]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: btusb: Remove device lock on release
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
ca69b795 25#include <linux/kernel.h>
72359753 26#include <linux/uaccess.h>
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
02d98129
JH		 35#define MGMT_VERSION 0
36#define MGMT_REVISION 1
37
3fd24153
AG		 38/*
39 * These LE scan and inquiry parameters were chosen according to LE General
40 * Discovery Procedure specification.
41 */
42#define LE_SCAN_TYPE 0x01
43#define LE_SCAN_WIN 0x12
44#define LE_SCAN_INT 0x12
45#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
46
e8777525 47#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
2519a1fc 48
7d78525d
JH		 49#define SERVICE_CACHE_TIMEOUT (5 * 1000)
50
eec8d2bc
JH		 51struct pending_cmd {
52 struct list_head list;
fc2f4b13 53 u16 opcode;
eec8d2bc 54 int index;
c68fb7ff 55 void *param;
eec8d2bc 56 struct sock *sk;
e9a416b5 57 void *user_data;
eec8d2bc
JH		 58};
59
ca69b795
JH		 60/* HCI to MGMT error code conversion table */
61static u8 mgmt_status_table[] = {
62 MGMT_STATUS_SUCCESS,
63 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
64 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
65 MGMT_STATUS_FAILED, /* Hardware Failure */
66 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
67 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
68 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
69 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
70 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
71 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
72 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
73 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
74 MGMT_STATUS_BUSY, /* Command Disallowed */
75 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
76 MGMT_STATUS_REJECTED, /* Rejected Security */
77 MGMT_STATUS_REJECTED, /* Rejected Personal */
78 MGMT_STATUS_TIMEOUT, /* Host Timeout */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
80 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
81 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
82 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
83 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
84 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
85 MGMT_STATUS_BUSY, /* Repeated Attempts */
86 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
87 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
88 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
89 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
90 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
91 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
92 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
93 MGMT_STATUS_FAILED, /* Unspecified Error */
94 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
95 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
96 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
97 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
98 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
99 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
100 MGMT_STATUS_FAILED, /* Unit Link Key Used */
101 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
102 MGMT_STATUS_TIMEOUT, /* Instant Passed */
103 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
104 MGMT_STATUS_FAILED, /* Transaction Collision */
105 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
106 MGMT_STATUS_REJECTED, /* QoS Rejected */
107 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
108 MGMT_STATUS_REJECTED, /* Insufficient Security */
109 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
110 MGMT_STATUS_BUSY, /* Role Switch Pending */
111 MGMT_STATUS_FAILED, /* Slot Violation */
112 MGMT_STATUS_FAILED, /* Role Switch Failed */
113 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
114 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
115 MGMT_STATUS_BUSY, /* Host Busy Pairing */
116 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
117 MGMT_STATUS_BUSY, /* Controller Busy */
118 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
119 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
120 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
121 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
122 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
123};
124
125static u8 mgmt_status(u8 hci_status)
126{
127 if (hci_status < ARRAY_SIZE(mgmt_status_table))
128 return mgmt_status_table[hci_status];
129
130 return MGMT_STATUS_FAILED;
131}
132
4e51eae9 133static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 134{
135 struct sk_buff *skb;
136 struct mgmt_hdr *hdr;
137 struct mgmt_ev_cmd_status *ev;
56b7d137 138 int err;
f7b64e69 139
34eb525c 140 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 141
142 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
143 if (!skb)
144 return -ENOMEM;
145
146 hdr = (void *) skb_put(skb, sizeof(*hdr));
147
148 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 149 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 150 hdr->len = cpu_to_le16(sizeof(*ev));
151
152 ev = (void *) skb_put(skb, sizeof(*ev));
153 ev->status = status;
154 put_unaligned_le16(cmd, &ev->opcode);
155
56b7d137
GP		 156 err = sock_queue_rcv_skb(sk, skb);
157 if (err < 0)
f7b64e69
JH		 158 kfree_skb(skb);
159
56b7d137 160 return err;
f7b64e69
JH		 161}
162
4e51eae9
SJ		 163static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
164 size_t rp_len)
02d98129
JH		 165{
166 struct sk_buff *skb;
167 struct mgmt_hdr *hdr;
168 struct mgmt_ev_cmd_complete *ev;
56b7d137 169 int err;
02d98129
JH		 170
171 BT_DBG("sock %p", sk);
172
a38528f1 173 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 174 if (!skb)
175 return -ENOMEM;
176
177 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 178
a38528f1 179 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 180 hdr->index = cpu_to_le16(index);
a38528f1 181 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 182
a38528f1
JH		 183 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
184 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 185
186 if (rp)
187 memcpy(ev->data, rp, rp_len);
02d98129 188
56b7d137
GP		 189 err = sock_queue_rcv_skb(sk, skb);
190 if (err < 0)
02d98129
JH		 191 kfree_skb(skb);
192
56b7d137 193 return err;;
02d98129
JH		 194}
195
a38528f1
JH		 196static int read_version(struct sock *sk)
197{
198 struct mgmt_rp_read_version rp;
199
200 BT_DBG("sock %p", sk);
201
202 rp.version = MGMT_VERSION;
203 put_unaligned_le16(MGMT_REVISION, &rp.revision);
204
4e51eae9
SJ		 205 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
206 sizeof(rp));
a38528f1
JH		 207}
208
faba42eb
JH		 209static int read_index_list(struct sock *sk)
210{
faba42eb
JH		 211 struct mgmt_rp_read_index_list *rp;
212 struct list_head *p;
8035ded4 213 struct hci_dev *d;
a38528f1 214 size_t rp_len;
faba42eb 215 u16 count;
a38528f1 216 int i, err;
faba42eb
JH		 217
218 BT_DBG("sock %p", sk);
219
220 read_lock(&hci_dev_list_lock);
221
222 count = 0;
223 list_for_each(p, &hci_dev_list) {
224 count++;
225 }
226
a38528f1
JH		 227 rp_len = sizeof(*rp) + (2 * count);
228 rp = kmalloc(rp_len, GFP_ATOMIC);
229 if (!rp) {
b2c60d42 230 read_unlock(&hci_dev_list_lock);
faba42eb 231 return -ENOMEM;
b2c60d42 232 }
faba42eb 233
faba42eb
JH		 234 put_unaligned_le16(count, &rp->num_controllers);
235
236 i = 0;
8035ded4 237 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 238 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
e0f9309f 239 cancel_delayed_work(&d->power_off);
ab81cbf9 240
a8b2d5c2 241 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 242 continue;
243
faba42eb
JH		 244 put_unaligned_le16(d->id, &rp->index[i++]);
245 BT_DBG("Added hci%u", d->id);
246 }
247
248 read_unlock(&hci_dev_list_lock);
249
4e51eae9
SJ		 250 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
251 rp_len);
faba42eb 252
a38528f1
JH		 253 kfree(rp);
254
255 return err;
faba42eb
JH		 256}
257
69ab39ea
JH		 258static u32 get_supported_settings(struct hci_dev *hdev)
259{
260 u32 settings = 0;
261
262 settings |= MGMT_SETTING_POWERED;
263 settings |= MGMT_SETTING_CONNECTABLE;
264 settings |= MGMT_SETTING_FAST_CONNECTABLE;
265 settings |= MGMT_SETTING_DISCOVERABLE;
266 settings |= MGMT_SETTING_PAIRABLE;
267
268 if (hdev->features[6] & LMP_SIMPLE_PAIR)
269 settings |= MGMT_SETTING_SSP;
270
271 if (!(hdev->features[4] & LMP_NO_BREDR)) {
272 settings |= MGMT_SETTING_BREDR;
273 settings |= MGMT_SETTING_LINK_SECURITY;
274 }
275
276 if (hdev->features[4] & LMP_LE)
277 settings |= MGMT_SETTING_LE;
278
279 return settings;
280}
281
282static u32 get_current_settings(struct hci_dev *hdev)
283{
284 u32 settings = 0;
285
286 if (test_bit(HCI_UP, &hdev->flags))
287 settings |= MGMT_SETTING_POWERED;
288 else
289 return settings;
290
291 if (test_bit(HCI_PSCAN, &hdev->flags))
292 settings |= MGMT_SETTING_CONNECTABLE;
293
294 if (test_bit(HCI_ISCAN, &hdev->flags))
295 settings |= MGMT_SETTING_DISCOVERABLE;
296
a8b2d5c2 297 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 298 settings |= MGMT_SETTING_PAIRABLE;
299
300 if (!(hdev->features[4] & LMP_NO_BREDR))
301 settings |= MGMT_SETTING_BREDR;
302
59e29406 303 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 304 settings |= MGMT_SETTING_LE;
305
306 if (test_bit(HCI_AUTH, &hdev->flags))
307 settings |= MGMT_SETTING_LINK_SECURITY;
308
84bde9d6 309 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 310 settings |= MGMT_SETTING_SSP;
311
312 return settings;
313}
314
ef580372
JH		 315#define PNP_INFO_SVCLASS_ID 0x1200
316
317static u8 bluetooth_base_uuid[] = {
318 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
319 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
320};
321
322static u16 get_uuid16(u8 *uuid128)
323{
324 u32 val;
325 int i;
326
327 for (i = 0; i < 12; i++) {
328 if (bluetooth_base_uuid[i] != uuid128[i])
329 return 0;
330 }
331
332 memcpy(&val, &uuid128[12], 4);
333
334 val = le32_to_cpu(val);
335 if (val > 0xffff)
336 return 0;
337
338 return (u16) val;
339}
340
341static void create_eir(struct hci_dev *hdev, u8 *data)
342{
343 u8 *ptr = data;
344 u16 eir_len = 0;
345 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
346 int i, truncated = 0;
347 struct bt_uuid *uuid;
348 size_t name_len;
349
350 name_len = strlen(hdev->dev_name);
351
352 if (name_len > 0) {
353 /* EIR Data type */
354 if (name_len > 48) {
355 name_len = 48;
356 ptr[1] = EIR_NAME_SHORT;
357 } else
358 ptr[1] = EIR_NAME_COMPLETE;
359
360 /* EIR Data length */
361 ptr[0] = name_len + 1;
362
363 memcpy(ptr + 2, hdev->dev_name, name_len);
364
365 eir_len += (name_len + 2);
366 ptr += (name_len + 2);
367 }
368
369 memset(uuid16_list, 0, sizeof(uuid16_list));
370
371 /* Group all UUID16 types */
372 list_for_each_entry(uuid, &hdev->uuids, list) {
373 u16 uuid16;
374
375 uuid16 = get_uuid16(uuid->uuid);
376 if (uuid16 == 0)
377 return;
378
379 if (uuid16 < 0x1100)
380 continue;
381
382 if (uuid16 == PNP_INFO_SVCLASS_ID)
383 continue;
384
385 /* Stop if not enough space to put next UUID */
386 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
387 truncated = 1;
388 break;
389 }
390
391 /* Check for duplicates */
392 for (i = 0; uuid16_list[i] != 0; i++)
393 if (uuid16_list[i] == uuid16)
394 break;
395
396 if (uuid16_list[i] == 0) {
397 uuid16_list[i] = uuid16;
398 eir_len += sizeof(u16);
399 }
400 }
401
402 if (uuid16_list[0] != 0) {
403 u8 *length = ptr;
404
405 /* EIR Data type */
406 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
407
408 ptr += 2;
409 eir_len += 2;
410
411 for (i = 0; uuid16_list[i] != 0; i++) {
412 *ptr++ = (uuid16_list[i] & 0x00ff);
413 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
414 }
415
416 /* EIR Data length */
417 *length = (i * sizeof(u16)) + 1;
418 }
419}
420
421static int update_eir(struct hci_dev *hdev)
422{
423 struct hci_cp_write_eir cp;
424
425 if (!(hdev->features[6] & LMP_EXT_INQ))
426 return 0;
427
84bde9d6 428 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 429 return 0;
430
a8b2d5c2 431 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 432 return 0;
433
434 memset(&cp, 0, sizeof(cp));
435
436 create_eir(hdev, cp.data);
437
438 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
439 return 0;
440
441 memcpy(hdev->eir, cp.data, sizeof(cp.data));
442
443 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
444}
445
446static u8 get_service_classes(struct hci_dev *hdev)
447{
448 struct bt_uuid *uuid;
449 u8 val = 0;
450
451 list_for_each_entry(uuid, &hdev->uuids, list)
452 val |= uuid->svc_hint;
453
454 return val;
455}
456
457static int update_class(struct hci_dev *hdev)
458{
459 u8 cod[3];
460
461 BT_DBG("%s", hdev->name);
462
a8b2d5c2 463 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 464 return 0;
465
466 cod[0] = hdev->minor_class;
467 cod[1] = hdev->major_class;
468 cod[2] = get_service_classes(hdev);
469
470 if (memcmp(cod, hdev->dev_class, 3) == 0)
471 return 0;
472
473 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
474}
475
7d78525d
JH		 476static void service_cache_off(struct work_struct *work)
477{
478 struct hci_dev *hdev = container_of(work, struct hci_dev,
479 service_cache.work);
480
a8b2d5c2 481 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 482 return;
483
484 hci_dev_lock(hdev);
485
486 update_eir(hdev);
487 update_class(hdev);
488
489 hci_dev_unlock(hdev);
490}
491
492static void mgmt_init_hdev(struct hci_dev *hdev)
493{
a8b2d5c2 494 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
7d78525d
JH		 495 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
496
a8b2d5c2 497 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 498 schedule_delayed_work(&hdev->service_cache,
499 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
500}
501
4e51eae9 502static int read_controller_info(struct sock *sk, u16 index)
0381101f 503{
a38528f1 504 struct mgmt_rp_read_info rp;
f7b64e69 505 struct hci_dev *hdev;
0381101f 506
4e51eae9 507 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 508
4e51eae9 509 hdev = hci_dev_get(index);
a38528f1 510 if (!hdev)
ca69b795
JH		 511 return cmd_status(sk, index, MGMT_OP_READ_INFO,
512 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 513
a8b2d5c2 514 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3243553f 515 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 516
09fd0de5 517 hci_dev_lock(hdev);
f7b64e69 518
7d78525d
JH		 519 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
520 mgmt_init_hdev(hdev);
ebc99feb 521
dc4fe30b
JH		 522 memset(&rp, 0, sizeof(rp));
523
69ab39ea 524 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 525
69ab39ea 526 rp.version = hdev->hci_ver;
f7b64e69 527
69ab39ea
JH		 528 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
529
530 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
531 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 532
a38528f1 533 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 534
dc4fe30b
JH		 535 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
536
09fd0de5 537 hci_dev_unlock(hdev);
f7b64e69 538 hci_dev_put(hdev);
0381101f 539
4e51eae9 540 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 541}
542
eec8d2bc
JH		 543static void mgmt_pending_free(struct pending_cmd *cmd)
544{
545 sock_put(cmd->sk);
c68fb7ff 546 kfree(cmd->param);
eec8d2bc
JH		 547 kfree(cmd);
548}
549
366a0336 550static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 551 struct hci_dev *hdev,
552 void *data, u16 len)
eec8d2bc
JH		 553{
554 struct pending_cmd *cmd;
555
556 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
557 if (!cmd)
366a0336 558 return NULL;
eec8d2bc
JH		 559
560 cmd->opcode = opcode;
2e58ef3e 561 cmd->index = hdev->id;
eec8d2bc 562
c68fb7ff
SJ		 563 cmd->param = kmalloc(len, GFP_ATOMIC);
564 if (!cmd->param) {
eec8d2bc 565 kfree(cmd);
366a0336 566 return NULL;
eec8d2bc
JH		 567 }
568
8fce6357
SJ		 569 if (data)
570 memcpy(cmd->param, data, len);
eec8d2bc
JH		 571
572 cmd->sk = sk;
573 sock_hold(sk);
574
2e58ef3e 575 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 576
366a0336 577 return cmd;
eec8d2bc
JH		 578}
579
744cf19e 580static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 581 void (*cb)(struct pending_cmd *cmd, void *data),
582 void *data)
583{
584 struct list_head *p, *n;
585
2e58ef3e 586 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 587 struct pending_cmd *cmd;
588
589 cmd = list_entry(p, struct pending_cmd, list);
590
b24752fe 591 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 592 continue;
593
eec8d2bc
JH		 594 cb(cmd, data);
595 }
596}
597
2e58ef3e 598static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 599{
8035ded4 600 struct pending_cmd *cmd;
eec8d2bc 601
2e58ef3e 602 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 603 if (cmd->opcode == opcode)
604 return cmd;
eec8d2bc
JH		 605 }
606
607 return NULL;
608}
609
a664b5bc 610static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 611{
73f22f62
JH		 612 list_del(&cmd->list);
613 mgmt_pending_free(cmd);
614}
615
69ab39ea 616static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 617{
69ab39ea 618 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 619
69ab39ea 620 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
8680570b
JH		 621}
622
650f726d 623static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 624{
650f726d 625 struct mgmt_mode *cp = data;
eec8d2bc 626 struct hci_dev *hdev;
366a0336 627 struct pending_cmd *cmd;
366a0336 628 int err, up;
eec8d2bc 629
4e51eae9 630 BT_DBG("request for hci%u", index);
eec8d2bc 631
bdce7baf 632 if (len != sizeof(*cp))
ca69b795
JH		 633 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
634 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 635
4e51eae9 636 hdev = hci_dev_get(index);
eec8d2bc 637 if (!hdev)
ca69b795
JH		 638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 640
09fd0de5 641 hci_dev_lock(hdev);
eec8d2bc
JH		 642
643 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 644 if ((cp->val && up) || (!cp->val && !up)) {
69ab39ea 645 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 646 goto failed;
647 }
648
2e58ef3e 649 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 650 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
651 MGMT_STATUS_BUSY);
eec8d2bc
JH		 652 goto failed;
653 }
654
2e58ef3e 655 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 656 if (!cmd) {
657 err = -ENOMEM;
eec8d2bc 658 goto failed;
366a0336 659 }
eec8d2bc 660
72a734ec 661 if (cp->val)
7f971041 662 schedule_work(&hdev->power_on);
eec8d2bc 663 else
80b7ab33 664 schedule_work(&hdev->power_off.work);
eec8d2bc 665
366a0336 666 err = 0;
eec8d2bc
JH		 667
668failed:
09fd0de5 669 hci_dev_unlock(hdev);
eec8d2bc 670 hci_dev_put(hdev);
366a0336 671 return err;
eec8d2bc
JH		 672}
673
650f726d 674static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 675{
650f726d 676 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 677 struct hci_dev *hdev;
366a0336 678 struct pending_cmd *cmd;
73f22f62
JH		 679 u8 scan;
680 int err;
681
4e51eae9 682 BT_DBG("request for hci%u", index);
73f22f62 683
bdce7baf 684 if (len != sizeof(*cp))
ca69b795
JH		 685 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
686 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 687
4e51eae9 688 hdev = hci_dev_get(index);
73f22f62 689 if (!hdev)
ca69b795
JH		 690 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
691 MGMT_STATUS_INVALID_PARAMS);
73f22f62 692
09fd0de5 693 hci_dev_lock(hdev);
73f22f62
JH		 694
695 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 696 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
697 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 698 goto failed;
699 }
700
2e58ef3e
JH		 701 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
702 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 703 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
704 MGMT_STATUS_BUSY);
73f22f62
JH		 705 goto failed;
706 }
707
72a734ec 708 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 709 test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 710 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 711 goto failed;
712 }
713
2e58ef3e 714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 715 if (!cmd) {
716 err = -ENOMEM;
73f22f62 717 goto failed;
366a0336 718 }
73f22f62
JH		 719
720 scan = SCAN_PAGE;
721
72a734ec 722 if (cp->val)
73f22f62 723 scan |= SCAN_INQUIRY;
16ab91ab 724 else
e0f9309f 725 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 726
727 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
728 if (err < 0)
a664b5bc 729 mgmt_pending_remove(cmd);
73f22f62 730
16ab91ab
JH		 731 if (cp->val)
732 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
733
73f22f62 734failed:
09fd0de5 735 hci_dev_unlock(hdev);
73f22f62
JH		 736 hci_dev_put(hdev);
737
738 return err;
739}
740
650f726d 741static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 742{
650f726d 743 struct mgmt_mode *cp = data;
9fbcbb45 744 struct hci_dev *hdev;
366a0336 745 struct pending_cmd *cmd;
9fbcbb45
JH		 746 u8 scan;
747 int err;
748
4e51eae9 749 BT_DBG("request for hci%u", index);
9fbcbb45 750
bdce7baf 751 if (len != sizeof(*cp))
ca69b795
JH		 752 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
753 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 754
4e51eae9 755 hdev = hci_dev_get(index);
9fbcbb45 756 if (!hdev)
ca69b795
JH		 757 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
758 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 759
09fd0de5 760 hci_dev_lock(hdev);
9fbcbb45
JH		 761
762 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 763 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764 MGMT_STATUS_NOT_POWERED);
9fbcbb45
JH		 765 goto failed;
766 }
767
2e58ef3e
JH		 768 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
769 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 770 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
771 MGMT_STATUS_BUSY);
9fbcbb45
JH		 772 goto failed;
773 }
774
72a734ec 775 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 776 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
9fbcbb45 783 goto failed;
366a0336 784 }
9fbcbb45 785
72a734ec 786 if (cp->val)
9fbcbb45
JH		 787 scan = SCAN_PAGE;
788 else
789 scan = 0;
790
791 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
792 if (err < 0)
a664b5bc 793 mgmt_pending_remove(cmd);
9fbcbb45
JH		 794
795failed:
09fd0de5 796 hci_dev_unlock(hdev);
9fbcbb45
JH		 797 hci_dev_put(hdev);
798
799 return err;
800}
801
744cf19e
JH		 802static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
803 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 804{
805 struct sk_buff *skb;
806 struct mgmt_hdr *hdr;
807
808 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
809 if (!skb)
810 return -ENOMEM;
811
812 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
813
814 hdr = (void *) skb_put(skb, sizeof(*hdr));
815 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 816 if (hdev)
817 hdr->index = cpu_to_le16(hdev->id);
818 else
819 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 820 hdr->len = cpu_to_le16(data_len);
821
4e51eae9
SJ		 822 if (data)
823 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 824
825 hci_send_to_sock(NULL, skb, skip_sk);
826 kfree_skb(skb);
827
828 return 0;
829}
830
650f726d 831static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 832{
650f726d 833 struct mgmt_mode *cp = data;
c542a06c 834 struct hci_dev *hdev;
69ab39ea 835 __le32 ev;
c542a06c
JH		 836 int err;
837
4e51eae9 838 BT_DBG("request for hci%u", index);
c542a06c 839
bdce7baf 840 if (len != sizeof(*cp))
ca69b795
JH		 841 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
842 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 843
4e51eae9 844 hdev = hci_dev_get(index);
c542a06c 845 if (!hdev)
ca69b795
JH		 846 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
847 MGMT_STATUS_INVALID_PARAMS);
c542a06c 848
09fd0de5 849 hci_dev_lock(hdev);
c542a06c
JH		 850
851 if (cp->val)
a8b2d5c2 852 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 853 else
a8b2d5c2 854 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 855
69ab39ea 856 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 857 if (err < 0)
858 goto failed;
859
69ab39ea 860 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 861
69ab39ea 862 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 863
864failed:
09fd0de5 865 hci_dev_unlock(hdev);
c542a06c
JH		 866 hci_dev_put(hdev);
867
868 return err;
869}
870
650f726d 871static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 872{
650f726d 873 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 874 struct hci_dev *hdev;
875 struct bt_uuid *uuid;
2aeb9a1a
JH		 876 int err;
877
4e51eae9 878 BT_DBG("request for hci%u", index);
2aeb9a1a 879
bdce7baf 880 if (len != sizeof(*cp))
ca69b795
JH		 881 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
882 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 883
4e51eae9 884 hdev = hci_dev_get(index);
2aeb9a1a 885 if (!hdev)
ca69b795
JH		 886 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
887 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 888
09fd0de5 889 hci_dev_lock(hdev);
2aeb9a1a
JH		 890
891 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
892 if (!uuid) {
893 err = -ENOMEM;
894 goto failed;
895 }
896
897 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 898 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 899
900 list_add(&uuid->list, &hdev->uuids);
901
1aff6f09
JH		 902 err = update_class(hdev);
903 if (err < 0)
904 goto failed;
905
80a1e1db
JH		 906 err = update_eir(hdev);
907 if (err < 0)
908 goto failed;
909
4e51eae9 910 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 911
912failed:
09fd0de5 913 hci_dev_unlock(hdev);
2aeb9a1a
JH		 914 hci_dev_put(hdev);
915
916 return err;
917}
918
650f726d 919static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 920{
650f726d 921 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 922 struct list_head *p, *n;
2aeb9a1a
JH		 923 struct hci_dev *hdev;
924 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 925 int err, found;
926
4e51eae9 927 BT_DBG("request for hci%u", index);
2aeb9a1a 928
bdce7baf 929 if (len != sizeof(*cp))
ca69b795
JH		 930 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
931 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 932
4e51eae9 933 hdev = hci_dev_get(index);
2aeb9a1a 934 if (!hdev)
ca69b795
JH		 935 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
936 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 937
09fd0de5 938 hci_dev_lock(hdev);
2aeb9a1a
JH		 939
940 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
941 err = hci_uuids_clear(hdev);
942 goto unlock;
943 }
944
945 found = 0;
946
947 list_for_each_safe(p, n, &hdev->uuids) {
948 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
949
950 if (memcmp(match->uuid, cp->uuid, 16) != 0)
951 continue;
952
953 list_del(&match->list);
954 found++;
955 }
956
957 if (found == 0) {
ca69b795
JH		 958 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
959 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 960 goto unlock;
961 }
962
1aff6f09
JH		 963 err = update_class(hdev);
964 if (err < 0)
965 goto unlock;
966
80a1e1db
JH		 967 err = update_eir(hdev);
968 if (err < 0)
969 goto unlock;
970
4e51eae9 971 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 972
973unlock:
09fd0de5 974 hci_dev_unlock(hdev);
2aeb9a1a
JH		 975 hci_dev_put(hdev);
976
977 return err;
978}
979
650f726d 980static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 981{
982 struct hci_dev *hdev;
650f726d 983 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 984 int err;
985
4e51eae9 986 BT_DBG("request for hci%u", index);
1aff6f09 987
bdce7baf 988 if (len != sizeof(*cp))
ca69b795
JH		 989 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
990 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 991
4e51eae9 992 hdev = hci_dev_get(index);
1aff6f09 993 if (!hdev)
ca69b795
JH		 994 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
995 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 996
09fd0de5 997 hci_dev_lock(hdev);
1aff6f09
JH		 998
999 hdev->major_class = cp->major;
1000 hdev->minor_class = cp->minor;
1001
a8b2d5c2 1002 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1003 hci_dev_unlock(hdev);
1004 cancel_delayed_work_sync(&hdev->service_cache);
1005 hci_dev_lock(hdev);
14c0b608 1006 update_eir(hdev);
7d78525d 1007 }
14c0b608 1008
1aff6f09
JH		 1009 err = update_class(hdev);
1010
1011 if (err == 0)
4e51eae9 1012 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 1013
09fd0de5 1014 hci_dev_unlock(hdev);
1aff6f09
JH		 1015 hci_dev_put(hdev);
1016
1017 return err;
1018}
1019
650f726d 1020static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1021{
1022 struct hci_dev *hdev;
650f726d 1023 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1024 u16 key_count, expected_len;
a492cd52 1025 int i;
55ed8ca1 1026
bdce7baf 1027 if (len < sizeof(*cp))
ca69b795
JH		 1028 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1029 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1030
55ed8ca1
JH		 1031 key_count = get_unaligned_le16(&cp->key_count);
1032
86742e1e
JH		 1033 expected_len = sizeof(*cp) + key_count *
1034 sizeof(struct mgmt_link_key_info);
a492cd52 1035 if (expected_len != len) {
86742e1e 1036 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1037 len, expected_len);
ca69b795
JH		 1038 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1039 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1040 }
1041
4e51eae9 1042 hdev = hci_dev_get(index);
55ed8ca1 1043 if (!hdev)
ca69b795
JH		 1044 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1045 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1046
4e51eae9 1047 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1048 key_count);
1049
09fd0de5 1050 hci_dev_lock(hdev);
55ed8ca1
JH		 1051
1052 hci_link_keys_clear(hdev);
1053
a8b2d5c2 1054 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1055
1056 if (cp->debug_keys)
a8b2d5c2 1057 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1058 else
a8b2d5c2 1059 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1060
a492cd52 1061 for (i = 0; i < key_count; i++) {
86742e1e 1062 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1063
d25e28ab 1064 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 1065 key->pin_len);
1066 }
1067
0e5f875a
JH		 1068 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1069
09fd0de5 1070 hci_dev_unlock(hdev);
55ed8ca1
JH		 1071 hci_dev_put(hdev);
1072
a492cd52 1073 return 0;
55ed8ca1
JH		 1074}
1075
b1078ad0
JH		 1076static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1077 u8 addr_type, struct sock *skip_sk)
1078{
1079 struct mgmt_ev_device_unpaired ev;
1080
1081 bacpy(&ev.addr.bdaddr, bdaddr);
1082 ev.addr.type = addr_type;
1083
1084 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1085 skip_sk);
1086}
1087
124f6e35 1088static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1089{
1090 struct hci_dev *hdev;
124f6e35
JH		 1091 struct mgmt_cp_unpair_device *cp = data;
1092 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1093 struct hci_cp_disconnect dc;
1094 struct pending_cmd *cmd;
55ed8ca1 1095 struct hci_conn *conn;
55ed8ca1
JH		 1096 int err;
1097
bdce7baf 1098 if (len != sizeof(*cp))
124f6e35 1099 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1100 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1101
4e51eae9 1102 hdev = hci_dev_get(index);
55ed8ca1 1103 if (!hdev)
124f6e35 1104 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1105 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1106
09fd0de5 1107 hci_dev_lock(hdev);
55ed8ca1 1108
a8a1d19e 1109 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1110 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1111 rp.addr.type = cp->addr.type;
a8a1d19e 1112
124f6e35
JH		 1113 if (cp->addr.type == MGMT_ADDR_BREDR)
1114 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1115 else
1116 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1117
55ed8ca1 1118 if (err < 0) {
ca69b795 1119 rp.status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1120 goto unlock;
1121 }
1122
a8a1d19e 1123 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
124f6e35 1124 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
a8a1d19e 1125 sizeof(rp));
b1078ad0 1126 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1127 goto unlock;
a8a1d19e 1128 }
55ed8ca1 1129
124f6e35
JH		 1130 if (cp->addr.type == MGMT_ADDR_BREDR)
1131 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1132 &cp->addr.bdaddr);
1133 else
1134 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1135 &cp->addr.bdaddr);
1136
a8a1d19e 1137 if (!conn) {
124f6e35 1138 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
a8a1d19e 1139 sizeof(rp));
b1078ad0 1140 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1141 goto unlock;
1142 }
55ed8ca1 1143
124f6e35
JH		 1144 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1145 sizeof(*cp));
a8a1d19e
JH		 1146 if (!cmd) {
1147 err = -ENOMEM;
1148 goto unlock;
55ed8ca1
JH		 1149 }
1150
a8a1d19e
JH		 1151 put_unaligned_le16(conn->handle, &dc.handle);
1152 dc.reason = 0x13; /* Remote User Terminated Connection */
1153 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1154 if (err < 0)
1155 mgmt_pending_remove(cmd);
1156
55ed8ca1 1157unlock:
ca69b795 1158 if (err < 0)
124f6e35 1159 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
a8a1d19e 1160 sizeof(rp));
09fd0de5 1161 hci_dev_unlock(hdev);
55ed8ca1
JH		 1162 hci_dev_put(hdev);
1163
1164 return err;
1165}
1166
650f726d 1167static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1168{
1169 struct hci_dev *hdev;
650f726d 1170 struct mgmt_cp_disconnect *cp = data;
8962ee74 1171 struct hci_cp_disconnect dc;
366a0336 1172 struct pending_cmd *cmd;
8962ee74 1173 struct hci_conn *conn;
8962ee74
JH		 1174 int err;
1175
1176 BT_DBG("");
1177
bdce7baf 1178 if (len != sizeof(*cp))
ca69b795
JH		 1179 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1180 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1181
4e51eae9 1182 hdev = hci_dev_get(index);
8962ee74 1183 if (!hdev)
ca69b795
JH		 1184 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1185 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1186
09fd0de5 1187 hci_dev_lock(hdev);
8962ee74
JH		 1188
1189 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1190 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1191 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1192 goto failed;
1193 }
1194
2e58ef3e 1195 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1196 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1197 MGMT_STATUS_BUSY);
8962ee74
JH		 1198 goto failed;
1199 }
1200
88c3df13
JH		 1201 if (cp->addr.type == MGMT_ADDR_BREDR)
1202 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1203 else
1204 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1205
8962ee74 1206 if (!conn) {
ca69b795
JH		 1207 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1208 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1209 goto failed;
1210 }
1211
2e58ef3e 1212 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1213 if (!cmd) {
1214 err = -ENOMEM;
8962ee74 1215 goto failed;
366a0336 1216 }
8962ee74
JH		 1217
1218 put_unaligned_le16(conn->handle, &dc.handle);
1219 dc.reason = 0x13; /* Remote User Terminated Connection */
1220
1221 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1222 if (err < 0)
a664b5bc 1223 mgmt_pending_remove(cmd);
8962ee74
JH		 1224
1225failed:
09fd0de5 1226 hci_dev_unlock(hdev);
8962ee74
JH		 1227 hci_dev_put(hdev);
1228
1229 return err;
1230}
1231
48264f06 1232static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1233{
1234 switch (link_type) {
1235 case LE_LINK:
48264f06
JH		 1236 switch (addr_type) {
1237 case ADDR_LE_DEV_PUBLIC:
1238 return MGMT_ADDR_LE_PUBLIC;
1239 case ADDR_LE_DEV_RANDOM:
1240 return MGMT_ADDR_LE_RANDOM;
1241 default:
1242 return MGMT_ADDR_INVALID;
1243 }
4c659c39
JH		 1244 case ACL_LINK:
1245 return MGMT_ADDR_BREDR;
1246 default:
1247 return MGMT_ADDR_INVALID;
1248 }
1249}
1250
8ce6284e 1251static int get_connections(struct sock *sk, u16 index)
2784eb41 1252{
2784eb41
JH		 1253 struct mgmt_rp_get_connections *rp;
1254 struct hci_dev *hdev;
8035ded4 1255 struct hci_conn *c;
a38528f1 1256 size_t rp_len;
4e51eae9 1257 u16 count;
2784eb41
JH		 1258 int i, err;
1259
1260 BT_DBG("");
1261
4e51eae9 1262 hdev = hci_dev_get(index);
2784eb41 1263 if (!hdev)
ca69b795
JH		 1264 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1265 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1266
09fd0de5 1267 hci_dev_lock(hdev);
2784eb41
JH		 1268
1269 count = 0;
b644ba33
JH		 1270 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1271 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1272 count++;
2784eb41
JH		 1273 }
1274
4c659c39 1275 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1276 rp = kmalloc(rp_len, GFP_ATOMIC);
1277 if (!rp) {
2784eb41
JH		 1278 err = -ENOMEM;
1279 goto unlock;
1280 }
1281
2784eb41
JH		 1282 put_unaligned_le16(count, &rp->conn_count);
1283
2784eb41 1284 i = 0;
4c659c39 1285 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1286 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1287 continue;
4c659c39 1288 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1289 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1290 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1291 continue;
1292 i++;
1293 }
1294
1295 /* Recalculate length in case of filtered SCO connections, etc */
1296 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1297
4e51eae9 1298 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1299
1300unlock:
a38528f1 1301 kfree(rp);
09fd0de5 1302 hci_dev_unlock(hdev);
2784eb41
JH		 1303 hci_dev_put(hdev);
1304 return err;
1305}
1306
96d97a67
WR		 1307static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1308 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1309{
1310 struct pending_cmd *cmd;
1311 int err;
1312
2e58ef3e 1313 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1314 sizeof(*cp));
1315 if (!cmd)
1316 return -ENOMEM;
1317
1318 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1319 &cp->bdaddr);
1320 if (err < 0)
1321 mgmt_pending_remove(cmd);
1322
1323 return err;
1324}
1325
650f726d 1326static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1327{
1328 struct hci_dev *hdev;
96d97a67 1329 struct hci_conn *conn;
650f726d 1330 struct mgmt_cp_pin_code_reply *cp = data;
96d97a67 1331 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1332 struct hci_cp_pin_code_reply reply;
366a0336 1333 struct pending_cmd *cmd;
980e1a53
JH		 1334 int err;
1335
1336 BT_DBG("");
1337
bdce7baf 1338 if (len != sizeof(*cp))
ca69b795
JH		 1339 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1340 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1341
4e51eae9 1342 hdev = hci_dev_get(index);
980e1a53 1343 if (!hdev)
ca69b795
JH		 1344 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1345 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1346
09fd0de5 1347 hci_dev_lock(hdev);
980e1a53
JH		 1348
1349 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1350 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1351 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1352 goto failed;
1353 }
1354
96d97a67
WR		 1355 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1356 if (!conn) {
ca69b795
JH		 1357 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1358 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1359 goto failed;
1360 }
1361
1362 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1363 bacpy(&ncp.bdaddr, &cp->bdaddr);
1364
1365 BT_ERR("PIN code is not 16 bytes long");
1366
1367 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1368 if (err >= 0)
1369 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1370 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1371
1372 goto failed;
1373 }
1374
650f726d
VCG		 1375 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1376 len);
366a0336
JH		 1377 if (!cmd) {
1378 err = -ENOMEM;
980e1a53 1379 goto failed;
366a0336 1380 }
980e1a53
JH		 1381
1382 bacpy(&reply.bdaddr, &cp->bdaddr);
1383 reply.pin_len = cp->pin_len;
24718ca5 1384 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1385
1386 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1387 if (err < 0)
a664b5bc 1388 mgmt_pending_remove(cmd);
980e1a53
JH		 1389
1390failed:
09fd0de5 1391 hci_dev_unlock(hdev);
980e1a53
JH		 1392 hci_dev_put(hdev);
1393
1394 return err;
1395}
1396
650f726d 1397static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1398{
1399 struct hci_dev *hdev;
650f726d 1400 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1401 int err;
1402
1403 BT_DBG("");
1404
bdce7baf
SJ		 1405 if (len != sizeof(*cp))
1406 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1407 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1408
4e51eae9 1409 hdev = hci_dev_get(index);
980e1a53 1410 if (!hdev)
4e51eae9 1411 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1412 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1413
09fd0de5 1414 hci_dev_lock(hdev);
980e1a53
JH		 1415
1416 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1417 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1418 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1419 goto failed;
1420 }
1421
96d97a67 1422 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1423
1424failed:
09fd0de5 1425 hci_dev_unlock(hdev);
980e1a53
JH		 1426 hci_dev_put(hdev);
1427
1428 return err;
1429}
1430
650f726d 1431static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1432{
1433 struct hci_dev *hdev;
650f726d 1434 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1435
1436 BT_DBG("");
1437
bdce7baf 1438 if (len != sizeof(*cp))
ca69b795
JH		 1439 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1440 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1441
4e51eae9 1442 hdev = hci_dev_get(index);
17fa4b9d 1443 if (!hdev)
ca69b795
JH		 1444 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1445 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1446
09fd0de5 1447 hci_dev_lock(hdev);
17fa4b9d
JH		 1448
1449 hdev->io_capability = cp->io_capability;
1450
1451 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1452 hdev->io_capability);
17fa4b9d 1453
09fd0de5 1454 hci_dev_unlock(hdev);
17fa4b9d
JH		 1455 hci_dev_put(hdev);
1456
4e51eae9 1457 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1458}
1459
e9a416b5
JH		 1460static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1461{
1462 struct hci_dev *hdev = conn->hdev;
8035ded4 1463 struct pending_cmd *cmd;
e9a416b5 1464
2e58ef3e 1465 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1466 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1467 continue;
1468
e9a416b5
JH		 1469 if (cmd->user_data != conn)
1470 continue;
1471
1472 return cmd;
1473 }
1474
1475 return NULL;
1476}
1477
1478static void pairing_complete(struct pending_cmd *cmd, u8 status)
1479{
1480 struct mgmt_rp_pair_device rp;
1481 struct hci_conn *conn = cmd->user_data;
1482
ba4e564f
JH		 1483 bacpy(&rp.addr.bdaddr, &conn->dst);
1484 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5
JH		 1485 rp.status = status;
1486
4e51eae9 1487 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1488
1489 /* So we don't get further callbacks for this connection */
1490 conn->connect_cfm_cb = NULL;
1491 conn->security_cfm_cb = NULL;
1492 conn->disconn_cfm_cb = NULL;
1493
1494 hci_conn_put(conn);
1495
a664b5bc 1496 mgmt_pending_remove(cmd);
e9a416b5
JH		 1497}
1498
1499static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1500{
1501 struct pending_cmd *cmd;
1502
1503 BT_DBG("status %u", status);
1504
1505 cmd = find_pairing(conn);
56e5cb86 1506 if (!cmd)
e9a416b5 1507 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1508 else
1509 pairing_complete(cmd, status);
e9a416b5
JH		 1510}
1511
650f726d 1512static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1513{
1514 struct hci_dev *hdev;
650f726d 1515 struct mgmt_cp_pair_device *cp = data;
1425acb7 1516 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1517 struct pending_cmd *cmd;
1518 u8 sec_level, auth_type;
1519 struct hci_conn *conn;
e9a416b5
JH		 1520 int err;
1521
1522 BT_DBG("");
1523
bdce7baf 1524 if (len != sizeof(*cp))
ca69b795
JH		 1525 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1526 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1527
4e51eae9 1528 hdev = hci_dev_get(index);
e9a416b5 1529 if (!hdev)
ca69b795
JH		 1530 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1531 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1532
09fd0de5 1533 hci_dev_lock(hdev);
e9a416b5 1534
c908df36
VCG		 1535 sec_level = BT_SECURITY_MEDIUM;
1536 if (cp->io_cap == 0x03)
e9a416b5 1537 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1538 else
e9a416b5 1539 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1540
ba4e564f
JH		 1541 if (cp->addr.type == MGMT_ADDR_BREDR)
1542 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1543 auth_type);
1544 else
ba4e564f 1545 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1546 auth_type);
1547
1425acb7
JH		 1548 memset(&rp, 0, sizeof(rp));
1549 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1550 rp.addr.type = cp->addr.type;
1551
30e76272 1552 if (IS_ERR(conn)) {
1425acb7
JH		 1553 rp.status = -PTR_ERR(conn);
1554 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1555 &rp, sizeof(rp));
e9a416b5
JH		 1556 goto unlock;
1557 }
1558
1559 if (conn->connect_cfm_cb) {
1560 hci_conn_put(conn);
1425acb7
JH		 1561 rp.status = EBUSY;
1562 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1563 &rp, sizeof(rp));
e9a416b5
JH		 1564 goto unlock;
1565 }
1566
2e58ef3e 1567 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1568 if (!cmd) {
1569 err = -ENOMEM;
1570 hci_conn_put(conn);
1571 goto unlock;
1572 }
1573
7a512d01 1574 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1575 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1576 conn->connect_cfm_cb = pairing_complete_cb;
1577
e9a416b5
JH		 1578 conn->security_cfm_cb = pairing_complete_cb;
1579 conn->disconn_cfm_cb = pairing_complete_cb;
1580 conn->io_capability = cp->io_cap;
1581 cmd->user_data = conn;
1582
1583 if (conn->state == BT_CONNECTED &&
1584 hci_conn_security(conn, sec_level, auth_type))
1585 pairing_complete(cmd, 0);
1586
1587 err = 0;
1588
1589unlock:
09fd0de5 1590 hci_dev_unlock(hdev);
e9a416b5
JH		 1591 hci_dev_put(hdev);
1592
1593 return err;
1594}
1595
28424707
JH		 1596static int cancel_pair_device(struct sock *sk, u16 index,
1597 unsigned char *data, u16 len)
1598{
1599 struct mgmt_addr_info *addr = (void *) data;
1600 struct hci_dev *hdev;
1601 struct pending_cmd *cmd;
1602 struct hci_conn *conn;
1603 int err;
1604
1605 BT_DBG("");
1606
1607 if (len != sizeof(*addr))
1608 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1609 MGMT_STATUS_INVALID_PARAMS);
1610
1611 hdev = hci_dev_get(index);
1612 if (!hdev)
1613 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1614 MGMT_STATUS_INVALID_PARAMS);
1615
1616 hci_dev_lock(hdev);
1617
1618 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1619 if (!cmd) {
1620 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1621 MGMT_STATUS_INVALID_PARAMS);
1622 goto unlock;
1623 }
1624
1625 conn = cmd->user_data;
1626
1627 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1628 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1629 MGMT_STATUS_INVALID_PARAMS);
1630 goto unlock;
1631 }
1632
1633 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1634
1635 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1636 sizeof(*addr));
1637unlock:
1638 hci_dev_unlock(hdev);
1639 hci_dev_put(hdev);
1640
1641 return err;
1642}
1643
0df4c185 1644static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1645 u8 type, u16 mgmt_op, u16 hci_op,
1646 __le32 passkey)
a5c29683 1647{
a5c29683
JH		 1648 struct pending_cmd *cmd;
1649 struct hci_dev *hdev;
0df4c185 1650 struct hci_conn *conn;
a5c29683
JH		 1651 int err;
1652
4e51eae9 1653 hdev = hci_dev_get(index);
a5c29683 1654 if (!hdev)
ca69b795
JH		 1655 return cmd_status(sk, index, mgmt_op,
1656 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1657
09fd0de5 1658 hci_dev_lock(hdev);
08ba5382 1659
a5c29683 1660 if (!test_bit(HCI_UP, &hdev->flags)) {
0df4c185
BG		 1661 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1662 goto done;
a5c29683
JH		 1663 }
1664
272d90df
JH		 1665 if (type == MGMT_ADDR_BREDR)
1666 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1667 else
47c15e2b 1668 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 1669
1670 if (!conn) {
1671 err = cmd_status(sk, index, mgmt_op,
47c15e2b 1672 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 1673 goto done;
1674 }
47c15e2b 1675
272d90df 1676 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 1677 /* Continue with pairing via SMP */
5fe57d9e
BG		 1678 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1679
1680 if (!err)
1681 err = cmd_status(sk, index, mgmt_op,
1682 MGMT_STATUS_SUCCESS);
1683 else
1684 err = cmd_status(sk, index, mgmt_op,
1685 MGMT_STATUS_FAILED);
47c15e2b 1686
47c15e2b
BG		 1687 goto done;
1688 }
1689
0df4c185 1690 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 1691 if (!cmd) {
1692 err = -ENOMEM;
0df4c185 1693 goto done;
a5c29683
JH		 1694 }
1695
0df4c185 1696 /* Continue with pairing via HCI */
604086b7
BG		 1697 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1698 struct hci_cp_user_passkey_reply cp;
1699
1700 bacpy(&cp.bdaddr, bdaddr);
1701 cp.passkey = passkey;
1702 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1703 } else
1704 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1705
a664b5bc
JH		 1706 if (err < 0)
1707 mgmt_pending_remove(cmd);
a5c29683 1708
0df4c185 1709done:
09fd0de5 1710 hci_dev_unlock(hdev);
a5c29683
JH		 1711 hci_dev_put(hdev);
1712
1713 return err;
1714}
1715
0df4c185
BG		 1716static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1717{
650f726d 1718 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 1719
1720 BT_DBG("");
1721
1722 if (len != sizeof(*cp))
1723 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1724 MGMT_STATUS_INVALID_PARAMS);
1725
272d90df
JH		 1726 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1727 MGMT_OP_USER_CONFIRM_REPLY,
1728 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 1729}
1730
1731static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1732 u16 len)
1733{
c9c2659f 1734 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 1735
1736 BT_DBG("");
1737
1738 if (len != sizeof(*cp))
1739 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1740 MGMT_STATUS_INVALID_PARAMS);
1741
272d90df
JH		 1742 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1743 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1744 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 1745}
1746
604086b7
BG		 1747static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1748{
650f726d 1749 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 1750
1751 BT_DBG("");
1752
1753 if (len != sizeof(*cp))
1754 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1755 EINVAL);
1756
272d90df
JH		 1757 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1758 MGMT_OP_USER_PASSKEY_REPLY,
1759 HCI_OP_USER_PASSKEY_REPLY,
1760 cp->passkey);
604086b7
BG		 1761}
1762
1763static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1764 u16 len)
1765{
650f726d 1766 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 1767
1768 BT_DBG("");
1769
1770 if (len != sizeof(*cp))
1771 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1772 EINVAL);
1773
272d90df
JH		 1774 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1775 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1776 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 1777}
1778
650f726d 1779static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 1780 u16 len)
1781{
650f726d 1782 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 1783 struct hci_cp_write_local_name hci_cp;
1784 struct hci_dev *hdev;
1785 struct pending_cmd *cmd;
1786 int err;
1787
1788 BT_DBG("");
1789
1790 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 1791 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1792 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 1793
1794 hdev = hci_dev_get(index);
1795 if (!hdev)
ca69b795
JH		 1796 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1797 MGMT_STATUS_INVALID_PARAMS);
b312b161 1798
09fd0de5 1799 hci_dev_lock(hdev);
b312b161 1800
650f726d
VCG		 1801 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
1802 len);
b312b161
JH		 1803 if (!cmd) {
1804 err = -ENOMEM;
1805 goto failed;
1806 }
1807
1808 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1809 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1810 &hci_cp);
1811 if (err < 0)
1812 mgmt_pending_remove(cmd);
1813
1814failed:
09fd0de5 1815 hci_dev_unlock(hdev);
b312b161
JH		 1816 hci_dev_put(hdev);
1817
1818 return err;
1819}
1820
c35938b2
SJ		 1821static int read_local_oob_data(struct sock *sk, u16 index)
1822{
1823 struct hci_dev *hdev;
1824 struct pending_cmd *cmd;
1825 int err;
1826
1827 BT_DBG("hci%u", index);
1828
1829 hdev = hci_dev_get(index);
1830 if (!hdev)
1831 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1832 MGMT_STATUS_INVALID_PARAMS);
c35938b2 1833
09fd0de5 1834 hci_dev_lock(hdev);
c35938b2
SJ		 1835
1836 if (!test_bit(HCI_UP, &hdev->flags)) {
1837 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1838 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 1839 goto unlock;
1840 }
1841
1842 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1843 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1844 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 1845 goto unlock;
1846 }
1847
2e58ef3e 1848 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 1849 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1850 MGMT_STATUS_BUSY);
c35938b2
SJ		 1851 goto unlock;
1852 }
1853
2e58ef3e 1854 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1855 if (!cmd) {
1856 err = -ENOMEM;
1857 goto unlock;
1858 }
1859
1860 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1861 if (err < 0)
1862 mgmt_pending_remove(cmd);
1863
1864unlock:
09fd0de5 1865 hci_dev_unlock(hdev);
c35938b2
SJ		 1866 hci_dev_put(hdev);
1867
1868 return err;
1869}
1870
650f726d
VCG		 1871static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
1872 u16 len)
2763eda6
SJ		 1873{
1874 struct hci_dev *hdev;
650f726d 1875 struct mgmt_cp_add_remote_oob_data *cp = data;
2763eda6
SJ		 1876 int err;
1877
1878 BT_DBG("hci%u ", index);
1879
1880 if (len != sizeof(*cp))
1881 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1882 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1883
1884 hdev = hci_dev_get(index);
1885 if (!hdev)
1886 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1887 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1888
09fd0de5 1889 hci_dev_lock(hdev);
2763eda6 1890
664ce4cc 1891 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 1892 cp->randomizer);
1893 if (err < 0)
ca69b795
JH		 1894 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1895 MGMT_STATUS_FAILED);
2763eda6
SJ		 1896 else
1897 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1898 0);
1899
09fd0de5 1900 hci_dev_unlock(hdev);
2763eda6
SJ		 1901 hci_dev_put(hdev);
1902
1903 return err;
1904}
1905
1906static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 1907 void *data, u16 len)
2763eda6
SJ		 1908{
1909 struct hci_dev *hdev;
650f726d 1910 struct mgmt_cp_remove_remote_oob_data *cp = data;
2763eda6
SJ		 1911 int err;
1912
1913 BT_DBG("hci%u ", index);
1914
1915 if (len != sizeof(*cp))
1916 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1917 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1918
1919 hdev = hci_dev_get(index);
1920 if (!hdev)
1921 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1922 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1923
09fd0de5 1924 hci_dev_lock(hdev);
2763eda6 1925
664ce4cc 1926 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6
SJ		 1927 if (err < 0)
1928 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1929 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1930 else
1931 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1932 NULL, 0);
1933
09fd0de5 1934 hci_dev_unlock(hdev);
2763eda6
SJ		 1935 hci_dev_put(hdev);
1936
1937 return err;
1938}
1939
450dfdaf 1940static int start_discovery(struct sock *sk, u16 index,
650f726d 1941 void *data, u16 len)
14a53664 1942{
650f726d 1943 struct mgmt_cp_start_discovery *cp = data;
3fd24153 1944 unsigned long discov_type = cp->type;
14a53664
JH		 1945 struct pending_cmd *cmd;
1946 struct hci_dev *hdev;
1947 int err;
1948
1949 BT_DBG("hci%u", index);
1950
450dfdaf
JH		 1951 if (len != sizeof(*cp))
1952 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1953 MGMT_STATUS_INVALID_PARAMS);
1954
14a53664
JH		 1955 hdev = hci_dev_get(index);
1956 if (!hdev)
ca69b795
JH		 1957 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1958 MGMT_STATUS_INVALID_PARAMS);
14a53664 1959
09fd0de5 1960 hci_dev_lock(hdev);
14a53664 1961
bd2d1334 1962 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1963 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1964 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 1965 goto failed;
1966 }
1967
ff9ef578
JH		 1968 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1969 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1970 MGMT_STATUS_BUSY);
1971 goto failed;
1972 }
1973
2e58ef3e 1974 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1975 if (!cmd) {
1976 err = -ENOMEM;
1977 goto failed;
1978 }
1979
3fd24153
AG		 1980 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
1981 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1982 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
1983 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
1984 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
1985 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
1986 else
1987 err = -EINVAL;
1988
14a53664
JH		 1989 if (err < 0)
1990 mgmt_pending_remove(cmd);
ff9ef578
JH		 1991 else
1992 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 1993
1994failed:
09fd0de5 1995 hci_dev_unlock(hdev);
14a53664
JH		 1996 hci_dev_put(hdev);
1997
1998 return err;
1999}
2000
2001static int stop_discovery(struct sock *sk, u16 index)
2002{
2003 struct hci_dev *hdev;
2004 struct pending_cmd *cmd;
30dc78e1
JH		 2005 struct hci_cp_remote_name_req_cancel cp;
2006 struct inquiry_entry *e;
14a53664
JH		 2007 int err;
2008
2009 BT_DBG("hci%u", index);
2010
2011 hdev = hci_dev_get(index);
2012 if (!hdev)
ca69b795
JH		 2013 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2014 MGMT_STATUS_INVALID_PARAMS);
14a53664 2015
09fd0de5 2016 hci_dev_lock(hdev);
14a53664 2017
30dc78e1 2018 if (!hci_discovery_active(hdev)) {
ff9ef578
JH		 2019 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2020 MGMT_STATUS_REJECTED);
30dc78e1 2021 goto unlock;
ff9ef578
JH		 2022 }
2023
2e58ef3e 2024 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2025 if (!cmd) {
2026 err = -ENOMEM;
30dc78e1
JH		 2027 goto unlock;
2028 }
2029
2030 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2031 err = hci_cancel_inquiry(hdev);
2032 if (err < 0)
2033 mgmt_pending_remove(cmd);
2034 else
2035 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2036 goto unlock;
2037 }
2038
2039 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2040 if (!e) {
2041 mgmt_pending_remove(cmd);
2042 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2043 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2044 goto unlock;
14a53664
JH		 2045 }
2046
30dc78e1
JH		 2047 bacpy(&cp.bdaddr, &e->data.bdaddr);
2048 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2049 sizeof(cp), &cp);
14a53664
JH		 2050 if (err < 0)
2051 mgmt_pending_remove(cmd);
ff9ef578
JH		 2052 else
2053 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2054
30dc78e1 2055unlock:
09fd0de5 2056 hci_dev_unlock(hdev);
14a53664
JH		 2057 hci_dev_put(hdev);
2058
2059 return err;
2060}
2061
650f726d 2062static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2063{
650f726d 2064 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2065 struct inquiry_entry *e;
2066 struct hci_dev *hdev;
2067 int err;
2068
2069 BT_DBG("hci%u", index);
2070
2071 if (len != sizeof(*cp))
2072 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2073 MGMT_STATUS_INVALID_PARAMS);
2074
2075 hdev = hci_dev_get(index);
2076 if (!hdev)
2077 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2078 MGMT_STATUS_INVALID_PARAMS);
2079
2080 hci_dev_lock(hdev);
2081
30dc78e1
JH		 2082 if (!hci_discovery_active(hdev)) {
2083 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2084 MGMT_STATUS_FAILED);
2085 goto failed;
2086 }
2087
561aafbc
JH		 2088 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2089 if (!e) {
2090 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2091 MGMT_STATUS_INVALID_PARAMS);
2092 goto failed;
2093 }
2094
2095 if (cp->name_known) {
2096 e->name_state = NAME_KNOWN;
2097 list_del(&e->list);
2098 } else {
2099 e->name_state = NAME_NEEDED;
a3d4e20a 2100 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2101 }
2102
2103 err = 0;
2104
2105failed:
2106 hci_dev_unlock(hdev);
2107
2108 return err;
2109}
2110
650f726d 2111static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2112{
2113 struct hci_dev *hdev;
650f726d 2114 struct mgmt_cp_block_device *cp = data;
7fbec224
AJ		 2115 int err;
2116
2117 BT_DBG("hci%u", index);
2118
7fbec224
AJ		 2119 if (len != sizeof(*cp))
2120 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2121 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2122
2123 hdev = hci_dev_get(index);
2124 if (!hdev)
2125 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2126 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2127
09fd0de5 2128 hci_dev_lock(hdev);
5e762444 2129
88c1fe4b 2130 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2131 if (err < 0)
ca69b795
JH		 2132 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2133 MGMT_STATUS_FAILED);
7fbec224
AJ		 2134 else
2135 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2136 NULL, 0);
5e762444 2137
09fd0de5 2138 hci_dev_unlock(hdev);
7fbec224
AJ		 2139 hci_dev_put(hdev);
2140
2141 return err;
2142}
2143
650f726d 2144static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2145{
2146 struct hci_dev *hdev;
650f726d 2147 struct mgmt_cp_unblock_device *cp = data;
7fbec224
AJ		 2148 int err;
2149
2150 BT_DBG("hci%u", index);
2151
7fbec224
AJ		 2152 if (len != sizeof(*cp))
2153 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2154 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2155
2156 hdev = hci_dev_get(index);
2157 if (!hdev)
2158 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2159 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2160
09fd0de5 2161 hci_dev_lock(hdev);
5e762444 2162
88c1fe4b 2163 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224
AJ		 2164
2165 if (err < 0)
ca69b795
JH		 2166 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2167 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2168 else
2169 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2170 NULL, 0);
5e762444 2171
09fd0de5 2172 hci_dev_unlock(hdev);
7fbec224
AJ		 2173 hci_dev_put(hdev);
2174
2175 return err;
2176}
2177
f6422ec6 2178static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2179 void *data, u16 len)
f6422ec6
AJ		 2180{
2181 struct hci_dev *hdev;
650f726d 2182 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2183 struct hci_cp_write_page_scan_activity acp;
2184 u8 type;
2185 int err;
2186
2187 BT_DBG("hci%u", index);
2188
2189 if (len != sizeof(*cp))
2190 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2191 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2192
2193 hdev = hci_dev_get(index);
2194 if (!hdev)
2195 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2196 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2197
2198 hci_dev_lock(hdev);
2199
f7c6869c 2200 if (cp->val) {
f6422ec6
AJ		 2201 type = PAGE_SCAN_TYPE_INTERLACED;
2202 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2203 } else {
2204 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2205 acp.interval = 0x0800; /* default 1.28 sec page scan */
2206 }
2207
2208 acp.window = 0x0012; /* default 11.25 msec page scan window */
2209
2210 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2211 sizeof(acp), &acp);
2212 if (err < 0) {
2213 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2214 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2215 goto done;
2216 }
2217
2218 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2219 if (err < 0) {
2220 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2221 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2222 goto done;
2223 }
2224
2225 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2226 NULL, 0);
2227done:
2228 hci_dev_unlock(hdev);
2229 hci_dev_put(hdev);
2230
2231 return err;
2232}
2233
346af67b
VCG		 2234static int load_long_term_keys(struct sock *sk, u16 index,
2235 void *cp_data, u16 len)
2236{
2237 struct hci_dev *hdev;
2238 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2239 u16 key_count, expected_len;
2240 int i;
2241
2242 if (len < sizeof(*cp))
2243 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2244 EINVAL);
2245
2246 key_count = get_unaligned_le16(&cp->key_count);
2247
2248 expected_len = sizeof(*cp) + key_count *
2249 sizeof(struct mgmt_ltk_info);
2250 if (expected_len != len) {
2251 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2252 len, expected_len);
2253 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2254 EINVAL);
2255 }
2256
2257 hdev = hci_dev_get(index);
2258 if (!hdev)
2259 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2260 ENODEV);
2261
2262 BT_DBG("hci%u key_count %u", index, key_count);
2263
2264 hci_dev_lock(hdev);
2265
2266 hci_smp_ltks_clear(hdev);
2267
2268 for (i = 0; i < key_count; i++) {
2269 struct mgmt_ltk_info *key = &cp->keys[i];
2270 u8 type;
2271
2272 if (key->master)
2273 type = HCI_SMP_LTK;
2274 else
2275 type = HCI_SMP_LTK_SLAVE;
2276
2277 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2278 type, 0, key->authenticated, key->val,
2279 key->enc_size, key->ediv, key->rand);
2280 }
2281
2282 hci_dev_unlock(hdev);
2283 hci_dev_put(hdev);
2284
2285 return 0;
2286}
2287
0381101f
JH		 2288int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2289{
650f726d
VCG		 2290 void *buf;
2291 u8 *cp;
0381101f 2292 struct mgmt_hdr *hdr;
4e51eae9 2293 u16 opcode, index, len;
0381101f
JH		 2294 int err;
2295
2296 BT_DBG("got %zu bytes", msglen);
2297
2298 if (msglen < sizeof(*hdr))
2299 return -EINVAL;
2300
e63a15ec 2301 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2302 if (!buf)
2303 return -ENOMEM;
2304
2305 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2306 err = -EFAULT;
2307 goto done;
2308 }
2309
650f726d 2310 hdr = buf;
0381101f 2311 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2312 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2313 len = get_unaligned_le16(&hdr->len);
2314
2315 if (len != msglen - sizeof(*hdr)) {
2316 err = -EINVAL;
2317 goto done;
2318 }
2319
650f726d
VCG		 2320 cp = buf + sizeof(*hdr);
2321
0381101f 2322 switch (opcode) {
02d98129
JH		 2323 case MGMT_OP_READ_VERSION:
2324 err = read_version(sk);
2325 break;
faba42eb
JH		 2326 case MGMT_OP_READ_INDEX_LIST:
2327 err = read_index_list(sk);
2328 break;
f7b64e69 2329 case MGMT_OP_READ_INFO:
4e51eae9 2330 err = read_controller_info(sk, index);
f7b64e69 2331 break;
eec8d2bc 2332 case MGMT_OP_SET_POWERED:
650f726d 2333 err = set_powered(sk, index, cp, len);
eec8d2bc 2334 break;
73f22f62 2335 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2336 err = set_discoverable(sk, index, cp, len);
73f22f62 2337 break;
9fbcbb45 2338 case MGMT_OP_SET_CONNECTABLE:
650f726d 2339 err = set_connectable(sk, index, cp, len);
9fbcbb45 2340 break;
f7c6869c 2341 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2342 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2343 break;
c542a06c 2344 case MGMT_OP_SET_PAIRABLE:
650f726d 2345 err = set_pairable(sk, index, cp, len);
c542a06c 2346 break;
2aeb9a1a 2347 case MGMT_OP_ADD_UUID:
650f726d 2348 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2349 break;
2350 case MGMT_OP_REMOVE_UUID:
650f726d 2351 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2352 break;
1aff6f09 2353 case MGMT_OP_SET_DEV_CLASS:
650f726d 2354 err = set_dev_class(sk, index, cp, len);
1aff6f09 2355 break;
86742e1e 2356 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2357 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2358 break;
8962ee74 2359 case MGMT_OP_DISCONNECT:
650f726d 2360 err = disconnect(sk, index, cp, len);
8962ee74 2361 break;
2784eb41 2362 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2363 err = get_connections(sk, index);
2784eb41 2364 break;
980e1a53 2365 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2366 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2367 break;
2368 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2369 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2370 break;
17fa4b9d 2371 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2372 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2373 break;
e9a416b5 2374 case MGMT_OP_PAIR_DEVICE:
650f726d 2375 err = pair_device(sk, index, cp, len);
e9a416b5 2376 break;
28424707
JH		 2377 case MGMT_OP_CANCEL_PAIR_DEVICE:
2378 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2379 break;
124f6e35
JH		 2380 case MGMT_OP_UNPAIR_DEVICE:
2381 err = unpair_device(sk, index, cp, len);
2382 break;
a5c29683 2383 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2384 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2385 break;
2386 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2387 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2388 break;
604086b7 2389 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2390 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2391 break;
2392 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2393 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2394 break;
b312b161 2395 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2396 err = set_local_name(sk, index, cp, len);
b312b161 2397 break;
c35938b2
SJ		 2398 case MGMT_OP_READ_LOCAL_OOB_DATA:
2399 err = read_local_oob_data(sk, index);
2400 break;
2763eda6 2401 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2402 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2403 break;
2404 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2405 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2406 break;
14a53664 2407 case MGMT_OP_START_DISCOVERY:
650f726d 2408 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2409 break;
2410 case MGMT_OP_STOP_DISCOVERY:
2411 err = stop_discovery(sk, index);
2412 break;
561aafbc 2413 case MGMT_OP_CONFIRM_NAME:
650f726d 2414 err = confirm_name(sk, index, cp, len);
561aafbc 2415 break;
7fbec224 2416 case MGMT_OP_BLOCK_DEVICE:
650f726d 2417 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2418 break;
2419 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2420 err = unblock_device(sk, index, cp, len);
7fbec224 2421 break;
346af67b
VCG		 2422 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2423 err = load_long_term_keys(sk, index, cp, len);
2424 break;
0381101f
JH		 2425 default:
2426 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2427 err = cmd_status(sk, index, opcode,
2428 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2429 break;
2430 }
2431
e41d8b4e
JH		 2432 if (err < 0)
2433 goto done;
2434
0381101f
JH		 2435 err = msglen;
2436
2437done:
2438 kfree(buf);
2439 return err;
2440}
c71e97bf 2441
b24752fe
JH		 2442static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2443{
2444 u8 *status = data;
2445
2446 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2447 mgmt_pending_remove(cmd);
2448}
2449
744cf19e 2450int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2451{
744cf19e 2452 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2453}
2454
744cf19e 2455int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2456{
b24752fe
JH		 2457 u8 status = ENODEV;
2458
744cf19e 2459 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2460
744cf19e 2461 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2462}
2463
73f22f62 2464struct cmd_lookup {
72a734ec 2465 u8 val;
eec8d2bc 2466 struct sock *sk;
69ab39ea 2467 struct hci_dev *hdev;
eec8d2bc
JH		 2468};
2469
69ab39ea 2470static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2471{
73f22f62 2472 struct cmd_lookup *match = data;
eec8d2bc 2473
69ab39ea 2474 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2475
2476 list_del(&cmd->list);
2477
2478 if (match->sk == NULL) {
2479 match->sk = cmd->sk;
2480 sock_hold(match->sk);
2481 }
2482
2483 mgmt_pending_free(cmd);
c71e97bf 2484}
5add6af8 2485
744cf19e 2486int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2487{
69ab39ea
JH		 2488 struct cmd_lookup match = { powered, NULL, hdev };
2489 __le32 ev;
eec8d2bc 2490 int ret;
5add6af8 2491
69ab39ea 2492 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2493
b24752fe
JH		 2494 if (!powered) {
2495 u8 status = ENETDOWN;
744cf19e 2496 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2497 }
2498
69ab39ea 2499 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2500
69ab39ea
JH		 2501 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2502 match.sk);
eec8d2bc
JH		 2503
2504 if (match.sk)
2505 sock_put(match.sk);
2506
2507 return ret;
5add6af8 2508}
73f22f62 2509
744cf19e 2510int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2511{
69ab39ea
JH		 2512 struct cmd_lookup match = { discoverable, NULL, hdev };
2513 __le32 ev;
73f22f62
JH		 2514 int ret;
2515
69ab39ea 2516 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2517
69ab39ea 2518 ev = cpu_to_le32(get_current_settings(hdev));
73f22f62 2519
69ab39ea 2520 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2521 match.sk);
73f22f62
JH		 2522 if (match.sk)
2523 sock_put(match.sk);
2524
2525 return ret;
2526}
9fbcbb45 2527
744cf19e 2528int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2529{
69ab39ea
JH		 2530 __le32 ev;
2531 struct cmd_lookup match = { connectable, NULL, hdev };
9fbcbb45
JH		 2532 int ret;
2533
69ab39ea
JH		 2534 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2535 &match);
9fbcbb45 2536
69ab39ea 2537 ev = cpu_to_le32(get_current_settings(hdev));
9fbcbb45 2538
69ab39ea 2539 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2540
2541 if (match.sk)
2542 sock_put(match.sk);
2543
2544 return ret;
2545}
55ed8ca1 2546
744cf19e 2547int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2548{
ca69b795
JH		 2549 u8 mgmt_err = mgmt_status(status);
2550
2d7cee58 2551 if (scan & SCAN_PAGE)
744cf19e 2552 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2553 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2554
2555 if (scan & SCAN_INQUIRY)
744cf19e 2556 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2557 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2558
2559 return 0;
2560}
2561
744cf19e
JH		 2562int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2563 u8 persistent)
55ed8ca1 2564{
86742e1e 2565 struct mgmt_ev_new_link_key ev;
55ed8ca1 2566
a492cd52 2567 memset(&ev, 0, sizeof(ev));
55ed8ca1 2568
a492cd52
VCG		 2569 ev.store_hint = persistent;
2570 bacpy(&ev.key.bdaddr, &key->bdaddr);
2571 ev.key.type = key->type;
2572 memcpy(ev.key.val, key->val, 16);
2573 ev.key.pin_len = key->pin_len;
55ed8ca1 2574
744cf19e 2575 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2576}
f7520543 2577
346af67b
VCG		 2578int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2579{
2580 struct mgmt_ev_new_long_term_key ev;
2581
2582 memset(&ev, 0, sizeof(ev));
2583
2584 ev.store_hint = persistent;
2585 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2586 ev.key.addr.type = key->bdaddr_type;
2587 ev.key.authenticated = key->authenticated;
2588 ev.key.enc_size = key->enc_size;
2589 ev.key.ediv = key->ediv;
2590
2591 if (key->type == HCI_SMP_LTK)
2592 ev.key.master = 1;
2593
2594 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2595 memcpy(ev.key.val, key->val, sizeof(key->val));
2596
2597 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2598 &ev, sizeof(ev), NULL);
2599}
2600
afc747a6 2601int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 2602 u8 addr_type, u8 *name, u8 name_len,
2603 u8 *dev_class)
f7520543 2604{
b644ba33
JH		 2605 char buf[512];
2606 struct mgmt_ev_device_connected *ev = (void *) buf;
2607 u16 eir_len = 0;
f7520543 2608
b644ba33
JH		 2609 bacpy(&ev->addr.bdaddr, bdaddr);
2610 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2611
b644ba33
JH		 2612 if (name_len > 0)
2613 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2614 name, name_len);
2615
2616 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2617 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2618 EIR_CLASS_OF_DEV, dev_class, 3);
2619
2620 put_unaligned_le16(eir_len, &ev->eir_len);
2621
2622 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2623 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2624}
2625
8962ee74
JH		 2626static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2627{
c68fb7ff 2628 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2629 struct sock **sk = data;
a38528f1 2630 struct mgmt_rp_disconnect rp;
8962ee74 2631
88c3df13
JH		 2632 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2633 rp.addr.type = cp->addr.type;
37d9ef76 2634 rp.status = 0;
8962ee74 2635
4e51eae9 2636 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2637
2638 *sk = cmd->sk;
2639 sock_hold(*sk);
2640
a664b5bc 2641 mgmt_pending_remove(cmd);
8962ee74
JH		 2642}
2643
124f6e35 2644static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 2645{
b1078ad0 2646 struct hci_dev *hdev = data;
124f6e35
JH		 2647 struct mgmt_cp_unpair_device *cp = cmd->param;
2648 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2649
2650 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2651 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2652 rp.addr.type = cp->addr.type;
a8a1d19e 2653
b1078ad0
JH		 2654 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2655
2656 cmd_complete(cmd->sk, cmd->index, cmd->opcode, &rp, sizeof(rp));
a8a1d19e
JH		 2657
2658 mgmt_pending_remove(cmd);
2659}
2660
afc747a6
JH		 2661int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2662 u8 link_type, u8 addr_type)
f7520543 2663{
4c659c39 2664 struct mgmt_addr_info ev;
8962ee74
JH		 2665 struct sock *sk = NULL;
2666 int err;
2667
744cf19e 2668 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2669
f7520543 2670 bacpy(&ev.bdaddr, bdaddr);
48264f06 2671 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2672
afc747a6
JH		 2673 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2674 sk);
8962ee74
JH		 2675
2676 if (sk)
2677 sock_put(sk);
2678
124f6e35 2679 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 2680 hdev);
a8a1d19e 2681
8962ee74
JH		 2682 return err;
2683}
2684
88c3df13
JH		 2685int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2686 u8 link_type, u8 addr_type, u8 status)
8962ee74 2687{
88c3df13 2688 struct mgmt_rp_disconnect rp;
8962ee74
JH		 2689 struct pending_cmd *cmd;
2690 int err;
2691
2e58ef3e 2692 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2693 if (!cmd)
2694 return -ENOENT;
2695
88c3df13
JH		 2696 bacpy(&rp.addr.bdaddr, bdaddr);
2697 rp.addr.type = link_to_mgmt(link_type, addr_type);
2698 rp.status = mgmt_status(status);
37d9ef76 2699
88c3df13 2700 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
37d9ef76 2701 &rp, sizeof(rp));
8962ee74 2702
a664b5bc 2703 mgmt_pending_remove(cmd);
8962ee74 2704
b1078ad0
JH		 2705 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2706 hdev);
8962ee74 2707 return err;
f7520543 2708}
17d5c04c 2709
48264f06
JH		 2710int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2711 u8 addr_type, u8 status)
17d5c04c
JH		 2712{
2713 struct mgmt_ev_connect_failed ev;
2714
4c659c39 2715 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2716 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2717 ev.status = mgmt_status(status);
17d5c04c 2718
744cf19e 2719 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2720}
980e1a53 2721
744cf19e 2722int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2723{
2724 struct mgmt_ev_pin_code_request ev;
2725
980e1a53 2726 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2727 ev.secure = secure;
980e1a53 2728
744cf19e 2729 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2730 NULL);
980e1a53
JH		 2731}
2732
744cf19e
JH		 2733int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2734 u8 status)
980e1a53
JH		 2735{
2736 struct pending_cmd *cmd;
ac56fb13 2737 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2738 int err;
2739
2e58ef3e 2740 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2741 if (!cmd)
2742 return -ENOENT;
2743
ac56fb13 2744 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2745 rp.status = mgmt_status(status);
ac56fb13 2746
744cf19e 2747 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2748 sizeof(rp));
980e1a53 2749
a664b5bc 2750 mgmt_pending_remove(cmd);
980e1a53
JH		 2751
2752 return err;
2753}
2754
744cf19e
JH		 2755int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2756 u8 status)
980e1a53
JH		 2757{
2758 struct pending_cmd *cmd;
ac56fb13 2759 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2760 int err;
2761
2e58ef3e 2762 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2763 if (!cmd)
2764 return -ENOENT;
2765
ac56fb13 2766 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2767 rp.status = mgmt_status(status);
ac56fb13 2768
744cf19e 2769 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2770 sizeof(rp));
980e1a53 2771
a664b5bc 2772 mgmt_pending_remove(cmd);
980e1a53
JH		 2773
2774 return err;
2775}
a5c29683 2776
744cf19e 2777int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 2778 u8 link_type, u8 addr_type, __le32 value,
2779 u8 confirm_hint)
a5c29683
JH		 2780{
2781 struct mgmt_ev_user_confirm_request ev;
2782
744cf19e 2783 BT_DBG("%s", hdev->name);
a5c29683 2784
272d90df
JH		 2785 bacpy(&ev.addr.bdaddr, bdaddr);
2786 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 2787 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2788 put_unaligned_le32(value, &ev.value);
2789
744cf19e 2790 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2791 NULL);
a5c29683
JH		 2792}
2793
272d90df
JH		 2794int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2795 u8 link_type, u8 addr_type)
604086b7
BG		 2796{
2797 struct mgmt_ev_user_passkey_request ev;
2798
2799 BT_DBG("%s", hdev->name);
2800
272d90df
JH		 2801 bacpy(&ev.addr.bdaddr, bdaddr);
2802 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 2803
2804 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2805 NULL);
2806}
2807
0df4c185 2808static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 2809 u8 link_type, u8 addr_type, u8 status,
2810 u8 opcode)
a5c29683
JH		 2811{
2812 struct pending_cmd *cmd;
2813 struct mgmt_rp_user_confirm_reply rp;
2814 int err;
2815
2e58ef3e 2816 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2817 if (!cmd)
2818 return -ENOENT;
2819
272d90df
JH		 2820 bacpy(&rp.addr.bdaddr, bdaddr);
2821 rp.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2822 rp.status = mgmt_status(status);
744cf19e 2823 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2824
a664b5bc 2825 mgmt_pending_remove(cmd);
a5c29683
JH		 2826
2827 return err;
2828}
2829
744cf19e 2830int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 2831 u8 link_type, u8 addr_type, u8 status)
a5c29683 2832{
272d90df
JH		 2833 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2834 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 2835}
2836
272d90df
JH		 2837int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2838 u8 link_type, u8 addr_type, u8 status)
a5c29683 2839{
272d90df
JH		 2840 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2841 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 2842}
2a611692 2843
604086b7 2844int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 2845 u8 link_type, u8 addr_type, u8 status)
604086b7 2846{
272d90df
JH		 2847 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2848 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 2849}
2850
272d90df
JH		 2851int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2852 u8 link_type, u8 addr_type, u8 status)
604086b7 2853{
272d90df
JH		 2854 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2855 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 2856}
2857
bab73cb6
JH		 2858int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2859 u8 addr_type, u8 status)
2a611692
JH		 2860{
2861 struct mgmt_ev_auth_failed ev;
2862
bab73cb6
JH		 2863 bacpy(&ev.addr.bdaddr, bdaddr);
2864 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2865 ev.status = mgmt_status(status);
2a611692 2866
744cf19e 2867 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2868}
b312b161 2869
744cf19e 2870int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2871{
2872 struct pending_cmd *cmd;
2873 struct mgmt_cp_set_local_name ev;
2874 int err;
2875
2876 memset(&ev, 0, sizeof(ev));
2877 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2878
2e58ef3e 2879 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2880 if (!cmd)
2881 goto send_event;
2882
2883 if (status) {
744cf19e 2884 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 2885 mgmt_status(status));
b312b161
JH		 2886 goto failed;
2887 }
2888
744cf19e 2889 update_eir(hdev);
80a1e1db 2890
744cf19e 2891 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2892 sizeof(ev));
2893 if (err < 0)
2894 goto failed;
2895
2896send_event:
744cf19e 2897 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2898 cmd ? cmd->sk : NULL);
2899
2900failed:
2901 if (cmd)
2902 mgmt_pending_remove(cmd);
2903 return err;
2904}
c35938b2 2905
744cf19e
JH		 2906int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2907 u8 *randomizer, u8 status)
c35938b2
SJ		 2908{
2909 struct pending_cmd *cmd;
2910 int err;
2911
744cf19e 2912 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2913
2e58ef3e 2914 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2915 if (!cmd)
2916 return -ENOENT;
2917
2918 if (status) {
744cf19e 2919 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 2920 MGMT_OP_READ_LOCAL_OOB_DATA,
2921 mgmt_status(status));
c35938b2
SJ		 2922 } else {
2923 struct mgmt_rp_read_local_oob_data rp;
2924
2925 memcpy(rp.hash, hash, sizeof(rp.hash));
2926 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2927
744cf19e
JH		 2928 err = cmd_complete(cmd->sk, hdev->id,
2929 MGMT_OP_READ_LOCAL_OOB_DATA,
2930 &rp, sizeof(rp));
c35938b2
SJ		 2931 }
2932
2933 mgmt_pending_remove(cmd);
2934
2935 return err;
2936}
e17acd40 2937
48264f06 2938int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 2939 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 2940 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 2941{
e319d2e7
JH		 2942 char buf[512];
2943 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 2944 size_t ev_size;
e17acd40 2945
1dc06093
JH		 2946 /* Leave 5 bytes for a potential CoD field */
2947 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 2948 return -EINVAL;
2949
1dc06093
JH		 2950 memset(buf, 0, sizeof(buf));
2951
e319d2e7
JH		 2952 bacpy(&ev->addr.bdaddr, bdaddr);
2953 ev->addr.type = link_to_mgmt(link_type, addr_type);
2954 ev->rssi = rssi;
2955 ev->confirm_name = cfm_name;
e17acd40 2956
1dc06093 2957 if (eir_len > 0)
e319d2e7 2958 memcpy(ev->eir, eir, eir_len);
e17acd40 2959
1dc06093
JH		 2960 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2961 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
2962 dev_class, 3);
2963
2964 put_unaligned_le16(eir_len, &ev->eir_len);
2965
2966 ev_size = sizeof(*ev) + eir_len;
f8523598 2967
e319d2e7 2968 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 2969}
a88a9652 2970
b644ba33
JH		 2971int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2972 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 2973{
b644ba33
JH		 2974 struct mgmt_ev_device_found *ev;
2975 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
2976 u16 eir_len;
a88a9652 2977
b644ba33 2978 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 2979
b644ba33
JH		 2980 memset(buf, 0, sizeof(buf));
2981
2982 bacpy(&ev->addr.bdaddr, bdaddr);
2983 ev->addr.type = link_to_mgmt(link_type, addr_type);
2984 ev->rssi = rssi;
2985
2986 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
2987 name_len);
2988
2989 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 2990
053c7e0c
JH		 2991 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
2992 sizeof(*ev) + eir_len, NULL);
a88a9652 2993}
314b2381 2994
7a135109 2995int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2996{
2997 struct pending_cmd *cmd;
2998 int err;
2999
2e58ef3e 3000 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3001 if (!cmd)
3002 return -ENOENT;
3003
ca69b795 3004 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 3005 mgmt_pending_remove(cmd);
3006
3007 return err;
3008}
3009
e6d465cb
AG		 3010int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3011{
3012 struct pending_cmd *cmd;
3013 int err;
3014
3015 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3016 if (!cmd)
3017 return -ENOENT;
3018
e75a8b0c 3019 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 3020 mgmt_pending_remove(cmd);
3021
3022 return err;
3023}
3024
744cf19e 3025int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3026{
164a6e78
JH		 3027 struct pending_cmd *cmd;
3028
343fb145
AG		 3029 BT_DBG("%s discovering %u", hdev->name, discovering);
3030
164a6e78 3031 if (discovering)
2e58ef3e 3032 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3033 else
2e58ef3e 3034 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3035
3036 if (cmd != NULL) {
744cf19e 3037 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 3038 mgmt_pending_remove(cmd);
3039 }
3040
744cf19e 3041 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 3042 sizeof(discovering), NULL);
3043}
5e762444 3044
88c1fe4b 3045int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3046{
3047 struct pending_cmd *cmd;
3048 struct mgmt_ev_device_blocked ev;
3049
2e58ef3e 3050 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3051
88c1fe4b
JH		 3052 bacpy(&ev.addr.bdaddr, bdaddr);
3053 ev.addr.type = type;
5e762444 3054
744cf19e
JH		 3055 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3056 cmd ? cmd->sk : NULL);
5e762444
AJ		 3057}
3058
88c1fe4b 3059int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3060{
3061 struct pending_cmd *cmd;
3062 struct mgmt_ev_device_unblocked ev;
3063
2e58ef3e 3064 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3065
88c1fe4b
JH		 3066 bacpy(&ev.addr.bdaddr, bdaddr);
3067 ev.addr.type = type;
5e762444 3068
744cf19e
JH		 3069 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3070 cmd ? cmd->sk : NULL);
5e762444 3071}
ubuntu-zesty-kernel mirror