search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bluetooth: Add mgmt_remote_name event
[linux-2.6/btrfs-unstable.git] / net / bluetooth / mgmt.c
blob9a61320c5f2e191fd2124c96d13b1b4de44414d6
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
34
35 struct pending_cmd {
36 struct list_head list;
37 __u16 opcode;
38 int index;
39 void *param;
40 struct sock *sk;
41 void *user_data;
42 };
43
44 LIST_HEAD(cmd_list);
45
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47 {
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
51
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
53
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55 if (!skb)
56 return -ENOMEM;
57
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
59
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
63
64 ev = (void *) skb_put(skb, sizeof(*ev));
65 ev->status = status;
66 put_unaligned_le16(cmd, &ev->opcode);
67
68 if (sock_queue_rcv_skb(sk, skb) < 0)
69 kfree_skb(skb);
70
71 return 0;
72 }
73
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75 size_t rp_len)
76 {
77 struct sk_buff *skb;
78 struct mgmt_hdr *hdr;
79 struct mgmt_ev_cmd_complete *ev;
80
81 BT_DBG("sock %p", sk);
82
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
84 if (!skb)
85 return -ENOMEM;
86
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
88
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
92
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
95
96 if (rp)
97 memcpy(ev->data, rp, rp_len);
98
99 if (sock_queue_rcv_skb(sk, skb) < 0)
100 kfree_skb(skb);
101
102 return 0;
103 }
104
105 static int read_version(struct sock *sk)
106 {
107 struct mgmt_rp_read_version rp;
108
109 BT_DBG("sock %p", sk);
110
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115 sizeof(rp));
116 }
117
118 static int read_index_list(struct sock *sk)
119 {
120 struct mgmt_rp_read_index_list *rp;
121 struct list_head *p;
122 size_t rp_len;
123 u16 count;
124 int i, err;
125
126 BT_DBG("sock %p", sk);
127
128 read_lock(&hci_dev_list_lock);
129
130 count = 0;
131 list_for_each(p, &hci_dev_list) {
132 count++;
133 }
134
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
137 if (!rp) {
138 read_unlock(&hci_dev_list_lock);
139 return -ENOMEM;
140 }
141
142 put_unaligned_le16(count, &rp->num_controllers);
143
144 i = 0;
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
147
148 hci_del_off_timer(d);
149
150 set_bit(HCI_MGMT, &d->flags);
151
152 if (test_bit(HCI_SETUP, &d->flags))
153 continue;
154
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
157 }
158
159 read_unlock(&hci_dev_list_lock);
160
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162 rp_len);
163
164 kfree(rp);
165
166 return err;
167 }
168
169 static int read_controller_info(struct sock *sk, u16 index)
170 {
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
173
174 BT_DBG("sock %p hci%u", sk, index);
175
176 hdev = hci_dev_get(index);
177 if (!hdev)
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179
180 hci_del_off_timer(hdev);
181
182 hci_dev_lock_bh(hdev);
183
184 set_bit(HCI_MGMT, &hdev->flags);
185
186 memset(&rp, 0, sizeof(rp));
187
188 rp.type = hdev->dev_type;
189
190 rp.powered = test_bit(HCI_UP, &hdev->flags);
191 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
192 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
193 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
194
195 if (test_bit(HCI_AUTH, &hdev->flags))
196 rp.sec_mode = 3;
197 else if (hdev->ssp_mode > 0)
198 rp.sec_mode = 4;
199 else
200 rp.sec_mode = 2;
201
202 bacpy(&rp.bdaddr, &hdev->bdaddr);
203 memcpy(rp.features, hdev->features, 8);
204 memcpy(rp.dev_class, hdev->dev_class, 3);
205 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
206 rp.hci_ver = hdev->hci_ver;
207 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
208
209 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210
211 hci_dev_unlock_bh(hdev);
212 hci_dev_put(hdev);
213
214 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
215 }
216
217 static void mgmt_pending_free(struct pending_cmd *cmd)
218 {
219 sock_put(cmd->sk);
220 kfree(cmd->param);
221 kfree(cmd);
222 }
223
224 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
225 u16 index, void *data, u16 len)
226 {
227 struct pending_cmd *cmd;
228
229 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
230 if (!cmd)
231 return NULL;
232
233 cmd->opcode = opcode;
234 cmd->index = index;
235
236 cmd->param = kmalloc(len, GFP_ATOMIC);
237 if (!cmd->param) {
238 kfree(cmd);
239 return NULL;
240 }
241
242 if (data)
243 memcpy(cmd->param, data, len);
244
245 cmd->sk = sk;
246 sock_hold(sk);
247
248 list_add(&cmd->list, &cmd_list);
249
250 return cmd;
251 }
252
253 static void mgmt_pending_foreach(u16 opcode, int index,
254 void (*cb)(struct pending_cmd *cmd, void *data),
255 void *data)
256 {
257 struct list_head *p, *n;
258
259 list_for_each_safe(p, n, &cmd_list) {
260 struct pending_cmd *cmd;
261
262 cmd = list_entry(p, struct pending_cmd, list);
263
264 if (cmd->opcode != opcode)
265 continue;
266
267 if (index >= 0 && cmd->index != index)
268 continue;
269
270 cb(cmd, data);
271 }
272 }
273
274 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
275 {
276 struct list_head *p;
277
278 list_for_each(p, &cmd_list) {
279 struct pending_cmd *cmd;
280
281 cmd = list_entry(p, struct pending_cmd, list);
282
283 if (cmd->opcode != opcode)
284 continue;
285
286 if (index >= 0 && cmd->index != index)
287 continue;
288
289 return cmd;
290 }
291
292 return NULL;
293 }
294
295 static void mgmt_pending_remove(struct pending_cmd *cmd)
296 {
297 list_del(&cmd->list);
298 mgmt_pending_free(cmd);
299 }
300
301 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
302 {
303 struct mgmt_mode *cp;
304 struct hci_dev *hdev;
305 struct pending_cmd *cmd;
306 int err, up;
307
308 cp = (void *) data;
309
310 BT_DBG("request for hci%u", index);
311
312 if (len != sizeof(*cp))
313 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314
315 hdev = hci_dev_get(index);
316 if (!hdev)
317 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318
319 hci_dev_lock_bh(hdev);
320
321 up = test_bit(HCI_UP, &hdev->flags);
322 if ((cp->val && up) || (!cp->val && !up)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
324 goto failed;
325 }
326
327 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
328 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
329 goto failed;
330 }
331
332 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
333 if (!cmd) {
334 err = -ENOMEM;
335 goto failed;
336 }
337
338 if (cp->val)
339 queue_work(hdev->workqueue, &hdev->power_on);
340 else
341 queue_work(hdev->workqueue, &hdev->power_off);
342
343 err = 0;
344
345 failed:
346 hci_dev_unlock_bh(hdev);
347 hci_dev_put(hdev);
348 return err;
349 }
350
351 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352 u16 len)
353 {
354 struct mgmt_mode *cp;
355 struct hci_dev *hdev;
356 struct pending_cmd *cmd;
357 u8 scan;
358 int err;
359
360 cp = (void *) data;
361
362 BT_DBG("request for hci%u", index);
363
364 if (len != sizeof(*cp))
365 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366
367 hdev = hci_dev_get(index);
368 if (!hdev)
369 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370
371 hci_dev_lock_bh(hdev);
372
373 if (!test_bit(HCI_UP, &hdev->flags)) {
374 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
375 goto failed;
376 }
377
378 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
379 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
380 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
381 goto failed;
382 }
383
384 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
385 test_bit(HCI_PSCAN, &hdev->flags)) {
386 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
387 goto failed;
388 }
389
390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
391 if (!cmd) {
392 err = -ENOMEM;
393 goto failed;
394 }
395
396 scan = SCAN_PAGE;
397
398 if (cp->val)
399 scan |= SCAN_INQUIRY;
400
401 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
402 if (err < 0)
403 mgmt_pending_remove(cmd);
404
405 failed:
406 hci_dev_unlock_bh(hdev);
407 hci_dev_put(hdev);
408
409 return err;
410 }
411
412 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413 u16 len)
414 {
415 struct mgmt_mode *cp;
416 struct hci_dev *hdev;
417 struct pending_cmd *cmd;
418 u8 scan;
419 int err;
420
421 cp = (void *) data;
422
423 BT_DBG("request for hci%u", index);
424
425 if (len != sizeof(*cp))
426 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
427
428 hdev = hci_dev_get(index);
429 if (!hdev)
430 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
431
432 hci_dev_lock_bh(hdev);
433
434 if (!test_bit(HCI_UP, &hdev->flags)) {
435 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 goto failed;
437 }
438
439 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
440 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 goto failed;
443 }
444
445 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
446 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 goto failed;
448 }
449
450 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
451 if (!cmd) {
452 err = -ENOMEM;
453 goto failed;
454 }
455
456 if (cp->val)
457 scan = SCAN_PAGE;
458 else
459 scan = 0;
460
461 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
462 if (err < 0)
463 mgmt_pending_remove(cmd);
464
465 failed:
466 hci_dev_unlock_bh(hdev);
467 hci_dev_put(hdev);
468
469 return err;
470 }
471
472 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
473 struct sock *skip_sk)
474 {
475 struct sk_buff *skb;
476 struct mgmt_hdr *hdr;
477
478 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 if (!skb)
480 return -ENOMEM;
481
482 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
483
484 hdr = (void *) skb_put(skb, sizeof(*hdr));
485 hdr->opcode = cpu_to_le16(event);
486 hdr->index = cpu_to_le16(index);
487 hdr->len = cpu_to_le16(data_len);
488
489 if (data)
490 memcpy(skb_put(skb, data_len), data, data_len);
491
492 hci_send_to_sock(NULL, skb, skip_sk);
493 kfree_skb(skb);
494
495 return 0;
496 }
497
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 {
500 struct mgmt_mode rp;
501
502 rp.val = val;
503
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
505 }
506
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508 u16 len)
509 {
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
512 int err;
513
514 cp = (void *) data;
515
516 BT_DBG("request for hci%u", index);
517
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
521 hdev = hci_dev_get(index);
522 if (!hdev)
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
524
525 hci_dev_lock_bh(hdev);
526
527 if (cp->val)
528 set_bit(HCI_PAIRABLE, &hdev->flags);
529 else
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533 if (err < 0)
534 goto failed;
535
536 ev.val = cp->val;
537
538 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539
540 failed:
541 hci_dev_unlock_bh(hdev);
542 hci_dev_put(hdev);
543
544 return err;
545 }
546
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
558
559 #define PNP_INFO_SVCLASS_ID 0x1200
560
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564 };
565
566 static u16 get_uuid16(u8 *uuid128)
567 {
568 u32 val;
569 int i;
570
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
573 return 0;
574 }
575
576 memcpy(&val, &uuid128[12], 4);
577
578 val = le32_to_cpu(val);
579 if (val > 0xffff)
580 return 0;
581
582 return (u16) val;
583 }
584
585 static void create_eir(struct hci_dev *hdev, u8 *data)
586 {
587 u8 *ptr = data;
588 u16 eir_len = 0;
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct list_head *p;
592 size_t name_len;
593
594 name_len = strlen(hdev->dev_name);
595
596 if (name_len > 0) {
597 /* EIR Data type */
598 if (name_len > 48) {
599 name_len = 48;
600 ptr[1] = EIR_NAME_SHORT;
601 } else
602 ptr[1] = EIR_NAME_COMPLETE;
603
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
606
607 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
611 }
612
613 memset(uuid16_list, 0, sizeof(uuid16_list));
614
615 /* Group all UUID16 types */
616 list_for_each(p, &hdev->uuids) {
617 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618 u16 uuid16;
619
620 uuid16 = get_uuid16(uuid->uuid);
621 if (uuid16 == 0)
622 return;
623
624 if (uuid16 < 0x1100)
625 continue;
626
627 if (uuid16 == PNP_INFO_SVCLASS_ID)
628 continue;
629
630 /* Stop if not enough space to put next UUID */
631 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632 truncated = 1;
633 break;
634 }
635
636 /* Check for duplicates */
637 for (i = 0; uuid16_list[i] != 0; i++)
638 if (uuid16_list[i] == uuid16)
639 break;
640
641 if (uuid16_list[i] == 0) {
642 uuid16_list[i] = uuid16;
643 eir_len += sizeof(u16);
644 }
645 }
646
647 if (uuid16_list[0] != 0) {
648 u8 *length = ptr;
649
650 /* EIR Data type */
651 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652
653 ptr += 2;
654 eir_len += 2;
655
656 for (i = 0; uuid16_list[i] != 0; i++) {
657 *ptr++ = (uuid16_list[i] & 0x00ff);
658 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659 }
660
661 /* EIR Data length */
662 *length = (i * sizeof(u16)) + 1;
663 }
664 }
665
666 static int update_eir(struct hci_dev *hdev)
667 {
668 struct hci_cp_write_eir cp;
669
670 if (!(hdev->features[6] & LMP_EXT_INQ))
671 return 0;
672
673 if (hdev->ssp_mode == 0)
674 return 0;
675
676 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677 return 0;
678
679 memset(&cp, 0, sizeof(cp));
680
681 create_eir(hdev, cp.data);
682
683 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684 return 0;
685
686 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687
688 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689 }
690
691 static u8 get_service_classes(struct hci_dev *hdev)
692 {
693 struct list_head *p;
694 u8 val = 0;
695
696 list_for_each(p, &hdev->uuids) {
697 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
698
699 val |= uuid->svc_hint;
700 }
701
702 return val;
703 }
704
705 static int update_class(struct hci_dev *hdev)
706 {
707 u8 cod[3];
708
709 BT_DBG("%s", hdev->name);
710
711 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712 return 0;
713
714 cod[0] = hdev->minor_class;
715 cod[1] = hdev->major_class;
716 cod[2] = get_service_classes(hdev);
717
718 if (memcmp(cod, hdev->dev_class, 3) == 0)
719 return 0;
720
721 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722 }
723
724 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
725 {
726 struct mgmt_cp_add_uuid *cp;
727 struct hci_dev *hdev;
728 struct bt_uuid *uuid;
729 int err;
730
731 cp = (void *) data;
732
733 BT_DBG("request for hci%u", index);
734
735 if (len != sizeof(*cp))
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
737
738 hdev = hci_dev_get(index);
739 if (!hdev)
740 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
741
742 hci_dev_lock_bh(hdev);
743
744 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745 if (!uuid) {
746 err = -ENOMEM;
747 goto failed;
748 }
749
750 memcpy(uuid->uuid, cp->uuid, 16);
751 uuid->svc_hint = cp->svc_hint;
752
753 list_add(&uuid->list, &hdev->uuids);
754
755 err = update_class(hdev);
756 if (err < 0)
757 goto failed;
758
759 err = update_eir(hdev);
760 if (err < 0)
761 goto failed;
762
763 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764
765 failed:
766 hci_dev_unlock_bh(hdev);
767 hci_dev_put(hdev);
768
769 return err;
770 }
771
772 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
773 {
774 struct list_head *p, *n;
775 struct mgmt_cp_remove_uuid *cp;
776 struct hci_dev *hdev;
777 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 int err, found;
779
780 cp = (void *) data;
781
782 BT_DBG("request for hci%u", index);
783
784 if (len != sizeof(*cp))
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
786
787 hdev = hci_dev_get(index);
788 if (!hdev)
789 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
790
791 hci_dev_lock_bh(hdev);
792
793 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794 err = hci_uuids_clear(hdev);
795 goto unlock;
796 }
797
798 found = 0;
799
800 list_for_each_safe(p, n, &hdev->uuids) {
801 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
802
803 if (memcmp(match->uuid, cp->uuid, 16) != 0)
804 continue;
805
806 list_del(&match->list);
807 found++;
808 }
809
810 if (found == 0) {
811 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
812 goto unlock;
813 }
814
815 err = update_class(hdev);
816 if (err < 0)
817 goto unlock;
818
819 err = update_eir(hdev);
820 if (err < 0)
821 goto unlock;
822
823 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824
825 unlock:
826 hci_dev_unlock_bh(hdev);
827 hci_dev_put(hdev);
828
829 return err;
830 }
831
832 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833 u16 len)
834 {
835 struct hci_dev *hdev;
836 struct mgmt_cp_set_dev_class *cp;
837 int err;
838
839 cp = (void *) data;
840
841 BT_DBG("request for hci%u", index);
842
843 if (len != sizeof(*cp))
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
845
846 hdev = hci_dev_get(index);
847 if (!hdev)
848 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
849
850 hci_dev_lock_bh(hdev);
851
852 hdev->major_class = cp->major;
853 hdev->minor_class = cp->minor;
854
855 err = update_class(hdev);
856
857 if (err == 0)
858 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
859
860 hci_dev_unlock_bh(hdev);
861 hci_dev_put(hdev);
862
863 return err;
864 }
865
866 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
867 u16 len)
868 {
869 struct hci_dev *hdev;
870 struct mgmt_cp_set_service_cache *cp;
871 int err;
872
873 cp = (void *) data;
874
875 if (len != sizeof(*cp))
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
877
878 hdev = hci_dev_get(index);
879 if (!hdev)
880 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
881
882 hci_dev_lock_bh(hdev);
883
884 BT_DBG("hci%u enable %d", index, cp->enable);
885
886 if (cp->enable) {
887 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888 err = 0;
889 } else {
890 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891 err = update_class(hdev);
892 if (err == 0)
893 err = update_eir(hdev);
894 }
895
896 if (err == 0)
897 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898 0);
899
900 hci_dev_unlock_bh(hdev);
901 hci_dev_put(hdev);
902
903 return err;
904 }
905
906 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
907 {
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_keys *cp;
910 u16 key_count, expected_len;
911 int i;
912
913 cp = (void *) data;
914
915 if (len < sizeof(*cp))
916 return -EINVAL;
917
918 key_count = get_unaligned_le16(&cp->key_count);
919
920 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
921 if (expected_len != len) {
922 BT_ERR("load_keys: expected %u bytes, got %u bytes",
923 len, expected_len);
924 return -EINVAL;
925 }
926
927 hdev = hci_dev_get(index);
928 if (!hdev)
929 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
930
931 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932 key_count);
933
934 hci_dev_lock_bh(hdev);
935
936 hci_link_keys_clear(hdev);
937
938 set_bit(HCI_LINK_KEYS, &hdev->flags);
939
940 if (cp->debug_keys)
941 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
942 else
943 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
944
945 for (i = 0; i < key_count; i++) {
946 struct mgmt_key_info *key = &cp->keys[i];
947
948 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type,
949 key->pin_len);
950 }
951
952 hci_dev_unlock_bh(hdev);
953 hci_dev_put(hdev);
954
955 return 0;
956 }
957
958 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
959 {
960 struct hci_dev *hdev;
961 struct mgmt_cp_remove_key *cp;
962 struct hci_conn *conn;
963 int err;
964
965 cp = (void *) data;
966
967 if (len != sizeof(*cp))
968 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
969
970 hdev = hci_dev_get(index);
971 if (!hdev)
972 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
973
974 hci_dev_lock_bh(hdev);
975
976 err = hci_remove_link_key(hdev, &cp->bdaddr);
977 if (err < 0) {
978 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
979 goto unlock;
980 }
981
982 err = 0;
983
984 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
985 goto unlock;
986
987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
988 if (conn) {
989 struct hci_cp_disconnect dc;
990
991 put_unaligned_le16(conn->handle, &dc.handle);
992 dc.reason = 0x13; /* Remote User Terminated Connection */
993 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
994 }
995
996 unlock:
997 hci_dev_unlock_bh(hdev);
998 hci_dev_put(hdev);
999
1000 return err;
1001 }
1002
1003 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1004 {
1005 struct hci_dev *hdev;
1006 struct mgmt_cp_disconnect *cp;
1007 struct hci_cp_disconnect dc;
1008 struct pending_cmd *cmd;
1009 struct hci_conn *conn;
1010 int err;
1011
1012 BT_DBG("");
1013
1014 cp = (void *) data;
1015
1016 if (len != sizeof(*cp))
1017 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1018
1019 hdev = hci_dev_get(index);
1020 if (!hdev)
1021 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1022
1023 hci_dev_lock_bh(hdev);
1024
1025 if (!test_bit(HCI_UP, &hdev->flags)) {
1026 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1027 goto failed;
1028 }
1029
1030 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1031 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1032 goto failed;
1033 }
1034
1035 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1036 if (!conn) {
1037 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1038 goto failed;
1039 }
1040
1041 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1042 if (!cmd) {
1043 err = -ENOMEM;
1044 goto failed;
1045 }
1046
1047 put_unaligned_le16(conn->handle, &dc.handle);
1048 dc.reason = 0x13; /* Remote User Terminated Connection */
1049
1050 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1051 if (err < 0)
1052 mgmt_pending_remove(cmd);
1053
1054 failed:
1055 hci_dev_unlock_bh(hdev);
1056 hci_dev_put(hdev);
1057
1058 return err;
1059 }
1060
1061 static int get_connections(struct sock *sk, u16 index)
1062 {
1063 struct mgmt_rp_get_connections *rp;
1064 struct hci_dev *hdev;
1065 struct list_head *p;
1066 size_t rp_len;
1067 u16 count;
1068 int i, err;
1069
1070 BT_DBG("");
1071
1072 hdev = hci_dev_get(index);
1073 if (!hdev)
1074 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1075
1076 hci_dev_lock_bh(hdev);
1077
1078 count = 0;
1079 list_for_each(p, &hdev->conn_hash.list) {
1080 count++;
1081 }
1082
1083 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1084 rp = kmalloc(rp_len, GFP_ATOMIC);
1085 if (!rp) {
1086 err = -ENOMEM;
1087 goto unlock;
1088 }
1089
1090 put_unaligned_le16(count, &rp->conn_count);
1091
1092 read_lock(&hci_dev_list_lock);
1093
1094 i = 0;
1095 list_for_each(p, &hdev->conn_hash.list) {
1096 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1097
1098 bacpy(&rp->conn[i++], &c->dst);
1099 }
1100
1101 read_unlock(&hci_dev_list_lock);
1102
1103 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1104
1105 unlock:
1106 kfree(rp);
1107 hci_dev_unlock_bh(hdev);
1108 hci_dev_put(hdev);
1109 return err;
1110 }
1111
1112 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1113 u16 len)
1114 {
1115 struct hci_dev *hdev;
1116 struct mgmt_cp_pin_code_reply *cp;
1117 struct hci_cp_pin_code_reply reply;
1118 struct pending_cmd *cmd;
1119 int err;
1120
1121 BT_DBG("");
1122
1123 cp = (void *) data;
1124
1125 if (len != sizeof(*cp))
1126 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1127
1128 hdev = hci_dev_get(index);
1129 if (!hdev)
1130 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1131
1132 hci_dev_lock_bh(hdev);
1133
1134 if (!test_bit(HCI_UP, &hdev->flags)) {
1135 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1136 goto failed;
1137 }
1138
1139 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1140 if (!cmd) {
1141 err = -ENOMEM;
1142 goto failed;
1143 }
1144
1145 bacpy(&reply.bdaddr, &cp->bdaddr);
1146 reply.pin_len = cp->pin_len;
1147 memcpy(reply.pin_code, cp->pin_code, 16);
1148
1149 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1150 if (err < 0)
1151 mgmt_pending_remove(cmd);
1152
1153 failed:
1154 hci_dev_unlock_bh(hdev);
1155 hci_dev_put(hdev);
1156
1157 return err;
1158 }
1159
1160 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1161 u16 len)
1162 {
1163 struct hci_dev *hdev;
1164 struct mgmt_cp_pin_code_neg_reply *cp;
1165 struct pending_cmd *cmd;
1166 int err;
1167
1168 BT_DBG("");
1169
1170 cp = (void *) data;
1171
1172 if (len != sizeof(*cp))
1173 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1174 EINVAL);
1175
1176 hdev = hci_dev_get(index);
1177 if (!hdev)
1178 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1179 ENODEV);
1180
1181 hci_dev_lock_bh(hdev);
1182
1183 if (!test_bit(HCI_UP, &hdev->flags)) {
1184 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1185 ENETDOWN);
1186 goto failed;
1187 }
1188
1189 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1190 data, len);
1191 if (!cmd) {
1192 err = -ENOMEM;
1193 goto failed;
1194 }
1195
1196 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1197 &cp->bdaddr);
1198 if (err < 0)
1199 mgmt_pending_remove(cmd);
1200
1201 failed:
1202 hci_dev_unlock_bh(hdev);
1203 hci_dev_put(hdev);
1204
1205 return err;
1206 }
1207
1208 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1209 u16 len)
1210 {
1211 struct hci_dev *hdev;
1212 struct mgmt_cp_set_io_capability *cp;
1213
1214 BT_DBG("");
1215
1216 cp = (void *) data;
1217
1218 if (len != sizeof(*cp))
1219 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1220
1221 hdev = hci_dev_get(index);
1222 if (!hdev)
1223 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1224
1225 hci_dev_lock_bh(hdev);
1226
1227 hdev->io_capability = cp->io_capability;
1228
1229 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1230 hdev->io_capability);
1231
1232 hci_dev_unlock_bh(hdev);
1233 hci_dev_put(hdev);
1234
1235 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1236 }
1237
1238 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1239 {
1240 struct hci_dev *hdev = conn->hdev;
1241 struct list_head *p;
1242
1243 list_for_each(p, &cmd_list) {
1244 struct pending_cmd *cmd;
1245
1246 cmd = list_entry(p, struct pending_cmd, list);
1247
1248 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1249 continue;
1250
1251 if (cmd->index != hdev->id)
1252 continue;
1253
1254 if (cmd->user_data != conn)
1255 continue;
1256
1257 return cmd;
1258 }
1259
1260 return NULL;
1261 }
1262
1263 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1264 {
1265 struct mgmt_rp_pair_device rp;
1266 struct hci_conn *conn = cmd->user_data;
1267
1268 bacpy(&rp.bdaddr, &conn->dst);
1269 rp.status = status;
1270
1271 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1272
1273 /* So we don't get further callbacks for this connection */
1274 conn->connect_cfm_cb = NULL;
1275 conn->security_cfm_cb = NULL;
1276 conn->disconn_cfm_cb = NULL;
1277
1278 hci_conn_put(conn);
1279
1280 mgmt_pending_remove(cmd);
1281 }
1282
1283 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1284 {
1285 struct pending_cmd *cmd;
1286
1287 BT_DBG("status %u", status);
1288
1289 cmd = find_pairing(conn);
1290 if (!cmd) {
1291 BT_DBG("Unable to find a pending command");
1292 return;
1293 }
1294
1295 pairing_complete(cmd, status);
1296 }
1297
1298 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1299 {
1300 struct hci_dev *hdev;
1301 struct mgmt_cp_pair_device *cp;
1302 struct pending_cmd *cmd;
1303 u8 sec_level, auth_type;
1304 struct hci_conn *conn;
1305 int err;
1306
1307 BT_DBG("");
1308
1309 cp = (void *) data;
1310
1311 if (len != sizeof(*cp))
1312 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1313
1314 hdev = hci_dev_get(index);
1315 if (!hdev)
1316 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1317
1318 hci_dev_lock_bh(hdev);
1319
1320 if (cp->io_cap == 0x03) {
1321 sec_level = BT_SECURITY_MEDIUM;
1322 auth_type = HCI_AT_DEDICATED_BONDING;
1323 } else {
1324 sec_level = BT_SECURITY_HIGH;
1325 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1326 }
1327
1328 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1329 if (IS_ERR(conn)) {
1330 err = PTR_ERR(conn);
1331 goto unlock;
1332 }
1333
1334 if (conn->connect_cfm_cb) {
1335 hci_conn_put(conn);
1336 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1337 goto unlock;
1338 }
1339
1340 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1341 if (!cmd) {
1342 err = -ENOMEM;
1343 hci_conn_put(conn);
1344 goto unlock;
1345 }
1346
1347 conn->connect_cfm_cb = pairing_complete_cb;
1348 conn->security_cfm_cb = pairing_complete_cb;
1349 conn->disconn_cfm_cb = pairing_complete_cb;
1350 conn->io_capability = cp->io_cap;
1351 cmd->user_data = conn;
1352
1353 if (conn->state == BT_CONNECTED &&
1354 hci_conn_security(conn, sec_level, auth_type))
1355 pairing_complete(cmd, 0);
1356
1357 err = 0;
1358
1359 unlock:
1360 hci_dev_unlock_bh(hdev);
1361 hci_dev_put(hdev);
1362
1363 return err;
1364 }
1365
1366 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1367 u16 len, int success)
1368 {
1369 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1370 u16 mgmt_op, hci_op;
1371 struct pending_cmd *cmd;
1372 struct hci_dev *hdev;
1373 int err;
1374
1375 BT_DBG("");
1376
1377 if (success) {
1378 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1379 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1380 } else {
1381 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1382 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1383 }
1384
1385 if (len != sizeof(*cp))
1386 return cmd_status(sk, index, mgmt_op, EINVAL);
1387
1388 hdev = hci_dev_get(index);
1389 if (!hdev)
1390 return cmd_status(sk, index, mgmt_op, ENODEV);
1391
1392 hci_dev_lock_bh(hdev);
1393
1394 if (!test_bit(HCI_UP, &hdev->flags)) {
1395 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1396 goto failed;
1397 }
1398
1399 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1400 if (!cmd) {
1401 err = -ENOMEM;
1402 goto failed;
1403 }
1404
1405 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1406 if (err < 0)
1407 mgmt_pending_remove(cmd);
1408
1409 failed:
1410 hci_dev_unlock_bh(hdev);
1411 hci_dev_put(hdev);
1412
1413 return err;
1414 }
1415
1416 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1417 u16 len)
1418 {
1419 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1420 struct hci_cp_write_local_name hci_cp;
1421 struct hci_dev *hdev;
1422 struct pending_cmd *cmd;
1423 int err;
1424
1425 BT_DBG("");
1426
1427 if (len != sizeof(*mgmt_cp))
1428 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1429
1430 hdev = hci_dev_get(index);
1431 if (!hdev)
1432 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1433
1434 hci_dev_lock_bh(hdev);
1435
1436 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1437 if (!cmd) {
1438 err = -ENOMEM;
1439 goto failed;
1440 }
1441
1442 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1443 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1444 &hci_cp);
1445 if (err < 0)
1446 mgmt_pending_remove(cmd);
1447
1448 failed:
1449 hci_dev_unlock_bh(hdev);
1450 hci_dev_put(hdev);
1451
1452 return err;
1453 }
1454
1455 static int read_local_oob_data(struct sock *sk, u16 index)
1456 {
1457 struct hci_dev *hdev;
1458 struct pending_cmd *cmd;
1459 int err;
1460
1461 BT_DBG("hci%u", index);
1462
1463 hdev = hci_dev_get(index);
1464 if (!hdev)
1465 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1466 ENODEV);
1467
1468 hci_dev_lock_bh(hdev);
1469
1470 if (!test_bit(HCI_UP, &hdev->flags)) {
1471 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1472 ENETDOWN);
1473 goto unlock;
1474 }
1475
1476 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1477 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1478 EOPNOTSUPP);
1479 goto unlock;
1480 }
1481
1482 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1483 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1484 goto unlock;
1485 }
1486
1487 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1488 if (!cmd) {
1489 err = -ENOMEM;
1490 goto unlock;
1491 }
1492
1493 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1494 if (err < 0)
1495 mgmt_pending_remove(cmd);
1496
1497 unlock:
1498 hci_dev_unlock_bh(hdev);
1499 hci_dev_put(hdev);
1500
1501 return err;
1502 }
1503
1504 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1505 u16 len)
1506 {
1507 struct hci_dev *hdev;
1508 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1509 int err;
1510
1511 BT_DBG("hci%u ", index);
1512
1513 if (len != sizeof(*cp))
1514 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1515 EINVAL);
1516
1517 hdev = hci_dev_get(index);
1518 if (!hdev)
1519 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1520 ENODEV);
1521
1522 hci_dev_lock_bh(hdev);
1523
1524 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1525 cp->randomizer);
1526 if (err < 0)
1527 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1528 else
1529 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1530 0);
1531
1532 hci_dev_unlock_bh(hdev);
1533 hci_dev_put(hdev);
1534
1535 return err;
1536 }
1537
1538 static int remove_remote_oob_data(struct sock *sk, u16 index,
1539 unsigned char *data, u16 len)
1540 {
1541 struct hci_dev *hdev;
1542 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1543 int err;
1544
1545 BT_DBG("hci%u ", index);
1546
1547 if (len != sizeof(*cp))
1548 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1549 EINVAL);
1550
1551 hdev = hci_dev_get(index);
1552 if (!hdev)
1553 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1554 ENODEV);
1555
1556 hci_dev_lock_bh(hdev);
1557
1558 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1559 if (err < 0)
1560 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1561 -err);
1562 else
1563 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1564 NULL, 0);
1565
1566 hci_dev_unlock_bh(hdev);
1567 hci_dev_put(hdev);
1568
1569 return err;
1570 }
1571
1572 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1573 {
1574 unsigned char *buf;
1575 struct mgmt_hdr *hdr;
1576 u16 opcode, index, len;
1577 int err;
1578
1579 BT_DBG("got %zu bytes", msglen);
1580
1581 if (msglen < sizeof(*hdr))
1582 return -EINVAL;
1583
1584 buf = kmalloc(msglen, GFP_ATOMIC);
1585 if (!buf)
1586 return -ENOMEM;
1587
1588 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1589 err = -EFAULT;
1590 goto done;
1591 }
1592
1593 hdr = (struct mgmt_hdr *) buf;
1594 opcode = get_unaligned_le16(&hdr->opcode);
1595 index = get_unaligned_le16(&hdr->index);
1596 len = get_unaligned_le16(&hdr->len);
1597
1598 if (len != msglen - sizeof(*hdr)) {
1599 err = -EINVAL;
1600 goto done;
1601 }
1602
1603 switch (opcode) {
1604 case MGMT_OP_READ_VERSION:
1605 err = read_version(sk);
1606 break;
1607 case MGMT_OP_READ_INDEX_LIST:
1608 err = read_index_list(sk);
1609 break;
1610 case MGMT_OP_READ_INFO:
1611 err = read_controller_info(sk, index);
1612 break;
1613 case MGMT_OP_SET_POWERED:
1614 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1615 break;
1616 case MGMT_OP_SET_DISCOVERABLE:
1617 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1618 break;
1619 case MGMT_OP_SET_CONNECTABLE:
1620 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1621 break;
1622 case MGMT_OP_SET_PAIRABLE:
1623 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1624 break;
1625 case MGMT_OP_ADD_UUID:
1626 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1627 break;
1628 case MGMT_OP_REMOVE_UUID:
1629 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1630 break;
1631 case MGMT_OP_SET_DEV_CLASS:
1632 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1633 break;
1634 case MGMT_OP_SET_SERVICE_CACHE:
1635 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1636 break;
1637 case MGMT_OP_LOAD_KEYS:
1638 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1639 break;
1640 case MGMT_OP_REMOVE_KEY:
1641 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1642 break;
1643 case MGMT_OP_DISCONNECT:
1644 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1645 break;
1646 case MGMT_OP_GET_CONNECTIONS:
1647 err = get_connections(sk, index);
1648 break;
1649 case MGMT_OP_PIN_CODE_REPLY:
1650 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1651 break;
1652 case MGMT_OP_PIN_CODE_NEG_REPLY:
1653 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1654 break;
1655 case MGMT_OP_SET_IO_CAPABILITY:
1656 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1657 break;
1658 case MGMT_OP_PAIR_DEVICE:
1659 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1660 break;
1661 case MGMT_OP_USER_CONFIRM_REPLY:
1662 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1663 break;
1664 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1665 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1666 break;
1667 case MGMT_OP_SET_LOCAL_NAME:
1668 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1669 break;
1670 case MGMT_OP_READ_LOCAL_OOB_DATA:
1671 err = read_local_oob_data(sk, index);
1672 break;
1673 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1674 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1675 break;
1676 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1677 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1678 len);
1679 break;
1680
1681 default:
1682 BT_DBG("Unknown op %u", opcode);
1683 err = cmd_status(sk, index, opcode, 0x01);
1684 break;
1685 }
1686
1687 if (err < 0)
1688 goto done;
1689
1690 err = msglen;
1691
1692 done:
1693 kfree(buf);
1694 return err;
1695 }
1696
1697 int mgmt_index_added(u16 index)
1698 {
1699 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1700 }
1701
1702 int mgmt_index_removed(u16 index)
1703 {
1704 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1705 }
1706
1707 struct cmd_lookup {
1708 u8 val;
1709 struct sock *sk;
1710 };
1711
1712 static void mode_rsp(struct pending_cmd *cmd, void *data)
1713 {
1714 struct mgmt_mode *cp = cmd->param;
1715 struct cmd_lookup *match = data;
1716
1717 if (cp->val != match->val)
1718 return;
1719
1720 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1721
1722 list_del(&cmd->list);
1723
1724 if (match->sk == NULL) {
1725 match->sk = cmd->sk;
1726 sock_hold(match->sk);
1727 }
1728
1729 mgmt_pending_free(cmd);
1730 }
1731
1732 int mgmt_powered(u16 index, u8 powered)
1733 {
1734 struct mgmt_mode ev;
1735 struct cmd_lookup match = { powered, NULL };
1736 int ret;
1737
1738 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1739
1740 ev.val = powered;
1741
1742 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1743
1744 if (match.sk)
1745 sock_put(match.sk);
1746
1747 return ret;
1748 }
1749
1750 int mgmt_discoverable(u16 index, u8 discoverable)
1751 {
1752 struct mgmt_mode ev;
1753 struct cmd_lookup match = { discoverable, NULL };
1754 int ret;
1755
1756 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1757
1758 ev.val = discoverable;
1759
1760 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1761 match.sk);
1762
1763 if (match.sk)
1764 sock_put(match.sk);
1765
1766 return ret;
1767 }
1768
1769 int mgmt_connectable(u16 index, u8 connectable)
1770 {
1771 struct mgmt_mode ev;
1772 struct cmd_lookup match = { connectable, NULL };
1773 int ret;
1774
1775 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1776
1777 ev.val = connectable;
1778
1779 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1780
1781 if (match.sk)
1782 sock_put(match.sk);
1783
1784 return ret;
1785 }
1786
1787 int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
1788 {
1789 struct mgmt_ev_new_key ev;
1790
1791 memset(&ev, 0, sizeof(ev));
1792
1793 bacpy(&ev.key.bdaddr, &key->bdaddr);
1794 ev.key.type = key->type;
1795 memcpy(ev.key.val, key->val, 16);
1796 ev.key.pin_len = key->pin_len;
1797 ev.old_key_type = old_key_type;
1798
1799 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1800 }
1801
1802 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1803 {
1804 struct mgmt_ev_connected ev;
1805
1806 bacpy(&ev.bdaddr, bdaddr);
1807
1808 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1809 }
1810
1811 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1812 {
1813 struct mgmt_cp_disconnect *cp = cmd->param;
1814 struct sock **sk = data;
1815 struct mgmt_rp_disconnect rp;
1816
1817 bacpy(&rp.bdaddr, &cp->bdaddr);
1818
1819 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1820
1821 *sk = cmd->sk;
1822 sock_hold(*sk);
1823
1824 mgmt_pending_remove(cmd);
1825 }
1826
1827 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1828 {
1829 struct mgmt_ev_disconnected ev;
1830 struct sock *sk = NULL;
1831 int err;
1832
1833 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1834
1835 bacpy(&ev.bdaddr, bdaddr);
1836
1837 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1838
1839 if (sk)
1840 sock_put(sk);
1841
1842 return err;
1843 }
1844
1845 int mgmt_disconnect_failed(u16 index)
1846 {
1847 struct pending_cmd *cmd;
1848 int err;
1849
1850 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1851 if (!cmd)
1852 return -ENOENT;
1853
1854 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1855
1856 mgmt_pending_remove(cmd);
1857
1858 return err;
1859 }
1860
1861 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1862 {
1863 struct mgmt_ev_connect_failed ev;
1864
1865 bacpy(&ev.bdaddr, bdaddr);
1866 ev.status = status;
1867
1868 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1869 }
1870
1871 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr)
1872 {
1873 struct mgmt_ev_pin_code_request ev;
1874
1875 bacpy(&ev.bdaddr, bdaddr);
1876
1877 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1878 NULL);
1879 }
1880
1881 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1882 {
1883 struct pending_cmd *cmd;
1884 struct mgmt_rp_pin_code_reply rp;
1885 int err;
1886
1887 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1888 if (!cmd)
1889 return -ENOENT;
1890
1891 bacpy(&rp.bdaddr, bdaddr);
1892 rp.status = status;
1893
1894 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1895 sizeof(rp));
1896
1897 mgmt_pending_remove(cmd);
1898
1899 return err;
1900 }
1901
1902 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1903 {
1904 struct pending_cmd *cmd;
1905 struct mgmt_rp_pin_code_reply rp;
1906 int err;
1907
1908 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1909 if (!cmd)
1910 return -ENOENT;
1911
1912 bacpy(&rp.bdaddr, bdaddr);
1913 rp.status = status;
1914
1915 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1916 sizeof(rp));
1917
1918 mgmt_pending_remove(cmd);
1919
1920 return err;
1921 }
1922
1923 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
1924 {
1925 struct mgmt_ev_user_confirm_request ev;
1926
1927 BT_DBG("hci%u", index);
1928
1929 bacpy(&ev.bdaddr, bdaddr);
1930 put_unaligned_le32(value, &ev.value);
1931
1932 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
1933 NULL);
1934 }
1935
1936 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
1937 u8 opcode)
1938 {
1939 struct pending_cmd *cmd;
1940 struct mgmt_rp_user_confirm_reply rp;
1941 int err;
1942
1943 cmd = mgmt_pending_find(opcode, index);
1944 if (!cmd)
1945 return -ENOENT;
1946
1947 bacpy(&rp.bdaddr, bdaddr);
1948 rp.status = status;
1949 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
1950
1951 mgmt_pending_remove(cmd);
1952
1953 return err;
1954 }
1955
1956 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1957 {
1958 return confirm_reply_complete(index, bdaddr, status,
1959 MGMT_OP_USER_CONFIRM_REPLY);
1960 }
1961
1962 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1963 {
1964 return confirm_reply_complete(index, bdaddr, status,
1965 MGMT_OP_USER_CONFIRM_NEG_REPLY);
1966 }
1967
1968 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1969 {
1970 struct mgmt_ev_auth_failed ev;
1971
1972 bacpy(&ev.bdaddr, bdaddr);
1973 ev.status = status;
1974
1975 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
1976 }
1977
1978 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
1979 {
1980 struct pending_cmd *cmd;
1981 struct hci_dev *hdev;
1982 struct mgmt_cp_set_local_name ev;
1983 int err;
1984
1985 memset(&ev, 0, sizeof(ev));
1986 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
1987
1988 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
1989 if (!cmd)
1990 goto send_event;
1991
1992 if (status) {
1993 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
1994 goto failed;
1995 }
1996
1997 hdev = hci_dev_get(index);
1998 if (hdev) {
1999 hci_dev_lock_bh(hdev);
2000 update_eir(hdev);
2001 hci_dev_unlock_bh(hdev);
2002 hci_dev_put(hdev);
2003 }
2004
2005 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2006 sizeof(ev));
2007 if (err < 0)
2008 goto failed;
2009
2010 send_event:
2011 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2012 cmd ? cmd->sk : NULL);
2013
2014 failed:
2015 if (cmd)
2016 mgmt_pending_remove(cmd);
2017 return err;
2018 }
2019
2020 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2021 u8 status)
2022 {
2023 struct pending_cmd *cmd;
2024 int err;
2025
2026 BT_DBG("hci%u status %u", index, status);
2027
2028 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2029 if (!cmd)
2030 return -ENOENT;
2031
2032 if (status) {
2033 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2034 EIO);
2035 } else {
2036 struct mgmt_rp_read_local_oob_data rp;
2037
2038 memcpy(rp.hash, hash, sizeof(rp.hash));
2039 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2040
2041 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2042 &rp, sizeof(rp));
2043 }
2044
2045 mgmt_pending_remove(cmd);
2046
2047 return err;
2048 }
2049
2050 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2051 u8 *eir)
2052 {
2053 struct mgmt_ev_device_found ev;
2054
2055 memset(&ev, 0, sizeof(ev));
2056
2057 bacpy(&ev.bdaddr, bdaddr);
2058 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2059 ev.rssi = rssi;
2060
2061 if (eir)
2062 memcpy(ev.eir, eir, sizeof(ev.eir));
2063
2064 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2065 }
2066
2067 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2068 {
2069 struct mgmt_ev_remote_name ev;
2070
2071 memset(&ev, 0, sizeof(ev));
2072
2073 bacpy(&ev.bdaddr, bdaddr);
2074 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2075
2076 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2077 }
(deprecated) Btrfs devel tree