projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix mgmt_pair_device imediate error responses
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
72359753 25#include <linux/uaccess.h>
0381101f
JH		 26#include <asm/unaligned.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/mgmt.h>
31
02d98129
JH		 32#define MGMT_VERSION 0
33#define MGMT_REVISION 1
34
2519a1fc
AG		 35#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
36
eec8d2bc
JH		 37struct pending_cmd {
38 struct list_head list;
fc2f4b13 39 u16 opcode;
eec8d2bc 40 int index;
c68fb7ff 41 void *param;
eec8d2bc 42 struct sock *sk;
e9a416b5 43 void *user_data;
eec8d2bc
JH		 44};
45
4e51eae9 46static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 47{
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
56b7d137 51 int err;
f7b64e69 52
34eb525c 53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 54
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
56 if (!skb)
57 return -ENOMEM;
58
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
60
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 62 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 63 hdr->len = cpu_to_le16(sizeof(*ev));
64
65 ev = (void *) skb_put(skb, sizeof(*ev));
66 ev->status = status;
67 put_unaligned_le16(cmd, &ev->opcode);
68
56b7d137
GP		 69 err = sock_queue_rcv_skb(sk, skb);
70 if (err < 0)
f7b64e69
JH		 71 kfree_skb(skb);
72
56b7d137 73 return err;
f7b64e69
JH		 74}
75
4e51eae9
SJ		 76static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
77 size_t rp_len)
02d98129
JH		 78{
79 struct sk_buff *skb;
80 struct mgmt_hdr *hdr;
81 struct mgmt_ev_cmd_complete *ev;
56b7d137 82 int err;
02d98129
JH		 83
84 BT_DBG("sock %p", sk);
85
a38528f1 86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 87 if (!skb)
88 return -ENOMEM;
89
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 91
a38528f1 92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 93 hdr->index = cpu_to_le16(index);
a38528f1 94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 95
a38528f1
JH		 96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 98
99 if (rp)
100 memcpy(ev->data, rp, rp_len);
02d98129 101
56b7d137
GP		 102 err = sock_queue_rcv_skb(sk, skb);
103 if (err < 0)
02d98129
JH		 104 kfree_skb(skb);
105
56b7d137 106 return err;;
02d98129
JH		 107}
108
a38528f1
JH		 109static int read_version(struct sock *sk)
110{
111 struct mgmt_rp_read_version rp;
112
113 BT_DBG("sock %p", sk);
114
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
117
4e51eae9
SJ		 118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
119 sizeof(rp));
a38528f1
JH		 120}
121
faba42eb
JH		 122static int read_index_list(struct sock *sk)
123{
faba42eb
JH		 124 struct mgmt_rp_read_index_list *rp;
125 struct list_head *p;
8035ded4 126 struct hci_dev *d;
a38528f1 127 size_t rp_len;
faba42eb 128 u16 count;
a38528f1 129 int i, err;
faba42eb
JH		 130
131 BT_DBG("sock %p", sk);
132
133 read_lock(&hci_dev_list_lock);
134
135 count = 0;
136 list_for_each(p, &hci_dev_list) {
137 count++;
138 }
139
a38528f1
JH		 140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
142 if (!rp) {
b2c60d42 143 read_unlock(&hci_dev_list_lock);
faba42eb 144 return -ENOMEM;
b2c60d42 145 }
faba42eb 146
faba42eb
JH		 147 put_unaligned_le16(count, &rp->num_controllers);
148
149 i = 0;
8035ded4 150 list_for_each_entry(d, &hci_dev_list, list) {
3243553f 151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
e0f9309f 152 cancel_delayed_work(&d->power_off);
ab81cbf9
JH		 153
154 if (test_bit(HCI_SETUP, &d->flags))
155 continue;
156
faba42eb
JH		 157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
159 }
160
161 read_unlock(&hci_dev_list_lock);
162
4e51eae9
SJ		 163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
164 rp_len);
faba42eb 165
a38528f1
JH		 166 kfree(rp);
167
168 return err;
faba42eb
JH		 169}
170
4e51eae9 171static int read_controller_info(struct sock *sk, u16 index)
0381101f 172{
a38528f1 173 struct mgmt_rp_read_info rp;
f7b64e69 174 struct hci_dev *hdev;
0381101f 175
4e51eae9 176 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 177
4e51eae9 178 hdev = hci_dev_get(index);
a38528f1 179 if (!hdev)
4e51eae9 180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
f7b64e69 181
3243553f
JH		 182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 184
8c156c32 185 hci_dev_lock_bh(hdev);
f7b64e69 186
ebc99feb
JH		 187 set_bit(HCI_MGMT, &hdev->flags);
188
dc4fe30b
JH		 189 memset(&rp, 0, sizeof(rp));
190
a38528f1 191 rp.type = hdev->dev_type;
f7b64e69 192
a38528f1
JH		 193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
f7b64e69
JH		 197
198 if (test_bit(HCI_AUTH, &hdev->flags))
a38528f1 199 rp.sec_mode = 3;
f7b64e69 200 else if (hdev->ssp_mode > 0)
a38528f1 201 rp.sec_mode = 4;
f7b64e69 202 else
a38528f1 203 rp.sec_mode = 2;
f7b64e69 204
a38528f1
JH		 205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
f7b64e69 211
dc4fe30b
JH		 212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
213
8c156c32 214 hci_dev_unlock_bh(hdev);
f7b64e69 215 hci_dev_put(hdev);
0381101f 216
4e51eae9 217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 218}
219
eec8d2bc
JH		 220static void mgmt_pending_free(struct pending_cmd *cmd)
221{
222 sock_put(cmd->sk);
c68fb7ff 223 kfree(cmd->param);
eec8d2bc
JH		 224 kfree(cmd);
225}
226
366a0336 227static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 228 struct hci_dev *hdev,
229 void *data, u16 len)
eec8d2bc
JH		 230{
231 struct pending_cmd *cmd;
232
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
234 if (!cmd)
366a0336 235 return NULL;
eec8d2bc
JH		 236
237 cmd->opcode = opcode;
2e58ef3e 238 cmd->index = hdev->id;
eec8d2bc 239
c68fb7ff
SJ		 240 cmd->param = kmalloc(len, GFP_ATOMIC);
241 if (!cmd->param) {
eec8d2bc 242 kfree(cmd);
366a0336 243 return NULL;
eec8d2bc
JH		 244 }
245
8fce6357
SJ		 246 if (data)
247 memcpy(cmd->param, data, len);
eec8d2bc
JH		 248
249 cmd->sk = sk;
250 sock_hold(sk);
251
2e58ef3e 252 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 253
366a0336 254 return cmd;
eec8d2bc
JH		 255}
256
744cf19e 257static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 258 void (*cb)(struct pending_cmd *cmd, void *data),
259 void *data)
260{
261 struct list_head *p, *n;
262
2e58ef3e 263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 264 struct pending_cmd *cmd;
265
266 cmd = list_entry(p, struct pending_cmd, list);
267
b24752fe 268 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 269 continue;
270
eec8d2bc
JH		 271 cb(cmd, data);
272 }
273}
274
2e58ef3e 275static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 276{
8035ded4 277 struct pending_cmd *cmd;
eec8d2bc 278
2e58ef3e 279 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 280 if (cmd->opcode == opcode)
281 return cmd;
eec8d2bc
JH		 282 }
283
284 return NULL;
285}
286
a664b5bc 287static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 288{
73f22f62
JH		 289 list_del(&cmd->list);
290 mgmt_pending_free(cmd);
291}
292
4e51eae9 293static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
eec8d2bc 294{
72a734ec 295 struct mgmt_mode *cp;
eec8d2bc 296 struct hci_dev *hdev;
366a0336 297 struct pending_cmd *cmd;
366a0336 298 int err, up;
eec8d2bc
JH		 299
300 cp = (void *) data;
eec8d2bc 301
4e51eae9 302 BT_DBG("request for hci%u", index);
eec8d2bc 303
bdce7baf
SJ		 304 if (len != sizeof(*cp))
305 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
306
4e51eae9 307 hdev = hci_dev_get(index);
eec8d2bc 308 if (!hdev)
4e51eae9 309 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
eec8d2bc 310
8c156c32 311 hci_dev_lock_bh(hdev);
eec8d2bc
JH		 312
313 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 314 if ((cp->val && up) || (!cp->val && !up)) {
4e51eae9 315 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
eec8d2bc
JH		 316 goto failed;
317 }
318
2e58ef3e 319 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
4e51eae9 320 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
eec8d2bc
JH		 321 goto failed;
322 }
323
2e58ef3e 324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 325 if (!cmd) {
326 err = -ENOMEM;
eec8d2bc 327 goto failed;
366a0336 328 }
eec8d2bc 329
72a734ec 330 if (cp->val)
eec8d2bc
JH		 331 queue_work(hdev->workqueue, &hdev->power_on);
332 else
3243553f 333 queue_work(hdev->workqueue, &hdev->power_off.work);
eec8d2bc 334
366a0336 335 err = 0;
eec8d2bc
JH		 336
337failed:
8c156c32 338 hci_dev_unlock_bh(hdev);
eec8d2bc 339 hci_dev_put(hdev);
366a0336 340 return err;
eec8d2bc
JH		 341}
342
4e51eae9
SJ		 343static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
344 u16 len)
73f22f62 345{
16ab91ab 346 struct mgmt_cp_set_discoverable *cp;
73f22f62 347 struct hci_dev *hdev;
366a0336 348 struct pending_cmd *cmd;
73f22f62
JH		 349 u8 scan;
350 int err;
351
352 cp = (void *) data;
73f22f62 353
4e51eae9 354 BT_DBG("request for hci%u", index);
73f22f62 355
bdce7baf
SJ		 356 if (len != sizeof(*cp))
357 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
358
4e51eae9 359 hdev = hci_dev_get(index);
73f22f62 360 if (!hdev)
4e51eae9 361 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
73f22f62 362
8c156c32 363 hci_dev_lock_bh(hdev);
73f22f62
JH		 364
365 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 366 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
73f22f62
JH		 367 goto failed;
368 }
369
2e58ef3e
JH		 370 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
371 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
4e51eae9 372 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
73f22f62
JH		 373 goto failed;
374 }
375
72a734ec 376 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 377 test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 378 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
73f22f62
JH		 379 goto failed;
380 }
381
2e58ef3e 382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 383 if (!cmd) {
384 err = -ENOMEM;
73f22f62 385 goto failed;
366a0336 386 }
73f22f62
JH		 387
388 scan = SCAN_PAGE;
389
72a734ec 390 if (cp->val)
73f22f62 391 scan |= SCAN_INQUIRY;
16ab91ab 392 else
e0f9309f 393 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 394
395 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
396 if (err < 0)
a664b5bc 397 mgmt_pending_remove(cmd);
73f22f62 398
16ab91ab
JH		 399 if (cp->val)
400 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
401
73f22f62 402failed:
8c156c32 403 hci_dev_unlock_bh(hdev);
73f22f62
JH		 404 hci_dev_put(hdev);
405
406 return err;
407}
408
4e51eae9
SJ		 409static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
410 u16 len)
9fbcbb45 411{
72a734ec 412 struct mgmt_mode *cp;
9fbcbb45 413 struct hci_dev *hdev;
366a0336 414 struct pending_cmd *cmd;
9fbcbb45
JH		 415 u8 scan;
416 int err;
417
418 cp = (void *) data;
9fbcbb45 419
4e51eae9 420 BT_DBG("request for hci%u", index);
9fbcbb45 421
bdce7baf
SJ		 422 if (len != sizeof(*cp))
423 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
424
4e51eae9 425 hdev = hci_dev_get(index);
9fbcbb45 426 if (!hdev)
4e51eae9 427 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
9fbcbb45 428
8c156c32 429 hci_dev_lock_bh(hdev);
9fbcbb45
JH		 430
431 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 432 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
9fbcbb45
JH		 433 goto failed;
434 }
435
2e58ef3e
JH		 436 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
437 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
4e51eae9 438 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
9fbcbb45
JH		 439 goto failed;
440 }
441
72a734ec 442 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 443 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
9fbcbb45
JH		 444 goto failed;
445 }
446
2e58ef3e 447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 448 if (!cmd) {
449 err = -ENOMEM;
9fbcbb45 450 goto failed;
366a0336 451 }
9fbcbb45 452
72a734ec 453 if (cp->val)
9fbcbb45
JH		 454 scan = SCAN_PAGE;
455 else
456 scan = 0;
457
458 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
459 if (err < 0)
a664b5bc 460 mgmt_pending_remove(cmd);
9fbcbb45
JH		 461
462failed:
8c156c32 463 hci_dev_unlock_bh(hdev);
9fbcbb45
JH		 464 hci_dev_put(hdev);
465
466 return err;
467}
468
744cf19e
JH		 469static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
470 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 471{
472 struct sk_buff *skb;
473 struct mgmt_hdr *hdr;
474
475 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
476 if (!skb)
477 return -ENOMEM;
478
479 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
480
481 hdr = (void *) skb_put(skb, sizeof(*hdr));
482 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 483 if (hdev)
484 hdr->index = cpu_to_le16(hdev->id);
485 else
486 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 487 hdr->len = cpu_to_le16(data_len);
488
4e51eae9
SJ		 489 if (data)
490 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 491
492 hci_send_to_sock(NULL, skb, skip_sk);
493 kfree_skb(skb);
494
495 return 0;
496}
497
053f0211
JH		 498static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499{
a38528f1 500 struct mgmt_mode rp;
053f0211 501
a38528f1 502 rp.val = val;
053f0211 503
4e51eae9 504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
053f0211
JH		 505}
506
4e51eae9
SJ		 507static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508 u16 len)
c542a06c
JH		 509{
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
c542a06c
JH		 512 int err;
513
514 cp = (void *) data;
c542a06c 515
4e51eae9 516 BT_DBG("request for hci%u", index);
c542a06c 517
bdce7baf
SJ		 518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
4e51eae9 521 hdev = hci_dev_get(index);
c542a06c 522 if (!hdev)
4e51eae9 523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
c542a06c 524
8c156c32 525 hci_dev_lock_bh(hdev);
c542a06c
JH		 526
527 if (cp->val)
528 set_bit(HCI_PAIRABLE, &hdev->flags);
529 else
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
4e51eae9 532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
c542a06c
JH		 533 if (err < 0)
534 goto failed;
535
c542a06c
JH		 536 ev.val = cp->val;
537
744cf19e 538 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 539
540failed:
8c156c32 541 hci_dev_unlock_bh(hdev);
c542a06c
JH		 542 hci_dev_put(hdev);
543
544 return err;
545}
546
80a1e1db
JH		 547#define EIR_FLAGS 0x01 /* flags */
548#define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549#define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550#define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551#define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552#define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553#define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554#define EIR_NAME_SHORT 0x08 /* shortened local name */
555#define EIR_NAME_COMPLETE 0x09 /* complete local name */
556#define EIR_TX_POWER 0x0A /* transmit power level */
557#define EIR_DEVICE_ID 0x10 /* device ID */
558
559#define PNP_INFO_SVCLASS_ID 0x1200
560
561static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564};
565
566static u16 get_uuid16(u8 *uuid128)
567{
568 u32 val;
569 int i;
570
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
573 return 0;
574 }
575
576 memcpy(&val, &uuid128[12], 4);
577
578 val = le32_to_cpu(val);
579 if (val > 0xffff)
580 return 0;
581
582 return (u16) val;
583}
584
585static void create_eir(struct hci_dev *hdev, u8 *data)
586{
587 u8 *ptr = data;
588 u16 eir_len = 0;
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
8035ded4 591 struct bt_uuid *uuid;
80a1e1db
JH		 592 size_t name_len;
593
594 name_len = strlen(hdev->dev_name);
595
596 if (name_len > 0) {
597 /* EIR Data type */
598 if (name_len > 48) {
599 name_len = 48;
600 ptr[1] = EIR_NAME_SHORT;
601 } else
602 ptr[1] = EIR_NAME_COMPLETE;
603
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
606
607 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
611 }
612
613 memset(uuid16_list, 0, sizeof(uuid16_list));
614
615 /* Group all UUID16 types */
8035ded4 616 list_for_each_entry(uuid, &hdev->uuids, list) {
80a1e1db
JH		 617 u16 uuid16;
618
619 uuid16 = get_uuid16(uuid->uuid);
620 if (uuid16 == 0)
621 return;
622
623 if (uuid16 < 0x1100)
624 continue;
625
626 if (uuid16 == PNP_INFO_SVCLASS_ID)
627 continue;
628
629 /* Stop if not enough space to put next UUID */
630 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
631 truncated = 1;
632 break;
633 }
634
635 /* Check for duplicates */
636 for (i = 0; uuid16_list[i] != 0; i++)
637 if (uuid16_list[i] == uuid16)
638 break;
639
640 if (uuid16_list[i] == 0) {
641 uuid16_list[i] = uuid16;
642 eir_len += sizeof(u16);
643 }
644 }
645
646 if (uuid16_list[0] != 0) {
647 u8 *length = ptr;
648
649 /* EIR Data type */
650 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
651
652 ptr += 2;
653 eir_len += 2;
654
655 for (i = 0; uuid16_list[i] != 0; i++) {
656 *ptr++ = (uuid16_list[i] & 0x00ff);
657 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
658 }
659
660 /* EIR Data length */
661 *length = (i * sizeof(u16)) + 1;
662 }
663}
664
665static int update_eir(struct hci_dev *hdev)
666{
667 struct hci_cp_write_eir cp;
668
669 if (!(hdev->features[6] & LMP_EXT_INQ))
670 return 0;
671
672 if (hdev->ssp_mode == 0)
673 return 0;
674
675 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
676 return 0;
677
678 memset(&cp, 0, sizeof(cp));
679
680 create_eir(hdev, cp.data);
681
682 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
683 return 0;
684
685 memcpy(hdev->eir, cp.data, sizeof(cp.data));
686
687 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
688}
689
1aff6f09
JH		 690static u8 get_service_classes(struct hci_dev *hdev)
691{
12dc0743 692 struct bt_uuid *uuid;
1aff6f09
JH		 693 u8 val = 0;
694
12dc0743 695 list_for_each_entry(uuid, &hdev->uuids, list)
1aff6f09 696 val |= uuid->svc_hint;
1aff6f09
JH		 697
698 return val;
699}
700
701static int update_class(struct hci_dev *hdev)
702{
703 u8 cod[3];
704
705 BT_DBG("%s", hdev->name);
706
707 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
708 return 0;
709
710 cod[0] = hdev->minor_class;
711 cod[1] = hdev->major_class;
712 cod[2] = get_service_classes(hdev);
713
714 if (memcmp(cod, hdev->dev_class, 3) == 0)
715 return 0;
716
717 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
718}
719
4e51eae9 720static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 721{
722 struct mgmt_cp_add_uuid *cp;
723 struct hci_dev *hdev;
724 struct bt_uuid *uuid;
2aeb9a1a
JH		 725 int err;
726
727 cp = (void *) data;
2aeb9a1a 728
4e51eae9 729 BT_DBG("request for hci%u", index);
2aeb9a1a 730
bdce7baf
SJ		 731 if (len != sizeof(*cp))
732 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
733
4e51eae9 734 hdev = hci_dev_get(index);
2aeb9a1a 735 if (!hdev)
4e51eae9 736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
2aeb9a1a 737
8c156c32 738 hci_dev_lock_bh(hdev);
2aeb9a1a
JH		 739
740 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
741 if (!uuid) {
742 err = -ENOMEM;
743 goto failed;
744 }
745
746 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 747 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 748
749 list_add(&uuid->list, &hdev->uuids);
750
1aff6f09
JH		 751 err = update_class(hdev);
752 if (err < 0)
753 goto failed;
754
80a1e1db
JH		 755 err = update_eir(hdev);
756 if (err < 0)
757 goto failed;
758
4e51eae9 759 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 760
761failed:
8c156c32 762 hci_dev_unlock_bh(hdev);
2aeb9a1a
JH		 763 hci_dev_put(hdev);
764
765 return err;
766}
767
4e51eae9 768static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 769{
770 struct list_head *p, *n;
779cb850 771 struct mgmt_cp_remove_uuid *cp;
2aeb9a1a
JH		 772 struct hci_dev *hdev;
773 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 774 int err, found;
775
776 cp = (void *) data;
2aeb9a1a 777
4e51eae9 778 BT_DBG("request for hci%u", index);
2aeb9a1a 779
bdce7baf
SJ		 780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
782
4e51eae9 783 hdev = hci_dev_get(index);
2aeb9a1a 784 if (!hdev)
4e51eae9 785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
2aeb9a1a 786
8c156c32 787 hci_dev_lock_bh(hdev);
2aeb9a1a
JH		 788
789 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
790 err = hci_uuids_clear(hdev);
791 goto unlock;
792 }
793
794 found = 0;
795
796 list_for_each_safe(p, n, &hdev->uuids) {
797 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
798
799 if (memcmp(match->uuid, cp->uuid, 16) != 0)
800 continue;
801
802 list_del(&match->list);
803 found++;
804 }
805
806 if (found == 0) {
4e51eae9 807 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
2aeb9a1a
JH		 808 goto unlock;
809 }
810
1aff6f09
JH		 811 err = update_class(hdev);
812 if (err < 0)
813 goto unlock;
814
80a1e1db
JH		 815 err = update_eir(hdev);
816 if (err < 0)
817 goto unlock;
818
4e51eae9 819 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 820
821unlock:
8c156c32 822 hci_dev_unlock_bh(hdev);
2aeb9a1a
JH		 823 hci_dev_put(hdev);
824
825 return err;
826}
827
4e51eae9
SJ		 828static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
829 u16 len)
1aff6f09
JH		 830{
831 struct hci_dev *hdev;
832 struct mgmt_cp_set_dev_class *cp;
1aff6f09
JH		 833 int err;
834
835 cp = (void *) data;
1aff6f09 836
4e51eae9 837 BT_DBG("request for hci%u", index);
1aff6f09 838
bdce7baf
SJ		 839 if (len != sizeof(*cp))
840 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
841
4e51eae9 842 hdev = hci_dev_get(index);
1aff6f09 843 if (!hdev)
4e51eae9 844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
1aff6f09 845
8c156c32 846 hci_dev_lock_bh(hdev);
1aff6f09
JH		 847
848 hdev->major_class = cp->major;
849 hdev->minor_class = cp->minor;
850
851 err = update_class(hdev);
852
853 if (err == 0)
4e51eae9 854 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 855
8c156c32 856 hci_dev_unlock_bh(hdev);
1aff6f09
JH		 857 hci_dev_put(hdev);
858
859 return err;
860}
861
4e51eae9
SJ		 862static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
863 u16 len)
1aff6f09
JH		 864{
865 struct hci_dev *hdev;
866 struct mgmt_cp_set_service_cache *cp;
1aff6f09
JH		 867 int err;
868
869 cp = (void *) data;
1aff6f09 870
bdce7baf 871 if (len != sizeof(*cp))
b8534e0f 872 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
bdce7baf 873
4e51eae9 874 hdev = hci_dev_get(index);
1aff6f09 875 if (!hdev)
4e51eae9 876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
1aff6f09 877
8c156c32 878 hci_dev_lock_bh(hdev);
1aff6f09 879
4e51eae9 880 BT_DBG("hci%u enable %d", index, cp->enable);
1aff6f09
JH		 881
882 if (cp->enable) {
883 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
884 err = 0;
885 } else {
886 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
887 err = update_class(hdev);
80a1e1db
JH		 888 if (err == 0)
889 err = update_eir(hdev);
1aff6f09
JH		 890 }
891
892 if (err == 0)
4e51eae9
SJ		 893 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
894 0);
e5b82e58
GP		 895 else
896 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
897
1aff6f09 898
8c156c32 899 hci_dev_unlock_bh(hdev);
1aff6f09
JH		 900 hci_dev_put(hdev);
901
902 return err;
903}
904
86742e1e
JH		 905static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
906 u16 len)
55ed8ca1
JH		 907{
908 struct hci_dev *hdev;
86742e1e 909 struct mgmt_cp_load_link_keys *cp;
4e51eae9 910 u16 key_count, expected_len;
a492cd52 911 int i;
55ed8ca1
JH		 912
913 cp = (void *) data;
bdce7baf
SJ		 914
915 if (len < sizeof(*cp))
86742e1e 916 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
bdce7baf 917
55ed8ca1
JH		 918 key_count = get_unaligned_le16(&cp->key_count);
919
86742e1e
JH		 920 expected_len = sizeof(*cp) + key_count *
921 sizeof(struct mgmt_link_key_info);
a492cd52 922 if (expected_len != len) {
86742e1e 923 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 924 len, expected_len);
86742e1e 925 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
55ed8ca1
JH		 926 }
927
4e51eae9 928 hdev = hci_dev_get(index);
55ed8ca1 929 if (!hdev)
86742e1e 930 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
55ed8ca1 931
4e51eae9 932 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 933 key_count);
934
8c156c32 935 hci_dev_lock_bh(hdev);
55ed8ca1
JH		 936
937 hci_link_keys_clear(hdev);
938
939 set_bit(HCI_LINK_KEYS, &hdev->flags);
940
941 if (cp->debug_keys)
942 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
943 else
944 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
945
a492cd52 946 for (i = 0; i < key_count; i++) {
86742e1e 947 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 948
d25e28ab 949 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 950 key->pin_len);
951 }
952
8c156c32 953 hci_dev_unlock_bh(hdev);
55ed8ca1
JH		 954 hci_dev_put(hdev);
955
a492cd52 956 return 0;
55ed8ca1
JH		 957}
958
86742e1e
JH		 959static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
960 u16 len)
55ed8ca1
JH		 961{
962 struct hci_dev *hdev;
86742e1e 963 struct mgmt_cp_remove_keys *cp;
a8a1d19e
JH		 964 struct mgmt_rp_remove_keys rp;
965 struct hci_cp_disconnect dc;
966 struct pending_cmd *cmd;
55ed8ca1 967 struct hci_conn *conn;
55ed8ca1
JH		 968 int err;
969
970 cp = (void *) data;
55ed8ca1 971
bdce7baf 972 if (len != sizeof(*cp))
86742e1e 973 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
bdce7baf 974
4e51eae9 975 hdev = hci_dev_get(index);
55ed8ca1 976 if (!hdev)
86742e1e 977 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
55ed8ca1 978
8c156c32 979 hci_dev_lock_bh(hdev);
55ed8ca1 980
a8a1d19e
JH		 981 memset(&rp, 0, sizeof(rp));
982 bacpy(&rp.bdaddr, &cp->bdaddr);
983
55ed8ca1 984 err = hci_remove_link_key(hdev, &cp->bdaddr);
a8a1d19e 985 if (err < 0)
55ed8ca1 986 goto unlock;
55ed8ca1 987
a8a1d19e
JH		 988 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
990 sizeof(rp));
55ed8ca1 991 goto unlock;
a8a1d19e 992 }
55ed8ca1
JH		 993
994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
a8a1d19e
JH		 995 if (!conn) {
996 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
997 sizeof(rp));
998 goto unlock;
999 }
55ed8ca1 1000
a8a1d19e
JH		 1001 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1002 if (!cmd) {
1003 err = -ENOMEM;
1004 goto unlock;
55ed8ca1
JH		 1005 }
1006
a8a1d19e
JH		 1007 put_unaligned_le16(conn->handle, &dc.handle);
1008 dc.reason = 0x13; /* Remote User Terminated Connection */
1009 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1010 if (err < 0)
1011 mgmt_pending_remove(cmd);
1012
55ed8ca1 1013unlock:
a8a1d19e
JH		 1014 if (err < 0) {
1015 rp.status = -err;
1016 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1017 sizeof(rp));
1018 }
8c156c32 1019 hci_dev_unlock_bh(hdev);
55ed8ca1
JH		 1020 hci_dev_put(hdev);
1021
1022 return err;
1023}
1024
4e51eae9 1025static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
8962ee74
JH		 1026{
1027 struct hci_dev *hdev;
1028 struct mgmt_cp_disconnect *cp;
1029 struct hci_cp_disconnect dc;
366a0336 1030 struct pending_cmd *cmd;
8962ee74 1031 struct hci_conn *conn;
8962ee74
JH		 1032 int err;
1033
1034 BT_DBG("");
1035
1036 cp = (void *) data;
8962ee74 1037
bdce7baf
SJ		 1038 if (len != sizeof(*cp))
1039 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1040
4e51eae9 1041 hdev = hci_dev_get(index);
8962ee74 1042 if (!hdev)
4e51eae9 1043 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
8962ee74 1044
8c156c32 1045 hci_dev_lock_bh(hdev);
8962ee74
JH		 1046
1047 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1048 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
8962ee74
JH		 1049 goto failed;
1050 }
1051
2e58ef3e 1052 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
4e51eae9 1053 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
8962ee74
JH		 1054 goto failed;
1055 }
1056
1057 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
365227e5
VCG		 1058 if (!conn)
1059 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1060
8962ee74 1061 if (!conn) {
4e51eae9 1062 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
8962ee74
JH		 1063 goto failed;
1064 }
1065
2e58ef3e 1066 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1067 if (!cmd) {
1068 err = -ENOMEM;
8962ee74 1069 goto failed;
366a0336 1070 }
8962ee74
JH		 1071
1072 put_unaligned_le16(conn->handle, &dc.handle);
1073 dc.reason = 0x13; /* Remote User Terminated Connection */
1074
1075 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1076 if (err < 0)
a664b5bc 1077 mgmt_pending_remove(cmd);
8962ee74
JH		 1078
1079failed:
8c156c32 1080 hci_dev_unlock_bh(hdev);
8962ee74
JH		 1081 hci_dev_put(hdev);
1082
1083 return err;
1084}
1085
48264f06 1086static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1087{
1088 switch (link_type) {
1089 case LE_LINK:
48264f06
JH		 1090 switch (addr_type) {
1091 case ADDR_LE_DEV_PUBLIC:
1092 return MGMT_ADDR_LE_PUBLIC;
1093 case ADDR_LE_DEV_RANDOM:
1094 return MGMT_ADDR_LE_RANDOM;
1095 default:
1096 return MGMT_ADDR_INVALID;
1097 }
4c659c39
JH		 1098 case ACL_LINK:
1099 return MGMT_ADDR_BREDR;
1100 default:
1101 return MGMT_ADDR_INVALID;
1102 }
1103}
1104
8ce6284e 1105static int get_connections(struct sock *sk, u16 index)
2784eb41 1106{
2784eb41
JH		 1107 struct mgmt_rp_get_connections *rp;
1108 struct hci_dev *hdev;
8035ded4 1109 struct hci_conn *c;
2784eb41 1110 struct list_head *p;
a38528f1 1111 size_t rp_len;
4e51eae9 1112 u16 count;
2784eb41
JH		 1113 int i, err;
1114
1115 BT_DBG("");
1116
4e51eae9 1117 hdev = hci_dev_get(index);
2784eb41 1118 if (!hdev)
4e51eae9 1119 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
2784eb41 1120
8c156c32 1121 hci_dev_lock_bh(hdev);
2784eb41
JH		 1122
1123 count = 0;
1124 list_for_each(p, &hdev->conn_hash.list) {
1125 count++;
1126 }
1127
4c659c39 1128 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1129 rp = kmalloc(rp_len, GFP_ATOMIC);
1130 if (!rp) {
2784eb41
JH		 1131 err = -ENOMEM;
1132 goto unlock;
1133 }
1134
2784eb41
JH		 1135 put_unaligned_le16(count, &rp->conn_count);
1136
2784eb41 1137 i = 0;
4c659c39
JH		 1138 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1139 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1140 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1141 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1142 continue;
1143 i++;
1144 }
1145
1146 /* Recalculate length in case of filtered SCO connections, etc */
1147 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1148
4e51eae9 1149 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1150
1151unlock:
a38528f1 1152 kfree(rp);
8c156c32 1153 hci_dev_unlock_bh(hdev);
2784eb41
JH		 1154 hci_dev_put(hdev);
1155 return err;
1156}
1157
96d97a67
WR		 1158static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1159 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1160{
1161 struct pending_cmd *cmd;
1162 int err;
1163
2e58ef3e 1164 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1165 sizeof(*cp));
1166 if (!cmd)
1167 return -ENOMEM;
1168
1169 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1170 &cp->bdaddr);
1171 if (err < 0)
1172 mgmt_pending_remove(cmd);
1173
1174 return err;
1175}
1176
4e51eae9
SJ		 1177static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1178 u16 len)
980e1a53
JH		 1179{
1180 struct hci_dev *hdev;
96d97a67 1181 struct hci_conn *conn;
980e1a53 1182 struct mgmt_cp_pin_code_reply *cp;
96d97a67 1183 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1184 struct hci_cp_pin_code_reply reply;
366a0336 1185 struct pending_cmd *cmd;
980e1a53
JH		 1186 int err;
1187
1188 BT_DBG("");
1189
1190 cp = (void *) data;
980e1a53 1191
bdce7baf
SJ		 1192 if (len != sizeof(*cp))
1193 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1194
4e51eae9 1195 hdev = hci_dev_get(index);
980e1a53 1196 if (!hdev)
4e51eae9 1197 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
980e1a53 1198
8c156c32 1199 hci_dev_lock_bh(hdev);
980e1a53
JH		 1200
1201 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1202 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
980e1a53
JH		 1203 goto failed;
1204 }
1205
96d97a67
WR		 1206 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1207 if (!conn) {
1208 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1209 goto failed;
1210 }
1211
1212 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1213 bacpy(&ncp.bdaddr, &cp->bdaddr);
1214
1215 BT_ERR("PIN code is not 16 bytes long");
1216
1217 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1218 if (err >= 0)
1219 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1220 EINVAL);
1221
1222 goto failed;
1223 }
1224
2e58ef3e 1225 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1226 if (!cmd) {
1227 err = -ENOMEM;
980e1a53 1228 goto failed;
366a0336 1229 }
980e1a53
JH		 1230
1231 bacpy(&reply.bdaddr, &cp->bdaddr);
1232 reply.pin_len = cp->pin_len;
24718ca5 1233 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1234
1235 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1236 if (err < 0)
a664b5bc 1237 mgmt_pending_remove(cmd);
980e1a53
JH		 1238
1239failed:
8c156c32 1240 hci_dev_unlock_bh(hdev);
980e1a53
JH		 1241 hci_dev_put(hdev);
1242
1243 return err;
1244}
1245
4e51eae9
SJ		 1246static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1247 u16 len)
980e1a53
JH		 1248{
1249 struct hci_dev *hdev;
1250 struct mgmt_cp_pin_code_neg_reply *cp;
980e1a53
JH		 1251 int err;
1252
1253 BT_DBG("");
1254
1255 cp = (void *) data;
980e1a53 1256
bdce7baf
SJ		 1257 if (len != sizeof(*cp))
1258 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1259 EINVAL);
1260
4e51eae9 1261 hdev = hci_dev_get(index);
980e1a53 1262 if (!hdev)
4e51eae9
SJ		 1263 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1264 ENODEV);
980e1a53 1265
8c156c32 1266 hci_dev_lock_bh(hdev);
980e1a53
JH		 1267
1268 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9
SJ		 1269 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1270 ENETDOWN);
980e1a53
JH		 1271 goto failed;
1272 }
1273
96d97a67 1274 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1275
1276failed:
8c156c32 1277 hci_dev_unlock_bh(hdev);
980e1a53
JH		 1278 hci_dev_put(hdev);
1279
1280 return err;
1281}
1282
4e51eae9
SJ		 1283static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1284 u16 len)
17fa4b9d
JH		 1285{
1286 struct hci_dev *hdev;
1287 struct mgmt_cp_set_io_capability *cp;
17fa4b9d
JH		 1288
1289 BT_DBG("");
1290
1291 cp = (void *) data;
17fa4b9d 1292
bdce7baf 1293 if (len != sizeof(*cp))
b8534e0f 1294 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
bdce7baf 1295
4e51eae9 1296 hdev = hci_dev_get(index);
17fa4b9d 1297 if (!hdev)
4e51eae9 1298 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
17fa4b9d 1299
8c156c32 1300 hci_dev_lock_bh(hdev);
17fa4b9d
JH		 1301
1302 hdev->io_capability = cp->io_capability;
1303
1304 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1305 hdev->io_capability);
17fa4b9d 1306
8c156c32 1307 hci_dev_unlock_bh(hdev);
17fa4b9d
JH		 1308 hci_dev_put(hdev);
1309
4e51eae9 1310 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1311}
1312
e9a416b5
JH		 1313static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1314{
1315 struct hci_dev *hdev = conn->hdev;
8035ded4 1316 struct pending_cmd *cmd;
e9a416b5 1317
2e58ef3e 1318 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1319 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1320 continue;
1321
e9a416b5
JH		 1322 if (cmd->user_data != conn)
1323 continue;
1324
1325 return cmd;
1326 }
1327
1328 return NULL;
1329}
1330
1331static void pairing_complete(struct pending_cmd *cmd, u8 status)
1332{
1333 struct mgmt_rp_pair_device rp;
1334 struct hci_conn *conn = cmd->user_data;
1335
ba4e564f
JH		 1336 bacpy(&rp.addr.bdaddr, &conn->dst);
1337 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5
JH		 1338 rp.status = status;
1339
4e51eae9 1340 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1341
1342 /* So we don't get further callbacks for this connection */
1343 conn->connect_cfm_cb = NULL;
1344 conn->security_cfm_cb = NULL;
1345 conn->disconn_cfm_cb = NULL;
1346
1347 hci_conn_put(conn);
1348
a664b5bc 1349 mgmt_pending_remove(cmd);
e9a416b5
JH		 1350}
1351
1352static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1353{
1354 struct pending_cmd *cmd;
1355
1356 BT_DBG("status %u", status);
1357
1358 cmd = find_pairing(conn);
56e5cb86 1359 if (!cmd)
e9a416b5 1360 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1361 else
1362 pairing_complete(cmd, status);
e9a416b5
JH		 1363}
1364
4e51eae9 1365static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
e9a416b5
JH		 1366{
1367 struct hci_dev *hdev;
1368 struct mgmt_cp_pair_device *cp;
1425acb7 1369 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1370 struct pending_cmd *cmd;
1371 u8 sec_level, auth_type;
1372 struct hci_conn *conn;
e9a416b5
JH		 1373 int err;
1374
1375 BT_DBG("");
1376
1377 cp = (void *) data;
e9a416b5 1378
bdce7baf
SJ		 1379 if (len != sizeof(*cp))
1380 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1381
4e51eae9 1382 hdev = hci_dev_get(index);
e9a416b5 1383 if (!hdev)
4e51eae9 1384 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
e9a416b5 1385
8c156c32 1386 hci_dev_lock_bh(hdev);
e9a416b5 1387
c908df36
VCG		 1388 sec_level = BT_SECURITY_MEDIUM;
1389 if (cp->io_cap == 0x03)
e9a416b5 1390 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1391 else
e9a416b5 1392 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1393
ba4e564f
JH		 1394 if (cp->addr.type == MGMT_ADDR_BREDR)
1395 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1396 auth_type);
1397 else
ba4e564f 1398 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1399 auth_type);
1400
1425acb7
JH		 1401 memset(&rp, 0, sizeof(rp));
1402 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1403 rp.addr.type = cp->addr.type;
1404
30e76272 1405 if (IS_ERR(conn)) {
1425acb7
JH		 1406 rp.status = -PTR_ERR(conn);
1407 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1408 &rp, sizeof(rp));
e9a416b5
JH		 1409 goto unlock;
1410 }
1411
1412 if (conn->connect_cfm_cb) {
1413 hci_conn_put(conn);
1425acb7
JH		 1414 rp.status = EBUSY;
1415 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1416 &rp, sizeof(rp));
e9a416b5
JH		 1417 goto unlock;
1418 }
1419
2e58ef3e 1420 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1421 if (!cmd) {
1422 err = -ENOMEM;
1423 hci_conn_put(conn);
1424 goto unlock;
1425 }
1426
7a512d01 1427 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1428 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1429 conn->connect_cfm_cb = pairing_complete_cb;
1430
e9a416b5
JH		 1431 conn->security_cfm_cb = pairing_complete_cb;
1432 conn->disconn_cfm_cb = pairing_complete_cb;
1433 conn->io_capability = cp->io_cap;
1434 cmd->user_data = conn;
1435
1436 if (conn->state == BT_CONNECTED &&
1437 hci_conn_security(conn, sec_level, auth_type))
1438 pairing_complete(cmd, 0);
1439
1440 err = 0;
1441
1442unlock:
8c156c32 1443 hci_dev_unlock_bh(hdev);
e9a416b5
JH		 1444 hci_dev_put(hdev);
1445
1446 return err;
1447}
1448
4e51eae9
SJ		 1449static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1450 u16 len, int success)
a5c29683
JH		 1451{
1452 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
4e51eae9 1453 u16 mgmt_op, hci_op;
a5c29683
JH		 1454 struct pending_cmd *cmd;
1455 struct hci_dev *hdev;
1456 int err;
1457
1458 BT_DBG("");
1459
a5c29683
JH		 1460 if (success) {
1461 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1462 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1463 } else {
1464 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1465 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1466 }
1467
bdce7baf
SJ		 1468 if (len != sizeof(*cp))
1469 return cmd_status(sk, index, mgmt_op, EINVAL);
1470
4e51eae9 1471 hdev = hci_dev_get(index);
a5c29683 1472 if (!hdev)
4e51eae9 1473 return cmd_status(sk, index, mgmt_op, ENODEV);
a5c29683 1474
8c156c32 1475 hci_dev_lock_bh(hdev);
08ba5382 1476
a5c29683 1477 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1478 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
a5c29683
JH		 1479 goto failed;
1480 }
1481
2e58ef3e 1482 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
a5c29683
JH		 1483 if (!cmd) {
1484 err = -ENOMEM;
1485 goto failed;
1486 }
1487
1488 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
a664b5bc
JH		 1489 if (err < 0)
1490 mgmt_pending_remove(cmd);
a5c29683
JH		 1491
1492failed:
8c156c32 1493 hci_dev_unlock_bh(hdev);
a5c29683
JH		 1494 hci_dev_put(hdev);
1495
1496 return err;
1497}
1498
b312b161
JH		 1499static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1500 u16 len)
1501{
1502 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1503 struct hci_cp_write_local_name hci_cp;
1504 struct hci_dev *hdev;
1505 struct pending_cmd *cmd;
1506 int err;
1507
1508 BT_DBG("");
1509
1510 if (len != sizeof(*mgmt_cp))
1511 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1512
1513 hdev = hci_dev_get(index);
1514 if (!hdev)
1515 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1516
8c156c32 1517 hci_dev_lock_bh(hdev);
b312b161 1518
2e58ef3e 1519 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 1520 if (!cmd) {
1521 err = -ENOMEM;
1522 goto failed;
1523 }
1524
1525 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1526 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1527 &hci_cp);
1528 if (err < 0)
1529 mgmt_pending_remove(cmd);
1530
1531failed:
8c156c32 1532 hci_dev_unlock_bh(hdev);
b312b161
JH		 1533 hci_dev_put(hdev);
1534
1535 return err;
1536}
1537
c35938b2
SJ		 1538static int read_local_oob_data(struct sock *sk, u16 index)
1539{
1540 struct hci_dev *hdev;
1541 struct pending_cmd *cmd;
1542 int err;
1543
1544 BT_DBG("hci%u", index);
1545
1546 hdev = hci_dev_get(index);
1547 if (!hdev)
1548 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1549 ENODEV);
1550
8c156c32 1551 hci_dev_lock_bh(hdev);
c35938b2
SJ		 1552
1553 if (!test_bit(HCI_UP, &hdev->flags)) {
1554 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1555 ENETDOWN);
1556 goto unlock;
1557 }
1558
1559 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1560 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1561 EOPNOTSUPP);
1562 goto unlock;
1563 }
1564
2e58ef3e 1565 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
c35938b2
SJ		 1566 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1567 goto unlock;
1568 }
1569
2e58ef3e 1570 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1571 if (!cmd) {
1572 err = -ENOMEM;
1573 goto unlock;
1574 }
1575
1576 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1577 if (err < 0)
1578 mgmt_pending_remove(cmd);
1579
1580unlock:
8c156c32 1581 hci_dev_unlock_bh(hdev);
c35938b2
SJ		 1582 hci_dev_put(hdev);
1583
1584 return err;
1585}
1586
2763eda6
SJ		 1587static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1588 u16 len)
1589{
1590 struct hci_dev *hdev;
1591 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1592 int err;
1593
1594 BT_DBG("hci%u ", index);
1595
1596 if (len != sizeof(*cp))
1597 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1598 EINVAL);
1599
1600 hdev = hci_dev_get(index);
1601 if (!hdev)
1602 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1603 ENODEV);
1604
8c156c32 1605 hci_dev_lock_bh(hdev);
2763eda6
SJ		 1606
1607 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1608 cp->randomizer);
1609 if (err < 0)
1610 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1611 else
1612 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1613 0);
1614
8c156c32 1615 hci_dev_unlock_bh(hdev);
2763eda6
SJ		 1616 hci_dev_put(hdev);
1617
1618 return err;
1619}
1620
1621static int remove_remote_oob_data(struct sock *sk, u16 index,
1622 unsigned char *data, u16 len)
1623{
1624 struct hci_dev *hdev;
1625 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1626 int err;
1627
1628 BT_DBG("hci%u ", index);
1629
1630 if (len != sizeof(*cp))
1631 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1632 EINVAL);
1633
1634 hdev = hci_dev_get(index);
1635 if (!hdev)
1636 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1637 ENODEV);
1638
8c156c32 1639 hci_dev_lock_bh(hdev);
2763eda6
SJ		 1640
1641 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1642 if (err < 0)
1643 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1644 -err);
1645 else
1646 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1647 NULL, 0);
1648
8c156c32 1649 hci_dev_unlock_bh(hdev);
2763eda6
SJ		 1650 hci_dev_put(hdev);
1651
1652 return err;
1653}
1654
14a53664
JH		 1655static int start_discovery(struct sock *sk, u16 index)
1656{
14a53664
JH		 1657 struct pending_cmd *cmd;
1658 struct hci_dev *hdev;
1659 int err;
1660
1661 BT_DBG("hci%u", index);
1662
1663 hdev = hci_dev_get(index);
1664 if (!hdev)
1665 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1666
1667 hci_dev_lock_bh(hdev);
1668
bd2d1334
JH		 1669 if (!test_bit(HCI_UP, &hdev->flags)) {
1670 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1671 goto failed;
1672 }
1673
2e58ef3e 1674 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1675 if (!cmd) {
1676 err = -ENOMEM;
1677 goto failed;
1678 }
1679
2519a1fc 1680 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
14a53664
JH		 1681 if (err < 0)
1682 mgmt_pending_remove(cmd);
1683
1684failed:
1685 hci_dev_unlock_bh(hdev);
1686 hci_dev_put(hdev);
1687
1688 return err;
1689}
1690
1691static int stop_discovery(struct sock *sk, u16 index)
1692{
1693 struct hci_dev *hdev;
1694 struct pending_cmd *cmd;
1695 int err;
1696
1697 BT_DBG("hci%u", index);
1698
1699 hdev = hci_dev_get(index);
1700 if (!hdev)
1701 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1702
1703 hci_dev_lock_bh(hdev);
1704
2e58ef3e 1705 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1706 if (!cmd) {
1707 err = -ENOMEM;
1708 goto failed;
1709 }
1710
023d5049 1711 err = hci_cancel_inquiry(hdev);
14a53664
JH		 1712 if (err < 0)
1713 mgmt_pending_remove(cmd);
1714
1715failed:
1716 hci_dev_unlock_bh(hdev);
1717 hci_dev_put(hdev);
1718
1719 return err;
1720}
1721
7fbec224
AJ		 1722static int block_device(struct sock *sk, u16 index, unsigned char *data,
1723 u16 len)
1724{
1725 struct hci_dev *hdev;
5e762444 1726 struct mgmt_cp_block_device *cp = (void *) data;
7fbec224
AJ		 1727 int err;
1728
1729 BT_DBG("hci%u", index);
1730
7fbec224
AJ		 1731 if (len != sizeof(*cp))
1732 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1733 EINVAL);
1734
1735 hdev = hci_dev_get(index);
1736 if (!hdev)
1737 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1738 ENODEV);
1739
5e762444
AJ		 1740 hci_dev_lock_bh(hdev);
1741
7fbec224 1742 err = hci_blacklist_add(hdev, &cp->bdaddr);
7fbec224
AJ		 1743 if (err < 0)
1744 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1745 else
1746 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1747 NULL, 0);
5e762444 1748
5e762444 1749 hci_dev_unlock_bh(hdev);
7fbec224
AJ		 1750 hci_dev_put(hdev);
1751
1752 return err;
1753}
1754
1755static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1756 u16 len)
1757{
1758 struct hci_dev *hdev;
5e762444 1759 struct mgmt_cp_unblock_device *cp = (void *) data;
7fbec224
AJ		 1760 int err;
1761
1762 BT_DBG("hci%u", index);
1763
7fbec224
AJ		 1764 if (len != sizeof(*cp))
1765 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1766 EINVAL);
1767
1768 hdev = hci_dev_get(index);
1769 if (!hdev)
1770 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1771 ENODEV);
1772
5e762444
AJ		 1773 hci_dev_lock_bh(hdev);
1774
7fbec224
AJ		 1775 err = hci_blacklist_del(hdev, &cp->bdaddr);
1776
1777 if (err < 0)
1778 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1779 else
1780 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1781 NULL, 0);
5e762444 1782
5e762444 1783 hci_dev_unlock_bh(hdev);
7fbec224
AJ		 1784 hci_dev_put(hdev);
1785
1786 return err;
1787}
1788
f6422ec6
AJ		 1789static int set_fast_connectable(struct sock *sk, u16 index,
1790 unsigned char *data, u16 len)
1791{
1792 struct hci_dev *hdev;
1793 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1794 struct hci_cp_write_page_scan_activity acp;
1795 u8 type;
1796 int err;
1797
1798 BT_DBG("hci%u", index);
1799
1800 if (len != sizeof(*cp))
1801 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1802 EINVAL);
1803
1804 hdev = hci_dev_get(index);
1805 if (!hdev)
1806 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1807 ENODEV);
1808
1809 hci_dev_lock(hdev);
1810
1811 if (cp->enable) {
1812 type = PAGE_SCAN_TYPE_INTERLACED;
1813 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1814 } else {
1815 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1816 acp.interval = 0x0800; /* default 1.28 sec page scan */
1817 }
1818
1819 acp.window = 0x0012; /* default 11.25 msec page scan window */
1820
1821 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1822 sizeof(acp), &acp);
1823 if (err < 0) {
1824 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1825 -err);
1826 goto done;
1827 }
1828
1829 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1830 if (err < 0) {
1831 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1832 -err);
1833 goto done;
1834 }
1835
1836 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1837 NULL, 0);
1838done:
1839 hci_dev_unlock(hdev);
1840 hci_dev_put(hdev);
1841
1842 return err;
1843}
1844
0381101f
JH		 1845int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1846{
1847 unsigned char *buf;
1848 struct mgmt_hdr *hdr;
4e51eae9 1849 u16 opcode, index, len;
0381101f
JH		 1850 int err;
1851
1852 BT_DBG("got %zu bytes", msglen);
1853
1854 if (msglen < sizeof(*hdr))
1855 return -EINVAL;
1856
e63a15ec 1857 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 1858 if (!buf)
1859 return -ENOMEM;
1860
1861 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1862 err = -EFAULT;
1863 goto done;
1864 }
1865
1866 hdr = (struct mgmt_hdr *) buf;
1867 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 1868 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 1869 len = get_unaligned_le16(&hdr->len);
1870
1871 if (len != msglen - sizeof(*hdr)) {
1872 err = -EINVAL;
1873 goto done;
1874 }
1875
1876 switch (opcode) {
02d98129
JH		 1877 case MGMT_OP_READ_VERSION:
1878 err = read_version(sk);
1879 break;
faba42eb
JH		 1880 case MGMT_OP_READ_INDEX_LIST:
1881 err = read_index_list(sk);
1882 break;
f7b64e69 1883 case MGMT_OP_READ_INFO:
4e51eae9 1884 err = read_controller_info(sk, index);
f7b64e69 1885 break;
eec8d2bc 1886 case MGMT_OP_SET_POWERED:
4e51eae9 1887 err = set_powered(sk, index, buf + sizeof(*hdr), len);
eec8d2bc 1888 break;
73f22f62 1889 case MGMT_OP_SET_DISCOVERABLE:
4e51eae9 1890 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
73f22f62 1891 break;
9fbcbb45 1892 case MGMT_OP_SET_CONNECTABLE:
4e51eae9 1893 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
9fbcbb45 1894 break;
c542a06c 1895 case MGMT_OP_SET_PAIRABLE:
4e51eae9 1896 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
c542a06c 1897 break;
2aeb9a1a 1898 case MGMT_OP_ADD_UUID:
4e51eae9 1899 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a
JH		 1900 break;
1901 case MGMT_OP_REMOVE_UUID:
4e51eae9 1902 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a 1903 break;
1aff6f09 1904 case MGMT_OP_SET_DEV_CLASS:
4e51eae9 1905 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1aff6f09
JH		 1906 break;
1907 case MGMT_OP_SET_SERVICE_CACHE:
4e51eae9 1908 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1aff6f09 1909 break;
86742e1e
JH		 1910 case MGMT_OP_LOAD_LINK_KEYS:
1911 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 1912 break;
86742e1e
JH		 1913 case MGMT_OP_REMOVE_KEYS:
1914 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 1915 break;
8962ee74 1916 case MGMT_OP_DISCONNECT:
4e51eae9 1917 err = disconnect(sk, index, buf + sizeof(*hdr), len);
8962ee74 1918 break;
2784eb41 1919 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 1920 err = get_connections(sk, index);
2784eb41 1921 break;
980e1a53 1922 case MGMT_OP_PIN_CODE_REPLY:
4e51eae9 1923 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53
JH		 1924 break;
1925 case MGMT_OP_PIN_CODE_NEG_REPLY:
4e51eae9 1926 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53 1927 break;
17fa4b9d 1928 case MGMT_OP_SET_IO_CAPABILITY:
4e51eae9 1929 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
17fa4b9d 1930 break;
e9a416b5 1931 case MGMT_OP_PAIR_DEVICE:
4e51eae9 1932 err = pair_device(sk, index, buf + sizeof(*hdr), len);
e9a416b5 1933 break;
a5c29683 1934 case MGMT_OP_USER_CONFIRM_REPLY:
4e51eae9 1935 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
a5c29683
JH		 1936 break;
1937 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
4e51eae9 1938 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
a5c29683 1939 break;
b312b161
JH		 1940 case MGMT_OP_SET_LOCAL_NAME:
1941 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1942 break;
c35938b2
SJ		 1943 case MGMT_OP_READ_LOCAL_OOB_DATA:
1944 err = read_local_oob_data(sk, index);
1945 break;
2763eda6
SJ		 1946 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1947 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1948 break;
1949 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1950 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1951 len);
1952 break;
14a53664
JH		 1953 case MGMT_OP_START_DISCOVERY:
1954 err = start_discovery(sk, index);
1955 break;
1956 case MGMT_OP_STOP_DISCOVERY:
1957 err = stop_discovery(sk, index);
1958 break;
7fbec224
AJ		 1959 case MGMT_OP_BLOCK_DEVICE:
1960 err = block_device(sk, index, buf + sizeof(*hdr), len);
1961 break;
1962 case MGMT_OP_UNBLOCK_DEVICE:
1963 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1964 break;
f6422ec6
AJ		 1965 case MGMT_OP_SET_FAST_CONNECTABLE:
1966 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1967 len);
1968 break;
0381101f
JH		 1969 default:
1970 BT_DBG("Unknown op %u", opcode);
4e51eae9 1971 err = cmd_status(sk, index, opcode, 0x01);
0381101f
JH		 1972 break;
1973 }
1974
e41d8b4e
JH		 1975 if (err < 0)
1976 goto done;
1977
0381101f
JH		 1978 err = msglen;
1979
1980done:
1981 kfree(buf);
1982 return err;
1983}
c71e97bf 1984
b24752fe
JH		 1985static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1986{
1987 u8 *status = data;
1988
1989 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1990 mgmt_pending_remove(cmd);
1991}
1992
744cf19e 1993int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 1994{
744cf19e 1995 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 1996}
1997
744cf19e 1998int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 1999{
b24752fe
JH		 2000 u8 status = ENODEV;
2001
744cf19e 2002 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2003
744cf19e 2004 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2005}
2006
73f22f62 2007struct cmd_lookup {
72a734ec 2008 u8 val;
eec8d2bc
JH		 2009 struct sock *sk;
2010};
2011
72a734ec 2012static void mode_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2013{
c68fb7ff 2014 struct mgmt_mode *cp = cmd->param;
73f22f62 2015 struct cmd_lookup *match = data;
eec8d2bc 2016
72a734ec 2017 if (cp->val != match->val)
eec8d2bc
JH		 2018 return;
2019
053f0211 2020 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
eec8d2bc
JH		 2021
2022 list_del(&cmd->list);
2023
2024 if (match->sk == NULL) {
2025 match->sk = cmd->sk;
2026 sock_hold(match->sk);
2027 }
2028
2029 mgmt_pending_free(cmd);
c71e97bf 2030}
5add6af8 2031
744cf19e 2032int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2033{
72a734ec 2034 struct mgmt_mode ev;
73f22f62 2035 struct cmd_lookup match = { powered, NULL };
eec8d2bc 2036 int ret;
5add6af8 2037
744cf19e 2038 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
5add6af8 2039
b24752fe
JH		 2040 if (!powered) {
2041 u8 status = ENETDOWN;
744cf19e 2042 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2043 }
2044
72a734ec 2045 ev.val = powered;
eec8d2bc 2046
744cf19e 2047 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
eec8d2bc
JH		 2048
2049 if (match.sk)
2050 sock_put(match.sk);
2051
2052 return ret;
5add6af8 2053}
73f22f62 2054
744cf19e 2055int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2056{
72a734ec 2057 struct mgmt_mode ev;
73f22f62
JH		 2058 struct cmd_lookup match = { discoverable, NULL };
2059 int ret;
2060
744cf19e 2061 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
72a734ec 2062
72a734ec 2063 ev.val = discoverable;
73f22f62 2064
744cf19e 2065 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
4e51eae9 2066 match.sk);
73f22f62
JH		 2067
2068 if (match.sk)
2069 sock_put(match.sk);
2070
2071 return ret;
2072}
9fbcbb45 2073
744cf19e 2074int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2075{
72a734ec 2076 struct mgmt_mode ev;
9fbcbb45
JH		 2077 struct cmd_lookup match = { connectable, NULL };
2078 int ret;
2079
744cf19e 2080 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
9fbcbb45 2081
72a734ec 2082 ev.val = connectable;
9fbcbb45 2083
744cf19e 2084 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2085
2086 if (match.sk)
2087 sock_put(match.sk);
2088
2089 return ret;
2090}
55ed8ca1 2091
744cf19e 2092int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58
JH		 2093{
2094 if (scan & SCAN_PAGE)
744cf19e 2095 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2d7cee58
JH		 2096 cmd_status_rsp, &status);
2097
2098 if (scan & SCAN_INQUIRY)
744cf19e 2099 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2d7cee58
JH		 2100 cmd_status_rsp, &status);
2101
2102 return 0;
2103}
2104
744cf19e
JH		 2105int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2106 u8 persistent)
55ed8ca1 2107{
86742e1e 2108 struct mgmt_ev_new_link_key ev;
55ed8ca1 2109
a492cd52 2110 memset(&ev, 0, sizeof(ev));
55ed8ca1 2111
a492cd52
VCG		 2112 ev.store_hint = persistent;
2113 bacpy(&ev.key.bdaddr, &key->bdaddr);
2114 ev.key.type = key->type;
2115 memcpy(ev.key.val, key->val, 16);
2116 ev.key.pin_len = key->pin_len;
55ed8ca1 2117
744cf19e 2118 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2119}
f7520543 2120
48264f06
JH		 2121int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2122 u8 addr_type)
f7520543 2123{
4c659c39 2124 struct mgmt_addr_info ev;
f7520543 2125
f7520543 2126 bacpy(&ev.bdaddr, bdaddr);
48264f06 2127 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2128
744cf19e 2129 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
f7520543
JH		 2130}
2131
8962ee74
JH		 2132static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2133{
c68fb7ff 2134 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2135 struct sock **sk = data;
a38528f1 2136 struct mgmt_rp_disconnect rp;
8962ee74 2137
a38528f1 2138 bacpy(&rp.bdaddr, &cp->bdaddr);
37d9ef76 2139 rp.status = 0;
8962ee74 2140
4e51eae9 2141 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2142
2143 *sk = cmd->sk;
2144 sock_hold(*sk);
2145
a664b5bc 2146 mgmt_pending_remove(cmd);
8962ee74
JH		 2147}
2148
a8a1d19e
JH		 2149static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2150{
2151 u8 *status = data;
2152 struct mgmt_cp_remove_keys *cp = cmd->param;
2153 struct mgmt_rp_remove_keys rp;
2154
2155 memset(&rp, 0, sizeof(rp));
2156 bacpy(&rp.bdaddr, &cp->bdaddr);
2157 if (status != NULL)
2158 rp.status = *status;
2159
2160 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2161 sizeof(rp));
2162
2163 mgmt_pending_remove(cmd);
2164}
2165
48264f06
JH		 2166int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2167 u8 addr_type)
f7520543 2168{
4c659c39 2169 struct mgmt_addr_info ev;
8962ee74
JH		 2170 struct sock *sk = NULL;
2171 int err;
2172
744cf19e 2173 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2174
f7520543 2175 bacpy(&ev.bdaddr, bdaddr);
48264f06 2176 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2177
744cf19e 2178 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 2179
2180 if (sk)
2181 sock_put(sk);
2182
a8a1d19e
JH		 2183 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2184
8962ee74
JH		 2185 return err;
2186}
2187
37d9ef76 2188int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
8962ee74
JH		 2189{
2190 struct pending_cmd *cmd;
2191 int err;
2192
2e58ef3e 2193 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2194 if (!cmd)
2195 return -ENOENT;
2196
37d9ef76
JH		 2197 if (bdaddr) {
2198 struct mgmt_rp_disconnect rp;
2199
2200 bacpy(&rp.bdaddr, bdaddr);
2201 rp.status = status;
2202
2203 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2204 &rp, sizeof(rp));
2205 } else
2206 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2207 status);
8962ee74 2208
a664b5bc 2209 mgmt_pending_remove(cmd);
8962ee74
JH		 2210
2211 return err;
f7520543 2212}
17d5c04c 2213
48264f06
JH		 2214int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2215 u8 addr_type, u8 status)
17d5c04c
JH		 2216{
2217 struct mgmt_ev_connect_failed ev;
2218
4c659c39 2219 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2220 ev.addr.type = link_to_mgmt(link_type, addr_type);
17d5c04c
JH		 2221 ev.status = status;
2222
744cf19e 2223 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2224}
980e1a53 2225
744cf19e 2226int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2227{
2228 struct mgmt_ev_pin_code_request ev;
2229
980e1a53 2230 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2231 ev.secure = secure;
980e1a53 2232
744cf19e 2233 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2234 NULL);
980e1a53
JH		 2235}
2236
744cf19e
JH		 2237int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2238 u8 status)
980e1a53
JH		 2239{
2240 struct pending_cmd *cmd;
ac56fb13 2241 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2242 int err;
2243
2e58ef3e 2244 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2245 if (!cmd)
2246 return -ENOENT;
2247
ac56fb13
JH		 2248 bacpy(&rp.bdaddr, bdaddr);
2249 rp.status = status;
2250
744cf19e 2251 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2252 sizeof(rp));
980e1a53 2253
a664b5bc 2254 mgmt_pending_remove(cmd);
980e1a53
JH		 2255
2256 return err;
2257}
2258
744cf19e
JH		 2259int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2260 u8 status)
980e1a53
JH		 2261{
2262 struct pending_cmd *cmd;
ac56fb13 2263 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2264 int err;
2265
2e58ef3e 2266 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2267 if (!cmd)
2268 return -ENOENT;
2269
ac56fb13
JH		 2270 bacpy(&rp.bdaddr, bdaddr);
2271 rp.status = status;
2272
744cf19e 2273 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2274 sizeof(rp));
980e1a53 2275
a664b5bc 2276 mgmt_pending_remove(cmd);
980e1a53
JH		 2277
2278 return err;
2279}
a5c29683 2280
744cf19e
JH		 2281int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2282 __le32 value, u8 confirm_hint)
a5c29683
JH		 2283{
2284 struct mgmt_ev_user_confirm_request ev;
2285
744cf19e 2286 BT_DBG("%s", hdev->name);
a5c29683 2287
a5c29683 2288 bacpy(&ev.bdaddr, bdaddr);
55bc1a37 2289 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2290 put_unaligned_le32(value, &ev.value);
2291
744cf19e 2292 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2293 NULL);
a5c29683
JH		 2294}
2295
744cf19e
JH		 2296static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2297 u8 status, u8 opcode)
a5c29683
JH		 2298{
2299 struct pending_cmd *cmd;
2300 struct mgmt_rp_user_confirm_reply rp;
2301 int err;
2302
2e58ef3e 2303 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2304 if (!cmd)
2305 return -ENOENT;
2306
a5c29683
JH		 2307 bacpy(&rp.bdaddr, bdaddr);
2308 rp.status = status;
744cf19e 2309 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2310
a664b5bc 2311 mgmt_pending_remove(cmd);
a5c29683
JH		 2312
2313 return err;
2314}
2315
744cf19e
JH		 2316int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2317 u8 status)
a5c29683 2318{
744cf19e 2319 return confirm_reply_complete(hdev, bdaddr, status,
a5c29683
JH		 2320 MGMT_OP_USER_CONFIRM_REPLY);
2321}
2322
744cf19e
JH		 2323int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2324 bdaddr_t *bdaddr, u8 status)
a5c29683 2325{
744cf19e 2326 return confirm_reply_complete(hdev, bdaddr, status,
a5c29683
JH		 2327 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2328}
2a611692 2329
744cf19e 2330int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2a611692
JH		 2331{
2332 struct mgmt_ev_auth_failed ev;
2333
2a611692
JH		 2334 bacpy(&ev.bdaddr, bdaddr);
2335 ev.status = status;
2336
744cf19e 2337 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2338}
b312b161 2339
744cf19e 2340int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2341{
2342 struct pending_cmd *cmd;
2343 struct mgmt_cp_set_local_name ev;
2344 int err;
2345
2346 memset(&ev, 0, sizeof(ev));
2347 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2348
2e58ef3e 2349 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2350 if (!cmd)
2351 goto send_event;
2352
2353 if (status) {
744cf19e
JH		 2354 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2355 EIO);
b312b161
JH		 2356 goto failed;
2357 }
2358
744cf19e 2359 update_eir(hdev);
80a1e1db 2360
744cf19e 2361 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2362 sizeof(ev));
2363 if (err < 0)
2364 goto failed;
2365
2366send_event:
744cf19e 2367 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2368 cmd ? cmd->sk : NULL);
2369
2370failed:
2371 if (cmd)
2372 mgmt_pending_remove(cmd);
2373 return err;
2374}
c35938b2 2375
744cf19e
JH		 2376int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2377 u8 *randomizer, u8 status)
c35938b2
SJ		 2378{
2379 struct pending_cmd *cmd;
2380 int err;
2381
744cf19e 2382 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2383
2e58ef3e 2384 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2385 if (!cmd)
2386 return -ENOENT;
2387
2388 if (status) {
744cf19e
JH		 2389 err = cmd_status(cmd->sk, hdev->id,
2390 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
c35938b2
SJ		 2391 } else {
2392 struct mgmt_rp_read_local_oob_data rp;
2393
2394 memcpy(rp.hash, hash, sizeof(rp.hash));
2395 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2396
744cf19e
JH		 2397 err = cmd_complete(cmd->sk, hdev->id,
2398 MGMT_OP_READ_LOCAL_OOB_DATA,
2399 &rp, sizeof(rp));
c35938b2
SJ		 2400 }
2401
2402 mgmt_pending_remove(cmd);
2403
2404 return err;
2405}
e17acd40 2406
48264f06
JH		 2407int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2408 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
e17acd40
JH		 2409{
2410 struct mgmt_ev_device_found ev;
2411
2412 memset(&ev, 0, sizeof(ev));
2413
4c659c39 2414 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2415 ev.addr.type = link_to_mgmt(link_type, addr_type);
e17acd40
JH		 2416 ev.rssi = rssi;
2417
2418 if (eir)
2419 memcpy(ev.eir, eir, sizeof(ev.eir));
2420
f8523598
AG		 2421 if (dev_class)
2422 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2423
744cf19e 2424 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
e17acd40 2425}
a88a9652 2426
744cf19e 2427int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
a88a9652
JH		 2428{
2429 struct mgmt_ev_remote_name ev;
2430
2431 memset(&ev, 0, sizeof(ev));
2432
2433 bacpy(&ev.bdaddr, bdaddr);
2434 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2435
744cf19e 2436 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
a88a9652 2437}
314b2381 2438
7a135109 2439int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2440{
2441 struct pending_cmd *cmd;
2442 int err;
2443
2e58ef3e 2444 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 2445 if (!cmd)
2446 return -ENOENT;
2447
744cf19e 2448 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
164a6e78
JH		 2449 mgmt_pending_remove(cmd);
2450
2451 return err;
2452}
2453
e6d465cb
AG		 2454int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2455{
2456 struct pending_cmd *cmd;
2457 int err;
2458
2459 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2460 if (!cmd)
2461 return -ENOENT;
2462
2463 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
2464 mgmt_pending_remove(cmd);
2465
2466 return err;
2467}
2468
744cf19e 2469int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 2470{
164a6e78
JH		 2471 struct pending_cmd *cmd;
2472
2473 if (discovering)
2e58ef3e 2474 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 2475 else
2e58ef3e 2476 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 2477
2478 if (cmd != NULL) {
744cf19e 2479 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 2480 mgmt_pending_remove(cmd);
2481 }
2482
744cf19e 2483 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 2484 sizeof(discovering), NULL);
2485}
5e762444 2486
744cf19e 2487int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2488{
2489 struct pending_cmd *cmd;
2490 struct mgmt_ev_device_blocked ev;
2491
2e58ef3e 2492 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444
AJ		 2493
2494 bacpy(&ev.bdaddr, bdaddr);
2495
744cf19e
JH		 2496 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2497 cmd ? cmd->sk : NULL);
5e762444
AJ		 2498}
2499
744cf19e 2500int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2501{
2502 struct pending_cmd *cmd;
2503 struct mgmt_ev_device_unblocked ev;
2504
2e58ef3e 2505 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444
AJ		 2506
2507 bacpy(&ev.bdaddr, bdaddr);
2508
744cf19e
JH		 2509 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2510 cmd ? cmd->sk : NULL);
5e762444 2511}
Linux kernel - Deliverables
This page took 0.279911 seconds and 5 git commands to generate.