aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth/mgmt.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth/mgmt.c')
-rw-r--r--net/bluetooth/mgmt.c1533
1 files changed, 1436 insertions, 97 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index f827fd908380..4476d8e3c0f2 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -22,7 +22,7 @@
22 22
23/* Bluetooth HCI Management interface */ 23/* Bluetooth HCI Management interface */
24 24
25#include <asm/uaccess.h> 25#include <linux/uaccess.h>
26#include <asm/unaligned.h> 26#include <asm/unaligned.h>
27 27
28#include <net/bluetooth/bluetooth.h> 28#include <net/bluetooth/bluetooth.h>
@@ -32,13 +32,24 @@
32#define MGMT_VERSION 0 32#define MGMT_VERSION 0
33#define MGMT_REVISION 1 33#define MGMT_REVISION 1
34 34
35static int cmd_status(struct sock *sk, u16 cmd, u8 status) 35struct pending_cmd {
36 struct list_head list;
37 __u16 opcode;
38 int index;
39 void *cmd;
40 struct sock *sk;
41 void *user_data;
42};
43
44LIST_HEAD(cmd_list);
45
46static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
36{ 47{
37 struct sk_buff *skb; 48 struct sk_buff *skb;
38 struct mgmt_hdr *hdr; 49 struct mgmt_hdr *hdr;
39 struct mgmt_ev_cmd_status *ev; 50 struct mgmt_ev_cmd_status *ev;
40 51
41 BT_DBG("sock %p", sk); 52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
42 53
43 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC); 54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
44 if (!skb) 55 if (!skb)
@@ -47,6 +58,7 @@ static int cmd_status(struct sock *sk, u16 cmd, u8 status)
47 hdr = (void *) skb_put(skb, sizeof(*hdr)); 58 hdr = (void *) skb_put(skb, sizeof(*hdr));
48 59
49 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS); 60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
50 hdr->len = cpu_to_le16(sizeof(*ev)); 62 hdr->len = cpu_to_le16(sizeof(*ev));
51 63
52 ev = (void *) skb_put(skb, sizeof(*ev)); 64 ev = (void *) skb_put(skb, sizeof(*ev));
@@ -59,29 +71,30 @@ static int cmd_status(struct sock *sk, u16 cmd, u8 status)
59 return 0; 71 return 0;
60} 72}
61 73
62static int read_version(struct sock *sk) 74static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75 size_t rp_len)
63{ 76{
64 struct sk_buff *skb; 77 struct sk_buff *skb;
65 struct mgmt_hdr *hdr; 78 struct mgmt_hdr *hdr;
66 struct mgmt_ev_cmd_complete *ev; 79 struct mgmt_ev_cmd_complete *ev;
67 struct mgmt_rp_read_version *rp;
68 80
69 BT_DBG("sock %p", sk); 81 BT_DBG("sock %p", sk);
70 82
71 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + sizeof(*rp), GFP_ATOMIC); 83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
72 if (!skb) 84 if (!skb)
73 return -ENOMEM; 85 return -ENOMEM;
74 86
75 hdr = (void *) skb_put(skb, sizeof(*hdr)); 87 hdr = (void *) skb_put(skb, sizeof(*hdr));
88
76 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
77 hdr->len = cpu_to_le16(sizeof(*ev) + sizeof(*rp)); 90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
78 92
79 ev = (void *) skb_put(skb, sizeof(*ev)); 93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
80 put_unaligned_le16(MGMT_OP_READ_VERSION, &ev->opcode); 94 put_unaligned_le16(cmd, &ev->opcode);
81 95
82 rp = (void *) skb_put(skb, sizeof(*rp)); 96 if (rp)
83 rp->version = MGMT_VERSION; 97 memcpy(ev->data, rp, rp_len);
84 put_unaligned_le16(MGMT_REVISION, &rp->revision);
85 98
86 if (sock_queue_rcv_skb(sk, skb) < 0) 99 if (sock_queue_rcv_skb(sk, skb) < 0)
87 kfree_skb(skb); 100 kfree_skb(skb);
@@ -89,16 +102,26 @@ static int read_version(struct sock *sk)
89 return 0; 102 return 0;
90} 103}
91 104
105static int read_version(struct sock *sk)
106{
107 struct mgmt_rp_read_version rp;
108
109 BT_DBG("sock %p", sk);
110
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115 sizeof(rp));
116}
117
92static int read_index_list(struct sock *sk) 118static int read_index_list(struct sock *sk)
93{ 119{
94 struct sk_buff *skb;
95 struct mgmt_hdr *hdr;
96 struct mgmt_ev_cmd_complete *ev;
97 struct mgmt_rp_read_index_list *rp; 120 struct mgmt_rp_read_index_list *rp;
98 struct list_head *p; 121 struct list_head *p;
99 size_t body_len; 122 size_t rp_len;
100 u16 count; 123 u16 count;
101 int i; 124 int i, err;
102 125
103 BT_DBG("sock %p", sk); 126 BT_DBG("sock %p", sk);
104 127
@@ -109,112 +132,1133 @@ static int read_index_list(struct sock *sk)
109 count++; 132 count++;
110 } 133 }
111 134
112 body_len = sizeof(*ev) + sizeof(*rp) + (2 * count); 135 rp_len = sizeof(*rp) + (2 * count);
113 skb = alloc_skb(sizeof(*hdr) + body_len, GFP_ATOMIC); 136 rp = kmalloc(rp_len, GFP_ATOMIC);
114 if (!skb) 137 if (!rp) {
138 read_unlock(&hci_dev_list_lock);
115 return -ENOMEM; 139 return -ENOMEM;
140 }
116 141
117 hdr = (void *) skb_put(skb, sizeof(*hdr));
118 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
119 hdr->len = cpu_to_le16(body_len);
120
121 ev = (void *) skb_put(skb, sizeof(*ev));
122 put_unaligned_le16(MGMT_OP_READ_INDEX_LIST, &ev->opcode);
123
124 rp = (void *) skb_put(skb, sizeof(*rp) + (2 * count));
125 put_unaligned_le16(count, &rp->num_controllers); 142 put_unaligned_le16(count, &rp->num_controllers);
126 143
127 i = 0; 144 i = 0;
128 list_for_each(p, &hci_dev_list) { 145 list_for_each(p, &hci_dev_list) {
129 struct hci_dev *d = list_entry(p, struct hci_dev, list); 146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
147
148 hci_del_off_timer(d);
149
150 set_bit(HCI_MGMT, &d->flags);
151
152 if (test_bit(HCI_SETUP, &d->flags))
153 continue;
154
130 put_unaligned_le16(d->id, &rp->index[i++]); 155 put_unaligned_le16(d->id, &rp->index[i++]);
131 BT_DBG("Added hci%u", d->id); 156 BT_DBG("Added hci%u", d->id);
132 } 157 }
133 158
134 read_unlock(&hci_dev_list_lock); 159 read_unlock(&hci_dev_list_lock);
135 160
136 if (sock_queue_rcv_skb(sk, skb) < 0) 161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
137 kfree_skb(skb); 162 rp_len);
138 163
139 return 0; 164 kfree(rp);
165
166 return err;
140} 167}
141 168
142static int read_controller_info(struct sock *sk, unsigned char *data, u16 len) 169static int read_controller_info(struct sock *sk, u16 index)
143{ 170{
144 struct sk_buff *skb; 171 struct mgmt_rp_read_info rp;
145 struct mgmt_hdr *hdr;
146 struct mgmt_ev_cmd_complete *ev;
147 struct mgmt_rp_read_info *rp;
148 struct mgmt_cp_read_info *cp;
149 struct hci_dev *hdev; 172 struct hci_dev *hdev;
150 u16 dev_id;
151 173
152 BT_DBG("sock %p", sk); 174 BT_DBG("sock %p hci%u", sk, index);
175
176 hdev = hci_dev_get(index);
177 if (!hdev)
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179
180 hci_del_off_timer(hdev);
181
182 hci_dev_lock_bh(hdev);
183
184 set_bit(HCI_MGMT, &hdev->flags);
185
186 rp.type = hdev->dev_type;
187
188 rp.powered = test_bit(HCI_UP, &hdev->flags);
189 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
190 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
191 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
192
193 if (test_bit(HCI_AUTH, &hdev->flags))
194 rp.sec_mode = 3;
195 else if (hdev->ssp_mode > 0)
196 rp.sec_mode = 4;
197 else
198 rp.sec_mode = 2;
199
200 bacpy(&rp.bdaddr, &hdev->bdaddr);
201 memcpy(rp.features, hdev->features, 8);
202 memcpy(rp.dev_class, hdev->dev_class, 3);
203 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
204 rp.hci_ver = hdev->hci_ver;
205 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
206
207 hci_dev_unlock_bh(hdev);
208 hci_dev_put(hdev);
209
210 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
211}
212
213static void mgmt_pending_free(struct pending_cmd *cmd)
214{
215 sock_put(cmd->sk);
216 kfree(cmd->cmd);
217 kfree(cmd);
218}
219
220static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
221 u16 index, void *data, u16 len)
222{
223 struct pending_cmd *cmd;
224
225 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
226 if (!cmd)
227 return NULL;
228
229 cmd->opcode = opcode;
230 cmd->index = index;
231
232 cmd->cmd = kmalloc(len, GFP_ATOMIC);
233 if (!cmd->cmd) {
234 kfree(cmd);
235 return NULL;
236 }
237
238 memcpy(cmd->cmd, data, len);
239
240 cmd->sk = sk;
241 sock_hold(sk);
242
243 list_add(&cmd->list, &cmd_list);
244
245 return cmd;
246}
247
248static void mgmt_pending_foreach(u16 opcode, int index,
249 void (*cb)(struct pending_cmd *cmd, void *data),
250 void *data)
251{
252 struct list_head *p, *n;
253
254 list_for_each_safe(p, n, &cmd_list) {
255 struct pending_cmd *cmd;
256
257 cmd = list_entry(p, struct pending_cmd, list);
258
259 if (cmd->opcode != opcode)
260 continue;
261
262 if (index >= 0 && cmd->index != index)
263 continue;
264
265 cb(cmd, data);
266 }
267}
268
269static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
270{
271 struct list_head *p;
272
273 list_for_each(p, &cmd_list) {
274 struct pending_cmd *cmd;
275
276 cmd = list_entry(p, struct pending_cmd, list);
277
278 if (cmd->opcode != opcode)
279 continue;
280
281 if (index >= 0 && cmd->index != index)
282 continue;
283
284 return cmd;
285 }
286
287 return NULL;
288}
289
290static void mgmt_pending_remove(struct pending_cmd *cmd)
291{
292 list_del(&cmd->list);
293 mgmt_pending_free(cmd);
294}
295
296static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
297{
298 struct mgmt_mode *cp;
299 struct hci_dev *hdev;
300 struct pending_cmd *cmd;
301 int err, up;
302
303 cp = (void *) data;
304
305 BT_DBG("request for hci%u", index);
306
307 if (len != sizeof(*cp))
308 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
309
310 hdev = hci_dev_get(index);
311 if (!hdev)
312 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
313
314 hci_dev_lock_bh(hdev);
315
316 up = test_bit(HCI_UP, &hdev->flags);
317 if ((cp->val && up) || (!cp->val && !up)) {
318 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
319 goto failed;
320 }
321
322 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
324 goto failed;
325 }
326
327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
328 if (!cmd) {
329 err = -ENOMEM;
330 goto failed;
331 }
332
333 if (cp->val)
334 queue_work(hdev->workqueue, &hdev->power_on);
335 else
336 queue_work(hdev->workqueue, &hdev->power_off);
337
338 err = 0;
339
340failed:
341 hci_dev_unlock_bh(hdev);
342 hci_dev_put(hdev);
343 return err;
344}
345
346static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
347 u16 len)
348{
349 struct mgmt_mode *cp;
350 struct hci_dev *hdev;
351 struct pending_cmd *cmd;
352 u8 scan;
353 int err;
354
355 cp = (void *) data;
356
357 BT_DBG("request for hci%u", index);
358
359 if (len != sizeof(*cp))
360 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
361
362 hdev = hci_dev_get(index);
363 if (!hdev)
364 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
365
366 hci_dev_lock_bh(hdev);
367
368 if (!test_bit(HCI_UP, &hdev->flags)) {
369 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
370 goto failed;
371 }
372
373 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
374 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
375 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
376 goto failed;
377 }
378
379 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
380 test_bit(HCI_PSCAN, &hdev->flags)) {
381 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
382 goto failed;
383 }
153 384
154 if (len != 2) 385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
155 return cmd_status(sk, MGMT_OP_READ_INFO, EINVAL); 386 if (!cmd) {
387 err = -ENOMEM;
388 goto failed;
389 }
390
391 scan = SCAN_PAGE;
392
393 if (cp->val)
394 scan |= SCAN_INQUIRY;
395
396 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
397 if (err < 0)
398 mgmt_pending_remove(cmd);
399
400failed:
401 hci_dev_unlock_bh(hdev);
402 hci_dev_put(hdev);
403
404 return err;
405}
406
407static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
408 u16 len)
409{
410 struct mgmt_mode *cp;
411 struct hci_dev *hdev;
412 struct pending_cmd *cmd;
413 u8 scan;
414 int err;
415
416 cp = (void *) data;
417
418 BT_DBG("request for hci%u", index);
419
420 if (len != sizeof(*cp))
421 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
422
423 hdev = hci_dev_get(index);
424 if (!hdev)
425 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
426
427 hci_dev_lock_bh(hdev);
428
429 if (!test_bit(HCI_UP, &hdev->flags)) {
430 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
431 goto failed;
432 }
433
434 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
435 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
436 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
437 goto failed;
438 }
439
440 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
442 goto failed;
443 }
444
445 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
446 if (!cmd) {
447 err = -ENOMEM;
448 goto failed;
449 }
450
451 if (cp->val)
452 scan = SCAN_PAGE;
453 else
454 scan = 0;
455
456 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
457 if (err < 0)
458 mgmt_pending_remove(cmd);
459
460failed:
461 hci_dev_unlock_bh(hdev);
462 hci_dev_put(hdev);
463
464 return err;
465}
466
467static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
468 struct sock *skip_sk)
469{
470 struct sk_buff *skb;
471 struct mgmt_hdr *hdr;
156 472
157 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + sizeof(*rp), GFP_ATOMIC); 473 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
158 if (!skb) 474 if (!skb)
159 return -ENOMEM; 475 return -ENOMEM;
160 476
477 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
478
161 hdr = (void *) skb_put(skb, sizeof(*hdr)); 479 hdr = (void *) skb_put(skb, sizeof(*hdr));
162 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE); 480 hdr->opcode = cpu_to_le16(event);
163 hdr->len = cpu_to_le16(sizeof(*ev) + sizeof(*rp)); 481 hdr->index = cpu_to_le16(index);
482 hdr->len = cpu_to_le16(data_len);
164 483
165 ev = (void *) skb_put(skb, sizeof(*ev)); 484 if (data)
166 put_unaligned_le16(MGMT_OP_READ_INFO, &ev->opcode); 485 memcpy(skb_put(skb, data_len), data, data_len);
486
487 hci_send_to_sock(NULL, skb, skip_sk);
488 kfree_skb(skb);
167 489
168 rp = (void *) skb_put(skb, sizeof(*rp)); 490 return 0;
491}
492
493static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
494{
495 struct mgmt_mode rp;
496
497 rp.val = val;
498
499 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
500}
501
502static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
503 u16 len)
504{
505 struct mgmt_mode *cp, ev;
506 struct hci_dev *hdev;
507 int err;
169 508
170 cp = (void *) data; 509 cp = (void *) data;
171 dev_id = get_unaligned_le16(&cp->index);
172 510
173 BT_DBG("request for hci%u", dev_id); 511 BT_DBG("request for hci%u", index);
174 512
175 hdev = hci_dev_get(dev_id); 513 if (len != sizeof(*cp))
176 if (!hdev) { 514 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
177 kfree_skb(skb); 515
178 return cmd_status(sk, MGMT_OP_READ_INFO, ENODEV); 516 hdev = hci_dev_get(index);
517 if (!hdev)
518 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
519
520 hci_dev_lock_bh(hdev);
521
522 if (cp->val)
523 set_bit(HCI_PAIRABLE, &hdev->flags);
524 else
525 clear_bit(HCI_PAIRABLE, &hdev->flags);
526
527 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
528 if (err < 0)
529 goto failed;
530
531 ev.val = cp->val;
532
533 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
534
535failed:
536 hci_dev_unlock_bh(hdev);
537 hci_dev_put(hdev);
538
539 return err;
540}
541
542static u8 get_service_classes(struct hci_dev *hdev)
543{
544 struct list_head *p;
545 u8 val = 0;
546
547 list_for_each(p, &hdev->uuids) {
548 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
549
550 val |= uuid->svc_hint;
179 } 551 }
180 552
553 return val;
554}
555
556static int update_class(struct hci_dev *hdev)
557{
558 u8 cod[3];
559
560 BT_DBG("%s", hdev->name);
561
562 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
563 return 0;
564
565 cod[0] = hdev->minor_class;
566 cod[1] = hdev->major_class;
567 cod[2] = get_service_classes(hdev);
568
569 if (memcmp(cod, hdev->dev_class, 3) == 0)
570 return 0;
571
572 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
573}
574
575static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
576{
577 struct mgmt_cp_add_uuid *cp;
578 struct hci_dev *hdev;
579 struct bt_uuid *uuid;
580 int err;
581
582 cp = (void *) data;
583
584 BT_DBG("request for hci%u", index);
585
586 if (len != sizeof(*cp))
587 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
588
589 hdev = hci_dev_get(index);
590 if (!hdev)
591 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
592
181 hci_dev_lock_bh(hdev); 593 hci_dev_lock_bh(hdev);
182 594
183 put_unaligned_le16(hdev->id, &rp->index); 595 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
184 rp->type = hdev->dev_type; 596 if (!uuid) {
597 err = -ENOMEM;
598 goto failed;
599 }
185 600
186 rp->powered = test_bit(HCI_UP, &hdev->flags); 601 memcpy(uuid->uuid, cp->uuid, 16);
187 rp->discoverable = test_bit(HCI_ISCAN, &hdev->flags); 602 uuid->svc_hint = cp->svc_hint;
188 rp->pairable = test_bit(HCI_PSCAN, &hdev->flags);
189 603
190 if (test_bit(HCI_AUTH, &hdev->flags)) 604 list_add(&uuid->list, &hdev->uuids);
191 rp->sec_mode = 3;
192 else if (hdev->ssp_mode > 0)
193 rp->sec_mode = 4;
194 else
195 rp->sec_mode = 2;
196 605
197 bacpy(&rp->bdaddr, &hdev->bdaddr); 606 err = update_class(hdev);
198 memcpy(rp->features, hdev->features, 8); 607 if (err < 0)
199 memcpy(rp->dev_class, hdev->dev_class, 3); 608 goto failed;
200 put_unaligned_le16(hdev->manufacturer, &rp->manufacturer);
201 rp->hci_ver = hdev->hci_ver;
202 put_unaligned_le16(hdev->hci_rev, &rp->hci_rev);
203 609
610 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
611
612failed:
204 hci_dev_unlock_bh(hdev); 613 hci_dev_unlock_bh(hdev);
205 hci_dev_put(hdev); 614 hci_dev_put(hdev);
206 615
207 if (sock_queue_rcv_skb(sk, skb) < 0) 616 return err;
208 kfree_skb(skb); 617}
618
619static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
620{
621 struct list_head *p, *n;
622 struct mgmt_cp_remove_uuid *cp;
623 struct hci_dev *hdev;
624 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
625 int err, found;
626
627 cp = (void *) data;
628
629 BT_DBG("request for hci%u", index);
630
631 if (len != sizeof(*cp))
632 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
633
634 hdev = hci_dev_get(index);
635 if (!hdev)
636 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
637
638 hci_dev_lock_bh(hdev);
639
640 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
641 err = hci_uuids_clear(hdev);
642 goto unlock;
643 }
644
645 found = 0;
646
647 list_for_each_safe(p, n, &hdev->uuids) {
648 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
649
650 if (memcmp(match->uuid, cp->uuid, 16) != 0)
651 continue;
652
653 list_del(&match->list);
654 found++;
655 }
656
657 if (found == 0) {
658 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
659 goto unlock;
660 }
661
662 err = update_class(hdev);
663 if (err < 0)
664 goto unlock;
665
666 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
667
668unlock:
669 hci_dev_unlock_bh(hdev);
670 hci_dev_put(hdev);
671
672 return err;
673}
674
675static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
676 u16 len)
677{
678 struct hci_dev *hdev;
679 struct mgmt_cp_set_dev_class *cp;
680 int err;
681
682 cp = (void *) data;
683
684 BT_DBG("request for hci%u", index);
685
686 if (len != sizeof(*cp))
687 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
688
689 hdev = hci_dev_get(index);
690 if (!hdev)
691 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
692
693 hci_dev_lock_bh(hdev);
694
695 hdev->major_class = cp->major;
696 hdev->minor_class = cp->minor;
697
698 err = update_class(hdev);
699
700 if (err == 0)
701 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
702
703 hci_dev_unlock_bh(hdev);
704 hci_dev_put(hdev);
705
706 return err;
707}
708
709static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
710 u16 len)
711{
712 struct hci_dev *hdev;
713 struct mgmt_cp_set_service_cache *cp;
714 int err;
715
716 cp = (void *) data;
717
718 if (len != sizeof(*cp))
719 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
720
721 hdev = hci_dev_get(index);
722 if (!hdev)
723 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
724
725 hci_dev_lock_bh(hdev);
726
727 BT_DBG("hci%u enable %d", index, cp->enable);
728
729 if (cp->enable) {
730 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
731 err = 0;
732 } else {
733 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
734 err = update_class(hdev);
735 }
736
737 if (err == 0)
738 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
739 0);
740
741 hci_dev_unlock_bh(hdev);
742 hci_dev_put(hdev);
743
744 return err;
745}
746
747static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
748{
749 struct hci_dev *hdev;
750 struct mgmt_cp_load_keys *cp;
751 u16 key_count, expected_len;
752 int i;
753
754 cp = (void *) data;
755
756 if (len < sizeof(*cp))
757 return -EINVAL;
758
759 key_count = get_unaligned_le16(&cp->key_count);
760
761 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
762 if (expected_len != len) {
763 BT_ERR("load_keys: expected %u bytes, got %u bytes",
764 len, expected_len);
765 return -EINVAL;
766 }
767
768 hdev = hci_dev_get(index);
769 if (!hdev)
770 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
771
772 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
773 key_count);
774
775 hci_dev_lock_bh(hdev);
776
777 hci_link_keys_clear(hdev);
778
779 set_bit(HCI_LINK_KEYS, &hdev->flags);
780
781 if (cp->debug_keys)
782 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
783 else
784 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
785
786 for (i = 0; i < key_count; i++) {
787 struct mgmt_key_info *key = &cp->keys[i];
788
789 hci_add_link_key(hdev, 0, &key->bdaddr, key->val, key->type,
790 key->pin_len);
791 }
792
793 hci_dev_unlock_bh(hdev);
794 hci_dev_put(hdev);
209 795
210 return 0; 796 return 0;
211} 797}
212 798
799static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
800{
801 struct hci_dev *hdev;
802 struct mgmt_cp_remove_key *cp;
803 struct hci_conn *conn;
804 int err;
805
806 cp = (void *) data;
807
808 if (len != sizeof(*cp))
809 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
810
811 hdev = hci_dev_get(index);
812 if (!hdev)
813 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
814
815 hci_dev_lock_bh(hdev);
816
817 err = hci_remove_link_key(hdev, &cp->bdaddr);
818 if (err < 0) {
819 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
820 goto unlock;
821 }
822
823 err = 0;
824
825 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
826 goto unlock;
827
828 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
829 if (conn) {
830 struct hci_cp_disconnect dc;
831
832 put_unaligned_le16(conn->handle, &dc.handle);
833 dc.reason = 0x13; /* Remote User Terminated Connection */
834 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
835 }
836
837unlock:
838 hci_dev_unlock_bh(hdev);
839 hci_dev_put(hdev);
840
841 return err;
842}
843
844static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
845{
846 struct hci_dev *hdev;
847 struct mgmt_cp_disconnect *cp;
848 struct hci_cp_disconnect dc;
849 struct pending_cmd *cmd;
850 struct hci_conn *conn;
851 int err;
852
853 BT_DBG("");
854
855 cp = (void *) data;
856
857 if (len != sizeof(*cp))
858 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
859
860 hdev = hci_dev_get(index);
861 if (!hdev)
862 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
863
864 hci_dev_lock_bh(hdev);
865
866 if (!test_bit(HCI_UP, &hdev->flags)) {
867 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
868 goto failed;
869 }
870
871 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
872 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
873 goto failed;
874 }
875
876 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
877 if (!conn) {
878 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
879 goto failed;
880 }
881
882 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
883 if (!cmd) {
884 err = -ENOMEM;
885 goto failed;
886 }
887
888 put_unaligned_le16(conn->handle, &dc.handle);
889 dc.reason = 0x13; /* Remote User Terminated Connection */
890
891 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
892 if (err < 0)
893 mgmt_pending_remove(cmd);
894
895failed:
896 hci_dev_unlock_bh(hdev);
897 hci_dev_put(hdev);
898
899 return err;
900}
901
902static int get_connections(struct sock *sk, u16 index)
903{
904 struct mgmt_rp_get_connections *rp;
905 struct hci_dev *hdev;
906 struct list_head *p;
907 size_t rp_len;
908 u16 count;
909 int i, err;
910
911 BT_DBG("");
912
913 hdev = hci_dev_get(index);
914 if (!hdev)
915 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
916
917 hci_dev_lock_bh(hdev);
918
919 count = 0;
920 list_for_each(p, &hdev->conn_hash.list) {
921 count++;
922 }
923
924 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
925 rp = kmalloc(rp_len, GFP_ATOMIC);
926 if (!rp) {
927 err = -ENOMEM;
928 goto unlock;
929 }
930
931 put_unaligned_le16(count, &rp->conn_count);
932
933 read_lock(&hci_dev_list_lock);
934
935 i = 0;
936 list_for_each(p, &hdev->conn_hash.list) {
937 struct hci_conn *c = list_entry(p, struct hci_conn, list);
938
939 bacpy(&rp->conn[i++], &c->dst);
940 }
941
942 read_unlock(&hci_dev_list_lock);
943
944 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
945
946unlock:
947 kfree(rp);
948 hci_dev_unlock_bh(hdev);
949 hci_dev_put(hdev);
950 return err;
951}
952
953static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
954 u16 len)
955{
956 struct hci_dev *hdev;
957 struct mgmt_cp_pin_code_reply *cp;
958 struct hci_cp_pin_code_reply reply;
959 struct pending_cmd *cmd;
960 int err;
961
962 BT_DBG("");
963
964 cp = (void *) data;
965
966 if (len != sizeof(*cp))
967 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
968
969 hdev = hci_dev_get(index);
970 if (!hdev)
971 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
972
973 hci_dev_lock_bh(hdev);
974
975 if (!test_bit(HCI_UP, &hdev->flags)) {
976 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
977 goto failed;
978 }
979
980 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
981 if (!cmd) {
982 err = -ENOMEM;
983 goto failed;
984 }
985
986 bacpy(&reply.bdaddr, &cp->bdaddr);
987 reply.pin_len = cp->pin_len;
988 memcpy(reply.pin_code, cp->pin_code, 16);
989
990 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
991 if (err < 0)
992 mgmt_pending_remove(cmd);
993
994failed:
995 hci_dev_unlock_bh(hdev);
996 hci_dev_put(hdev);
997
998 return err;
999}
1000
1001static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1002 u16 len)
1003{
1004 struct hci_dev *hdev;
1005 struct mgmt_cp_pin_code_neg_reply *cp;
1006 struct pending_cmd *cmd;
1007 int err;
1008
1009 BT_DBG("");
1010
1011 cp = (void *) data;
1012
1013 if (len != sizeof(*cp))
1014 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1015 EINVAL);
1016
1017 hdev = hci_dev_get(index);
1018 if (!hdev)
1019 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1020 ENODEV);
1021
1022 hci_dev_lock_bh(hdev);
1023
1024 if (!test_bit(HCI_UP, &hdev->flags)) {
1025 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1026 ENETDOWN);
1027 goto failed;
1028 }
1029
1030 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1031 data, len);
1032 if (!cmd) {
1033 err = -ENOMEM;
1034 goto failed;
1035 }
1036
1037 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1038 &cp->bdaddr);
1039 if (err < 0)
1040 mgmt_pending_remove(cmd);
1041
1042failed:
1043 hci_dev_unlock_bh(hdev);
1044 hci_dev_put(hdev);
1045
1046 return err;
1047}
1048
1049static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1050 u16 len)
1051{
1052 struct hci_dev *hdev;
1053 struct mgmt_cp_set_io_capability *cp;
1054
1055 BT_DBG("");
1056
1057 cp = (void *) data;
1058
1059 if (len != sizeof(*cp))
1060 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1061
1062 hdev = hci_dev_get(index);
1063 if (!hdev)
1064 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1065
1066 hci_dev_lock_bh(hdev);
1067
1068 hdev->io_capability = cp->io_capability;
1069
1070 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1071 hdev->io_capability);
1072
1073 hci_dev_unlock_bh(hdev);
1074 hci_dev_put(hdev);
1075
1076 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1077}
1078
1079static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1080{
1081 struct hci_dev *hdev = conn->hdev;
1082 struct list_head *p;
1083
1084 list_for_each(p, &cmd_list) {
1085 struct pending_cmd *cmd;
1086
1087 cmd = list_entry(p, struct pending_cmd, list);
1088
1089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1090 continue;
1091
1092 if (cmd->index != hdev->id)
1093 continue;
1094
1095 if (cmd->user_data != conn)
1096 continue;
1097
1098 return cmd;
1099 }
1100
1101 return NULL;
1102}
1103
1104static void pairing_complete(struct pending_cmd *cmd, u8 status)
1105{
1106 struct mgmt_rp_pair_device rp;
1107 struct hci_conn *conn = cmd->user_data;
1108
1109 bacpy(&rp.bdaddr, &conn->dst);
1110 rp.status = status;
1111
1112 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1113
1114 /* So we don't get further callbacks for this connection */
1115 conn->connect_cfm_cb = NULL;
1116 conn->security_cfm_cb = NULL;
1117 conn->disconn_cfm_cb = NULL;
1118
1119 hci_conn_put(conn);
1120
1121 mgmt_pending_remove(cmd);
1122}
1123
1124static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1125{
1126 struct pending_cmd *cmd;
1127
1128 BT_DBG("status %u", status);
1129
1130 cmd = find_pairing(conn);
1131 if (!cmd) {
1132 BT_DBG("Unable to find a pending command");
1133 return;
1134 }
1135
1136 pairing_complete(cmd, status);
1137}
1138
1139static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1140{
1141 struct hci_dev *hdev;
1142 struct mgmt_cp_pair_device *cp;
1143 struct pending_cmd *cmd;
1144 u8 sec_level, auth_type;
1145 struct hci_conn *conn;
1146 int err;
1147
1148 BT_DBG("");
1149
1150 cp = (void *) data;
1151
1152 if (len != sizeof(*cp))
1153 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1154
1155 hdev = hci_dev_get(index);
1156 if (!hdev)
1157 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1158
1159 hci_dev_lock_bh(hdev);
1160
1161 if (cp->io_cap == 0x03) {
1162 sec_level = BT_SECURITY_MEDIUM;
1163 auth_type = HCI_AT_DEDICATED_BONDING;
1164 } else {
1165 sec_level = BT_SECURITY_HIGH;
1166 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1167 }
1168
1169 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1170 if (IS_ERR(conn)) {
1171 err = PTR_ERR(conn);
1172 goto unlock;
1173 }
1174
1175 if (conn->connect_cfm_cb) {
1176 hci_conn_put(conn);
1177 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1178 goto unlock;
1179 }
1180
1181 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1182 if (!cmd) {
1183 err = -ENOMEM;
1184 hci_conn_put(conn);
1185 goto unlock;
1186 }
1187
1188 conn->connect_cfm_cb = pairing_complete_cb;
1189 conn->security_cfm_cb = pairing_complete_cb;
1190 conn->disconn_cfm_cb = pairing_complete_cb;
1191 conn->io_capability = cp->io_cap;
1192 cmd->user_data = conn;
1193
1194 if (conn->state == BT_CONNECTED &&
1195 hci_conn_security(conn, sec_level, auth_type))
1196 pairing_complete(cmd, 0);
1197
1198 err = 0;
1199
1200unlock:
1201 hci_dev_unlock_bh(hdev);
1202 hci_dev_put(hdev);
1203
1204 return err;
1205}
1206
1207static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1208 u16 len, int success)
1209{
1210 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1211 u16 mgmt_op, hci_op;
1212 struct pending_cmd *cmd;
1213 struct hci_dev *hdev;
1214 int err;
1215
1216 BT_DBG("");
1217
1218 if (success) {
1219 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1220 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1221 } else {
1222 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1223 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1224 }
1225
1226 if (len != sizeof(*cp))
1227 return cmd_status(sk, index, mgmt_op, EINVAL);
1228
1229 hdev = hci_dev_get(index);
1230 if (!hdev)
1231 return cmd_status(sk, index, mgmt_op, ENODEV);
1232
1233 hci_dev_lock_bh(hdev);
1234
1235 if (!test_bit(HCI_UP, &hdev->flags)) {
1236 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1237 goto failed;
1238 }
1239
1240 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1241 if (!cmd) {
1242 err = -ENOMEM;
1243 goto failed;
1244 }
1245
1246 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1247 if (err < 0)
1248 mgmt_pending_remove(cmd);
1249
1250failed:
1251 hci_dev_unlock_bh(hdev);
1252 hci_dev_put(hdev);
1253
1254 return err;
1255}
1256
213int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen) 1257int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
214{ 1258{
215 unsigned char *buf; 1259 unsigned char *buf;
216 struct mgmt_hdr *hdr; 1260 struct mgmt_hdr *hdr;
217 u16 opcode, len; 1261 u16 opcode, index, len;
218 int err; 1262 int err;
219 1263
220 BT_DBG("got %zu bytes", msglen); 1264 BT_DBG("got %zu bytes", msglen);
@@ -233,6 +1277,7 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
233 1277
234 hdr = (struct mgmt_hdr *) buf; 1278 hdr = (struct mgmt_hdr *) buf;
235 opcode = get_unaligned_le16(&hdr->opcode); 1279 opcode = get_unaligned_le16(&hdr->opcode);
1280 index = get_unaligned_le16(&hdr->index);
236 len = get_unaligned_le16(&hdr->len); 1281 len = get_unaligned_le16(&hdr->len);
237 1282
238 if (len != msglen - sizeof(*hdr)) { 1283 if (len != msglen - sizeof(*hdr)) {
@@ -248,11 +1293,65 @@ int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
248 err = read_index_list(sk); 1293 err = read_index_list(sk);
249 break; 1294 break;
250 case MGMT_OP_READ_INFO: 1295 case MGMT_OP_READ_INFO:
251 err = read_controller_info(sk, buf + sizeof(*hdr), len); 1296 err = read_controller_info(sk, index);
1297 break;
1298 case MGMT_OP_SET_POWERED:
1299 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1300 break;
1301 case MGMT_OP_SET_DISCOVERABLE:
1302 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1303 break;
1304 case MGMT_OP_SET_CONNECTABLE:
1305 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1306 break;
1307 case MGMT_OP_SET_PAIRABLE:
1308 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1309 break;
1310 case MGMT_OP_ADD_UUID:
1311 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1312 break;
1313 case MGMT_OP_REMOVE_UUID:
1314 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1315 break;
1316 case MGMT_OP_SET_DEV_CLASS:
1317 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1318 break;
1319 case MGMT_OP_SET_SERVICE_CACHE:
1320 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1321 break;
1322 case MGMT_OP_LOAD_KEYS:
1323 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1324 break;
1325 case MGMT_OP_REMOVE_KEY:
1326 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1327 break;
1328 case MGMT_OP_DISCONNECT:
1329 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1330 break;
1331 case MGMT_OP_GET_CONNECTIONS:
1332 err = get_connections(sk, index);
1333 break;
1334 case MGMT_OP_PIN_CODE_REPLY:
1335 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1336 break;
1337 case MGMT_OP_PIN_CODE_NEG_REPLY:
1338 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1339 break;
1340 case MGMT_OP_SET_IO_CAPABILITY:
1341 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1342 break;
1343 case MGMT_OP_PAIR_DEVICE:
1344 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1345 break;
1346 case MGMT_OP_USER_CONFIRM_REPLY:
1347 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1348 break;
1349 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1350 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
252 break; 1351 break;
253 default: 1352 default:
254 BT_DBG("Unknown op %u", opcode); 1353 BT_DBG("Unknown op %u", opcode);
255 err = cmd_status(sk, opcode, 0x01); 1354 err = cmd_status(sk, index, opcode, 0x01);
256 break; 1355 break;
257 } 1356 }
258 1357
@@ -266,43 +1365,283 @@ done:
266 return err; 1365 return err;
267} 1366}
268 1367
269static int mgmt_event(u16 event, void *data, u16 data_len) 1368int mgmt_index_added(u16 index)
270{ 1369{
271 struct sk_buff *skb; 1370 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
272 struct mgmt_hdr *hdr; 1371}
273 1372
274 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC); 1373int mgmt_index_removed(u16 index)
275 if (!skb) 1374{
276 return -ENOMEM; 1375 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1376}
277 1377
278 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL; 1378struct cmd_lookup {
1379 u8 val;
1380 struct sock *sk;
1381};
279 1382
280 hdr = (void *) skb_put(skb, sizeof(*hdr)); 1383static void mode_rsp(struct pending_cmd *cmd, void *data)
281 hdr->opcode = cpu_to_le16(event); 1384{
282 hdr->len = cpu_to_le16(data_len); 1385 struct mgmt_mode *cp = cmd->cmd;
1386 struct cmd_lookup *match = data;
283 1387
284 memcpy(skb_put(skb, data_len), data, data_len); 1388 if (cp->val != match->val)
1389 return;
285 1390
286 hci_send_to_sock(NULL, skb); 1391 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
287 kfree_skb(skb);
288 1392
289 return 0; 1393 list_del(&cmd->list);
1394
1395 if (match->sk == NULL) {
1396 match->sk = cmd->sk;
1397 sock_hold(match->sk);
1398 }
1399
1400 mgmt_pending_free(cmd);
290} 1401}
291 1402
292int mgmt_index_added(u16 index) 1403int mgmt_powered(u16 index, u8 powered)
293{ 1404{
294 struct mgmt_ev_index_added ev; 1405 struct mgmt_mode ev;
1406 struct cmd_lookup match = { powered, NULL };
1407 int ret;
1408
1409 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1410
1411 ev.val = powered;
1412
1413 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
295 1414
296 put_unaligned_le16(index, &ev.index); 1415 if (match.sk)
1416 sock_put(match.sk);
297 1417
298 return mgmt_event(MGMT_EV_INDEX_ADDED, &ev, sizeof(ev)); 1418 return ret;
299} 1419}
300 1420
301int mgmt_index_removed(u16 index) 1421int mgmt_discoverable(u16 index, u8 discoverable)
1422{
1423 struct mgmt_mode ev;
1424 struct cmd_lookup match = { discoverable, NULL };
1425 int ret;
1426
1427 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1428
1429 ev.val = discoverable;
1430
1431 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1432 match.sk);
1433
1434 if (match.sk)
1435 sock_put(match.sk);
1436
1437 return ret;
1438}
1439
1440int mgmt_connectable(u16 index, u8 connectable)
1441{
1442 struct mgmt_mode ev;
1443 struct cmd_lookup match = { connectable, NULL };
1444 int ret;
1445
1446 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1447
1448 ev.val = connectable;
1449
1450 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1451
1452 if (match.sk)
1453 sock_put(match.sk);
1454
1455 return ret;
1456}
1457
1458int mgmt_new_key(u16 index, struct link_key *key, u8 old_key_type)
1459{
1460 struct mgmt_ev_new_key ev;
1461
1462 memset(&ev, 0, sizeof(ev));
1463
1464 bacpy(&ev.key.bdaddr, &key->bdaddr);
1465 ev.key.type = key->type;
1466 memcpy(ev.key.val, key->val, 16);
1467 ev.key.pin_len = key->pin_len;
1468 ev.old_key_type = old_key_type;
1469
1470 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1471}
1472
1473int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1474{
1475 struct mgmt_ev_connected ev;
1476
1477 bacpy(&ev.bdaddr, bdaddr);
1478
1479 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1480}
1481
1482static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1483{
1484 struct mgmt_cp_disconnect *cp = cmd->cmd;
1485 struct sock **sk = data;
1486 struct mgmt_rp_disconnect rp;
1487
1488 bacpy(&rp.bdaddr, &cp->bdaddr);
1489
1490 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1491
1492 *sk = cmd->sk;
1493 sock_hold(*sk);
1494
1495 mgmt_pending_remove(cmd);
1496}
1497
1498int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1499{
1500 struct mgmt_ev_disconnected ev;
1501 struct sock *sk = NULL;
1502 int err;
1503
1504 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1505
1506 bacpy(&ev.bdaddr, bdaddr);
1507
1508 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1509
1510 if (sk)
1511 sock_put(sk);
1512
1513 return err;
1514}
1515
1516int mgmt_disconnect_failed(u16 index)
1517{
1518 struct pending_cmd *cmd;
1519 int err;
1520
1521 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1522 if (!cmd)
1523 return -ENOENT;
1524
1525 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1526
1527 mgmt_pending_remove(cmd);
1528
1529 return err;
1530}
1531
1532int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1533{
1534 struct mgmt_ev_connect_failed ev;
1535
1536 bacpy(&ev.bdaddr, bdaddr);
1537 ev.status = status;
1538
1539 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1540}
1541
1542int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr)
1543{
1544 struct mgmt_ev_pin_code_request ev;
1545
1546 bacpy(&ev.bdaddr, bdaddr);
1547
1548 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1549 NULL);
1550}
1551
1552int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1553{
1554 struct pending_cmd *cmd;
1555 struct mgmt_rp_pin_code_reply rp;
1556 int err;
1557
1558 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1559 if (!cmd)
1560 return -ENOENT;
1561
1562 bacpy(&rp.bdaddr, bdaddr);
1563 rp.status = status;
1564
1565 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1566 sizeof(rp));
1567
1568 mgmt_pending_remove(cmd);
1569
1570 return err;
1571}
1572
1573int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1574{
1575 struct pending_cmd *cmd;
1576 struct mgmt_rp_pin_code_reply rp;
1577 int err;
1578
1579 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1580 if (!cmd)
1581 return -ENOENT;
1582
1583 bacpy(&rp.bdaddr, bdaddr);
1584 rp.status = status;
1585
1586 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1587 sizeof(rp));
1588
1589 mgmt_pending_remove(cmd);
1590
1591 return err;
1592}
1593
1594int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value)
1595{
1596 struct mgmt_ev_user_confirm_request ev;
1597
1598 BT_DBG("hci%u", index);
1599
1600 bacpy(&ev.bdaddr, bdaddr);
1601 put_unaligned_le32(value, &ev.value);
1602
1603 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
1604 NULL);
1605}
1606
1607static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
1608 u8 opcode)
1609{
1610 struct pending_cmd *cmd;
1611 struct mgmt_rp_user_confirm_reply rp;
1612 int err;
1613
1614 cmd = mgmt_pending_find(opcode, index);
1615 if (!cmd)
1616 return -ENOENT;
1617
1618 bacpy(&rp.bdaddr, bdaddr);
1619 rp.status = status;
1620 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
1621
1622 mgmt_pending_remove(cmd);
1623
1624 return err;
1625}
1626
1627int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1628{
1629 return confirm_reply_complete(index, bdaddr, status,
1630 MGMT_OP_USER_CONFIRM_REPLY);
1631}
1632
1633int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1634{
1635 return confirm_reply_complete(index, bdaddr, status,
1636 MGMT_OP_USER_CONFIRM_NEG_REPLY);
1637}
1638
1639int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
302{ 1640{
303 struct mgmt_ev_index_added ev; 1641 struct mgmt_ev_auth_failed ev;
304 1642
305 put_unaligned_le16(index, &ev.index); 1643 bacpy(&ev.bdaddr, bdaddr);
1644 ev.status = status;
306 1645
307 return mgmt_event(MGMT_EV_INDEX_REMOVED, &ev, sizeof(ev)); 1646 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
308} 1647}
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-02 08:45:38 -0400