]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move blacklisting functions to hci_core
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
72359753 25#include <linux/uaccess.h>
0381101f
JH		 26#include <asm/unaligned.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/mgmt.h>
31
02d98129
JH		 32#define MGMT_VERSION 0
33#define MGMT_REVISION 1
34
eec8d2bc
JH		 35struct pending_cmd {
36 struct list_head list;
37 __u16 opcode;
38 int index;
c68fb7ff 39 void *param;
eec8d2bc 40 struct sock *sk;
e9a416b5 41 void *user_data;
eec8d2bc
JH		 42};
43
b5ad8b7f 44static LIST_HEAD(cmd_list);
eec8d2bc 45
4e51eae9 46static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 47{
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
51
34eb525c 52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 53
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55 if (!skb)
56 return -ENOMEM;
57
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
59
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 61 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 62 hdr->len = cpu_to_le16(sizeof(*ev));
63
64 ev = (void *) skb_put(skb, sizeof(*ev));
65 ev->status = status;
66 put_unaligned_le16(cmd, &ev->opcode);
67
68 if (sock_queue_rcv_skb(sk, skb) < 0)
69 kfree_skb(skb);
70
71 return 0;
72}
73
4e51eae9
SJ		 74static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75 size_t rp_len)
02d98129
JH		 76{
77 struct sk_buff *skb;
78 struct mgmt_hdr *hdr;
79 struct mgmt_ev_cmd_complete *ev;
02d98129
JH		 80
81 BT_DBG("sock %p", sk);
82
a38528f1 83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 84 if (!skb)
85 return -ENOMEM;
86
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 88
a38528f1 89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 90 hdr->index = cpu_to_le16(index);
a38528f1 91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 92
a38528f1
JH		 93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 95
96 if (rp)
97 memcpy(ev->data, rp, rp_len);
02d98129
JH		 98
99 if (sock_queue_rcv_skb(sk, skb) < 0)
100 kfree_skb(skb);
101
102 return 0;
103}
104
a38528f1
JH		 105static int read_version(struct sock *sk)
106{
107 struct mgmt_rp_read_version rp;
108
109 BT_DBG("sock %p", sk);
110
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
4e51eae9
SJ		 114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115 sizeof(rp));
a38528f1
JH		 116}
117
faba42eb
JH		 118static int read_index_list(struct sock *sk)
119{
faba42eb
JH		 120 struct mgmt_rp_read_index_list *rp;
121 struct list_head *p;
a38528f1 122 size_t rp_len;
faba42eb 123 u16 count;
a38528f1 124 int i, err;
faba42eb
JH		 125
126 BT_DBG("sock %p", sk);
127
128 read_lock(&hci_dev_list_lock);
129
130 count = 0;
131 list_for_each(p, &hci_dev_list) {
132 count++;
133 }
134
a38528f1
JH		 135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
137 if (!rp) {
b2c60d42 138 read_unlock(&hci_dev_list_lock);
faba42eb 139 return -ENOMEM;
b2c60d42 140 }
faba42eb 141
faba42eb
JH		 142 put_unaligned_le16(count, &rp->num_controllers);
143
144 i = 0;
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
ab81cbf9
JH		 147
148 hci_del_off_timer(d);
149
ebc99feb
JH		 150 set_bit(HCI_MGMT, &d->flags);
151
ab81cbf9
JH		 152 if (test_bit(HCI_SETUP, &d->flags))
153 continue;
154
faba42eb
JH		 155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
157 }
158
159 read_unlock(&hci_dev_list_lock);
160
4e51eae9
SJ		 161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162 rp_len);
faba42eb 163
a38528f1
JH		 164 kfree(rp);
165
166 return err;
faba42eb
JH		 167}
168
4e51eae9 169static int read_controller_info(struct sock *sk, u16 index)
0381101f 170{
a38528f1 171 struct mgmt_rp_read_info rp;
f7b64e69 172 struct hci_dev *hdev;
0381101f 173
4e51eae9 174 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 175
4e51eae9 176 hdev = hci_dev_get(index);
a38528f1 177 if (!hdev)
4e51eae9 178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
f7b64e69 179
ab81cbf9
JH		 180 hci_del_off_timer(hdev);
181
1322901d 182 hci_dev_lock(hdev);
f7b64e69 183
ebc99feb
JH		 184 set_bit(HCI_MGMT, &hdev->flags);
185
dc4fe30b
JH		 186 memset(&rp, 0, sizeof(rp));
187
a38528f1 188 rp.type = hdev->dev_type;
f7b64e69 189
a38528f1
JH		 190 rp.powered = test_bit(HCI_UP, &hdev->flags);
191 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
192 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
193 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
f7b64e69
JH		 194
195 if (test_bit(HCI_AUTH, &hdev->flags))
a38528f1 196 rp.sec_mode = 3;
f7b64e69 197 else if (hdev->ssp_mode > 0)
a38528f1 198 rp.sec_mode = 4;
f7b64e69 199 else
a38528f1 200 rp.sec_mode = 2;
f7b64e69 201
a38528f1
JH		 202 bacpy(&rp.bdaddr, &hdev->bdaddr);
203 memcpy(rp.features, hdev->features, 8);
204 memcpy(rp.dev_class, hdev->dev_class, 3);
205 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
206 rp.hci_ver = hdev->hci_ver;
207 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
f7b64e69 208
dc4fe30b
JH		 209 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210
1322901d 211 hci_dev_unlock(hdev);
f7b64e69 212 hci_dev_put(hdev);
0381101f 213
4e51eae9 214 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 215}
216
eec8d2bc
JH		 217static void mgmt_pending_free(struct pending_cmd *cmd)
218{
219 sock_put(cmd->sk);
c68fb7ff 220 kfree(cmd->param);
eec8d2bc
JH		 221 kfree(cmd);
222}
223
366a0336
JH		 224static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
225 u16 index, void *data, u16 len)
eec8d2bc
JH		 226{
227 struct pending_cmd *cmd;
228
229 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
230 if (!cmd)
366a0336 231 return NULL;
eec8d2bc
JH		 232
233 cmd->opcode = opcode;
234 cmd->index = index;
235
c68fb7ff
SJ		 236 cmd->param = kmalloc(len, GFP_ATOMIC);
237 if (!cmd->param) {
eec8d2bc 238 kfree(cmd);
366a0336 239 return NULL;
eec8d2bc
JH		 240 }
241
8fce6357
SJ		 242 if (data)
243 memcpy(cmd->param, data, len);
eec8d2bc
JH		 244
245 cmd->sk = sk;
246 sock_hold(sk);
247
248 list_add(&cmd->list, &cmd_list);
249
366a0336 250 return cmd;
eec8d2bc
JH		 251}
252
253static void mgmt_pending_foreach(u16 opcode, int index,
254 void (*cb)(struct pending_cmd *cmd, void *data),
255 void *data)
256{
257 struct list_head *p, *n;
258
259 list_for_each_safe(p, n, &cmd_list) {
260 struct pending_cmd *cmd;
261
262 cmd = list_entry(p, struct pending_cmd, list);
263
264 if (cmd->opcode != opcode)
265 continue;
266
267 if (index >= 0 && cmd->index != index)
268 continue;
269
270 cb(cmd, data);
271 }
272}
273
274static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
275{
276 struct list_head *p;
277
278 list_for_each(p, &cmd_list) {
279 struct pending_cmd *cmd;
280
281 cmd = list_entry(p, struct pending_cmd, list);
282
283 if (cmd->opcode != opcode)
284 continue;
285
286 if (index >= 0 && cmd->index != index)
287 continue;
288
289 return cmd;
290 }
291
292 return NULL;
293}
294
a664b5bc 295static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 296{
73f22f62
JH		 297 list_del(&cmd->list);
298 mgmt_pending_free(cmd);
299}
300
4e51eae9 301static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
eec8d2bc 302{
72a734ec 303 struct mgmt_mode *cp;
eec8d2bc 304 struct hci_dev *hdev;
366a0336 305 struct pending_cmd *cmd;
366a0336 306 int err, up;
eec8d2bc
JH		 307
308 cp = (void *) data;
eec8d2bc 309
4e51eae9 310 BT_DBG("request for hci%u", index);
eec8d2bc 311
bdce7baf
SJ		 312 if (len != sizeof(*cp))
313 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314
4e51eae9 315 hdev = hci_dev_get(index);
eec8d2bc 316 if (!hdev)
4e51eae9 317 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
eec8d2bc 318
1322901d 319 hci_dev_lock(hdev);
eec8d2bc
JH		 320
321 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 322 if ((cp->val && up) || (!cp->val && !up)) {
4e51eae9 323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
eec8d2bc
JH		 324 goto failed;
325 }
326
4e51eae9
SJ		 327 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
328 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
eec8d2bc
JH		 329 goto failed;
330 }
331
4e51eae9 332 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
366a0336
JH		 333 if (!cmd) {
334 err = -ENOMEM;
eec8d2bc 335 goto failed;
366a0336 336 }
eec8d2bc 337
72a734ec 338 if (cp->val)
eec8d2bc
JH		 339 queue_work(hdev->workqueue, &hdev->power_on);
340 else
341 queue_work(hdev->workqueue, &hdev->power_off);
342
366a0336 343 err = 0;
eec8d2bc
JH		 344
345failed:
1322901d 346 hci_dev_unlock(hdev);
eec8d2bc 347 hci_dev_put(hdev);
366a0336 348 return err;
eec8d2bc
JH		 349}
350
4e51eae9
SJ		 351static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352 u16 len)
73f22f62 353{
72a734ec 354 struct mgmt_mode *cp;
73f22f62 355 struct hci_dev *hdev;
366a0336 356 struct pending_cmd *cmd;
73f22f62
JH		 357 u8 scan;
358 int err;
359
360 cp = (void *) data;
73f22f62 361
4e51eae9 362 BT_DBG("request for hci%u", index);
73f22f62 363
bdce7baf
SJ		 364 if (len != sizeof(*cp))
365 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366
4e51eae9 367 hdev = hci_dev_get(index);
73f22f62 368 if (!hdev)
4e51eae9 369 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
73f22f62 370
1322901d 371 hci_dev_lock(hdev);
73f22f62
JH		 372
373 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 374 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
73f22f62
JH		 375 goto failed;
376 }
377
4e51eae9
SJ		 378 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
379 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
380 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
73f22f62
JH		 381 goto failed;
382 }
383
72a734ec 384 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 385 test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 386 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
73f22f62
JH		 387 goto failed;
388 }
389
4e51eae9 390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
366a0336
JH		 391 if (!cmd) {
392 err = -ENOMEM;
73f22f62 393 goto failed;
366a0336 394 }
73f22f62
JH		 395
396 scan = SCAN_PAGE;
397
72a734ec 398 if (cp->val)
73f22f62
JH		 399 scan |= SCAN_INQUIRY;
400
401 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
402 if (err < 0)
a664b5bc 403 mgmt_pending_remove(cmd);
73f22f62
JH		 404
405failed:
1322901d 406 hci_dev_unlock(hdev);
73f22f62
JH		 407 hci_dev_put(hdev);
408
409 return err;
410}
411
4e51eae9
SJ		 412static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413 u16 len)
9fbcbb45 414{
72a734ec 415 struct mgmt_mode *cp;
9fbcbb45 416 struct hci_dev *hdev;
366a0336 417 struct pending_cmd *cmd;
9fbcbb45
JH		 418 u8 scan;
419 int err;
420
421 cp = (void *) data;
9fbcbb45 422
4e51eae9 423 BT_DBG("request for hci%u", index);
9fbcbb45 424
bdce7baf
SJ		 425 if (len != sizeof(*cp))
426 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
427
4e51eae9 428 hdev = hci_dev_get(index);
9fbcbb45 429 if (!hdev)
4e51eae9 430 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
9fbcbb45 431
1322901d 432 hci_dev_lock(hdev);
9fbcbb45
JH		 433
434 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 435 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
9fbcbb45
JH		 436 goto failed;
437 }
438
4e51eae9
SJ		 439 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
440 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
9fbcbb45
JH		 442 goto failed;
443 }
444
72a734ec 445 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 446 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
9fbcbb45
JH		 447 goto failed;
448 }
449
4e51eae9 450 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
366a0336
JH		 451 if (!cmd) {
452 err = -ENOMEM;
9fbcbb45 453 goto failed;
366a0336 454 }
9fbcbb45 455
72a734ec 456 if (cp->val)
9fbcbb45
JH		 457 scan = SCAN_PAGE;
458 else
459 scan = 0;
460
461 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
462 if (err < 0)
a664b5bc 463 mgmt_pending_remove(cmd);
9fbcbb45
JH		 464
465failed:
1322901d 466 hci_dev_unlock(hdev);
9fbcbb45
JH		 467 hci_dev_put(hdev);
468
469 return err;
470}
471
4e51eae9
SJ		 472static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
473 struct sock *skip_sk)
c542a06c
JH		 474{
475 struct sk_buff *skb;
476 struct mgmt_hdr *hdr;
477
478 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 if (!skb)
480 return -ENOMEM;
481
482 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
483
484 hdr = (void *) skb_put(skb, sizeof(*hdr));
485 hdr->opcode = cpu_to_le16(event);
4e51eae9 486 hdr->index = cpu_to_le16(index);
c542a06c
JH		 487 hdr->len = cpu_to_le16(data_len);
488
4e51eae9
SJ		 489 if (data)
490 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 491
492 hci_send_to_sock(NULL, skb, skip_sk);
493 kfree_skb(skb);
494
495 return 0;
496}
497
053f0211
JH		 498static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499{
a38528f1 500 struct mgmt_mode rp;
053f0211 501
a38528f1 502 rp.val = val;
053f0211 503
4e51eae9 504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
053f0211
JH		 505}
506
4e51eae9
SJ		 507static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508 u16 len)
c542a06c
JH		 509{
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
c542a06c
JH		 512 int err;
513
514 cp = (void *) data;
c542a06c 515
4e51eae9 516 BT_DBG("request for hci%u", index);
c542a06c 517
bdce7baf
SJ		 518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
4e51eae9 521 hdev = hci_dev_get(index);
c542a06c 522 if (!hdev)
4e51eae9 523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
c542a06c 524
1322901d 525 hci_dev_lock(hdev);
c542a06c
JH		 526
527 if (cp->val)
528 set_bit(HCI_PAIRABLE, &hdev->flags);
529 else
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
4e51eae9 532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
c542a06c
JH		 533 if (err < 0)
534 goto failed;
535
c542a06c
JH		 536 ev.val = cp->val;
537
4e51eae9 538 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
c542a06c
JH		 539
540failed:
1322901d 541 hci_dev_unlock(hdev);
c542a06c
JH		 542 hci_dev_put(hdev);
543
544 return err;
545}
546
80a1e1db
JH		 547#define EIR_FLAGS 0x01 /* flags */
548#define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549#define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550#define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551#define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552#define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553#define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554#define EIR_NAME_SHORT 0x08 /* shortened local name */
555#define EIR_NAME_COMPLETE 0x09 /* complete local name */
556#define EIR_TX_POWER 0x0A /* transmit power level */
557#define EIR_DEVICE_ID 0x10 /* device ID */
558
559#define PNP_INFO_SVCLASS_ID 0x1200
560
561static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564};
565
566static u16 get_uuid16(u8 *uuid128)
567{
568 u32 val;
569 int i;
570
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
573 return 0;
574 }
575
576 memcpy(&val, &uuid128[12], 4);
577
578 val = le32_to_cpu(val);
579 if (val > 0xffff)
580 return 0;
581
582 return (u16) val;
583}
584
585static void create_eir(struct hci_dev *hdev, u8 *data)
586{
587 u8 *ptr = data;
588 u16 eir_len = 0;
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct list_head *p;
592 size_t name_len;
593
594 name_len = strlen(hdev->dev_name);
595
596 if (name_len > 0) {
597 /* EIR Data type */
598 if (name_len > 48) {
599 name_len = 48;
600 ptr[1] = EIR_NAME_SHORT;
601 } else
602 ptr[1] = EIR_NAME_COMPLETE;
603
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
606
607 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
611 }
612
613 memset(uuid16_list, 0, sizeof(uuid16_list));
614
615 /* Group all UUID16 types */
616 list_for_each(p, &hdev->uuids) {
617 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618 u16 uuid16;
619
620 uuid16 = get_uuid16(uuid->uuid);
621 if (uuid16 == 0)
622 return;
623
624 if (uuid16 < 0x1100)
625 continue;
626
627 if (uuid16 == PNP_INFO_SVCLASS_ID)
628 continue;
629
630 /* Stop if not enough space to put next UUID */
631 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632 truncated = 1;
633 break;
634 }
635
636 /* Check for duplicates */
637 for (i = 0; uuid16_list[i] != 0; i++)
638 if (uuid16_list[i] == uuid16)
639 break;
640
641 if (uuid16_list[i] == 0) {
642 uuid16_list[i] = uuid16;
643 eir_len += sizeof(u16);
644 }
645 }
646
647 if (uuid16_list[0] != 0) {
648 u8 *length = ptr;
649
650 /* EIR Data type */
651 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652
653 ptr += 2;
654 eir_len += 2;
655
656 for (i = 0; uuid16_list[i] != 0; i++) {
657 *ptr++ = (uuid16_list[i] & 0x00ff);
658 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659 }
660
661 /* EIR Data length */
662 *length = (i * sizeof(u16)) + 1;
663 }
664}
665
666static int update_eir(struct hci_dev *hdev)
667{
668 struct hci_cp_write_eir cp;
669
670 if (!(hdev->features[6] & LMP_EXT_INQ))
671 return 0;
672
673 if (hdev->ssp_mode == 0)
674 return 0;
675
676 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677 return 0;
678
679 memset(&cp, 0, sizeof(cp));
680
681 create_eir(hdev, cp.data);
682
683 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684 return 0;
685
686 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687
688 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689}
690
1aff6f09
JH		 691static u8 get_service_classes(struct hci_dev *hdev)
692{
693 struct list_head *p;
694 u8 val = 0;
695
696 list_for_each(p, &hdev->uuids) {
697 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
698
699 val |= uuid->svc_hint;
700 }
701
702 return val;
703}
704
705static int update_class(struct hci_dev *hdev)
706{
707 u8 cod[3];
708
709 BT_DBG("%s", hdev->name);
710
711 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712 return 0;
713
714 cod[0] = hdev->minor_class;
715 cod[1] = hdev->major_class;
716 cod[2] = get_service_classes(hdev);
717
718 if (memcmp(cod, hdev->dev_class, 3) == 0)
719 return 0;
720
721 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722}
723
4e51eae9 724static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 725{
726 struct mgmt_cp_add_uuid *cp;
727 struct hci_dev *hdev;
728 struct bt_uuid *uuid;
2aeb9a1a
JH		 729 int err;
730
731 cp = (void *) data;
2aeb9a1a 732
4e51eae9 733 BT_DBG("request for hci%u", index);
2aeb9a1a 734
bdce7baf
SJ		 735 if (len != sizeof(*cp))
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
737
4e51eae9 738 hdev = hci_dev_get(index);
2aeb9a1a 739 if (!hdev)
4e51eae9 740 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
2aeb9a1a 741
1322901d 742 hci_dev_lock(hdev);
2aeb9a1a
JH		 743
744 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745 if (!uuid) {
746 err = -ENOMEM;
747 goto failed;
748 }
749
750 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 751 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 752
753 list_add(&uuid->list, &hdev->uuids);
754
1aff6f09
JH		 755 err = update_class(hdev);
756 if (err < 0)
757 goto failed;
758
80a1e1db
JH		 759 err = update_eir(hdev);
760 if (err < 0)
761 goto failed;
762
4e51eae9 763 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 764
765failed:
1322901d 766 hci_dev_unlock(hdev);
2aeb9a1a
JH		 767 hci_dev_put(hdev);
768
769 return err;
770}
771
4e51eae9 772static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 773{
774 struct list_head *p, *n;
779cb850 775 struct mgmt_cp_remove_uuid *cp;
2aeb9a1a
JH		 776 struct hci_dev *hdev;
777 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 778 int err, found;
779
780 cp = (void *) data;
2aeb9a1a 781
4e51eae9 782 BT_DBG("request for hci%u", index);
2aeb9a1a 783
bdce7baf
SJ		 784 if (len != sizeof(*cp))
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
786
4e51eae9 787 hdev = hci_dev_get(index);
2aeb9a1a 788 if (!hdev)
4e51eae9 789 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
2aeb9a1a 790
1322901d 791 hci_dev_lock(hdev);
2aeb9a1a
JH		 792
793 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794 err = hci_uuids_clear(hdev);
795 goto unlock;
796 }
797
798 found = 0;
799
800 list_for_each_safe(p, n, &hdev->uuids) {
801 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
802
803 if (memcmp(match->uuid, cp->uuid, 16) != 0)
804 continue;
805
806 list_del(&match->list);
807 found++;
808 }
809
810 if (found == 0) {
4e51eae9 811 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
2aeb9a1a
JH		 812 goto unlock;
813 }
814
1aff6f09
JH		 815 err = update_class(hdev);
816 if (err < 0)
817 goto unlock;
818
80a1e1db
JH		 819 err = update_eir(hdev);
820 if (err < 0)
821 goto unlock;
822
4e51eae9 823 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 824
825unlock:
1322901d 826 hci_dev_unlock(hdev);
2aeb9a1a
JH		 827 hci_dev_put(hdev);
828
829 return err;
830}
831
4e51eae9
SJ		 832static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833 u16 len)
1aff6f09
JH		 834{
835 struct hci_dev *hdev;
836 struct mgmt_cp_set_dev_class *cp;
1aff6f09
JH		 837 int err;
838
839 cp = (void *) data;
1aff6f09 840
4e51eae9 841 BT_DBG("request for hci%u", index);
1aff6f09 842
bdce7baf
SJ		 843 if (len != sizeof(*cp))
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
845
4e51eae9 846 hdev = hci_dev_get(index);
1aff6f09 847 if (!hdev)
4e51eae9 848 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
1aff6f09 849
1322901d 850 hci_dev_lock(hdev);
1aff6f09
JH		 851
852 hdev->major_class = cp->major;
853 hdev->minor_class = cp->minor;
854
855 err = update_class(hdev);
856
857 if (err == 0)
4e51eae9 858 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 859
1322901d 860 hci_dev_unlock(hdev);
1aff6f09
JH		 861 hci_dev_put(hdev);
862
863 return err;
864}
865
4e51eae9
SJ		 866static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
867 u16 len)
1aff6f09
JH		 868{
869 struct hci_dev *hdev;
870 struct mgmt_cp_set_service_cache *cp;
1aff6f09
JH		 871 int err;
872
873 cp = (void *) data;
1aff6f09 874
bdce7baf 875 if (len != sizeof(*cp))
b8534e0f 876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
bdce7baf 877
4e51eae9 878 hdev = hci_dev_get(index);
1aff6f09 879 if (!hdev)
4e51eae9 880 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
1aff6f09 881
1322901d 882 hci_dev_lock(hdev);
1aff6f09 883
4e51eae9 884 BT_DBG("hci%u enable %d", index, cp->enable);
1aff6f09
JH		 885
886 if (cp->enable) {
887 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888 err = 0;
889 } else {
890 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891 err = update_class(hdev);
80a1e1db
JH		 892 if (err == 0)
893 err = update_eir(hdev);
1aff6f09
JH		 894 }
895
896 if (err == 0)
4e51eae9
SJ		 897 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898 0);
1aff6f09 899
1322901d 900 hci_dev_unlock(hdev);
1aff6f09
JH		 901 hci_dev_put(hdev);
902
903 return err;
904}
905
4e51eae9 906static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
55ed8ca1
JH		 907{
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_keys *cp;
4e51eae9 910 u16 key_count, expected_len;
55ed8ca1
JH		 911 int i;
912
913 cp = (void *) data;
bdce7baf
SJ		 914
915 if (len < sizeof(*cp))
916 return -EINVAL;
917
55ed8ca1
JH		 918 key_count = get_unaligned_le16(&cp->key_count);
919
920 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
921 if (expected_len != len) {
922 BT_ERR("load_keys: expected %u bytes, got %u bytes",
923 len, expected_len);
924 return -EINVAL;
925 }
926
4e51eae9 927 hdev = hci_dev_get(index);
55ed8ca1 928 if (!hdev)
4e51eae9 929 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
55ed8ca1 930
4e51eae9 931 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 932 key_count);
933
1322901d 934 hci_dev_lock(hdev);
55ed8ca1
JH		 935
936 hci_link_keys_clear(hdev);
937
938 set_bit(HCI_LINK_KEYS, &hdev->flags);
939
940 if (cp->debug_keys)
941 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
942 else
943 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
944
945 for (i = 0; i < key_count; i++) {
946 struct mgmt_key_info *key = &cp->keys[i];
947
d25e28ab 948 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 949 key->pin_len);
950 }
951
1322901d 952 hci_dev_unlock(hdev);
55ed8ca1
JH		 953 hci_dev_put(hdev);
954
955 return 0;
956}
957
4e51eae9 958static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
55ed8ca1
JH		 959{
960 struct hci_dev *hdev;
961 struct mgmt_cp_remove_key *cp;
962 struct hci_conn *conn;
55ed8ca1
JH		 963 int err;
964
965 cp = (void *) data;
55ed8ca1 966
bdce7baf
SJ		 967 if (len != sizeof(*cp))
968 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
969
4e51eae9 970 hdev = hci_dev_get(index);
55ed8ca1 971 if (!hdev)
4e51eae9 972 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
55ed8ca1 973
1322901d 974 hci_dev_lock(hdev);
55ed8ca1
JH		 975
976 err = hci_remove_link_key(hdev, &cp->bdaddr);
977 if (err < 0) {
4e51eae9 978 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
55ed8ca1
JH		 979 goto unlock;
980 }
981
982 err = 0;
983
984 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
985 goto unlock;
986
987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
988 if (conn) {
989 struct hci_cp_disconnect dc;
990
991 put_unaligned_le16(conn->handle, &dc.handle);
992 dc.reason = 0x13; /* Remote User Terminated Connection */
94ac0272 993 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
55ed8ca1
JH		 994 }
995
996unlock:
1322901d 997 hci_dev_unlock(hdev);
55ed8ca1
JH		 998 hci_dev_put(hdev);
999
1000 return err;
1001}
1002
4e51eae9 1003static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
8962ee74
JH		 1004{
1005 struct hci_dev *hdev;
1006 struct mgmt_cp_disconnect *cp;
1007 struct hci_cp_disconnect dc;
366a0336 1008 struct pending_cmd *cmd;
8962ee74 1009 struct hci_conn *conn;
8962ee74
JH		 1010 int err;
1011
1012 BT_DBG("");
1013
1014 cp = (void *) data;
8962ee74 1015
bdce7baf
SJ		 1016 if (len != sizeof(*cp))
1017 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1018
4e51eae9 1019 hdev = hci_dev_get(index);
8962ee74 1020 if (!hdev)
4e51eae9 1021 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
8962ee74 1022
1322901d 1023 hci_dev_lock(hdev);
8962ee74
JH		 1024
1025 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1026 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
8962ee74
JH		 1027 goto failed;
1028 }
1029
4e51eae9
SJ		 1030 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1031 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
8962ee74
JH		 1032 goto failed;
1033 }
1034
1035 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
365227e5
VCG		 1036 if (!conn)
1037 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1038
8962ee74 1039 if (!conn) {
4e51eae9 1040 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
8962ee74
JH		 1041 goto failed;
1042 }
1043
4e51eae9 1044 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
366a0336
JH		 1045 if (!cmd) {
1046 err = -ENOMEM;
8962ee74 1047 goto failed;
366a0336 1048 }
8962ee74
JH		 1049
1050 put_unaligned_le16(conn->handle, &dc.handle);
1051 dc.reason = 0x13; /* Remote User Terminated Connection */
1052
1053 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1054 if (err < 0)
a664b5bc 1055 mgmt_pending_remove(cmd);
8962ee74
JH		 1056
1057failed:
1322901d 1058 hci_dev_unlock(hdev);
8962ee74
JH		 1059 hci_dev_put(hdev);
1060
1061 return err;
1062}
1063
8ce6284e 1064static int get_connections(struct sock *sk, u16 index)
2784eb41 1065{
2784eb41
JH		 1066 struct mgmt_rp_get_connections *rp;
1067 struct hci_dev *hdev;
1068 struct list_head *p;
a38528f1 1069 size_t rp_len;
4e51eae9 1070 u16 count;
2784eb41
JH		 1071 int i, err;
1072
1073 BT_DBG("");
1074
4e51eae9 1075 hdev = hci_dev_get(index);
2784eb41 1076 if (!hdev)
4e51eae9 1077 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
2784eb41 1078
1322901d 1079 hci_dev_lock(hdev);
2784eb41
JH		 1080
1081 count = 0;
1082 list_for_each(p, &hdev->conn_hash.list) {
1083 count++;
1084 }
1085
a38528f1
JH		 1086 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1087 rp = kmalloc(rp_len, GFP_ATOMIC);
1088 if (!rp) {
2784eb41
JH		 1089 err = -ENOMEM;
1090 goto unlock;
1091 }
1092
2784eb41
JH		 1093 put_unaligned_le16(count, &rp->conn_count);
1094
2784eb41
JH		 1095 i = 0;
1096 list_for_each(p, &hdev->conn_hash.list) {
1097 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1098
1099 bacpy(&rp->conn[i++], &c->dst);
1100 }
1101
4e51eae9 1102 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1103
1104unlock:
a38528f1 1105 kfree(rp);
1322901d 1106 hci_dev_unlock(hdev);
2784eb41
JH		 1107 hci_dev_put(hdev);
1108 return err;
1109}
1110
96d97a67
WR		 1111static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1112 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1113{
1114 struct pending_cmd *cmd;
1115 int err;
1116
1117 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1118 sizeof(*cp));
1119 if (!cmd)
1120 return -ENOMEM;
1121
1122 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1123 &cp->bdaddr);
1124 if (err < 0)
1125 mgmt_pending_remove(cmd);
1126
1127 return err;
1128}
1129
4e51eae9
SJ		 1130static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1131 u16 len)
980e1a53
JH		 1132{
1133 struct hci_dev *hdev;
96d97a67 1134 struct hci_conn *conn;
980e1a53 1135 struct mgmt_cp_pin_code_reply *cp;
96d97a67 1136 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1137 struct hci_cp_pin_code_reply reply;
366a0336 1138 struct pending_cmd *cmd;
980e1a53
JH		 1139 int err;
1140
1141 BT_DBG("");
1142
1143 cp = (void *) data;
980e1a53 1144
bdce7baf
SJ		 1145 if (len != sizeof(*cp))
1146 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1147
4e51eae9 1148 hdev = hci_dev_get(index);
980e1a53 1149 if (!hdev)
4e51eae9 1150 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
980e1a53 1151
1322901d 1152 hci_dev_lock(hdev);
980e1a53
JH		 1153
1154 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1155 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
980e1a53
JH		 1156 goto failed;
1157 }
1158
96d97a67
WR		 1159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1160 if (!conn) {
1161 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1162 goto failed;
1163 }
1164
1165 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1166 bacpy(&ncp.bdaddr, &cp->bdaddr);
1167
1168 BT_ERR("PIN code is not 16 bytes long");
1169
1170 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1171 if (err >= 0)
1172 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1173 EINVAL);
1174
1175 goto failed;
1176 }
1177
4e51eae9 1178 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
366a0336
JH		 1179 if (!cmd) {
1180 err = -ENOMEM;
980e1a53 1181 goto failed;
366a0336 1182 }
980e1a53
JH		 1183
1184 bacpy(&reply.bdaddr, &cp->bdaddr);
1185 reply.pin_len = cp->pin_len;
24718ca5 1186 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1187
1188 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1189 if (err < 0)
a664b5bc 1190 mgmt_pending_remove(cmd);
980e1a53
JH		 1191
1192failed:
1322901d 1193 hci_dev_unlock(hdev);
980e1a53
JH		 1194 hci_dev_put(hdev);
1195
1196 return err;
1197}
1198
4e51eae9
SJ		 1199static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1200 u16 len)
980e1a53
JH		 1201{
1202 struct hci_dev *hdev;
1203 struct mgmt_cp_pin_code_neg_reply *cp;
980e1a53
JH		 1204 int err;
1205
1206 BT_DBG("");
1207
1208 cp = (void *) data;
980e1a53 1209
bdce7baf
SJ		 1210 if (len != sizeof(*cp))
1211 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1212 EINVAL);
1213
4e51eae9 1214 hdev = hci_dev_get(index);
980e1a53 1215 if (!hdev)
4e51eae9
SJ		 1216 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1217 ENODEV);
980e1a53 1218
1322901d 1219 hci_dev_lock(hdev);
980e1a53
JH		 1220
1221 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9
SJ		 1222 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1223 ENETDOWN);
980e1a53
JH		 1224 goto failed;
1225 }
1226
96d97a67 1227 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1228
1229failed:
1322901d 1230 hci_dev_unlock(hdev);
980e1a53
JH		 1231 hci_dev_put(hdev);
1232
1233 return err;
1234}
1235
4e51eae9
SJ		 1236static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1237 u16 len)
17fa4b9d
JH		 1238{
1239 struct hci_dev *hdev;
1240 struct mgmt_cp_set_io_capability *cp;
17fa4b9d
JH		 1241
1242 BT_DBG("");
1243
1244 cp = (void *) data;
17fa4b9d 1245
bdce7baf 1246 if (len != sizeof(*cp))
b8534e0f 1247 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
bdce7baf 1248
4e51eae9 1249 hdev = hci_dev_get(index);
17fa4b9d 1250 if (!hdev)
4e51eae9 1251 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
17fa4b9d 1252
1322901d 1253 hci_dev_lock(hdev);
17fa4b9d
JH		 1254
1255 hdev->io_capability = cp->io_capability;
1256
1257 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1258 hdev->io_capability);
17fa4b9d 1259
1322901d 1260 hci_dev_unlock(hdev);
17fa4b9d
JH		 1261 hci_dev_put(hdev);
1262
4e51eae9 1263 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1264}
1265
e9a416b5
JH		 1266static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1267{
1268 struct hci_dev *hdev = conn->hdev;
1269 struct list_head *p;
1270
1271 list_for_each(p, &cmd_list) {
1272 struct pending_cmd *cmd;
1273
1274 cmd = list_entry(p, struct pending_cmd, list);
1275
1276 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1277 continue;
1278
1279 if (cmd->index != hdev->id)
1280 continue;
1281
1282 if (cmd->user_data != conn)
1283 continue;
1284
1285 return cmd;
1286 }
1287
1288 return NULL;
1289}
1290
1291static void pairing_complete(struct pending_cmd *cmd, u8 status)
1292{
1293 struct mgmt_rp_pair_device rp;
1294 struct hci_conn *conn = cmd->user_data;
1295
e9a416b5
JH		 1296 bacpy(&rp.bdaddr, &conn->dst);
1297 rp.status = status;
1298
4e51eae9 1299 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1300
1301 /* So we don't get further callbacks for this connection */
1302 conn->connect_cfm_cb = NULL;
1303 conn->security_cfm_cb = NULL;
1304 conn->disconn_cfm_cb = NULL;
1305
1306 hci_conn_put(conn);
1307
a664b5bc 1308 mgmt_pending_remove(cmd);
e9a416b5
JH		 1309}
1310
1311static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1312{
1313 struct pending_cmd *cmd;
1314
1315 BT_DBG("status %u", status);
1316
1317 cmd = find_pairing(conn);
1318 if (!cmd) {
1319 BT_DBG("Unable to find a pending command");
1320 return;
1321 }
1322
1323 pairing_complete(cmd, status);
1324}
1325
4e51eae9 1326static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
e9a416b5
JH		 1327{
1328 struct hci_dev *hdev;
1329 struct mgmt_cp_pair_device *cp;
1330 struct pending_cmd *cmd;
1331 u8 sec_level, auth_type;
1332 struct hci_conn *conn;
e9a416b5
JH		 1333 int err;
1334
1335 BT_DBG("");
1336
1337 cp = (void *) data;
e9a416b5 1338
bdce7baf
SJ		 1339 if (len != sizeof(*cp))
1340 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1341
4e51eae9 1342 hdev = hci_dev_get(index);
e9a416b5 1343 if (!hdev)
4e51eae9 1344 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
e9a416b5 1345
1322901d 1346 hci_dev_lock(hdev);
e9a416b5
JH		 1347
1348 if (cp->io_cap == 0x03) {
1349 sec_level = BT_SECURITY_MEDIUM;
1350 auth_type = HCI_AT_DEDICATED_BONDING;
1351 } else {
1352 sec_level = BT_SECURITY_HIGH;
1353 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1354 }
1355
1356 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
30e76272
VT		 1357 if (IS_ERR(conn)) {
1358 err = PTR_ERR(conn);
e9a416b5
JH		 1359 goto unlock;
1360 }
1361
1362 if (conn->connect_cfm_cb) {
1363 hci_conn_put(conn);
4e51eae9 1364 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
e9a416b5
JH		 1365 goto unlock;
1366 }
1367
4e51eae9 1368 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
e9a416b5
JH		 1369 if (!cmd) {
1370 err = -ENOMEM;
1371 hci_conn_put(conn);
1372 goto unlock;
1373 }
1374
1375 conn->connect_cfm_cb = pairing_complete_cb;
1376 conn->security_cfm_cb = pairing_complete_cb;
1377 conn->disconn_cfm_cb = pairing_complete_cb;
1378 conn->io_capability = cp->io_cap;
1379 cmd->user_data = conn;
1380
1381 if (conn->state == BT_CONNECTED &&
1382 hci_conn_security(conn, sec_level, auth_type))
1383 pairing_complete(cmd, 0);
1384
1385 err = 0;
1386
1387unlock:
1322901d 1388 hci_dev_unlock(hdev);
e9a416b5
JH		 1389 hci_dev_put(hdev);
1390
1391 return err;
1392}
1393
4e51eae9
SJ		 1394static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1395 u16 len, int success)
a5c29683
JH		 1396{
1397 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
4e51eae9 1398 u16 mgmt_op, hci_op;
a5c29683
JH		 1399 struct pending_cmd *cmd;
1400 struct hci_dev *hdev;
1401 int err;
1402
1403 BT_DBG("");
1404
a5c29683
JH		 1405 if (success) {
1406 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1407 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1408 } else {
1409 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1410 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1411 }
1412
bdce7baf
SJ		 1413 if (len != sizeof(*cp))
1414 return cmd_status(sk, index, mgmt_op, EINVAL);
1415
4e51eae9 1416 hdev = hci_dev_get(index);
a5c29683 1417 if (!hdev)
4e51eae9 1418 return cmd_status(sk, index, mgmt_op, ENODEV);
a5c29683 1419
1322901d 1420 hci_dev_lock(hdev);
08ba5382 1421
a5c29683 1422 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1423 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
a5c29683
JH		 1424 goto failed;
1425 }
1426
4e51eae9 1427 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
a5c29683
JH		 1428 if (!cmd) {
1429 err = -ENOMEM;
1430 goto failed;
1431 }
1432
1433 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
a664b5bc
JH		 1434 if (err < 0)
1435 mgmt_pending_remove(cmd);
a5c29683
JH		 1436
1437failed:
1322901d 1438 hci_dev_unlock(hdev);
a5c29683
JH		 1439 hci_dev_put(hdev);
1440
1441 return err;
1442}
1443
b312b161
JH		 1444static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1445 u16 len)
1446{
1447 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1448 struct hci_cp_write_local_name hci_cp;
1449 struct hci_dev *hdev;
1450 struct pending_cmd *cmd;
1451 int err;
1452
1453 BT_DBG("");
1454
1455 if (len != sizeof(*mgmt_cp))
1456 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1457
1458 hdev = hci_dev_get(index);
1459 if (!hdev)
1460 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1461
1322901d 1462 hci_dev_lock(hdev);
b312b161
JH		 1463
1464 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1465 if (!cmd) {
1466 err = -ENOMEM;
1467 goto failed;
1468 }
1469
1470 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1471 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1472 &hci_cp);
1473 if (err < 0)
1474 mgmt_pending_remove(cmd);
1475
1476failed:
1322901d 1477 hci_dev_unlock(hdev);
b312b161
JH		 1478 hci_dev_put(hdev);
1479
1480 return err;
1481}
1482
c35938b2
SJ		 1483static int read_local_oob_data(struct sock *sk, u16 index)
1484{
1485 struct hci_dev *hdev;
1486 struct pending_cmd *cmd;
1487 int err;
1488
1489 BT_DBG("hci%u", index);
1490
1491 hdev = hci_dev_get(index);
1492 if (!hdev)
1493 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1494 ENODEV);
1495
1322901d 1496 hci_dev_lock(hdev);
c35938b2
SJ		 1497
1498 if (!test_bit(HCI_UP, &hdev->flags)) {
1499 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1500 ENETDOWN);
1501 goto unlock;
1502 }
1503
1504 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1505 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1506 EOPNOTSUPP);
1507 goto unlock;
1508 }
1509
1510 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1511 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1512 goto unlock;
1513 }
1514
1515 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1516 if (!cmd) {
1517 err = -ENOMEM;
1518 goto unlock;
1519 }
1520
1521 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1522 if (err < 0)
1523 mgmt_pending_remove(cmd);
1524
1525unlock:
1322901d 1526 hci_dev_unlock(hdev);
c35938b2
SJ		 1527 hci_dev_put(hdev);
1528
1529 return err;
1530}
1531
2763eda6
SJ		 1532static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1533 u16 len)
1534{
1535 struct hci_dev *hdev;
1536 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1537 int err;
1538
1539 BT_DBG("hci%u ", index);
1540
1541 if (len != sizeof(*cp))
1542 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1543 EINVAL);
1544
1545 hdev = hci_dev_get(index);
1546 if (!hdev)
1547 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1548 ENODEV);
1549
1322901d 1550 hci_dev_lock(hdev);
2763eda6
SJ		 1551
1552 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1553 cp->randomizer);
1554 if (err < 0)
1555 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1556 else
1557 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1558 0);
1559
1322901d 1560 hci_dev_unlock(hdev);
2763eda6
SJ		 1561 hci_dev_put(hdev);
1562
1563 return err;
1564}
1565
1566static int remove_remote_oob_data(struct sock *sk, u16 index,
1567 unsigned char *data, u16 len)
1568{
1569 struct hci_dev *hdev;
1570 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1571 int err;
1572
1573 BT_DBG("hci%u ", index);
1574
1575 if (len != sizeof(*cp))
1576 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1577 EINVAL);
1578
1579 hdev = hci_dev_get(index);
1580 if (!hdev)
1581 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1582 ENODEV);
1583
1322901d 1584 hci_dev_lock(hdev);
2763eda6
SJ		 1585
1586 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1587 if (err < 0)
1588 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1589 -err);
1590 else
1591 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1592 NULL, 0);
1593
1322901d 1594 hci_dev_unlock(hdev);
2763eda6
SJ		 1595 hci_dev_put(hdev);
1596
1597 return err;
1598}
1599
14a53664
JH		 1600static int start_discovery(struct sock *sk, u16 index)
1601{
1602 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1603 struct hci_cp_inquiry cp;
1604 struct pending_cmd *cmd;
1605 struct hci_dev *hdev;
1606 int err;
1607
1608 BT_DBG("hci%u", index);
1609
1610 hdev = hci_dev_get(index);
1611 if (!hdev)
1612 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1613
1614 hci_dev_lock_bh(hdev);
1615
1616 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1617 if (!cmd) {
1618 err = -ENOMEM;
1619 goto failed;
1620 }
1621
1622 memset(&cp, 0, sizeof(cp));
1623 memcpy(&cp.lap, lap, 3);
1624 cp.length = 0x08;
1625 cp.num_rsp = 0x00;
1626
1627 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1628 if (err < 0)
1629 mgmt_pending_remove(cmd);
1630
1631failed:
1632 hci_dev_unlock_bh(hdev);
1633 hci_dev_put(hdev);
1634
1635 return err;
1636}
1637
1638static int stop_discovery(struct sock *sk, u16 index)
1639{
1640 struct hci_dev *hdev;
1641 struct pending_cmd *cmd;
1642 int err;
1643
1644 BT_DBG("hci%u", index);
1645
1646 hdev = hci_dev_get(index);
1647 if (!hdev)
1648 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1649
1650 hci_dev_lock_bh(hdev);
1651
1652 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1653 if (!cmd) {
1654 err = -ENOMEM;
1655 goto failed;
1656 }
1657
1658 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1659 if (err < 0)
1660 mgmt_pending_remove(cmd);
1661
1662failed:
1663 hci_dev_unlock_bh(hdev);
1664 hci_dev_put(hdev);
1665
1666 return err;
1667}
1668
0381101f
JH		 1669int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1670{
1671 unsigned char *buf;
1672 struct mgmt_hdr *hdr;
4e51eae9 1673 u16 opcode, index, len;
0381101f
JH		 1674 int err;
1675
1676 BT_DBG("got %zu bytes", msglen);
1677
1678 if (msglen < sizeof(*hdr))
1679 return -EINVAL;
1680
e63a15ec 1681 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 1682 if (!buf)
1683 return -ENOMEM;
1684
1685 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1686 err = -EFAULT;
1687 goto done;
1688 }
1689
1690 hdr = (struct mgmt_hdr *) buf;
1691 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 1692 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 1693 len = get_unaligned_le16(&hdr->len);
1694
1695 if (len != msglen - sizeof(*hdr)) {
1696 err = -EINVAL;
1697 goto done;
1698 }
1699
1700 switch (opcode) {
02d98129
JH		 1701 case MGMT_OP_READ_VERSION:
1702 err = read_version(sk);
1703 break;
faba42eb
JH		 1704 case MGMT_OP_READ_INDEX_LIST:
1705 err = read_index_list(sk);
1706 break;
f7b64e69 1707 case MGMT_OP_READ_INFO:
4e51eae9 1708 err = read_controller_info(sk, index);
f7b64e69 1709 break;
eec8d2bc 1710 case MGMT_OP_SET_POWERED:
4e51eae9 1711 err = set_powered(sk, index, buf + sizeof(*hdr), len);
eec8d2bc 1712 break;
73f22f62 1713 case MGMT_OP_SET_DISCOVERABLE:
4e51eae9 1714 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
73f22f62 1715 break;
9fbcbb45 1716 case MGMT_OP_SET_CONNECTABLE:
4e51eae9 1717 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
9fbcbb45 1718 break;
c542a06c 1719 case MGMT_OP_SET_PAIRABLE:
4e51eae9 1720 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
c542a06c 1721 break;
2aeb9a1a 1722 case MGMT_OP_ADD_UUID:
4e51eae9 1723 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a
JH		 1724 break;
1725 case MGMT_OP_REMOVE_UUID:
4e51eae9 1726 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a 1727 break;
1aff6f09 1728 case MGMT_OP_SET_DEV_CLASS:
4e51eae9 1729 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1aff6f09
JH		 1730 break;
1731 case MGMT_OP_SET_SERVICE_CACHE:
4e51eae9 1732 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1aff6f09 1733 break;
55ed8ca1 1734 case MGMT_OP_LOAD_KEYS:
4e51eae9 1735 err = load_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1
JH		 1736 break;
1737 case MGMT_OP_REMOVE_KEY:
4e51eae9 1738 err = remove_key(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 1739 break;
8962ee74 1740 case MGMT_OP_DISCONNECT:
4e51eae9 1741 err = disconnect(sk, index, buf + sizeof(*hdr), len);
8962ee74 1742 break;
2784eb41 1743 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 1744 err = get_connections(sk, index);
2784eb41 1745 break;
980e1a53 1746 case MGMT_OP_PIN_CODE_REPLY:
4e51eae9 1747 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53
JH		 1748 break;
1749 case MGMT_OP_PIN_CODE_NEG_REPLY:
4e51eae9 1750 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53 1751 break;
17fa4b9d 1752 case MGMT_OP_SET_IO_CAPABILITY:
4e51eae9 1753 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
17fa4b9d 1754 break;
e9a416b5 1755 case MGMT_OP_PAIR_DEVICE:
4e51eae9 1756 err = pair_device(sk, index, buf + sizeof(*hdr), len);
e9a416b5 1757 break;
a5c29683 1758 case MGMT_OP_USER_CONFIRM_REPLY:
4e51eae9 1759 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
a5c29683
JH		 1760 break;
1761 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
4e51eae9 1762 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
a5c29683 1763 break;
b312b161
JH		 1764 case MGMT_OP_SET_LOCAL_NAME:
1765 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1766 break;
c35938b2
SJ		 1767 case MGMT_OP_READ_LOCAL_OOB_DATA:
1768 err = read_local_oob_data(sk, index);
1769 break;
2763eda6
SJ		 1770 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1771 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1772 break;
1773 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1774 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1775 len);
1776 break;
14a53664
JH		 1777 case MGMT_OP_START_DISCOVERY:
1778 err = start_discovery(sk, index);
1779 break;
1780 case MGMT_OP_STOP_DISCOVERY:
1781 err = stop_discovery(sk, index);
1782 break;
0381101f
JH		 1783 default:
1784 BT_DBG("Unknown op %u", opcode);
4e51eae9 1785 err = cmd_status(sk, index, opcode, 0x01);
0381101f
JH		 1786 break;
1787 }
1788
e41d8b4e
JH		 1789 if (err < 0)
1790 goto done;
1791
0381101f
JH		 1792 err = msglen;
1793
1794done:
1795 kfree(buf);
1796 return err;
1797}
c71e97bf 1798
c71e97bf
JH		 1799int mgmt_index_added(u16 index)
1800{
4e51eae9 1801 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
c71e97bf
JH		 1802}
1803
1804int mgmt_index_removed(u16 index)
1805{
4e51eae9 1806 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
eec8d2bc
JH		 1807}
1808
73f22f62 1809struct cmd_lookup {
72a734ec 1810 u8 val;
eec8d2bc
JH		 1811 struct sock *sk;
1812};
1813
72a734ec 1814static void mode_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 1815{
c68fb7ff 1816 struct mgmt_mode *cp = cmd->param;
73f22f62 1817 struct cmd_lookup *match = data;
eec8d2bc 1818
72a734ec 1819 if (cp->val != match->val)
eec8d2bc
JH		 1820 return;
1821
053f0211 1822 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
eec8d2bc
JH		 1823
1824 list_del(&cmd->list);
1825
1826 if (match->sk == NULL) {
1827 match->sk = cmd->sk;
1828 sock_hold(match->sk);
1829 }
1830
1831 mgmt_pending_free(cmd);
c71e97bf 1832}
5add6af8
JH		 1833
1834int mgmt_powered(u16 index, u8 powered)
1835{
72a734ec 1836 struct mgmt_mode ev;
73f22f62 1837 struct cmd_lookup match = { powered, NULL };
eec8d2bc 1838 int ret;
5add6af8 1839
72a734ec 1840 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
5add6af8 1841
72a734ec 1842 ev.val = powered;
eec8d2bc 1843
4e51eae9 1844 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
eec8d2bc
JH		 1845
1846 if (match.sk)
1847 sock_put(match.sk);
1848
1849 return ret;
5add6af8 1850}
73f22f62 1851
73f22f62
JH		 1852int mgmt_discoverable(u16 index, u8 discoverable)
1853{
72a734ec 1854 struct mgmt_mode ev;
73f22f62
JH		 1855 struct cmd_lookup match = { discoverable, NULL };
1856 int ret;
1857
b8534e0f 1858 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
72a734ec 1859
72a734ec 1860 ev.val = discoverable;
73f22f62 1861
4e51eae9
SJ		 1862 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1863 match.sk);
73f22f62
JH		 1864
1865 if (match.sk)
1866 sock_put(match.sk);
1867
1868 return ret;
1869}
9fbcbb45 1870
9fbcbb45
JH		 1871int mgmt_connectable(u16 index, u8 connectable)
1872{
72a734ec 1873 struct mgmt_mode ev;
9fbcbb45
JH		 1874 struct cmd_lookup match = { connectable, NULL };
1875 int ret;
1876
72a734ec 1877 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
9fbcbb45 1878
72a734ec 1879 ev.val = connectable;
9fbcbb45 1880
4e51eae9 1881 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 1882
1883 if (match.sk)
1884 sock_put(match.sk);
1885
1886 return ret;
1887}
55ed8ca1 1888
4df378a1 1889int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
55ed8ca1
JH		 1890{
1891 struct mgmt_ev_new_key ev;
1892
1893 memset(&ev, 0, sizeof(ev));
1894
4df378a1 1895 ev.store_hint = persistent;
55ed8ca1
JH		 1896 bacpy(&ev.key.bdaddr, &key->bdaddr);
1897 ev.key.type = key->type;
1898 memcpy(ev.key.val, key->val, 16);
1899 ev.key.pin_len = key->pin_len;
55ed8ca1 1900
4e51eae9 1901 return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
55ed8ca1 1902}
f7520543
JH		 1903
1904int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1905{
1906 struct mgmt_ev_connected ev;
1907
f7520543
JH		 1908 bacpy(&ev.bdaddr, bdaddr);
1909
4e51eae9 1910 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
f7520543
JH		 1911}
1912
8962ee74
JH		 1913static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1914{
c68fb7ff 1915 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 1916 struct sock **sk = data;
a38528f1 1917 struct mgmt_rp_disconnect rp;
8962ee74 1918
a38528f1 1919 bacpy(&rp.bdaddr, &cp->bdaddr);
8962ee74 1920
4e51eae9 1921 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 1922
1923 *sk = cmd->sk;
1924 sock_hold(*sk);
1925
a664b5bc 1926 mgmt_pending_remove(cmd);
8962ee74
JH		 1927}
1928
f7520543
JH		 1929int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1930{
1931 struct mgmt_ev_disconnected ev;
8962ee74
JH		 1932 struct sock *sk = NULL;
1933 int err;
1934
1935 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
f7520543 1936
f7520543
JH		 1937 bacpy(&ev.bdaddr, bdaddr);
1938
4e51eae9 1939 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
8962ee74
JH		 1940
1941 if (sk)
1942 sock_put(sk);
1943
1944 return err;
1945}
1946
1947int mgmt_disconnect_failed(u16 index)
1948{
1949 struct pending_cmd *cmd;
1950 int err;
1951
1952 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1953 if (!cmd)
1954 return -ENOENT;
1955
4e51eae9 1956 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
8962ee74 1957
a664b5bc 1958 mgmt_pending_remove(cmd);
8962ee74
JH		 1959
1960 return err;
f7520543 1961}
17d5c04c
JH		 1962
1963int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1964{
1965 struct mgmt_ev_connect_failed ev;
1966
17d5c04c
JH		 1967 bacpy(&ev.bdaddr, bdaddr);
1968 ev.status = status;
1969
4e51eae9 1970 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
17d5c04c 1971}
980e1a53 1972
a770bb5a 1973int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 1974{
1975 struct mgmt_ev_pin_code_request ev;
1976
980e1a53 1977 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 1978 ev.secure = secure;
980e1a53 1979
4e51eae9
SJ		 1980 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1981 NULL);
980e1a53
JH		 1982}
1983
1984int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1985{
1986 struct pending_cmd *cmd;
ac56fb13 1987 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 1988 int err;
1989
1990 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1991 if (!cmd)
1992 return -ENOENT;
1993
ac56fb13
JH		 1994 bacpy(&rp.bdaddr, bdaddr);
1995 rp.status = status;
1996
4e51eae9
SJ		 1997 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1998 sizeof(rp));
980e1a53 1999
a664b5bc 2000 mgmt_pending_remove(cmd);
980e1a53
JH		 2001
2002 return err;
2003}
2004
2005int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2006{
2007 struct pending_cmd *cmd;
ac56fb13 2008 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2009 int err;
2010
2011 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2012 if (!cmd)
2013 return -ENOENT;
2014
ac56fb13
JH		 2015 bacpy(&rp.bdaddr, bdaddr);
2016 rp.status = status;
2017
4e51eae9
SJ		 2018 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2019 sizeof(rp));
980e1a53 2020
a664b5bc 2021 mgmt_pending_remove(cmd);
980e1a53
JH		 2022
2023 return err;
2024}
a5c29683 2025
55bc1a37
JH		 2026int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2027 u8 confirm_hint)
a5c29683
JH		 2028{
2029 struct mgmt_ev_user_confirm_request ev;
2030
2031 BT_DBG("hci%u", index);
2032
a5c29683 2033 bacpy(&ev.bdaddr, bdaddr);
55bc1a37 2034 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2035 put_unaligned_le32(value, &ev.value);
2036
4e51eae9
SJ		 2037 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2038 NULL);
a5c29683
JH		 2039}
2040
2041static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2042 u8 opcode)
2043{
2044 struct pending_cmd *cmd;
2045 struct mgmt_rp_user_confirm_reply rp;
2046 int err;
2047
2048 cmd = mgmt_pending_find(opcode, index);
2049 if (!cmd)
2050 return -ENOENT;
2051
a5c29683
JH		 2052 bacpy(&rp.bdaddr, bdaddr);
2053 rp.status = status;
4e51eae9 2054 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
a5c29683 2055
a664b5bc 2056 mgmt_pending_remove(cmd);
a5c29683
JH		 2057
2058 return err;
2059}
2060
2061int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2062{
2063 return confirm_reply_complete(index, bdaddr, status,
2064 MGMT_OP_USER_CONFIRM_REPLY);
2065}
2066
b8534e0f 2067int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
a5c29683
JH		 2068{
2069 return confirm_reply_complete(index, bdaddr, status,
2070 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2071}
2a611692
JH		 2072
2073int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2074{
2075 struct mgmt_ev_auth_failed ev;
2076
2a611692
JH		 2077 bacpy(&ev.bdaddr, bdaddr);
2078 ev.status = status;
2079
4e51eae9 2080 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2a611692 2081}
b312b161
JH		 2082
2083int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2084{
2085 struct pending_cmd *cmd;
80a1e1db 2086 struct hci_dev *hdev;
b312b161
JH		 2087 struct mgmt_cp_set_local_name ev;
2088 int err;
2089
2090 memset(&ev, 0, sizeof(ev));
2091 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2092
2093 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2094 if (!cmd)
2095 goto send_event;
2096
2097 if (status) {
2098 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2099 goto failed;
2100 }
2101
80a1e1db
JH		 2102 hdev = hci_dev_get(index);
2103 if (hdev) {
2104 hci_dev_lock_bh(hdev);
2105 update_eir(hdev);
2106 hci_dev_unlock_bh(hdev);
2107 hci_dev_put(hdev);
2108 }
2109
b312b161
JH		 2110 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2111 sizeof(ev));
2112 if (err < 0)
2113 goto failed;
2114
2115send_event:
2116 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2117 cmd ? cmd->sk : NULL);
2118
2119failed:
2120 if (cmd)
2121 mgmt_pending_remove(cmd);
2122 return err;
2123}
c35938b2
SJ		 2124
2125int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2126 u8 status)
2127{
2128 struct pending_cmd *cmd;
2129 int err;
2130
2131 BT_DBG("hci%u status %u", index, status);
2132
2133 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2134 if (!cmd)
2135 return -ENOENT;
2136
2137 if (status) {
2138 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2139 EIO);
2140 } else {
2141 struct mgmt_rp_read_local_oob_data rp;
2142
2143 memcpy(rp.hash, hash, sizeof(rp.hash));
2144 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2145
2146 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2147 &rp, sizeof(rp));
2148 }
2149
2150 mgmt_pending_remove(cmd);
2151
2152 return err;
2153}
e17acd40
JH		 2154
2155int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2156 u8 *eir)
2157{
2158 struct mgmt_ev_device_found ev;
2159
2160 memset(&ev, 0, sizeof(ev));
2161
2162 bacpy(&ev.bdaddr, bdaddr);
2163 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2164 ev.rssi = rssi;
2165
2166 if (eir)
2167 memcpy(ev.eir, eir, sizeof(ev.eir));
2168
2169 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2170}
a88a9652
JH		 2171
2172int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2173{
2174 struct mgmt_ev_remote_name ev;
2175
2176 memset(&ev, 0, sizeof(ev));
2177
2178 bacpy(&ev.bdaddr, bdaddr);
2179 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2180
2181 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2182}
314b2381
JH		 2183
2184int mgmt_discovering(u16 index, u8 discovering)
2185{
2186 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2187 sizeof(discovering), NULL);
2188}
Ubuntu Artful kernel mirror