
461
462 failed:
463 hci_dev_unlock_bh(hdev);
464 hci_dev_put(hdev);
465
466 return err;
467 }
468
469 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
470 struct sock *skip_sk)
471 {
472 struct sk_buff *skb;
473 struct mgmt_hdr *hdr;
474
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
476 if (!skb)
477 return -ENOMEM;
478
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
480
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
483 hdr->index = cpu_to_le16(index);
484 hdr->len = cpu_to_le16(data_len);
485
486 if (data)
487 memcpy(skb_put(skb, data_len), data, data_len);
488
489 hci_send_to_sock(NULL, skb, skip_sk);
490 kfree_skb(skb);
491
492 return 0;
493 }
494
495 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
496 {
497 struct mgmt_mode rp;
498
499 rp.val = val;
500
501 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
502 }
503
504 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
505 u16 len)
506 {
507 struct mgmt_mode *cp, ev;
508 struct hci_dev *hdev;
509 int err;
510
511 cp = (void *) data;
512
513 BT_DBG("request for hci%u", index);
514
515 if (len != sizeof(*cp))
516 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
517
518 hdev = hci_dev_get(index);
519 if (!hdev)
520 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
521
522 hci_dev_lock_bh(hdev);
523
524 if (cp->val)
525 set_bit(HCI_PAIRABLE, &hdev->flags);
526 else
527 clear_bit(HCI_PAIRABLE, &hdev->flags);
528
529 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
530 if (err < 0)
531 goto failed;
532
533 ev.val = cp->val;
534
535 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
536
537 failed:
538 hci_dev_unlock_bh(hdev);
539 hci_dev_put(hdev);
540
541 return err;
542 }
543
544 #define EIR_FLAGS 0x01 /* flags */
545 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
546 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
547 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
548 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
549 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
550 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
551 #define EIR_NAME_SHORT 0x08 /* shortened local name */
552 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
553 #define EIR_TX_POWER 0x0A /* transmit power level */
554 #define EIR_DEVICE_ID 0x10 /* device ID */
555
556 #define PNP_INFO_SVCLASS_ID 0x1200
557
558 static u8 bluetooth_base_uuid[] = {
559 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
560 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
561 };
562
563 static u16 get_uuid16(u8 *uuid128)
564 {
565 u32 val;
566 int i;
567
568 for (i = 0; i < 12; i++) {
569 if (bluetooth_base_uuid[i] != uuid128[i])
570 return 0;
571 }
572
573 memcpy(&val, &uuid128[12], 4);
574
575 val = le32_to_cpu(val);
576 if (val > 0xffff)
577 return 0;
578
579 return (u16) val;
580 }
581
582 static void create_eir(struct hci_dev *hdev, u8 *data)
583 {
584 u8 *ptr = data;
585 u16 eir_len = 0;
586 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
587 int i, truncated = 0;
588 struct bt_uuid *uuid;
589 size_t name_len;
590
591 name_len = strlen(hdev->dev_name);
592
593 if (name_len > 0) {
594 /* EIR Data type */
595 if (name_len > 48) {
596 name_len = 48;
597 ptr[1] = EIR_NAME_SHORT;
598 } else
599 ptr[1] = EIR_NAME_COMPLETE;
600
601 /* EIR Data length */
602 ptr[0] = name_len + 1;
603
604 memcpy(ptr + 2, hdev->dev_name, name_len);
605
606 eir_len += (name_len + 2);
607 ptr += (name_len + 2);
608 }
609
610 memset(uuid16_list, 0, sizeof(uuid16_list));
611
612 /* Group all UUID16 types */
613 list_for_each_entry(uuid, &hdev->uuids, list) {
614 u16 uuid16;
615
616 uuid16 = get_uuid16(uuid->uuid);
617 if (uuid16 == 0)
618 return;
619
620 if (uuid16 < 0x1100)
621 continue;
622
623 if (uuid16 == PNP_INFO_SVCLASS_ID)
624 continue;
625
626 /* Stop if not enough space to put next UUID */
627 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
628 truncated = 1;
629 break;
630 }
631
632 /* Check for duplicates */
633 for (i = 0; uuid16_list[i] != 0; i++)
634 if (uuid16_list[i] == uuid16)
635 break;
636
637 if (uuid16_list[i] == 0) {
638 uuid16_list[i] = uuid16;
639 eir_len += sizeof(u16);
640 }
641 }
642
643 if (uuid16_list[0] != 0) {
644 u8 *length = ptr;
645
646 /* EIR Data type */
647 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
648
649 ptr += 2;
650 eir_len += 2;
651
652 for (i = 0; uuid16_list[i] != 0; i++) {
653 *ptr++ = (uuid16_list[i] & 0x00ff);
654 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
655 }
656
657 /* EIR Data length */
658 *length = (i * sizeof(u16)) + 1;
659 }
660 }
661
662 static int update_eir(struct hci_dev *hdev)
663 {
664 struct hci_cp_write_eir cp;
665
666 if (!(hdev->features[6] & LMP_EXT_INQ))
667 return 0;
668
669 if (hdev->ssp_mode == 0)
670 return 0;
671
672 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
673 return 0;
674
675 memset(&cp, 0, sizeof(cp));
676
677 create_eir(hdev, cp.data);
678
679 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
680 return 0;
681
682 memcpy(hdev->eir, cp.data, sizeof(cp.data));
683
684 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
685 }
686
687 static u8 get_service_classes(struct hci_dev *hdev)
688 {
689 struct bt_uuid *uuid;
690 u8 val = 0;
691
692 list_for_each_entry(uuid, &hdev->uuids, list)
693 val |= uuid->svc_hint;
694
695 return val;
696 }
697
698 static int update_class(struct hci_dev *hdev)
699 {
700 u8 cod[3];
701
702 BT_DBG("%s", hdev->name);
703
704 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
705 return 0;
706
707 cod[0] = hdev->minor_class;
708 cod[1] = hdev->major_class;
709 cod[2] = get_service_classes(hdev);
710
711 if (memcmp(cod, hdev->dev_class, 3) == 0)
712 return 0;
713
714 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
715 }
716
717 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
718 {
719 struct mgmt_cp_add_uuid *cp;
720 struct hci_dev *hdev;
721 struct bt_uuid *uuid;
722 int err;
723
724 cp = (void *) data;
725
726 BT_DBG("request for hci%u", index);
727
728 if (len != sizeof(*cp))
729 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
730
731 hdev = hci_dev_get(index);
732 if (!hdev)
733 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
734
735 hci_dev_lock_bh(hdev);
736
737 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
738 if (!uuid) {
739 err = -ENOMEM;
740 goto failed;
741 }
742
743 memcpy(uuid->uuid, cp->uuid, 16);
744 uuid->svc_hint = cp->svc_hint;
745
746 list_add(&uuid->list, &hdev->uuids);
747
748 err = update_class(hdev);
749 if (err < 0)
750 goto failed;
751
752 err = update_eir(hdev);
753 if (err < 0)
754 goto failed;
755
756 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
757
758 failed:
759 hci_dev_unlock_bh(hdev);
760 hci_dev_put(hdev);
761
762 return err;
763 }
764
765 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
766 {
767 struct list_head *p, *n;
768 struct mgmt_cp_remove_uuid *cp;
769 struct hci_dev *hdev;
770 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
771 int err, found;
772
773 cp = (void *) data;
774
775 BT_DBG("request for hci%u", index);
776
777 if (len != sizeof(*cp))
778 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
779
780 hdev = hci_dev_get(index);
781 if (!hdev)
782 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
783
784 hci_dev_lock_bh(hdev);
785
786 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
787 err = hci_uuids_clear(hdev);
788 goto unlock;
789 }
790
791 found = 0;
792
793 list_for_each_safe(p, n, &hdev->uuids) {
794 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
795
796 if (memcmp(match->uuid, cp->uuid, 16) != 0)
797 continue;
798
799 list_del(&match->list);
800 found++;
801 }
802
803 if (found == 0) {
804 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
805 goto unlock;
806 }
807
808 err = update_class(hdev);
809 if (err < 0)
810 goto unlock;
811
812 err = update_eir(hdev);
813 if (err < 0)
814 goto unlock;
815
816 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
817
818 unlock:
819 hci_dev_unlock_bh(hdev);
820 hci_dev_put(hdev);
821
822 return err;
823 }
824
825 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
826 u16 len)
827 {
828 struct hci_dev *hdev;
829 struct mgmt_cp_set_dev_class *cp;
830 int err;
831
832 cp = (void *) data;
833
834 BT_DBG("request for hci%u", index);
835
836 if (len != sizeof(*cp))
837 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
838
839 hdev = hci_dev_get(index);
840 if (!hdev)
841 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
842
843 hci_dev_lock_bh(hdev);
844
845 hdev->major_class = cp->major;
846 hdev->minor_class = cp->minor;
847
848 err = update_class(hdev);
849
850 if (err == 0)
851 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
852
853 hci_dev_unlock_bh(hdev);
854 hci_dev_put(hdev);
855
856 return err;
857 }
858
859 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
860 u16 len)
861 {
862 struct hci_dev *hdev;
863 struct mgmt_cp_set_service_cache *cp;
864 int err;
865
866 cp = (void *) data;
867
868 if (len != sizeof(*cp))
869 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
870
871 hdev = hci_dev_get(index);
872 if (!hdev)
873 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
874
875 hci_dev_lock_bh(hdev);
876
877 BT_DBG("hci%u enable %d", index, cp->enable);
878
879 if (cp->enable) {
880 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
881 err = 0;
882 } else {
883 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
884 err = update_class(hdev);
885 if (err == 0)
886 err = update_eir(hdev);
887 }
888
889 if (err == 0)
890 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
891 0);
892 else
893 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
894
895
896 hci_dev_unlock_bh(hdev);
897 hci_dev_put(hdev);
898
899 return err;
900 }
901
902 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
903 {
904 struct hci_dev *hdev;
905 struct mgmt_cp_load_keys *cp;
906 u16 key_count, expected_len;
907 int i;
908
909 cp = (void *) data;
910
911 if (len < sizeof(*cp))
912 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
913
914 key_count = get_unaligned_le16(&cp->key_count);
915
916 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
917 if (expected_len != len) {
918 BT_ERR("load_keys: expected %u bytes, got %u bytes",
919 len, expected_len);
920 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, EINVAL);
921 }
922
923 hdev = hci_dev_get(index);
924 if (!hdev)
925 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
926
927 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
928 key_count);
929
930 hci_dev_lock_bh(hdev);
931
932 hci_link_keys_clear(hdev);
933
934 set_bit(HCI_LINK_KEYS, &hdev->flags);
935
936 if (cp->debug_keys)
937 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
938 else
939 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
940
941 for (i = 0; i < key_count; i++) {
942 struct mgmt_key_info *key = &cp->keys[i];
943
944 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
945 key->pin_len);
946 }
947
948 hci_dev_unlock_bh(hdev);
949 hci_dev_put(hdev);
950
951 return 0;
952 }
953
954 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
955 {
956 struct hci_dev *hdev;
957 struct mgmt_cp_remove_key *cp;
958 struct hci_conn *conn;
959 int err;
960
961 cp = (void *) data;
962
963 if (len != sizeof(*cp))
964 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
965
966 hdev = hci_dev_get(index);
967 if (!hdev)
968 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
969
970 hci_dev_lock_bh(hdev);
971
972 err = hci_remove_link_key(hdev, &cp->bdaddr);
973 if (err < 0) {
974 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
975 goto unlock;
976 }
977
978 err = 0;
979
980 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
981 goto unlock;
982
983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
984 if (conn) {
985 struct hci_cp_disconnect dc;
986
987 put_unaligned_le16(conn->handle, &dc.handle);
988 dc.reason = 0x13; /* Remote User Terminated Connection */
989 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
990 }
991
992 unlock:
993 hci_dev_unlock_bh(hdev);
994 hci_dev_put(hdev);
995
996 return err;
997 }
998
999 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1000 {
1001 struct hci_dev *hdev;
1002 struct mgmt_cp_disconnect *cp;
1003 struct hci_cp_disconnect dc;
1004 struct pending_cmd *cmd;
1005 struct hci_conn *conn;
1006 int err;
1007
1008 BT_DBG("");
1009
1010 cp = (void *) data;
1011
1012 if (len != sizeof(*cp))
1013 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1014
1015 hdev = hci_dev_get(index);
1016 if (!hdev)
1017 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1018
1019 hci_dev_lock_bh(hdev);
1020
1021 if (!test_bit(HCI_UP, &hdev->flags)) {
1022 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1023 goto failed;
1024 }
1025
1026 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1027 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1028 goto failed;
1029 }
1030
1031 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1032 if (!conn)
1033 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1034
1035 if (!conn) {
1036 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1037 goto failed;
1038 }
1039
1040 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1041 if (!cmd) {
1042 err = -ENOMEM;
1043 goto failed;
1044 }
1045
1046 put_unaligned_le16(conn->handle, &dc.handle);
1047 dc.reason = 0x13; /* Remote User Terminated Connection */
1048
1049 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1050 if (err < 0)
1051 mgmt_pending_remove(cmd);
1052
1053 failed:
1054 hci_dev_unlock_bh(hdev);
1055 hci_dev_put(hdev);
1056
1057 return err;
1058 }
1059
1060 static int get_connections(struct sock *sk, u16 index)
1061 {
1062 struct mgmt_rp_get_connections *rp;
1063 struct hci_dev *hdev;
1064 struct hci_conn *c;
1065 struct list_head *p;
1066 size_t rp_len;
1067 u16 count;
1068 int i, err;
1069
1070 BT_DBG("");
1071
1072 hdev = hci_dev_get(index);
1073 if (!hdev)
1074 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1075
1076 hci_dev_lock_bh(hdev);
1077
1078 count = 0;
1079 list_for_each(p, &hdev->conn_hash.list) {
1080 count++;
1081 }
1082
1083 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1084 rp = kmalloc(rp_len, GFP_ATOMIC);
1085 if (!rp) {
1086 err = -ENOMEM;
1087 goto unlock;
1088 }
1089
1090 put_unaligned_le16(count, &rp->conn_count);
1091
1092 i = 0;
1093 list_for_each_entry(c, &hdev->conn_hash.list, list)
1094 bacpy(&rp->conn[i++], &c->dst);
1095
1096 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1097
1098 unlock:
1099 kfree(rp);
1100 hci_dev_unlock_bh(hdev);
1101 hci_dev_put(hdev);
1102 return err;
1103 }
1104
1105 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1106 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1107 {
1108 struct pending_cmd *cmd;
1109 int err;
1110
1111 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1112 sizeof(*cp));
1113 if (!cmd)
1114 return -ENOMEM;
1115
1116 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1117 &cp->bdaddr);
1118 if (err < 0)
1119 mgmt_pending_remove(cmd);
1120
1121 return err;
1122 }
1123
1124 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1125 u16 len)
1126 {
1127 struct hci_dev *hdev;
1128 struct hci_conn *conn;
1129 struct mgmt_cp_pin_code_reply *cp;
1130 struct mgmt_cp_pin_code_neg_reply ncp;
1131 struct hci_cp_pin_code_reply reply;
1132 struct pending_cmd *cmd;
1133 int err;
1134
1135 BT_DBG("");
1136
1137 cp = (void *) data;
1138
1139 if (len != sizeof(*cp))
1140 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1141
1142 hdev = hci_dev_get(index);
1143 if (!hdev)
1144 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1145
1146 hci_dev_lock_bh(hdev);
1147
1148 if (!test_bit(HCI_UP, &hdev->flags)) {
1149 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1150 goto failed;
1151 }
1152
1153 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1154 if (!conn) {
1155 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1156 goto failed;
1157 }
1158
1159 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1160 bacpy(&ncp.bdaddr, &cp->bdaddr);
1161
1162 BT_ERR("PIN code is not 16 bytes long");
1163
1164 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1165 if (err >= 0)
1166 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1167 EINVAL);
1168
1169 goto failed;
1170 }
1171
1172 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1173 if (!cmd) {
1174 err = -ENOMEM;
1175 goto failed;
1176 }
1177
1178 bacpy(&reply.bdaddr, &cp->bdaddr);
1179 reply.pin_len = cp->pin_len;
1180 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1181
1182 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1183 if (err < 0)
1184 mgmt_pending_remove(cmd);
1185
1186 failed:
1187 hci_dev_unlock_bh(hdev);
1188 hci_dev_put(hdev);
1189
1190 return err;
1191 }
1192
1193 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1194 u16 len)
1195 {
1196 struct hci_dev *hdev;
1197 struct mgmt_cp_pin_code_neg_reply *cp;
1198 int err;
1199
1200 BT_DBG("");
1201
1202 cp = (void *) data;
1203
1204 if (len != sizeof(*cp))
1205 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1206 EINVAL);
1207
1208 hdev = hci_dev_get(index);
1209 if (!hdev)
1210 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1211 ENODEV);
1212
1213 hci_dev_lock_bh(hdev);
1214
1215 if (!test_bit(HCI_UP, &hdev->flags)) {
1216 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1217 ENETDOWN);
1218 goto failed;
1219 }
1220
1221 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1222
1223 failed:
1224 hci_dev_unlock_bh(hdev);
1225 hci_dev_put(hdev);
1226
1227 return err;
1228 }
1229
1230 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1231 u16 len)
1232 {
1233 struct hci_dev *hdev;
1234 struct mgmt_cp_set_io_capability *cp;
1235
1236 BT_DBG("");
1237
1238 cp = (void *) data;
1239
1240 if (len != sizeof(*cp))
1241 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1242
1243 hdev = hci_dev_get(index);
1244 if (!hdev)
1245 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1246
1247 hci_dev_lock_bh(hdev);
1248
1249 hdev->io_capability = cp->io_capability;
1250
1251 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1252 hdev->io_capability);
1253
1254 hci_dev_unlock_bh(hdev);
1255 hci_dev_put(hdev);
1256
1257 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1258 }
1259
1260 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1261 {
1262 struct hci_dev *hdev = conn->hdev;
1263 struct pending_cmd *cmd;
1264
1265 list_for_each_entry(cmd, &cmd_list, list) {
1266 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1267 continue;
1268
1269 if (cmd->index != hdev->id)
1270 continue;
1271
1272 if (cmd->user_data != conn)
1273 continue;
1274
1275 return cmd;
1276 }
1277
1278 return NULL;
1279 }
1280
1281 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1282 {
1283 struct mgmt_rp_pair_device rp;
1284 struct hci_conn *conn = cmd->user_data;
1285
1286 bacpy(&rp.bdaddr, &conn->dst);
1287 rp.status = status;
1288
1289 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1290
1291 /* So we don't get further callbacks for this connection */
1292 conn->connect_cfm_cb = NULL;
1293 conn->security_cfm_cb = NULL;
1294 conn->disconn_cfm_cb = NULL;
1295
1296 hci_conn_put(conn);
1297
1298 mgmt_pending_remove(cmd);
1299 }
1300
1301 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1302 {
1303 struct pending_cmd *cmd;
1304
1305 BT_DBG("status %u", status);
1306
1307 cmd = find_pairing(conn);
1308 if (!cmd) {
1309 BT_DBG("Unable to find a pending command");
1310 return;
1311 }
1312
1313 pairing_complete(cmd, status);
1314 }
1315
1316 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1317 {
1318 struct hci_dev *hdev;
1319 struct mgmt_cp_pair_device *cp;
1320 struct pending_cmd *cmd;
1321 struct adv_entry *entry;
1322 u8 sec_level, auth_type;
1323 struct hci_conn *conn;
1324 int err;
1325
1326 BT_DBG("");
1327
1328 cp = (void *) data;
1329
1330 if (len != sizeof(*cp))
1331 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1332
1333 hdev = hci_dev_get(index);
1334 if (!hdev)
1335 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1336
1337 hci_dev_lock_bh(hdev);
1338
1339 sec_level = BT_SECURITY_MEDIUM;
1340 if (cp->io_cap == 0x03)
1341 auth_type = HCI_AT_DEDICATED_BONDING;
1342 else
1343 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1344
1345 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1346 if (entry)
1347 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1348 auth_type);
1349 else
1350 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1351 auth_type);
1352
1353 if (IS_ERR(conn)) {
1354 err = PTR_ERR(conn);
1355 goto unlock;
1356 }
1357
1358 if (conn->connect_cfm_cb) {
1359 hci_conn_put(conn);
1360 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1361 goto unlock;
1362 }
1363
1364 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1365 if (!cmd) {
1366 err = -ENOMEM;
1367 hci_conn_put(conn);
1368 goto unlock;
1369 }
1370
1371 /* For LE, just connecting isn't a proof that the pairing finished */
1372 if (!entry)
1373 conn->connect_cfm_cb = pairing_complete_cb;
1374
1375 conn->security_cfm_cb = pairing_complete_cb;
1376 conn->disconn_cfm_cb = pairing_complete_cb;
1377 conn->io_capability = cp->io_cap;
1378 cmd->user_data = conn;
1379
1380 if (conn->state == BT_CONNECTED &&
1381 hci_conn_security(conn, sec_level, auth_type))
1382 pairing_complete(cmd, 0);
1383
1384 err = 0;
1385
1386 unlock:
1387 hci_dev_unlock_bh(hdev);
1388 hci_dev_put(hdev);
1389
1390 return err;
1391 }
1392
1393 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1394 u16 len, int success)
1395 {
1396 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1397 u16 mgmt_op, hci_op;
1398 struct pending_cmd *cmd;
1399 struct hci_dev *hdev;
1400 int err;
1401
1402 BT_DBG("");
1403
1404 if (success) {
1405 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1406 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1407 } else {
1408 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1409 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1410 }
1411
1412 if (len != sizeof(*cp))
1413 return cmd_status(sk, index, mgmt_op, EINVAL);
1414
1415 hdev = hci_dev_get(index);
1416 if (!hdev)
1417 return cmd_status(sk, index, mgmt_op, ENODEV);
1418
1419 hci_dev_lock_bh(hdev);
1420
1421 if (!test_bit(HCI_UP, &hdev->flags)) {
1422 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1423 goto failed;
1424 }
1425
1426 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1427 if (!cmd) {
1428 err = -ENOMEM;
1429 goto failed;
1430 }
1431
1432 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1433 if (err < 0)
1434 mgmt_pending_remove(cmd);
1435
1436 failed:
1437 hci_dev_unlock_bh(hdev);
1438 hci_dev_put(hdev);
1439
1440 return err;
1441 }
1442
1443 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1444 u16 len)
1445 {
1446 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1447 struct hci_cp_write_local_name hci_cp;
1448 struct hci_dev *hdev;
1449 struct pending_cmd *cmd;
1450 int err;
1451
1452 BT_DBG("");
1453
1454 if (len != sizeof(*mgmt_cp))
1455 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1456
1457 hdev = hci_dev_get(index);
1458 if (!hdev)
1459 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1460
1461 hci_dev_lock_bh(hdev);
1462
1463 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1464 if (!cmd) {
1465 err = -ENOMEM;
1466 goto failed;
1467 }
1468
1469 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1470 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1471 &hci_cp);
1472 if (err < 0)
1473 mgmt_pending_remove(cmd);
1474
1475 failed:
1476 hci_dev_unlock_bh(hdev);
1477 hci_dev_put(hdev);
1478
1479 return err;
1480 }
1481
1482 static int read_local_oob_data(struct sock *sk, u16 index)
1483 {
1484 struct hci_dev *hdev;
1485 struct pending_cmd *cmd;
1486 int err;
1487
1488 BT_DBG("hci%u", index);
1489
1490 hdev = hci_dev_get(index);
1491 if (!hdev)
1492 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1493 ENODEV);
1494
1495 hci_dev_lock_bh(hdev);
1496
1497 if (!test_bit(HCI_UP, &hdev->flags)) {
1498 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1499 ENETDOWN);
1500 goto unlock;
1501 }
1502
1503 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1504 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1505 EOPNOTSUPP);
1506 goto unlock;
1507 }
1508
1509 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1510 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1511 goto unlock;
1512 }
1513
1514 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1515 if (!cmd) {
1516 err = -ENOMEM;
1517 goto unlock;
1518 }
1519
1520 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1521 if (err < 0)
1522 mgmt_pending_remove(cmd);
1523
1524 unlock:
1525 hci_dev_unlock_bh(hdev);
1526 hci_dev_put(hdev);
1527
1528 return err;
1529 }
1530
1531 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1532 u16 len)
1533 {
1534 struct hci_dev *hdev;
1535 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1536 int err;
1537
1538 BT_DBG("hci%u ", index);
1539
1540 if (len != sizeof(*cp))
1541 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1542 EINVAL);
1543
1544 hdev = hci_dev_get(index);
1545 if (!hdev)
1546 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1547 ENODEV);
1548
1549 hci_dev_lock_bh(hdev);
1550
1551 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1552 cp->randomizer);
1553 if (err < 0)
1554 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1555 else
1556 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1557 0);
1558
1559 hci_dev_unlock_bh(hdev);
1560 hci_dev_put(hdev);
1561
1562 return err;
1563 }
1564
1565 static int remove_remote_oob_data(struct sock *sk, u16 index,
1566 unsigned char *data, u16 len)
1567 {
1568 struct hci_dev *hdev;
1569 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1570 int err;
1571
1572 BT_DBG("hci%u ", index);
1573
1574 if (len != sizeof(*cp))
1575 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1576 EINVAL);
1577
1578 hdev = hci_dev_get(index);
1579 if (!hdev)
1580 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1581 ENODEV);
1582
1583 hci_dev_lock_bh(hdev);
1584
1585 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1586 if (err < 0)
1587 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1588 -err);
1589 else
1590 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1591 NULL, 0);
1592
1593 hci_dev_unlock_bh(hdev);
1594 hci_dev_put(hdev);
1595
1596 return err;
1597 }
1598
1599 static int start_discovery(struct sock *sk, u16 index)
1600 {
1601 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1602 struct hci_cp_inquiry cp;
1603 struct pending_cmd *cmd;
1604 struct hci_dev *hdev;
1605 int err;
1606
1607 BT_DBG("hci%u", index);
1608
1609 hdev = hci_dev_get(index);
1610 if (!hdev)
1611 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1612
1613 hci_dev_lock_bh(hdev);
1614
1615 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1616 if (!cmd) {
1617 err = -ENOMEM;
1618 goto failed;
1619 }
1620
1621 memset(&cp, 0, sizeof(cp));
1622 memcpy(&cp.lap, lap, 3);
1623 cp.length = 0x08;
1624 cp.num_rsp = 0x00;
1625
1626 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1627 if (err < 0)
1628 mgmt_pending_remove(cmd);
1629
1630 failed:
1631 hci_dev_unlock_bh(hdev);
1632 hci_dev_put(hdev);
1633
1634 return err;
1635 }
1636
1637 static int stop_discovery(struct sock *sk, u16 index)
1638 {
1639 struct hci_dev *hdev;
1640 struct pending_cmd *cmd;
1641 int err;
1642
1643 BT_DBG("hci%u", index);
1644
1645 hdev = hci_dev_get(index);
1646 if (!hdev)
1647 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1648
1649 hci_dev_lock_bh(hdev);
1650
1651 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1652 if (!cmd) {
1653 err = -ENOMEM;
1654 goto failed;
1655 }
1656
1657 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1658 if (err < 0)
1659 mgmt_pending_remove(cmd);
1660
1661 failed:
1662 hci_dev_unlock_bh(hdev);
1663 hci_dev_put(hdev);
1664
1665 return err;
1666 }
1667
1668 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1669 u16 len)
1670 {
1671 struct hci_dev *hdev;
1672 struct pending_cmd *cmd;
1673 struct mgmt_cp_block_device *cp = (void *) data;
1674 int err;
1675
1676 BT_DBG("hci%u", index);
1677
1678 if (len != sizeof(*cp))
1679 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1680 EINVAL);
1681
1682 hdev = hci_dev_get(index);
1683 if (!hdev)
1684 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1685 ENODEV);
1686
1687 hci_dev_lock_bh(hdev);
1688
1689 cmd = mgmt_pending_add(sk, MGMT_OP_BLOCK_DEVICE, index, NULL, 0);
1690 if (!cmd) {
1691 err = -ENOMEM;
1692 goto failed;
1693 }
1694
1695 err = hci_blacklist_add(hdev, &cp->bdaddr);
1696
1697 if (err < 0)
1698 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1699 else
1700 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1701 NULL, 0);
1702
1703 mgmt_pending_remove(cmd);
1704
1705 failed:
1706 hci_dev_unlock_bh(hdev);
1707 hci_dev_put(hdev);
1708
1709 return err;
1710 }
1711
1712 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1713 u16 len)
1714 {
1715 struct hci_dev *hdev;
1716 struct pending_cmd *cmd;
1717 struct mgmt_cp_unblock_device *cp = (void *) data;
1718 int err;
1719
1720 BT_DBG("hci%u", index);
1721
1722 if (len != sizeof(*cp))
1723 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1724 EINVAL);
1725
1726 hdev = hci_dev_get(index);
1727 if (!hdev)
1728 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1729 ENODEV);
1730
1731 hci_dev_lock_bh(hdev);
1732
1733 cmd = mgmt_pending_add(sk, MGMT_OP_UNBLOCK_DEVICE, index, NULL, 0);
1734 if (!cmd) {
1735 err = -ENOMEM;
1736 goto failed;
1737 }
1738
1739 err = hci_blacklist_del(hdev, &cp->bdaddr);
1740
1741 if (err < 0)
1742 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1743 else
1744 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1745 NULL, 0);
1746
1747 mgmt_pending_remove(cmd);
1748
1749 failed:
1750 hci_dev_unlock_bh(hdev);
1751 hci_dev_put(hdev);
1752
1753 return err;
1754 }
1755
1756 static int set_fast_connectable(struct sock *sk, u16 index,
1757 unsigned char *data, u16 len)
1758 {
1759 struct hci_dev *hdev;
1760 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1761 struct hci_cp_write_page_scan_activity acp;
1762 u8 type;
1763 int err;
1764
1765 BT_DBG("hci%u", index);
1766
1767 if (len != sizeof(*cp))
1768 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1769 EINVAL);
1770
1771 hdev = hci_dev_get(index);
1772 if (!hdev)
1773 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1774 ENODEV);
1775
1776 hci_dev_lock(hdev);
1777
1778 if (cp->enable) {
1779 type = PAGE_SCAN_TYPE_INTERLACED;
1780 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1781 } else {
1782 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1783 acp.interval = 0x0800; /* default 1.28 sec page scan */
1784 }
1785
1786 acp.window = 0x0012; /* default 11.25 msec page scan window */
1787
1788 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1789 sizeof(acp), &acp);
1790 if (err < 0) {
1791 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1792 -err);
1793 goto done;
1794 }
1795
1796 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1797 if (err < 0) {
1798 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1799 -err);
1800 goto done;
1801 }
1802
1803 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1804 NULL, 0);
1805 done:
1806 hci_dev_unlock(hdev);
1807 hci_dev_put(hdev);
1808
1809 return err;
1810 }
1811
1812 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1813 {
1814 unsigned char *buf;
1815 struct mgmt_hdr *hdr;
1816 u16 opcode, index, len;
1817 int err;
1818
1819 BT_DBG("got %zu bytes", msglen);
1820
1821 if (msglen < sizeof(*hdr))
1822 return -EINVAL;
1823
1824 buf = kmalloc(msglen, GFP_KERNEL);
1825 if (!buf)
1826 return -ENOMEM;
1827
1828 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1829 err = -EFAULT;
1830 goto done;
1831 }
1832
1833 hdr = (struct mgmt_hdr *) buf;
1834 opcode = get_unaligned_le16(&hdr->opcode);
1835 index = get_unaligned_le16(&hdr->index);
1836 len = get_unaligned_le16(&hdr->len);
1837
1838 if (len != msglen - sizeof(*hdr)) {
1839 err = -EINVAL;
1840 goto done;
1841 }
1842
1843 switch (opcode) {
1844 case MGMT_OP_READ_VERSION:
1845 err = read_version(sk);
1846 break;
1847 case MGMT_OP_READ_INDEX_LIST:
1848 err = read_index_list(sk);
1849 break;
1850 case MGMT_OP_READ_INFO:
1851 err = read_controller_info(sk, index);
1852 break;
1853 case MGMT_OP_SET_POWERED:
1854 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1855 break;
1856 case MGMT_OP_SET_DISCOVERABLE:
1857 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1858 break;
1859 case MGMT_OP_SET_CONNECTABLE:
1860 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1861 break;
1862 case MGMT_OP_SET_PAIRABLE:
1863 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1864 break;
1865 case MGMT_OP_ADD_UUID:
1866 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1867 break;
1868 case MGMT_OP_REMOVE_UUID:
1869 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1870 break;
1871 case MGMT_OP_SET_DEV_CLASS:
1872 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1873 break;
1874 case MGMT_OP_SET_SERVICE_CACHE:
1875 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1876 break;
1877 case MGMT_OP_LOAD_KEYS:
1878 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1879 break;
1880 case MGMT_OP_REMOVE_KEY:
1881 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1882 break;
1883 case MGMT_OP_DISCONNECT:
1884 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1885 break;
1886 case MGMT_OP_GET_CONNECTIONS:
1887 err = get_connections(sk, index);
1888 break;
1889 case MGMT_OP_PIN_CODE_REPLY:
1890 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1891 break;
1892 case MGMT_OP_PIN_CODE_NEG_REPLY:
1893 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1894 break;
1895 case MGMT_OP_SET_IO_CAPABILITY:
1896 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1897 break;
1898 case MGMT_OP_PAIR_DEVICE:
1899 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1900 break;
1901 case MGMT_OP_USER_CONFIRM_REPLY:
1902 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1903 break;
1904 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1905 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1906 break;
1907 case MGMT_OP_SET_LOCAL_NAME:
1908 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1909 break;
1910 case MGMT_OP_READ_LOCAL_OOB_DATA:
1911 err = read_local_oob_data(sk, index);
1912 break;
1913 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1914 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1915 break;
1916 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1917 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1918 len);
1919 break;
1920 case MGMT_OP_START_DISCOVERY:
1921 err = start_discovery(sk, index);
1922 break;
1923 case MGMT_OP_STOP_DISCOVERY:
1924 err = stop_discovery(sk, index);
1925 break;
1926 case MGMT_OP_BLOCK_DEVICE:
1927 err = block_device(sk, index, buf + sizeof(*hdr), len);
1928 break;
1929 case MGMT_OP_UNBLOCK_DEVICE:
1930 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1931 break;
1932 case MGMT_OP_SET_FAST_CONNECTABLE:
1933 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1934 len);
1935 break;
1936 default:
1937 BT_DBG("Unknown op %u", opcode);
1938 err = cmd_status(sk, index, opcode, 0x01);
1939 break;
1940 }
1941
1942 if (err < 0)
1943 goto done;
1944
1945 err = msglen;
1946
1947 done:
1948 kfree(buf);
1949 return err;
1950 }
1951
1952 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1953 {
1954 u8 *status = data;
1955
1956 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1957 mgmt_pending_remove(cmd);
1958 }
1959
1960 int mgmt_index_added(u16 index)
1961 {
1962 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1963 }
1964
1965 int mgmt_index_removed(u16 index)
1966 {
1967 u8 status = ENODEV;
1968
1969 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
1970
1971 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1972 }
1973
1974 struct cmd_lookup {
1975 u8 val;
1976 struct sock *sk;
1977 };
1978
1979 static void mode_rsp(struct pending_cmd *cmd, void *data)
1980 {
1981 struct mgmt_mode *cp = cmd->param;
1982 struct cmd_lookup *match = data;
1983
1984 if (cp->val != match->val)
1985 return;
1986
1987 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1988
1989 list_del(&cmd->list);
1990
1991 if (match->sk == NULL) {
1992 match->sk = cmd->sk;
1993 sock_hold(match->sk);
1994 }
1995
1996 mgmt_pending_free(cmd);
1997 }
1998
1999 int mgmt_powered(u16 index, u8 powered)
2000 {
2001 struct mgmt_mode ev;
2002 struct cmd_lookup match = { powered, NULL };
2003 int ret;
2004
2005 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
2006
2007 if (!powered) {
2008 u8 status = ENETDOWN;
2009 mgmt_pending_foreach(0, index, cmd_status_rsp, &status);
2010 }
2011
2012 ev.val = powered;
2013
2014 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
2015
2016 if (match.sk)
2017 sock_put(match.sk);
2018
2019 return ret;
2020 }
2021
2022 int mgmt_discoverable(u16 index, u8 discoverable)
2023 {
2024 struct mgmt_mode ev;
2025 struct cmd_lookup match = { discoverable, NULL };
2026 int ret;
2027
2028 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
2029
2030 ev.val = discoverable;
2031
2032 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
2033 match.sk);
2034
2035 if (match.sk)
2036 sock_put(match.sk);
2037
2038 return ret;
2039 }
2040
2041 int mgmt_connectable(u16 index, u8 connectable)
2042 {
2043 struct mgmt_mode ev;
2044 struct cmd_lookup match = { connectable, NULL };
2045 int ret;
2046
2047 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
2048
2049 ev.val = connectable;
2050
2051 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
2052
2053 if (match.sk)
2054 sock_put(match.sk);
2055
2056 return ret;
2057 }
2058
2059 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
2060 {
2061 struct mgmt_ev_new_key ev;
2062
2063 memset(&ev, 0, sizeof(ev));
2064
2065 ev.store_hint = persistent;
2066 bacpy(&ev.key.bdaddr, &key->bdaddr);
2067 ev.key.type = key->type;
2068 memcpy(ev.key.val, key->val, 16);
2069 ev.key.pin_len = key->pin_len;
2070
2071 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
2072 }
2073
2074 int mgmt_connected(u16 index, bdaddr_t *bdaddr, u8 link_type)
2075 {
2076 struct mgmt_ev_connected ev;
2077
2078 bacpy(&ev.bdaddr, bdaddr);
2079 ev.link_type = link_type;
2080
2081 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2082 }
2083
2084 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2085 {
2086 struct mgmt_cp_disconnect *cp = cmd->param;
2087 struct sock **sk = data;
2088 struct mgmt_rp_disconnect rp;
2089
2090 bacpy(&rp.bdaddr, &cp->bdaddr);
2091
2092 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2093
2094 *sk = cmd->sk;
2095 sock_hold(*sk);
2096
2097 mgmt_pending_remove(cmd);
2098 }
2099
2100 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2101 {
2102 struct mgmt_ev_disconnected ev;
2103 struct sock *sk = NULL;
2104 int err;
2105
2106 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2107
2108 bacpy(&ev.bdaddr, bdaddr);
2109
2110 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2111
2112 if (sk)
2113 sock_put(sk);
2114
2115 return err;
2116 }
2117
2118 int mgmt_disconnect_failed(u16 index)
2119 {
2120 struct pending_cmd *cmd;
2121 int err;
2122
2123 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2124 if (!cmd)
2125 return -ENOENT;
2126
2127 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2128
2129 mgmt_pending_remove(cmd);
2130
2131 return err;
2132 }
2133
2134 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2135 {
2136 struct mgmt_ev_connect_failed ev;
2137
2138 bacpy(&ev.bdaddr, bdaddr);
2139 ev.status = status;
2140
2141 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2142 }
2143
2144 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2145 {
2146 struct mgmt_ev_pin_code_request ev;
2147
2148 bacpy(&ev.bdaddr, bdaddr);
2149 ev.secure = secure;
2150
2151 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2152 NULL);
2153 }
2154
2155 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2156 {
2157 struct pending_cmd *cmd;
2158 struct mgmt_rp_pin_code_reply rp;
2159 int err;
2160
2161 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2162 if (!cmd)
2163 return -ENOENT;
2164
2165 bacpy(&rp.bdaddr, bdaddr);
2166 rp.status = status;
2167
2168 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2169 sizeof(rp));
2170
2171 mgmt_pending_remove(cmd);
2172
2173 return err;
2174 }
2175
2176 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2177 {
2178 struct pending_cmd *cmd;
2179 struct mgmt_rp_pin_code_reply rp;
2180 int err;
2181
2182 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2183 if (!cmd)
2184 return -ENOENT;
2185
2186 bacpy(&rp.bdaddr, bdaddr);
2187 rp.status = status;
2188
2189 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2190 sizeof(rp));
2191
2192 mgmt_pending_remove(cmd);
2193
2194 return err;
2195 }
2196
2197 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2198 u8 confirm_hint)
2199 {
2200 struct mgmt_ev_user_confirm_request ev;
2201
2202 BT_DBG("hci%u", index);
2203
2204 bacpy(&ev.bdaddr, bdaddr);
2205 ev.confirm_hint = confirm_hint;
2206 put_unaligned_le32(value, &ev.value);
2207
2208 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2209 NULL);
2210 }
2211
2212 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2213 u8 opcode)
2214 {
2215 struct pending_cmd *cmd;
2216 struct mgmt_rp_user_confirm_reply rp;
2217 int err;
2218
2219 cmd = mgmt_pending_find(opcode, index);
2220 if (!cmd)
2221 return -ENOENT;
2222
2223 bacpy(&rp.bdaddr, bdaddr);
2224 rp.status = status;
2225 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2226
2227 mgmt_pending_remove(cmd);
2228
2229 return err;
2230 }
2231
2232 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2233 {
2234 return confirm_reply_complete(index, bdaddr, status,
2235 MGMT_OP_USER_CONFIRM_REPLY);
2236 }
2237
2238 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2239 {
2240 return confirm_reply_complete(index, bdaddr, status,
2241 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2242 }
2243
2244 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2245 {
2246 struct mgmt_ev_auth_failed ev;
2247
2248 bacpy(&ev.bdaddr, bdaddr);
2249 ev.status = status;
2250
2251 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2252 }
2253
2254 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2255 {
2256 struct pending_cmd *cmd;
2257 struct hci_dev *hdev;
2258 struct mgmt_cp_set_local_name ev;
2259 int err;
2260
2261 memset(&ev, 0, sizeof(ev));
2262 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2263
2264 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2265 if (!cmd)
2266 goto send_event;
2267
2268 if (status) {
2269 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2270 goto failed;
2271 }
2272
2273 hdev = hci_dev_get(index);
2274 if (hdev) {
2275 hci_dev_lock_bh(hdev);
2276 update_eir(hdev);
2277 hci_dev_unlock_bh(hdev);
2278 hci_dev_put(hdev);
2279 }
2280
2281 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2282 sizeof(ev));
2283 if (err < 0)
2284 goto failed;
2285
2286 send_event:
2287 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2288 cmd ? cmd->sk : NULL);
2289
2290 failed:
2291 if (cmd)
2292 mgmt_pending_remove(cmd);
2293 return err;
2294 }
2295
2296 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2297 u8 status)
2298 {
2299 struct pending_cmd *cmd;
2300 int err;
2301
2302 BT_DBG("hci%u status %u", index, status);
2303
2304 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2305 if (!cmd)
2306 return -ENOENT;
2307
2308 if (status) {
2309 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2310 EIO);
2311 } else {
2312 struct mgmt_rp_read_local_oob_data rp;
2313
2314 memcpy(rp.hash, hash, sizeof(rp.hash));
2315 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2316
2317 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2318 &rp, sizeof(rp));
2319 }
2320
2321 mgmt_pending_remove(cmd);
2322
2323 return err;
2324 }
2325
2326 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2327 u8 *eir)
2328 {
2329 struct mgmt_ev_device_found ev;
2330
2331 memset(&ev, 0, sizeof(ev));
2332
2333 bacpy(&ev.bdaddr, bdaddr);
2334 ev.rssi = rssi;
2335
2336 if (eir)
2337 memcpy(ev.eir, eir, sizeof(ev.eir));
2338
2339 if (dev_class)
2340 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2341
2342 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2343 }
2344
2345 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2346 {
2347 struct mgmt_ev_remote_name ev;
2348
2349 memset(&ev, 0, sizeof(ev));
2350
2351 bacpy(&ev.bdaddr, bdaddr);
2352 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2353
2354 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2355 }
2356
2357 int mgmt_inquiry_failed(u16 index, u8 status)
2358 {
2359 struct pending_cmd *cmd;
2360 int err;
2361
2362 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2363 if (!cmd)
2364 return -ENOENT;
2365
2366 err = cmd_status(cmd->sk, index, cmd->opcode, status);
2367 mgmt_pending_remove(cmd);
2368
2369 return err;
2370 }
2371
2372 int mgmt_discovering(u16 index, u8 discovering)
2373 {
2374 struct pending_cmd *cmd;
2375
2376 if (discovering)
2377 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, index);
2378 else
2379 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, index);
2380
2381 if (cmd != NULL) {
2382 cmd_complete(cmd->sk, index, cmd->opcode, NULL, 0);
2383 mgmt_pending_remove(cmd);
2384 }
2385
2386 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2387 sizeof(discovering), NULL);
2388 }
2389
2390 int mgmt_device_blocked(u16 index, bdaddr_t *bdaddr)
2391 {
2392 struct pending_cmd *cmd;
2393 struct mgmt_ev_device_blocked ev;
2394
2395 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, index);
2396
2397 bacpy(&ev.bdaddr, bdaddr);
2398
2399 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, index, &ev, sizeof(ev),
2400 cmd ? cmd->sk : NULL);
2401 }
2402
2403 int mgmt_device_unblocked(u16 index, bdaddr_t *bdaddr)
2404 {
2405 struct pending_cmd *cmd;
2406 struct mgmt_ev_device_unblocked ev;
2407
2408 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, index);
2409
2410 bacpy(&ev.bdaddr, bdaddr);
2411
2412 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, index, &ev, sizeof(ev),
2413 cmd ? cmd->sk : NULL);
2414 }
kernel source for telekom puls (alcatel/mediatek)