]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Fix pairable setting upon initialization
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
56b7d137 267 return err;;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f0d4b78a 395 if (!test_bit(HCI_UP, &hdev->flags))
69ab39ea
JH		 396 return settings;
397
f0d4b78a
MH		 398 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
399 settings |= MGMT_SETTING_POWERED;
400
69ab39ea
JH		 401 if (test_bit(HCI_PSCAN, &hdev->flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
403
404 if (test_bit(HCI_ISCAN, &hdev->flags))
405 settings |= MGMT_SETTING_DISCOVERABLE;
406
a8b2d5c2 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_PAIRABLE;
409
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
412
59e29406 413 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 414 settings |= MGMT_SETTING_LE;
415
416 if (test_bit(HCI_AUTH, &hdev->flags))
417 settings |= MGMT_SETTING_LINK_SECURITY;
418
84bde9d6 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_SSP;
421
6d80dfd0
JH		 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
69ab39ea
JH		 425 return settings;
426}
427
ef580372
JH		 428#define PNP_INFO_SVCLASS_ID 0x1200
429
430static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433};
434
435static u16 get_uuid16(u8 *uuid128)
436{
437 u32 val;
438 int i;
439
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
442 return 0;
443 }
444
445 memcpy(&val, &uuid128[12], 4);
446
447 val = le32_to_cpu(val);
448 if (val > 0xffff)
449 return 0;
450
451 return (u16) val;
452}
453
454static void create_eir(struct hci_dev *hdev, u8 *data)
455{
456 u8 *ptr = data;
457 u16 eir_len = 0;
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
461 size_t name_len;
462
463 name_len = strlen(hdev->dev_name);
464
465 if (name_len > 0) {
466 /* EIR Data type */
467 if (name_len > 48) {
468 name_len = 48;
469 ptr[1] = EIR_NAME_SHORT;
470 } else
471 ptr[1] = EIR_NAME_COMPLETE;
472
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
475
476 memcpy(ptr + 2, hdev->dev_name, name_len);
477
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
480 }
481
482 memset(uuid16_list, 0, sizeof(uuid16_list));
483
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 u16 uuid16;
487
488 uuid16 = get_uuid16(uuid->uuid);
489 if (uuid16 == 0)
490 return;
491
492 if (uuid16 < 0x1100)
493 continue;
494
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 continue;
497
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
500 truncated = 1;
501 break;
502 }
503
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
507 break;
508
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
512 }
513 }
514
515 if (uuid16_list[0] != 0) {
516 u8 *length = ptr;
517
518 /* EIR Data type */
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
520
521 ptr += 2;
522 eir_len += 2;
523
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
527 }
528
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
531 }
532}
533
534static int update_eir(struct hci_dev *hdev)
535{
536 struct hci_cp_write_eir cp;
537
538 if (!(hdev->features[6] & LMP_EXT_INQ))
539 return 0;
540
84bde9d6 541 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
a8b2d5c2 544 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 545 return 0;
546
547 memset(&cp, 0, sizeof(cp));
548
549 create_eir(hdev, cp.data);
550
551 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
552 return 0;
553
554 memcpy(hdev->eir, cp.data, sizeof(cp.data));
555
556 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
557}
558
559static u8 get_service_classes(struct hci_dev *hdev)
560{
561 struct bt_uuid *uuid;
562 u8 val = 0;
563
564 list_for_each_entry(uuid, &hdev->uuids, list)
565 val |= uuid->svc_hint;
566
567 return val;
568}
569
570static int update_class(struct hci_dev *hdev)
571{
572 u8 cod[3];
573
574 BT_DBG("%s", hdev->name);
575
a8b2d5c2 576 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 577 return 0;
578
579 cod[0] = hdev->minor_class;
580 cod[1] = hdev->major_class;
581 cod[2] = get_service_classes(hdev);
582
583 if (memcmp(cod, hdev->dev_class, 3) == 0)
584 return 0;
585
586 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
587}
588
7d78525d
JH		 589static void service_cache_off(struct work_struct *work)
590{
591 struct hci_dev *hdev = container_of(work, struct hci_dev,
592 service_cache.work);
593
a8b2d5c2 594 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 595 return;
596
597 hci_dev_lock(hdev);
598
599 update_eir(hdev);
600 update_class(hdev);
601
602 hci_dev_unlock(hdev);
603}
604
605static void mgmt_init_hdev(struct hci_dev *hdev)
606{
0cbf4ed6 607 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 608 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
609
0cbf4ed6
JH		 610 /* Non-mgmt controlled devices get this bit set
611 * implicitly so that pairing works for them, however
612 * for mgmt we require user-space to explicitly enable
613 * it
614 */
615 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
616 }
617
a8b2d5c2 618 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 619 schedule_delayed_work(&hdev->service_cache,
620 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
621}
622
4e51eae9 623static int read_controller_info(struct sock *sk, u16 index)
0381101f 624{
a38528f1 625 struct mgmt_rp_read_info rp;
f7b64e69 626 struct hci_dev *hdev;
0381101f 627
4e51eae9 628 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 629
4e51eae9 630 hdev = hci_dev_get(index);
a38528f1 631 if (!hdev)
ca69b795
JH		 632 return cmd_status(sk, index, MGMT_OP_READ_INFO,
633 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 634
09fd0de5 635 hci_dev_lock(hdev);
f7b64e69 636
7d78525d
JH		 637 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
638 mgmt_init_hdev(hdev);
ebc99feb 639
dc4fe30b
JH		 640 memset(&rp, 0, sizeof(rp));
641
69ab39ea 642 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 643
69ab39ea 644 rp.version = hdev->hci_ver;
f7b64e69 645
69ab39ea
JH		 646 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
647
648 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
649 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 650
a38528f1 651 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 652
dc4fe30b
JH		 653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
654
09fd0de5 655 hci_dev_unlock(hdev);
f7b64e69 656 hci_dev_put(hdev);
0381101f 657
aee9b218 658 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 659}
660
eec8d2bc
JH		 661static void mgmt_pending_free(struct pending_cmd *cmd)
662{
663 sock_put(cmd->sk);
c68fb7ff 664 kfree(cmd->param);
eec8d2bc
JH		 665 kfree(cmd);
666}
667
366a0336 668static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 669 struct hci_dev *hdev,
670 void *data, u16 len)
eec8d2bc
JH		 671{
672 struct pending_cmd *cmd;
673
674 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
675 if (!cmd)
366a0336 676 return NULL;
eec8d2bc
JH		 677
678 cmd->opcode = opcode;
2e58ef3e 679 cmd->index = hdev->id;
eec8d2bc 680
c68fb7ff
SJ		 681 cmd->param = kmalloc(len, GFP_ATOMIC);
682 if (!cmd->param) {
eec8d2bc 683 kfree(cmd);
366a0336 684 return NULL;
eec8d2bc
JH		 685 }
686
8fce6357
SJ		 687 if (data)
688 memcpy(cmd->param, data, len);
eec8d2bc
JH		 689
690 cmd->sk = sk;
691 sock_hold(sk);
692
2e58ef3e 693 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 694
366a0336 695 return cmd;
eec8d2bc
JH		 696}
697
744cf19e 698static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 699 void (*cb)(struct pending_cmd *cmd, void *data),
700 void *data)
701{
702 struct list_head *p, *n;
703
2e58ef3e 704 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 705 struct pending_cmd *cmd;
706
707 cmd = list_entry(p, struct pending_cmd, list);
708
b24752fe 709 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 710 continue;
711
eec8d2bc
JH		 712 cb(cmd, data);
713 }
714}
715
2e58ef3e 716static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 717{
8035ded4 718 struct pending_cmd *cmd;
eec8d2bc 719
2e58ef3e 720 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 721 if (cmd->opcode == opcode)
722 return cmd;
eec8d2bc
JH		 723 }
724
725 return NULL;
726}
727
a664b5bc 728static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 729{
73f22f62
JH		 730 list_del(&cmd->list);
731 mgmt_pending_free(cmd);
732}
733
69ab39ea 734static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 735{
69ab39ea 736 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 737
aee9b218
JH		 738 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
739 sizeof(settings));
8680570b
JH		 740}
741
650f726d 742static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 743{
650f726d 744 struct mgmt_mode *cp = data;
eec8d2bc 745 struct hci_dev *hdev;
366a0336 746 struct pending_cmd *cmd;
4b34ee78 747 int err;
eec8d2bc 748
4e51eae9 749 BT_DBG("request for hci%u", index);
eec8d2bc 750
bdce7baf 751 if (len != sizeof(*cp))
ca69b795
JH		 752 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
753 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 754
4e51eae9 755 hdev = hci_dev_get(index);
eec8d2bc 756 if (!hdev)
ca69b795
JH		 757 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
758 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 759
09fd0de5 760 hci_dev_lock(hdev);
eec8d2bc 761
f0d4b78a
MH		 762 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
763 cancel_delayed_work(&hdev->power_off);
764
765 if (cp->val) {
766 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
767 mgmt_powered(hdev, 1);
768 goto failed;
769 }
770 }
771
4b34ee78 772 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 773 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 774 goto failed;
775 }
776
2e58ef3e 777 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 778 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
779 MGMT_STATUS_BUSY);
eec8d2bc
JH		 780 goto failed;
781 }
782
2e58ef3e 783 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 784 if (!cmd) {
785 err = -ENOMEM;
eec8d2bc 786 goto failed;
366a0336 787 }
eec8d2bc 788
72a734ec 789 if (cp->val)
7f971041 790 schedule_work(&hdev->power_on);
eec8d2bc 791 else
80b7ab33 792 schedule_work(&hdev->power_off.work);
eec8d2bc 793
366a0336 794 err = 0;
eec8d2bc
JH		 795
796failed:
09fd0de5 797 hci_dev_unlock(hdev);
eec8d2bc 798 hci_dev_put(hdev);
366a0336 799 return err;
eec8d2bc
JH		 800}
801
650f726d 802static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 803{
650f726d 804 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 805 struct hci_dev *hdev;
366a0336 806 struct pending_cmd *cmd;
73f22f62
JH		 807 u8 scan;
808 int err;
809
4e51eae9 810 BT_DBG("request for hci%u", index);
73f22f62 811
bdce7baf 812 if (len != sizeof(*cp))
ca69b795
JH		 813 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
814 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 815
4e51eae9 816 hdev = hci_dev_get(index);
73f22f62 817 if (!hdev)
ca69b795
JH		 818 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
819 MGMT_STATUS_INVALID_PARAMS);
73f22f62 820
09fd0de5 821 hci_dev_lock(hdev);
73f22f62 822
4b34ee78 823 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 824 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
825 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 826 goto failed;
827 }
828
2e58ef3e
JH		 829 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
830 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 831 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
832 MGMT_STATUS_BUSY);
73f22f62
JH		 833 goto failed;
834 }
835
72a734ec 836 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 837 test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 838 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 839 goto failed;
840 }
841
2e58ef3e 842 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 843 if (!cmd) {
844 err = -ENOMEM;
73f22f62 845 goto failed;
366a0336 846 }
73f22f62
JH		 847
848 scan = SCAN_PAGE;
849
72a734ec 850 if (cp->val)
73f22f62 851 scan |= SCAN_INQUIRY;
16ab91ab 852 else
e0f9309f 853 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 854
855 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
856 if (err < 0)
a664b5bc 857 mgmt_pending_remove(cmd);
73f22f62 858
16ab91ab
JH		 859 if (cp->val)
860 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
861
73f22f62 862failed:
09fd0de5 863 hci_dev_unlock(hdev);
73f22f62
JH		 864 hci_dev_put(hdev);
865
866 return err;
867}
868
650f726d 869static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 870{
650f726d 871 struct mgmt_mode *cp = data;
9fbcbb45 872 struct hci_dev *hdev;
366a0336 873 struct pending_cmd *cmd;
9fbcbb45
JH		 874 u8 scan;
875 int err;
876
4e51eae9 877 BT_DBG("request for hci%u", index);
9fbcbb45 878
bdce7baf 879 if (len != sizeof(*cp))
ca69b795
JH		 880 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
881 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 882
4e51eae9 883 hdev = hci_dev_get(index);
9fbcbb45 884 if (!hdev)
ca69b795
JH		 885 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
886 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 887
09fd0de5 888 hci_dev_lock(hdev);
9fbcbb45 889
4b34ee78 890 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 891 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
892 MGMT_STATUS_NOT_POWERED);
9fbcbb45
JH		 893 goto failed;
894 }
895
2e58ef3e
JH		 896 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
897 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 898 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
899 MGMT_STATUS_BUSY);
9fbcbb45
JH		 900 goto failed;
901 }
902
72a734ec 903 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 904 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 905 goto failed;
906 }
907
2e58ef3e 908 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 909 if (!cmd) {
910 err = -ENOMEM;
9fbcbb45 911 goto failed;
366a0336 912 }
9fbcbb45 913
72a734ec 914 if (cp->val)
9fbcbb45
JH		 915 scan = SCAN_PAGE;
916 else
917 scan = 0;
918
919 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
920 if (err < 0)
a664b5bc 921 mgmt_pending_remove(cmd);
9fbcbb45
JH		 922
923failed:
09fd0de5 924 hci_dev_unlock(hdev);
9fbcbb45
JH		 925 hci_dev_put(hdev);
926
927 return err;
928}
929
744cf19e
JH		 930static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
931 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 932{
933 struct sk_buff *skb;
934 struct mgmt_hdr *hdr;
935
936 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
937 if (!skb)
938 return -ENOMEM;
939
c542a06c
JH		 940 hdr = (void *) skb_put(skb, sizeof(*hdr));
941 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 942 if (hdev)
943 hdr->index = cpu_to_le16(hdev->id);
944 else
945 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 946 hdr->len = cpu_to_le16(data_len);
947
4e51eae9
SJ		 948 if (data)
949 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c 950
470fe1b5 951 hci_send_to_control(skb, skip_sk);
c542a06c
JH		 952 kfree_skb(skb);
953
954 return 0;
955}
956
650f726d 957static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 958{
650f726d 959 struct mgmt_mode *cp = data;
c542a06c 960 struct hci_dev *hdev;
69ab39ea 961 __le32 ev;
c542a06c
JH		 962 int err;
963
4e51eae9 964 BT_DBG("request for hci%u", index);
c542a06c 965
bdce7baf 966 if (len != sizeof(*cp))
ca69b795
JH		 967 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
968 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 969
4e51eae9 970 hdev = hci_dev_get(index);
c542a06c 971 if (!hdev)
ca69b795
JH		 972 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
973 MGMT_STATUS_INVALID_PARAMS);
c542a06c 974
09fd0de5 975 hci_dev_lock(hdev);
c542a06c
JH		 976
977 if (cp->val)
a8b2d5c2 978 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 979 else
a8b2d5c2 980 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 981
69ab39ea 982 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 983 if (err < 0)
984 goto failed;
985
69ab39ea 986 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 987
69ab39ea 988 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 989
990failed:
09fd0de5 991 hci_dev_unlock(hdev);
c542a06c
JH		 992 hci_dev_put(hdev);
993
994 return err;
995}
996
33ef95ed
JH		 997static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
998{
999 struct mgmt_mode *cp = data;
1000 struct pending_cmd *cmd;
1001 struct hci_dev *hdev;
1002 uint8_t val;
1003 int err;
1004
1005 BT_DBG("request for hci%u", index);
1006
1007 if (len != sizeof(*cp))
1008 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1009 MGMT_STATUS_INVALID_PARAMS);
1010
1011 hdev = hci_dev_get(index);
1012 if (!hdev)
1013 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1014 MGMT_STATUS_INVALID_PARAMS);
1015
1016 hci_dev_lock(hdev);
1017
4b34ee78 1018 if (!hdev_is_powered(hdev)) {
33ef95ed
JH		 1019 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1020 MGMT_STATUS_NOT_POWERED);
1021 goto failed;
1022 }
1023
1024 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1025 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1026 MGMT_STATUS_BUSY);
1027 goto failed;
1028 }
1029
1030 val = !!cp->val;
1031
1032 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1033 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1034 goto failed;
1035 }
1036
1037 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1038 if (!cmd) {
1039 err = -ENOMEM;
1040 goto failed;
1041 }
1042
1043 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1044 if (err < 0) {
1045 mgmt_pending_remove(cmd);
1046 goto failed;
1047 }
1048
1049failed:
1050 hci_dev_unlock(hdev);
1051 hci_dev_put(hdev);
1052
1053 return err;
1054}
1055
ed2c4ee3
JH		 1056static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1057{
1058 struct mgmt_mode *cp = data;
1059 struct pending_cmd *cmd;
1060 struct hci_dev *hdev;
1061 uint8_t val;
1062 int err;
1063
1064 BT_DBG("request for hci%u", index);
1065
1066 if (len != sizeof(*cp))
1067 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1068 MGMT_STATUS_INVALID_PARAMS);
1069
1070 hdev = hci_dev_get(index);
1071 if (!hdev)
1072 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1073 MGMT_STATUS_INVALID_PARAMS);
1074
1075 hci_dev_lock(hdev);
1076
4b34ee78 1077 if (!hdev_is_powered(hdev)) {
ed2c4ee3
JH		 1078 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1079 MGMT_STATUS_NOT_POWERED);
1080 goto failed;
1081 }
1082
1e163574
JH		 1083 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1084 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1085 MGMT_STATUS_NOT_SUPPORTED);
1086 goto failed;
1087 }
1088
ed2c4ee3
JH		 1089 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1090 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1091 goto failed;
1092 }
1093
1094 val = !!cp->val;
1095
1096 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1097 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1098 goto failed;
1099 }
1100
1101 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1102 if (!cmd) {
1103 err = -ENOMEM;
1104 goto failed;
1105 }
1106
1107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1108 if (err < 0) {
1109 mgmt_pending_remove(cmd);
1110 goto failed;
1111 }
1112
1113failed:
1114 hci_dev_unlock(hdev);
1115 hci_dev_put(hdev);
1116
1117 return err;
1118}
1119
6d80dfd0
JH		 1120static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1121{
1122 struct mgmt_mode *cp = data;
1123 struct hci_dev *hdev;
1124 int err;
1125
1126 BT_DBG("request for hci%u", index);
1127
1128 if (len != sizeof(*cp))
1129 return cmd_status(sk, index, MGMT_OP_SET_HS,
1130 MGMT_STATUS_INVALID_PARAMS);
1131
1132 hdev = hci_dev_get(index);
1133 if (!hdev)
1134 return cmd_status(sk, index, MGMT_OP_SET_HS,
1135 MGMT_STATUS_INVALID_PARAMS);
1136
1137 if (!enable_hs) {
1138 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1139 MGMT_STATUS_NOT_SUPPORTED);
1140 goto failed;
1141 }
1142
1143 if (cp->val)
1144 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1145 else
1146 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1147
1148 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1149
1150failed:
1151 hci_dev_put(hdev);
1152 return err;
1153}
1154
650f726d 1155static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1156{
650f726d 1157 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1158 struct hci_dev *hdev;
1159 struct bt_uuid *uuid;
2aeb9a1a
JH		 1160 int err;
1161
4e51eae9 1162 BT_DBG("request for hci%u", index);
2aeb9a1a 1163
bdce7baf 1164 if (len != sizeof(*cp))
ca69b795
JH		 1165 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1166 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1167
4e51eae9 1168 hdev = hci_dev_get(index);
2aeb9a1a 1169 if (!hdev)
ca69b795
JH		 1170 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1171 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1172
09fd0de5 1173 hci_dev_lock(hdev);
2aeb9a1a
JH		 1174
1175 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1176 if (!uuid) {
1177 err = -ENOMEM;
1178 goto failed;
1179 }
1180
1181 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1182 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1183
1184 list_add(&uuid->list, &hdev->uuids);
1185
1aff6f09
JH		 1186 err = update_class(hdev);
1187 if (err < 0)
1188 goto failed;
1189
80a1e1db
JH		 1190 err = update_eir(hdev);
1191 if (err < 0)
1192 goto failed;
1193
aee9b218 1194 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1195
1196failed:
09fd0de5 1197 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1198 hci_dev_put(hdev);
1199
1200 return err;
1201}
1202
650f726d 1203static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1204{
650f726d 1205 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1206 struct list_head *p, *n;
2aeb9a1a
JH		 1207 struct hci_dev *hdev;
1208 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1209 int err, found;
1210
4e51eae9 1211 BT_DBG("request for hci%u", index);
2aeb9a1a 1212
bdce7baf 1213 if (len != sizeof(*cp))
ca69b795
JH		 1214 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1215 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1216
4e51eae9 1217 hdev = hci_dev_get(index);
2aeb9a1a 1218 if (!hdev)
ca69b795
JH		 1219 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1220 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1221
09fd0de5 1222 hci_dev_lock(hdev);
2aeb9a1a
JH		 1223
1224 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1225 err = hci_uuids_clear(hdev);
1226 goto unlock;
1227 }
1228
1229 found = 0;
1230
1231 list_for_each_safe(p, n, &hdev->uuids) {
1232 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1233
1234 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1235 continue;
1236
1237 list_del(&match->list);
1238 found++;
1239 }
1240
1241 if (found == 0) {
ca69b795
JH		 1242 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1243 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1244 goto unlock;
1245 }
1246
1aff6f09
JH		 1247 err = update_class(hdev);
1248 if (err < 0)
1249 goto unlock;
1250
80a1e1db
JH		 1251 err = update_eir(hdev);
1252 if (err < 0)
1253 goto unlock;
1254
aee9b218 1255 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1256
1257unlock:
09fd0de5 1258 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1259 hci_dev_put(hdev);
1260
1261 return err;
1262}
1263
650f726d 1264static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1265{
1266 struct hci_dev *hdev;
650f726d 1267 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1268 int err;
1269
4e51eae9 1270 BT_DBG("request for hci%u", index);
1aff6f09 1271
bdce7baf 1272 if (len != sizeof(*cp))
ca69b795
JH		 1273 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1274 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1275
4e51eae9 1276 hdev = hci_dev_get(index);
1aff6f09 1277 if (!hdev)
ca69b795
JH		 1278 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1279 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1280
09fd0de5 1281 hci_dev_lock(hdev);
1aff6f09 1282
b5235a65
JH		 1283 if (!hdev_is_powered(hdev)) {
1284 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1285 MGMT_STATUS_NOT_POWERED);
1286 goto unlock;
1287 }
1288
1aff6f09
JH		 1289 hdev->major_class = cp->major;
1290 hdev->minor_class = cp->minor;
1291
a8b2d5c2 1292 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1293 hci_dev_unlock(hdev);
1294 cancel_delayed_work_sync(&hdev->service_cache);
1295 hci_dev_lock(hdev);
14c0b608 1296 update_eir(hdev);
7d78525d 1297 }
14c0b608 1298
1aff6f09
JH		 1299 err = update_class(hdev);
1300
1301 if (err == 0)
aee9b218
JH		 1302 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1303 NULL, 0);
1aff6f09 1304
b5235a65 1305unlock:
09fd0de5 1306 hci_dev_unlock(hdev);
1aff6f09
JH		 1307 hci_dev_put(hdev);
1308
1309 return err;
1310}
1311
650f726d 1312static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1313{
1314 struct hci_dev *hdev;
650f726d 1315 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1316 u16 key_count, expected_len;
a492cd52 1317 int i;
55ed8ca1 1318
bdce7baf 1319 if (len < sizeof(*cp))
ca69b795
JH		 1320 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1321 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1322
55ed8ca1
JH		 1323 key_count = get_unaligned_le16(&cp->key_count);
1324
86742e1e
JH		 1325 expected_len = sizeof(*cp) + key_count *
1326 sizeof(struct mgmt_link_key_info);
a492cd52 1327 if (expected_len != len) {
86742e1e 1328 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1329 len, expected_len);
ca69b795
JH		 1330 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1331 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1332 }
1333
4e51eae9 1334 hdev = hci_dev_get(index);
55ed8ca1 1335 if (!hdev)
ca69b795
JH		 1336 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1337 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1338
4e51eae9 1339 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1340 key_count);
1341
09fd0de5 1342 hci_dev_lock(hdev);
55ed8ca1
JH		 1343
1344 hci_link_keys_clear(hdev);
1345
a8b2d5c2 1346 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1347
1348 if (cp->debug_keys)
a8b2d5c2 1349 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1350 else
a8b2d5c2 1351 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1352
a492cd52 1353 for (i = 0; i < key_count; i++) {
86742e1e 1354 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1355
d753fdc4
JH		 1356 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1357 key->type, key->pin_len);
55ed8ca1
JH		 1358 }
1359
aee9b218 1360 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1361
09fd0de5 1362 hci_dev_unlock(hdev);
55ed8ca1
JH		 1363 hci_dev_put(hdev);
1364
a492cd52 1365 return 0;
55ed8ca1
JH		 1366}
1367
b1078ad0
JH		 1368static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1369 u8 addr_type, struct sock *skip_sk)
1370{
1371 struct mgmt_ev_device_unpaired ev;
1372
1373 bacpy(&ev.addr.bdaddr, bdaddr);
1374 ev.addr.type = addr_type;
1375
1376 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1377 skip_sk);
1378}
1379
124f6e35 1380static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1381{
1382 struct hci_dev *hdev;
124f6e35
JH		 1383 struct mgmt_cp_unpair_device *cp = data;
1384 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1385 struct hci_cp_disconnect dc;
1386 struct pending_cmd *cmd;
55ed8ca1 1387 struct hci_conn *conn;
aee9b218 1388 u8 status = 0;
55ed8ca1
JH		 1389 int err;
1390
bdce7baf 1391 if (len != sizeof(*cp))
124f6e35 1392 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1393 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1394
4e51eae9 1395 hdev = hci_dev_get(index);
55ed8ca1 1396 if (!hdev)
124f6e35 1397 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1398 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1399
09fd0de5 1400 hci_dev_lock(hdev);
55ed8ca1 1401
a8a1d19e 1402 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1403 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1404 rp.addr.type = cp->addr.type;
a8a1d19e 1405
124f6e35
JH		 1406 if (cp->addr.type == MGMT_ADDR_BREDR)
1407 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1408 else
1409 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1410
55ed8ca1 1411 if (err < 0) {
aee9b218 1412 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1413 goto unlock;
1414 }
1415
a8a1d19e 1416 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1417 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1418 &rp, sizeof(rp));
b1078ad0 1419 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1420 goto unlock;
a8a1d19e 1421 }
55ed8ca1 1422
124f6e35
JH		 1423 if (cp->addr.type == MGMT_ADDR_BREDR)
1424 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1425 &cp->addr.bdaddr);
1426 else
1427 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1428 &cp->addr.bdaddr);
1429
a8a1d19e 1430 if (!conn) {
aee9b218
JH		 1431 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1432 &rp, sizeof(rp));
b1078ad0 1433 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1434 goto unlock;
1435 }
55ed8ca1 1436
124f6e35
JH		 1437 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1438 sizeof(*cp));
a8a1d19e
JH		 1439 if (!cmd) {
1440 err = -ENOMEM;
1441 goto unlock;
55ed8ca1
JH		 1442 }
1443
a8a1d19e
JH		 1444 put_unaligned_le16(conn->handle, &dc.handle);
1445 dc.reason = 0x13; /* Remote User Terminated Connection */
1446 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1447 if (err < 0)
1448 mgmt_pending_remove(cmd);
1449
55ed8ca1 1450unlock:
ca69b795 1451 if (err < 0)
aee9b218
JH		 1452 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1453 &rp, sizeof(rp));
09fd0de5 1454 hci_dev_unlock(hdev);
55ed8ca1
JH		 1455 hci_dev_put(hdev);
1456
1457 return err;
1458}
1459
650f726d 1460static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1461{
1462 struct hci_dev *hdev;
650f726d 1463 struct mgmt_cp_disconnect *cp = data;
8962ee74 1464 struct hci_cp_disconnect dc;
366a0336 1465 struct pending_cmd *cmd;
8962ee74 1466 struct hci_conn *conn;
8962ee74
JH		 1467 int err;
1468
1469 BT_DBG("");
1470
bdce7baf 1471 if (len != sizeof(*cp))
ca69b795
JH		 1472 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1473 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1474
4e51eae9 1475 hdev = hci_dev_get(index);
8962ee74 1476 if (!hdev)
ca69b795
JH		 1477 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1478 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1479
09fd0de5 1480 hci_dev_lock(hdev);
8962ee74
JH		 1481
1482 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1483 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1484 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1485 goto failed;
1486 }
1487
2e58ef3e 1488 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1489 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1490 MGMT_STATUS_BUSY);
8962ee74
JH		 1491 goto failed;
1492 }
1493
88c3df13
JH		 1494 if (cp->addr.type == MGMT_ADDR_BREDR)
1495 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1496 else
1497 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1498
8962ee74 1499 if (!conn) {
ca69b795
JH		 1500 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1501 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1502 goto failed;
1503 }
1504
2e58ef3e 1505 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1506 if (!cmd) {
1507 err = -ENOMEM;
8962ee74 1508 goto failed;
366a0336 1509 }
8962ee74
JH		 1510
1511 put_unaligned_le16(conn->handle, &dc.handle);
1512 dc.reason = 0x13; /* Remote User Terminated Connection */
1513
1514 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1515 if (err < 0)
a664b5bc 1516 mgmt_pending_remove(cmd);
8962ee74
JH		 1517
1518failed:
09fd0de5 1519 hci_dev_unlock(hdev);
8962ee74
JH		 1520 hci_dev_put(hdev);
1521
1522 return err;
1523}
1524
48264f06 1525static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1526{
1527 switch (link_type) {
1528 case LE_LINK:
48264f06
JH		 1529 switch (addr_type) {
1530 case ADDR_LE_DEV_PUBLIC:
1531 return MGMT_ADDR_LE_PUBLIC;
1532 case ADDR_LE_DEV_RANDOM:
1533 return MGMT_ADDR_LE_RANDOM;
1534 default:
1535 return MGMT_ADDR_INVALID;
1536 }
4c659c39
JH		 1537 case ACL_LINK:
1538 return MGMT_ADDR_BREDR;
1539 default:
1540 return MGMT_ADDR_INVALID;
1541 }
1542}
1543
8ce6284e 1544static int get_connections(struct sock *sk, u16 index)
2784eb41 1545{
2784eb41
JH		 1546 struct mgmt_rp_get_connections *rp;
1547 struct hci_dev *hdev;
8035ded4 1548 struct hci_conn *c;
a38528f1 1549 size_t rp_len;
4e51eae9 1550 u16 count;
2784eb41
JH		 1551 int i, err;
1552
1553 BT_DBG("");
1554
4e51eae9 1555 hdev = hci_dev_get(index);
2784eb41 1556 if (!hdev)
ca69b795
JH		 1557 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1558 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1559
09fd0de5 1560 hci_dev_lock(hdev);
2784eb41
JH		 1561
1562 count = 0;
b644ba33
JH		 1563 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1564 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1565 count++;
2784eb41
JH		 1566 }
1567
4c659c39 1568 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1569 rp = kmalloc(rp_len, GFP_ATOMIC);
1570 if (!rp) {
2784eb41
JH		 1571 err = -ENOMEM;
1572 goto unlock;
1573 }
1574
2784eb41
JH		 1575 put_unaligned_le16(count, &rp->conn_count);
1576
2784eb41 1577 i = 0;
4c659c39 1578 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1579 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1580 continue;
4c659c39 1581 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1582 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1583 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1584 continue;
1585 i++;
1586 }
1587
1588 /* Recalculate length in case of filtered SCO connections, etc */
1589 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1590
aee9b218 1591 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1592
1593unlock:
a38528f1 1594 kfree(rp);
09fd0de5 1595 hci_dev_unlock(hdev);
2784eb41
JH		 1596 hci_dev_put(hdev);
1597 return err;
1598}
1599
96d97a67
WR		 1600static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1601 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1602{
1603 struct pending_cmd *cmd;
1604 int err;
1605
2e58ef3e 1606 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1607 sizeof(*cp));
1608 if (!cmd)
1609 return -ENOMEM;
1610
d8457698
JH		 1611 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1612 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1613 if (err < 0)
1614 mgmt_pending_remove(cmd);
1615
1616 return err;
1617}
1618
650f726d 1619static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1620{
1621 struct hci_dev *hdev;
96d97a67 1622 struct hci_conn *conn;
650f726d 1623 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1624 struct hci_cp_pin_code_reply reply;
366a0336 1625 struct pending_cmd *cmd;
980e1a53
JH		 1626 int err;
1627
1628 BT_DBG("");
1629
bdce7baf 1630 if (len != sizeof(*cp))
ca69b795
JH		 1631 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1632 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1633
4e51eae9 1634 hdev = hci_dev_get(index);
980e1a53 1635 if (!hdev)
ca69b795
JH		 1636 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1637 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1638
09fd0de5 1639 hci_dev_lock(hdev);
980e1a53 1640
4b34ee78 1641 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1642 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1643 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1644 goto failed;
1645 }
1646
d8457698 1647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1648 if (!conn) {
ca69b795
JH		 1649 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1650 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1651 goto failed;
1652 }
1653
1654 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1655 struct mgmt_cp_pin_code_neg_reply ncp;
1656
1657 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1658
1659 BT_ERR("PIN code is not 16 bytes long");
1660
1661 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1662 if (err >= 0)
1663 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1664 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1665
1666 goto failed;
1667 }
1668
650f726d
VCG		 1669 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1670 len);
366a0336
JH		 1671 if (!cmd) {
1672 err = -ENOMEM;
980e1a53 1673 goto failed;
366a0336 1674 }
980e1a53 1675
d8457698 1676 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1677 reply.pin_len = cp->pin_len;
24718ca5 1678 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1679
1680 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1681 if (err < 0)
a664b5bc 1682 mgmt_pending_remove(cmd);
980e1a53
JH		 1683
1684failed:
09fd0de5 1685 hci_dev_unlock(hdev);
980e1a53
JH		 1686 hci_dev_put(hdev);
1687
1688 return err;
1689}
1690
650f726d 1691static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1692{
1693 struct hci_dev *hdev;
650f726d 1694 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1695 int err;
1696
1697 BT_DBG("");
1698
bdce7baf
SJ		 1699 if (len != sizeof(*cp))
1700 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1701 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1702
4e51eae9 1703 hdev = hci_dev_get(index);
980e1a53 1704 if (!hdev)
4e51eae9 1705 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1706 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1707
09fd0de5 1708 hci_dev_lock(hdev);
980e1a53 1709
4b34ee78 1710 if (!hdev_is_powered(hdev)) {
4e51eae9 1711 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1712 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1713 goto failed;
1714 }
1715
96d97a67 1716 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1717
1718failed:
09fd0de5 1719 hci_dev_unlock(hdev);
980e1a53
JH		 1720 hci_dev_put(hdev);
1721
1722 return err;
1723}
1724
650f726d 1725static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1726{
1727 struct hci_dev *hdev;
650f726d 1728 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1729
1730 BT_DBG("");
1731
bdce7baf 1732 if (len != sizeof(*cp))
ca69b795
JH		 1733 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1734 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1735
4e51eae9 1736 hdev = hci_dev_get(index);
17fa4b9d 1737 if (!hdev)
ca69b795
JH		 1738 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1739 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1740
09fd0de5 1741 hci_dev_lock(hdev);
17fa4b9d
JH		 1742
1743 hdev->io_capability = cp->io_capability;
1744
1745 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1746 hdev->io_capability);
17fa4b9d 1747
09fd0de5 1748 hci_dev_unlock(hdev);
17fa4b9d
JH		 1749 hci_dev_put(hdev);
1750
aee9b218 1751 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1752}
1753
e9a416b5
JH		 1754static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1755{
1756 struct hci_dev *hdev = conn->hdev;
8035ded4 1757 struct pending_cmd *cmd;
e9a416b5 1758
2e58ef3e 1759 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1760 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1761 continue;
1762
e9a416b5
JH		 1763 if (cmd->user_data != conn)
1764 continue;
1765
1766 return cmd;
1767 }
1768
1769 return NULL;
1770}
1771
1772static void pairing_complete(struct pending_cmd *cmd, u8 status)
1773{
1774 struct mgmt_rp_pair_device rp;
1775 struct hci_conn *conn = cmd->user_data;
1776
ba4e564f
JH		 1777 bacpy(&rp.addr.bdaddr, &conn->dst);
1778 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1779
aee9b218
JH		 1780 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1781 &rp, sizeof(rp));
e9a416b5
JH		 1782
1783 /* So we don't get further callbacks for this connection */
1784 conn->connect_cfm_cb = NULL;
1785 conn->security_cfm_cb = NULL;
1786 conn->disconn_cfm_cb = NULL;
1787
1788 hci_conn_put(conn);
1789
a664b5bc 1790 mgmt_pending_remove(cmd);
e9a416b5
JH		 1791}
1792
1793static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1794{
1795 struct pending_cmd *cmd;
1796
1797 BT_DBG("status %u", status);
1798
1799 cmd = find_pairing(conn);
56e5cb86 1800 if (!cmd)
e9a416b5 1801 BT_DBG("Unable to find a pending command");
56e5cb86 1802 else
e211326c 1803 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1804}
1805
650f726d 1806static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1807{
1808 struct hci_dev *hdev;
650f726d 1809 struct mgmt_cp_pair_device *cp = data;
1425acb7 1810 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1811 struct pending_cmd *cmd;
1812 u8 sec_level, auth_type;
1813 struct hci_conn *conn;
e9a416b5
JH		 1814 int err;
1815
1816 BT_DBG("");
1817
bdce7baf 1818 if (len != sizeof(*cp))
ca69b795
JH		 1819 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1820 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1821
4e51eae9 1822 hdev = hci_dev_get(index);
e9a416b5 1823 if (!hdev)
ca69b795
JH		 1824 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1825 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1826
09fd0de5 1827 hci_dev_lock(hdev);
e9a416b5 1828
c908df36
VCG		 1829 sec_level = BT_SECURITY_MEDIUM;
1830 if (cp->io_cap == 0x03)
e9a416b5 1831 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1832 else
e9a416b5 1833 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1834
ba4e564f
JH		 1835 if (cp->addr.type == MGMT_ADDR_BREDR)
1836 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1837 auth_type);
1838 else
ba4e564f 1839 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1840 auth_type);
1841
1425acb7
JH		 1842 memset(&rp, 0, sizeof(rp));
1843 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1844 rp.addr.type = cp->addr.type;
1845
30e76272 1846 if (IS_ERR(conn)) {
e211326c
JH		 1847 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1848 MGMT_STATUS_CONNECT_FAILED,
1849 &rp, sizeof(rp));
e9a416b5
JH		 1850 goto unlock;
1851 }
1852
1853 if (conn->connect_cfm_cb) {
1854 hci_conn_put(conn);
e211326c
JH		 1855 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1856 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1857 goto unlock;
1858 }
1859
2e58ef3e 1860 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1861 if (!cmd) {
1862 err = -ENOMEM;
1863 hci_conn_put(conn);
1864 goto unlock;
1865 }
1866
7a512d01 1867 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1868 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1869 conn->connect_cfm_cb = pairing_complete_cb;
1870
e9a416b5
JH		 1871 conn->security_cfm_cb = pairing_complete_cb;
1872 conn->disconn_cfm_cb = pairing_complete_cb;
1873 conn->io_capability = cp->io_cap;
1874 cmd->user_data = conn;
1875
1876 if (conn->state == BT_CONNECTED &&
1877 hci_conn_security(conn, sec_level, auth_type))
1878 pairing_complete(cmd, 0);
1879
1880 err = 0;
1881
1882unlock:
09fd0de5 1883 hci_dev_unlock(hdev);
e9a416b5
JH		 1884 hci_dev_put(hdev);
1885
1886 return err;
1887}
1888
28424707
JH		 1889static int cancel_pair_device(struct sock *sk, u16 index,
1890 unsigned char *data, u16 len)
1891{
1892 struct mgmt_addr_info *addr = (void *) data;
1893 struct hci_dev *hdev;
1894 struct pending_cmd *cmd;
1895 struct hci_conn *conn;
1896 int err;
1897
1898 BT_DBG("");
1899
1900 if (len != sizeof(*addr))
1901 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1902 MGMT_STATUS_INVALID_PARAMS);
1903
1904 hdev = hci_dev_get(index);
1905 if (!hdev)
1906 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1907 MGMT_STATUS_INVALID_PARAMS);
1908
1909 hci_dev_lock(hdev);
1910
1911 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1912 if (!cmd) {
1913 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1914 MGMT_STATUS_INVALID_PARAMS);
1915 goto unlock;
1916 }
1917
1918 conn = cmd->user_data;
1919
1920 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1921 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1922 MGMT_STATUS_INVALID_PARAMS);
1923 goto unlock;
1924 }
1925
1926 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1927
aee9b218 1928 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 1929 sizeof(*addr));
1930unlock:
1931 hci_dev_unlock(hdev);
1932 hci_dev_put(hdev);
1933
1934 return err;
1935}
1936
0df4c185 1937static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1938 u8 type, u16 mgmt_op, u16 hci_op,
1939 __le32 passkey)
a5c29683 1940{
a5c29683
JH		 1941 struct pending_cmd *cmd;
1942 struct hci_dev *hdev;
0df4c185 1943 struct hci_conn *conn;
a5c29683
JH		 1944 int err;
1945
4e51eae9 1946 hdev = hci_dev_get(index);
a5c29683 1947 if (!hdev)
ca69b795
JH		 1948 return cmd_status(sk, index, mgmt_op,
1949 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1950
09fd0de5 1951 hci_dev_lock(hdev);
08ba5382 1952
4b34ee78 1953 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 1954 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1955 goto done;
a5c29683
JH		 1956 }
1957
272d90df
JH		 1958 if (type == MGMT_ADDR_BREDR)
1959 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1960 else
47c15e2b 1961 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 1962
1963 if (!conn) {
1964 err = cmd_status(sk, index, mgmt_op,
47c15e2b 1965 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 1966 goto done;
1967 }
47c15e2b 1968
272d90df 1969 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 1970 /* Continue with pairing via SMP */
5fe57d9e
BG		 1971 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1972
1973 if (!err)
1974 err = cmd_status(sk, index, mgmt_op,
1975 MGMT_STATUS_SUCCESS);
1976 else
1977 err = cmd_status(sk, index, mgmt_op,
1978 MGMT_STATUS_FAILED);
47c15e2b 1979
47c15e2b
BG		 1980 goto done;
1981 }
1982
0df4c185 1983 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 1984 if (!cmd) {
1985 err = -ENOMEM;
0df4c185 1986 goto done;
a5c29683
JH		 1987 }
1988
0df4c185 1989 /* Continue with pairing via HCI */
604086b7
BG		 1990 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1991 struct hci_cp_user_passkey_reply cp;
1992
1993 bacpy(&cp.bdaddr, bdaddr);
1994 cp.passkey = passkey;
1995 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1996 } else
1997 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1998
a664b5bc
JH		 1999 if (err < 0)
2000 mgmt_pending_remove(cmd);
a5c29683 2001
0df4c185 2002done:
09fd0de5 2003 hci_dev_unlock(hdev);
a5c29683
JH		 2004 hci_dev_put(hdev);
2005
2006 return err;
2007}
2008
0df4c185
BG		 2009static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2010{
650f726d 2011 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2012
2013 BT_DBG("");
2014
2015 if (len != sizeof(*cp))
2016 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2017 MGMT_STATUS_INVALID_PARAMS);
2018
272d90df
JH		 2019 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2020 MGMT_OP_USER_CONFIRM_REPLY,
2021 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2022}
2023
2024static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2025 u16 len)
2026{
c9c2659f 2027 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2028
2029 BT_DBG("");
2030
2031 if (len != sizeof(*cp))
2032 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2033 MGMT_STATUS_INVALID_PARAMS);
2034
272d90df
JH		 2035 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2036 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2037 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2038}
2039
604086b7
BG		 2040static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2041{
650f726d 2042 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2043
2044 BT_DBG("");
2045
2046 if (len != sizeof(*cp))
2047 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2048 EINVAL);
2049
272d90df
JH		 2050 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2051 MGMT_OP_USER_PASSKEY_REPLY,
2052 HCI_OP_USER_PASSKEY_REPLY,
2053 cp->passkey);
604086b7
BG		 2054}
2055
2056static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2057 u16 len)
2058{
650f726d 2059 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2060
2061 BT_DBG("");
2062
2063 if (len != sizeof(*cp))
2064 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2065 EINVAL);
2066
272d90df
JH		 2067 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2068 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2069 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2070}
2071
650f726d 2072static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2073 u16 len)
2074{
650f726d 2075 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2076 struct hci_cp_write_local_name hci_cp;
2077 struct hci_dev *hdev;
2078 struct pending_cmd *cmd;
2079 int err;
2080
2081 BT_DBG("");
2082
2083 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2084 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2085 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2086
2087 hdev = hci_dev_get(index);
2088 if (!hdev)
ca69b795
JH		 2089 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2090 MGMT_STATUS_INVALID_PARAMS);
b312b161 2091
09fd0de5 2092 hci_dev_lock(hdev);
b312b161 2093
b5235a65
JH		 2094 if (!hdev_is_powered(hdev)) {
2095 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2096 MGMT_STATUS_NOT_POWERED);
2097 goto failed;
2098 }
2099
650f726d
VCG		 2100 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2101 len);
b312b161
JH		 2102 if (!cmd) {
2103 err = -ENOMEM;
2104 goto failed;
2105 }
2106
2107 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2108 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2109 &hci_cp);
2110 if (err < 0)
2111 mgmt_pending_remove(cmd);
2112
2113failed:
09fd0de5 2114 hci_dev_unlock(hdev);
b312b161
JH		 2115 hci_dev_put(hdev);
2116
2117 return err;
2118}
2119
c35938b2
SJ		 2120static int read_local_oob_data(struct sock *sk, u16 index)
2121{
2122 struct hci_dev *hdev;
2123 struct pending_cmd *cmd;
2124 int err;
2125
2126 BT_DBG("hci%u", index);
2127
2128 hdev = hci_dev_get(index);
2129 if (!hdev)
2130 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2131 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2132
09fd0de5 2133 hci_dev_lock(hdev);
c35938b2 2134
4b34ee78 2135 if (!hdev_is_powered(hdev)) {
c35938b2 2136 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2137 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2138 goto unlock;
2139 }
2140
2141 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2142 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2143 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2144 goto unlock;
2145 }
2146
2e58ef3e 2147 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2148 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2149 MGMT_STATUS_BUSY);
c35938b2
SJ		 2150 goto unlock;
2151 }
2152
2e58ef3e 2153 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2154 if (!cmd) {
2155 err = -ENOMEM;
2156 goto unlock;
2157 }
2158
2159 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2160 if (err < 0)
2161 mgmt_pending_remove(cmd);
2162
2163unlock:
09fd0de5 2164 hci_dev_unlock(hdev);
c35938b2
SJ		 2165 hci_dev_put(hdev);
2166
2167 return err;
2168}
2169
650f726d
VCG		 2170static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2171 u16 len)
2763eda6
SJ		 2172{
2173 struct hci_dev *hdev;
650f726d 2174 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2175 u8 status;
2763eda6
SJ		 2176 int err;
2177
2178 BT_DBG("hci%u ", index);
2179
2180 if (len != sizeof(*cp))
2181 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2182 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2183
2184 hdev = hci_dev_get(index);
2185 if (!hdev)
bf1e3541
JH		 2186 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2187 MGMT_STATUS_INVALID_PARAMS,
2188 &cp->addr, sizeof(cp->addr));
2763eda6 2189
09fd0de5 2190 hci_dev_lock(hdev);
2763eda6 2191
664ce4cc 2192 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2193 cp->randomizer);
2194 if (err < 0)
bf1e3541 2195 status = MGMT_STATUS_FAILED;
2763eda6 2196 else
bf1e3541
JH		 2197 status = 0;
2198
2199 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2200 &cp->addr, sizeof(cp->addr));
2763eda6 2201
09fd0de5 2202 hci_dev_unlock(hdev);
2763eda6
SJ		 2203 hci_dev_put(hdev);
2204
2205 return err;
2206}
2207
2208static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2209 void *data, u16 len)
2763eda6
SJ		 2210{
2211 struct hci_dev *hdev;
650f726d 2212 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2213 u8 status;
2763eda6
SJ		 2214 int err;
2215
2216 BT_DBG("hci%u ", index);
2217
2218 if (len != sizeof(*cp))
2219 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2220 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2221
2222 hdev = hci_dev_get(index);
2223 if (!hdev)
bf1e3541
JH		 2224 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2225 MGMT_STATUS_INVALID_PARAMS,
2226 &cp->addr, sizeof(cp->addr));
2763eda6 2227
09fd0de5 2228 hci_dev_lock(hdev);
2763eda6 2229
664ce4cc 2230 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2231 if (err < 0)
bf1e3541 2232 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2233 else
bf1e3541
JH		 2234 status = 0;
2235
2236 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2237 &cp->addr, sizeof(cp->addr));
2763eda6 2238
09fd0de5 2239 hci_dev_unlock(hdev);
2763eda6
SJ		 2240 hci_dev_put(hdev);
2241
2242 return err;
2243}
2244
5e0452c0
AG		 2245static int discovery(struct hci_dev *hdev)
2246{
2247 int err;
2248
2249 if (lmp_host_le_capable(hdev)) {
2250 if (lmp_bredr_capable(hdev)) {
2251 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2252 LE_SCAN_INT, LE_SCAN_WIN,
2253 LE_SCAN_TIMEOUT_BREDR_LE);
2254 } else {
2255 hdev->discovery.type = DISCOV_TYPE_LE;
2256 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2257 LE_SCAN_INT, LE_SCAN_WIN,
2258 LE_SCAN_TIMEOUT_LE_ONLY);
2259 }
2260 } else {
2261 hdev->discovery.type = DISCOV_TYPE_BREDR;
2262 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2263 }
2264
2265 return err;
2266}
2267
2268int mgmt_interleaved_discovery(struct hci_dev *hdev)
2269{
2270 int err;
2271
2272 BT_DBG("%s", hdev->name);
2273
2274 hci_dev_lock(hdev);
2275
2276 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2277 if (err < 0)
2278 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2279
2280 hci_dev_unlock(hdev);
2281
2282 return err;
2283}
2284
450dfdaf 2285static int start_discovery(struct sock *sk, u16 index,
650f726d 2286 void *data, u16 len)
14a53664 2287{
650f726d 2288 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2289 struct pending_cmd *cmd;
2290 struct hci_dev *hdev;
2291 int err;
2292
2293 BT_DBG("hci%u", index);
2294
450dfdaf
JH		 2295 if (len != sizeof(*cp))
2296 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2297 MGMT_STATUS_INVALID_PARAMS);
2298
14a53664
JH		 2299 hdev = hci_dev_get(index);
2300 if (!hdev)
ca69b795
JH		 2301 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2302 MGMT_STATUS_INVALID_PARAMS);
14a53664 2303
09fd0de5 2304 hci_dev_lock(hdev);
14a53664 2305
4b34ee78 2306 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2307 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2308 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2309 goto failed;
2310 }
2311
ff9ef578
JH		 2312 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2313 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2314 MGMT_STATUS_BUSY);
2315 goto failed;
2316 }
2317
2e58ef3e 2318 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2319 if (!cmd) {
2320 err = -ENOMEM;
2321 goto failed;
2322 }
2323
4aab14e5
AG		 2324 hdev->discovery.type = cp->type;
2325
2326 switch (hdev->discovery.type) {
f39799f5 2327 case DISCOV_TYPE_BREDR:
3fd24153 2328 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2329 break;
2330
2331 case DISCOV_TYPE_LE:
3fd24153
AG		 2332 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2333 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2334 break;
2335
5e0452c0
AG		 2336 case DISCOV_TYPE_INTERLEAVED:
2337 err = discovery(hdev);
2338 break;
2339
f39799f5 2340 default:
3fd24153 2341 err = -EINVAL;
f39799f5 2342 }
3fd24153 2343
14a53664
JH		 2344 if (err < 0)
2345 mgmt_pending_remove(cmd);
ff9ef578
JH		 2346 else
2347 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2348
2349failed:
09fd0de5 2350 hci_dev_unlock(hdev);
14a53664
JH		 2351 hci_dev_put(hdev);
2352
2353 return err;
2354}
2355
d930650b 2356static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2357{
d930650b 2358 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2359 struct hci_dev *hdev;
2360 struct pending_cmd *cmd;
30dc78e1
JH		 2361 struct hci_cp_remote_name_req_cancel cp;
2362 struct inquiry_entry *e;
14a53664
JH		 2363 int err;
2364
2365 BT_DBG("hci%u", index);
2366
d930650b
JH		 2367 if (len != sizeof(*mgmt_cp))
2368 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2369 MGMT_STATUS_INVALID_PARAMS);
2370
14a53664
JH		 2371 hdev = hci_dev_get(index);
2372 if (!hdev)
ca69b795
JH		 2373 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2374 MGMT_STATUS_INVALID_PARAMS);
14a53664 2375
09fd0de5 2376 hci_dev_lock(hdev);
14a53664 2377
30dc78e1 2378 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2379 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2380 MGMT_STATUS_REJECTED,
2381 &mgmt_cp->type, sizeof(mgmt_cp->type));
2382 goto unlock;
2383 }
2384
2385 if (hdev->discovery.type != mgmt_cp->type) {
2386 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2387 MGMT_STATUS_INVALID_PARAMS,
2388 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2389 goto unlock;
ff9ef578
JH		 2390 }
2391
2e58ef3e 2392 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2393 if (!cmd) {
2394 err = -ENOMEM;
30dc78e1
JH		 2395 goto unlock;
2396 }
2397
343f935b 2398 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2399 err = hci_cancel_inquiry(hdev);
2400 if (err < 0)
2401 mgmt_pending_remove(cmd);
2402 else
2403 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2404 goto unlock;
2405 }
2406
2407 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2408 if (!e) {
2409 mgmt_pending_remove(cmd);
aee9b218 2410 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2411 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2412 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2413 goto unlock;
14a53664
JH		 2414 }
2415
30dc78e1
JH		 2416 bacpy(&cp.bdaddr, &e->data.bdaddr);
2417 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2418 sizeof(cp), &cp);
14a53664
JH		 2419 if (err < 0)
2420 mgmt_pending_remove(cmd);
ff9ef578
JH		 2421 else
2422 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2423
30dc78e1 2424unlock:
09fd0de5 2425 hci_dev_unlock(hdev);
14a53664
JH		 2426 hci_dev_put(hdev);
2427
2428 return err;
2429}
2430
650f726d 2431static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2432{
650f726d 2433 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2434 struct inquiry_entry *e;
2435 struct hci_dev *hdev;
2436 int err;
2437
2438 BT_DBG("hci%u", index);
2439
2440 if (len != sizeof(*cp))
2441 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2442 MGMT_STATUS_INVALID_PARAMS);
2443
2444 hdev = hci_dev_get(index);
2445 if (!hdev)
2446 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2447 MGMT_STATUS_INVALID_PARAMS);
2448
2449 hci_dev_lock(hdev);
2450
30dc78e1
JH		 2451 if (!hci_discovery_active(hdev)) {
2452 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2453 MGMT_STATUS_FAILED);
2454 goto failed;
2455 }
2456
a198e7b1 2457 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc
JH		 2458 if (!e) {
2459 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2460 MGMT_STATUS_INVALID_PARAMS);
2461 goto failed;
2462 }
2463
2464 if (cp->name_known) {
2465 e->name_state = NAME_KNOWN;
2466 list_del(&e->list);
2467 } else {
2468 e->name_state = NAME_NEEDED;
a3d4e20a 2469 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2470 }
2471
2472 err = 0;
2473
2474failed:
2475 hci_dev_unlock(hdev);
2476
2477 return err;
2478}
2479
650f726d 2480static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2481{
2482 struct hci_dev *hdev;
650f726d 2483 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2484 u8 status;
7fbec224
AJ		 2485 int err;
2486
2487 BT_DBG("hci%u", index);
2488
7fbec224
AJ		 2489 if (len != sizeof(*cp))
2490 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2491 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2492
2493 hdev = hci_dev_get(index);
2494 if (!hdev)
f0eeea8b
JH		 2495 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2496 MGMT_STATUS_INVALID_PARAMS,
2497 &cp->addr, sizeof(cp->addr));
7fbec224 2498
09fd0de5 2499 hci_dev_lock(hdev);
5e762444 2500
88c1fe4b 2501 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2502 if (err < 0)
f0eeea8b 2503 status = MGMT_STATUS_FAILED;
7fbec224 2504 else
f0eeea8b
JH		 2505 status = 0;
2506
2507 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2508 &cp->addr, sizeof(cp->addr));
5e762444 2509
09fd0de5 2510 hci_dev_unlock(hdev);
7fbec224
AJ		 2511 hci_dev_put(hdev);
2512
2513 return err;
2514}
2515
650f726d 2516static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2517{
2518 struct hci_dev *hdev;
650f726d 2519 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2520 u8 status;
7fbec224
AJ		 2521 int err;
2522
2523 BT_DBG("hci%u", index);
2524
7fbec224
AJ		 2525 if (len != sizeof(*cp))
2526 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2527 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2528
2529 hdev = hci_dev_get(index);
2530 if (!hdev)
f0eeea8b
JH		 2531 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2532 MGMT_STATUS_INVALID_PARAMS,
2533 &cp->addr, sizeof(cp->addr));
7fbec224 2534
09fd0de5 2535 hci_dev_lock(hdev);
5e762444 2536
88c1fe4b 2537 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2538 if (err < 0)
f0eeea8b 2539 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2540 else
f0eeea8b
JH		 2541 status = 0;
2542
2543 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2544 &cp->addr, sizeof(cp->addr));
5e762444 2545
09fd0de5 2546 hci_dev_unlock(hdev);
7fbec224
AJ		 2547 hci_dev_put(hdev);
2548
2549 return err;
2550}
2551
f6422ec6 2552static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2553 void *data, u16 len)
f6422ec6
AJ		 2554{
2555 struct hci_dev *hdev;
650f726d 2556 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2557 struct hci_cp_write_page_scan_activity acp;
2558 u8 type;
2559 int err;
2560
2561 BT_DBG("hci%u", index);
2562
2563 if (len != sizeof(*cp))
2564 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2565 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2566
2567 hdev = hci_dev_get(index);
2568 if (!hdev)
2569 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2570 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2571 if (!hdev_is_powered(hdev))
2572 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2573 MGMT_STATUS_NOT_POWERED);
2574
2575 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2576 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2577 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2578
2579 hci_dev_lock(hdev);
2580
f7c6869c 2581 if (cp->val) {
f6422ec6
AJ		 2582 type = PAGE_SCAN_TYPE_INTERLACED;
2583 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2584 } else {
2585 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2586 acp.interval = 0x0800; /* default 1.28 sec page scan */
2587 }
2588
2589 acp.window = 0x0012; /* default 11.25 msec page scan window */
2590
2591 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2592 sizeof(acp), &acp);
2593 if (err < 0) {
2594 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2595 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2596 goto done;
2597 }
2598
2599 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2600 if (err < 0) {
2601 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2602 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2603 goto done;
2604 }
2605
aee9b218
JH		 2606 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2607 NULL, 0);
f6422ec6
AJ		 2608done:
2609 hci_dev_unlock(hdev);
2610 hci_dev_put(hdev);
2611
2612 return err;
2613}
2614
346af67b
VCG		 2615static int load_long_term_keys(struct sock *sk, u16 index,
2616 void *cp_data, u16 len)
2617{
2618 struct hci_dev *hdev;
2619 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2620 u16 key_count, expected_len;
2621 int i;
2622
2623 if (len < sizeof(*cp))
2624 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2625 EINVAL);
2626
2627 key_count = get_unaligned_le16(&cp->key_count);
2628
2629 expected_len = sizeof(*cp) + key_count *
2630 sizeof(struct mgmt_ltk_info);
2631 if (expected_len != len) {
2632 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2633 len, expected_len);
2634 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2635 EINVAL);
2636 }
2637
2638 hdev = hci_dev_get(index);
2639 if (!hdev)
2640 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2641 ENODEV);
2642
2643 BT_DBG("hci%u key_count %u", index, key_count);
2644
2645 hci_dev_lock(hdev);
2646
2647 hci_smp_ltks_clear(hdev);
2648
2649 for (i = 0; i < key_count; i++) {
2650 struct mgmt_ltk_info *key = &cp->keys[i];
2651 u8 type;
2652
2653 if (key->master)
2654 type = HCI_SMP_LTK;
2655 else
2656 type = HCI_SMP_LTK_SLAVE;
2657
2658 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2659 type, 0, key->authenticated, key->val,
2660 key->enc_size, key->ediv, key->rand);
2661 }
2662
2663 hci_dev_unlock(hdev);
2664 hci_dev_put(hdev);
2665
2666 return 0;
2667}
2668
0381101f
JH		 2669int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2670{
650f726d
VCG		 2671 void *buf;
2672 u8 *cp;
0381101f 2673 struct mgmt_hdr *hdr;
4e51eae9 2674 u16 opcode, index, len;
0381101f
JH		 2675 int err;
2676
2677 BT_DBG("got %zu bytes", msglen);
2678
2679 if (msglen < sizeof(*hdr))
2680 return -EINVAL;
2681
e63a15ec 2682 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2683 if (!buf)
2684 return -ENOMEM;
2685
2686 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2687 err = -EFAULT;
2688 goto done;
2689 }
2690
650f726d 2691 hdr = buf;
0381101f 2692 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2693 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2694 len = get_unaligned_le16(&hdr->len);
2695
2696 if (len != msglen - sizeof(*hdr)) {
2697 err = -EINVAL;
2698 goto done;
2699 }
2700
650f726d
VCG		 2701 cp = buf + sizeof(*hdr);
2702
0381101f 2703 switch (opcode) {
02d98129
JH		 2704 case MGMT_OP_READ_VERSION:
2705 err = read_version(sk);
2706 break;
e70bb2e8
JH		 2707 case MGMT_OP_READ_COMMANDS:
2708 err = read_commands(sk);
2709 break;
faba42eb
JH		 2710 case MGMT_OP_READ_INDEX_LIST:
2711 err = read_index_list(sk);
2712 break;
f7b64e69 2713 case MGMT_OP_READ_INFO:
4e51eae9 2714 err = read_controller_info(sk, index);
f7b64e69 2715 break;
eec8d2bc 2716 case MGMT_OP_SET_POWERED:
650f726d 2717 err = set_powered(sk, index, cp, len);
eec8d2bc 2718 break;
73f22f62 2719 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2720 err = set_discoverable(sk, index, cp, len);
73f22f62 2721 break;
9fbcbb45 2722 case MGMT_OP_SET_CONNECTABLE:
650f726d 2723 err = set_connectable(sk, index, cp, len);
9fbcbb45 2724 break;
f7c6869c 2725 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2726 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2727 break;
c542a06c 2728 case MGMT_OP_SET_PAIRABLE:
650f726d 2729 err = set_pairable(sk, index, cp, len);
c542a06c 2730 break;
33ef95ed
JH		 2731 case MGMT_OP_SET_LINK_SECURITY:
2732 err = set_link_security(sk, index, cp, len);
2733 break;
ed2c4ee3
JH		 2734 case MGMT_OP_SET_SSP:
2735 err = set_ssp(sk, index, cp, len);
2736 break;
6d80dfd0
JH		 2737 case MGMT_OP_SET_HS:
2738 err = set_hs(sk, index, cp, len);
2739 break;
2aeb9a1a 2740 case MGMT_OP_ADD_UUID:
650f726d 2741 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2742 break;
2743 case MGMT_OP_REMOVE_UUID:
650f726d 2744 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2745 break;
1aff6f09 2746 case MGMT_OP_SET_DEV_CLASS:
650f726d 2747 err = set_dev_class(sk, index, cp, len);
1aff6f09 2748 break;
86742e1e 2749 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2750 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2751 break;
8962ee74 2752 case MGMT_OP_DISCONNECT:
650f726d 2753 err = disconnect(sk, index, cp, len);
8962ee74 2754 break;
2784eb41 2755 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2756 err = get_connections(sk, index);
2784eb41 2757 break;
980e1a53 2758 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2759 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2760 break;
2761 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2762 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2763 break;
17fa4b9d 2764 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2765 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2766 break;
e9a416b5 2767 case MGMT_OP_PAIR_DEVICE:
650f726d 2768 err = pair_device(sk, index, cp, len);
e9a416b5 2769 break;
28424707
JH		 2770 case MGMT_OP_CANCEL_PAIR_DEVICE:
2771 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2772 break;
124f6e35
JH		 2773 case MGMT_OP_UNPAIR_DEVICE:
2774 err = unpair_device(sk, index, cp, len);
2775 break;
a5c29683 2776 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2777 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2778 break;
2779 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2780 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2781 break;
604086b7 2782 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2783 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2784 break;
2785 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2786 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2787 break;
b312b161 2788 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2789 err = set_local_name(sk, index, cp, len);
b312b161 2790 break;
c35938b2
SJ		 2791 case MGMT_OP_READ_LOCAL_OOB_DATA:
2792 err = read_local_oob_data(sk, index);
2793 break;
2763eda6 2794 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2795 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2796 break;
2797 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2798 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2799 break;
14a53664 2800 case MGMT_OP_START_DISCOVERY:
650f726d 2801 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2802 break;
2803 case MGMT_OP_STOP_DISCOVERY:
d930650b 2804 err = stop_discovery(sk, index, cp, len);
14a53664 2805 break;
561aafbc 2806 case MGMT_OP_CONFIRM_NAME:
650f726d 2807 err = confirm_name(sk, index, cp, len);
561aafbc 2808 break;
7fbec224 2809 case MGMT_OP_BLOCK_DEVICE:
650f726d 2810 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2811 break;
2812 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2813 err = unblock_device(sk, index, cp, len);
7fbec224 2814 break;
346af67b
VCG		 2815 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2816 err = load_long_term_keys(sk, index, cp, len);
2817 break;
0381101f
JH		 2818 default:
2819 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2820 err = cmd_status(sk, index, opcode,
2821 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2822 break;
2823 }
2824
e41d8b4e
JH		 2825 if (err < 0)
2826 goto done;
2827
0381101f
JH		 2828 err = msglen;
2829
2830done:
2831 kfree(buf);
2832 return err;
2833}
c71e97bf 2834
b24752fe
JH		 2835static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2836{
2837 u8 *status = data;
2838
2839 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2840 mgmt_pending_remove(cmd);
2841}
2842
744cf19e 2843int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2844{
744cf19e 2845 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2846}
2847
744cf19e 2848int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2849{
b24752fe
JH		 2850 u8 status = ENODEV;
2851
744cf19e 2852 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2853
744cf19e 2854 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2855}
2856
73f22f62 2857struct cmd_lookup {
eec8d2bc 2858 struct sock *sk;
69ab39ea 2859 struct hci_dev *hdev;
eec8d2bc
JH		 2860};
2861
69ab39ea 2862static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2863{
73f22f62 2864 struct cmd_lookup *match = data;
eec8d2bc 2865
69ab39ea 2866 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2867
2868 list_del(&cmd->list);
2869
2870 if (match->sk == NULL) {
2871 match->sk = cmd->sk;
2872 sock_hold(match->sk);
2873 }
2874
2875 mgmt_pending_free(cmd);
c71e97bf 2876}
5add6af8 2877
744cf19e 2878int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2879{
76a7f3a4 2880 struct cmd_lookup match = { NULL, hdev };
69ab39ea 2881 __le32 ev;
7bb895d6 2882 int err;
5add6af8 2883
69ab39ea 2884 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2885
b24752fe
JH		 2886 if (!powered) {
2887 u8 status = ENETDOWN;
744cf19e 2888 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2889 }
2890
69ab39ea 2891 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2892
7bb895d6 2893 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
69ab39ea 2894 match.sk);
eec8d2bc
JH		 2895
2896 if (match.sk)
2897 sock_put(match.sk);
2898
7bb895d6 2899 return err;
5add6af8 2900}
73f22f62 2901
744cf19e 2902int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2903{
76a7f3a4 2904 struct cmd_lookup match = { NULL, hdev };
69ab39ea 2905 __le32 ev;
7bb895d6 2906 int err;
73f22f62 2907
69ab39ea 2908 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2909
69ab39ea 2910 ev = cpu_to_le32(get_current_settings(hdev));
73f22f62 2911
7bb895d6 2912 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2913 match.sk);
73f22f62
JH		 2914 if (match.sk)
2915 sock_put(match.sk);
2916
7bb895d6 2917 return err;
73f22f62 2918}
9fbcbb45 2919
744cf19e 2920int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2921{
69ab39ea 2922 __le32 ev;
76a7f3a4 2923 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2924 int err;
9fbcbb45 2925
69ab39ea
JH		 2926 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2927 &match);
9fbcbb45 2928
69ab39ea 2929 ev = cpu_to_le32(get_current_settings(hdev));
9fbcbb45 2930
7bb895d6 2931 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2932
2933 if (match.sk)
2934 sock_put(match.sk);
2935
7bb895d6 2936 return err;
9fbcbb45 2937}
55ed8ca1 2938
744cf19e 2939int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2940{
ca69b795
JH		 2941 u8 mgmt_err = mgmt_status(status);
2942
2d7cee58 2943 if (scan & SCAN_PAGE)
744cf19e 2944 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2945 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2946
2947 if (scan & SCAN_INQUIRY)
744cf19e 2948 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2949 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2950
2951 return 0;
2952}
2953
744cf19e
JH		 2954int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2955 u8 persistent)
55ed8ca1 2956{
86742e1e 2957 struct mgmt_ev_new_link_key ev;
55ed8ca1 2958
a492cd52 2959 memset(&ev, 0, sizeof(ev));
55ed8ca1 2960
a492cd52 2961 ev.store_hint = persistent;
d753fdc4
JH		 2962 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2963 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2964 ev.key.type = key->type;
2965 memcpy(ev.key.val, key->val, 16);
2966 ev.key.pin_len = key->pin_len;
55ed8ca1 2967
744cf19e 2968 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2969}
f7520543 2970
346af67b
VCG		 2971int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2972{
2973 struct mgmt_ev_new_long_term_key ev;
2974
2975 memset(&ev, 0, sizeof(ev));
2976
2977 ev.store_hint = persistent;
2978 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2979 ev.key.addr.type = key->bdaddr_type;
2980 ev.key.authenticated = key->authenticated;
2981 ev.key.enc_size = key->enc_size;
2982 ev.key.ediv = key->ediv;
2983
2984 if (key->type == HCI_SMP_LTK)
2985 ev.key.master = 1;
2986
2987 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2988 memcpy(ev.key.val, key->val, sizeof(key->val));
2989
2990 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2991 &ev, sizeof(ev), NULL);
2992}
2993
afc747a6 2994int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 2995 u8 addr_type, u8 *name, u8 name_len,
2996 u8 *dev_class)
f7520543 2997{
b644ba33
JH		 2998 char buf[512];
2999 struct mgmt_ev_device_connected *ev = (void *) buf;
3000 u16 eir_len = 0;
f7520543 3001
b644ba33
JH		 3002 bacpy(&ev->addr.bdaddr, bdaddr);
3003 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3004
b644ba33
JH		 3005 if (name_len > 0)
3006 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3007 name, name_len);
3008
3009 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3010 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3011 EIR_CLASS_OF_DEV, dev_class, 3);
3012
3013 put_unaligned_le16(eir_len, &ev->eir_len);
3014
3015 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3016 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3017}
3018
8962ee74
JH		 3019static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3020{
c68fb7ff 3021 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3022 struct sock **sk = data;
a38528f1 3023 struct mgmt_rp_disconnect rp;
8962ee74 3024
88c3df13
JH		 3025 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3026 rp.addr.type = cp->addr.type;
8962ee74 3027
aee9b218
JH		 3028 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3029 sizeof(rp));
8962ee74
JH		 3030
3031 *sk = cmd->sk;
3032 sock_hold(*sk);
3033
a664b5bc 3034 mgmt_pending_remove(cmd);
8962ee74
JH		 3035}
3036
124f6e35 3037static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3038{
b1078ad0 3039 struct hci_dev *hdev = data;
124f6e35
JH		 3040 struct mgmt_cp_unpair_device *cp = cmd->param;
3041 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3042
3043 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3044 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3045 rp.addr.type = cp->addr.type;
a8a1d19e 3046
b1078ad0
JH		 3047 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3048
aee9b218 3049 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3050
3051 mgmt_pending_remove(cmd);
3052}
3053
afc747a6
JH		 3054int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3055 u8 link_type, u8 addr_type)
f7520543 3056{
4c659c39 3057 struct mgmt_addr_info ev;
8962ee74
JH		 3058 struct sock *sk = NULL;
3059 int err;
3060
744cf19e 3061 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3062
f7520543 3063 bacpy(&ev.bdaddr, bdaddr);
48264f06 3064 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3065
afc747a6
JH		 3066 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3067 sk);
8962ee74
JH		 3068
3069 if (sk)
3070 sock_put(sk);
3071
124f6e35 3072 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3073 hdev);
a8a1d19e 3074
8962ee74
JH		 3075 return err;
3076}
3077
88c3df13
JH		 3078int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3079 u8 link_type, u8 addr_type, u8 status)
8962ee74 3080{
88c3df13 3081 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3082 struct pending_cmd *cmd;
3083 int err;
3084
2e58ef3e 3085 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3086 if (!cmd)
3087 return -ENOENT;
3088
88c3df13
JH		 3089 bacpy(&rp.addr.bdaddr, bdaddr);
3090 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3091
88c3df13 3092 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3093 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3094
a664b5bc 3095 mgmt_pending_remove(cmd);
8962ee74 3096
b1078ad0
JH		 3097 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3098 hdev);
8962ee74 3099 return err;
f7520543 3100}
17d5c04c 3101
48264f06
JH		 3102int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3103 u8 addr_type, u8 status)
17d5c04c
JH		 3104{
3105 struct mgmt_ev_connect_failed ev;
3106
4c659c39 3107 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3108 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3109 ev.status = mgmt_status(status);
17d5c04c 3110
744cf19e 3111 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3112}
980e1a53 3113
744cf19e 3114int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3115{
3116 struct mgmt_ev_pin_code_request ev;
3117
d8457698
JH		 3118 bacpy(&ev.addr.bdaddr, bdaddr);
3119 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3120 ev.secure = secure;
980e1a53 3121
744cf19e 3122 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3123 NULL);
980e1a53
JH		 3124}
3125
744cf19e
JH		 3126int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3127 u8 status)
980e1a53
JH		 3128{
3129 struct pending_cmd *cmd;
ac56fb13 3130 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3131 int err;
3132
2e58ef3e 3133 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3134 if (!cmd)
3135 return -ENOENT;
3136
d8457698
JH		 3137 bacpy(&rp.addr.bdaddr, bdaddr);
3138 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3139
aee9b218
JH		 3140 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3141 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3142
a664b5bc 3143 mgmt_pending_remove(cmd);
980e1a53
JH		 3144
3145 return err;
3146}
3147
744cf19e
JH		 3148int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3149 u8 status)
980e1a53
JH		 3150{
3151 struct pending_cmd *cmd;
ac56fb13 3152 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3153 int err;
3154
2e58ef3e 3155 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3156 if (!cmd)
3157 return -ENOENT;
3158
d8457698
JH		 3159 bacpy(&rp.addr.bdaddr, bdaddr);
3160 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3161
aee9b218
JH		 3162 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3163 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3164
a664b5bc 3165 mgmt_pending_remove(cmd);
980e1a53
JH		 3166
3167 return err;
3168}
a5c29683 3169
744cf19e 3170int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3171 u8 link_type, u8 addr_type, __le32 value,
3172 u8 confirm_hint)
a5c29683
JH		 3173{
3174 struct mgmt_ev_user_confirm_request ev;
3175
744cf19e 3176 BT_DBG("%s", hdev->name);
a5c29683 3177
272d90df
JH		 3178 bacpy(&ev.addr.bdaddr, bdaddr);
3179 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3180 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3181 put_unaligned_le32(value, &ev.value);
3182
744cf19e 3183 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3184 NULL);
a5c29683
JH		 3185}
3186
272d90df
JH		 3187int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3188 u8 link_type, u8 addr_type)
604086b7
BG		 3189{
3190 struct mgmt_ev_user_passkey_request ev;
3191
3192 BT_DBG("%s", hdev->name);
3193
272d90df
JH		 3194 bacpy(&ev.addr.bdaddr, bdaddr);
3195 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3196
3197 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3198 NULL);
3199}
3200
0df4c185 3201static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3202 u8 link_type, u8 addr_type, u8 status,
3203 u8 opcode)
a5c29683
JH		 3204{
3205 struct pending_cmd *cmd;
3206 struct mgmt_rp_user_confirm_reply rp;
3207 int err;
3208
2e58ef3e 3209 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3210 if (!cmd)
3211 return -ENOENT;
3212
272d90df
JH		 3213 bacpy(&rp.addr.bdaddr, bdaddr);
3214 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3215 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3216 &rp, sizeof(rp));
a5c29683 3217
a664b5bc 3218 mgmt_pending_remove(cmd);
a5c29683
JH		 3219
3220 return err;
3221}
3222
744cf19e 3223int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3224 u8 link_type, u8 addr_type, u8 status)
a5c29683 3225{
272d90df
JH		 3226 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3227 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3228}
3229
272d90df
JH		 3230int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3231 u8 link_type, u8 addr_type, u8 status)
a5c29683 3232{
272d90df
JH		 3233 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3234 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3235}
2a611692 3236
604086b7 3237int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3238 u8 link_type, u8 addr_type, u8 status)
604086b7 3239{
272d90df
JH		 3240 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3241 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3242}
3243
272d90df
JH		 3244int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3245 u8 link_type, u8 addr_type, u8 status)
604086b7 3246{
272d90df
JH		 3247 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3248 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3249}
3250
bab73cb6
JH		 3251int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3252 u8 addr_type, u8 status)
2a611692
JH		 3253{
3254 struct mgmt_ev_auth_failed ev;
3255
bab73cb6
JH		 3256 bacpy(&ev.addr.bdaddr, bdaddr);
3257 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3258 ev.status = mgmt_status(status);
2a611692 3259
744cf19e 3260 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3261}
b312b161 3262
33ef95ed
JH		 3263int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3264{
3265 struct cmd_lookup match = { NULL, hdev };
3266 __le32 ev;
3267 int err;
3268
3269 if (status) {
3270 u8 mgmt_err = mgmt_status(status);
3271 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3272 cmd_status_rsp, &mgmt_err);
3273 return 0;
3274 }
3275
3276 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3277 &match);
3278
3279 ev = cpu_to_le32(get_current_settings(hdev));
3280 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3281
3282 if (match.sk)
3283 sock_put(match.sk);
3284
3285 return err;
3286}
3287
cacaf52f
JH		 3288static int clear_eir(struct hci_dev *hdev)
3289{
3290 struct hci_cp_write_eir cp;
3291
3292 if (!(hdev->features[6] & LMP_EXT_INQ))
3293 return 0;
3294
3295 memset(&cp, 0, sizeof(cp));
3296
3297 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3298}
3299
ed2c4ee3
JH		 3300int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3301{
3302 struct cmd_lookup match = { NULL, hdev };
3303 __le32 ev;
3304 int err;
3305
3306 if (status) {
3307 u8 mgmt_err = mgmt_status(status);
3308 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3309 cmd_status_rsp, &mgmt_err);
3310 return 0;
3311 }
3312
3313 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3314
3315 ev = cpu_to_le32(get_current_settings(hdev));
3316 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3317
cacaf52f 3318 if (match.sk) {
ed2c4ee3
JH		 3319 sock_put(match.sk);
3320
cacaf52f
JH		 3321 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3322 update_eir(hdev);
3323 else
3324 clear_eir(hdev);
3325 }
3326
ed2c4ee3
JH		 3327 return err;
3328}
3329
744cf19e 3330int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3331{
3332 struct pending_cmd *cmd;
3333 struct mgmt_cp_set_local_name ev;
3334 int err;
3335
3336 memset(&ev, 0, sizeof(ev));
3337 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3338
2e58ef3e 3339 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3340 if (!cmd)
3341 goto send_event;
3342
3343 if (status) {
744cf19e 3344 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3345 mgmt_status(status));
b312b161
JH		 3346 goto failed;
3347 }
3348
744cf19e 3349 update_eir(hdev);
80a1e1db 3350
aee9b218 3351 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3352 sizeof(ev));
3353 if (err < 0)
3354 goto failed;
3355
3356send_event:
744cf19e 3357 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3358 cmd ? cmd->sk : NULL);
3359
3360failed:
3361 if (cmd)
3362 mgmt_pending_remove(cmd);
3363 return err;
3364}
c35938b2 3365
744cf19e
JH		 3366int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3367 u8 *randomizer, u8 status)
c35938b2
SJ		 3368{
3369 struct pending_cmd *cmd;
3370 int err;
3371
744cf19e 3372 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3373
2e58ef3e 3374 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3375 if (!cmd)
3376 return -ENOENT;
3377
3378 if (status) {
744cf19e 3379 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3380 MGMT_OP_READ_LOCAL_OOB_DATA,
3381 mgmt_status(status));
c35938b2
SJ		 3382 } else {
3383 struct mgmt_rp_read_local_oob_data rp;
3384
3385 memcpy(rp.hash, hash, sizeof(rp.hash));
3386 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3387
744cf19e
JH		 3388 err = cmd_complete(cmd->sk, hdev->id,
3389 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3390 0, &rp, sizeof(rp));
c35938b2
SJ		 3391 }
3392
3393 mgmt_pending_remove(cmd);
3394
3395 return err;
3396}
e17acd40 3397
48264f06 3398int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3399 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3400 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3401{
e319d2e7
JH		 3402 char buf[512];
3403 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3404 size_t ev_size;
e17acd40 3405
1dc06093
JH		 3406 /* Leave 5 bytes for a potential CoD field */
3407 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3408 return -EINVAL;
3409
1dc06093
JH		 3410 memset(buf, 0, sizeof(buf));
3411
e319d2e7
JH		 3412 bacpy(&ev->addr.bdaddr, bdaddr);
3413 ev->addr.type = link_to_mgmt(link_type, addr_type);
3414 ev->rssi = rssi;
3415 ev->confirm_name = cfm_name;
e17acd40 3416
1dc06093 3417 if (eir_len > 0)
e319d2e7 3418 memcpy(ev->eir, eir, eir_len);
e17acd40 3419
1dc06093
JH		 3420 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3421 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3422 dev_class, 3);
3423
3424 put_unaligned_le16(eir_len, &ev->eir_len);
3425
3426 ev_size = sizeof(*ev) + eir_len;
f8523598 3427
e319d2e7 3428 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3429}
a88a9652 3430
b644ba33
JH		 3431int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3432 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3433{
b644ba33
JH		 3434 struct mgmt_ev_device_found *ev;
3435 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3436 u16 eir_len;
a88a9652 3437
b644ba33 3438 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3439
b644ba33
JH		 3440 memset(buf, 0, sizeof(buf));
3441
3442 bacpy(&ev->addr.bdaddr, bdaddr);
3443 ev->addr.type = link_to_mgmt(link_type, addr_type);
3444 ev->rssi = rssi;
3445
3446 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3447 name_len);
3448
3449 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3450
053c7e0c
JH		 3451 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3452 sizeof(*ev) + eir_len, NULL);
a88a9652 3453}
314b2381 3454
7a135109 3455int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3456{
3457 struct pending_cmd *cmd;
f808e166 3458 u8 type;
164a6e78
JH		 3459 int err;
3460
203159d4
AG		 3461 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3462
2e58ef3e 3463 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3464 if (!cmd)
3465 return -ENOENT;
3466
f808e166
JH		 3467 type = hdev->discovery.type;
3468
3469 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3470 &type, sizeof(type));
164a6e78
JH		 3471 mgmt_pending_remove(cmd);
3472
3473 return err;
3474}
3475
e6d465cb
AG		 3476int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3477{
3478 struct pending_cmd *cmd;
3479 int err;
3480
3481 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3482 if (!cmd)
3483 return -ENOENT;
3484
d930650b
JH		 3485 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3486 &hdev->discovery.type,
3487 sizeof(hdev->discovery.type));
164a6e78
JH		 3488 mgmt_pending_remove(cmd);
3489
3490 return err;
3491}
3492
744cf19e 3493int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3494{
f963e8e9 3495 struct mgmt_ev_discovering ev;
164a6e78
JH		 3496 struct pending_cmd *cmd;
3497
343fb145
AG		 3498 BT_DBG("%s discovering %u", hdev->name, discovering);
3499
164a6e78 3500 if (discovering)
2e58ef3e 3501 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3502 else
2e58ef3e 3503 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3504
3505 if (cmd != NULL) {
f808e166
JH		 3506 u8 type = hdev->discovery.type;
3507
d930650b 3508 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3509 &type, sizeof(type));
164a6e78
JH		 3510 mgmt_pending_remove(cmd);
3511 }
3512
f963e8e9
JH		 3513 memset(&ev, 0, sizeof(ev));
3514 ev.type = hdev->discovery.type;
3515 ev.discovering = discovering;
3516
3517 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3518}
5e762444 3519
88c1fe4b 3520int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3521{
3522 struct pending_cmd *cmd;
3523 struct mgmt_ev_device_blocked ev;
3524
2e58ef3e 3525 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3526
88c1fe4b
JH		 3527 bacpy(&ev.addr.bdaddr, bdaddr);
3528 ev.addr.type = type;
5e762444 3529
744cf19e
JH		 3530 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3531 cmd ? cmd->sk : NULL);
5e762444
AJ		 3532}
3533
88c1fe4b 3534int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3535{
3536 struct pending_cmd *cmd;
3537 struct mgmt_ev_device_unblocked ev;
3538
2e58ef3e 3539 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3540
88c1fe4b
JH		 3541 bacpy(&ev.addr.bdaddr, bdaddr);
3542 ev.addr.type = type;
5e762444 3543
744cf19e
JH		 3544 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3545 cmd ? cmd->sk : NULL);
5e762444 3546}
d7b7e796
MH		 3547
3548module_param(enable_hs, bool, 0644);
3549MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3550
3551module_param(enable_le, bool, 0644);
3552MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Ubuntu Artful kernel mirror