]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix deadlock with mgmt_pair_device
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
72359753 25#include <linux/uaccess.h>
0381101f
JH		 26#include <asm/unaligned.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/mgmt.h>
31
02d98129
JH		 32#define MGMT_VERSION 0
33#define MGMT_REVISION 1
34
2519a1fc
AG		 35#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
36
eec8d2bc
JH		 37struct pending_cmd {
38 struct list_head list;
fc2f4b13 39 u16 opcode;
eec8d2bc 40 int index;
c68fb7ff 41 void *param;
eec8d2bc 42 struct sock *sk;
e9a416b5 43 void *user_data;
eec8d2bc
JH		 44};
45
4e51eae9 46static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 47{
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
56b7d137 51 int err;
f7b64e69 52
34eb525c 53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 54
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
56 if (!skb)
57 return -ENOMEM;
58
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
60
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 62 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 63 hdr->len = cpu_to_le16(sizeof(*ev));
64
65 ev = (void *) skb_put(skb, sizeof(*ev));
66 ev->status = status;
67 put_unaligned_le16(cmd, &ev->opcode);
68
56b7d137
GP		 69 err = sock_queue_rcv_skb(sk, skb);
70 if (err < 0)
f7b64e69
JH		 71 kfree_skb(skb);
72
56b7d137 73 return err;
f7b64e69
JH		 74}
75
4e51eae9
SJ		 76static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
77 size_t rp_len)
02d98129
JH		 78{
79 struct sk_buff *skb;
80 struct mgmt_hdr *hdr;
81 struct mgmt_ev_cmd_complete *ev;
56b7d137 82 int err;
02d98129
JH		 83
84 BT_DBG("sock %p", sk);
85
a38528f1 86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 87 if (!skb)
88 return -ENOMEM;
89
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 91
a38528f1 92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 93 hdr->index = cpu_to_le16(index);
a38528f1 94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 95
a38528f1
JH		 96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 98
99 if (rp)
100 memcpy(ev->data, rp, rp_len);
02d98129 101
56b7d137
GP		 102 err = sock_queue_rcv_skb(sk, skb);
103 if (err < 0)
02d98129
JH		 104 kfree_skb(skb);
105
56b7d137 106 return err;;
02d98129
JH		 107}
108
a38528f1
JH		 109static int read_version(struct sock *sk)
110{
111 struct mgmt_rp_read_version rp;
112
113 BT_DBG("sock %p", sk);
114
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
117
4e51eae9
SJ		 118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
119 sizeof(rp));
a38528f1
JH		 120}
121
faba42eb
JH		 122static int read_index_list(struct sock *sk)
123{
faba42eb
JH		 124 struct mgmt_rp_read_index_list *rp;
125 struct list_head *p;
8035ded4 126 struct hci_dev *d;
a38528f1 127 size_t rp_len;
faba42eb 128 u16 count;
a38528f1 129 int i, err;
faba42eb
JH		 130
131 BT_DBG("sock %p", sk);
132
133 read_lock(&hci_dev_list_lock);
134
135 count = 0;
136 list_for_each(p, &hci_dev_list) {
137 count++;
138 }
139
a38528f1
JH		 140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
142 if (!rp) {
b2c60d42 143 read_unlock(&hci_dev_list_lock);
faba42eb 144 return -ENOMEM;
b2c60d42 145 }
faba42eb 146
faba42eb
JH		 147 put_unaligned_le16(count, &rp->num_controllers);
148
149 i = 0;
8035ded4 150 list_for_each_entry(d, &hci_dev_list, list) {
3243553f 151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
e0f9309f 152 cancel_delayed_work(&d->power_off);
ab81cbf9
JH		 153
154 if (test_bit(HCI_SETUP, &d->flags))
155 continue;
156
faba42eb
JH		 157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
159 }
160
161 read_unlock(&hci_dev_list_lock);
162
4e51eae9
SJ		 163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
164 rp_len);
faba42eb 165
a38528f1
JH		 166 kfree(rp);
167
168 return err;
faba42eb
JH		 169}
170
4e51eae9 171static int read_controller_info(struct sock *sk, u16 index)
0381101f 172{
a38528f1 173 struct mgmt_rp_read_info rp;
f7b64e69 174 struct hci_dev *hdev;
0381101f 175
4e51eae9 176 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 177
4e51eae9 178 hdev = hci_dev_get(index);
a38528f1 179 if (!hdev)
4e51eae9 180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
f7b64e69 181
3243553f
JH		 182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 184
8c156c32 185 hci_dev_lock_bh(hdev);
f7b64e69 186
ebc99feb
JH		 187 set_bit(HCI_MGMT, &hdev->flags);
188
dc4fe30b
JH		 189 memset(&rp, 0, sizeof(rp));
190
a38528f1 191 rp.type = hdev->dev_type;
f7b64e69 192
a38528f1
JH		 193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
f7b64e69
JH		 197
198 if (test_bit(HCI_AUTH, &hdev->flags))
a38528f1 199 rp.sec_mode = 3;
f7b64e69 200 else if (hdev->ssp_mode > 0)
a38528f1 201 rp.sec_mode = 4;
f7b64e69 202 else
a38528f1 203 rp.sec_mode = 2;
f7b64e69 204
a38528f1
JH		 205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
f7b64e69 211
dc4fe30b
JH		 212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
213
8c156c32 214 hci_dev_unlock_bh(hdev);
f7b64e69 215 hci_dev_put(hdev);
0381101f 216
4e51eae9 217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 218}
219
eec8d2bc
JH		 220static void mgmt_pending_free(struct pending_cmd *cmd)
221{
222 sock_put(cmd->sk);
c68fb7ff 223 kfree(cmd->param);
eec8d2bc
JH		 224 kfree(cmd);
225}
226
366a0336 227static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 228 struct hci_dev *hdev,
229 void *data, u16 len)
eec8d2bc
JH		 230{
231 struct pending_cmd *cmd;
232
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
234 if (!cmd)
366a0336 235 return NULL;
eec8d2bc
JH		 236
237 cmd->opcode = opcode;
2e58ef3e 238 cmd->index = hdev->id;
eec8d2bc 239
c68fb7ff
SJ		 240 cmd->param = kmalloc(len, GFP_ATOMIC);
241 if (!cmd->param) {
eec8d2bc 242 kfree(cmd);
366a0336 243 return NULL;
eec8d2bc
JH		 244 }
245
8fce6357
SJ		 246 if (data)
247 memcpy(cmd->param, data, len);
eec8d2bc
JH		 248
249 cmd->sk = sk;
250 sock_hold(sk);
251
2e58ef3e 252 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 253
366a0336 254 return cmd;
eec8d2bc
JH		 255}
256
744cf19e 257static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 258 void (*cb)(struct pending_cmd *cmd, void *data),
259 void *data)
260{
261 struct list_head *p, *n;
262
2e58ef3e 263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 264 struct pending_cmd *cmd;
265
266 cmd = list_entry(p, struct pending_cmd, list);
267
b24752fe 268 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 269 continue;
270
eec8d2bc
JH		 271 cb(cmd, data);
272 }
273}
274
2e58ef3e 275static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 276{
8035ded4 277 struct pending_cmd *cmd;
eec8d2bc 278
2e58ef3e 279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 280 if (cmd->opcode == opcode)
281 return cmd;
eec8d2bc
JH		 282 }
283
284 return NULL;
285}
286
a664b5bc 287static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 288{
73f22f62
JH		 289 list_del(&cmd->list);
290 mgmt_pending_free(cmd);
291}
292
4e51eae9 293static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
eec8d2bc 294{
72a734ec 295 struct mgmt_mode *cp;
eec8d2bc 296 struct hci_dev *hdev;
366a0336 297 struct pending_cmd *cmd;
366a0336 298 int err, up;
eec8d2bc
JH		 299
300 cp = (void *) data;
eec8d2bc 301
4e51eae9 302 BT_DBG("request for hci%u", index);
eec8d2bc 303
bdce7baf
SJ		 304 if (len != sizeof(*cp))
305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
306
4e51eae9 307 hdev = hci_dev_get(index);
eec8d2bc 308 if (!hdev)
4e51eae9 309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
eec8d2bc 310
8c156c32 311 hci_dev_lock_bh(hdev);
eec8d2bc
JH		 312
313 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 314 if ((cp->val && up) || (!cp->val && !up)) {
4e51eae9 315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
eec8d2bc
JH		 316 goto failed;
317 }
318
2e58ef3e 319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
4e51eae9 320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
eec8d2bc
JH		 321 goto failed;
322 }
323
2e58ef3e 324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 325 if (!cmd) {
326 err = -ENOMEM;
eec8d2bc 327 goto failed;
366a0336 328 }
eec8d2bc 329
72a734ec 330 if (cp->val)
eec8d2bc
JH		 331 queue_work(hdev->workqueue, &hdev->power_on);
332 else
3243553f 333 queue_work(hdev->workqueue, &hdev->power_off.work);
eec8d2bc 334
366a0336 335 err = 0;
eec8d2bc
JH		 336
337failed:
8c156c32 338 hci_dev_unlock_bh(hdev);
eec8d2bc 339 hci_dev_put(hdev);
366a0336 340 return err;
eec8d2bc
JH		 341}
342
4e51eae9
SJ		 343static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
344 u16 len)
73f22f62 345{
16ab91ab 346 struct mgmt_cp_set_discoverable *cp;
73f22f62 347 struct hci_dev *hdev;
366a0336 348 struct pending_cmd *cmd;
73f22f62
JH		 349 u8 scan;
350 int err;
351
352 cp = (void *) data;
73f22f62 353
4e51eae9 354 BT_DBG("request for hci%u", index);
73f22f62 355
bdce7baf
SJ		 356 if (len != sizeof(*cp))
357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
358
4e51eae9 359 hdev = hci_dev_get(index);
73f22f62 360 if (!hdev)
4e51eae9 361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
73f22f62 362
8c156c32 363 hci_dev_lock_bh(hdev);
73f22f62
JH		 364
365 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
73f22f62
JH		 367 goto failed;
368 }
369
2e58ef3e
JH		 370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
4e51eae9 372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
73f22f62
JH		 373 goto failed;
374 }
375
72a734ec 376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 377 test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
73f22f62
JH		 379 goto failed;
380 }
381
2e58ef3e 382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 383 if (!cmd) {
384 err = -ENOMEM;
73f22f62 385 goto failed;
366a0336 386 }
73f22f62
JH		 387
388 scan = SCAN_PAGE;
389
72a734ec 390 if (cp->val)
73f22f62 391 scan |= SCAN_INQUIRY;
16ab91ab 392 else
e0f9309f 393 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 394
395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
396 if (err < 0)
a664b5bc 397 mgmt_pending_remove(cmd);
73f22f62 398
16ab91ab
JH		 399 if (cp->val)
400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
401
73f22f62 402failed:
8c156c32 403 hci_dev_unlock_bh(hdev);
73f22f62
JH		 404 hci_dev_put(hdev);
405
406 return err;
407}
408
4e51eae9
SJ		 409static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
410 u16 len)
9fbcbb45 411{
72a734ec 412 struct mgmt_mode *cp;
9fbcbb45 413 struct hci_dev *hdev;
366a0336 414 struct pending_cmd *cmd;
9fbcbb45
JH		 415 u8 scan;
416 int err;
417
418 cp = (void *) data;
9fbcbb45 419
4e51eae9 420 BT_DBG("request for hci%u", index);
9fbcbb45 421
bdce7baf
SJ		 422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
424
4e51eae9 425 hdev = hci_dev_get(index);
9fbcbb45 426 if (!hdev)
4e51eae9 427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
9fbcbb45 428
8c156c32 429 hci_dev_lock_bh(hdev);
9fbcbb45
JH		 430
431 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
9fbcbb45
JH		 433 goto failed;
434 }
435
2e58ef3e
JH		 436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
4e51eae9 438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
9fbcbb45
JH		 439 goto failed;
440 }
441
72a734ec 442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
9fbcbb45
JH		 444 goto failed;
445 }
446
2e58ef3e 447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 448 if (!cmd) {
449 err = -ENOMEM;
9fbcbb45 450 goto failed;
366a0336 451 }
9fbcbb45 452
72a734ec 453 if (cp->val)
9fbcbb45
JH		 454 scan = SCAN_PAGE;
455 else
456 scan = 0;
457
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
459 if (err < 0)
a664b5bc 460 mgmt_pending_remove(cmd);
9fbcbb45
JH		 461
462failed:
8c156c32 463 hci_dev_unlock_bh(hdev);
9fbcbb45
JH		 464 hci_dev_put(hdev);
465
466 return err;
467}
468
744cf19e
JH		 469static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
470 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 471{
472 struct sk_buff *skb;
473 struct mgmt_hdr *hdr;
474
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
476 if (!skb)
477 return -ENOMEM;
478
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
480
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 483 if (hdev)
484 hdr->index = cpu_to_le16(hdev->id);
485 else
486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 487 hdr->len = cpu_to_le16(data_len);
488
4e51eae9
SJ		 489 if (data)
490 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 491
492 hci_send_to_sock(NULL, skb, skip_sk);
493 kfree_skb(skb);
494
495 return 0;
496}
497
053f0211
JH		 498static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499{
a38528f1 500 struct mgmt_mode rp;
053f0211 501
a38528f1 502 rp.val = val;
053f0211 503
4e51eae9 504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
053f0211
JH		 505}
506
4e51eae9
SJ		 507static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508 u16 len)
c542a06c
JH		 509{
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
c542a06c
JH		 512 int err;
513
514 cp = (void *) data;
c542a06c 515
4e51eae9 516 BT_DBG("request for hci%u", index);
c542a06c 517
bdce7baf
SJ		 518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
4e51eae9 521 hdev = hci_dev_get(index);
c542a06c 522 if (!hdev)
4e51eae9 523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
c542a06c 524
8c156c32 525 hci_dev_lock_bh(hdev);
c542a06c
JH		 526
527 if (cp->val)
528 set_bit(HCI_PAIRABLE, &hdev->flags);
529 else
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
4e51eae9 532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
c542a06c
JH		 533 if (err < 0)
534 goto failed;
535
c542a06c
JH		 536 ev.val = cp->val;
537
744cf19e 538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 539
540failed:
8c156c32 541 hci_dev_unlock_bh(hdev);
c542a06c
JH		 542 hci_dev_put(hdev);
543
544 return err;
545}
546
80a1e1db
JH		 547#define EIR_FLAGS 0x01 /* flags */
548#define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549#define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550#define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551#define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552#define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553#define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554#define EIR_NAME_SHORT 0x08 /* shortened local name */
555#define EIR_NAME_COMPLETE 0x09 /* complete local name */
556#define EIR_TX_POWER 0x0A /* transmit power level */
557#define EIR_DEVICE_ID 0x10 /* device ID */
558
559#define PNP_INFO_SVCLASS_ID 0x1200
560
561static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564};
565
566static u16 get_uuid16(u8 *uuid128)
567{
568 u32 val;
569 int i;
570
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
573 return 0;
574 }
575
576 memcpy(&val, &uuid128[12], 4);
577
578 val = le32_to_cpu(val);
579 if (val > 0xffff)
580 return 0;
581
582 return (u16) val;
583}
584
585static void create_eir(struct hci_dev *hdev, u8 *data)
586{
587 u8 *ptr = data;
588 u16 eir_len = 0;
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
8035ded4 591 struct bt_uuid *uuid;
80a1e1db
JH		 592 size_t name_len;
593
594 name_len = strlen(hdev->dev_name);
595
596 if (name_len > 0) {
597 /* EIR Data type */
598 if (name_len > 48) {
599 name_len = 48;
600 ptr[1] = EIR_NAME_SHORT;
601 } else
602 ptr[1] = EIR_NAME_COMPLETE;
603
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
606
607 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
611 }
612
613 memset(uuid16_list, 0, sizeof(uuid16_list));
614
615 /* Group all UUID16 types */
8035ded4 616 list_for_each_entry(uuid, &hdev->uuids, list) {
80a1e1db
JH		 617 u16 uuid16;
618
619 uuid16 = get_uuid16(uuid->uuid);
620 if (uuid16 == 0)
621 return;
622
623 if (uuid16 < 0x1100)
624 continue;
625
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
627 continue;
628
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
631 truncated = 1;
632 break;
633 }
634
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
638 break;
639
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
643 }
644 }
645
646 if (uuid16_list[0] != 0) {
647 u8 *length = ptr;
648
649 /* EIR Data type */
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
651
652 ptr += 2;
653 eir_len += 2;
654
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
658 }
659
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
662 }
663}
664
665static int update_eir(struct hci_dev *hdev)
666{
667 struct hci_cp_write_eir cp;
668
669 if (!(hdev->features[6] & LMP_EXT_INQ))
670 return 0;
671
672 if (hdev->ssp_mode == 0)
673 return 0;
674
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
676 return 0;
677
678 memset(&cp, 0, sizeof(cp));
679
680 create_eir(hdev, cp.data);
681
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
683 return 0;
684
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
686
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
688}
689
1aff6f09
JH		 690static u8 get_service_classes(struct hci_dev *hdev)
691{
12dc0743 692 struct bt_uuid *uuid;
1aff6f09
JH		 693 u8 val = 0;
694
12dc0743 695 list_for_each_entry(uuid, &hdev->uuids, list)
1aff6f09 696 val |= uuid->svc_hint;
1aff6f09
JH		 697
698 return val;
699}
700
701static int update_class(struct hci_dev *hdev)
702{
703 u8 cod[3];
704
705 BT_DBG("%s", hdev->name);
706
707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
708 return 0;
709
710 cod[0] = hdev->minor_class;
711 cod[1] = hdev->major_class;
712 cod[2] = get_service_classes(hdev);
713
714 if (memcmp(cod, hdev->dev_class, 3) == 0)
715 return 0;
716
717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
718}
719
4e51eae9 720static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 721{
722 struct mgmt_cp_add_uuid *cp;
723 struct hci_dev *hdev;
724 struct bt_uuid *uuid;
2aeb9a1a
JH		 725 int err;
726
727 cp = (void *) data;
2aeb9a1a 728
4e51eae9 729 BT_DBG("request for hci%u", index);
2aeb9a1a 730
bdce7baf
SJ		 731 if (len != sizeof(*cp))
732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
733
4e51eae9 734 hdev = hci_dev_get(index);
2aeb9a1a 735 if (!hdev)
4e51eae9 736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
2aeb9a1a 737
8c156c32 738 hci_dev_lock_bh(hdev);
2aeb9a1a
JH		 739
740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
741 if (!uuid) {
742 err = -ENOMEM;
743 goto failed;
744 }
745
746 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 747 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 748
749 list_add(&uuid->list, &hdev->uuids);
750
1aff6f09
JH		 751 err = update_class(hdev);
752 if (err < 0)
753 goto failed;
754
80a1e1db
JH		 755 err = update_eir(hdev);
756 if (err < 0)
757 goto failed;
758
4e51eae9 759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 760
761failed:
8c156c32 762 hci_dev_unlock_bh(hdev);
2aeb9a1a
JH		 763 hci_dev_put(hdev);
764
765 return err;
766}
767
4e51eae9 768static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 769{
770 struct list_head *p, *n;
779cb850 771 struct mgmt_cp_remove_uuid *cp;
2aeb9a1a
JH		 772 struct hci_dev *hdev;
773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 774 int err, found;
775
776 cp = (void *) data;
2aeb9a1a 777
4e51eae9 778 BT_DBG("request for hci%u", index);
2aeb9a1a 779
bdce7baf
SJ		 780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
782
4e51eae9 783 hdev = hci_dev_get(index);
2aeb9a1a 784 if (!hdev)
4e51eae9 785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
2aeb9a1a 786
8c156c32 787 hci_dev_lock_bh(hdev);
2aeb9a1a
JH		 788
789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
790 err = hci_uuids_clear(hdev);
791 goto unlock;
792 }
793
794 found = 0;
795
796 list_for_each_safe(p, n, &hdev->uuids) {
797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
798
799 if (memcmp(match->uuid, cp->uuid, 16) != 0)
800 continue;
801
802 list_del(&match->list);
803 found++;
804 }
805
806 if (found == 0) {
4e51eae9 807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
2aeb9a1a
JH		 808 goto unlock;
809 }
810
1aff6f09
JH		 811 err = update_class(hdev);
812 if (err < 0)
813 goto unlock;
814
80a1e1db
JH		 815 err = update_eir(hdev);
816 if (err < 0)
817 goto unlock;
818
4e51eae9 819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 820
821unlock:
8c156c32 822 hci_dev_unlock_bh(hdev);
2aeb9a1a
JH		 823 hci_dev_put(hdev);
824
825 return err;
826}
827
4e51eae9
SJ		 828static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
829 u16 len)
1aff6f09
JH		 830{
831 struct hci_dev *hdev;
832 struct mgmt_cp_set_dev_class *cp;
1aff6f09
JH		 833 int err;
834
835 cp = (void *) data;
1aff6f09 836
4e51eae9 837 BT_DBG("request for hci%u", index);
1aff6f09 838
bdce7baf
SJ		 839 if (len != sizeof(*cp))
840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
841
4e51eae9 842 hdev = hci_dev_get(index);
1aff6f09 843 if (!hdev)
4e51eae9 844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
1aff6f09 845
8c156c32 846 hci_dev_lock_bh(hdev);
1aff6f09
JH		 847
848 hdev->major_class = cp->major;
849 hdev->minor_class = cp->minor;
850
851 err = update_class(hdev);
852
853 if (err == 0)
4e51eae9 854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 855
8c156c32 856 hci_dev_unlock_bh(hdev);
1aff6f09
JH		 857 hci_dev_put(hdev);
858
859 return err;
860}
861
4e51eae9
SJ		 862static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
863 u16 len)
1aff6f09
JH		 864{
865 struct hci_dev *hdev;
866 struct mgmt_cp_set_service_cache *cp;
1aff6f09
JH		 867 int err;
868
869 cp = (void *) data;
1aff6f09 870
bdce7baf 871 if (len != sizeof(*cp))
b8534e0f 872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
bdce7baf 873
4e51eae9 874 hdev = hci_dev_get(index);
1aff6f09 875 if (!hdev)
4e51eae9 876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
1aff6f09 877
8c156c32 878 hci_dev_lock_bh(hdev);
1aff6f09 879
4e51eae9 880 BT_DBG("hci%u enable %d", index, cp->enable);
1aff6f09
JH		 881
882 if (cp->enable) {
883 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
884 err = 0;
885 } else {
886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = update_class(hdev);
80a1e1db
JH		 888 if (err == 0)
889 err = update_eir(hdev);
1aff6f09
JH		 890 }
891
892 if (err == 0)
4e51eae9
SJ		 893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
894 0);
e5b82e58
GP		 895 else
896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
897
1aff6f09 898
8c156c32 899 hci_dev_unlock_bh(hdev);
1aff6f09
JH		 900 hci_dev_put(hdev);
901
902 return err;
903}
904
86742e1e
JH		 905static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
906 u16 len)
55ed8ca1
JH		 907{
908 struct hci_dev *hdev;
86742e1e 909 struct mgmt_cp_load_link_keys *cp;
4e51eae9 910 u16 key_count, expected_len;
a492cd52 911 int i;
55ed8ca1
JH		 912
913 cp = (void *) data;
bdce7baf
SJ		 914
915 if (len < sizeof(*cp))
86742e1e 916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
bdce7baf 917
55ed8ca1
JH		 918 key_count = get_unaligned_le16(&cp->key_count);
919
86742e1e
JH		 920 expected_len = sizeof(*cp) + key_count *
921 sizeof(struct mgmt_link_key_info);
a492cd52 922 if (expected_len != len) {
86742e1e 923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 924 len, expected_len);
86742e1e 925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
55ed8ca1
JH		 926 }
927
4e51eae9 928 hdev = hci_dev_get(index);
55ed8ca1 929 if (!hdev)
86742e1e 930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
55ed8ca1 931
4e51eae9 932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 933 key_count);
934
8c156c32 935 hci_dev_lock_bh(hdev);
55ed8ca1
JH		 936
937 hci_link_keys_clear(hdev);
938
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
940
941 if (cp->debug_keys)
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
943 else
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
945
a492cd52 946 for (i = 0; i < key_count; i++) {
86742e1e 947 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 948
d25e28ab 949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 950 key->pin_len);
951 }
952
8c156c32 953 hci_dev_unlock_bh(hdev);
55ed8ca1
JH		 954 hci_dev_put(hdev);
955
a492cd52 956 return 0;
55ed8ca1
JH		 957}
958
86742e1e
JH		 959static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
960 u16 len)
55ed8ca1
JH		 961{
962 struct hci_dev *hdev;
86742e1e 963 struct mgmt_cp_remove_keys *cp;
55ed8ca1 964 struct hci_conn *conn;
55ed8ca1
JH		 965 int err;
966
967 cp = (void *) data;
55ed8ca1 968
bdce7baf 969 if (len != sizeof(*cp))
86742e1e 970 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
bdce7baf 971
4e51eae9 972 hdev = hci_dev_get(index);
55ed8ca1 973 if (!hdev)
86742e1e 974 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
55ed8ca1 975
8c156c32 976 hci_dev_lock_bh(hdev);
55ed8ca1
JH		 977
978 err = hci_remove_link_key(hdev, &cp->bdaddr);
979 if (err < 0) {
86742e1e 980 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
55ed8ca1
JH		 981 goto unlock;
982 }
983
984 err = 0;
985
986 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
987 goto unlock;
988
989 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
990 if (conn) {
991 struct hci_cp_disconnect dc;
992
993 put_unaligned_le16(conn->handle, &dc.handle);
994 dc.reason = 0x13; /* Remote User Terminated Connection */
94ac0272 995 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
55ed8ca1
JH		 996 }
997
998unlock:
8c156c32 999 hci_dev_unlock_bh(hdev);
55ed8ca1
JH		 1000 hci_dev_put(hdev);
1001
1002 return err;
1003}
1004
4e51eae9 1005static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
8962ee74
JH		 1006{
1007 struct hci_dev *hdev;
1008 struct mgmt_cp_disconnect *cp;
1009 struct hci_cp_disconnect dc;
366a0336 1010 struct pending_cmd *cmd;
8962ee74 1011 struct hci_conn *conn;
8962ee74
JH		 1012 int err;
1013
1014 BT_DBG("");
1015
1016 cp = (void *) data;
8962ee74 1017
bdce7baf
SJ		 1018 if (len != sizeof(*cp))
1019 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1020
4e51eae9 1021 hdev = hci_dev_get(index);
8962ee74 1022 if (!hdev)
4e51eae9 1023 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
8962ee74 1024
8c156c32 1025 hci_dev_lock_bh(hdev);
8962ee74
JH		 1026
1027 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1028 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
8962ee74
JH		 1029 goto failed;
1030 }
1031
2e58ef3e 1032 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
4e51eae9 1033 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
8962ee74
JH		 1034 goto failed;
1035 }
1036
1037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
365227e5
VCG		 1038 if (!conn)
1039 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1040
8962ee74 1041 if (!conn) {
4e51eae9 1042 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
8962ee74
JH		 1043 goto failed;
1044 }
1045
2e58ef3e 1046 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1047 if (!cmd) {
1048 err = -ENOMEM;
8962ee74 1049 goto failed;
366a0336 1050 }
8962ee74
JH		 1051
1052 put_unaligned_le16(conn->handle, &dc.handle);
1053 dc.reason = 0x13; /* Remote User Terminated Connection */
1054
1055 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1056 if (err < 0)
a664b5bc 1057 mgmt_pending_remove(cmd);
8962ee74
JH		 1058
1059failed:
8c156c32 1060 hci_dev_unlock_bh(hdev);
8962ee74
JH		 1061 hci_dev_put(hdev);
1062
1063 return err;
1064}
1065
48264f06 1066static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1067{
1068 switch (link_type) {
1069 case LE_LINK:
48264f06
JH		 1070 switch (addr_type) {
1071 case ADDR_LE_DEV_PUBLIC:
1072 return MGMT_ADDR_LE_PUBLIC;
1073 case ADDR_LE_DEV_RANDOM:
1074 return MGMT_ADDR_LE_RANDOM;
1075 default:
1076 return MGMT_ADDR_INVALID;
1077 }
4c659c39
JH		 1078 case ACL_LINK:
1079 return MGMT_ADDR_BREDR;
1080 default:
1081 return MGMT_ADDR_INVALID;
1082 }
1083}
1084
8ce6284e 1085static int get_connections(struct sock *sk, u16 index)
2784eb41 1086{
2784eb41
JH		 1087 struct mgmt_rp_get_connections *rp;
1088 struct hci_dev *hdev;
8035ded4 1089 struct hci_conn *c;
2784eb41 1090 struct list_head *p;
a38528f1 1091 size_t rp_len;
4e51eae9 1092 u16 count;
2784eb41
JH		 1093 int i, err;
1094
1095 BT_DBG("");
1096
4e51eae9 1097 hdev = hci_dev_get(index);
2784eb41 1098 if (!hdev)
4e51eae9 1099 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
2784eb41 1100
8c156c32 1101 hci_dev_lock_bh(hdev);
2784eb41
JH		 1102
1103 count = 0;
1104 list_for_each(p, &hdev->conn_hash.list) {
1105 count++;
1106 }
1107
4c659c39 1108 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1109 rp = kmalloc(rp_len, GFP_ATOMIC);
1110 if (!rp) {
2784eb41
JH		 1111 err = -ENOMEM;
1112 goto unlock;
1113 }
1114
2784eb41
JH		 1115 put_unaligned_le16(count, &rp->conn_count);
1116
2784eb41 1117 i = 0;
4c659c39
JH		 1118 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1119 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1120 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1121 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1122 continue;
1123 i++;
1124 }
1125
1126 /* Recalculate length in case of filtered SCO connections, etc */
1127 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1128
4e51eae9 1129 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1130
1131unlock:
a38528f1 1132 kfree(rp);
8c156c32 1133 hci_dev_unlock_bh(hdev);
2784eb41
JH		 1134 hci_dev_put(hdev);
1135 return err;
1136}
1137
96d97a67
WR		 1138static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1139 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1140{
1141 struct pending_cmd *cmd;
1142 int err;
1143
2e58ef3e 1144 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1145 sizeof(*cp));
1146 if (!cmd)
1147 return -ENOMEM;
1148
1149 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1150 &cp->bdaddr);
1151 if (err < 0)
1152 mgmt_pending_remove(cmd);
1153
1154 return err;
1155}
1156
4e51eae9
SJ		 1157static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1158 u16 len)
980e1a53
JH		 1159{
1160 struct hci_dev *hdev;
96d97a67 1161 struct hci_conn *conn;
980e1a53 1162 struct mgmt_cp_pin_code_reply *cp;
96d97a67 1163 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1164 struct hci_cp_pin_code_reply reply;
366a0336 1165 struct pending_cmd *cmd;
980e1a53
JH		 1166 int err;
1167
1168 BT_DBG("");
1169
1170 cp = (void *) data;
980e1a53 1171
bdce7baf
SJ		 1172 if (len != sizeof(*cp))
1173 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1174
4e51eae9 1175 hdev = hci_dev_get(index);
980e1a53 1176 if (!hdev)
4e51eae9 1177 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
980e1a53 1178
8c156c32 1179 hci_dev_lock_bh(hdev);
980e1a53
JH		 1180
1181 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1182 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
980e1a53
JH		 1183 goto failed;
1184 }
1185
96d97a67
WR		 1186 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1187 if (!conn) {
1188 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1189 goto failed;
1190 }
1191
1192 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1193 bacpy(&ncp.bdaddr, &cp->bdaddr);
1194
1195 BT_ERR("PIN code is not 16 bytes long");
1196
1197 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1198 if (err >= 0)
1199 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1200 EINVAL);
1201
1202 goto failed;
1203 }
1204
2e58ef3e 1205 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1206 if (!cmd) {
1207 err = -ENOMEM;
980e1a53 1208 goto failed;
366a0336 1209 }
980e1a53
JH		 1210
1211 bacpy(&reply.bdaddr, &cp->bdaddr);
1212 reply.pin_len = cp->pin_len;
24718ca5 1213 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1214
1215 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1216 if (err < 0)
a664b5bc 1217 mgmt_pending_remove(cmd);
980e1a53
JH		 1218
1219failed:
8c156c32 1220 hci_dev_unlock_bh(hdev);
980e1a53
JH		 1221 hci_dev_put(hdev);
1222
1223 return err;
1224}
1225
4e51eae9
SJ		 1226static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1227 u16 len)
980e1a53
JH		 1228{
1229 struct hci_dev *hdev;
1230 struct mgmt_cp_pin_code_neg_reply *cp;
980e1a53
JH		 1231 int err;
1232
1233 BT_DBG("");
1234
1235 cp = (void *) data;
980e1a53 1236
bdce7baf
SJ		 1237 if (len != sizeof(*cp))
1238 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1239 EINVAL);
1240
4e51eae9 1241 hdev = hci_dev_get(index);
980e1a53 1242 if (!hdev)
4e51eae9
SJ		 1243 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1244 ENODEV);
980e1a53 1245
8c156c32 1246 hci_dev_lock_bh(hdev);
980e1a53
JH		 1247
1248 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9
SJ		 1249 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1250 ENETDOWN);
980e1a53
JH		 1251 goto failed;
1252 }
1253
96d97a67 1254 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1255
1256failed:
8c156c32 1257 hci_dev_unlock_bh(hdev);
980e1a53
JH		 1258 hci_dev_put(hdev);
1259
1260 return err;
1261}
1262
4e51eae9
SJ		 1263static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1264 u16 len)
17fa4b9d
JH		 1265{
1266 struct hci_dev *hdev;
1267 struct mgmt_cp_set_io_capability *cp;
17fa4b9d
JH		 1268
1269 BT_DBG("");
1270
1271 cp = (void *) data;
17fa4b9d 1272
bdce7baf 1273 if (len != sizeof(*cp))
b8534e0f 1274 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
bdce7baf 1275
4e51eae9 1276 hdev = hci_dev_get(index);
17fa4b9d 1277 if (!hdev)
4e51eae9 1278 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
17fa4b9d 1279
8c156c32 1280 hci_dev_lock_bh(hdev);
17fa4b9d
JH		 1281
1282 hdev->io_capability = cp->io_capability;
1283
1284 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1285 hdev->io_capability);
17fa4b9d 1286
8c156c32 1287 hci_dev_unlock_bh(hdev);
17fa4b9d
JH		 1288 hci_dev_put(hdev);
1289
4e51eae9 1290 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1291}
1292
e9a416b5
JH		 1293static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1294{
1295 struct hci_dev *hdev = conn->hdev;
8035ded4 1296 struct pending_cmd *cmd;
e9a416b5 1297
2e58ef3e 1298 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1299 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1300 continue;
1301
e9a416b5
JH		 1302 if (cmd->user_data != conn)
1303 continue;
1304
1305 return cmd;
1306 }
1307
1308 return NULL;
1309}
1310
1311static void pairing_complete(struct pending_cmd *cmd, u8 status)
1312{
1313 struct mgmt_rp_pair_device rp;
1314 struct hci_conn *conn = cmd->user_data;
1315
e9a416b5
JH		 1316 bacpy(&rp.bdaddr, &conn->dst);
1317 rp.status = status;
1318
4e51eae9 1319 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1320
1321 /* So we don't get further callbacks for this connection */
1322 conn->connect_cfm_cb = NULL;
1323 conn->security_cfm_cb = NULL;
1324 conn->disconn_cfm_cb = NULL;
1325
1326 hci_conn_put(conn);
1327
a664b5bc 1328 mgmt_pending_remove(cmd);
e9a416b5
JH		 1329}
1330
1331static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1332{
1333 struct pending_cmd *cmd;
1334
1335 BT_DBG("status %u", status);
1336
1337 cmd = find_pairing(conn);
56e5cb86 1338 if (!cmd)
e9a416b5 1339 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1340 else
1341 pairing_complete(cmd, status);
e9a416b5
JH		 1342}
1343
4e51eae9 1344static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
e9a416b5
JH		 1345{
1346 struct hci_dev *hdev;
1347 struct mgmt_cp_pair_device *cp;
1348 struct pending_cmd *cmd;
7a512d01 1349 struct adv_entry *entry;
e9a416b5
JH		 1350 u8 sec_level, auth_type;
1351 struct hci_conn *conn;
e9a416b5
JH		 1352 int err;
1353
1354 BT_DBG("");
1355
1356 cp = (void *) data;
e9a416b5 1357
bdce7baf
SJ		 1358 if (len != sizeof(*cp))
1359 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1360
4e51eae9 1361 hdev = hci_dev_get(index);
e9a416b5 1362 if (!hdev)
4e51eae9 1363 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
e9a416b5 1364
8c156c32 1365 hci_dev_lock_bh(hdev);
e9a416b5 1366
c908df36
VCG		 1367 sec_level = BT_SECURITY_MEDIUM;
1368 if (cp->io_cap == 0x03)
e9a416b5 1369 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1370 else
e9a416b5 1371 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1372
7a512d01
VCG		 1373 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1374 if (entry)
1375 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1376 auth_type);
1377 else
1378 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1379 auth_type);
1380
30e76272
VT		 1381 if (IS_ERR(conn)) {
1382 err = PTR_ERR(conn);
e9a416b5
JH		 1383 goto unlock;
1384 }
1385
1386 if (conn->connect_cfm_cb) {
1387 hci_conn_put(conn);
4e51eae9 1388 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
e9a416b5
JH		 1389 goto unlock;
1390 }
1391
2e58ef3e 1392 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1393 if (!cmd) {
1394 err = -ENOMEM;
1395 hci_conn_put(conn);
1396 goto unlock;
1397 }
1398
7a512d01
VCG		 1399 /* For LE, just connecting isn't a proof that the pairing finished */
1400 if (!entry)
1401 conn->connect_cfm_cb = pairing_complete_cb;
1402
e9a416b5
JH		 1403 conn->security_cfm_cb = pairing_complete_cb;
1404 conn->disconn_cfm_cb = pairing_complete_cb;
1405 conn->io_capability = cp->io_cap;
1406 cmd->user_data = conn;
1407
1408 if (conn->state == BT_CONNECTED &&
1409 hci_conn_security(conn, sec_level, auth_type))
1410 pairing_complete(cmd, 0);
1411
1412 err = 0;
1413
1414unlock:
8c156c32 1415 hci_dev_unlock_bh(hdev);
e9a416b5
JH		 1416 hci_dev_put(hdev);
1417
1418 return err;
1419}
1420
4e51eae9
SJ		 1421static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1422 u16 len, int success)
a5c29683
JH		 1423{
1424 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
4e51eae9 1425 u16 mgmt_op, hci_op;
a5c29683
JH		 1426 struct pending_cmd *cmd;
1427 struct hci_dev *hdev;
1428 int err;
1429
1430 BT_DBG("");
1431
a5c29683
JH		 1432 if (success) {
1433 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1434 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1435 } else {
1436 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1437 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1438 }
1439
bdce7baf
SJ		 1440 if (len != sizeof(*cp))
1441 return cmd_status(sk, index, mgmt_op, EINVAL);
1442
4e51eae9 1443 hdev = hci_dev_get(index);
a5c29683 1444 if (!hdev)
4e51eae9 1445 return cmd_status(sk, index, mgmt_op, ENODEV);
a5c29683 1446
8c156c32 1447 hci_dev_lock_bh(hdev);
08ba5382 1448
a5c29683 1449 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1450 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
a5c29683
JH		 1451 goto failed;
1452 }
1453
2e58ef3e 1454 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
a5c29683
JH		 1455 if (!cmd) {
1456 err = -ENOMEM;
1457 goto failed;
1458 }
1459
1460 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
a664b5bc
JH		 1461 if (err < 0)
1462 mgmt_pending_remove(cmd);
a5c29683
JH		 1463
1464failed:
8c156c32 1465 hci_dev_unlock_bh(hdev);
a5c29683
JH		 1466 hci_dev_put(hdev);
1467
1468 return err;
1469}
1470
b312b161
JH		 1471static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1472 u16 len)
1473{
1474 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1475 struct hci_cp_write_local_name hci_cp;
1476 struct hci_dev *hdev;
1477 struct pending_cmd *cmd;
1478 int err;
1479
1480 BT_DBG("");
1481
1482 if (len != sizeof(*mgmt_cp))
1483 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1484
1485 hdev = hci_dev_get(index);
1486 if (!hdev)
1487 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1488
8c156c32 1489 hci_dev_lock_bh(hdev);
b312b161 1490
2e58ef3e 1491 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 1492 if (!cmd) {
1493 err = -ENOMEM;
1494 goto failed;
1495 }
1496
1497 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1498 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1499 &hci_cp);
1500 if (err < 0)
1501 mgmt_pending_remove(cmd);
1502
1503failed:
8c156c32 1504 hci_dev_unlock_bh(hdev);
b312b161
JH		 1505 hci_dev_put(hdev);
1506
1507 return err;
1508}
1509
c35938b2
SJ		 1510static int read_local_oob_data(struct sock *sk, u16 index)
1511{
1512 struct hci_dev *hdev;
1513 struct pending_cmd *cmd;
1514 int err;
1515
1516 BT_DBG("hci%u", index);
1517
1518 hdev = hci_dev_get(index);
1519 if (!hdev)
1520 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1521 ENODEV);
1522
8c156c32 1523 hci_dev_lock_bh(hdev);
c35938b2
SJ		 1524
1525 if (!test_bit(HCI_UP, &hdev->flags)) {
1526 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1527 ENETDOWN);
1528 goto unlock;
1529 }
1530
1531 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1532 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1533 EOPNOTSUPP);
1534 goto unlock;
1535 }
1536
2e58ef3e 1537 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
c35938b2
SJ		 1538 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1539 goto unlock;
1540 }
1541
2e58ef3e 1542 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1543 if (!cmd) {
1544 err = -ENOMEM;
1545 goto unlock;
1546 }
1547
1548 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1549 if (err < 0)
1550 mgmt_pending_remove(cmd);
1551
1552unlock:
8c156c32 1553 hci_dev_unlock_bh(hdev);
c35938b2
SJ		 1554 hci_dev_put(hdev);
1555
1556 return err;
1557}
1558
2763eda6
SJ		 1559static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1560 u16 len)
1561{
1562 struct hci_dev *hdev;
1563 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1564 int err;
1565
1566 BT_DBG("hci%u ", index);
1567
1568 if (len != sizeof(*cp))
1569 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1570 EINVAL);
1571
1572 hdev = hci_dev_get(index);
1573 if (!hdev)
1574 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1575 ENODEV);
1576
8c156c32 1577 hci_dev_lock_bh(hdev);
2763eda6
SJ		 1578
1579 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1580 cp->randomizer);
1581 if (err < 0)
1582 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1583 else
1584 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1585 0);
1586
8c156c32 1587 hci_dev_unlock_bh(hdev);
2763eda6
SJ		 1588 hci_dev_put(hdev);
1589
1590 return err;
1591}
1592
1593static int remove_remote_oob_data(struct sock *sk, u16 index,
1594 unsigned char *data, u16 len)
1595{
1596 struct hci_dev *hdev;
1597 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1598 int err;
1599
1600 BT_DBG("hci%u ", index);
1601
1602 if (len != sizeof(*cp))
1603 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1604 EINVAL);
1605
1606 hdev = hci_dev_get(index);
1607 if (!hdev)
1608 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1609 ENODEV);
1610
8c156c32 1611 hci_dev_lock_bh(hdev);
2763eda6
SJ		 1612
1613 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1614 if (err < 0)
1615 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1616 -err);
1617 else
1618 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1619 NULL, 0);
1620
8c156c32 1621 hci_dev_unlock_bh(hdev);
2763eda6
SJ		 1622 hci_dev_put(hdev);
1623
1624 return err;
1625}
1626
14a53664
JH		 1627static int start_discovery(struct sock *sk, u16 index)
1628{
14a53664
JH		 1629 struct pending_cmd *cmd;
1630 struct hci_dev *hdev;
1631 int err;
1632
1633 BT_DBG("hci%u", index);
1634
1635 hdev = hci_dev_get(index);
1636 if (!hdev)
1637 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1638
1639 hci_dev_lock_bh(hdev);
1640
bd2d1334
JH		 1641 if (!test_bit(HCI_UP, &hdev->flags)) {
1642 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1643 goto failed;
1644 }
1645
2e58ef3e 1646 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1647 if (!cmd) {
1648 err = -ENOMEM;
1649 goto failed;
1650 }
1651
2519a1fc 1652 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
14a53664
JH		 1653 if (err < 0)
1654 mgmt_pending_remove(cmd);
1655
1656failed:
1657 hci_dev_unlock_bh(hdev);
1658 hci_dev_put(hdev);
1659
1660 return err;
1661}
1662
1663static int stop_discovery(struct sock *sk, u16 index)
1664{
1665 struct hci_dev *hdev;
1666 struct pending_cmd *cmd;
1667 int err;
1668
1669 BT_DBG("hci%u", index);
1670
1671 hdev = hci_dev_get(index);
1672 if (!hdev)
1673 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1674
1675 hci_dev_lock_bh(hdev);
1676
2e58ef3e 1677 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1678 if (!cmd) {
1679 err = -ENOMEM;
1680 goto failed;
1681 }
1682
023d5049 1683 err = hci_cancel_inquiry(hdev);
14a53664
JH		 1684 if (err < 0)
1685 mgmt_pending_remove(cmd);
1686
1687failed:
1688 hci_dev_unlock_bh(hdev);
1689 hci_dev_put(hdev);
1690
1691 return err;
1692}
1693
7fbec224
AJ		 1694static int block_device(struct sock *sk, u16 index, unsigned char *data,
1695 u16 len)
1696{
1697 struct hci_dev *hdev;
5e762444 1698 struct mgmt_cp_block_device *cp = (void *) data;
7fbec224
AJ		 1699 int err;
1700
1701 BT_DBG("hci%u", index);
1702
7fbec224
AJ		 1703 if (len != sizeof(*cp))
1704 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1705 EINVAL);
1706
1707 hdev = hci_dev_get(index);
1708 if (!hdev)
1709 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1710 ENODEV);
1711
5e762444
AJ		 1712 hci_dev_lock_bh(hdev);
1713
7fbec224 1714 err = hci_blacklist_add(hdev, &cp->bdaddr);
7fbec224
AJ		 1715 if (err < 0)
1716 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1717 else
1718 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1719 NULL, 0);
5e762444 1720
5e762444 1721 hci_dev_unlock_bh(hdev);
7fbec224
AJ		 1722 hci_dev_put(hdev);
1723
1724 return err;
1725}
1726
1727static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1728 u16 len)
1729{
1730 struct hci_dev *hdev;
5e762444 1731 struct mgmt_cp_unblock_device *cp = (void *) data;
7fbec224
AJ		 1732 int err;
1733
1734 BT_DBG("hci%u", index);
1735
7fbec224
AJ		 1736 if (len != sizeof(*cp))
1737 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1738 EINVAL);
1739
1740 hdev = hci_dev_get(index);
1741 if (!hdev)
1742 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1743 ENODEV);
1744
5e762444
AJ		 1745 hci_dev_lock_bh(hdev);
1746
7fbec224
AJ		 1747 err = hci_blacklist_del(hdev, &cp->bdaddr);
1748
1749 if (err < 0)
1750 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1751 else
1752 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1753 NULL, 0);
5e762444 1754
5e762444 1755 hci_dev_unlock_bh(hdev);
7fbec224
AJ		 1756 hci_dev_put(hdev);
1757
1758 return err;
1759}
1760
f6422ec6
AJ		 1761static int set_fast_connectable(struct sock *sk, u16 index,
1762 unsigned char *data, u16 len)
1763{
1764 struct hci_dev *hdev;
1765 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1766 struct hci_cp_write_page_scan_activity acp;
1767 u8 type;
1768 int err;
1769
1770 BT_DBG("hci%u", index);
1771
1772 if (len != sizeof(*cp))
1773 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1774 EINVAL);
1775
1776 hdev = hci_dev_get(index);
1777 if (!hdev)
1778 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1779 ENODEV);
1780
1781 hci_dev_lock(hdev);
1782
1783 if (cp->enable) {
1784 type = PAGE_SCAN_TYPE_INTERLACED;
1785 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1786 } else {
1787 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1788 acp.interval = 0x0800; /* default 1.28 sec page scan */
1789 }
1790
1791 acp.window = 0x0012; /* default 11.25 msec page scan window */
1792
1793 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1794 sizeof(acp), &acp);
1795 if (err < 0) {
1796 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1797 -err);
1798 goto done;
1799 }
1800
1801 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1802 if (err < 0) {
1803 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1804 -err);
1805 goto done;
1806 }
1807
1808 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1809 NULL, 0);
1810done:
1811 hci_dev_unlock(hdev);
1812 hci_dev_put(hdev);
1813
1814 return err;
1815}
1816
0381101f
JH		 1817int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1818{
1819 unsigned char *buf;
1820 struct mgmt_hdr *hdr;
4e51eae9 1821 u16 opcode, index, len;
0381101f
JH		 1822 int err;
1823
1824 BT_DBG("got %zu bytes", msglen);
1825
1826 if (msglen < sizeof(*hdr))
1827 return -EINVAL;
1828
e63a15ec 1829 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 1830 if (!buf)
1831 return -ENOMEM;
1832
1833 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1834 err = -EFAULT;
1835 goto done;
1836 }
1837
1838 hdr = (struct mgmt_hdr *) buf;
1839 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 1840 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 1841 len = get_unaligned_le16(&hdr->len);
1842
1843 if (len != msglen - sizeof(*hdr)) {
1844 err = -EINVAL;
1845 goto done;
1846 }
1847
1848 switch (opcode) {
02d98129
JH		 1849 case MGMT_OP_READ_VERSION:
1850 err = read_version(sk);
1851 break;
faba42eb
JH		 1852 case MGMT_OP_READ_INDEX_LIST:
1853 err = read_index_list(sk);
1854 break;
f7b64e69 1855 case MGMT_OP_READ_INFO:
4e51eae9 1856 err = read_controller_info(sk, index);
f7b64e69 1857 break;
eec8d2bc 1858 case MGMT_OP_SET_POWERED:
4e51eae9 1859 err = set_powered(sk, index, buf + sizeof(*hdr), len);
eec8d2bc 1860 break;
73f22f62 1861 case MGMT_OP_SET_DISCOVERABLE:
4e51eae9 1862 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
73f22f62 1863 break;
9fbcbb45 1864 case MGMT_OP_SET_CONNECTABLE:
4e51eae9 1865 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
9fbcbb45 1866 break;
c542a06c 1867 case MGMT_OP_SET_PAIRABLE:
4e51eae9 1868 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
c542a06c 1869 break;
2aeb9a1a 1870 case MGMT_OP_ADD_UUID:
4e51eae9 1871 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a
JH		 1872 break;
1873 case MGMT_OP_REMOVE_UUID:
4e51eae9 1874 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a 1875 break;
1aff6f09 1876 case MGMT_OP_SET_DEV_CLASS:
4e51eae9 1877 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1aff6f09
JH		 1878 break;
1879 case MGMT_OP_SET_SERVICE_CACHE:
4e51eae9 1880 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1aff6f09 1881 break;
86742e1e
JH		 1882 case MGMT_OP_LOAD_LINK_KEYS:
1883 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 1884 break;
86742e1e
JH		 1885 case MGMT_OP_REMOVE_KEYS:
1886 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 1887 break;
8962ee74 1888 case MGMT_OP_DISCONNECT:
4e51eae9 1889 err = disconnect(sk, index, buf + sizeof(*hdr), len);
8962ee74 1890 break;
2784eb41 1891 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 1892 err = get_connections(sk, index);
2784eb41 1893 break;
980e1a53 1894 case MGMT_OP_PIN_CODE_REPLY:
4e51eae9 1895 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53
JH		 1896 break;
1897 case MGMT_OP_PIN_CODE_NEG_REPLY:
4e51eae9 1898 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53 1899 break;
17fa4b9d 1900 case MGMT_OP_SET_IO_CAPABILITY:
4e51eae9 1901 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
17fa4b9d 1902 break;
e9a416b5 1903 case MGMT_OP_PAIR_DEVICE:
4e51eae9 1904 err = pair_device(sk, index, buf + sizeof(*hdr), len);
e9a416b5 1905 break;
a5c29683 1906 case MGMT_OP_USER_CONFIRM_REPLY:
4e51eae9 1907 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
a5c29683
JH		 1908 break;
1909 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
4e51eae9 1910 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
a5c29683 1911 break;
b312b161
JH		 1912 case MGMT_OP_SET_LOCAL_NAME:
1913 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1914 break;
c35938b2
SJ		 1915 case MGMT_OP_READ_LOCAL_OOB_DATA:
1916 err = read_local_oob_data(sk, index);
1917 break;
2763eda6
SJ		 1918 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1919 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1920 break;
1921 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1922 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1923 len);
1924 break;
14a53664
JH		 1925 case MGMT_OP_START_DISCOVERY:
1926 err = start_discovery(sk, index);
1927 break;
1928 case MGMT_OP_STOP_DISCOVERY:
1929 err = stop_discovery(sk, index);
1930 break;
7fbec224
AJ		 1931 case MGMT_OP_BLOCK_DEVICE:
1932 err = block_device(sk, index, buf + sizeof(*hdr), len);
1933 break;
1934 case MGMT_OP_UNBLOCK_DEVICE:
1935 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1936 break;
f6422ec6
AJ		 1937 case MGMT_OP_SET_FAST_CONNECTABLE:
1938 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1939 len);
1940 break;
0381101f
JH		 1941 default:
1942 BT_DBG("Unknown op %u", opcode);
4e51eae9 1943 err = cmd_status(sk, index, opcode, 0x01);
0381101f
JH		 1944 break;
1945 }
1946
e41d8b4e
JH		 1947 if (err < 0)
1948 goto done;
1949
0381101f
JH		 1950 err = msglen;
1951
1952done:
1953 kfree(buf);
1954 return err;
1955}
c71e97bf 1956
b24752fe
JH		 1957static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1958{
1959 u8 *status = data;
1960
1961 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1962 mgmt_pending_remove(cmd);
1963}
1964
744cf19e 1965int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 1966{
744cf19e 1967 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 1968}
1969
744cf19e 1970int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 1971{
b24752fe
JH		 1972 u8 status = ENODEV;
1973
744cf19e 1974 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 1975
744cf19e 1976 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 1977}
1978
73f22f62 1979struct cmd_lookup {
72a734ec 1980 u8 val;
eec8d2bc
JH		 1981 struct sock *sk;
1982};
1983
72a734ec 1984static void mode_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 1985{
c68fb7ff 1986 struct mgmt_mode *cp = cmd->param;
73f22f62 1987 struct cmd_lookup *match = data;
eec8d2bc 1988
72a734ec 1989 if (cp->val != match->val)
eec8d2bc
JH		 1990 return;
1991
053f0211 1992 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
eec8d2bc
JH		 1993
1994 list_del(&cmd->list);
1995
1996 if (match->sk == NULL) {
1997 match->sk = cmd->sk;
1998 sock_hold(match->sk);
1999 }
2000
2001 mgmt_pending_free(cmd);
c71e97bf 2002}
5add6af8 2003
744cf19e 2004int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2005{
72a734ec 2006 struct mgmt_mode ev;
73f22f62 2007 struct cmd_lookup match = { powered, NULL };
eec8d2bc 2008 int ret;
5add6af8 2009
744cf19e 2010 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
5add6af8 2011
b24752fe
JH		 2012 if (!powered) {
2013 u8 status = ENETDOWN;
744cf19e 2014 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2015 }
2016
72a734ec 2017 ev.val = powered;
eec8d2bc 2018
744cf19e 2019 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
eec8d2bc
JH		 2020
2021 if (match.sk)
2022 sock_put(match.sk);
2023
2024 return ret;
5add6af8 2025}
73f22f62 2026
744cf19e 2027int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2028{
72a734ec 2029 struct mgmt_mode ev;
73f22f62
JH		 2030 struct cmd_lookup match = { discoverable, NULL };
2031 int ret;
2032
744cf19e 2033 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
72a734ec 2034
72a734ec 2035 ev.val = discoverable;
73f22f62 2036
744cf19e 2037 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
4e51eae9 2038 match.sk);
73f22f62
JH		 2039
2040 if (match.sk)
2041 sock_put(match.sk);
2042
2043 return ret;
2044}
9fbcbb45 2045
744cf19e 2046int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2047{
72a734ec 2048 struct mgmt_mode ev;
9fbcbb45
JH		 2049 struct cmd_lookup match = { connectable, NULL };
2050 int ret;
2051
744cf19e 2052 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
9fbcbb45 2053
72a734ec 2054 ev.val = connectable;
9fbcbb45 2055
744cf19e 2056 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2057
2058 if (match.sk)
2059 sock_put(match.sk);
2060
2061 return ret;
2062}
55ed8ca1 2063
744cf19e 2064int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58
JH		 2065{
2066 if (scan & SCAN_PAGE)
744cf19e 2067 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2d7cee58
JH		 2068 cmd_status_rsp, &status);
2069
2070 if (scan & SCAN_INQUIRY)
744cf19e 2071 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2d7cee58
JH		 2072 cmd_status_rsp, &status);
2073
2074 return 0;
2075}
2076
744cf19e
JH		 2077int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2078 u8 persistent)
55ed8ca1 2079{
86742e1e 2080 struct mgmt_ev_new_link_key ev;
55ed8ca1 2081
a492cd52 2082 memset(&ev, 0, sizeof(ev));
55ed8ca1 2083
a492cd52
VCG		 2084 ev.store_hint = persistent;
2085 bacpy(&ev.key.bdaddr, &key->bdaddr);
2086 ev.key.type = key->type;
2087 memcpy(ev.key.val, key->val, 16);
2088 ev.key.pin_len = key->pin_len;
55ed8ca1 2089
744cf19e 2090 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2091}
f7520543 2092
48264f06
JH		 2093int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2094 u8 addr_type)
f7520543 2095{
4c659c39 2096 struct mgmt_addr_info ev;
f7520543 2097
f7520543 2098 bacpy(&ev.bdaddr, bdaddr);
48264f06 2099 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2100
744cf19e 2101 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
f7520543
JH		 2102}
2103
8962ee74
JH		 2104static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2105{
c68fb7ff 2106 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2107 struct sock **sk = data;
a38528f1 2108 struct mgmt_rp_disconnect rp;
8962ee74 2109
a38528f1 2110 bacpy(&rp.bdaddr, &cp->bdaddr);
8962ee74 2111
4e51eae9 2112 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2113
2114 *sk = cmd->sk;
2115 sock_hold(*sk);
2116
a664b5bc 2117 mgmt_pending_remove(cmd);
8962ee74
JH		 2118}
2119
48264f06
JH		 2120int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2121 u8 addr_type)
f7520543 2122{
4c659c39 2123 struct mgmt_addr_info ev;
8962ee74
JH		 2124 struct sock *sk = NULL;
2125 int err;
2126
744cf19e 2127 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2128
f7520543 2129 bacpy(&ev.bdaddr, bdaddr);
48264f06 2130 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2131
744cf19e 2132 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 2133
2134 if (sk)
2135 sock_put(sk);
2136
2137 return err;
2138}
2139
744cf19e 2140int mgmt_disconnect_failed(struct hci_dev *hdev)
8962ee74
JH		 2141{
2142 struct pending_cmd *cmd;
2143 int err;
2144
2e58ef3e 2145 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2146 if (!cmd)
2147 return -ENOENT;
2148
744cf19e 2149 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
8962ee74 2150
a664b5bc 2151 mgmt_pending_remove(cmd);
8962ee74
JH		 2152
2153 return err;
f7520543 2154}
17d5c04c 2155
48264f06
JH		 2156int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2157 u8 addr_type, u8 status)
17d5c04c
JH		 2158{
2159 struct mgmt_ev_connect_failed ev;
2160
4c659c39 2161 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2162 ev.addr.type = link_to_mgmt(link_type, addr_type);
17d5c04c
JH		 2163 ev.status = status;
2164
744cf19e 2165 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2166}
980e1a53 2167
744cf19e 2168int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2169{
2170 struct mgmt_ev_pin_code_request ev;
2171
980e1a53 2172 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2173 ev.secure = secure;
980e1a53 2174
744cf19e 2175 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2176 NULL);
980e1a53
JH		 2177}
2178
744cf19e
JH		 2179int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2180 u8 status)
980e1a53
JH		 2181{
2182 struct pending_cmd *cmd;
ac56fb13 2183 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2184 int err;
2185
2e58ef3e 2186 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2187 if (!cmd)
2188 return -ENOENT;
2189
ac56fb13
JH		 2190 bacpy(&rp.bdaddr, bdaddr);
2191 rp.status = status;
2192
744cf19e 2193 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2194 sizeof(rp));
980e1a53 2195
a664b5bc 2196 mgmt_pending_remove(cmd);
980e1a53
JH		 2197
2198 return err;
2199}
2200
744cf19e
JH		 2201int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2202 u8 status)
980e1a53
JH		 2203{
2204 struct pending_cmd *cmd;
ac56fb13 2205 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2206 int err;
2207
2e58ef3e 2208 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2209 if (!cmd)
2210 return -ENOENT;
2211
ac56fb13
JH		 2212 bacpy(&rp.bdaddr, bdaddr);
2213 rp.status = status;
2214
744cf19e 2215 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2216 sizeof(rp));
980e1a53 2217
a664b5bc 2218 mgmt_pending_remove(cmd);
980e1a53
JH		 2219
2220 return err;
2221}
a5c29683 2222
744cf19e
JH		 2223int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2224 __le32 value, u8 confirm_hint)
a5c29683
JH		 2225{
2226 struct mgmt_ev_user_confirm_request ev;
2227
744cf19e 2228 BT_DBG("%s", hdev->name);
a5c29683 2229
a5c29683 2230 bacpy(&ev.bdaddr, bdaddr);
55bc1a37 2231 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2232 put_unaligned_le32(value, &ev.value);
2233
744cf19e 2234 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2235 NULL);
a5c29683
JH		 2236}
2237
744cf19e
JH		 2238static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2239 u8 status, u8 opcode)
a5c29683
JH		 2240{
2241 struct pending_cmd *cmd;
2242 struct mgmt_rp_user_confirm_reply rp;
2243 int err;
2244
2e58ef3e 2245 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2246 if (!cmd)
2247 return -ENOENT;
2248
a5c29683
JH		 2249 bacpy(&rp.bdaddr, bdaddr);
2250 rp.status = status;
744cf19e 2251 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2252
a664b5bc 2253 mgmt_pending_remove(cmd);
a5c29683
JH		 2254
2255 return err;
2256}
2257
744cf19e
JH		 2258int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2259 u8 status)
a5c29683 2260{
744cf19e 2261 return confirm_reply_complete(hdev, bdaddr, status,
a5c29683
JH		 2262 MGMT_OP_USER_CONFIRM_REPLY);
2263}
2264
744cf19e
JH		 2265int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2266 bdaddr_t *bdaddr, u8 status)
a5c29683 2267{
744cf19e 2268 return confirm_reply_complete(hdev, bdaddr, status,
a5c29683
JH		 2269 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2270}
2a611692 2271
744cf19e 2272int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2a611692
JH		 2273{
2274 struct mgmt_ev_auth_failed ev;
2275
2a611692
JH		 2276 bacpy(&ev.bdaddr, bdaddr);
2277 ev.status = status;
2278
744cf19e 2279 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2280}
b312b161 2281
744cf19e 2282int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2283{
2284 struct pending_cmd *cmd;
2285 struct mgmt_cp_set_local_name ev;
2286 int err;
2287
2288 memset(&ev, 0, sizeof(ev));
2289 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2290
2e58ef3e 2291 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2292 if (!cmd)
2293 goto send_event;
2294
2295 if (status) {
744cf19e
JH		 2296 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2297 EIO);
b312b161
JH		 2298 goto failed;
2299 }
2300
744cf19e 2301 update_eir(hdev);
80a1e1db 2302
744cf19e 2303 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2304 sizeof(ev));
2305 if (err < 0)
2306 goto failed;
2307
2308send_event:
744cf19e 2309 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2310 cmd ? cmd->sk : NULL);
2311
2312failed:
2313 if (cmd)
2314 mgmt_pending_remove(cmd);
2315 return err;
2316}
c35938b2 2317
744cf19e
JH		 2318int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2319 u8 *randomizer, u8 status)
c35938b2
SJ		 2320{
2321 struct pending_cmd *cmd;
2322 int err;
2323
744cf19e 2324 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2325
2e58ef3e 2326 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2327 if (!cmd)
2328 return -ENOENT;
2329
2330 if (status) {
744cf19e
JH		 2331 err = cmd_status(cmd->sk, hdev->id,
2332 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
c35938b2
SJ		 2333 } else {
2334 struct mgmt_rp_read_local_oob_data rp;
2335
2336 memcpy(rp.hash, hash, sizeof(rp.hash));
2337 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2338
744cf19e
JH		 2339 err = cmd_complete(cmd->sk, hdev->id,
2340 MGMT_OP_READ_LOCAL_OOB_DATA,
2341 &rp, sizeof(rp));
c35938b2
SJ		 2342 }
2343
2344 mgmt_pending_remove(cmd);
2345
2346 return err;
2347}
e17acd40 2348
48264f06
JH		 2349int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2350 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
e17acd40
JH		 2351{
2352 struct mgmt_ev_device_found ev;
2353
2354 memset(&ev, 0, sizeof(ev));
2355
4c659c39 2356 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2357 ev.addr.type = link_to_mgmt(link_type, addr_type);
e17acd40
JH		 2358 ev.rssi = rssi;
2359
2360 if (eir)
2361 memcpy(ev.eir, eir, sizeof(ev.eir));
2362
f8523598
AG		 2363 if (dev_class)
2364 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2365
744cf19e 2366 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
e17acd40 2367}
a88a9652 2368
744cf19e 2369int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
a88a9652
JH		 2370{
2371 struct mgmt_ev_remote_name ev;
2372
2373 memset(&ev, 0, sizeof(ev));
2374
2375 bacpy(&ev.bdaddr, bdaddr);
2376 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2377
744cf19e 2378 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
a88a9652 2379}
314b2381 2380
744cf19e 2381int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2382{
2383 struct pending_cmd *cmd;
2384 int err;
2385
2e58ef3e 2386 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 2387 if (!cmd)
2388 return -ENOENT;
2389
744cf19e 2390 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
164a6e78
JH		 2391 mgmt_pending_remove(cmd);
2392
2393 return err;
2394}
2395
744cf19e 2396int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 2397{
164a6e78
JH		 2398 struct pending_cmd *cmd;
2399
2400 if (discovering)
2e58ef3e 2401 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 2402 else
2e58ef3e 2403 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 2404
2405 if (cmd != NULL) {
744cf19e 2406 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 2407 mgmt_pending_remove(cmd);
2408 }
2409
744cf19e 2410 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 2411 sizeof(discovering), NULL);
2412}
5e762444 2413
744cf19e 2414int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2415{
2416 struct pending_cmd *cmd;
2417 struct mgmt_ev_device_blocked ev;
2418
2e58ef3e 2419 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444
AJ		 2420
2421 bacpy(&ev.bdaddr, bdaddr);
2422
744cf19e
JH		 2423 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2424 cmd ? cmd->sk : NULL);
5e762444
AJ		 2425}
2426
744cf19e 2427int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2428{
2429 struct pending_cmd *cmd;
2430 struct mgmt_ev_device_unblocked ev;
2431
2e58ef3e 2432 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444
AJ		 2433
2434 bacpy(&ev.bdaddr, bdaddr);
2435
744cf19e
JH		 2436 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2437 cmd ? cmd->sk : NULL);
5e762444 2438}
ubuntu-zesty-kernel mirror