1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
34
35 struct pending_cmd {
36 struct list_head list;
37 __u16 opcode;
38 int index;
39 void *cmd;
40 struct sock *sk;
41 void *user_data;
42 };
43
44 LIST_HEAD(cmd_list);
45
cmd_status(struct sock * sk,u16 index,u16 cmd,u8 status)46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47 {
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
51
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
53
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55 if (!skb)
56 return -ENOMEM;
57
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
59
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
63
64 ev = (void *) skb_put(skb, sizeof(*ev));
65 ev->status = status;
66 put_unaligned_le16(cmd, &ev->opcode);
67
68 if (sock_queue_rcv_skb(sk, skb) < 0)
69 kfree_skb(skb);
70
71 return 0;
72 }
73
cmd_complete(struct sock * sk,u16 index,u16 cmd,void * rp,size_t rp_len)74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75 size_t rp_len)
76 {
77 struct sk_buff *skb;
78 struct mgmt_hdr *hdr;
79 struct mgmt_ev_cmd_complete *ev;
80
81 BT_DBG("sock %p", sk);
82
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
84 if (!skb)
85 return -ENOMEM;
86
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
88
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
92
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
95
96 if (rp)
97 memcpy(ev->data, rp, rp_len);
98
99 if (sock_queue_rcv_skb(sk, skb) < 0)
100 kfree_skb(skb);
101
102 return 0;
103 }
104
read_version(struct sock * sk)105 static int read_version(struct sock *sk)
106 {
107 struct mgmt_rp_read_version rp;
108
109 BT_DBG("sock %p", sk);
110
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115 sizeof(rp));
116 }
117
read_index_list(struct sock * sk)118 static int read_index_list(struct sock *sk)
119 {
120 struct mgmt_rp_read_index_list *rp;
121 struct list_head *p;
122 size_t rp_len;
123 u16 count;
124 int i, err;
125
126 BT_DBG("sock %p", sk);
127
128 read_lock(&hci_dev_list_lock);
129
130 count = 0;
131 list_for_each(p, &hci_dev_list) {
132 count++;
133 }
134
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
137 if (!rp) {
138 read_unlock(&hci_dev_list_lock);
139 return -ENOMEM;
140 }
141
142 put_unaligned_le16(count, &rp->num_controllers);
143
144 i = 0;
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
147
148 hci_del_off_timer(d);
149
150 set_bit(HCI_MGMT, &d->flags);
151
152 if (test_bit(HCI_SETUP, &d->flags))
153 continue;
154
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
157 }
158
159 read_unlock(&hci_dev_list_lock);
160
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162 rp_len);
163
164 kfree(rp);
165
166 return err;
167 }
168
read_controller_info(struct sock * sk,u16 index)169 static int read_controller_info(struct sock *sk, u16 index)
170 {
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
173
174 BT_DBG("sock %p hci%u", sk, index);
175
176 hdev = hci_dev_get(index);
177 if (!hdev)
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179
180 hci_del_off_timer(hdev);
181
182 hci_dev_lock_bh(hdev);
183
184 set_bit(HCI_MGMT, &hdev->flags);
185
186 rp.type = hdev->dev_type;
187
188 rp.powered = test_bit(HCI_UP, &hdev->flags);
189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
192
193 if (test_bit(HCI_AUTH, &hdev->flags))
194 rp.sec_mode = 3;
195 else if (hdev->ssp_mode > 0)
196 rp.sec_mode = 4;
197 else
198 rp.sec_mode = 2;
199
200 bacpy(&rp.bdaddr, &hdev->bdaddr);
201 memcpy(rp.features, hdev->features, 8);
202 memcpy(rp.dev_class, hdev->dev_class, 3);
203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
204 rp.hci_ver = hdev->hci_ver;
205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
206
207 hci_dev_unlock_bh(hdev);
208 hci_dev_put(hdev);
209
210 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
211 }
212
mgmt_pending_free(struct pending_cmd * cmd)213 static void mgmt_pending_free(struct pending_cmd *cmd)
214 {
215 sock_put(cmd->sk);
216 kfree(cmd->cmd);
217 kfree(cmd);
218 }
219
mgmt_pending_add(struct sock * sk,u16 opcode,u16 index,void * data,u16 len)220 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
221 u16 index, void *data, u16 len)
222 {
223 struct pending_cmd *cmd;
224
225 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
226 if (!cmd)
227 return NULL;
228
229 cmd->opcode = opcode;
230 cmd->index = index;
231
232 cmd->cmd = kmalloc(len, GFP_ATOMIC);
233 if (!cmd->cmd) {
234 kfree(cmd);
235 return NULL;
236 }
237
238 memcpy(cmd->cmd, data, len);
239
240 cmd->sk = sk;
241 sock_hold(sk);
242
243 list_add(&cmd->list, &cmd_list);
244
245 return cmd;
246 }
247
mgmt_pending_foreach(u16 opcode,int index,void (* cb)(struct pending_cmd * cmd,void * data),void * data)248 static void mgmt_pending_foreach(u16 opcode, int index,
249 void (*cb)(struct pending_cmd *cmd, void *data),
250 void *data)
251 {
252 struct list_head *p, *n;
253
254 list_for_each_safe(p, n, &cmd_list) {
255 struct pending_cmd *cmd;
256
257 cmd = list_entry(p, struct pending_cmd, list);
258
259 if (cmd->opcode != opcode)
260 continue;
261
262 if (index >= 0 && cmd->index != index)
263 continue;
264
265 cb(cmd, data);
266 }
267 }
268
mgmt_pending_find(u16 opcode,int index)269 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
270 {
271 struct list_head *p;
272
273 list_for_each(p, &cmd_list) {
274 struct pending_cmd *cmd;
275
276 cmd = list_entry(p, struct pending_cmd, list);
277
278 if (cmd->opcode != opcode)
279 continue;
280
281 if (index >= 0 && cmd->index != index)
282 continue;
283
284 return cmd;
285 }
286
287 return NULL;
288 }
289
mgmt_pending_remove(struct pending_cmd * cmd)290 static void mgmt_pending_remove(struct pending_cmd *cmd)
291 {
292 list_del(&cmd->list);
293 mgmt_pending_free(cmd);
294 }
295
set_powered(struct sock * sk,u16 index,unsigned char * data,u16 len)296 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
297 {
298 struct mgmt_mode *cp;
299 struct hci_dev *hdev;
300 struct pending_cmd *cmd;
301 int err, up;
302
303 cp = (void *) data;
304
305 BT_DBG("request for hci%u", index);
306
307 if (len != sizeof(*cp))
308 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
309
310 hdev = hci_dev_get(index);
311 if (!hdev)
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
313
314 hci_dev_lock_bh(hdev);
315
316 up = test_bit(HCI_UP, &hdev->flags);
317 if ((cp->val && up) || (!cp->val && !up)) {
318 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
319 goto failed;
320 }
321
322 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
324 goto failed;
325 }
326
327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
328 if (!cmd) {
329 err = -ENOMEM;
330 goto failed;
331 }
332
333 if (cp->val)
334 queue_work(hdev->workqueue, &hdev->power_on);
335 else
336 queue_work(hdev->workqueue, &hdev->power_off);
337
338 err = 0;
339
340 failed:
341 hci_dev_unlock_bh(hdev);
342 hci_dev_put(hdev);
343 return err;
344 }
345
set_discoverable(struct sock * sk,u16 index,unsigned char * data,u16 len)346 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
347 u16 len)
348 {
349 struct mgmt_mode *cp;
350 struct hci_dev *hdev;
351 struct pending_cmd *cmd;
352 u8 scan;
353 int err;
354
355 cp = (void *) data;
356
357 BT_DBG("request for hci%u", index);
358
359 if (len != sizeof(*cp))
360 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
361
362 hdev = hci_dev_get(index);
363 if (!hdev)
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
365
366 hci_dev_lock_bh(hdev);
367
368 if (!test_bit(HCI_UP, &hdev->flags)) {
369 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
370 goto failed;
371 }
372
373 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
374 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
376 goto failed;
377 }
378
379 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
380 test_bit(HCI_PSCAN, &hdev->flags)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
382 goto failed;
383 }
384
385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
386 if (!cmd) {
387 err = -ENOMEM;
388 goto failed;
389 }
390
391 scan = SCAN_PAGE;
392
393 if (cp->val)
394 scan |= SCAN_INQUIRY;
395
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 if (err < 0)
398 mgmt_pending_remove(cmd);
399
400 failed:
401 hci_dev_unlock_bh(hdev);
402 hci_dev_put(hdev);
403
404 return err;
405 }
406
set_connectable(struct sock * sk,u16 index,unsigned char * data,u16 len)407 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
408 u16 len)
409 {
410 struct mgmt_mode *cp;
411 struct hci_dev *hdev;
412 struct pending_cmd *cmd;
413 u8 scan;
414 int err;
415
416 cp = (void *) data;
417
418 BT_DBG("request for hci%u", index);
419
420 if (len != sizeof(*cp))
421 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
422
423 hdev = hci_dev_get(index);
424 if (!hdev)
425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
426
427 hci_dev_lock_bh(hdev);
428
429 if (!test_bit(HCI_UP, &hdev->flags)) {
430 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
431 goto failed;
432 }
433
434 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
435 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
437 goto failed;
438 }
439
440 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
442 goto failed;
443 }
444
445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
446 if (!cmd) {
447 err = -ENOMEM;
448 goto failed;
449 }
450
451 if (cp->val)
452 scan = SCAN_PAGE;
453 else
454 scan = 0;
455
456 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
457 if (err < 0)
458 mgmt_pending_remove(cmd);
459
460 failed:
461 hci_dev_unlock_bh(hdev);
462 hci_dev_put(hdev);
463
464 return err;
465 }
466
mgmt_event(u16 event,u16 index,void * data,u16 data_len,struct sock * skip_sk)467 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
468 struct sock *skip_sk)
469 {
470 struct sk_buff *skb;
471 struct mgmt_hdr *hdr;
472
473 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
474 if (!skb)
475 return -ENOMEM;
476
477 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
478
479 hdr = (void *) skb_put(skb, sizeof(*hdr));
480 hdr->opcode = cpu_to_le16(event);
481 hdr->index = cpu_to_le16(index);
482 hdr->len = cpu_to_le16(data_len);
483
484 if (data)
485 memcpy(skb_put(skb, data_len), data, data_len);
486
487 hci_send_to_sock(NULL, skb, skip_sk);
488 kfree_skb(skb);
489
490 return 0;
491 }
492
send_mode_rsp(struct sock * sk,u16 opcode,u16 index,u8 val)493 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
494 {
495 struct mgmt_mode rp;
496
497 rp.val = val;
498
499 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
500 }
501
set_pairable(struct sock * sk,u16 index,unsigned char * data,u16 len)502 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
503 u16 len)
504 {
505 struct mgmt_mode *cp, ev;
506 struct hci_dev *hdev;
507 int err;
508
509 cp = (void *) data;
510
511 BT_DBG("request for hci%u", index);
512
513 if (len != sizeof(*cp))
514 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
515
516 hdev = hci_dev_get(index);
517 if (!hdev)
518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
519
520 hci_dev_lock_bh(hdev);
521
522 if (cp->val)
523 set_bit(HCI_PAIRABLE, &hdev->flags);
524 else
525 clear_bit(HCI_PAIRABLE, &hdev->flags);
526
527 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
528 if (err < 0)
529 goto failed;
530
531 ev.val = cp->val;
532
533 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
534
535 failed:
536 hci_dev_unlock_bh(hdev);
537 hci_dev_put(hdev);
538
539 return err;
540 }
541
get_service_classes(struct hci_dev * hdev)542 static u8 get_service_classes(struct hci_dev *hdev)
543 {
544 struct list_head *p;
545 u8 val = 0;
546
547 list_for_each(p, &hdev->uuids) {
548 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
549
550 val |= uuid->svc_hint;
551 }
552
553 return val;
554 }
555
update_class(struct hci_dev * hdev)556 static int update_class(struct hci_dev *hdev)
557 {
558 u8 cod[3];
559
560 BT_DBG("%s", hdev->name);
561
562 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
563 return 0;
564
565 cod[0] = hdev->minor_class;
566 cod[1] = hdev->major_class;
567 cod[2] = get_service_classes(hdev);
568
569 if (memcmp(cod, hdev->dev_class, 3) == 0)
570 return 0;
571
572 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
573 }
574
add_uuid(struct sock * sk,u16 index,unsigned char * data,u16 len)575 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
576 {
577 struct mgmt_cp_add_uuid *cp;
578 struct hci_dev *hdev;
579 struct bt_uuid *uuid;
580 int err;
581
582 cp = (void *) data;
583
584 BT_DBG("request for hci%u", index);
585
586 if (len != sizeof(*cp))
587 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
588
589 hdev = hci_dev_get(index);
590 if (!hdev)
591 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
592
593 hci_dev_lock_bh(hdev);
594
595 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
596 if (!uuid) {
597 err = -ENOMEM;
598 goto failed;
599 }
600
601 memcpy(uuid->uuid, cp->uuid, 16);
602 uuid->svc_hint = cp->svc_hint;
603
604 list_add(&uuid->list, &hdev->uuids);
605
606 err = update_class(hdev);
607 if (err < 0)
608 goto failed;
609
610 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
611
612 failed:
613 hci_dev_unlock_bh(hdev);
614 hci_dev_put(hdev);
615
616 return err;
617 }
618
remove_uuid(struct sock * sk,u16 index,unsigned char * data,u16 len)619 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
620 {
621 struct list_head *p, *n;
622 struct mgmt_cp_remove_uuid *cp;
623 struct hci_dev *hdev;
624 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
625 int err, found;
626
627 cp = (void *) data;
628
629 BT_DBG("request for hci%u", index);
630
631 if (len != sizeof(*cp))
632 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
633
634 hdev = hci_dev_get(index);
635 if (!hdev)
636 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
637
638 hci_dev_lock_bh(hdev);
639
640 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
641 err = hci_uuids_clear(hdev);
642 goto unlock;
643 }
644
645 found = 0;
646
647 list_for_each_safe(p, n, &hdev->uuids) {
648 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
649
650 if (memcmp(match->uuid, cp->uuid, 16) != 0)
651 continue;
652
653 list_del(&match->list);
654 found++;
655 }
656
657 if (found == 0) {
658 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
659 goto unlock;
660 }
661
662 err = update_class(hdev);
663 if (err < 0)
664 goto unlock;
665
666 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
667
668 unlock:
669 hci_dev_unlock_bh(hdev);
670 hci_dev_put(hdev);
671
672 return err;
673 }
674
set_dev_class(struct sock * sk,u16 index,unsigned char * data,u16 len)675 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
676 u16 len)
677 {
678 struct hci_dev *hdev;
679 struct mgmt_cp_set_dev_class *cp;
680 int err;
681
682 cp = (void *) data;
683
684 BT_DBG("request for hci%u", index);
685
686 if (len != sizeof(*cp))
687 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
688
689 hdev = hci_dev_get(index);
690 if (!hdev)
691 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
692
693 hci_dev_lock_bh(hdev);
694
695 hdev->major_class = cp->major;
696 hdev->minor_class = cp->minor;
697
698 err = update_class(hdev);
699
700 if (err == 0)
701 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
702
703 hci_dev_unlock_bh(hdev);
704 hci_dev_put(hdev);
705
706 return err;
707 }
708
set_service_cache(struct sock * sk,u16 index,unsigned char * data,u16 len)709 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
710 u16 len)
711 {
712 struct hci_dev *hdev;
713 struct mgmt_cp_set_service_cache *cp;
714 int err;
715
716 cp = (void *) data;
717
718 if (len != sizeof(*cp))
719 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
720
721 hdev = hci_dev_get(index);
722 if (!hdev)
723 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
724
725 hci_dev_lock_bh(hdev);
726
727 BT_DBG("hci%u enable %d", index, cp->enable);
728
729 if (cp->enable) {
730 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
731 err = 0;
732 } else {
733 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
734 err = update_class(hdev);
735 }
736
737 if (err == 0)
738 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
739 0);
740
741 hci_dev_unlock_bh(hdev);
742 hci_dev_put(hdev);
743
744 return err;
745 }
746
load_keys(struct sock * sk,u16 index,unsigned char * data,u16 len)747 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
748 {
749 struct hci_dev *hdev;
750 struct mgmt_cp_load_keys *cp;
751 u16 key_count, expected_len;
752 int i;
753
754 cp = (void *) data;
755
756 if (len < sizeof(*cp))
757 return -EINVAL;
758
759 key_count = get_unaligned_le16(&cp->key_count);
760
761 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
762 if (expected_len != len) {
763 BT_ERR("load_keys: expected %u bytes, got %u bytes",
764 len, expected_len);
765 return -EINVAL;
766 }
767
768 hdev = hci_dev_get(index);
769 if (!hdev)
770 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
771
772 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
773 key_count);
774
775 hci_dev_lock_bh(hdev);
776
777 hci_link_keys_clear(hdev);
778
779 set_bit(HCI_LINK_KEYS, &hdev->flags);
780
781 if (cp->debug_keys)
782 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
783 else
784 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
785
786 for (i = 0; i < key_count; i++) {
787 struct mgmt_key_info *key = &cp->keys[i];
788
789 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type,
790 key->pin_len);
791 }
792
793 hci_dev_unlock_bh(hdev);
794 hci_dev_put(hdev);
795
796 return 0;
797 }
798
remove_key(struct sock * sk,u16 index,unsigned char * data,u16 len)799 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
800 {
801 struct hci_dev *hdev;
802 struct mgmt_cp_remove_key *cp;
803 struct hci_conn *conn;
804 int err;
805
806 cp = (void *) data;
807
808 if (len != sizeof(*cp))
809 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
810
811 hdev = hci_dev_get(index);
812 if (!hdev)
813 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
814
815 hci_dev_lock_bh(hdev);
816
817 err = hci_remove_link_key(hdev, &cp->bdaddr);
818 if (err < 0) {
819 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
820 goto unlock;
821 }
822
823 err = 0;
824
825 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
826 goto unlock;
827
828 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
829 if (conn) {
830 struct hci_cp_disconnect dc;
831
832 put_unaligned_le16(conn->handle, &dc.handle);
833 dc.reason = 0x13; /* Remote User Terminated Connection */
834 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
835 }
836
837 unlock:
838 hci_dev_unlock_bh(hdev);
839 hci_dev_put(hdev);
840
841 return err;
842 }
843
disconnect(struct sock * sk,u16 index,unsigned char * data,u16 len)844 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
845 {
846 struct hci_dev *hdev;
847 struct mgmt_cp_disconnect *cp;
848 struct hci_cp_disconnect dc;
849 struct pending_cmd *cmd;
850 struct hci_conn *conn;
851 int err;
852
853 BT_DBG("");
854
855 cp = (void *) data;
856
857 if (len != sizeof(*cp))
858 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
859
860 hdev = hci_dev_get(index);
861 if (!hdev)
862 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
863
864 hci_dev_lock_bh(hdev);
865
866 if (!test_bit(HCI_UP, &hdev->flags)) {
867 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
868 goto failed;
869 }
870
871 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
872 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
873 goto failed;
874 }
875
876 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
877 if (!conn) {
878 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
879 goto failed;
880 }
881
882 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
883 if (!cmd) {
884 err = -ENOMEM;
885 goto failed;
886 }
887
888 put_unaligned_le16(conn->handle, &dc.handle);
889 dc.reason = 0x13; /* Remote User Terminated Connection */
890
891 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
892 if (err < 0)
893 mgmt_pending_remove(cmd);
894
895 failed:
896 hci_dev_unlock_bh(hdev);
897 hci_dev_put(hdev);
898
899 return err;
900 }
901
get_connections(struct sock * sk,u16 index)902 static int get_connections(struct sock *sk, u16 index)
903 {
904 struct mgmt_rp_get_connections *rp;
905 struct hci_dev *hdev;
906 struct list_head *p;
907 size_t rp_len;
908 u16 count;
909 int i, err;
910
911 BT_DBG("");
912
913 hdev = hci_dev_get(index);
914 if (!hdev)
915 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
916
917 hci_dev_lock_bh(hdev);
918
919 count = 0;
920 list_for_each(p, &hdev->conn_hash.list) {
921 count++;
922 }
923
924 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
925 rp = kmalloc(rp_len, GFP_ATOMIC);
926 if (!rp) {
927 err = -ENOMEM;
928 goto unlock;
929 }
930
931 put_unaligned_le16(count, &rp->conn_count);
932
933 read_lock(&hci_dev_list_lock);
934
935 i = 0;
936 list_for_each(p, &hdev->conn_hash.list) {
937 struct hci_conn *c = list_entry(p, struct hci_conn, list);
938
939 bacpy(&rp->conn[i++], &c->dst);
940 }
941
942 read_unlock(&hci_dev_list_lock);
943
944 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
945
946 unlock:
947 kfree(rp);
948 hci_dev_unlock_bh(hdev);
949 hci_dev_put(hdev);
950 return err;
951 }
952
pin_code_reply(struct sock * sk,u16 index,unsigned char * data,u16 len)953 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
954 u16 len)
955 {
956 struct hci_dev *hdev;
957 struct mgmt_cp_pin_code_reply *cp;
958 struct hci_cp_pin_code_reply reply;
959 struct pending_cmd *cmd;
960 int err;
961
962 BT_DBG("");
963
964 cp = (void *) data;
965
966 if (len != sizeof(*cp))
967 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
968
969 hdev = hci_dev_get(index);
970 if (!hdev)
971 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
972
973 hci_dev_lock_bh(hdev);
974
975 if (!test_bit(HCI_UP, &hdev->flags)) {
976 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
977 goto failed;
978 }
979
980 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
981 if (!cmd) {
982 err = -ENOMEM;
983 goto failed;
984 }
985
986 bacpy(&reply.bdaddr, &cp->bdaddr);
987 reply.pin_len = cp->pin_len;
988 memcpy(reply.pin_code, cp->pin_code, 16);
989
990 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
991 if (err < 0)
992 mgmt_pending_remove(cmd);
993
994 failed:
995 hci_dev_unlock_bh(hdev);
996 hci_dev_put(hdev);
997
998 return err;
999 }
1000
pin_code_neg_reply(struct sock * sk,u16 index,unsigned char * data,u16 len)1001 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1002 u16 len)
1003 {
1004 struct hci_dev *hdev;
1005 struct mgmt_cp_pin_code_neg_reply *cp;
1006 struct pending_cmd *cmd;
1007 int err;
1008
1009 BT_DBG("");
1010
1011 cp = (void *) data;
1012
1013 if (len != sizeof(*cp))
1014 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1015 EINVAL);
1016
1017 hdev = hci_dev_get(index);
1018 if (!hdev)
1019 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1020 ENODEV);
1021
1022 hci_dev_lock_bh(hdev);
1023
1024 if (!test_bit(HCI_UP, &hdev->flags)) {
1025 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1026 ENETDOWN);
1027 goto failed;
1028 }
1029
1030 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1031 data, len);
1032 if (!cmd) {
1033 err = -ENOMEM;
1034 goto failed;
1035 }
1036
1037 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1038 &cp->bdaddr);
1039 if (err < 0)
1040 mgmt_pending_remove(cmd);
1041
1042 failed:
1043 hci_dev_unlock_bh(hdev);
1044 hci_dev_put(hdev);
1045
1046 return err;
1047 }
1048
set_io_capability(struct sock * sk,u16 index,unsigned char * data,u16 len)1049 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1050 u16 len)
1051 {
1052 struct hci_dev *hdev;
1053 struct mgmt_cp_set_io_capability *cp;
1054
1055 BT_DBG("");
1056
1057 cp = (void *) data;
1058
1059 if (len != sizeof(*cp))
1060 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1061
1062 hdev = hci_dev_get(index);
1063 if (!hdev)
1064 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1065
1066 hci_dev_lock_bh(hdev);
1067
1068 hdev->io_capability = cp->io_capability;
1069
1070 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1071 hdev->io_capability);
1072
1073 hci_dev_unlock_bh(hdev);
1074 hci_dev_put(hdev);
1075
1076 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1077 }
1078
find_pairing(struct hci_conn * conn)1079 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1080 {
1081 struct hci_dev *hdev = conn->hdev;
1082 struct list_head *p;
1083
1084 list_for_each(p, &cmd_list) {
1085 struct pending_cmd *cmd;
1086
1087 cmd = list_entry(p, struct pending_cmd, list);
1088
1089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1090 continue;
1091
1092 if (cmd->index != hdev->id)
1093 continue;
1094
1095 if (cmd->user_data != conn)
1096 continue;
1097
1098 return cmd;
1099 }
1100
1101 return NULL;
1102 }
1103
pairing_complete(struct pending_cmd * cmd,u8 status)1104 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1105 {
1106 struct mgmt_rp_pair_device rp;
1107 struct hci_conn *conn = cmd->user_data;
1108
1109 bacpy(&rp.bdaddr, &conn->dst);
1110 rp.status = status;
1111
1112 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1113
1114 /* So we don't get further callbacks for this connection */
1115 conn->connect_cfm_cb = NULL;
1116 conn->security_cfm_cb = NULL;
1117 conn->disconn_cfm_cb = NULL;
1118
1119 hci_conn_put(conn);
1120
1121 mgmt_pending_remove(cmd);
1122 }
1123
pairing_complete_cb(struct hci_conn * conn,u8 status)1124 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1125 {
1126 struct pending_cmd *cmd;
1127
1128 BT_DBG("status %u", status);
1129
1130 cmd = find_pairing(conn);
1131 if (!cmd) {
1132 BT_DBG("Unable to find a pending command");
1133 return;
1134 }
1135
1136 pairing_complete(cmd, status);
1137 }
1138
pair_device(struct sock * sk,u16 index,unsigned char * data,u16 len)1139 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1140 {
1141 struct hci_dev *hdev;
1142 struct mgmt_cp_pair_device *cp;
1143 struct pending_cmd *cmd;
1144 u8 sec_level, auth_type;
1145 struct hci_conn *conn;
1146 int err;
1147
1148 BT_DBG("");
1149
1150 cp = (void *) data;
1151
1152 if (len != sizeof(*cp))
1153 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1154
1155 hdev = hci_dev_get(index);
1156 if (!hdev)
1157 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1158
1159 hci_dev_lock_bh(hdev);
1160
1161 if (cp->io_cap == 0x03) {
1162 sec_level = BT_SECURITY_MEDIUM;
1163 auth_type = HCI_AT_DEDICATED_BONDING;
1164 } else {
1165 sec_level = BT_SECURITY_HIGH;
1166 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1167 }
1168
1169 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1170 if (IS_ERR(conn)) {
1171 err = PTR_ERR(conn);
1172 goto unlock;
1173 }
1174
1175 if (conn->connect_cfm_cb) {
1176 hci_conn_put(conn);
1177 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1178 goto unlock;
1179 }
1180
1181 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1182 if (!cmd) {
1183 err = -ENOMEM;
1184 hci_conn_put(conn);
1185 goto unlock;
1186 }
1187
1188 conn->connect_cfm_cb = pairing_complete_cb;
1189 conn->security_cfm_cb = pairing_complete_cb;
1190 conn->disconn_cfm_cb = pairing_complete_cb;
1191 conn->io_capability = cp->io_cap;
1192 cmd->user_data = conn;
1193
1194 if (conn->state == BT_CONNECTED &&
1195 hci_conn_security(conn, sec_level, auth_type))
1196 pairing_complete(cmd, 0);
1197
1198 err = 0;
1199
1200 unlock:
1201 hci_dev_unlock_bh(hdev);
1202 hci_dev_put(hdev);
1203
1204 return err;
1205 }
1206
user_confirm_reply(struct sock * sk,u16 index,unsigned char * data,u16 len,int success)1207 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1208 u16 len, int success)
1209 {
1210 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1211 u16 mgmt_op, hci_op;
1212 struct pending_cmd *cmd;
1213 struct hci_dev *hdev;
1214 int err;
1215
1216 BT_DBG("");
1217
1218 if (success) {
1219 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1220 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1221 } else {
1222 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1223 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1224 }
1225
1226 if (len != sizeof(*cp))
1227 return cmd_status(sk, index, mgmt_op, EINVAL);
1228
1229 hdev = hci_dev_get(index);
1230 if (!hdev)
1231 return cmd_status(sk, index, mgmt_op, ENODEV);
1232
1233 hci_dev_lock_bh(hdev);
1234
1235 if (!test_bit(HCI_UP, &hdev->flags)) {
1236 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1237 goto failed;
1238 }
1239
1240 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1241 if (!cmd) {
1242 err = -ENOMEM;
1243 goto failed;
1244 }
1245
1246 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1247 if (err < 0)
1248 mgmt_pending_remove(cmd);
1249
1250 failed:
1251 hci_dev_unlock_bh(hdev);
1252 hci_dev_put(hdev);
1253
1254 return err;
1255 }
1256
mgmt_control(struct sock * sk,struct msghdr * msg,size_t msglen)1257 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1258 {
1259 unsigned char *buf;
1260 struct mgmt_hdr *hdr;
1261 u16 opcode, index, len;
1262 int err;
1263
1264 BT_DBG("got %zu bytes", msglen);
1265
1266 if (msglen < sizeof(*hdr))
1267 return -EINVAL;
1268
1269 buf = kmalloc(msglen, GFP_ATOMIC);
1270 if (!buf)
1271 return -ENOMEM;
1272
1273 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1274 err = -EFAULT;
1275 goto done;
1276 }
1277
1278 hdr = (struct mgmt_hdr *) buf;
1279 opcode = get_unaligned_le16(&hdr->opcode);
1280 index = get_unaligned_le16(&hdr->index);
1281 len = get_unaligned_le16(&hdr->len);
1282
1283 if (len != msglen - sizeof(*hdr)) {
1284 err = -EINVAL;
1285 goto done;
1286 }
1287
1288 switch (opcode) {
1289 case MGMT_OP_READ_VERSION:
1290 err = read_version(sk);
1291 break;
1292 case MGMT_OP_READ_INDEX_LIST:
1293 err = read_index_list(sk);
1294 break;
1295 case MGMT_OP_READ_INFO:
1296 err = read_controller_info(sk, index);
1297 break;
1298 case MGMT_OP_SET_POWERED:
1299 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1300 break;
1301 case MGMT_OP_SET_DISCOVERABLE:
1302 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1303 break;
1304 case MGMT_OP_SET_CONNECTABLE:
1305 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1306 break;
1307 case MGMT_OP_SET_PAIRABLE:
1308 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1309 break;
1310 case MGMT_OP_ADD_UUID:
1311 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1312 break;
1313 case MGMT_OP_REMOVE_UUID:
1314 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1315 break;
1316 case MGMT_OP_SET_DEV_CLASS:
1317 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1318 break;
1319 case MGMT_OP_SET_SERVICE_CACHE:
1320 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1321 break;
1322 case MGMT_OP_LOAD_KEYS:
1323 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1324 break;
1325 case MGMT_OP_REMOVE_KEY:
1326 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1327 break;
1328 case MGMT_OP_DISCONNECT:
1329 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1330 break;
1331 case MGMT_OP_GET_CONNECTIONS:
1332 err = get_connections(sk, index);
1333 break;
1334 case MGMT_OP_PIN_CODE_REPLY:
1335 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1336 break;
1337 case MGMT_OP_PIN_CODE_NEG_REPLY:
1338 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1339 break;
1340 case MGMT_OP_SET_IO_CAPABILITY:
1341 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1342 break;
1343 case MGMT_OP_PAIR_DEVICE:
1344 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1345 break;
1346 case MGMT_OP_USER_CONFIRM_REPLY:
1347 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1348 break;
1349 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1350 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1351 break;
1352 default:
1353 BT_DBG("Unknown op %u", opcode);
1354 err = cmd_status(sk, index, opcode, 0x01);
1355 break;
1356 }
1357
1358 if (err < 0)
1359 goto done;
1360
1361 err = msglen;
1362
1363 done:
1364 kfree(buf);
1365 return err;
1366 }
1367
mgmt_index_added(u16 index)1368 int mgmt_index_added(u16 index)
1369 {
1370 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1371 }
1372
mgmt_index_removed(u16 index)1373 int mgmt_index_removed(u16 index)
1374 {
1375 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1376 }
1377
1378 struct cmd_lookup {
1379 u8 val;
1380 struct sock *sk;
1381 };
1382
mode_rsp(struct pending_cmd * cmd,void * data)1383 static void mode_rsp(struct pending_cmd *cmd, void *data)
1384 {
1385 struct mgmt_mode *cp = cmd->cmd;
1386 struct cmd_lookup *match = data;
1387
1388 if (cp->val != match->val)
1389 return;
1390
1391 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1392
1393 list_del(&cmd->list);
1394
1395 if (match->sk == NULL) {
1396 match->sk = cmd->sk;
1397 sock_hold(match->sk);
1398 }
1399
1400 mgmt_pending_free(cmd);
1401 }
1402
mgmt_powered(u16 index,u8 powered)1403 int mgmt_powered(u16 index, u8 powered)
1404 {
1405 struct mgmt_mode ev;
1406 struct cmd_lookup match = { powered, NULL };
1407 int ret;
1408
1409 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1410
1411 ev.val = powered;
1412
1413 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1414
1415 if (match.sk)
1416 sock_put(match.sk);
1417
1418 return ret;
1419 }
1420
mgmt_discoverable(u16 index,u8 discoverable)1421 int mgmt_discoverable(u16 index, u8 discoverable)
1422 {
1423 struct mgmt_mode ev;
1424 struct cmd_lookup match = { discoverable, NULL };
1425 int ret;
1426
1427 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1428
1429 ev.val = discoverable;
1430
1431 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1432 match.sk);
1433
1434 if (match.sk)
1435 sock_put(match.sk);
1436
1437 return ret;
1438 }
1439
mgmt_connectable(u16 index,u8 connectable)1440 int mgmt_connectable(u16 index, u8 connectable)
1441 {
1442 struct mgmt_mode ev;
1443 struct cmd_lookup match = { connectable, NULL };
1444 int ret;
1445
1446 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1447
1448 ev.val = connectable;
1449
1450 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1451
1452 if (match.sk)
1453 sock_put(match.sk);
1454
1455 return ret;
1456 }
1457
mgmt_new_key(u16 index,struct link_key * key,u8 old_key_type)1458 int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
1459 {
1460 struct mgmt_ev_new_key ev;
1461
1462 memset(&ev, 0, sizeof(ev));
1463
1464 bacpy(&ev.key.bdaddr, &key->bdaddr);
1465 ev.key.type = key->type;
1466 memcpy(ev.key.val, key->val, 16);
1467 ev.key.pin_len = key->pin_len;
1468 ev.old_key_type = old_key_type;
1469
1470 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1471 }
1472
mgmt_connected(u16 index,bdaddr_t * bdaddr)1473 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1474 {
1475 struct mgmt_ev_connected ev;
1476
1477 bacpy(&ev.bdaddr, bdaddr);
1478
1479 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1480 }
1481
disconnect_rsp(struct pending_cmd * cmd,void * data)1482 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1483 {
1484 struct mgmt_cp_disconnect *cp = cmd->cmd;
1485 struct sock **sk = data;
1486 struct mgmt_rp_disconnect rp;
1487
1488 bacpy(&rp.bdaddr, &cp->bdaddr);
1489
1490 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1491
1492 *sk = cmd->sk;
1493 sock_hold(*sk);
1494
1495 mgmt_pending_remove(cmd);
1496 }
1497
mgmt_disconnected(u16 index,bdaddr_t * bdaddr)1498 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1499 {
1500 struct mgmt_ev_disconnected ev;
1501 struct sock *sk = NULL;
1502 int err;
1503
1504 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1505
1506 bacpy(&ev.bdaddr, bdaddr);
1507
1508 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1509
1510 if (sk)
1511 sock_put(sk);
1512
1513 return err;
1514 }
1515
mgmt_disconnect_failed(u16 index)1516 int mgmt_disconnect_failed(u16 index)
1517 {
1518 struct pending_cmd *cmd;
1519 int err;
1520
1521 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1522 if (!cmd)
1523 return -ENOENT;
1524
1525 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1526
1527 mgmt_pending_remove(cmd);
1528
1529 return err;
1530 }
1531
mgmt_connect_failed(u16 index,bdaddr_t * bdaddr,u8 status)1532 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1533 {
1534 struct mgmt_ev_connect_failed ev;
1535
1536 bacpy(&ev.bdaddr, bdaddr);
1537 ev.status = status;
1538
1539 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1540 }
1541
mgmt_pin_code_request(u16 index,bdaddr_t * bdaddr)1542 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr)
1543 {
1544 struct mgmt_ev_pin_code_request ev;
1545
1546 bacpy(&ev.bdaddr, bdaddr);
1547
1548 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1549 NULL);
1550 }
1551
mgmt_pin_code_reply_complete(u16 index,bdaddr_t * bdaddr,u8 status)1552 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1553 {
1554 struct pending_cmd *cmd;
1555 struct mgmt_rp_pin_code_reply rp;
1556 int err;
1557
1558 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1559 if (!cmd)
1560 return -ENOENT;
1561
1562 bacpy(&rp.bdaddr, bdaddr);
1563 rp.status = status;
1564
1565 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1566 sizeof(rp));
1567
1568 mgmt_pending_remove(cmd);
1569
1570 return err;
1571 }
1572
mgmt_pin_code_neg_reply_complete(u16 index,bdaddr_t * bdaddr,u8 status)1573 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1574 {
1575 struct pending_cmd *cmd;
1576 struct mgmt_rp_pin_code_reply rp;
1577 int err;
1578
1579 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1580 if (!cmd)
1581 return -ENOENT;
1582
1583 bacpy(&rp.bdaddr, bdaddr);
1584 rp.status = status;
1585
1586 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1587 sizeof(rp));
1588
1589 mgmt_pending_remove(cmd);
1590
1591 return err;
1592 }
1593
mgmt_user_confirm_request(u16 index,bdaddr_t * bdaddr,__le32 value)1594 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
1595 {
1596 struct mgmt_ev_user_confirm_request ev;
1597
1598 BT_DBG("hci%u", index);
1599
1600 bacpy(&ev.bdaddr, bdaddr);
1601 put_unaligned_le32(value, &ev.value);
1602
1603 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
1604 NULL);
1605 }
1606
confirm_reply_complete(u16 index,bdaddr_t * bdaddr,u8 status,u8 opcode)1607 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
1608 u8 opcode)
1609 {
1610 struct pending_cmd *cmd;
1611 struct mgmt_rp_user_confirm_reply rp;
1612 int err;
1613
1614 cmd = mgmt_pending_find(opcode, index);
1615 if (!cmd)
1616 return -ENOENT;
1617
1618 bacpy(&rp.bdaddr, bdaddr);
1619 rp.status = status;
1620 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
1621
1622 mgmt_pending_remove(cmd);
1623
1624 return err;
1625 }
1626
mgmt_user_confirm_reply_complete(u16 index,bdaddr_t * bdaddr,u8 status)1627 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1628 {
1629 return confirm_reply_complete(index, bdaddr, status,
1630 MGMT_OP_USER_CONFIRM_REPLY);
1631 }
1632
mgmt_user_confirm_neg_reply_complete(u16 index,bdaddr_t * bdaddr,u8 status)1633 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1634 {
1635 return confirm_reply_complete(index, bdaddr, status,
1636 MGMT_OP_USER_CONFIRM_NEG_REPLY);
1637 }
1638
mgmt_auth_failed(u16 index,bdaddr_t * bdaddr,u8 status)1639 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1640 {
1641 struct mgmt_ev_auth_failed ev;
1642
1643 bacpy(&ev.bdaddr, bdaddr);
1644 ev.status = status;
1645
1646 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
1647 }
1648