]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:


18d593f23934db7ca19e7c5fa31102dcec57ac27
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
36
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 0
39
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 };
79
80 static const u16 mgmt_events[] = {
81 MGMT_EV_CONTROLLER_ERROR,
82 MGMT_EV_INDEX_ADDED,
83 MGMT_EV_INDEX_REMOVED,
84 MGMT_EV_NEW_SETTINGS,
85 MGMT_EV_CLASS_OF_DEV_CHANGED,
86 MGMT_EV_LOCAL_NAME_CHANGED,
87 MGMT_EV_NEW_LINK_KEY,
88 MGMT_EV_NEW_LONG_TERM_KEY,
89 MGMT_EV_DEVICE_CONNECTED,
90 MGMT_EV_DEVICE_DISCONNECTED,
91 MGMT_EV_CONNECT_FAILED,
92 MGMT_EV_PIN_CODE_REQUEST,
93 MGMT_EV_USER_CONFIRM_REQUEST,
94 MGMT_EV_USER_PASSKEY_REQUEST,
95 MGMT_EV_AUTH_FAILED,
96 MGMT_EV_DEVICE_FOUND,
97 MGMT_EV_DISCOVERING,
98 MGMT_EV_DEVICE_BLOCKED,
99 MGMT_EV_DEVICE_UNBLOCKED,
100 MGMT_EV_DEVICE_UNPAIRED,
101 };
102
103 /*
104 * These LE scan and inquiry parameters were chosen according to LE General
105 * Discovery Procedure specification.
106 */
107 #define LE_SCAN_TYPE 0x01
108 #define LE_SCAN_WIN 0x12
109 #define LE_SCAN_INT 0x12
110 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
111 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
112
113 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
114 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
115
116 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
117
118 struct pending_cmd {
119 struct list_head list;
120 u16 opcode;
121 int index;
122 void *param;
123 struct sock *sk;
124 void *user_data;
125 };
126
127 /* HCI to MGMT error code conversion table */
128 static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
135 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190 };
191
192 static u8 mgmt_status(u8 hci_status)
193 {
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198 }
199
200 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
201 {
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
205 int err;
206
207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
208
209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
215 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
216 hdr->index = cpu_to_le16(index);
217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
221 put_unaligned_le16(cmd, &ev->opcode);
222
223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
225 kfree_skb(skb);
226
227 return err;
228 }
229
230 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
231 void *rp, size_t rp_len)
232 {
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
236 int err;
237
238 BT_DBG("sock %p", sk);
239
240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
245
246 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
247 hdr->index = cpu_to_le16(index);
248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
249
250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
251 put_unaligned_le16(cmd, &ev->opcode);
252 ev->status = status;
253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
256
257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
259 kfree_skb(skb);
260
261 return err;;
262 }
263
264 static int read_version(struct sock *sk)
265 {
266 struct mgmt_rp_read_version rp;
267
268 BT_DBG("sock %p", sk);
269
270 rp.version = MGMT_VERSION;
271 put_unaligned_le16(MGMT_REVISION, &rp.revision);
272
273 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
274 sizeof(rp));
275 }
276
277 static int read_commands(struct sock *sk)
278 {
279 struct mgmt_rp_read_commands *rp;
280 u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 u16 num_events = ARRAY_SIZE(mgmt_events);
282 u16 *opcode;
283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
294 put_unaligned_le16(num_commands, &rp->num_commands);
295 put_unaligned_le16(num_events, &rp->num_events);
296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
304 rp_size);
305 kfree(rp);
306
307 return err;
308 }
309
310 static int read_index_list(struct sock *sk)
311 {
312 struct mgmt_rp_read_index_list *rp;
313 struct list_head *p;
314 struct hci_dev *d;
315 size_t rp_len;
316 u16 count;
317 int i, err;
318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
324 list_for_each(p, &hci_dev_list) {
325 count++;
326 }
327
328 rp_len = sizeof(*rp) + (2 * count);
329 rp = kmalloc(rp_len, GFP_ATOMIC);
330 if (!rp) {
331 read_unlock(&hci_dev_list_lock);
332 return -ENOMEM;
333 }
334
335 put_unaligned_le16(count, &rp->num_controllers);
336
337 i = 0;
338 list_for_each_entry(d, &hci_dev_list, list) {
339 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
340 cancel_delayed_work(&d->power_off);
341
342 if (test_bit(HCI_SETUP, &d->dev_flags))
343 continue;
344
345 put_unaligned_le16(d->id, &rp->index[i++]);
346 BT_DBG("Added hci%u", d->id);
347 }
348
349 read_unlock(&hci_dev_list_lock);
350
351 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
352 rp_len);
353
354 kfree(rp);
355
356 return err;
357 }
358
359 static u32 get_supported_settings(struct hci_dev *hdev)
360 {
361 u32 settings = 0;
362
363 settings |= MGMT_SETTING_POWERED;
364 settings |= MGMT_SETTING_CONNECTABLE;
365 settings |= MGMT_SETTING_FAST_CONNECTABLE;
366 settings |= MGMT_SETTING_DISCOVERABLE;
367 settings |= MGMT_SETTING_PAIRABLE;
368
369 if (hdev->features[6] & LMP_SIMPLE_PAIR)
370 settings |= MGMT_SETTING_SSP;
371
372 if (!(hdev->features[4] & LMP_NO_BREDR)) {
373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
375 }
376
377 if (hdev->features[4] & LMP_LE)
378 settings |= MGMT_SETTING_LE;
379
380 return settings;
381 }
382
383 static u32 get_current_settings(struct hci_dev *hdev)
384 {
385 u32 settings = 0;
386
387 if (test_bit(HCI_UP, &hdev->flags))
388 settings |= MGMT_SETTING_POWERED;
389 else
390 return settings;
391
392 if (test_bit(HCI_PSCAN, &hdev->flags))
393 settings |= MGMT_SETTING_CONNECTABLE;
394
395 if (test_bit(HCI_ISCAN, &hdev->flags))
396 settings |= MGMT_SETTING_DISCOVERABLE;
397
398 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
399 settings |= MGMT_SETTING_PAIRABLE;
400
401 if (!(hdev->features[4] & LMP_NO_BREDR))
402 settings |= MGMT_SETTING_BREDR;
403
404 if (hdev->host_features[0] & LMP_HOST_LE)
405 settings |= MGMT_SETTING_LE;
406
407 if (test_bit(HCI_AUTH, &hdev->flags))
408 settings |= MGMT_SETTING_LINK_SECURITY;
409
410 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
411 settings |= MGMT_SETTING_SSP;
412
413 return settings;
414 }
415
416 #define PNP_INFO_SVCLASS_ID 0x1200
417
418 static u8 bluetooth_base_uuid[] = {
419 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
420 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
421 };
422
423 static u16 get_uuid16(u8 *uuid128)
424 {
425 u32 val;
426 int i;
427
428 for (i = 0; i < 12; i++) {
429 if (bluetooth_base_uuid[i] != uuid128[i])
430 return 0;
431 }
432
433 memcpy(&val, &uuid128[12], 4);
434
435 val = le32_to_cpu(val);
436 if (val > 0xffff)
437 return 0;
438
439 return (u16) val;
440 }
441
442 static void create_eir(struct hci_dev *hdev, u8 *data)
443 {
444 u8 *ptr = data;
445 u16 eir_len = 0;
446 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
447 int i, truncated = 0;
448 struct bt_uuid *uuid;
449 size_t name_len;
450
451 name_len = strlen(hdev->dev_name);
452
453 if (name_len > 0) {
454 /* EIR Data type */
455 if (name_len > 48) {
456 name_len = 48;
457 ptr[1] = EIR_NAME_SHORT;
458 } else
459 ptr[1] = EIR_NAME_COMPLETE;
460
461 /* EIR Data length */
462 ptr[0] = name_len + 1;
463
464 memcpy(ptr + 2, hdev->dev_name, name_len);
465
466 eir_len += (name_len + 2);
467 ptr += (name_len + 2);
468 }
469
470 memset(uuid16_list, 0, sizeof(uuid16_list));
471
472 /* Group all UUID16 types */
473 list_for_each_entry(uuid, &hdev->uuids, list) {
474 u16 uuid16;
475
476 uuid16 = get_uuid16(uuid->uuid);
477 if (uuid16 == 0)
478 return;
479
480 if (uuid16 < 0x1100)
481 continue;
482
483 if (uuid16 == PNP_INFO_SVCLASS_ID)
484 continue;
485
486 /* Stop if not enough space to put next UUID */
487 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
488 truncated = 1;
489 break;
490 }
491
492 /* Check for duplicates */
493 for (i = 0; uuid16_list[i] != 0; i++)
494 if (uuid16_list[i] == uuid16)
495 break;
496
497 if (uuid16_list[i] == 0) {
498 uuid16_list[i] = uuid16;
499 eir_len += sizeof(u16);
500 }
501 }
502
503 if (uuid16_list[0] != 0) {
504 u8 *length = ptr;
505
506 /* EIR Data type */
507 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
508
509 ptr += 2;
510 eir_len += 2;
511
512 for (i = 0; uuid16_list[i] != 0; i++) {
513 *ptr++ = (uuid16_list[i] & 0x00ff);
514 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
515 }
516
517 /* EIR Data length */
518 *length = (i * sizeof(u16)) + 1;
519 }
520 }
521
522 static int update_eir(struct hci_dev *hdev)
523 {
524 struct hci_cp_write_eir cp;
525
526 if (!(hdev->features[6] & LMP_EXT_INQ))
527 return 0;
528
529 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
530 return 0;
531
532 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
533 return 0;
534
535 memset(&cp, 0, sizeof(cp));
536
537 create_eir(hdev, cp.data);
538
539 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
540 return 0;
541
542 memcpy(hdev->eir, cp.data, sizeof(cp.data));
543
544 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
545 }
546
547 static u8 get_service_classes(struct hci_dev *hdev)
548 {
549 struct bt_uuid *uuid;
550 u8 val = 0;
551
552 list_for_each_entry(uuid, &hdev->uuids, list)
553 val |= uuid->svc_hint;
554
555 return val;
556 }
557
558 static int update_class(struct hci_dev *hdev)
559 {
560 u8 cod[3];
561
562 BT_DBG("%s", hdev->name);
563
564 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
565 return 0;
566
567 cod[0] = hdev->minor_class;
568 cod[1] = hdev->major_class;
569 cod[2] = get_service_classes(hdev);
570
571 if (memcmp(cod, hdev->dev_class, 3) == 0)
572 return 0;
573
574 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
575 }
576
577 static void service_cache_off(struct work_struct *work)
578 {
579 struct hci_dev *hdev = container_of(work, struct hci_dev,
580 service_cache.work);
581
582 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
583 return;
584
585 hci_dev_lock(hdev);
586
587 update_eir(hdev);
588 update_class(hdev);
589
590 hci_dev_unlock(hdev);
591 }
592
593 static void mgmt_init_hdev(struct hci_dev *hdev)
594 {
595 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
596 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
597
598 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
599 schedule_delayed_work(&hdev->service_cache,
600 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
601 }
602
603 static int read_controller_info(struct sock *sk, u16 index)
604 {
605 struct mgmt_rp_read_info rp;
606 struct hci_dev *hdev;
607
608 BT_DBG("sock %p hci%u", sk, index);
609
610 hdev = hci_dev_get(index);
611 if (!hdev)
612 return cmd_status(sk, index, MGMT_OP_READ_INFO,
613 MGMT_STATUS_INVALID_PARAMS);
614
615 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
616 cancel_delayed_work_sync(&hdev->power_off);
617
618 hci_dev_lock(hdev);
619
620 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
621 mgmt_init_hdev(hdev);
622
623 memset(&rp, 0, sizeof(rp));
624
625 bacpy(&rp.bdaddr, &hdev->bdaddr);
626
627 rp.version = hdev->hci_ver;
628
629 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
630
631 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
632 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
633
634 memcpy(rp.dev_class, hdev->dev_class, 3);
635
636 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
637
638 hci_dev_unlock(hdev);
639 hci_dev_put(hdev);
640
641 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
642 }
643
644 static void mgmt_pending_free(struct pending_cmd *cmd)
645 {
646 sock_put(cmd->sk);
647 kfree(cmd->param);
648 kfree(cmd);
649 }
650
651 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
652 struct hci_dev *hdev,
653 void *data, u16 len)
654 {
655 struct pending_cmd *cmd;
656
657 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
658 if (!cmd)
659 return NULL;
660
661 cmd->opcode = opcode;
662 cmd->index = hdev->id;
663
664 cmd->param = kmalloc(len, GFP_ATOMIC);
665 if (!cmd->param) {
666 kfree(cmd);
667 return NULL;
668 }
669
670 if (data)
671 memcpy(cmd->param, data, len);
672
673 cmd->sk = sk;
674 sock_hold(sk);
675
676 list_add(&cmd->list, &hdev->mgmt_pending);
677
678 return cmd;
679 }
680
681 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
682 void (*cb)(struct pending_cmd *cmd, void *data),
683 void *data)
684 {
685 struct list_head *p, *n;
686
687 list_for_each_safe(p, n, &hdev->mgmt_pending) {
688 struct pending_cmd *cmd;
689
690 cmd = list_entry(p, struct pending_cmd, list);
691
692 if (opcode > 0 && cmd->opcode != opcode)
693 continue;
694
695 cb(cmd, data);
696 }
697 }
698
699 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
700 {
701 struct pending_cmd *cmd;
702
703 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
704 if (cmd->opcode == opcode)
705 return cmd;
706 }
707
708 return NULL;
709 }
710
711 static void mgmt_pending_remove(struct pending_cmd *cmd)
712 {
713 list_del(&cmd->list);
714 mgmt_pending_free(cmd);
715 }
716
717 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
718 {
719 __le32 settings = cpu_to_le32(get_current_settings(hdev));
720
721 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
722 sizeof(settings));
723 }
724
725 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
726 {
727 struct mgmt_mode *cp = data;
728 struct hci_dev *hdev;
729 struct pending_cmd *cmd;
730 int err, up;
731
732 BT_DBG("request for hci%u", index);
733
734 if (len != sizeof(*cp))
735 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
736 MGMT_STATUS_INVALID_PARAMS);
737
738 hdev = hci_dev_get(index);
739 if (!hdev)
740 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
741 MGMT_STATUS_INVALID_PARAMS);
742
743 hci_dev_lock(hdev);
744
745 up = test_bit(HCI_UP, &hdev->flags);
746 if ((cp->val && up) || (!cp->val && !up)) {
747 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
748 goto failed;
749 }
750
751 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
752 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
753 MGMT_STATUS_BUSY);
754 goto failed;
755 }
756
757 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
758 if (!cmd) {
759 err = -ENOMEM;
760 goto failed;
761 }
762
763 if (cp->val)
764 schedule_work(&hdev->power_on);
765 else
766 schedule_work(&hdev->power_off.work);
767
768 err = 0;
769
770 failed:
771 hci_dev_unlock(hdev);
772 hci_dev_put(hdev);
773 return err;
774 }
775
776 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
777 {
778 struct mgmt_cp_set_discoverable *cp = data;
779 struct hci_dev *hdev;
780 struct pending_cmd *cmd;
781 u8 scan;
782 int err;
783
784 BT_DBG("request for hci%u", index);
785
786 if (len != sizeof(*cp))
787 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
788 MGMT_STATUS_INVALID_PARAMS);
789
790 hdev = hci_dev_get(index);
791 if (!hdev)
792 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
793 MGMT_STATUS_INVALID_PARAMS);
794
795 hci_dev_lock(hdev);
796
797 if (!test_bit(HCI_UP, &hdev->flags)) {
798 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
799 MGMT_STATUS_NOT_POWERED);
800 goto failed;
801 }
802
803 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
804 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
805 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
806 MGMT_STATUS_BUSY);
807 goto failed;
808 }
809
810 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
811 test_bit(HCI_PSCAN, &hdev->flags)) {
812 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
813 goto failed;
814 }
815
816 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
817 if (!cmd) {
818 err = -ENOMEM;
819 goto failed;
820 }
821
822 scan = SCAN_PAGE;
823
824 if (cp->val)
825 scan |= SCAN_INQUIRY;
826 else
827 cancel_delayed_work(&hdev->discov_off);
828
829 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
830 if (err < 0)
831 mgmt_pending_remove(cmd);
832
833 if (cp->val)
834 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
835
836 failed:
837 hci_dev_unlock(hdev);
838 hci_dev_put(hdev);
839
840 return err;
841 }
842
843 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
844 {
845 struct mgmt_mode *cp = data;
846 struct hci_dev *hdev;
847 struct pending_cmd *cmd;
848 u8 scan;
849 int err;
850
851 BT_DBG("request for hci%u", index);
852
853 if (len != sizeof(*cp))
854 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
855 MGMT_STATUS_INVALID_PARAMS);
856
857 hdev = hci_dev_get(index);
858 if (!hdev)
859 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
860 MGMT_STATUS_INVALID_PARAMS);
861
862 hci_dev_lock(hdev);
863
864 if (!test_bit(HCI_UP, &hdev->flags)) {
865 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
866 MGMT_STATUS_NOT_POWERED);
867 goto failed;
868 }
869
870 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
871 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
872 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
873 MGMT_STATUS_BUSY);
874 goto failed;
875 }
876
877 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
878 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
879 goto failed;
880 }
881
882 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
883 if (!cmd) {
884 err = -ENOMEM;
885 goto failed;
886 }
887
888 if (cp->val)
889 scan = SCAN_PAGE;
890 else
891 scan = 0;
892
893 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
894 if (err < 0)
895 mgmt_pending_remove(cmd);
896
897 failed:
898 hci_dev_unlock(hdev);
899 hci_dev_put(hdev);
900
901 return err;
902 }
903
904 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
905 u16 data_len, struct sock *skip_sk)
906 {
907 struct sk_buff *skb;
908 struct mgmt_hdr *hdr;
909
910 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
911 if (!skb)
912 return -ENOMEM;
913
914 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
915
916 hdr = (void *) skb_put(skb, sizeof(*hdr));
917 hdr->opcode = cpu_to_le16(event);
918 if (hdev)
919 hdr->index = cpu_to_le16(hdev->id);
920 else
921 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
922 hdr->len = cpu_to_le16(data_len);
923
924 if (data)
925 memcpy(skb_put(skb, data_len), data, data_len);
926
927 hci_send_to_sock(NULL, skb, skip_sk);
928 kfree_skb(skb);
929
930 return 0;
931 }
932
933 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
934 {
935 struct mgmt_mode *cp = data;
936 struct hci_dev *hdev;
937 __le32 ev;
938 int err;
939
940 BT_DBG("request for hci%u", index);
941
942 if (len != sizeof(*cp))
943 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
944 MGMT_STATUS_INVALID_PARAMS);
945
946 hdev = hci_dev_get(index);
947 if (!hdev)
948 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
949 MGMT_STATUS_INVALID_PARAMS);
950
951 hci_dev_lock(hdev);
952
953 if (cp->val)
954 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
955 else
956 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
957
958 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
959 if (err < 0)
960 goto failed;
961
962 ev = cpu_to_le32(get_current_settings(hdev));
963
964 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
965
966 failed:
967 hci_dev_unlock(hdev);
968 hci_dev_put(hdev);
969
970 return err;
971 }
972
973 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
974 {
975 struct mgmt_mode *cp = data;
976 struct pending_cmd *cmd;
977 struct hci_dev *hdev;
978 uint8_t val;
979 int err;
980
981 BT_DBG("request for hci%u", index);
982
983 if (len != sizeof(*cp))
984 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
985 MGMT_STATUS_INVALID_PARAMS);
986
987 hdev = hci_dev_get(index);
988 if (!hdev)
989 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
990 MGMT_STATUS_INVALID_PARAMS);
991
992 hci_dev_lock(hdev);
993
994 if (!test_bit(HCI_UP, &hdev->flags)) {
995 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
996 MGMT_STATUS_NOT_POWERED);
997 goto failed;
998 }
999
1000 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1001 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1002 MGMT_STATUS_BUSY);
1003 goto failed;
1004 }
1005
1006 val = !!cp->val;
1007
1008 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1009 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1010 goto failed;
1011 }
1012
1013 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1014 if (!cmd) {
1015 err = -ENOMEM;
1016 goto failed;
1017 }
1018
1019 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1020 if (err < 0) {
1021 mgmt_pending_remove(cmd);
1022 goto failed;
1023 }
1024
1025 failed:
1026 hci_dev_unlock(hdev);
1027 hci_dev_put(hdev);
1028
1029 return err;
1030 }
1031
1032 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1033 {
1034 struct mgmt_mode *cp = data;
1035 struct pending_cmd *cmd;
1036 struct hci_dev *hdev;
1037 uint8_t val;
1038 int err;
1039
1040 BT_DBG("request for hci%u", index);
1041
1042 if (len != sizeof(*cp))
1043 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1044 MGMT_STATUS_INVALID_PARAMS);
1045
1046 hdev = hci_dev_get(index);
1047 if (!hdev)
1048 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1049 MGMT_STATUS_INVALID_PARAMS);
1050
1051 hci_dev_lock(hdev);
1052
1053 if (!test_bit(HCI_UP, &hdev->flags)) {
1054 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1055 MGMT_STATUS_NOT_POWERED);
1056 goto failed;
1057 }
1058
1059 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1060 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1061 goto failed;
1062 }
1063
1064 val = !!cp->val;
1065
1066 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1067 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1068 goto failed;
1069 }
1070
1071 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1072 if (!cmd) {
1073 err = -ENOMEM;
1074 goto failed;
1075 }
1076
1077 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1078 if (err < 0) {
1079 mgmt_pending_remove(cmd);
1080 goto failed;
1081 }
1082
1083 failed:
1084 hci_dev_unlock(hdev);
1085 hci_dev_put(hdev);
1086
1087 return err;
1088 }
1089
1090 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1091 {
1092 struct mgmt_cp_add_uuid *cp = data;
1093 struct hci_dev *hdev;
1094 struct bt_uuid *uuid;
1095 int err;
1096
1097 BT_DBG("request for hci%u", index);
1098
1099 if (len != sizeof(*cp))
1100 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1101 MGMT_STATUS_INVALID_PARAMS);
1102
1103 hdev = hci_dev_get(index);
1104 if (!hdev)
1105 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1106 MGMT_STATUS_INVALID_PARAMS);
1107
1108 hci_dev_lock(hdev);
1109
1110 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1111 if (!uuid) {
1112 err = -ENOMEM;
1113 goto failed;
1114 }
1115
1116 memcpy(uuid->uuid, cp->uuid, 16);
1117 uuid->svc_hint = cp->svc_hint;
1118
1119 list_add(&uuid->list, &hdev->uuids);
1120
1121 err = update_class(hdev);
1122 if (err < 0)
1123 goto failed;
1124
1125 err = update_eir(hdev);
1126 if (err < 0)
1127 goto failed;
1128
1129 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
1130
1131 failed:
1132 hci_dev_unlock(hdev);
1133 hci_dev_put(hdev);
1134
1135 return err;
1136 }
1137
1138 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1139 {
1140 struct mgmt_cp_remove_uuid *cp = data;
1141 struct list_head *p, *n;
1142 struct hci_dev *hdev;
1143 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1144 int err, found;
1145
1146 BT_DBG("request for hci%u", index);
1147
1148 if (len != sizeof(*cp))
1149 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1150 MGMT_STATUS_INVALID_PARAMS);
1151
1152 hdev = hci_dev_get(index);
1153 if (!hdev)
1154 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1155 MGMT_STATUS_INVALID_PARAMS);
1156
1157 hci_dev_lock(hdev);
1158
1159 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1160 err = hci_uuids_clear(hdev);
1161 goto unlock;
1162 }
1163
1164 found = 0;
1165
1166 list_for_each_safe(p, n, &hdev->uuids) {
1167 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1168
1169 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1170 continue;
1171
1172 list_del(&match->list);
1173 found++;
1174 }
1175
1176 if (found == 0) {
1177 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1178 MGMT_STATUS_INVALID_PARAMS);
1179 goto unlock;
1180 }
1181
1182 err = update_class(hdev);
1183 if (err < 0)
1184 goto unlock;
1185
1186 err = update_eir(hdev);
1187 if (err < 0)
1188 goto unlock;
1189
1190 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
1191
1192 unlock:
1193 hci_dev_unlock(hdev);
1194 hci_dev_put(hdev);
1195
1196 return err;
1197 }
1198
1199 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1200 {
1201 struct hci_dev *hdev;
1202 struct mgmt_cp_set_dev_class *cp = data;
1203 int err;
1204
1205 BT_DBG("request for hci%u", index);
1206
1207 if (len != sizeof(*cp))
1208 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1209 MGMT_STATUS_INVALID_PARAMS);
1210
1211 hdev = hci_dev_get(index);
1212 if (!hdev)
1213 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1214 MGMT_STATUS_INVALID_PARAMS);
1215
1216 hci_dev_lock(hdev);
1217
1218 hdev->major_class = cp->major;
1219 hdev->minor_class = cp->minor;
1220
1221 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1222 hci_dev_unlock(hdev);
1223 cancel_delayed_work_sync(&hdev->service_cache);
1224 hci_dev_lock(hdev);
1225 update_eir(hdev);
1226 }
1227
1228 err = update_class(hdev);
1229
1230 if (err == 0)
1231 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1232 NULL, 0);
1233
1234 hci_dev_unlock(hdev);
1235 hci_dev_put(hdev);
1236
1237 return err;
1238 }
1239
1240 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1241 {
1242 struct hci_dev *hdev;
1243 struct mgmt_cp_load_link_keys *cp = data;
1244 u16 key_count, expected_len;
1245 int i;
1246
1247 if (len < sizeof(*cp))
1248 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1249 MGMT_STATUS_INVALID_PARAMS);
1250
1251 key_count = get_unaligned_le16(&cp->key_count);
1252
1253 expected_len = sizeof(*cp) + key_count *
1254 sizeof(struct mgmt_link_key_info);
1255 if (expected_len != len) {
1256 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1257 len, expected_len);
1258 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1259 MGMT_STATUS_INVALID_PARAMS);
1260 }
1261
1262 hdev = hci_dev_get(index);
1263 if (!hdev)
1264 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1265 MGMT_STATUS_INVALID_PARAMS);
1266
1267 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1268 key_count);
1269
1270 hci_dev_lock(hdev);
1271
1272 hci_link_keys_clear(hdev);
1273
1274 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1275
1276 if (cp->debug_keys)
1277 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1278 else
1279 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1280
1281 for (i = 0; i < key_count; i++) {
1282 struct mgmt_link_key_info *key = &cp->keys[i];
1283
1284 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1285 key->type, key->pin_len);
1286 }
1287
1288 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1289
1290 hci_dev_unlock(hdev);
1291 hci_dev_put(hdev);
1292
1293 return 0;
1294 }
1295
1296 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1297 u8 addr_type, struct sock *skip_sk)
1298 {
1299 struct mgmt_ev_device_unpaired ev;
1300
1301 bacpy(&ev.addr.bdaddr, bdaddr);
1302 ev.addr.type = addr_type;
1303
1304 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1305 skip_sk);
1306 }
1307
1308 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1309 {
1310 struct hci_dev *hdev;
1311 struct mgmt_cp_unpair_device *cp = data;
1312 struct mgmt_rp_unpair_device rp;
1313 struct hci_cp_disconnect dc;
1314 struct pending_cmd *cmd;
1315 struct hci_conn *conn;
1316 u8 status = 0;
1317 int err;
1318
1319 if (len != sizeof(*cp))
1320 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1321 MGMT_STATUS_INVALID_PARAMS);
1322
1323 hdev = hci_dev_get(index);
1324 if (!hdev)
1325 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1326 MGMT_STATUS_INVALID_PARAMS);
1327
1328 hci_dev_lock(hdev);
1329
1330 memset(&rp, 0, sizeof(rp));
1331 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1332 rp.addr.type = cp->addr.type;
1333
1334 if (cp->addr.type == MGMT_ADDR_BREDR)
1335 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1336 else
1337 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1338
1339 if (err < 0) {
1340 status = MGMT_STATUS_NOT_PAIRED;
1341 goto unlock;
1342 }
1343
1344 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1345 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1346 &rp, sizeof(rp));
1347 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1348 goto unlock;
1349 }
1350
1351 if (cp->addr.type == MGMT_ADDR_BREDR)
1352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1353 &cp->addr.bdaddr);
1354 else
1355 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1356 &cp->addr.bdaddr);
1357
1358 if (!conn) {
1359 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1360 &rp, sizeof(rp));
1361 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1362 goto unlock;
1363 }
1364
1365 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1366 sizeof(*cp));
1367 if (!cmd) {
1368 err = -ENOMEM;
1369 goto unlock;
1370 }
1371
1372 put_unaligned_le16(conn->handle, &dc.handle);
1373 dc.reason = 0x13; /* Remote User Terminated Connection */
1374 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1375 if (err < 0)
1376 mgmt_pending_remove(cmd);
1377
1378 unlock:
1379 if (err < 0)
1380 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1381 &rp, sizeof(rp));
1382 hci_dev_unlock(hdev);
1383 hci_dev_put(hdev);
1384
1385 return err;
1386 }
1387
1388 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1389 {
1390 struct hci_dev *hdev;
1391 struct mgmt_cp_disconnect *cp = data;
1392 struct hci_cp_disconnect dc;
1393 struct pending_cmd *cmd;
1394 struct hci_conn *conn;
1395 int err;
1396
1397 BT_DBG("");
1398
1399 if (len != sizeof(*cp))
1400 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1401 MGMT_STATUS_INVALID_PARAMS);
1402
1403 hdev = hci_dev_get(index);
1404 if (!hdev)
1405 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1406 MGMT_STATUS_INVALID_PARAMS);
1407
1408 hci_dev_lock(hdev);
1409
1410 if (!test_bit(HCI_UP, &hdev->flags)) {
1411 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1412 MGMT_STATUS_NOT_POWERED);
1413 goto failed;
1414 }
1415
1416 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1417 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1418 MGMT_STATUS_BUSY);
1419 goto failed;
1420 }
1421
1422 if (cp->addr.type == MGMT_ADDR_BREDR)
1423 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1424 else
1425 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1426
1427 if (!conn) {
1428 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1429 MGMT_STATUS_NOT_CONNECTED);
1430 goto failed;
1431 }
1432
1433 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1434 if (!cmd) {
1435 err = -ENOMEM;
1436 goto failed;
1437 }
1438
1439 put_unaligned_le16(conn->handle, &dc.handle);
1440 dc.reason = 0x13; /* Remote User Terminated Connection */
1441
1442 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1443 if (err < 0)
1444 mgmt_pending_remove(cmd);
1445
1446 failed:
1447 hci_dev_unlock(hdev);
1448 hci_dev_put(hdev);
1449
1450 return err;
1451 }
1452
1453 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1454 {
1455 switch (link_type) {
1456 case LE_LINK:
1457 switch (addr_type) {
1458 case ADDR_LE_DEV_PUBLIC:
1459 return MGMT_ADDR_LE_PUBLIC;
1460 case ADDR_LE_DEV_RANDOM:
1461 return MGMT_ADDR_LE_RANDOM;
1462 default:
1463 return MGMT_ADDR_INVALID;
1464 }
1465 case ACL_LINK:
1466 return MGMT_ADDR_BREDR;
1467 default:
1468 return MGMT_ADDR_INVALID;
1469 }
1470 }
1471
1472 static int get_connections(struct sock *sk, u16 index)
1473 {
1474 struct mgmt_rp_get_connections *rp;
1475 struct hci_dev *hdev;
1476 struct hci_conn *c;
1477 size_t rp_len;
1478 u16 count;
1479 int i, err;
1480
1481 BT_DBG("");
1482
1483 hdev = hci_dev_get(index);
1484 if (!hdev)
1485 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1486 MGMT_STATUS_INVALID_PARAMS);
1487
1488 hci_dev_lock(hdev);
1489
1490 count = 0;
1491 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1492 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1493 count++;
1494 }
1495
1496 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1497 rp = kmalloc(rp_len, GFP_ATOMIC);
1498 if (!rp) {
1499 err = -ENOMEM;
1500 goto unlock;
1501 }
1502
1503 put_unaligned_le16(count, &rp->conn_count);
1504
1505 i = 0;
1506 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1507 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1508 continue;
1509 bacpy(&rp->addr[i].bdaddr, &c->dst);
1510 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1511 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1512 continue;
1513 i++;
1514 }
1515
1516 /* Recalculate length in case of filtered SCO connections, etc */
1517 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1518
1519 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
1520
1521 unlock:
1522 kfree(rp);
1523 hci_dev_unlock(hdev);
1524 hci_dev_put(hdev);
1525 return err;
1526 }
1527
1528 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1529 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1530 {
1531 struct pending_cmd *cmd;
1532 int err;
1533
1534 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1535 sizeof(*cp));
1536 if (!cmd)
1537 return -ENOMEM;
1538
1539 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1540 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1541 if (err < 0)
1542 mgmt_pending_remove(cmd);
1543
1544 return err;
1545 }
1546
1547 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1548 {
1549 struct hci_dev *hdev;
1550 struct hci_conn *conn;
1551 struct mgmt_cp_pin_code_reply *cp = data;
1552 struct hci_cp_pin_code_reply reply;
1553 struct pending_cmd *cmd;
1554 int err;
1555
1556 BT_DBG("");
1557
1558 if (len != sizeof(*cp))
1559 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1560 MGMT_STATUS_INVALID_PARAMS);
1561
1562 hdev = hci_dev_get(index);
1563 if (!hdev)
1564 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1565 MGMT_STATUS_INVALID_PARAMS);
1566
1567 hci_dev_lock(hdev);
1568
1569 if (!test_bit(HCI_UP, &hdev->flags)) {
1570 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1571 MGMT_STATUS_NOT_POWERED);
1572 goto failed;
1573 }
1574
1575 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1576 if (!conn) {
1577 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1578 MGMT_STATUS_NOT_CONNECTED);
1579 goto failed;
1580 }
1581
1582 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1583 struct mgmt_cp_pin_code_neg_reply ncp;
1584
1585 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1586
1587 BT_ERR("PIN code is not 16 bytes long");
1588
1589 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1590 if (err >= 0)
1591 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1592 MGMT_STATUS_INVALID_PARAMS);
1593
1594 goto failed;
1595 }
1596
1597 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1598 len);
1599 if (!cmd) {
1600 err = -ENOMEM;
1601 goto failed;
1602 }
1603
1604 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1605 reply.pin_len = cp->pin_len;
1606 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1607
1608 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1609 if (err < 0)
1610 mgmt_pending_remove(cmd);
1611
1612 failed:
1613 hci_dev_unlock(hdev);
1614 hci_dev_put(hdev);
1615
1616 return err;
1617 }
1618
1619 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1620 {
1621 struct hci_dev *hdev;
1622 struct mgmt_cp_pin_code_neg_reply *cp = data;
1623 int err;
1624
1625 BT_DBG("");
1626
1627 if (len != sizeof(*cp))
1628 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1629 MGMT_STATUS_INVALID_PARAMS);
1630
1631 hdev = hci_dev_get(index);
1632 if (!hdev)
1633 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1634 MGMT_STATUS_INVALID_PARAMS);
1635
1636 hci_dev_lock(hdev);
1637
1638 if (!test_bit(HCI_UP, &hdev->flags)) {
1639 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1640 MGMT_STATUS_NOT_POWERED);
1641 goto failed;
1642 }
1643
1644 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1645
1646 failed:
1647 hci_dev_unlock(hdev);
1648 hci_dev_put(hdev);
1649
1650 return err;
1651 }
1652
1653 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1654 {
1655 struct hci_dev *hdev;
1656 struct mgmt_cp_set_io_capability *cp = data;
1657
1658 BT_DBG("");
1659
1660 if (len != sizeof(*cp))
1661 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1662 MGMT_STATUS_INVALID_PARAMS);
1663
1664 hdev = hci_dev_get(index);
1665 if (!hdev)
1666 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1667 MGMT_STATUS_INVALID_PARAMS);
1668
1669 hci_dev_lock(hdev);
1670
1671 hdev->io_capability = cp->io_capability;
1672
1673 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1674 hdev->io_capability);
1675
1676 hci_dev_unlock(hdev);
1677 hci_dev_put(hdev);
1678
1679 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
1680 }
1681
1682 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1683 {
1684 struct hci_dev *hdev = conn->hdev;
1685 struct pending_cmd *cmd;
1686
1687 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1688 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1689 continue;
1690
1691 if (cmd->user_data != conn)
1692 continue;
1693
1694 return cmd;
1695 }
1696
1697 return NULL;
1698 }
1699
1700 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1701 {
1702 struct mgmt_rp_pair_device rp;
1703 struct hci_conn *conn = cmd->user_data;
1704
1705 bacpy(&rp.addr.bdaddr, &conn->dst);
1706 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1707
1708 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1709 &rp, sizeof(rp));
1710
1711 /* So we don't get further callbacks for this connection */
1712 conn->connect_cfm_cb = NULL;
1713 conn->security_cfm_cb = NULL;
1714 conn->disconn_cfm_cb = NULL;
1715
1716 hci_conn_put(conn);
1717
1718 mgmt_pending_remove(cmd);
1719 }
1720
1721 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1722 {
1723 struct pending_cmd *cmd;
1724
1725 BT_DBG("status %u", status);
1726
1727 cmd = find_pairing(conn);
1728 if (!cmd)
1729 BT_DBG("Unable to find a pending command");
1730 else
1731 pairing_complete(cmd, mgmt_status(status));
1732 }
1733
1734 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1735 {
1736 struct hci_dev *hdev;
1737 struct mgmt_cp_pair_device *cp = data;
1738 struct mgmt_rp_pair_device rp;
1739 struct pending_cmd *cmd;
1740 u8 sec_level, auth_type;
1741 struct hci_conn *conn;
1742 int err;
1743
1744 BT_DBG("");
1745
1746 if (len != sizeof(*cp))
1747 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1748 MGMT_STATUS_INVALID_PARAMS);
1749
1750 hdev = hci_dev_get(index);
1751 if (!hdev)
1752 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1753 MGMT_STATUS_INVALID_PARAMS);
1754
1755 hci_dev_lock(hdev);
1756
1757 sec_level = BT_SECURITY_MEDIUM;
1758 if (cp->io_cap == 0x03)
1759 auth_type = HCI_AT_DEDICATED_BONDING;
1760 else
1761 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1762
1763 if (cp->addr.type == MGMT_ADDR_BREDR)
1764 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1765 auth_type);
1766 else
1767 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1768 auth_type);
1769
1770 memset(&rp, 0, sizeof(rp));
1771 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1772 rp.addr.type = cp->addr.type;
1773
1774 if (IS_ERR(conn)) {
1775 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1776 MGMT_STATUS_CONNECT_FAILED,
1777 &rp, sizeof(rp));
1778 goto unlock;
1779 }
1780
1781 if (conn->connect_cfm_cb) {
1782 hci_conn_put(conn);
1783 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1784 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1785 goto unlock;
1786 }
1787
1788 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1789 if (!cmd) {
1790 err = -ENOMEM;
1791 hci_conn_put(conn);
1792 goto unlock;
1793 }
1794
1795 /* For LE, just connecting isn't a proof that the pairing finished */
1796 if (cp->addr.type == MGMT_ADDR_BREDR)
1797 conn->connect_cfm_cb = pairing_complete_cb;
1798
1799 conn->security_cfm_cb = pairing_complete_cb;
1800 conn->disconn_cfm_cb = pairing_complete_cb;
1801 conn->io_capability = cp->io_cap;
1802 cmd->user_data = conn;
1803
1804 if (conn->state == BT_CONNECTED &&
1805 hci_conn_security(conn, sec_level, auth_type))
1806 pairing_complete(cmd, 0);
1807
1808 err = 0;
1809
1810 unlock:
1811 hci_dev_unlock(hdev);
1812 hci_dev_put(hdev);
1813
1814 return err;
1815 }
1816
1817 static int cancel_pair_device(struct sock *sk, u16 index,
1818 unsigned char *data, u16 len)
1819 {
1820 struct mgmt_addr_info *addr = (void *) data;
1821 struct hci_dev *hdev;
1822 struct pending_cmd *cmd;
1823 struct hci_conn *conn;
1824 int err;
1825
1826 BT_DBG("");
1827
1828 if (len != sizeof(*addr))
1829 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1830 MGMT_STATUS_INVALID_PARAMS);
1831
1832 hdev = hci_dev_get(index);
1833 if (!hdev)
1834 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1835 MGMT_STATUS_INVALID_PARAMS);
1836
1837 hci_dev_lock(hdev);
1838
1839 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1840 if (!cmd) {
1841 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1842 MGMT_STATUS_INVALID_PARAMS);
1843 goto unlock;
1844 }
1845
1846 conn = cmd->user_data;
1847
1848 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1849 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1850 MGMT_STATUS_INVALID_PARAMS);
1851 goto unlock;
1852 }
1853
1854 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1855
1856 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
1857 sizeof(*addr));
1858 unlock:
1859 hci_dev_unlock(hdev);
1860 hci_dev_put(hdev);
1861
1862 return err;
1863 }
1864
1865 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1866 u8 type, u16 mgmt_op, u16 hci_op,
1867 __le32 passkey)
1868 {
1869 struct pending_cmd *cmd;
1870 struct hci_dev *hdev;
1871 struct hci_conn *conn;
1872 int err;
1873
1874 hdev = hci_dev_get(index);
1875 if (!hdev)
1876 return cmd_status(sk, index, mgmt_op,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
1879 hci_dev_lock(hdev);
1880
1881 if (!test_bit(HCI_UP, &hdev->flags)) {
1882 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1883 goto done;
1884 }
1885
1886 if (type == MGMT_ADDR_BREDR)
1887 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1888 else
1889 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1890
1891 if (!conn) {
1892 err = cmd_status(sk, index, mgmt_op,
1893 MGMT_STATUS_NOT_CONNECTED);
1894 goto done;
1895 }
1896
1897 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
1898 /* Continue with pairing via SMP */
1899 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1900
1901 if (!err)
1902 err = cmd_status(sk, index, mgmt_op,
1903 MGMT_STATUS_SUCCESS);
1904 else
1905 err = cmd_status(sk, index, mgmt_op,
1906 MGMT_STATUS_FAILED);
1907
1908 goto done;
1909 }
1910
1911 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1912 if (!cmd) {
1913 err = -ENOMEM;
1914 goto done;
1915 }
1916
1917 /* Continue with pairing via HCI */
1918 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1919 struct hci_cp_user_passkey_reply cp;
1920
1921 bacpy(&cp.bdaddr, bdaddr);
1922 cp.passkey = passkey;
1923 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1924 } else
1925 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1926
1927 if (err < 0)
1928 mgmt_pending_remove(cmd);
1929
1930 done:
1931 hci_dev_unlock(hdev);
1932 hci_dev_put(hdev);
1933
1934 return err;
1935 }
1936
1937 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1938 {
1939 struct mgmt_cp_user_confirm_reply *cp = data;
1940
1941 BT_DBG("");
1942
1943 if (len != sizeof(*cp))
1944 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1945 MGMT_STATUS_INVALID_PARAMS);
1946
1947 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1948 MGMT_OP_USER_CONFIRM_REPLY,
1949 HCI_OP_USER_CONFIRM_REPLY, 0);
1950 }
1951
1952 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1953 u16 len)
1954 {
1955 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1956
1957 BT_DBG("");
1958
1959 if (len != sizeof(*cp))
1960 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1961 MGMT_STATUS_INVALID_PARAMS);
1962
1963 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1964 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1965 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1966 }
1967
1968 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1969 {
1970 struct mgmt_cp_user_passkey_reply *cp = data;
1971
1972 BT_DBG("");
1973
1974 if (len != sizeof(*cp))
1975 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1976 EINVAL);
1977
1978 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1979 MGMT_OP_USER_PASSKEY_REPLY,
1980 HCI_OP_USER_PASSKEY_REPLY,
1981 cp->passkey);
1982 }
1983
1984 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1985 u16 len)
1986 {
1987 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1988
1989 BT_DBG("");
1990
1991 if (len != sizeof(*cp))
1992 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1993 EINVAL);
1994
1995 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1996 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1997 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1998 }
1999
2000 static int set_local_name(struct sock *sk, u16 index, void *data,
2001 u16 len)
2002 {
2003 struct mgmt_cp_set_local_name *mgmt_cp = data;
2004 struct hci_cp_write_local_name hci_cp;
2005 struct hci_dev *hdev;
2006 struct pending_cmd *cmd;
2007 int err;
2008
2009 BT_DBG("");
2010
2011 if (len != sizeof(*mgmt_cp))
2012 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2013 MGMT_STATUS_INVALID_PARAMS);
2014
2015 hdev = hci_dev_get(index);
2016 if (!hdev)
2017 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2018 MGMT_STATUS_INVALID_PARAMS);
2019
2020 hci_dev_lock(hdev);
2021
2022 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2023 len);
2024 if (!cmd) {
2025 err = -ENOMEM;
2026 goto failed;
2027 }
2028
2029 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2030 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2031 &hci_cp);
2032 if (err < 0)
2033 mgmt_pending_remove(cmd);
2034
2035 failed:
2036 hci_dev_unlock(hdev);
2037 hci_dev_put(hdev);
2038
2039 return err;
2040 }
2041
2042 static int read_local_oob_data(struct sock *sk, u16 index)
2043 {
2044 struct hci_dev *hdev;
2045 struct pending_cmd *cmd;
2046 int err;
2047
2048 BT_DBG("hci%u", index);
2049
2050 hdev = hci_dev_get(index);
2051 if (!hdev)
2052 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2053 MGMT_STATUS_INVALID_PARAMS);
2054
2055 hci_dev_lock(hdev);
2056
2057 if (!test_bit(HCI_UP, &hdev->flags)) {
2058 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2059 MGMT_STATUS_NOT_POWERED);
2060 goto unlock;
2061 }
2062
2063 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2064 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2065 MGMT_STATUS_NOT_SUPPORTED);
2066 goto unlock;
2067 }
2068
2069 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2070 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2071 MGMT_STATUS_BUSY);
2072 goto unlock;
2073 }
2074
2075 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2076 if (!cmd) {
2077 err = -ENOMEM;
2078 goto unlock;
2079 }
2080
2081 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2082 if (err < 0)
2083 mgmt_pending_remove(cmd);
2084
2085 unlock:
2086 hci_dev_unlock(hdev);
2087 hci_dev_put(hdev);
2088
2089 return err;
2090 }
2091
2092 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2093 u16 len)
2094 {
2095 struct hci_dev *hdev;
2096 struct mgmt_cp_add_remote_oob_data *cp = data;
2097 u8 status;
2098 int err;
2099
2100 BT_DBG("hci%u ", index);
2101
2102 if (len != sizeof(*cp))
2103 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2104 MGMT_STATUS_INVALID_PARAMS);
2105
2106 hdev = hci_dev_get(index);
2107 if (!hdev)
2108 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2109 MGMT_STATUS_INVALID_PARAMS,
2110 &cp->addr, sizeof(cp->addr));
2111
2112 hci_dev_lock(hdev);
2113
2114 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2115 cp->randomizer);
2116 if (err < 0)
2117 status = MGMT_STATUS_FAILED;
2118 else
2119 status = 0;
2120
2121 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2122 &cp->addr, sizeof(cp->addr));
2123
2124 hci_dev_unlock(hdev);
2125 hci_dev_put(hdev);
2126
2127 return err;
2128 }
2129
2130 static int remove_remote_oob_data(struct sock *sk, u16 index,
2131 void *data, u16 len)
2132 {
2133 struct hci_dev *hdev;
2134 struct mgmt_cp_remove_remote_oob_data *cp = data;
2135 u8 status;
2136 int err;
2137
2138 BT_DBG("hci%u ", index);
2139
2140 if (len != sizeof(*cp))
2141 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2142 MGMT_STATUS_INVALID_PARAMS);
2143
2144 hdev = hci_dev_get(index);
2145 if (!hdev)
2146 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2147 MGMT_STATUS_INVALID_PARAMS,
2148 &cp->addr, sizeof(cp->addr));
2149
2150 hci_dev_lock(hdev);
2151
2152 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2153 if (err < 0)
2154 status = MGMT_STATUS_INVALID_PARAMS;
2155 else
2156 status = 0;
2157
2158 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2159 &cp->addr, sizeof(cp->addr));
2160
2161 hci_dev_unlock(hdev);
2162 hci_dev_put(hdev);
2163
2164 return err;
2165 }
2166
2167 static int discovery(struct hci_dev *hdev)
2168 {
2169 int err;
2170
2171 if (lmp_host_le_capable(hdev)) {
2172 if (lmp_bredr_capable(hdev)) {
2173 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2174 LE_SCAN_INT, LE_SCAN_WIN,
2175 LE_SCAN_TIMEOUT_BREDR_LE);
2176 } else {
2177 hdev->discovery.type = DISCOV_TYPE_LE;
2178 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2179 LE_SCAN_INT, LE_SCAN_WIN,
2180 LE_SCAN_TIMEOUT_LE_ONLY);
2181 }
2182 } else {
2183 hdev->discovery.type = DISCOV_TYPE_BREDR;
2184 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2185 }
2186
2187 return err;
2188 }
2189
2190 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2191 {
2192 int err;
2193
2194 BT_DBG("%s", hdev->name);
2195
2196 hci_dev_lock(hdev);
2197
2198 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2199 if (err < 0)
2200 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2201
2202 hci_dev_unlock(hdev);
2203
2204 return err;
2205 }
2206
2207 static int start_discovery(struct sock *sk, u16 index,
2208 void *data, u16 len)
2209 {
2210 struct mgmt_cp_start_discovery *cp = data;
2211 struct pending_cmd *cmd;
2212 struct hci_dev *hdev;
2213 int err;
2214
2215 BT_DBG("hci%u", index);
2216
2217 if (len != sizeof(*cp))
2218 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2219 MGMT_STATUS_INVALID_PARAMS);
2220
2221 hdev = hci_dev_get(index);
2222 if (!hdev)
2223 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2224 MGMT_STATUS_INVALID_PARAMS);
2225
2226 hci_dev_lock(hdev);
2227
2228 if (!test_bit(HCI_UP, &hdev->flags)) {
2229 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2230 MGMT_STATUS_NOT_POWERED);
2231 goto failed;
2232 }
2233
2234 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2235 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2236 MGMT_STATUS_BUSY);
2237 goto failed;
2238 }
2239
2240 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2241 if (!cmd) {
2242 err = -ENOMEM;
2243 goto failed;
2244 }
2245
2246 hdev->discovery.type = cp->type;
2247
2248 switch (hdev->discovery.type) {
2249 case DISCOV_TYPE_BREDR:
2250 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2251 break;
2252
2253 case DISCOV_TYPE_LE:
2254 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2255 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2256 break;
2257
2258 case DISCOV_TYPE_INTERLEAVED:
2259 err = discovery(hdev);
2260 break;
2261
2262 default:
2263 err = -EINVAL;
2264 }
2265
2266 if (err < 0)
2267 mgmt_pending_remove(cmd);
2268 else
2269 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2270
2271 failed:
2272 hci_dev_unlock(hdev);
2273 hci_dev_put(hdev);
2274
2275 return err;
2276 }
2277
2278 static int stop_discovery(struct sock *sk, u16 index)
2279 {
2280 struct hci_dev *hdev;
2281 struct pending_cmd *cmd;
2282 struct hci_cp_remote_name_req_cancel cp;
2283 struct inquiry_entry *e;
2284 int err;
2285
2286 BT_DBG("hci%u", index);
2287
2288 hdev = hci_dev_get(index);
2289 if (!hdev)
2290 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2291 MGMT_STATUS_INVALID_PARAMS);
2292
2293 hci_dev_lock(hdev);
2294
2295 if (!hci_discovery_active(hdev)) {
2296 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2297 MGMT_STATUS_REJECTED);
2298 goto unlock;
2299 }
2300
2301 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2302 if (!cmd) {
2303 err = -ENOMEM;
2304 goto unlock;
2305 }
2306
2307 if (hdev->discovery.state == DISCOVERY_FINDING) {
2308 err = hci_cancel_inquiry(hdev);
2309 if (err < 0)
2310 mgmt_pending_remove(cmd);
2311 else
2312 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2313 goto unlock;
2314 }
2315
2316 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2317 if (!e) {
2318 mgmt_pending_remove(cmd);
2319 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
2320 NULL, 0);
2321 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2322 goto unlock;
2323 }
2324
2325 bacpy(&cp.bdaddr, &e->data.bdaddr);
2326 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2327 sizeof(cp), &cp);
2328 if (err < 0)
2329 mgmt_pending_remove(cmd);
2330 else
2331 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2332
2333 unlock:
2334 hci_dev_unlock(hdev);
2335 hci_dev_put(hdev);
2336
2337 return err;
2338 }
2339
2340 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2341 {
2342 struct mgmt_cp_confirm_name *cp = data;
2343 struct inquiry_entry *e;
2344 struct hci_dev *hdev;
2345 int err;
2346
2347 BT_DBG("hci%u", index);
2348
2349 if (len != sizeof(*cp))
2350 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2351 MGMT_STATUS_INVALID_PARAMS);
2352
2353 hdev = hci_dev_get(index);
2354 if (!hdev)
2355 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2356 MGMT_STATUS_INVALID_PARAMS);
2357
2358 hci_dev_lock(hdev);
2359
2360 if (!hci_discovery_active(hdev)) {
2361 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2362 MGMT_STATUS_FAILED);
2363 goto failed;
2364 }
2365
2366 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2367 if (!e) {
2368 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2369 MGMT_STATUS_INVALID_PARAMS);
2370 goto failed;
2371 }
2372
2373 if (cp->name_known) {
2374 e->name_state = NAME_KNOWN;
2375 list_del(&e->list);
2376 } else {
2377 e->name_state = NAME_NEEDED;
2378 hci_inquiry_cache_update_resolve(hdev, e);
2379 }
2380
2381 err = 0;
2382
2383 failed:
2384 hci_dev_unlock(hdev);
2385
2386 return err;
2387 }
2388
2389 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2390 {
2391 struct hci_dev *hdev;
2392 struct mgmt_cp_block_device *cp = data;
2393 u8 status;
2394 int err;
2395
2396 BT_DBG("hci%u", index);
2397
2398 if (len != sizeof(*cp))
2399 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2400 MGMT_STATUS_INVALID_PARAMS);
2401
2402 hdev = hci_dev_get(index);
2403 if (!hdev)
2404 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2405 MGMT_STATUS_INVALID_PARAMS,
2406 &cp->addr, sizeof(cp->addr));
2407
2408 hci_dev_lock(hdev);
2409
2410 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2411 if (err < 0)
2412 status = MGMT_STATUS_FAILED;
2413 else
2414 status = 0;
2415
2416 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2417 &cp->addr, sizeof(cp->addr));
2418
2419 hci_dev_unlock(hdev);
2420 hci_dev_put(hdev);
2421
2422 return err;
2423 }
2424
2425 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2426 {
2427 struct hci_dev *hdev;
2428 struct mgmt_cp_unblock_device *cp = data;
2429 u8 status;
2430 int err;
2431
2432 BT_DBG("hci%u", index);
2433
2434 if (len != sizeof(*cp))
2435 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2436 MGMT_STATUS_INVALID_PARAMS);
2437
2438 hdev = hci_dev_get(index);
2439 if (!hdev)
2440 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2441 MGMT_STATUS_INVALID_PARAMS,
2442 &cp->addr, sizeof(cp->addr));
2443
2444 hci_dev_lock(hdev);
2445
2446 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2447 if (err < 0)
2448 status = MGMT_STATUS_INVALID_PARAMS;
2449 else
2450 status = 0;
2451
2452 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2453 &cp->addr, sizeof(cp->addr));
2454
2455 hci_dev_unlock(hdev);
2456 hci_dev_put(hdev);
2457
2458 return err;
2459 }
2460
2461 static int set_fast_connectable(struct sock *sk, u16 index,
2462 void *data, u16 len)
2463 {
2464 struct hci_dev *hdev;
2465 struct mgmt_mode *cp = data;
2466 struct hci_cp_write_page_scan_activity acp;
2467 u8 type;
2468 int err;
2469
2470 BT_DBG("hci%u", index);
2471
2472 if (len != sizeof(*cp))
2473 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2474 MGMT_STATUS_INVALID_PARAMS);
2475
2476 hdev = hci_dev_get(index);
2477 if (!hdev)
2478 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2479 MGMT_STATUS_INVALID_PARAMS);
2480
2481 hci_dev_lock(hdev);
2482
2483 if (cp->val) {
2484 type = PAGE_SCAN_TYPE_INTERLACED;
2485 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2486 } else {
2487 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2488 acp.interval = 0x0800; /* default 1.28 sec page scan */
2489 }
2490
2491 acp.window = 0x0012; /* default 11.25 msec page scan window */
2492
2493 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2494 sizeof(acp), &acp);
2495 if (err < 0) {
2496 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2497 MGMT_STATUS_FAILED);
2498 goto done;
2499 }
2500
2501 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2502 if (err < 0) {
2503 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2504 MGMT_STATUS_FAILED);
2505 goto done;
2506 }
2507
2508 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2509 NULL, 0);
2510 done:
2511 hci_dev_unlock(hdev);
2512 hci_dev_put(hdev);
2513
2514 return err;
2515 }
2516
2517 static int load_long_term_keys(struct sock *sk, u16 index,
2518 void *cp_data, u16 len)
2519 {
2520 struct hci_dev *hdev;
2521 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2522 u16 key_count, expected_len;
2523 int i;
2524
2525 if (len < sizeof(*cp))
2526 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2527 EINVAL);
2528
2529 key_count = get_unaligned_le16(&cp->key_count);
2530
2531 expected_len = sizeof(*cp) + key_count *
2532 sizeof(struct mgmt_ltk_info);
2533 if (expected_len != len) {
2534 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2535 len, expected_len);
2536 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2537 EINVAL);
2538 }
2539
2540 hdev = hci_dev_get(index);
2541 if (!hdev)
2542 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2543 ENODEV);
2544
2545 BT_DBG("hci%u key_count %u", index, key_count);
2546
2547 hci_dev_lock(hdev);
2548
2549 hci_smp_ltks_clear(hdev);
2550
2551 for (i = 0; i < key_count; i++) {
2552 struct mgmt_ltk_info *key = &cp->keys[i];
2553 u8 type;
2554
2555 if (key->master)
2556 type = HCI_SMP_LTK;
2557 else
2558 type = HCI_SMP_LTK_SLAVE;
2559
2560 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2561 type, 0, key->authenticated, key->val,
2562 key->enc_size, key->ediv, key->rand);
2563 }
2564
2565 hci_dev_unlock(hdev);
2566 hci_dev_put(hdev);
2567
2568 return 0;
2569 }
2570
2571 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2572 {
2573 void *buf;
2574 u8 *cp;
2575 struct mgmt_hdr *hdr;
2576 u16 opcode, index, len;
2577 int err;
2578
2579 BT_DBG("got %zu bytes", msglen);
2580
2581 if (msglen < sizeof(*hdr))
2582 return -EINVAL;
2583
2584 buf = kmalloc(msglen, GFP_KERNEL);
2585 if (!buf)
2586 return -ENOMEM;
2587
2588 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2589 err = -EFAULT;
2590 goto done;
2591 }
2592
2593 hdr = buf;
2594 opcode = get_unaligned_le16(&hdr->opcode);
2595 index = get_unaligned_le16(&hdr->index);
2596 len = get_unaligned_le16(&hdr->len);
2597
2598 if (len != msglen - sizeof(*hdr)) {
2599 err = -EINVAL;
2600 goto done;
2601 }
2602
2603 cp = buf + sizeof(*hdr);
2604
2605 switch (opcode) {
2606 case MGMT_OP_READ_VERSION:
2607 err = read_version(sk);
2608 break;
2609 case MGMT_OP_READ_COMMANDS:
2610 err = read_commands(sk);
2611 break;
2612 case MGMT_OP_READ_INDEX_LIST:
2613 err = read_index_list(sk);
2614 break;
2615 case MGMT_OP_READ_INFO:
2616 err = read_controller_info(sk, index);
2617 break;
2618 case MGMT_OP_SET_POWERED:
2619 err = set_powered(sk, index, cp, len);
2620 break;
2621 case MGMT_OP_SET_DISCOVERABLE:
2622 err = set_discoverable(sk, index, cp, len);
2623 break;
2624 case MGMT_OP_SET_CONNECTABLE:
2625 err = set_connectable(sk, index, cp, len);
2626 break;
2627 case MGMT_OP_SET_FAST_CONNECTABLE:
2628 err = set_fast_connectable(sk, index, cp, len);
2629 break;
2630 case MGMT_OP_SET_PAIRABLE:
2631 err = set_pairable(sk, index, cp, len);
2632 break;
2633 case MGMT_OP_SET_LINK_SECURITY:
2634 err = set_link_security(sk, index, cp, len);
2635 break;
2636 case MGMT_OP_SET_SSP:
2637 err = set_ssp(sk, index, cp, len);
2638 break;
2639 case MGMT_OP_ADD_UUID:
2640 err = add_uuid(sk, index, cp, len);
2641 break;
2642 case MGMT_OP_REMOVE_UUID:
2643 err = remove_uuid(sk, index, cp, len);
2644 break;
2645 case MGMT_OP_SET_DEV_CLASS:
2646 err = set_dev_class(sk, index, cp, len);
2647 break;
2648 case MGMT_OP_LOAD_LINK_KEYS:
2649 err = load_link_keys(sk, index, cp, len);
2650 break;
2651 case MGMT_OP_DISCONNECT:
2652 err = disconnect(sk, index, cp, len);
2653 break;
2654 case MGMT_OP_GET_CONNECTIONS:
2655 err = get_connections(sk, index);
2656 break;
2657 case MGMT_OP_PIN_CODE_REPLY:
2658 err = pin_code_reply(sk, index, cp, len);
2659 break;
2660 case MGMT_OP_PIN_CODE_NEG_REPLY:
2661 err = pin_code_neg_reply(sk, index, cp, len);
2662 break;
2663 case MGMT_OP_SET_IO_CAPABILITY:
2664 err = set_io_capability(sk, index, cp, len);
2665 break;
2666 case MGMT_OP_PAIR_DEVICE:
2667 err = pair_device(sk, index, cp, len);
2668 break;
2669 case MGMT_OP_CANCEL_PAIR_DEVICE:
2670 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2671 break;
2672 case MGMT_OP_UNPAIR_DEVICE:
2673 err = unpair_device(sk, index, cp, len);
2674 break;
2675 case MGMT_OP_USER_CONFIRM_REPLY:
2676 err = user_confirm_reply(sk, index, cp, len);
2677 break;
2678 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2679 err = user_confirm_neg_reply(sk, index, cp, len);
2680 break;
2681 case MGMT_OP_USER_PASSKEY_REPLY:
2682 err = user_passkey_reply(sk, index, cp, len);
2683 break;
2684 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2685 err = user_passkey_neg_reply(sk, index, cp, len);
2686 break;
2687 case MGMT_OP_SET_LOCAL_NAME:
2688 err = set_local_name(sk, index, cp, len);
2689 break;
2690 case MGMT_OP_READ_LOCAL_OOB_DATA:
2691 err = read_local_oob_data(sk, index);
2692 break;
2693 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2694 err = add_remote_oob_data(sk, index, cp, len);
2695 break;
2696 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2697 err = remove_remote_oob_data(sk, index, cp, len);
2698 break;
2699 case MGMT_OP_START_DISCOVERY:
2700 err = start_discovery(sk, index, cp, len);
2701 break;
2702 case MGMT_OP_STOP_DISCOVERY:
2703 err = stop_discovery(sk, index);
2704 break;
2705 case MGMT_OP_CONFIRM_NAME:
2706 err = confirm_name(sk, index, cp, len);
2707 break;
2708 case MGMT_OP_BLOCK_DEVICE:
2709 err = block_device(sk, index, cp, len);
2710 break;
2711 case MGMT_OP_UNBLOCK_DEVICE:
2712 err = unblock_device(sk, index, cp, len);
2713 break;
2714 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2715 err = load_long_term_keys(sk, index, cp, len);
2716 break;
2717 default:
2718 BT_DBG("Unknown op %u", opcode);
2719 err = cmd_status(sk, index, opcode,
2720 MGMT_STATUS_UNKNOWN_COMMAND);
2721 break;
2722 }
2723
2724 if (err < 0)
2725 goto done;
2726
2727 err = msglen;
2728
2729 done:
2730 kfree(buf);
2731 return err;
2732 }
2733
2734 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2735 {
2736 u8 *status = data;
2737
2738 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2739 mgmt_pending_remove(cmd);
2740 }
2741
2742 int mgmt_index_added(struct hci_dev *hdev)
2743 {
2744 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2745 }
2746
2747 int mgmt_index_removed(struct hci_dev *hdev)
2748 {
2749 u8 status = ENODEV;
2750
2751 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2752
2753 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2754 }
2755
2756 struct cmd_lookup {
2757 struct sock *sk;
2758 struct hci_dev *hdev;
2759 };
2760
2761 static void settings_rsp(struct pending_cmd *cmd, void *data)
2762 {
2763 struct cmd_lookup *match = data;
2764
2765 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2766
2767 list_del(&cmd->list);
2768
2769 if (match->sk == NULL) {
2770 match->sk = cmd->sk;
2771 sock_hold(match->sk);
2772 }
2773
2774 mgmt_pending_free(cmd);
2775 }
2776
2777 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2778 {
2779 struct cmd_lookup match = { NULL, hdev };
2780 __le32 ev;
2781 int err;
2782
2783 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2784
2785 if (!powered) {
2786 u8 status = ENETDOWN;
2787 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2788 }
2789
2790 ev = cpu_to_le32(get_current_settings(hdev));
2791
2792 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2793 match.sk);
2794
2795 if (match.sk)
2796 sock_put(match.sk);
2797
2798 return err;
2799 }
2800
2801 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2802 {
2803 struct cmd_lookup match = { NULL, hdev };
2804 __le32 ev;
2805 int err;
2806
2807 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2808
2809 ev = cpu_to_le32(get_current_settings(hdev));
2810
2811 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2812 match.sk);
2813 if (match.sk)
2814 sock_put(match.sk);
2815
2816 return err;
2817 }
2818
2819 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2820 {
2821 __le32 ev;
2822 struct cmd_lookup match = { NULL, hdev };
2823 int err;
2824
2825 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2826 &match);
2827
2828 ev = cpu_to_le32(get_current_settings(hdev));
2829
2830 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2831
2832 if (match.sk)
2833 sock_put(match.sk);
2834
2835 return err;
2836 }
2837
2838 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2839 {
2840 u8 mgmt_err = mgmt_status(status);
2841
2842 if (scan & SCAN_PAGE)
2843 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2844 cmd_status_rsp, &mgmt_err);
2845
2846 if (scan & SCAN_INQUIRY)
2847 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2848 cmd_status_rsp, &mgmt_err);
2849
2850 return 0;
2851 }
2852
2853 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2854 u8 persistent)
2855 {
2856 struct mgmt_ev_new_link_key ev;
2857
2858 memset(&ev, 0, sizeof(ev));
2859
2860 ev.store_hint = persistent;
2861 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2862 ev.key.addr.type = MGMT_ADDR_BREDR;
2863 ev.key.type = key->type;
2864 memcpy(ev.key.val, key->val, 16);
2865 ev.key.pin_len = key->pin_len;
2866
2867 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2868 }
2869
2870 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2871 {
2872 struct mgmt_ev_new_long_term_key ev;
2873
2874 memset(&ev, 0, sizeof(ev));
2875
2876 ev.store_hint = persistent;
2877 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2878 ev.key.addr.type = key->bdaddr_type;
2879 ev.key.authenticated = key->authenticated;
2880 ev.key.enc_size = key->enc_size;
2881 ev.key.ediv = key->ediv;
2882
2883 if (key->type == HCI_SMP_LTK)
2884 ev.key.master = 1;
2885
2886 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2887 memcpy(ev.key.val, key->val, sizeof(key->val));
2888
2889 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2890 &ev, sizeof(ev), NULL);
2891 }
2892
2893 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2894 u8 addr_type, u8 *name, u8 name_len,
2895 u8 *dev_class)
2896 {
2897 char buf[512];
2898 struct mgmt_ev_device_connected *ev = (void *) buf;
2899 u16 eir_len = 0;
2900
2901 bacpy(&ev->addr.bdaddr, bdaddr);
2902 ev->addr.type = link_to_mgmt(link_type, addr_type);
2903
2904 if (name_len > 0)
2905 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2906 name, name_len);
2907
2908 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2909 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2910 EIR_CLASS_OF_DEV, dev_class, 3);
2911
2912 put_unaligned_le16(eir_len, &ev->eir_len);
2913
2914 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2915 sizeof(*ev) + eir_len, NULL);
2916 }
2917
2918 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2919 {
2920 struct mgmt_cp_disconnect *cp = cmd->param;
2921 struct sock **sk = data;
2922 struct mgmt_rp_disconnect rp;
2923
2924 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2925 rp.addr.type = cp->addr.type;
2926
2927 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2928 sizeof(rp));
2929
2930 *sk = cmd->sk;
2931 sock_hold(*sk);
2932
2933 mgmt_pending_remove(cmd);
2934 }
2935
2936 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2937 {
2938 struct hci_dev *hdev = data;
2939 struct mgmt_cp_unpair_device *cp = cmd->param;
2940 struct mgmt_rp_unpair_device rp;
2941
2942 memset(&rp, 0, sizeof(rp));
2943 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2944 rp.addr.type = cp->addr.type;
2945
2946 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2947
2948 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
2949
2950 mgmt_pending_remove(cmd);
2951 }
2952
2953 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2954 u8 link_type, u8 addr_type)
2955 {
2956 struct mgmt_addr_info ev;
2957 struct sock *sk = NULL;
2958 int err;
2959
2960 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2961
2962 bacpy(&ev.bdaddr, bdaddr);
2963 ev.type = link_to_mgmt(link_type, addr_type);
2964
2965 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2966 sk);
2967
2968 if (sk)
2969 sock_put(sk);
2970
2971 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2972 hdev);
2973
2974 return err;
2975 }
2976
2977 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2978 u8 link_type, u8 addr_type, u8 status)
2979 {
2980 struct mgmt_rp_disconnect rp;
2981 struct pending_cmd *cmd;
2982 int err;
2983
2984 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2985 if (!cmd)
2986 return -ENOENT;
2987
2988 bacpy(&rp.addr.bdaddr, bdaddr);
2989 rp.addr.type = link_to_mgmt(link_type, addr_type);
2990
2991 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2992 mgmt_status(status), &rp, sizeof(rp));
2993
2994 mgmt_pending_remove(cmd);
2995
2996 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2997 hdev);
2998 return err;
2999 }
3000
3001 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3002 u8 addr_type, u8 status)
3003 {
3004 struct mgmt_ev_connect_failed ev;
3005
3006 bacpy(&ev.addr.bdaddr, bdaddr);
3007 ev.addr.type = link_to_mgmt(link_type, addr_type);
3008 ev.status = mgmt_status(status);
3009
3010 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3011 }
3012
3013 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3014 {
3015 struct mgmt_ev_pin_code_request ev;
3016
3017 bacpy(&ev.addr.bdaddr, bdaddr);
3018 ev.addr.type = MGMT_ADDR_BREDR;
3019 ev.secure = secure;
3020
3021 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3022 NULL);
3023 }
3024
3025 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3026 u8 status)
3027 {
3028 struct pending_cmd *cmd;
3029 struct mgmt_rp_pin_code_reply rp;
3030 int err;
3031
3032 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3033 if (!cmd)
3034 return -ENOENT;
3035
3036 bacpy(&rp.addr.bdaddr, bdaddr);
3037 rp.addr.type = MGMT_ADDR_BREDR;
3038
3039 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3040 mgmt_status(status), &rp, sizeof(rp));
3041
3042 mgmt_pending_remove(cmd);
3043
3044 return err;
3045 }
3046
3047 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3048 u8 status)
3049 {
3050 struct pending_cmd *cmd;
3051 struct mgmt_rp_pin_code_reply rp;
3052 int err;
3053
3054 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3055 if (!cmd)
3056 return -ENOENT;
3057
3058 bacpy(&rp.addr.bdaddr, bdaddr);
3059 rp.addr.type = MGMT_ADDR_BREDR;
3060
3061 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3062 mgmt_status(status), &rp, sizeof(rp));
3063
3064 mgmt_pending_remove(cmd);
3065
3066 return err;
3067 }
3068
3069 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3070 u8 link_type, u8 addr_type, __le32 value,
3071 u8 confirm_hint)
3072 {
3073 struct mgmt_ev_user_confirm_request ev;
3074
3075 BT_DBG("%s", hdev->name);
3076
3077 bacpy(&ev.addr.bdaddr, bdaddr);
3078 ev.addr.type = link_to_mgmt(link_type, addr_type);
3079 ev.confirm_hint = confirm_hint;
3080 put_unaligned_le32(value, &ev.value);
3081
3082 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3083 NULL);
3084 }
3085
3086 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3087 u8 link_type, u8 addr_type)
3088 {
3089 struct mgmt_ev_user_passkey_request ev;
3090
3091 BT_DBG("%s", hdev->name);
3092
3093 bacpy(&ev.addr.bdaddr, bdaddr);
3094 ev.addr.type = link_to_mgmt(link_type, addr_type);
3095
3096 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3097 NULL);
3098 }
3099
3100 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3101 u8 link_type, u8 addr_type, u8 status,
3102 u8 opcode)
3103 {
3104 struct pending_cmd *cmd;
3105 struct mgmt_rp_user_confirm_reply rp;
3106 int err;
3107
3108 cmd = mgmt_pending_find(opcode, hdev);
3109 if (!cmd)
3110 return -ENOENT;
3111
3112 bacpy(&rp.addr.bdaddr, bdaddr);
3113 rp.addr.type = link_to_mgmt(link_type, addr_type);
3114 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3115 &rp, sizeof(rp));
3116
3117 mgmt_pending_remove(cmd);
3118
3119 return err;
3120 }
3121
3122 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3123 u8 link_type, u8 addr_type, u8 status)
3124 {
3125 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3126 status, MGMT_OP_USER_CONFIRM_REPLY);
3127 }
3128
3129 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3130 u8 link_type, u8 addr_type, u8 status)
3131 {
3132 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3133 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3134 }
3135
3136 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3137 u8 link_type, u8 addr_type, u8 status)
3138 {
3139 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3140 status, MGMT_OP_USER_PASSKEY_REPLY);
3141 }
3142
3143 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3144 u8 link_type, u8 addr_type, u8 status)
3145 {
3146 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3147 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3148 }
3149
3150 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3151 u8 addr_type, u8 status)
3152 {
3153 struct mgmt_ev_auth_failed ev;
3154
3155 bacpy(&ev.addr.bdaddr, bdaddr);
3156 ev.addr.type = link_to_mgmt(link_type, addr_type);
3157 ev.status = mgmt_status(status);
3158
3159 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3160 }
3161
3162 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3163 {
3164 struct cmd_lookup match = { NULL, hdev };
3165 __le32 ev;
3166 int err;
3167
3168 if (status) {
3169 u8 mgmt_err = mgmt_status(status);
3170 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3171 cmd_status_rsp, &mgmt_err);
3172 return 0;
3173 }
3174
3175 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3176 &match);
3177
3178 ev = cpu_to_le32(get_current_settings(hdev));
3179 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3180
3181 if (match.sk)
3182 sock_put(match.sk);
3183
3184 return err;
3185 }
3186
3187 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3188 {
3189 struct cmd_lookup match = { NULL, hdev };
3190 __le32 ev;
3191 int err;
3192
3193 if (status) {
3194 u8 mgmt_err = mgmt_status(status);
3195 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3196 cmd_status_rsp, &mgmt_err);
3197 return 0;
3198 }
3199
3200 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3201
3202 ev = cpu_to_le32(get_current_settings(hdev));
3203 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3204
3205 if (match.sk)
3206 sock_put(match.sk);
3207
3208 return err;
3209 }
3210
3211 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3212 {
3213 struct pending_cmd *cmd;
3214 struct mgmt_cp_set_local_name ev;
3215 int err;
3216
3217 memset(&ev, 0, sizeof(ev));
3218 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3219
3220 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3221 if (!cmd)
3222 goto send_event;
3223
3224 if (status) {
3225 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3226 mgmt_status(status));
3227 goto failed;
3228 }
3229
3230 update_eir(hdev);
3231
3232 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3233 sizeof(ev));
3234 if (err < 0)
3235 goto failed;
3236
3237 send_event:
3238 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3239 cmd ? cmd->sk : NULL);
3240
3241 failed:
3242 if (cmd)
3243 mgmt_pending_remove(cmd);
3244 return err;
3245 }
3246
3247 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3248 u8 *randomizer, u8 status)
3249 {
3250 struct pending_cmd *cmd;
3251 int err;
3252
3253 BT_DBG("%s status %u", hdev->name, status);
3254
3255 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3256 if (!cmd)
3257 return -ENOENT;
3258
3259 if (status) {
3260 err = cmd_status(cmd->sk, hdev->id,
3261 MGMT_OP_READ_LOCAL_OOB_DATA,
3262 mgmt_status(status));
3263 } else {
3264 struct mgmt_rp_read_local_oob_data rp;
3265
3266 memcpy(rp.hash, hash, sizeof(rp.hash));
3267 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3268
3269 err = cmd_complete(cmd->sk, hdev->id,
3270 MGMT_OP_READ_LOCAL_OOB_DATA,
3271 0, &rp, sizeof(rp));
3272 }
3273
3274 mgmt_pending_remove(cmd);
3275
3276 return err;
3277 }
3278
3279 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3280 u8 addr_type, u8 *dev_class, s8 rssi,
3281 u8 cfm_name, u8 *eir, u16 eir_len)
3282 {
3283 char buf[512];
3284 struct mgmt_ev_device_found *ev = (void *) buf;
3285 size_t ev_size;
3286
3287 /* Leave 5 bytes for a potential CoD field */
3288 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3289 return -EINVAL;
3290
3291 memset(buf, 0, sizeof(buf));
3292
3293 bacpy(&ev->addr.bdaddr, bdaddr);
3294 ev->addr.type = link_to_mgmt(link_type, addr_type);
3295 ev->rssi = rssi;
3296 ev->confirm_name = cfm_name;
3297
3298 if (eir_len > 0)
3299 memcpy(ev->eir, eir, eir_len);
3300
3301 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3302 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3303 dev_class, 3);
3304
3305 put_unaligned_le16(eir_len, &ev->eir_len);
3306
3307 ev_size = sizeof(*ev) + eir_len;
3308
3309 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3310 }
3311
3312 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3313 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3314 {
3315 struct mgmt_ev_device_found *ev;
3316 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3317 u16 eir_len;
3318
3319 ev = (struct mgmt_ev_device_found *) buf;
3320
3321 memset(buf, 0, sizeof(buf));
3322
3323 bacpy(&ev->addr.bdaddr, bdaddr);
3324 ev->addr.type = link_to_mgmt(link_type, addr_type);
3325 ev->rssi = rssi;
3326
3327 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3328 name_len);
3329
3330 put_unaligned_le16(eir_len, &ev->eir_len);
3331
3332 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3333 sizeof(*ev) + eir_len, NULL);
3334 }
3335
3336 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3337 {
3338 struct pending_cmd *cmd;
3339 u8 type;
3340 int err;
3341
3342 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3343
3344 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3345 if (!cmd)
3346 return -ENOENT;
3347
3348 type = hdev->discovery.type;
3349
3350 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3351 &type, sizeof(type));
3352 mgmt_pending_remove(cmd);
3353
3354 return err;
3355 }
3356
3357 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3358 {
3359 struct pending_cmd *cmd;
3360 int err;
3361
3362 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3363 if (!cmd)
3364 return -ENOENT;
3365
3366 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3367 mgmt_pending_remove(cmd);
3368
3369 return err;
3370 }
3371
3372 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3373 {
3374 struct pending_cmd *cmd;
3375
3376 BT_DBG("%s discovering %u", hdev->name, discovering);
3377
3378 if (discovering)
3379 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3380 else
3381 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3382
3383 if (cmd != NULL) {
3384 u8 type = hdev->discovery.type;
3385
3386 if (discovering)
3387 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3388 &type, sizeof(type));
3389 else
3390 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
3391 NULL, 0);
3392 mgmt_pending_remove(cmd);
3393 }
3394
3395 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
3396 sizeof(discovering), NULL);
3397 }
3398
3399 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3400 {
3401 struct pending_cmd *cmd;
3402 struct mgmt_ev_device_blocked ev;
3403
3404 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3405
3406 bacpy(&ev.addr.bdaddr, bdaddr);
3407 ev.addr.type = type;
3408
3409 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3410 cmd ? cmd->sk : NULL);
3411 }
3412
3413 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3414 {
3415 struct pending_cmd *cmd;
3416 struct mgmt_ev_device_unblocked ev;
3417
3418 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3419
3420 bacpy(&ev.addr.bdaddr, bdaddr);
3421 ev.addr.type = type;
3422
3423 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3424 cmd ? cmd->sk : NULL);
3425 }
ubuntu-zesty-kernel mirror