]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
ca69b795 25#include <linux/kernel.h>
72359753 26#include <linux/uaccess.h>
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
02d98129
JH		 35#define MGMT_VERSION 0
36#define MGMT_REVISION 1
37
2519a1fc
AG		 38#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
39
7d78525d
JH		 40#define SERVICE_CACHE_TIMEOUT (5 * 1000)
41
eec8d2bc
JH		 42struct pending_cmd {
43 struct list_head list;
fc2f4b13 44 u16 opcode;
eec8d2bc 45 int index;
c68fb7ff 46 void *param;
eec8d2bc 47 struct sock *sk;
e9a416b5 48 void *user_data;
eec8d2bc
JH		 49};
50
ca69b795
JH		 51/* HCI to MGMT error code conversion table */
52static u8 mgmt_status_table[] = {
53 MGMT_STATUS_SUCCESS,
54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
56 MGMT_STATUS_FAILED, /* Hardware Failure */
57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
65 MGMT_STATUS_BUSY, /* Command Disallowed */
66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
67 MGMT_STATUS_REJECTED, /* Rejected Security */
68 MGMT_STATUS_REJECTED, /* Rejected Personal */
69 MGMT_STATUS_TIMEOUT, /* Host Timeout */
70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
76 MGMT_STATUS_BUSY, /* Repeated Attempts */
77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
84 MGMT_STATUS_FAILED, /* Unspecified Error */
85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
91 MGMT_STATUS_FAILED, /* Unit Link Key Used */
92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
93 MGMT_STATUS_TIMEOUT, /* Instant Passed */
94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
95 MGMT_STATUS_FAILED, /* Transaction Collision */
96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
97 MGMT_STATUS_REJECTED, /* QoS Rejected */
98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
99 MGMT_STATUS_REJECTED, /* Insufficient Security */
100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
101 MGMT_STATUS_BUSY, /* Role Switch Pending */
102 MGMT_STATUS_FAILED, /* Slot Violation */
103 MGMT_STATUS_FAILED, /* Role Switch Failed */
104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
106 MGMT_STATUS_BUSY, /* Host Busy Pairing */
107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
108 MGMT_STATUS_BUSY, /* Controller Busy */
109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
114};
115
116static u8 mgmt_status(u8 hci_status)
117{
118 if (hci_status < ARRAY_SIZE(mgmt_status_table))
119 return mgmt_status_table[hci_status];
120
121 return MGMT_STATUS_FAILED;
122}
123
4e51eae9 124static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 125{
126 struct sk_buff *skb;
127 struct mgmt_hdr *hdr;
128 struct mgmt_ev_cmd_status *ev;
56b7d137 129 int err;
f7b64e69 130
34eb525c 131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 132
133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
134 if (!skb)
135 return -ENOMEM;
136
137 hdr = (void *) skb_put(skb, sizeof(*hdr));
138
139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 140 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 141 hdr->len = cpu_to_le16(sizeof(*ev));
142
143 ev = (void *) skb_put(skb, sizeof(*ev));
144 ev->status = status;
145 put_unaligned_le16(cmd, &ev->opcode);
146
56b7d137
GP		 147 err = sock_queue_rcv_skb(sk, skb);
148 if (err < 0)
f7b64e69
JH		 149 kfree_skb(skb);
150
56b7d137 151 return err;
f7b64e69
JH		 152}
153
4e51eae9
SJ		 154static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
155 size_t rp_len)
02d98129
JH		 156{
157 struct sk_buff *skb;
158 struct mgmt_hdr *hdr;
159 struct mgmt_ev_cmd_complete *ev;
56b7d137 160 int err;
02d98129
JH		 161
162 BT_DBG("sock %p", sk);
163
a38528f1 164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 165 if (!skb)
166 return -ENOMEM;
167
168 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 169
a38528f1 170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 171 hdr->index = cpu_to_le16(index);
a38528f1 172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 173
a38528f1
JH		 174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 176
177 if (rp)
178 memcpy(ev->data, rp, rp_len);
02d98129 179
56b7d137
GP		 180 err = sock_queue_rcv_skb(sk, skb);
181 if (err < 0)
02d98129
JH		 182 kfree_skb(skb);
183
56b7d137 184 return err;;
02d98129
JH		 185}
186
a38528f1
JH		 187static int read_version(struct sock *sk)
188{
189 struct mgmt_rp_read_version rp;
190
191 BT_DBG("sock %p", sk);
192
193 rp.version = MGMT_VERSION;
194 put_unaligned_le16(MGMT_REVISION, &rp.revision);
195
4e51eae9
SJ		 196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
197 sizeof(rp));
a38528f1
JH		 198}
199
faba42eb
JH		 200static int read_index_list(struct sock *sk)
201{
faba42eb
JH		 202 struct mgmt_rp_read_index_list *rp;
203 struct list_head *p;
8035ded4 204 struct hci_dev *d;
a38528f1 205 size_t rp_len;
faba42eb 206 u16 count;
a38528f1 207 int i, err;
faba42eb
JH		 208
209 BT_DBG("sock %p", sk);
210
211 read_lock(&hci_dev_list_lock);
212
213 count = 0;
214 list_for_each(p, &hci_dev_list) {
215 count++;
216 }
217
a38528f1
JH		 218 rp_len = sizeof(*rp) + (2 * count);
219 rp = kmalloc(rp_len, GFP_ATOMIC);
220 if (!rp) {
b2c60d42 221 read_unlock(&hci_dev_list_lock);
faba42eb 222 return -ENOMEM;
b2c60d42 223 }
faba42eb 224
faba42eb
JH		 225 put_unaligned_le16(count, &rp->num_controllers);
226
227 i = 0;
8035ded4 228 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
e0f9309f 230 cancel_delayed_work(&d->power_off);
ab81cbf9 231
a8b2d5c2 232 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 233 continue;
234
faba42eb
JH		 235 put_unaligned_le16(d->id, &rp->index[i++]);
236 BT_DBG("Added hci%u", d->id);
237 }
238
239 read_unlock(&hci_dev_list_lock);
240
4e51eae9
SJ		 241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
242 rp_len);
faba42eb 243
a38528f1
JH		 244 kfree(rp);
245
246 return err;
faba42eb
JH		 247}
248
69ab39ea
JH		 249static u32 get_supported_settings(struct hci_dev *hdev)
250{
251 u32 settings = 0;
252
253 settings |= MGMT_SETTING_POWERED;
254 settings |= MGMT_SETTING_CONNECTABLE;
255 settings |= MGMT_SETTING_FAST_CONNECTABLE;
256 settings |= MGMT_SETTING_DISCOVERABLE;
257 settings |= MGMT_SETTING_PAIRABLE;
258
259 if (hdev->features[6] & LMP_SIMPLE_PAIR)
260 settings |= MGMT_SETTING_SSP;
261
262 if (!(hdev->features[4] & LMP_NO_BREDR)) {
263 settings |= MGMT_SETTING_BREDR;
264 settings |= MGMT_SETTING_LINK_SECURITY;
265 }
266
267 if (hdev->features[4] & LMP_LE)
268 settings |= MGMT_SETTING_LE;
269
270 return settings;
271}
272
273static u32 get_current_settings(struct hci_dev *hdev)
274{
275 u32 settings = 0;
276
277 if (test_bit(HCI_UP, &hdev->flags))
278 settings |= MGMT_SETTING_POWERED;
279 else
280 return settings;
281
282 if (test_bit(HCI_PSCAN, &hdev->flags))
283 settings |= MGMT_SETTING_CONNECTABLE;
284
285 if (test_bit(HCI_ISCAN, &hdev->flags))
286 settings |= MGMT_SETTING_DISCOVERABLE;
287
a8b2d5c2 288 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 289 settings |= MGMT_SETTING_PAIRABLE;
290
291 if (!(hdev->features[4] & LMP_NO_BREDR))
292 settings |= MGMT_SETTING_BREDR;
293
59e29406 294 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 295 settings |= MGMT_SETTING_LE;
296
297 if (test_bit(HCI_AUTH, &hdev->flags))
298 settings |= MGMT_SETTING_LINK_SECURITY;
299
84bde9d6 300 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 301 settings |= MGMT_SETTING_SSP;
302
303 return settings;
304}
305
ef580372
JH		 306#define PNP_INFO_SVCLASS_ID 0x1200
307
308static u8 bluetooth_base_uuid[] = {
309 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
310 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
311};
312
313static u16 get_uuid16(u8 *uuid128)
314{
315 u32 val;
316 int i;
317
318 for (i = 0; i < 12; i++) {
319 if (bluetooth_base_uuid[i] != uuid128[i])
320 return 0;
321 }
322
323 memcpy(&val, &uuid128[12], 4);
324
325 val = le32_to_cpu(val);
326 if (val > 0xffff)
327 return 0;
328
329 return (u16) val;
330}
331
332static void create_eir(struct hci_dev *hdev, u8 *data)
333{
334 u8 *ptr = data;
335 u16 eir_len = 0;
336 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
337 int i, truncated = 0;
338 struct bt_uuid *uuid;
339 size_t name_len;
340
341 name_len = strlen(hdev->dev_name);
342
343 if (name_len > 0) {
344 /* EIR Data type */
345 if (name_len > 48) {
346 name_len = 48;
347 ptr[1] = EIR_NAME_SHORT;
348 } else
349 ptr[1] = EIR_NAME_COMPLETE;
350
351 /* EIR Data length */
352 ptr[0] = name_len + 1;
353
354 memcpy(ptr + 2, hdev->dev_name, name_len);
355
356 eir_len += (name_len + 2);
357 ptr += (name_len + 2);
358 }
359
360 memset(uuid16_list, 0, sizeof(uuid16_list));
361
362 /* Group all UUID16 types */
363 list_for_each_entry(uuid, &hdev->uuids, list) {
364 u16 uuid16;
365
366 uuid16 = get_uuid16(uuid->uuid);
367 if (uuid16 == 0)
368 return;
369
370 if (uuid16 < 0x1100)
371 continue;
372
373 if (uuid16 == PNP_INFO_SVCLASS_ID)
374 continue;
375
376 /* Stop if not enough space to put next UUID */
377 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
378 truncated = 1;
379 break;
380 }
381
382 /* Check for duplicates */
383 for (i = 0; uuid16_list[i] != 0; i++)
384 if (uuid16_list[i] == uuid16)
385 break;
386
387 if (uuid16_list[i] == 0) {
388 uuid16_list[i] = uuid16;
389 eir_len += sizeof(u16);
390 }
391 }
392
393 if (uuid16_list[0] != 0) {
394 u8 *length = ptr;
395
396 /* EIR Data type */
397 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
398
399 ptr += 2;
400 eir_len += 2;
401
402 for (i = 0; uuid16_list[i] != 0; i++) {
403 *ptr++ = (uuid16_list[i] & 0x00ff);
404 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
405 }
406
407 /* EIR Data length */
408 *length = (i * sizeof(u16)) + 1;
409 }
410}
411
412static int update_eir(struct hci_dev *hdev)
413{
414 struct hci_cp_write_eir cp;
415
416 if (!(hdev->features[6] & LMP_EXT_INQ))
417 return 0;
418
84bde9d6 419 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 420 return 0;
421
a8b2d5c2 422 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 423 return 0;
424
425 memset(&cp, 0, sizeof(cp));
426
427 create_eir(hdev, cp.data);
428
429 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
430 return 0;
431
432 memcpy(hdev->eir, cp.data, sizeof(cp.data));
433
434 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
435}
436
437static u8 get_service_classes(struct hci_dev *hdev)
438{
439 struct bt_uuid *uuid;
440 u8 val = 0;
441
442 list_for_each_entry(uuid, &hdev->uuids, list)
443 val |= uuid->svc_hint;
444
445 return val;
446}
447
448static int update_class(struct hci_dev *hdev)
449{
450 u8 cod[3];
451
452 BT_DBG("%s", hdev->name);
453
a8b2d5c2 454 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 455 return 0;
456
457 cod[0] = hdev->minor_class;
458 cod[1] = hdev->major_class;
459 cod[2] = get_service_classes(hdev);
460
461 if (memcmp(cod, hdev->dev_class, 3) == 0)
462 return 0;
463
464 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
465}
466
7d78525d
JH		 467static void service_cache_off(struct work_struct *work)
468{
469 struct hci_dev *hdev = container_of(work, struct hci_dev,
470 service_cache.work);
471
a8b2d5c2 472 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 473 return;
474
475 hci_dev_lock(hdev);
476
477 update_eir(hdev);
478 update_class(hdev);
479
480 hci_dev_unlock(hdev);
481}
482
483static void mgmt_init_hdev(struct hci_dev *hdev)
484{
a8b2d5c2 485 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
7d78525d
JH		 486 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
487
a8b2d5c2 488 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 489 schedule_delayed_work(&hdev->service_cache,
490 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
491}
492
4e51eae9 493static int read_controller_info(struct sock *sk, u16 index)
0381101f 494{
a38528f1 495 struct mgmt_rp_read_info rp;
f7b64e69 496 struct hci_dev *hdev;
0381101f 497
4e51eae9 498 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 499
4e51eae9 500 hdev = hci_dev_get(index);
a38528f1 501 if (!hdev)
ca69b795
JH		 502 return cmd_status(sk, index, MGMT_OP_READ_INFO,
503 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 504
a8b2d5c2 505 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3243553f 506 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 507
09fd0de5 508 hci_dev_lock(hdev);
f7b64e69 509
7d78525d
JH		 510 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
511 mgmt_init_hdev(hdev);
ebc99feb 512
dc4fe30b
JH		 513 memset(&rp, 0, sizeof(rp));
514
69ab39ea 515 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 516
69ab39ea 517 rp.version = hdev->hci_ver;
f7b64e69 518
69ab39ea
JH		 519 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
520
521 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
522 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 523
a38528f1 524 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 525
dc4fe30b
JH		 526 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
527
09fd0de5 528 hci_dev_unlock(hdev);
f7b64e69 529 hci_dev_put(hdev);
0381101f 530
4e51eae9 531 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 532}
533
eec8d2bc
JH		 534static void mgmt_pending_free(struct pending_cmd *cmd)
535{
536 sock_put(cmd->sk);
c68fb7ff 537 kfree(cmd->param);
eec8d2bc
JH		 538 kfree(cmd);
539}
540
366a0336 541static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 542 struct hci_dev *hdev,
543 void *data, u16 len)
eec8d2bc
JH		 544{
545 struct pending_cmd *cmd;
546
547 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
548 if (!cmd)
366a0336 549 return NULL;
eec8d2bc
JH		 550
551 cmd->opcode = opcode;
2e58ef3e 552 cmd->index = hdev->id;
eec8d2bc 553
c68fb7ff
SJ		 554 cmd->param = kmalloc(len, GFP_ATOMIC);
555 if (!cmd->param) {
eec8d2bc 556 kfree(cmd);
366a0336 557 return NULL;
eec8d2bc
JH		 558 }
559
8fce6357
SJ		 560 if (data)
561 memcpy(cmd->param, data, len);
eec8d2bc
JH		 562
563 cmd->sk = sk;
564 sock_hold(sk);
565
2e58ef3e 566 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 567
366a0336 568 return cmd;
eec8d2bc
JH		 569}
570
744cf19e 571static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 572 void (*cb)(struct pending_cmd *cmd, void *data),
573 void *data)
574{
575 struct list_head *p, *n;
576
2e58ef3e 577 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 578 struct pending_cmd *cmd;
579
580 cmd = list_entry(p, struct pending_cmd, list);
581
b24752fe 582 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 583 continue;
584
eec8d2bc
JH		 585 cb(cmd, data);
586 }
587}
588
2e58ef3e 589static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 590{
8035ded4 591 struct pending_cmd *cmd;
eec8d2bc 592
2e58ef3e 593 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 594 if (cmd->opcode == opcode)
595 return cmd;
eec8d2bc
JH		 596 }
597
598 return NULL;
599}
600
a664b5bc 601static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 602{
73f22f62
JH		 603 list_del(&cmd->list);
604 mgmt_pending_free(cmd);
605}
606
69ab39ea 607static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 608{
69ab39ea 609 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 610
69ab39ea 611 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
8680570b
JH		 612}
613
4e51eae9 614static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
eec8d2bc 615{
72a734ec 616 struct mgmt_mode *cp;
eec8d2bc 617 struct hci_dev *hdev;
366a0336 618 struct pending_cmd *cmd;
366a0336 619 int err, up;
eec8d2bc
JH		 620
621 cp = (void *) data;
eec8d2bc 622
4e51eae9 623 BT_DBG("request for hci%u", index);
eec8d2bc 624
bdce7baf 625 if (len != sizeof(*cp))
ca69b795
JH		 626 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
627 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 628
4e51eae9 629 hdev = hci_dev_get(index);
eec8d2bc 630 if (!hdev)
ca69b795
JH		 631 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
632 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 633
09fd0de5 634 hci_dev_lock(hdev);
eec8d2bc
JH		 635
636 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 637 if ((cp->val && up) || (!cp->val && !up)) {
69ab39ea 638 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 639 goto failed;
640 }
641
2e58ef3e 642 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 643 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
644 MGMT_STATUS_BUSY);
eec8d2bc
JH		 645 goto failed;
646 }
647
2e58ef3e 648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 649 if (!cmd) {
650 err = -ENOMEM;
eec8d2bc 651 goto failed;
366a0336 652 }
eec8d2bc 653
72a734ec 654 if (cp->val)
7f971041 655 schedule_work(&hdev->power_on);
eec8d2bc 656 else
80b7ab33 657 schedule_work(&hdev->power_off.work);
eec8d2bc 658
366a0336 659 err = 0;
eec8d2bc
JH		 660
661failed:
09fd0de5 662 hci_dev_unlock(hdev);
eec8d2bc 663 hci_dev_put(hdev);
366a0336 664 return err;
eec8d2bc
JH		 665}
666
4e51eae9
SJ		 667static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
668 u16 len)
73f22f62 669{
16ab91ab 670 struct mgmt_cp_set_discoverable *cp;
73f22f62 671 struct hci_dev *hdev;
366a0336 672 struct pending_cmd *cmd;
73f22f62
JH		 673 u8 scan;
674 int err;
675
676 cp = (void *) data;
73f22f62 677
4e51eae9 678 BT_DBG("request for hci%u", index);
73f22f62 679
bdce7baf 680 if (len != sizeof(*cp))
ca69b795
JH		 681 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
682 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 683
4e51eae9 684 hdev = hci_dev_get(index);
73f22f62 685 if (!hdev)
ca69b795
JH		 686 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
687 MGMT_STATUS_INVALID_PARAMS);
73f22f62 688
09fd0de5 689 hci_dev_lock(hdev);
73f22f62
JH		 690
691 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 692 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
693 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 694 goto failed;
695 }
696
2e58ef3e
JH		 697 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
698 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 699 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
700 MGMT_STATUS_BUSY);
73f22f62
JH		 701 goto failed;
702 }
703
72a734ec 704 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 705 test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 706 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 707 goto failed;
708 }
709
2e58ef3e 710 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 711 if (!cmd) {
712 err = -ENOMEM;
73f22f62 713 goto failed;
366a0336 714 }
73f22f62
JH		 715
716 scan = SCAN_PAGE;
717
72a734ec 718 if (cp->val)
73f22f62 719 scan |= SCAN_INQUIRY;
16ab91ab 720 else
e0f9309f 721 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 722
723 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
724 if (err < 0)
a664b5bc 725 mgmt_pending_remove(cmd);
73f22f62 726
16ab91ab
JH		 727 if (cp->val)
728 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
729
73f22f62 730failed:
09fd0de5 731 hci_dev_unlock(hdev);
73f22f62
JH		 732 hci_dev_put(hdev);
733
734 return err;
735}
736
4e51eae9
SJ		 737static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
738 u16 len)
9fbcbb45 739{
72a734ec 740 struct mgmt_mode *cp;
9fbcbb45 741 struct hci_dev *hdev;
366a0336 742 struct pending_cmd *cmd;
9fbcbb45
JH		 743 u8 scan;
744 int err;
745
746 cp = (void *) data;
9fbcbb45 747
4e51eae9 748 BT_DBG("request for hci%u", index);
9fbcbb45 749
bdce7baf 750 if (len != sizeof(*cp))
ca69b795
JH		 751 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
752 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 753
4e51eae9 754 hdev = hci_dev_get(index);
9fbcbb45 755 if (!hdev)
ca69b795
JH		 756 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
757 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 758
09fd0de5 759 hci_dev_lock(hdev);
9fbcbb45
JH		 760
761 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 762 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
763 MGMT_STATUS_NOT_POWERED);
9fbcbb45
JH		 764 goto failed;
765 }
766
2e58ef3e
JH		 767 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
768 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 769 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
770 MGMT_STATUS_BUSY);
9fbcbb45
JH		 771 goto failed;
772 }
773
72a734ec 774 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 775 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 776 goto failed;
777 }
778
2e58ef3e 779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 780 if (!cmd) {
781 err = -ENOMEM;
9fbcbb45 782 goto failed;
366a0336 783 }
9fbcbb45 784
72a734ec 785 if (cp->val)
9fbcbb45
JH		 786 scan = SCAN_PAGE;
787 else
788 scan = 0;
789
790 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
791 if (err < 0)
a664b5bc 792 mgmt_pending_remove(cmd);
9fbcbb45
JH		 793
794failed:
09fd0de5 795 hci_dev_unlock(hdev);
9fbcbb45
JH		 796 hci_dev_put(hdev);
797
798 return err;
799}
800
744cf19e
JH		 801static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
802 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 803{
804 struct sk_buff *skb;
805 struct mgmt_hdr *hdr;
806
807 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
808 if (!skb)
809 return -ENOMEM;
810
811 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
812
813 hdr = (void *) skb_put(skb, sizeof(*hdr));
814 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 815 if (hdev)
816 hdr->index = cpu_to_le16(hdev->id);
817 else
818 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 819 hdr->len = cpu_to_le16(data_len);
820
4e51eae9
SJ		 821 if (data)
822 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 823
824 hci_send_to_sock(NULL, skb, skip_sk);
825 kfree_skb(skb);
826
827 return 0;
828}
829
4e51eae9
SJ		 830static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
831 u16 len)
c542a06c 832{
69ab39ea 833 struct mgmt_mode *cp;
c542a06c 834 struct hci_dev *hdev;
69ab39ea 835 __le32 ev;
c542a06c
JH		 836 int err;
837
838 cp = (void *) data;
c542a06c 839
4e51eae9 840 BT_DBG("request for hci%u", index);
c542a06c 841
bdce7baf 842 if (len != sizeof(*cp))
ca69b795
JH		 843 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
844 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 845
4e51eae9 846 hdev = hci_dev_get(index);
c542a06c 847 if (!hdev)
ca69b795
JH		 848 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
849 MGMT_STATUS_INVALID_PARAMS);
c542a06c 850
09fd0de5 851 hci_dev_lock(hdev);
c542a06c
JH		 852
853 if (cp->val)
a8b2d5c2 854 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 855 else
a8b2d5c2 856 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 857
69ab39ea 858 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 859 if (err < 0)
860 goto failed;
861
69ab39ea 862 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 863
69ab39ea 864 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 865
866failed:
09fd0de5 867 hci_dev_unlock(hdev);
c542a06c
JH		 868 hci_dev_put(hdev);
869
870 return err;
871}
872
4e51eae9 873static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 874{
875 struct mgmt_cp_add_uuid *cp;
876 struct hci_dev *hdev;
877 struct bt_uuid *uuid;
2aeb9a1a
JH		 878 int err;
879
880 cp = (void *) data;
2aeb9a1a 881
4e51eae9 882 BT_DBG("request for hci%u", index);
2aeb9a1a 883
bdce7baf 884 if (len != sizeof(*cp))
ca69b795
JH		 885 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
886 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 887
4e51eae9 888 hdev = hci_dev_get(index);
2aeb9a1a 889 if (!hdev)
ca69b795
JH		 890 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
891 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 892
09fd0de5 893 hci_dev_lock(hdev);
2aeb9a1a
JH		 894
895 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
896 if (!uuid) {
897 err = -ENOMEM;
898 goto failed;
899 }
900
901 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 902 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 903
904 list_add(&uuid->list, &hdev->uuids);
905
1aff6f09
JH		 906 err = update_class(hdev);
907 if (err < 0)
908 goto failed;
909
80a1e1db
JH		 910 err = update_eir(hdev);
911 if (err < 0)
912 goto failed;
913
4e51eae9 914 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 915
916failed:
09fd0de5 917 hci_dev_unlock(hdev);
2aeb9a1a
JH		 918 hci_dev_put(hdev);
919
920 return err;
921}
922
4e51eae9 923static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 924{
925 struct list_head *p, *n;
779cb850 926 struct mgmt_cp_remove_uuid *cp;
2aeb9a1a
JH		 927 struct hci_dev *hdev;
928 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 929 int err, found;
930
931 cp = (void *) data;
2aeb9a1a 932
4e51eae9 933 BT_DBG("request for hci%u", index);
2aeb9a1a 934
bdce7baf 935 if (len != sizeof(*cp))
ca69b795
JH		 936 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
937 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 938
4e51eae9 939 hdev = hci_dev_get(index);
2aeb9a1a 940 if (!hdev)
ca69b795
JH		 941 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
942 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 943
09fd0de5 944 hci_dev_lock(hdev);
2aeb9a1a
JH		 945
946 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
947 err = hci_uuids_clear(hdev);
948 goto unlock;
949 }
950
951 found = 0;
952
953 list_for_each_safe(p, n, &hdev->uuids) {
954 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
955
956 if (memcmp(match->uuid, cp->uuid, 16) != 0)
957 continue;
958
959 list_del(&match->list);
960 found++;
961 }
962
963 if (found == 0) {
ca69b795
JH		 964 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
965 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 966 goto unlock;
967 }
968
1aff6f09
JH		 969 err = update_class(hdev);
970 if (err < 0)
971 goto unlock;
972
80a1e1db
JH		 973 err = update_eir(hdev);
974 if (err < 0)
975 goto unlock;
976
4e51eae9 977 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 978
979unlock:
09fd0de5 980 hci_dev_unlock(hdev);
2aeb9a1a
JH		 981 hci_dev_put(hdev);
982
983 return err;
984}
985
4e51eae9
SJ		 986static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
987 u16 len)
1aff6f09
JH		 988{
989 struct hci_dev *hdev;
990 struct mgmt_cp_set_dev_class *cp;
1aff6f09
JH		 991 int err;
992
993 cp = (void *) data;
1aff6f09 994
4e51eae9 995 BT_DBG("request for hci%u", index);
1aff6f09 996
bdce7baf 997 if (len != sizeof(*cp))
ca69b795
JH		 998 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
999 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1000
4e51eae9 1001 hdev = hci_dev_get(index);
1aff6f09 1002 if (!hdev)
ca69b795
JH		 1003 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1004 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1005
09fd0de5 1006 hci_dev_lock(hdev);
1aff6f09
JH		 1007
1008 hdev->major_class = cp->major;
1009 hdev->minor_class = cp->minor;
1010
a8b2d5c2 1011 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1012 hci_dev_unlock(hdev);
1013 cancel_delayed_work_sync(&hdev->service_cache);
1014 hci_dev_lock(hdev);
14c0b608 1015 update_eir(hdev);
7d78525d 1016 }
14c0b608 1017
1aff6f09
JH		 1018 err = update_class(hdev);
1019
1020 if (err == 0)
4e51eae9 1021 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 1022
09fd0de5 1023 hci_dev_unlock(hdev);
1aff6f09
JH		 1024 hci_dev_put(hdev);
1025
1026 return err;
1027}
1028
86742e1e
JH		 1029static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1030 u16 len)
55ed8ca1
JH		 1031{
1032 struct hci_dev *hdev;
86742e1e 1033 struct mgmt_cp_load_link_keys *cp;
4e51eae9 1034 u16 key_count, expected_len;
a492cd52 1035 int i;
55ed8ca1
JH		 1036
1037 cp = (void *) data;
bdce7baf
SJ		 1038
1039 if (len < sizeof(*cp))
ca69b795
JH		 1040 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1041 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1042
55ed8ca1
JH		 1043 key_count = get_unaligned_le16(&cp->key_count);
1044
86742e1e
JH		 1045 expected_len = sizeof(*cp) + key_count *
1046 sizeof(struct mgmt_link_key_info);
a492cd52 1047 if (expected_len != len) {
86742e1e 1048 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1049 len, expected_len);
ca69b795
JH		 1050 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1051 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1052 }
1053
4e51eae9 1054 hdev = hci_dev_get(index);
55ed8ca1 1055 if (!hdev)
ca69b795
JH		 1056 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1057 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1058
4e51eae9 1059 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1060 key_count);
1061
09fd0de5 1062 hci_dev_lock(hdev);
55ed8ca1
JH		 1063
1064 hci_link_keys_clear(hdev);
1065
a8b2d5c2 1066 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1067
1068 if (cp->debug_keys)
a8b2d5c2 1069 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1070 else
a8b2d5c2 1071 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1072
a492cd52 1073 for (i = 0; i < key_count; i++) {
86742e1e 1074 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1075
d25e28ab 1076 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 1077 key->pin_len);
1078 }
1079
0e5f875a
JH		 1080 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1081
09fd0de5 1082 hci_dev_unlock(hdev);
55ed8ca1
JH		 1083 hci_dev_put(hdev);
1084
a492cd52 1085 return 0;
55ed8ca1
JH		 1086}
1087
86742e1e
JH		 1088static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1089 u16 len)
55ed8ca1
JH		 1090{
1091 struct hci_dev *hdev;
86742e1e 1092 struct mgmt_cp_remove_keys *cp;
a8a1d19e
JH		 1093 struct mgmt_rp_remove_keys rp;
1094 struct hci_cp_disconnect dc;
1095 struct pending_cmd *cmd;
55ed8ca1 1096 struct hci_conn *conn;
55ed8ca1
JH		 1097 int err;
1098
1099 cp = (void *) data;
55ed8ca1 1100
bdce7baf 1101 if (len != sizeof(*cp))
ca69b795
JH		 1102 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1103 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1104
4e51eae9 1105 hdev = hci_dev_get(index);
55ed8ca1 1106 if (!hdev)
ca69b795
JH		 1107 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1108 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1109
09fd0de5 1110 hci_dev_lock(hdev);
55ed8ca1 1111
a8a1d19e
JH		 1112 memset(&rp, 0, sizeof(rp));
1113 bacpy(&rp.bdaddr, &cp->bdaddr);
ca69b795 1114 rp.status = MGMT_STATUS_FAILED;
a8a1d19e 1115
55ed8ca1
JH		 1116 err = hci_remove_link_key(hdev, &cp->bdaddr);
1117 if (err < 0) {
ca69b795 1118 rp.status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1119 goto unlock;
1120 }
1121
a8a1d19e
JH		 1122 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1123 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1124 sizeof(rp));
55ed8ca1 1125 goto unlock;
a8a1d19e 1126 }
55ed8ca1
JH		 1127
1128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
a8a1d19e
JH		 1129 if (!conn) {
1130 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1131 sizeof(rp));
1132 goto unlock;
1133 }
55ed8ca1 1134
a8a1d19e
JH		 1135 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1136 if (!cmd) {
1137 err = -ENOMEM;
1138 goto unlock;
55ed8ca1
JH		 1139 }
1140
a8a1d19e
JH		 1141 put_unaligned_le16(conn->handle, &dc.handle);
1142 dc.reason = 0x13; /* Remote User Terminated Connection */
1143 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1144 if (err < 0)
1145 mgmt_pending_remove(cmd);
1146
55ed8ca1 1147unlock:
ca69b795 1148 if (err < 0)
a8a1d19e
JH		 1149 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1150 sizeof(rp));
09fd0de5 1151 hci_dev_unlock(hdev);
55ed8ca1
JH		 1152 hci_dev_put(hdev);
1153
1154 return err;
1155}
1156
4e51eae9 1157static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
8962ee74
JH		 1158{
1159 struct hci_dev *hdev;
1160 struct mgmt_cp_disconnect *cp;
1161 struct hci_cp_disconnect dc;
366a0336 1162 struct pending_cmd *cmd;
8962ee74 1163 struct hci_conn *conn;
8962ee74
JH		 1164 int err;
1165
1166 BT_DBG("");
1167
1168 cp = (void *) data;
8962ee74 1169
bdce7baf 1170 if (len != sizeof(*cp))
ca69b795
JH		 1171 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1173
4e51eae9 1174 hdev = hci_dev_get(index);
8962ee74 1175 if (!hdev)
ca69b795
JH		 1176 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1177 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1178
09fd0de5 1179 hci_dev_lock(hdev);
8962ee74
JH		 1180
1181 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1182 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1183 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1184 goto failed;
1185 }
1186
2e58ef3e 1187 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1188 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1189 MGMT_STATUS_BUSY);
8962ee74
JH		 1190 goto failed;
1191 }
1192
1193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
365227e5
VCG		 1194 if (!conn)
1195 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1196
8962ee74 1197 if (!conn) {
ca69b795
JH		 1198 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1199 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1200 goto failed;
1201 }
1202
2e58ef3e 1203 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1204 if (!cmd) {
1205 err = -ENOMEM;
8962ee74 1206 goto failed;
366a0336 1207 }
8962ee74
JH		 1208
1209 put_unaligned_le16(conn->handle, &dc.handle);
1210 dc.reason = 0x13; /* Remote User Terminated Connection */
1211
1212 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1213 if (err < 0)
a664b5bc 1214 mgmt_pending_remove(cmd);
8962ee74
JH		 1215
1216failed:
09fd0de5 1217 hci_dev_unlock(hdev);
8962ee74
JH		 1218 hci_dev_put(hdev);
1219
1220 return err;
1221}
1222
48264f06 1223static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1224{
1225 switch (link_type) {
1226 case LE_LINK:
48264f06
JH		 1227 switch (addr_type) {
1228 case ADDR_LE_DEV_PUBLIC:
1229 return MGMT_ADDR_LE_PUBLIC;
1230 case ADDR_LE_DEV_RANDOM:
1231 return MGMT_ADDR_LE_RANDOM;
1232 default:
1233 return MGMT_ADDR_INVALID;
1234 }
4c659c39
JH		 1235 case ACL_LINK:
1236 return MGMT_ADDR_BREDR;
1237 default:
1238 return MGMT_ADDR_INVALID;
1239 }
1240}
1241
8ce6284e 1242static int get_connections(struct sock *sk, u16 index)
2784eb41 1243{
2784eb41
JH		 1244 struct mgmt_rp_get_connections *rp;
1245 struct hci_dev *hdev;
8035ded4 1246 struct hci_conn *c;
a38528f1 1247 size_t rp_len;
4e51eae9 1248 u16 count;
2784eb41
JH		 1249 int i, err;
1250
1251 BT_DBG("");
1252
4e51eae9 1253 hdev = hci_dev_get(index);
2784eb41 1254 if (!hdev)
ca69b795
JH		 1255 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1256 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1257
09fd0de5 1258 hci_dev_lock(hdev);
2784eb41
JH		 1259
1260 count = 0;
b644ba33
JH		 1261 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1262 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1263 count++;
2784eb41
JH		 1264 }
1265
4c659c39 1266 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1267 rp = kmalloc(rp_len, GFP_ATOMIC);
1268 if (!rp) {
2784eb41
JH		 1269 err = -ENOMEM;
1270 goto unlock;
1271 }
1272
2784eb41
JH		 1273 put_unaligned_le16(count, &rp->conn_count);
1274
2784eb41 1275 i = 0;
4c659c39 1276 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1277 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1278 continue;
4c659c39 1279 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1280 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1281 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1282 continue;
1283 i++;
1284 }
1285
1286 /* Recalculate length in case of filtered SCO connections, etc */
1287 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1288
4e51eae9 1289 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1290
1291unlock:
a38528f1 1292 kfree(rp);
09fd0de5 1293 hci_dev_unlock(hdev);
2784eb41
JH		 1294 hci_dev_put(hdev);
1295 return err;
1296}
1297
96d97a67
WR		 1298static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1299 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1300{
1301 struct pending_cmd *cmd;
1302 int err;
1303
2e58ef3e 1304 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1305 sizeof(*cp));
1306 if (!cmd)
1307 return -ENOMEM;
1308
1309 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1310 &cp->bdaddr);
1311 if (err < 0)
1312 mgmt_pending_remove(cmd);
1313
1314 return err;
1315}
1316
4e51eae9
SJ		 1317static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1318 u16 len)
980e1a53
JH		 1319{
1320 struct hci_dev *hdev;
96d97a67 1321 struct hci_conn *conn;
980e1a53 1322 struct mgmt_cp_pin_code_reply *cp;
96d97a67 1323 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1324 struct hci_cp_pin_code_reply reply;
366a0336 1325 struct pending_cmd *cmd;
980e1a53
JH		 1326 int err;
1327
1328 BT_DBG("");
1329
1330 cp = (void *) data;
980e1a53 1331
bdce7baf 1332 if (len != sizeof(*cp))
ca69b795
JH		 1333 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1334 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1335
4e51eae9 1336 hdev = hci_dev_get(index);
980e1a53 1337 if (!hdev)
ca69b795
JH		 1338 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1339 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1340
09fd0de5 1341 hci_dev_lock(hdev);
980e1a53
JH		 1342
1343 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1344 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1345 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1346 goto failed;
1347 }
1348
96d97a67
WR		 1349 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1350 if (!conn) {
ca69b795
JH		 1351 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1352 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1353 goto failed;
1354 }
1355
1356 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1357 bacpy(&ncp.bdaddr, &cp->bdaddr);
1358
1359 BT_ERR("PIN code is not 16 bytes long");
1360
1361 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1362 if (err >= 0)
1363 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1364 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1365
1366 goto failed;
1367 }
1368
2e58ef3e 1369 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1370 if (!cmd) {
1371 err = -ENOMEM;
980e1a53 1372 goto failed;
366a0336 1373 }
980e1a53
JH		 1374
1375 bacpy(&reply.bdaddr, &cp->bdaddr);
1376 reply.pin_len = cp->pin_len;
24718ca5 1377 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1378
1379 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1380 if (err < 0)
a664b5bc 1381 mgmt_pending_remove(cmd);
980e1a53
JH		 1382
1383failed:
09fd0de5 1384 hci_dev_unlock(hdev);
980e1a53
JH		 1385 hci_dev_put(hdev);
1386
1387 return err;
1388}
1389
4e51eae9
SJ		 1390static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1391 u16 len)
980e1a53
JH		 1392{
1393 struct hci_dev *hdev;
1394 struct mgmt_cp_pin_code_neg_reply *cp;
980e1a53
JH		 1395 int err;
1396
1397 BT_DBG("");
1398
1399 cp = (void *) data;
980e1a53 1400
bdce7baf
SJ		 1401 if (len != sizeof(*cp))
1402 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1403 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1404
4e51eae9 1405 hdev = hci_dev_get(index);
980e1a53 1406 if (!hdev)
4e51eae9 1407 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1408 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1409
09fd0de5 1410 hci_dev_lock(hdev);
980e1a53
JH		 1411
1412 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1413 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1414 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1415 goto failed;
1416 }
1417
96d97a67 1418 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1419
1420failed:
09fd0de5 1421 hci_dev_unlock(hdev);
980e1a53
JH		 1422 hci_dev_put(hdev);
1423
1424 return err;
1425}
1426
4e51eae9
SJ		 1427static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1428 u16 len)
17fa4b9d
JH		 1429{
1430 struct hci_dev *hdev;
1431 struct mgmt_cp_set_io_capability *cp;
17fa4b9d
JH		 1432
1433 BT_DBG("");
1434
1435 cp = (void *) data;
17fa4b9d 1436
bdce7baf 1437 if (len != sizeof(*cp))
ca69b795
JH		 1438 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1439 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1440
4e51eae9 1441 hdev = hci_dev_get(index);
17fa4b9d 1442 if (!hdev)
ca69b795
JH		 1443 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1444 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1445
09fd0de5 1446 hci_dev_lock(hdev);
17fa4b9d
JH		 1447
1448 hdev->io_capability = cp->io_capability;
1449
1450 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1451 hdev->io_capability);
17fa4b9d 1452
09fd0de5 1453 hci_dev_unlock(hdev);
17fa4b9d
JH		 1454 hci_dev_put(hdev);
1455
4e51eae9 1456 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1457}
1458
e9a416b5
JH		 1459static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1460{
1461 struct hci_dev *hdev = conn->hdev;
8035ded4 1462 struct pending_cmd *cmd;
e9a416b5 1463
2e58ef3e 1464 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1465 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1466 continue;
1467
e9a416b5
JH		 1468 if (cmd->user_data != conn)
1469 continue;
1470
1471 return cmd;
1472 }
1473
1474 return NULL;
1475}
1476
1477static void pairing_complete(struct pending_cmd *cmd, u8 status)
1478{
1479 struct mgmt_rp_pair_device rp;
1480 struct hci_conn *conn = cmd->user_data;
1481
ba4e564f
JH		 1482 bacpy(&rp.addr.bdaddr, &conn->dst);
1483 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5
JH		 1484 rp.status = status;
1485
4e51eae9 1486 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1487
1488 /* So we don't get further callbacks for this connection */
1489 conn->connect_cfm_cb = NULL;
1490 conn->security_cfm_cb = NULL;
1491 conn->disconn_cfm_cb = NULL;
1492
1493 hci_conn_put(conn);
1494
a664b5bc 1495 mgmt_pending_remove(cmd);
e9a416b5
JH		 1496}
1497
1498static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1499{
1500 struct pending_cmd *cmd;
1501
1502 BT_DBG("status %u", status);
1503
1504 cmd = find_pairing(conn);
56e5cb86 1505 if (!cmd)
e9a416b5 1506 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1507 else
1508 pairing_complete(cmd, status);
e9a416b5
JH		 1509}
1510
4e51eae9 1511static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
e9a416b5
JH		 1512{
1513 struct hci_dev *hdev;
1514 struct mgmt_cp_pair_device *cp;
1425acb7 1515 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1516 struct pending_cmd *cmd;
1517 u8 sec_level, auth_type;
1518 struct hci_conn *conn;
e9a416b5
JH		 1519 int err;
1520
1521 BT_DBG("");
1522
1523 cp = (void *) data;
e9a416b5 1524
bdce7baf 1525 if (len != sizeof(*cp))
ca69b795
JH		 1526 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1527 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1528
4e51eae9 1529 hdev = hci_dev_get(index);
e9a416b5 1530 if (!hdev)
ca69b795
JH		 1531 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1532 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1533
09fd0de5 1534 hci_dev_lock(hdev);
e9a416b5 1535
c908df36
VCG		 1536 sec_level = BT_SECURITY_MEDIUM;
1537 if (cp->io_cap == 0x03)
e9a416b5 1538 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1539 else
e9a416b5 1540 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1541
ba4e564f
JH		 1542 if (cp->addr.type == MGMT_ADDR_BREDR)
1543 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1544 auth_type);
1545 else
ba4e564f 1546 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1547 auth_type);
1548
1425acb7
JH		 1549 memset(&rp, 0, sizeof(rp));
1550 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1551 rp.addr.type = cp->addr.type;
1552
30e76272 1553 if (IS_ERR(conn)) {
1425acb7
JH		 1554 rp.status = -PTR_ERR(conn);
1555 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1556 &rp, sizeof(rp));
e9a416b5
JH		 1557 goto unlock;
1558 }
1559
1560 if (conn->connect_cfm_cb) {
1561 hci_conn_put(conn);
1425acb7
JH		 1562 rp.status = EBUSY;
1563 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1564 &rp, sizeof(rp));
e9a416b5
JH		 1565 goto unlock;
1566 }
1567
2e58ef3e 1568 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1569 if (!cmd) {
1570 err = -ENOMEM;
1571 hci_conn_put(conn);
1572 goto unlock;
1573 }
1574
7a512d01 1575 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1576 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1577 conn->connect_cfm_cb = pairing_complete_cb;
1578
e9a416b5
JH		 1579 conn->security_cfm_cb = pairing_complete_cb;
1580 conn->disconn_cfm_cb = pairing_complete_cb;
1581 conn->io_capability = cp->io_cap;
1582 cmd->user_data = conn;
1583
1584 if (conn->state == BT_CONNECTED &&
1585 hci_conn_security(conn, sec_level, auth_type))
1586 pairing_complete(cmd, 0);
1587
1588 err = 0;
1589
1590unlock:
09fd0de5 1591 hci_dev_unlock(hdev);
e9a416b5
JH		 1592 hci_dev_put(hdev);
1593
1594 return err;
1595}
1596
28424707
JH		 1597static int cancel_pair_device(struct sock *sk, u16 index,
1598 unsigned char *data, u16 len)
1599{
1600 struct mgmt_addr_info *addr = (void *) data;
1601 struct hci_dev *hdev;
1602 struct pending_cmd *cmd;
1603 struct hci_conn *conn;
1604 int err;
1605
1606 BT_DBG("");
1607
1608 if (len != sizeof(*addr))
1609 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1610 MGMT_STATUS_INVALID_PARAMS);
1611
1612 hdev = hci_dev_get(index);
1613 if (!hdev)
1614 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1615 MGMT_STATUS_INVALID_PARAMS);
1616
1617 hci_dev_lock(hdev);
1618
1619 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1620 if (!cmd) {
1621 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1622 MGMT_STATUS_INVALID_PARAMS);
1623 goto unlock;
1624 }
1625
1626 conn = cmd->user_data;
1627
1628 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1629 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1630 MGMT_STATUS_INVALID_PARAMS);
1631 goto unlock;
1632 }
1633
1634 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1635
1636 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1637 sizeof(*addr));
1638unlock:
1639 hci_dev_unlock(hdev);
1640 hci_dev_put(hdev);
1641
1642 return err;
1643}
1644
0df4c185
BG		 1645static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1646 u16 mgmt_op, u16 hci_op, __le32 passkey)
a5c29683 1647{
a5c29683
JH		 1648 struct pending_cmd *cmd;
1649 struct hci_dev *hdev;
0df4c185 1650 struct hci_conn *conn;
a5c29683
JH		 1651 int err;
1652
4e51eae9 1653 hdev = hci_dev_get(index);
a5c29683 1654 if (!hdev)
ca69b795
JH		 1655 return cmd_status(sk, index, mgmt_op,
1656 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1657
09fd0de5 1658 hci_dev_lock(hdev);
08ba5382 1659
a5c29683 1660 if (!test_bit(HCI_UP, &hdev->flags)) {
0df4c185
BG		 1661 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1662 goto done;
a5c29683
JH		 1663 }
1664
47c15e2b
BG		 1665 /*
1666 * Check for an existing ACL link, if present pair via
1667 * HCI commands.
1668 *
1669 * If no ACL link is present, check for an LE link and if
1670 * present, pair via the SMP engine.
1671 *
1672 * If neither ACL nor LE links are present, fail with error.
1673 */
1674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1675 if (!conn) {
1676 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1677 if (!conn) {
1678 err = cmd_status(sk, index, mgmt_op,
1679 MGMT_STATUS_NOT_CONNECTED);
1680 goto done;
1681 }
1682
1683 /* Continue with pairing via SMP */
5fe57d9e
BG		 1684 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1685
1686 if (!err)
1687 err = cmd_status(sk, index, mgmt_op,
1688 MGMT_STATUS_SUCCESS);
1689 else
1690 err = cmd_status(sk, index, mgmt_op,
1691 MGMT_STATUS_FAILED);
47c15e2b 1692
47c15e2b
BG		 1693 goto done;
1694 }
1695
0df4c185 1696 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 1697 if (!cmd) {
1698 err = -ENOMEM;
0df4c185 1699 goto done;
a5c29683
JH		 1700 }
1701
0df4c185 1702 /* Continue with pairing via HCI */
604086b7
BG		 1703 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1704 struct hci_cp_user_passkey_reply cp;
1705
1706 bacpy(&cp.bdaddr, bdaddr);
1707 cp.passkey = passkey;
1708 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1709 } else
1710 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1711
a664b5bc
JH		 1712 if (err < 0)
1713 mgmt_pending_remove(cmd);
a5c29683 1714
0df4c185 1715done:
09fd0de5 1716 hci_dev_unlock(hdev);
a5c29683
JH		 1717 hci_dev_put(hdev);
1718
1719 return err;
1720}
1721
0df4c185
BG		 1722static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1723{
1724 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1725
1726 BT_DBG("");
1727
1728 if (len != sizeof(*cp))
1729 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1730 MGMT_STATUS_INVALID_PARAMS);
1731
1732 return user_pairing_resp(sk, index, &cp->bdaddr,
1733 MGMT_OP_USER_CONFIRM_REPLY,
1734 HCI_OP_USER_CONFIRM_REPLY, 0);
1735}
1736
1737static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1738 u16 len)
1739{
c9c2659f 1740 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 1741
1742 BT_DBG("");
1743
1744 if (len != sizeof(*cp))
1745 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1746 MGMT_STATUS_INVALID_PARAMS);
1747
1748 return user_pairing_resp(sk, index, &cp->bdaddr,
1749 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1750 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1751}
1752
604086b7
BG		 1753static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1754{
1755 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1756
1757 BT_DBG("");
1758
1759 if (len != sizeof(*cp))
1760 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1761 EINVAL);
1762
1763 return user_pairing_resp(sk, index, &cp->bdaddr,
1764 MGMT_OP_USER_PASSKEY_REPLY,
1765 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1766}
1767
1768static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1769 u16 len)
1770{
1771 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1772
1773 BT_DBG("");
1774
1775 if (len != sizeof(*cp))
1776 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1777 EINVAL);
1778
1779 return user_pairing_resp(sk, index, &cp->bdaddr,
1780 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1781 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1782}
1783
b312b161
JH		 1784static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1785 u16 len)
1786{
1787 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1788 struct hci_cp_write_local_name hci_cp;
1789 struct hci_dev *hdev;
1790 struct pending_cmd *cmd;
1791 int err;
1792
1793 BT_DBG("");
1794
1795 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 1796 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1797 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 1798
1799 hdev = hci_dev_get(index);
1800 if (!hdev)
ca69b795
JH		 1801 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1802 MGMT_STATUS_INVALID_PARAMS);
b312b161 1803
09fd0de5 1804 hci_dev_lock(hdev);
b312b161 1805
2e58ef3e 1806 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 1807 if (!cmd) {
1808 err = -ENOMEM;
1809 goto failed;
1810 }
1811
1812 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1813 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1814 &hci_cp);
1815 if (err < 0)
1816 mgmt_pending_remove(cmd);
1817
1818failed:
09fd0de5 1819 hci_dev_unlock(hdev);
b312b161
JH		 1820 hci_dev_put(hdev);
1821
1822 return err;
1823}
1824
c35938b2
SJ		 1825static int read_local_oob_data(struct sock *sk, u16 index)
1826{
1827 struct hci_dev *hdev;
1828 struct pending_cmd *cmd;
1829 int err;
1830
1831 BT_DBG("hci%u", index);
1832
1833 hdev = hci_dev_get(index);
1834 if (!hdev)
1835 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1836 MGMT_STATUS_INVALID_PARAMS);
c35938b2 1837
09fd0de5 1838 hci_dev_lock(hdev);
c35938b2
SJ		 1839
1840 if (!test_bit(HCI_UP, &hdev->flags)) {
1841 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1842 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 1843 goto unlock;
1844 }
1845
1846 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1847 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1848 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 1849 goto unlock;
1850 }
1851
2e58ef3e 1852 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 1853 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1854 MGMT_STATUS_BUSY);
c35938b2
SJ		 1855 goto unlock;
1856 }
1857
2e58ef3e 1858 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1859 if (!cmd) {
1860 err = -ENOMEM;
1861 goto unlock;
1862 }
1863
1864 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1865 if (err < 0)
1866 mgmt_pending_remove(cmd);
1867
1868unlock:
09fd0de5 1869 hci_dev_unlock(hdev);
c35938b2
SJ		 1870 hci_dev_put(hdev);
1871
1872 return err;
1873}
1874
2763eda6
SJ		 1875static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1876 u16 len)
1877{
1878 struct hci_dev *hdev;
1879 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1880 int err;
1881
1882 BT_DBG("hci%u ", index);
1883
1884 if (len != sizeof(*cp))
1885 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1886 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1887
1888 hdev = hci_dev_get(index);
1889 if (!hdev)
1890 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1891 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1892
09fd0de5 1893 hci_dev_lock(hdev);
2763eda6
SJ		 1894
1895 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1896 cp->randomizer);
1897 if (err < 0)
ca69b795
JH		 1898 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1899 MGMT_STATUS_FAILED);
2763eda6
SJ		 1900 else
1901 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1902 0);
1903
09fd0de5 1904 hci_dev_unlock(hdev);
2763eda6
SJ		 1905 hci_dev_put(hdev);
1906
1907 return err;
1908}
1909
1910static int remove_remote_oob_data(struct sock *sk, u16 index,
1911 unsigned char *data, u16 len)
1912{
1913 struct hci_dev *hdev;
1914 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1915 int err;
1916
1917 BT_DBG("hci%u ", index);
1918
1919 if (len != sizeof(*cp))
1920 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1921 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1922
1923 hdev = hci_dev_get(index);
1924 if (!hdev)
1925 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1926 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1927
09fd0de5 1928 hci_dev_lock(hdev);
2763eda6
SJ		 1929
1930 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1931 if (err < 0)
1932 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1933 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1934 else
1935 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1936 NULL, 0);
1937
09fd0de5 1938 hci_dev_unlock(hdev);
2763eda6
SJ		 1939 hci_dev_put(hdev);
1940
1941 return err;
1942}
1943
450dfdaf
JH		 1944static int start_discovery(struct sock *sk, u16 index,
1945 unsigned char *data, u16 len)
14a53664 1946{
450dfdaf 1947 struct mgmt_cp_start_discovery *cp = (void *) data;
14a53664
JH		 1948 struct pending_cmd *cmd;
1949 struct hci_dev *hdev;
1950 int err;
1951
1952 BT_DBG("hci%u", index);
1953
450dfdaf
JH		 1954 if (len != sizeof(*cp))
1955 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1956 MGMT_STATUS_INVALID_PARAMS);
1957
14a53664
JH		 1958 hdev = hci_dev_get(index);
1959 if (!hdev)
ca69b795
JH		 1960 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1961 MGMT_STATUS_INVALID_PARAMS);
14a53664 1962
09fd0de5 1963 hci_dev_lock(hdev);
14a53664 1964
bd2d1334 1965 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1966 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1967 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 1968 goto failed;
1969 }
1970
ff9ef578
JH		 1971 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1972 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1973 MGMT_STATUS_BUSY);
1974 goto failed;
1975 }
1976
2e58ef3e 1977 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1978 if (!cmd) {
1979 err = -ENOMEM;
1980 goto failed;
1981 }
1982
2519a1fc 1983 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
14a53664
JH		 1984 if (err < 0)
1985 mgmt_pending_remove(cmd);
ff9ef578
JH		 1986 else
1987 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 1988
1989failed:
09fd0de5 1990 hci_dev_unlock(hdev);
14a53664
JH		 1991 hci_dev_put(hdev);
1992
1993 return err;
1994}
1995
1996static int stop_discovery(struct sock *sk, u16 index)
1997{
1998 struct hci_dev *hdev;
1999 struct pending_cmd *cmd;
30dc78e1
JH		 2000 struct hci_cp_remote_name_req_cancel cp;
2001 struct inquiry_entry *e;
14a53664
JH		 2002 int err;
2003
2004 BT_DBG("hci%u", index);
2005
2006 hdev = hci_dev_get(index);
2007 if (!hdev)
ca69b795
JH		 2008 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2009 MGMT_STATUS_INVALID_PARAMS);
14a53664 2010
09fd0de5 2011 hci_dev_lock(hdev);
14a53664 2012
30dc78e1 2013 if (!hci_discovery_active(hdev)) {
ff9ef578
JH		 2014 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2015 MGMT_STATUS_REJECTED);
30dc78e1 2016 goto unlock;
ff9ef578
JH		 2017 }
2018
2e58ef3e 2019 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2020 if (!cmd) {
2021 err = -ENOMEM;
30dc78e1
JH		 2022 goto unlock;
2023 }
2024
2025 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2026 err = hci_cancel_inquiry(hdev);
2027 if (err < 0)
2028 mgmt_pending_remove(cmd);
2029 else
2030 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2031 goto unlock;
2032 }
2033
2034 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2035 if (!e) {
2036 mgmt_pending_remove(cmd);
2037 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2038 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2039 goto unlock;
14a53664
JH		 2040 }
2041
30dc78e1
JH		 2042 bacpy(&cp.bdaddr, &e->data.bdaddr);
2043 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2044 sizeof(cp), &cp);
14a53664
JH		 2045 if (err < 0)
2046 mgmt_pending_remove(cmd);
ff9ef578
JH		 2047 else
2048 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2049
30dc78e1 2050unlock:
09fd0de5 2051 hci_dev_unlock(hdev);
14a53664
JH		 2052 hci_dev_put(hdev);
2053
2054 return err;
2055}
2056
561aafbc
JH		 2057static int confirm_name(struct sock *sk, u16 index, unsigned char *data,
2058 u16 len)
2059{
2060 struct mgmt_cp_confirm_name *cp = (void *) data;
2061 struct inquiry_entry *e;
2062 struct hci_dev *hdev;
2063 int err;
2064
2065 BT_DBG("hci%u", index);
2066
2067 if (len != sizeof(*cp))
2068 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2069 MGMT_STATUS_INVALID_PARAMS);
2070
2071 hdev = hci_dev_get(index);
2072 if (!hdev)
2073 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2074 MGMT_STATUS_INVALID_PARAMS);
2075
2076 hci_dev_lock(hdev);
2077
30dc78e1
JH		 2078 if (!hci_discovery_active(hdev)) {
2079 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2080 MGMT_STATUS_FAILED);
2081 goto failed;
2082 }
2083
561aafbc
JH		 2084 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2085 if (!e) {
2086 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2087 MGMT_STATUS_INVALID_PARAMS);
2088 goto failed;
2089 }
2090
2091 if (cp->name_known) {
2092 e->name_state = NAME_KNOWN;
2093 list_del(&e->list);
2094 } else {
2095 e->name_state = NAME_NEEDED;
a3d4e20a 2096 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2097 }
2098
2099 err = 0;
2100
2101failed:
2102 hci_dev_unlock(hdev);
2103
2104 return err;
2105}
2106
7fbec224
AJ		 2107static int block_device(struct sock *sk, u16 index, unsigned char *data,
2108 u16 len)
2109{
2110 struct hci_dev *hdev;
5e762444 2111 struct mgmt_cp_block_device *cp = (void *) data;
7fbec224
AJ		 2112 int err;
2113
2114 BT_DBG("hci%u", index);
2115
7fbec224
AJ		 2116 if (len != sizeof(*cp))
2117 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2118 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2119
2120 hdev = hci_dev_get(index);
2121 if (!hdev)
2122 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2123 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2124
09fd0de5 2125 hci_dev_lock(hdev);
5e762444 2126
7fbec224 2127 err = hci_blacklist_add(hdev, &cp->bdaddr);
7fbec224 2128 if (err < 0)
ca69b795
JH		 2129 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2130 MGMT_STATUS_FAILED);
7fbec224
AJ		 2131 else
2132 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2133 NULL, 0);
5e762444 2134
09fd0de5 2135 hci_dev_unlock(hdev);
7fbec224
AJ		 2136 hci_dev_put(hdev);
2137
2138 return err;
2139}
2140
2141static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2142 u16 len)
2143{
2144 struct hci_dev *hdev;
5e762444 2145 struct mgmt_cp_unblock_device *cp = (void *) data;
7fbec224
AJ		 2146 int err;
2147
2148 BT_DBG("hci%u", index);
2149
7fbec224
AJ		 2150 if (len != sizeof(*cp))
2151 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2152 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2153
2154 hdev = hci_dev_get(index);
2155 if (!hdev)
2156 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2157 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2158
09fd0de5 2159 hci_dev_lock(hdev);
5e762444 2160
7fbec224
AJ		 2161 err = hci_blacklist_del(hdev, &cp->bdaddr);
2162
2163 if (err < 0)
ca69b795
JH		 2164 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2165 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2166 else
2167 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2168 NULL, 0);
5e762444 2169
09fd0de5 2170 hci_dev_unlock(hdev);
7fbec224
AJ		 2171 hci_dev_put(hdev);
2172
2173 return err;
2174}
2175
f6422ec6
AJ		 2176static int set_fast_connectable(struct sock *sk, u16 index,
2177 unsigned char *data, u16 len)
2178{
2179 struct hci_dev *hdev;
f7c6869c 2180 struct mgmt_mode *cp = (void *) data;
f6422ec6
AJ		 2181 struct hci_cp_write_page_scan_activity acp;
2182 u8 type;
2183 int err;
2184
2185 BT_DBG("hci%u", index);
2186
2187 if (len != sizeof(*cp))
2188 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2189 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2190
2191 hdev = hci_dev_get(index);
2192 if (!hdev)
2193 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2194 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2195
2196 hci_dev_lock(hdev);
2197
f7c6869c 2198 if (cp->val) {
f6422ec6
AJ		 2199 type = PAGE_SCAN_TYPE_INTERLACED;
2200 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2201 } else {
2202 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2203 acp.interval = 0x0800; /* default 1.28 sec page scan */
2204 }
2205
2206 acp.window = 0x0012; /* default 11.25 msec page scan window */
2207
2208 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2209 sizeof(acp), &acp);
2210 if (err < 0) {
2211 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2212 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2213 goto done;
2214 }
2215
2216 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2217 if (err < 0) {
2218 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2219 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2220 goto done;
2221 }
2222
2223 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2224 NULL, 0);
2225done:
2226 hci_dev_unlock(hdev);
2227 hci_dev_put(hdev);
2228
2229 return err;
2230}
2231
0381101f
JH		 2232int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2233{
2234 unsigned char *buf;
2235 struct mgmt_hdr *hdr;
4e51eae9 2236 u16 opcode, index, len;
0381101f
JH		 2237 int err;
2238
2239 BT_DBG("got %zu bytes", msglen);
2240
2241 if (msglen < sizeof(*hdr))
2242 return -EINVAL;
2243
e63a15ec 2244 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2245 if (!buf)
2246 return -ENOMEM;
2247
2248 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2249 err = -EFAULT;
2250 goto done;
2251 }
2252
2253 hdr = (struct mgmt_hdr *) buf;
2254 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2255 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2256 len = get_unaligned_le16(&hdr->len);
2257
2258 if (len != msglen - sizeof(*hdr)) {
2259 err = -EINVAL;
2260 goto done;
2261 }
2262
2263 switch (opcode) {
02d98129
JH		 2264 case MGMT_OP_READ_VERSION:
2265 err = read_version(sk);
2266 break;
faba42eb
JH		 2267 case MGMT_OP_READ_INDEX_LIST:
2268 err = read_index_list(sk);
2269 break;
f7b64e69 2270 case MGMT_OP_READ_INFO:
4e51eae9 2271 err = read_controller_info(sk, index);
f7b64e69 2272 break;
eec8d2bc 2273 case MGMT_OP_SET_POWERED:
4e51eae9 2274 err = set_powered(sk, index, buf + sizeof(*hdr), len);
eec8d2bc 2275 break;
73f22f62 2276 case MGMT_OP_SET_DISCOVERABLE:
4e51eae9 2277 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
73f22f62 2278 break;
9fbcbb45 2279 case MGMT_OP_SET_CONNECTABLE:
4e51eae9 2280 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
9fbcbb45 2281 break;
f7c6869c
JH		 2282 case MGMT_OP_SET_FAST_CONNECTABLE:
2283 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2284 len);
2285 break;
c542a06c 2286 case MGMT_OP_SET_PAIRABLE:
4e51eae9 2287 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
c542a06c 2288 break;
2aeb9a1a 2289 case MGMT_OP_ADD_UUID:
4e51eae9 2290 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a
JH		 2291 break;
2292 case MGMT_OP_REMOVE_UUID:
4e51eae9 2293 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a 2294 break;
1aff6f09 2295 case MGMT_OP_SET_DEV_CLASS:
4e51eae9 2296 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1aff6f09 2297 break;
86742e1e
JH		 2298 case MGMT_OP_LOAD_LINK_KEYS:
2299 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 2300 break;
86742e1e
JH		 2301 case MGMT_OP_REMOVE_KEYS:
2302 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 2303 break;
8962ee74 2304 case MGMT_OP_DISCONNECT:
4e51eae9 2305 err = disconnect(sk, index, buf + sizeof(*hdr), len);
8962ee74 2306 break;
2784eb41 2307 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2308 err = get_connections(sk, index);
2784eb41 2309 break;
980e1a53 2310 case MGMT_OP_PIN_CODE_REPLY:
4e51eae9 2311 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53
JH		 2312 break;
2313 case MGMT_OP_PIN_CODE_NEG_REPLY:
4e51eae9 2314 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53 2315 break;
17fa4b9d 2316 case MGMT_OP_SET_IO_CAPABILITY:
4e51eae9 2317 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
17fa4b9d 2318 break;
e9a416b5 2319 case MGMT_OP_PAIR_DEVICE:
4e51eae9 2320 err = pair_device(sk, index, buf + sizeof(*hdr), len);
e9a416b5 2321 break;
28424707
JH		 2322 case MGMT_OP_CANCEL_PAIR_DEVICE:
2323 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2324 break;
a5c29683 2325 case MGMT_OP_USER_CONFIRM_REPLY:
0df4c185 2326 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
a5c29683
JH		 2327 break;
2328 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
0df4c185
BG		 2329 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2330 len);
a5c29683 2331 break;
604086b7
BG		 2332 case MGMT_OP_USER_PASSKEY_REPLY:
2333 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2334 break;
2335 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2336 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2337 len);
a5c29683 2338 break;
b312b161
JH		 2339 case MGMT_OP_SET_LOCAL_NAME:
2340 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2341 break;
c35938b2
SJ		 2342 case MGMT_OP_READ_LOCAL_OOB_DATA:
2343 err = read_local_oob_data(sk, index);
2344 break;
2763eda6
SJ		 2345 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2346 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2347 break;
2348 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2349 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2350 len);
2351 break;
14a53664 2352 case MGMT_OP_START_DISCOVERY:
450dfdaf 2353 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
14a53664
JH		 2354 break;
2355 case MGMT_OP_STOP_DISCOVERY:
2356 err = stop_discovery(sk, index);
2357 break;
561aafbc
JH		 2358 case MGMT_OP_CONFIRM_NAME:
2359 err = confirm_name(sk, index, buf + sizeof(*hdr), len);
2360 break;
7fbec224
AJ		 2361 case MGMT_OP_BLOCK_DEVICE:
2362 err = block_device(sk, index, buf + sizeof(*hdr), len);
2363 break;
2364 case MGMT_OP_UNBLOCK_DEVICE:
2365 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2366 break;
0381101f
JH		 2367 default:
2368 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2369 err = cmd_status(sk, index, opcode,
2370 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2371 break;
2372 }
2373
e41d8b4e
JH		 2374 if (err < 0)
2375 goto done;
2376
0381101f
JH		 2377 err = msglen;
2378
2379done:
2380 kfree(buf);
2381 return err;
2382}
c71e97bf 2383
b24752fe
JH		 2384static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2385{
2386 u8 *status = data;
2387
2388 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2389 mgmt_pending_remove(cmd);
2390}
2391
744cf19e 2392int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2393{
744cf19e 2394 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2395}
2396
744cf19e 2397int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2398{
b24752fe
JH		 2399 u8 status = ENODEV;
2400
744cf19e 2401 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2402
744cf19e 2403 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2404}
2405
73f22f62 2406struct cmd_lookup {
72a734ec 2407 u8 val;
eec8d2bc 2408 struct sock *sk;
69ab39ea 2409 struct hci_dev *hdev;
eec8d2bc
JH		 2410};
2411
69ab39ea 2412static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2413{
73f22f62 2414 struct cmd_lookup *match = data;
eec8d2bc 2415
69ab39ea 2416 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2417
2418 list_del(&cmd->list);
2419
2420 if (match->sk == NULL) {
2421 match->sk = cmd->sk;
2422 sock_hold(match->sk);
2423 }
2424
2425 mgmt_pending_free(cmd);
c71e97bf 2426}
5add6af8 2427
744cf19e 2428int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2429{
69ab39ea
JH		 2430 struct cmd_lookup match = { powered, NULL, hdev };
2431 __le32 ev;
eec8d2bc 2432 int ret;
5add6af8 2433
69ab39ea 2434 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2435
b24752fe
JH		 2436 if (!powered) {
2437 u8 status = ENETDOWN;
744cf19e 2438 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2439 }
2440
69ab39ea 2441 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2442
69ab39ea
JH		 2443 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2444 match.sk);
eec8d2bc
JH		 2445
2446 if (match.sk)
2447 sock_put(match.sk);
2448
2449 return ret;
5add6af8 2450}
73f22f62 2451
744cf19e 2452int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2453{
69ab39ea
JH		 2454 struct cmd_lookup match = { discoverable, NULL, hdev };
2455 __le32 ev;
73f22f62
JH		 2456 int ret;
2457
69ab39ea 2458 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2459
69ab39ea 2460 ev = cpu_to_le32(get_current_settings(hdev));
73f22f62 2461
69ab39ea 2462 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2463 match.sk);
73f22f62
JH		 2464 if (match.sk)
2465 sock_put(match.sk);
2466
2467 return ret;
2468}
9fbcbb45 2469
744cf19e 2470int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2471{
69ab39ea
JH		 2472 __le32 ev;
2473 struct cmd_lookup match = { connectable, NULL, hdev };
9fbcbb45
JH		 2474 int ret;
2475
69ab39ea
JH		 2476 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2477 &match);
9fbcbb45 2478
69ab39ea 2479 ev = cpu_to_le32(get_current_settings(hdev));
9fbcbb45 2480
69ab39ea 2481 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2482
2483 if (match.sk)
2484 sock_put(match.sk);
2485
2486 return ret;
2487}
55ed8ca1 2488
744cf19e 2489int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2490{
ca69b795
JH		 2491 u8 mgmt_err = mgmt_status(status);
2492
2d7cee58 2493 if (scan & SCAN_PAGE)
744cf19e 2494 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2495 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2496
2497 if (scan & SCAN_INQUIRY)
744cf19e 2498 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2499 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2500
2501 return 0;
2502}
2503
744cf19e
JH		 2504int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2505 u8 persistent)
55ed8ca1 2506{
86742e1e 2507 struct mgmt_ev_new_link_key ev;
55ed8ca1 2508
a492cd52 2509 memset(&ev, 0, sizeof(ev));
55ed8ca1 2510
a492cd52
VCG		 2511 ev.store_hint = persistent;
2512 bacpy(&ev.key.bdaddr, &key->bdaddr);
2513 ev.key.type = key->type;
2514 memcpy(ev.key.val, key->val, 16);
2515 ev.key.pin_len = key->pin_len;
55ed8ca1 2516
744cf19e 2517 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2518}
f7520543 2519
afc747a6 2520int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 2521 u8 addr_type, u8 *name, u8 name_len,
2522 u8 *dev_class)
f7520543 2523{
b644ba33
JH		 2524 char buf[512];
2525 struct mgmt_ev_device_connected *ev = (void *) buf;
2526 u16 eir_len = 0;
f7520543 2527
b644ba33
JH		 2528 bacpy(&ev->addr.bdaddr, bdaddr);
2529 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2530
b644ba33
JH		 2531 if (name_len > 0)
2532 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2533 name, name_len);
2534
2535 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2536 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2537 EIR_CLASS_OF_DEV, dev_class, 3);
2538
2539 put_unaligned_le16(eir_len, &ev->eir_len);
2540
2541 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2542 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2543}
2544
8962ee74
JH		 2545static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2546{
c68fb7ff 2547 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2548 struct sock **sk = data;
a38528f1 2549 struct mgmt_rp_disconnect rp;
8962ee74 2550
a38528f1 2551 bacpy(&rp.bdaddr, &cp->bdaddr);
37d9ef76 2552 rp.status = 0;
8962ee74 2553
4e51eae9 2554 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2555
2556 *sk = cmd->sk;
2557 sock_hold(*sk);
2558
a664b5bc 2559 mgmt_pending_remove(cmd);
8962ee74
JH		 2560}
2561
a8a1d19e
JH		 2562static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2563{
2564 u8 *status = data;
2565 struct mgmt_cp_remove_keys *cp = cmd->param;
2566 struct mgmt_rp_remove_keys rp;
2567
2568 memset(&rp, 0, sizeof(rp));
2569 bacpy(&rp.bdaddr, &cp->bdaddr);
2570 if (status != NULL)
2571 rp.status = *status;
2572
2573 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2574 sizeof(rp));
2575
2576 mgmt_pending_remove(cmd);
2577}
2578
afc747a6
JH		 2579int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2580 u8 link_type, u8 addr_type)
f7520543 2581{
4c659c39 2582 struct mgmt_addr_info ev;
8962ee74
JH		 2583 struct sock *sk = NULL;
2584 int err;
2585
744cf19e 2586 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2587
f7520543 2588 bacpy(&ev.bdaddr, bdaddr);
48264f06 2589 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2590
afc747a6
JH		 2591 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2592 sk);
8962ee74
JH		 2593
2594 if (sk)
2595 sock_put(sk);
2596
a8a1d19e
JH		 2597 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2598
8962ee74
JH		 2599 return err;
2600}
2601
37d9ef76 2602int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
8962ee74
JH		 2603{
2604 struct pending_cmd *cmd;
ca69b795 2605 u8 mgmt_err = mgmt_status(status);
8962ee74
JH		 2606 int err;
2607
2e58ef3e 2608 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2609 if (!cmd)
2610 return -ENOENT;
2611
37d9ef76
JH		 2612 if (bdaddr) {
2613 struct mgmt_rp_disconnect rp;
2614
2615 bacpy(&rp.bdaddr, bdaddr);
2616 rp.status = status;
2617
2618 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2619 &rp, sizeof(rp));
2620 } else
2621 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 2622 mgmt_err);
8962ee74 2623
a664b5bc 2624 mgmt_pending_remove(cmd);
8962ee74
JH		 2625
2626 return err;
f7520543 2627}
17d5c04c 2628
48264f06
JH		 2629int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2630 u8 addr_type, u8 status)
17d5c04c
JH		 2631{
2632 struct mgmt_ev_connect_failed ev;
2633
4c659c39 2634 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2635 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2636 ev.status = mgmt_status(status);
17d5c04c 2637
744cf19e 2638 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2639}
980e1a53 2640
744cf19e 2641int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2642{
2643 struct mgmt_ev_pin_code_request ev;
2644
980e1a53 2645 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2646 ev.secure = secure;
980e1a53 2647
744cf19e 2648 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2649 NULL);
980e1a53
JH		 2650}
2651
744cf19e
JH		 2652int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2653 u8 status)
980e1a53
JH		 2654{
2655 struct pending_cmd *cmd;
ac56fb13 2656 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2657 int err;
2658
2e58ef3e 2659 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2660 if (!cmd)
2661 return -ENOENT;
2662
ac56fb13 2663 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2664 rp.status = mgmt_status(status);
ac56fb13 2665
744cf19e 2666 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2667 sizeof(rp));
980e1a53 2668
a664b5bc 2669 mgmt_pending_remove(cmd);
980e1a53
JH		 2670
2671 return err;
2672}
2673
744cf19e
JH		 2674int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2675 u8 status)
980e1a53
JH		 2676{
2677 struct pending_cmd *cmd;
ac56fb13 2678 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2679 int err;
2680
2e58ef3e 2681 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2682 if (!cmd)
2683 return -ENOENT;
2684
ac56fb13 2685 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2686 rp.status = mgmt_status(status);
ac56fb13 2687
744cf19e 2688 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2689 sizeof(rp));
980e1a53 2690
a664b5bc 2691 mgmt_pending_remove(cmd);
980e1a53
JH		 2692
2693 return err;
2694}
a5c29683 2695
744cf19e
JH		 2696int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2697 __le32 value, u8 confirm_hint)
a5c29683
JH		 2698{
2699 struct mgmt_ev_user_confirm_request ev;
2700
744cf19e 2701 BT_DBG("%s", hdev->name);
a5c29683 2702
a5c29683 2703 bacpy(&ev.bdaddr, bdaddr);
55bc1a37 2704 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2705 put_unaligned_le32(value, &ev.value);
2706
744cf19e 2707 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2708 NULL);
a5c29683
JH		 2709}
2710
604086b7
BG		 2711int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2712{
2713 struct mgmt_ev_user_passkey_request ev;
2714
2715 BT_DBG("%s", hdev->name);
2716
2717 bacpy(&ev.bdaddr, bdaddr);
2718
2719 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2720 NULL);
2721}
2722
0df4c185 2723static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
744cf19e 2724 u8 status, u8 opcode)
a5c29683
JH		 2725{
2726 struct pending_cmd *cmd;
2727 struct mgmt_rp_user_confirm_reply rp;
2728 int err;
2729
2e58ef3e 2730 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2731 if (!cmd)
2732 return -ENOENT;
2733
a5c29683 2734 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2735 rp.status = mgmt_status(status);
744cf19e 2736 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2737
a664b5bc 2738 mgmt_pending_remove(cmd);
a5c29683
JH		 2739
2740 return err;
2741}
2742
744cf19e
JH		 2743int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2744 u8 status)
a5c29683 2745{
0df4c185 2746 return user_pairing_resp_complete(hdev, bdaddr, status,
a5c29683
JH		 2747 MGMT_OP_USER_CONFIRM_REPLY);
2748}
2749
744cf19e
JH		 2750int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2751 bdaddr_t *bdaddr, u8 status)
a5c29683 2752{
0df4c185 2753 return user_pairing_resp_complete(hdev, bdaddr, status,
a5c29683
JH		 2754 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2755}
2a611692 2756
604086b7
BG		 2757int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2758 u8 status)
2759{
2760 return user_pairing_resp_complete(hdev, bdaddr, status,
2761 MGMT_OP_USER_PASSKEY_REPLY);
2762}
2763
2764int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2765 bdaddr_t *bdaddr, u8 status)
2766{
2767 return user_pairing_resp_complete(hdev, bdaddr, status,
2768 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2769}
2770
744cf19e 2771int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2a611692
JH		 2772{
2773 struct mgmt_ev_auth_failed ev;
2774
2a611692 2775 bacpy(&ev.bdaddr, bdaddr);
ca69b795 2776 ev.status = mgmt_status(status);
2a611692 2777
744cf19e 2778 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2779}
b312b161 2780
744cf19e 2781int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2782{
2783 struct pending_cmd *cmd;
2784 struct mgmt_cp_set_local_name ev;
2785 int err;
2786
2787 memset(&ev, 0, sizeof(ev));
2788 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2789
2e58ef3e 2790 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2791 if (!cmd)
2792 goto send_event;
2793
2794 if (status) {
744cf19e 2795 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 2796 mgmt_status(status));
b312b161
JH		 2797 goto failed;
2798 }
2799
744cf19e 2800 update_eir(hdev);
80a1e1db 2801
744cf19e 2802 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2803 sizeof(ev));
2804 if (err < 0)
2805 goto failed;
2806
2807send_event:
744cf19e 2808 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2809 cmd ? cmd->sk : NULL);
2810
2811failed:
2812 if (cmd)
2813 mgmt_pending_remove(cmd);
2814 return err;
2815}
c35938b2 2816
744cf19e
JH		 2817int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2818 u8 *randomizer, u8 status)
c35938b2
SJ		 2819{
2820 struct pending_cmd *cmd;
2821 int err;
2822
744cf19e 2823 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2824
2e58ef3e 2825 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2826 if (!cmd)
2827 return -ENOENT;
2828
2829 if (status) {
744cf19e 2830 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 2831 MGMT_OP_READ_LOCAL_OOB_DATA,
2832 mgmt_status(status));
c35938b2
SJ		 2833 } else {
2834 struct mgmt_rp_read_local_oob_data rp;
2835
2836 memcpy(rp.hash, hash, sizeof(rp.hash));
2837 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2838
744cf19e
JH		 2839 err = cmd_complete(cmd->sk, hdev->id,
2840 MGMT_OP_READ_LOCAL_OOB_DATA,
2841 &rp, sizeof(rp));
c35938b2
SJ		 2842 }
2843
2844 mgmt_pending_remove(cmd);
2845
2846 return err;
2847}
e17acd40 2848
48264f06 2849int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 2850 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 2851 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 2852{
e319d2e7
JH		 2853 char buf[512];
2854 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 2855 size_t ev_size;
e17acd40 2856
1dc06093
JH		 2857 /* Leave 5 bytes for a potential CoD field */
2858 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 2859 return -EINVAL;
2860
1dc06093
JH		 2861 memset(buf, 0, sizeof(buf));
2862
e319d2e7
JH		 2863 bacpy(&ev->addr.bdaddr, bdaddr);
2864 ev->addr.type = link_to_mgmt(link_type, addr_type);
2865 ev->rssi = rssi;
2866 ev->confirm_name = cfm_name;
e17acd40 2867
1dc06093 2868 if (eir_len > 0)
e319d2e7 2869 memcpy(ev->eir, eir, eir_len);
e17acd40 2870
1dc06093
JH		 2871 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2872 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
2873 dev_class, 3);
2874
2875 put_unaligned_le16(eir_len, &ev->eir_len);
2876
2877 ev_size = sizeof(*ev) + eir_len;
f8523598 2878
e319d2e7 2879 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 2880}
a88a9652 2881
b644ba33
JH		 2882int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2883 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 2884{
b644ba33
JH		 2885 struct mgmt_ev_device_found *ev;
2886 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
2887 u16 eir_len;
a88a9652 2888
b644ba33 2889 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 2890
b644ba33
JH		 2891 memset(buf, 0, sizeof(buf));
2892
2893 bacpy(&ev->addr.bdaddr, bdaddr);
2894 ev->addr.type = link_to_mgmt(link_type, addr_type);
2895 ev->rssi = rssi;
2896
2897 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
2898 name_len);
2899
2900 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 2901
b644ba33 2902 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
a88a9652 2903}
314b2381 2904
7a135109 2905int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2906{
2907 struct pending_cmd *cmd;
2908 int err;
2909
2e58ef3e 2910 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 2911 if (!cmd)
2912 return -ENOENT;
2913
ca69b795 2914 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 2915 mgmt_pending_remove(cmd);
2916
2917 return err;
2918}
2919
e6d465cb
AG		 2920int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2921{
2922 struct pending_cmd *cmd;
2923 int err;
2924
2925 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2926 if (!cmd)
2927 return -ENOENT;
2928
e75a8b0c 2929 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 2930 mgmt_pending_remove(cmd);
2931
2932 return err;
2933}
2934
744cf19e 2935int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 2936{
164a6e78
JH		 2937 struct pending_cmd *cmd;
2938
2939 if (discovering)
2e58ef3e 2940 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 2941 else
2e58ef3e 2942 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 2943
2944 if (cmd != NULL) {
744cf19e 2945 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 2946 mgmt_pending_remove(cmd);
2947 }
2948
744cf19e 2949 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 2950 sizeof(discovering), NULL);
2951}
5e762444 2952
744cf19e 2953int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2954{
2955 struct pending_cmd *cmd;
2956 struct mgmt_ev_device_blocked ev;
2957
2e58ef3e 2958 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444
AJ		 2959
2960 bacpy(&ev.bdaddr, bdaddr);
2961
744cf19e
JH		 2962 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2963 cmd ? cmd->sk : NULL);
5e762444
AJ		 2964}
2965
744cf19e 2966int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2967{
2968 struct pending_cmd *cmd;
2969 struct mgmt_ev_device_unblocked ev;
2970
2e58ef3e 2971 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444
AJ		 2972
2973 bacpy(&ev.bdaddr, bdaddr);
2974
744cf19e
JH		 2975 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2976 cmd ? cmd->sk : NULL);
5e762444 2977}
ubuntu-zesty-kernel mirror