2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
36 struct list_head list;
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
50 struct mgmt_ev_cmd_status *ev;
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
64 ev = (void *) skb_put(skb, sizeof(*ev));
66 put_unaligned_le16(cmd, &ev->opcode);
68 if (sock_queue_rcv_skb(sk, skb) < 0)
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
79 struct mgmt_ev_cmd_complete *ev;
81 BT_DBG("sock %p", sk);
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
97 memcpy(ev->data, rp, rp_len);
99 if (sock_queue_rcv_skb(sk, skb) < 0)
105 static int read_version(struct sock *sk)
107 struct mgmt_rp_read_version rp;
109 BT_DBG("sock %p", sk);
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
118 static int read_index_list(struct sock *sk)
120 struct mgmt_rp_read_index_list *rp;
126 BT_DBG("sock %p", sk);
128 read_lock(&hci_dev_list_lock);
131 list_for_each(p, &hci_dev_list) {
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
138 read_unlock(&hci_dev_list_lock);
142 put_unaligned_le16(count, &rp->num_controllers);
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
148 hci_del_off_timer(d);
150 set_bit(HCI_MGMT, &d->flags);
152 if (test_bit(HCI_SETUP, &d->flags))
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
159 read_unlock(&hci_dev_list_lock);
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
169 static int read_controller_info(struct sock *sk, u16 index)
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
174 BT_DBG("sock %p hci%u", sk, index);
176 hdev = hci_dev_get(index);
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
180 hci_del_off_timer(hdev);
182 hci_dev_lock_bh(hdev);
184 set_bit(HCI_MGMT, &hdev->flags);
186 rp.type = hdev->dev_type;
188 rp.powered = test_bit(HCI_UP, &hdev->flags);
189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
193 if (test_bit(HCI_AUTH, &hdev->flags))
195 else if (hdev->ssp_mode > 0)
200 bacpy(&rp.bdaddr, &hdev->bdaddr);
201 memcpy(rp.features, hdev->features, 8);
202 memcpy(rp.dev_class, hdev->dev_class, 3);
203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
204 rp.hci_ver = hdev->hci_ver;
205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
207 hci_dev_unlock_bh(hdev);
210 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
213 static void mgmt_pending_free(struct pending_cmd *cmd)
220 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
221 u16 index, void *data, u16 len)
223 struct pending_cmd *cmd;
225 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
229 cmd->opcode = opcode;
232 cmd->cmd = kmalloc(len, GFP_ATOMIC);
238 memcpy(cmd->cmd, data, len);
243 list_add(&cmd->list, &cmd_list);
248 static void mgmt_pending_foreach(u16 opcode, int index,
249 void (*cb)(struct pending_cmd *cmd, void *data),
252 struct list_head *p, *n;
254 list_for_each_safe(p, n, &cmd_list) {
255 struct pending_cmd *cmd;
257 cmd = list_entry(p, struct pending_cmd, list);
259 if (cmd->opcode != opcode)
262 if (index >= 0 && cmd->index != index)
269 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
273 list_for_each(p, &cmd_list) {
274 struct pending_cmd *cmd;
276 cmd = list_entry(p, struct pending_cmd, list);
278 if (cmd->opcode != opcode)
281 if (index >= 0 && cmd->index != index)
290 static void mgmt_pending_remove(struct pending_cmd *cmd)
292 list_del(&cmd->list);
293 mgmt_pending_free(cmd);
296 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
298 struct mgmt_mode *cp;
299 struct hci_dev *hdev;
300 struct pending_cmd *cmd;
305 BT_DBG("request for hci%u", index);
307 if (len != sizeof(*cp))
308 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
310 hdev = hci_dev_get(index);
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
314 hci_dev_lock_bh(hdev);
316 up = test_bit(HCI_UP, &hdev->flags);
317 if ((cp->val && up) || (!cp->val && !up)) {
318 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
322 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
334 queue_work(hdev->workqueue, &hdev->power_on);
336 queue_work(hdev->workqueue, &hdev->power_off);
341 hci_dev_unlock_bh(hdev);
346 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
349 struct mgmt_mode *cp;
350 struct hci_dev *hdev;
351 struct pending_cmd *cmd;
357 BT_DBG("request for hci%u", index);
359 if (len != sizeof(*cp))
360 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
362 hdev = hci_dev_get(index);
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
366 hci_dev_lock_bh(hdev);
368 if (!test_bit(HCI_UP, &hdev->flags)) {
369 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
373 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
374 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
379 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
380 test_bit(HCI_PSCAN, &hdev->flags)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
394 scan |= SCAN_INQUIRY;
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
398 mgmt_pending_remove(cmd);
401 hci_dev_unlock_bh(hdev);
407 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
410 struct mgmt_mode *cp;
411 struct hci_dev *hdev;
412 struct pending_cmd *cmd;
418 BT_DBG("request for hci%u", index);
420 if (len != sizeof(*cp))
421 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
423 hdev = hci_dev_get(index);
425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
427 hci_dev_lock_bh(hdev);
429 if (!test_bit(HCI_UP, &hdev->flags)) {
430 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
434 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
435 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
440 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
456 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
458 mgmt_pending_remove(cmd);
461 hci_dev_unlock_bh(hdev);
467 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
468 struct sock *skip_sk)
471 struct mgmt_hdr *hdr;
473 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
477 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
479 hdr = (void *) skb_put(skb, sizeof(*hdr));
480 hdr->opcode = cpu_to_le16(event);
481 hdr->index = cpu_to_le16(index);
482 hdr->len = cpu_to_le16(data_len);
485 memcpy(skb_put(skb, data_len), data, data_len);
487 hci_send_to_sock(NULL, skb, skip_sk);
493 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
502 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
505 struct mgmt_mode *cp, ev;
506 struct hci_dev *hdev;
511 BT_DBG("request for hci%u", index);
513 if (len != sizeof(*cp))
514 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
516 hdev = hci_dev_get(index);
518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
520 hci_dev_lock_bh(hdev);
523 set_bit(HCI_PAIRABLE, &hdev->flags);
525 clear_bit(HCI_PAIRABLE, &hdev->flags);
527 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
536 hci_dev_unlock_bh(hdev);
542 static u8 get_service_classes(struct hci_dev *hdev)
547 list_for_each(p, &hdev->uuids) {
548 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
550 val |= uuid->svc_hint;
556 static int update_class(struct hci_dev *hdev)
560 BT_DBG("%s", hdev->name);
562 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
565 cod[0] = hdev->minor_class;
566 cod[1] = hdev->major_class;
567 cod[2] = get_service_classes(hdev);
569 if (memcmp(cod, hdev->dev_class, 3) == 0)
572 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
575 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
577 struct mgmt_cp_add_uuid *cp;
578 struct hci_dev *hdev;
579 struct bt_uuid *uuid;
584 BT_DBG("request for hci%u", index);
586 if (len != sizeof(*cp))
587 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
589 hdev = hci_dev_get(index);
591 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
593 hci_dev_lock_bh(hdev);
595 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
601 memcpy(uuid->uuid, cp->uuid, 16);
602 uuid->svc_hint = cp->svc_hint;
604 list_add(&uuid->list, &hdev->uuids);
606 err = update_class(hdev);
610 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
613 hci_dev_unlock_bh(hdev);
619 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
621 struct list_head *p, *n;
622 struct mgmt_cp_remove_uuid *cp;
623 struct hci_dev *hdev;
624 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
629 BT_DBG("request for hci%u", index);
631 if (len != sizeof(*cp))
632 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
634 hdev = hci_dev_get(index);
636 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
638 hci_dev_lock_bh(hdev);
640 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
641 err = hci_uuids_clear(hdev);
647 list_for_each_safe(p, n, &hdev->uuids) {
648 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
650 if (memcmp(match->uuid, cp->uuid, 16) != 0)
653 list_del(&match->list);
658 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
662 err = update_class(hdev);
666 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
669 hci_dev_unlock_bh(hdev);
675 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
678 struct hci_dev *hdev;
679 struct mgmt_cp_set_dev_class *cp;
684 BT_DBG("request for hci%u", index);
686 if (len != sizeof(*cp))
687 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
689 hdev = hci_dev_get(index);
691 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
693 hci_dev_lock_bh(hdev);
695 hdev->major_class = cp->major;
696 hdev->minor_class = cp->minor;
698 err = update_class(hdev);
701 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
703 hci_dev_unlock_bh(hdev);
709 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
712 struct hci_dev *hdev;
713 struct mgmt_cp_set_service_cache *cp;
718 if (len != sizeof(*cp))
719 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE,
722 hdev = hci_dev_get(index);
724 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
726 hci_dev_lock_bh(hdev);
728 BT_DBG("hci%u enable %d", index, cp->enable);
731 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
734 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
735 err = update_class(hdev);
739 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
742 hci_dev_unlock_bh(hdev);
748 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
750 struct hci_dev *hdev;
751 struct mgmt_cp_load_keys *cp;
752 u16 key_count, expected_len;
757 if (len < sizeof(*cp))
760 key_count = get_unaligned_le16(&cp->key_count);
762 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
763 if (expected_len != len) {
764 BT_ERR("load_keys: expected %u bytes, got %u bytes",
769 hdev = hci_dev_get(index);
771 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
773 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
776 hci_dev_lock_bh(hdev);
778 hci_link_keys_clear(hdev);
780 set_bit(HCI_LINK_KEYS, &hdev->flags);
783 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
785 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
787 for (i = 0; i < key_count; i++) {
788 struct mgmt_key_info *key = &cp->keys[i];
790 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type,
794 hci_dev_unlock_bh(hdev);
800 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
802 struct hci_dev *hdev;
803 struct mgmt_cp_remove_key *cp;
804 struct hci_conn *conn;
809 if (len != sizeof(*cp))
810 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
812 hdev = hci_dev_get(index);
814 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
816 hci_dev_lock_bh(hdev);
818 err = hci_remove_link_key(hdev, &cp->bdaddr);
820 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
826 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
829 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
831 struct hci_cp_disconnect dc;
833 put_unaligned_le16(conn->handle, &dc.handle);
834 dc.reason = 0x13; /* Remote User Terminated Connection */
835 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
839 hci_dev_unlock_bh(hdev);
845 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
847 struct hci_dev *hdev;
848 struct mgmt_cp_disconnect *cp;
849 struct hci_cp_disconnect dc;
850 struct pending_cmd *cmd;
851 struct hci_conn *conn;
858 if (len != sizeof(*cp))
859 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
861 hdev = hci_dev_get(index);
863 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
865 hci_dev_lock_bh(hdev);
867 if (!test_bit(HCI_UP, &hdev->flags)) {
868 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
872 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
873 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
879 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
883 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
889 put_unaligned_le16(conn->handle, &dc.handle);
890 dc.reason = 0x13; /* Remote User Terminated Connection */
892 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
894 mgmt_pending_remove(cmd);
897 hci_dev_unlock_bh(hdev);
903 static int get_connections(struct sock *sk, u16 index, unsigned char *data,
906 struct mgmt_cp_get_connections *cp;
907 struct mgmt_rp_get_connections *rp;
908 struct hci_dev *hdev;
918 hdev = hci_dev_get(index);
920 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
922 hci_dev_lock_bh(hdev);
925 list_for_each(p, &hdev->conn_hash.list) {
929 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
930 rp = kmalloc(rp_len, GFP_ATOMIC);
936 put_unaligned_le16(count, &rp->conn_count);
938 read_lock(&hci_dev_list_lock);
941 list_for_each(p, &hdev->conn_hash.list) {
942 struct hci_conn *c = list_entry(p, struct hci_conn, list);
944 bacpy(&rp->conn[i++], &c->dst);
947 read_unlock(&hci_dev_list_lock);
949 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
953 hci_dev_unlock_bh(hdev);
958 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
961 struct hci_dev *hdev;
962 struct mgmt_cp_pin_code_reply *cp;
963 struct hci_cp_pin_code_reply reply;
964 struct pending_cmd *cmd;
971 if (len != sizeof(*cp))
972 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
974 hdev = hci_dev_get(index);
976 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
978 hci_dev_lock_bh(hdev);
980 if (!test_bit(HCI_UP, &hdev->flags)) {
981 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
985 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
991 bacpy(&reply.bdaddr, &cp->bdaddr);
992 reply.pin_len = cp->pin_len;
993 memcpy(reply.pin_code, cp->pin_code, 16);
995 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
997 mgmt_pending_remove(cmd);
1000 hci_dev_unlock_bh(hdev);
1006 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1009 struct hci_dev *hdev;
1010 struct mgmt_cp_pin_code_neg_reply *cp;
1011 struct pending_cmd *cmd;
1018 if (len != sizeof(*cp))
1019 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1022 hdev = hci_dev_get(index);
1024 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1027 hci_dev_lock_bh(hdev);
1029 if (!test_bit(HCI_UP, &hdev->flags)) {
1030 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1035 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1042 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(bdaddr_t),
1045 mgmt_pending_remove(cmd);
1048 hci_dev_unlock_bh(hdev);
1054 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1057 struct hci_dev *hdev;
1058 struct mgmt_cp_set_io_capability *cp;
1064 if (len != sizeof(*cp))
1065 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1068 hdev = hci_dev_get(index);
1070 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1072 hci_dev_lock_bh(hdev);
1074 hdev->io_capability = cp->io_capability;
1076 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1077 hdev->io_capability);
1079 hci_dev_unlock_bh(hdev);
1082 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1085 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1087 struct hci_dev *hdev = conn->hdev;
1088 struct list_head *p;
1090 list_for_each(p, &cmd_list) {
1091 struct pending_cmd *cmd;
1093 cmd = list_entry(p, struct pending_cmd, list);
1095 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1098 if (cmd->index != hdev->id)
1101 if (cmd->user_data != conn)
1110 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1112 struct mgmt_rp_pair_device rp;
1113 struct hci_conn *conn = cmd->user_data;
1115 bacpy(&rp.bdaddr, &conn->dst);
1118 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1120 /* So we don't get further callbacks for this connection */
1121 conn->connect_cfm_cb = NULL;
1122 conn->security_cfm_cb = NULL;
1123 conn->disconn_cfm_cb = NULL;
1127 mgmt_pending_remove(cmd);
1130 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1132 struct pending_cmd *cmd;
1134 BT_DBG("status %u", status);
1136 cmd = find_pairing(conn);
1138 BT_DBG("Unable to find a pending command");
1142 pairing_complete(cmd, status);
1145 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1147 struct hci_dev *hdev;
1148 struct mgmt_cp_pair_device *cp;
1149 struct pending_cmd *cmd;
1150 u8 sec_level, auth_type;
1151 struct hci_conn *conn;
1158 if (len != sizeof(*cp))
1159 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1161 hdev = hci_dev_get(index);
1163 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1165 hci_dev_lock_bh(hdev);
1167 if (cp->io_cap == 0x03) {
1168 sec_level = BT_SECURITY_MEDIUM;
1169 auth_type = HCI_AT_DEDICATED_BONDING;
1171 sec_level = BT_SECURITY_HIGH;
1172 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1175 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1177 err = PTR_ERR(conn);
1181 if (conn->connect_cfm_cb) {
1183 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1187 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1194 conn->connect_cfm_cb = pairing_complete_cb;
1195 conn->security_cfm_cb = pairing_complete_cb;
1196 conn->disconn_cfm_cb = pairing_complete_cb;
1197 conn->io_capability = cp->io_cap;
1198 cmd->user_data = conn;
1200 if (conn->state == BT_CONNECTED &&
1201 hci_conn_security(conn, sec_level, auth_type))
1202 pairing_complete(cmd, 0);
1207 hci_dev_unlock_bh(hdev);
1213 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1214 u16 len, int success)
1216 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1217 u16 mgmt_op, hci_op;
1218 struct pending_cmd *cmd;
1219 struct hci_dev *hdev;
1225 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1226 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1228 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1229 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1232 if (len != sizeof(*cp))
1233 return cmd_status(sk, index, mgmt_op, EINVAL);
1235 hdev = hci_dev_get(index);
1237 return cmd_status(sk, index, mgmt_op, ENODEV);
1239 if (!test_bit(HCI_UP, &hdev->flags)) {
1240 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1244 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1250 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1252 mgmt_pending_remove(cmd);
1255 hci_dev_unlock_bh(hdev);
1261 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1264 struct mgmt_hdr *hdr;
1265 u16 opcode, index, len;
1268 BT_DBG("got %zu bytes", msglen);
1270 if (msglen < sizeof(*hdr))
1273 buf = kmalloc(msglen, GFP_ATOMIC);
1277 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1282 hdr = (struct mgmt_hdr *) buf;
1283 opcode = get_unaligned_le16(&hdr->opcode);
1284 index = get_unaligned_le16(&hdr->index);
1285 len = get_unaligned_le16(&hdr->len);
1287 if (len != msglen - sizeof(*hdr)) {
1293 case MGMT_OP_READ_VERSION:
1294 err = read_version(sk);
1296 case MGMT_OP_READ_INDEX_LIST:
1297 err = read_index_list(sk);
1299 case MGMT_OP_READ_INFO:
1300 err = read_controller_info(sk, index);
1302 case MGMT_OP_SET_POWERED:
1303 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1305 case MGMT_OP_SET_DISCOVERABLE:
1306 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1308 case MGMT_OP_SET_CONNECTABLE:
1309 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1311 case MGMT_OP_SET_PAIRABLE:
1312 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1314 case MGMT_OP_ADD_UUID:
1315 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1317 case MGMT_OP_REMOVE_UUID:
1318 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1320 case MGMT_OP_SET_DEV_CLASS:
1321 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1323 case MGMT_OP_SET_SERVICE_CACHE:
1324 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1326 case MGMT_OP_LOAD_KEYS:
1327 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1329 case MGMT_OP_REMOVE_KEY:
1330 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1332 case MGMT_OP_DISCONNECT:
1333 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1335 case MGMT_OP_GET_CONNECTIONS:
1336 err = get_connections(sk, index, buf + sizeof(*hdr), len);
1338 case MGMT_OP_PIN_CODE_REPLY:
1339 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1341 case MGMT_OP_PIN_CODE_NEG_REPLY:
1342 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1344 case MGMT_OP_SET_IO_CAPABILITY:
1345 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1347 case MGMT_OP_PAIR_DEVICE:
1348 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1350 case MGMT_OP_USER_CONFIRM_REPLY:
1351 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1353 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1354 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1357 BT_DBG("Unknown op %u", opcode);
1358 err = cmd_status(sk, index, opcode, 0x01);
1372 int mgmt_index_added(u16 index)
1374 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1377 int mgmt_index_removed(u16 index)
1379 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1387 static void mode_rsp(struct pending_cmd *cmd, void *data)
1389 struct mgmt_mode *cp = cmd->cmd;
1390 struct cmd_lookup *match = data;
1392 if (cp->val != match->val)
1395 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1397 list_del(&cmd->list);
1399 if (match->sk == NULL) {
1400 match->sk = cmd->sk;
1401 sock_hold(match->sk);
1404 mgmt_pending_free(cmd);
1407 int mgmt_powered(u16 index, u8 powered)
1409 struct mgmt_mode ev;
1410 struct cmd_lookup match = { powered, NULL };
1413 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1417 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1425 int mgmt_discoverable(u16 index, u8 discoverable)
1427 struct mgmt_mode ev;
1428 struct cmd_lookup match = { discoverable, NULL };
1431 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index,
1434 ev.val = discoverable;
1436 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1445 int mgmt_connectable(u16 index, u8 connectable)
1447 struct mgmt_mode ev;
1448 struct cmd_lookup match = { connectable, NULL };
1451 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1453 ev.val = connectable;
1455 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1463 int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
1465 struct mgmt_ev_new_key ev;
1467 memset(&ev, 0, sizeof(ev));
1469 bacpy(&ev.key.bdaddr, &key->bdaddr);
1470 ev.key.type = key->type;
1471 memcpy(ev.key.val, key->val, 16);
1472 ev.key.pin_len = key->pin_len;
1473 ev.old_key_type = old_key_type;
1475 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1478 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1480 struct mgmt_ev_connected ev;
1482 bacpy(&ev.bdaddr, bdaddr);
1484 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1487 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1489 struct mgmt_cp_disconnect *cp = cmd->cmd;
1490 struct sock **sk = data;
1491 struct mgmt_rp_disconnect rp;
1493 bacpy(&rp.bdaddr, &cp->bdaddr);
1495 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1500 mgmt_pending_remove(cmd);
1503 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1505 struct mgmt_ev_disconnected ev;
1506 struct sock *sk = NULL;
1509 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1511 bacpy(&ev.bdaddr, bdaddr);
1513 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1521 int mgmt_disconnect_failed(u16 index)
1523 struct pending_cmd *cmd;
1526 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1530 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1532 mgmt_pending_remove(cmd);
1537 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1539 struct mgmt_ev_connect_failed ev;
1541 bacpy(&ev.bdaddr, bdaddr);
1544 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1547 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr)
1549 struct mgmt_ev_pin_code_request ev;
1551 bacpy(&ev.bdaddr, bdaddr);
1553 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1557 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1559 struct pending_cmd *cmd;
1560 struct mgmt_rp_pin_code_reply rp;
1563 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1567 bacpy(&rp.bdaddr, bdaddr);
1570 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1573 mgmt_pending_remove(cmd);
1578 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1580 struct pending_cmd *cmd;
1581 struct mgmt_rp_pin_code_reply rp;
1584 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1588 bacpy(&rp.bdaddr, bdaddr);
1591 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1594 mgmt_pending_remove(cmd);
1599 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
1601 struct mgmt_ev_user_confirm_request ev;
1603 BT_DBG("hci%u", index);
1605 bacpy(&ev.bdaddr, bdaddr);
1606 put_unaligned_le32(value, &ev.value);
1608 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
1612 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
1615 struct pending_cmd *cmd;
1616 struct mgmt_rp_user_confirm_reply rp;
1619 cmd = mgmt_pending_find(opcode, index);
1623 bacpy(&rp.bdaddr, bdaddr);
1625 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
1627 mgmt_pending_remove(cmd);
1632 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1634 return confirm_reply_complete(index, bdaddr, status,
1635 MGMT_OP_USER_CONFIRM_REPLY);
1638 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr,
1641 return confirm_reply_complete(index, bdaddr, status,
1642 MGMT_OP_USER_CONFIRM_NEG_REPLY);
1645 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1647 struct mgmt_ev_auth_failed ev;
1649 bacpy(&ev.bdaddr, bdaddr);
1652 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
projects / cascardo / linux.git / blob