projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add missing hci_dev locking when calling mgmt functions
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
72359753 25#include <linux/uaccess.h>
0381101f
JH		 26#include <asm/unaligned.h>
27
28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/hci_core.h>
30#include <net/bluetooth/mgmt.h>
31
02d98129
JH		 32#define MGMT_VERSION 0
33#define MGMT_REVISION 1
34
2519a1fc
AG		 35#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
36
eec8d2bc
JH		 37struct pending_cmd {
38 struct list_head list;
39 __u16 opcode;
40 int index;
c68fb7ff 41 void *param;
eec8d2bc 42 struct sock *sk;
e9a416b5 43 void *user_data;
eec8d2bc
JH		 44};
45
4e51eae9 46static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 47{
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
56b7d137 51 int err;
f7b64e69 52
34eb525c 53 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 54
55 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
56 if (!skb)
57 return -ENOMEM;
58
59 hdr = (void *) skb_put(skb, sizeof(*hdr));
60
61 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 62 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 63 hdr->len = cpu_to_le16(sizeof(*ev));
64
65 ev = (void *) skb_put(skb, sizeof(*ev));
66 ev->status = status;
67 put_unaligned_le16(cmd, &ev->opcode);
68
56b7d137
GP		 69 err = sock_queue_rcv_skb(sk, skb);
70 if (err < 0)
f7b64e69
JH		 71 kfree_skb(skb);
72
56b7d137 73 return err;
f7b64e69
JH		 74}
75
4e51eae9
SJ		 76static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
77 size_t rp_len)
02d98129
JH		 78{
79 struct sk_buff *skb;
80 struct mgmt_hdr *hdr;
81 struct mgmt_ev_cmd_complete *ev;
56b7d137 82 int err;
02d98129
JH		 83
84 BT_DBG("sock %p", sk);
85
a38528f1 86 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 87 if (!skb)
88 return -ENOMEM;
89
90 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 91
a38528f1 92 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 93 hdr->index = cpu_to_le16(index);
a38528f1 94 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 95
a38528f1
JH		 96 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
97 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 98
99 if (rp)
100 memcpy(ev->data, rp, rp_len);
02d98129 101
56b7d137
GP		 102 err = sock_queue_rcv_skb(sk, skb);
103 if (err < 0)
02d98129
JH		 104 kfree_skb(skb);
105
56b7d137 106 return err;;
02d98129
JH		 107}
108
a38528f1
JH		 109static int read_version(struct sock *sk)
110{
111 struct mgmt_rp_read_version rp;
112
113 BT_DBG("sock %p", sk);
114
115 rp.version = MGMT_VERSION;
116 put_unaligned_le16(MGMT_REVISION, &rp.revision);
117
4e51eae9
SJ		 118 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
119 sizeof(rp));
a38528f1
JH		 120}
121
faba42eb
JH		 122static int read_index_list(struct sock *sk)
123{
faba42eb
JH		 124 struct mgmt_rp_read_index_list *rp;
125 struct list_head *p;
8035ded4 126 struct hci_dev *d;
a38528f1 127 size_t rp_len;
faba42eb 128 u16 count;
a38528f1 129 int i, err;
faba42eb
JH		 130
131 BT_DBG("sock %p", sk);
132
133 read_lock(&hci_dev_list_lock);
134
135 count = 0;
136 list_for_each(p, &hci_dev_list) {
137 count++;
138 }
139
a38528f1
JH		 140 rp_len = sizeof(*rp) + (2 * count);
141 rp = kmalloc(rp_len, GFP_ATOMIC);
142 if (!rp) {
b2c60d42 143 read_unlock(&hci_dev_list_lock);
faba42eb 144 return -ENOMEM;
b2c60d42 145 }
faba42eb 146
faba42eb
JH		 147 put_unaligned_le16(count, &rp->num_controllers);
148
149 i = 0;
8035ded4 150 list_for_each_entry(d, &hci_dev_list, list) {
3243553f
JH		 151 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
152 cancel_delayed_work_sync(&d->power_off);
ab81cbf9
JH		 153
154 if (test_bit(HCI_SETUP, &d->flags))
155 continue;
156
faba42eb
JH		 157 put_unaligned_le16(d->id, &rp->index[i++]);
158 BT_DBG("Added hci%u", d->id);
159 }
160
161 read_unlock(&hci_dev_list_lock);
162
4e51eae9
SJ		 163 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
164 rp_len);
faba42eb 165
a38528f1
JH		 166 kfree(rp);
167
168 return err;
faba42eb
JH		 169}
170
4e51eae9 171static int read_controller_info(struct sock *sk, u16 index)
0381101f 172{
a38528f1 173 struct mgmt_rp_read_info rp;
f7b64e69 174 struct hci_dev *hdev;
0381101f 175
4e51eae9 176 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 177
4e51eae9 178 hdev = hci_dev_get(index);
a38528f1 179 if (!hdev)
4e51eae9 180 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
f7b64e69 181
3243553f
JH		 182 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
183 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 184
8c156c32 185 hci_dev_lock_bh(hdev);
f7b64e69 186
ebc99feb
JH		 187 set_bit(HCI_MGMT, &hdev->flags);
188
dc4fe30b
JH		 189 memset(&rp, 0, sizeof(rp));
190
a38528f1 191 rp.type = hdev->dev_type;
f7b64e69 192
a38528f1
JH		 193 rp.powered = test_bit(HCI_UP, &hdev->flags);
194 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
195 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
196 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
f7b64e69
JH		 197
198 if (test_bit(HCI_AUTH, &hdev->flags))
a38528f1 199 rp.sec_mode = 3;
f7b64e69 200 else if (hdev->ssp_mode > 0)
a38528f1 201 rp.sec_mode = 4;
f7b64e69 202 else
a38528f1 203 rp.sec_mode = 2;
f7b64e69 204
a38528f1
JH		 205 bacpy(&rp.bdaddr, &hdev->bdaddr);
206 memcpy(rp.features, hdev->features, 8);
207 memcpy(rp.dev_class, hdev->dev_class, 3);
208 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
209 rp.hci_ver = hdev->hci_ver;
210 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
f7b64e69 211
dc4fe30b
JH		 212 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
213
8c156c32 214 hci_dev_unlock_bh(hdev);
f7b64e69 215 hci_dev_put(hdev);
0381101f 216
4e51eae9 217 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 218}
219
eec8d2bc
JH		 220static void mgmt_pending_free(struct pending_cmd *cmd)
221{
222 sock_put(cmd->sk);
c68fb7ff 223 kfree(cmd->param);
eec8d2bc
JH		 224 kfree(cmd);
225}
226
366a0336 227static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 228 struct hci_dev *hdev,
229 void *data, u16 len)
eec8d2bc
JH		 230{
231 struct pending_cmd *cmd;
232
233 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
234 if (!cmd)
366a0336 235 return NULL;
eec8d2bc
JH		 236
237 cmd->opcode = opcode;
2e58ef3e 238 cmd->index = hdev->id;
eec8d2bc 239
c68fb7ff
SJ		 240 cmd->param = kmalloc(len, GFP_ATOMIC);
241 if (!cmd->param) {
eec8d2bc 242 kfree(cmd);
366a0336 243 return NULL;
eec8d2bc
JH		 244 }
245
8fce6357
SJ		 246 if (data)
247 memcpy(cmd->param, data, len);
eec8d2bc
JH		 248
249 cmd->sk = sk;
250 sock_hold(sk);
251
2e58ef3e 252 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 253
366a0336 254 return cmd;
eec8d2bc
JH		 255}
256
744cf19e 257static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 258 void (*cb)(struct pending_cmd *cmd, void *data),
259 void *data)
260{
261 struct list_head *p, *n;
262
2e58ef3e 263 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 264 struct pending_cmd *cmd;
265
266 cmd = list_entry(p, struct pending_cmd, list);
267
b24752fe 268 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 269 continue;
270
744cf19e 271 if (hdev && cmd->index != hdev->id)
eec8d2bc
JH		 272 continue;
273
274 cb(cmd, data);
275 }
276}
277
2e58ef3e 278static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 279{
8035ded4 280 struct pending_cmd *cmd;
eec8d2bc 281
2e58ef3e 282 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
eec8d2bc
JH		 283 if (cmd->opcode != opcode)
284 continue;
285
2e58ef3e 286 if (hdev && cmd->index != hdev->id)
eec8d2bc
JH		 287 continue;
288
289 return cmd;
290 }
291
292 return NULL;
293}
294
a664b5bc 295static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 296{
73f22f62
JH		 297 list_del(&cmd->list);
298 mgmt_pending_free(cmd);
299}
300
4e51eae9 301static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
eec8d2bc 302{
72a734ec 303 struct mgmt_mode *cp;
eec8d2bc 304 struct hci_dev *hdev;
366a0336 305 struct pending_cmd *cmd;
366a0336 306 int err, up;
eec8d2bc
JH		 307
308 cp = (void *) data;
eec8d2bc 309
4e51eae9 310 BT_DBG("request for hci%u", index);
eec8d2bc 311
bdce7baf
SJ		 312 if (len != sizeof(*cp))
313 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314
4e51eae9 315 hdev = hci_dev_get(index);
eec8d2bc 316 if (!hdev)
4e51eae9 317 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
eec8d2bc 318
8c156c32 319 hci_dev_lock_bh(hdev);
eec8d2bc
JH		 320
321 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 322 if ((cp->val && up) || (!cp->val && !up)) {
4e51eae9 323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
eec8d2bc
JH		 324 goto failed;
325 }
326
2e58ef3e 327 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
4e51eae9 328 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
eec8d2bc
JH		 329 goto failed;
330 }
331
2e58ef3e 332 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 333 if (!cmd) {
334 err = -ENOMEM;
eec8d2bc 335 goto failed;
366a0336 336 }
eec8d2bc 337
72a734ec 338 if (cp->val)
eec8d2bc
JH		 339 queue_work(hdev->workqueue, &hdev->power_on);
340 else
3243553f 341 queue_work(hdev->workqueue, &hdev->power_off.work);
eec8d2bc 342
366a0336 343 err = 0;
eec8d2bc
JH		 344
345failed:
8c156c32 346 hci_dev_unlock_bh(hdev);
eec8d2bc 347 hci_dev_put(hdev);
366a0336 348 return err;
eec8d2bc
JH		 349}
350
4e51eae9
SJ		 351static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352 u16 len)
73f22f62 353{
16ab91ab 354 struct mgmt_cp_set_discoverable *cp;
73f22f62 355 struct hci_dev *hdev;
366a0336 356 struct pending_cmd *cmd;
73f22f62
JH		 357 u8 scan;
358 int err;
359
360 cp = (void *) data;
73f22f62 361
4e51eae9 362 BT_DBG("request for hci%u", index);
73f22f62 363
bdce7baf
SJ		 364 if (len != sizeof(*cp))
365 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366
4e51eae9 367 hdev = hci_dev_get(index);
73f22f62 368 if (!hdev)
4e51eae9 369 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
73f22f62 370
8c156c32 371 hci_dev_lock_bh(hdev);
73f22f62
JH		 372
373 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 374 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
73f22f62
JH		 375 goto failed;
376 }
377
2e58ef3e
JH		 378 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
379 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
4e51eae9 380 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
73f22f62
JH		 381 goto failed;
382 }
383
72a734ec 384 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 385 test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 386 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
73f22f62
JH		 387 goto failed;
388 }
389
2e58ef3e 390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 391 if (!cmd) {
392 err = -ENOMEM;
73f22f62 393 goto failed;
366a0336 394 }
73f22f62
JH		 395
396 scan = SCAN_PAGE;
397
72a734ec 398 if (cp->val)
73f22f62 399 scan |= SCAN_INQUIRY;
16ab91ab
JH		 400 else
401 cancel_delayed_work_sync(&hdev->discov_off);
73f22f62
JH		 402
403 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
404 if (err < 0)
a664b5bc 405 mgmt_pending_remove(cmd);
73f22f62 406
16ab91ab
JH		 407 if (cp->val)
408 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
409
73f22f62 410failed:
8c156c32 411 hci_dev_unlock_bh(hdev);
73f22f62
JH		 412 hci_dev_put(hdev);
413
414 return err;
415}
416
4e51eae9
SJ		 417static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
418 u16 len)
9fbcbb45 419{
72a734ec 420 struct mgmt_mode *cp;
9fbcbb45 421 struct hci_dev *hdev;
366a0336 422 struct pending_cmd *cmd;
9fbcbb45
JH		 423 u8 scan;
424 int err;
425
426 cp = (void *) data;
9fbcbb45 427
4e51eae9 428 BT_DBG("request for hci%u", index);
9fbcbb45 429
bdce7baf
SJ		 430 if (len != sizeof(*cp))
431 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
432
4e51eae9 433 hdev = hci_dev_get(index);
9fbcbb45 434 if (!hdev)
4e51eae9 435 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
9fbcbb45 436
8c156c32 437 hci_dev_lock_bh(hdev);
9fbcbb45
JH		 438
439 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 440 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
9fbcbb45
JH		 441 goto failed;
442 }
443
2e58ef3e
JH		 444 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
445 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
4e51eae9 446 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
9fbcbb45
JH		 447 goto failed;
448 }
449
72a734ec 450 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
4e51eae9 451 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
9fbcbb45
JH		 452 goto failed;
453 }
454
2e58ef3e 455 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 456 if (!cmd) {
457 err = -ENOMEM;
9fbcbb45 458 goto failed;
366a0336 459 }
9fbcbb45 460
72a734ec 461 if (cp->val)
9fbcbb45
JH		 462 scan = SCAN_PAGE;
463 else
464 scan = 0;
465
466 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
467 if (err < 0)
a664b5bc 468 mgmt_pending_remove(cmd);
9fbcbb45
JH		 469
470failed:
8c156c32 471 hci_dev_unlock_bh(hdev);
9fbcbb45
JH		 472 hci_dev_put(hdev);
473
474 return err;
475}
476
744cf19e
JH		 477static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
478 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 479{
480 struct sk_buff *skb;
481 struct mgmt_hdr *hdr;
482
483 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
484 if (!skb)
485 return -ENOMEM;
486
487 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
488
489 hdr = (void *) skb_put(skb, sizeof(*hdr));
490 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 491 if (hdev)
492 hdr->index = cpu_to_le16(hdev->id);
493 else
494 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 495 hdr->len = cpu_to_le16(data_len);
496
4e51eae9
SJ		 497 if (data)
498 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 499
500 hci_send_to_sock(NULL, skb, skip_sk);
501 kfree_skb(skb);
502
503 return 0;
504}
505
053f0211
JH		 506static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
507{
a38528f1 508 struct mgmt_mode rp;
053f0211 509
a38528f1 510 rp.val = val;
053f0211 511
4e51eae9 512 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
053f0211
JH		 513}
514
4e51eae9
SJ		 515static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
516 u16 len)
c542a06c
JH		 517{
518 struct mgmt_mode *cp, ev;
519 struct hci_dev *hdev;
c542a06c
JH		 520 int err;
521
522 cp = (void *) data;
c542a06c 523
4e51eae9 524 BT_DBG("request for hci%u", index);
c542a06c 525
bdce7baf
SJ		 526 if (len != sizeof(*cp))
527 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
528
4e51eae9 529 hdev = hci_dev_get(index);
c542a06c 530 if (!hdev)
4e51eae9 531 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
c542a06c 532
8c156c32 533 hci_dev_lock_bh(hdev);
c542a06c
JH		 534
535 if (cp->val)
536 set_bit(HCI_PAIRABLE, &hdev->flags);
537 else
538 clear_bit(HCI_PAIRABLE, &hdev->flags);
539
4e51eae9 540 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
c542a06c
JH		 541 if (err < 0)
542 goto failed;
543
c542a06c
JH		 544 ev.val = cp->val;
545
744cf19e 546 err = mgmt_event(MGMT_EV_PAIRABLE, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 547
548failed:
8c156c32 549 hci_dev_unlock_bh(hdev);
c542a06c
JH		 550 hci_dev_put(hdev);
551
552 return err;
553}
554
80a1e1db
JH		 555#define EIR_FLAGS 0x01 /* flags */
556#define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
557#define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
558#define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
559#define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
560#define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
561#define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
562#define EIR_NAME_SHORT 0x08 /* shortened local name */
563#define EIR_NAME_COMPLETE 0x09 /* complete local name */
564#define EIR_TX_POWER 0x0A /* transmit power level */
565#define EIR_DEVICE_ID 0x10 /* device ID */
566
567#define PNP_INFO_SVCLASS_ID 0x1200
568
569static u8 bluetooth_base_uuid[] = {
570 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
571 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
572};
573
574static u16 get_uuid16(u8 *uuid128)
575{
576 u32 val;
577 int i;
578
579 for (i = 0; i < 12; i++) {
580 if (bluetooth_base_uuid[i] != uuid128[i])
581 return 0;
582 }
583
584 memcpy(&val, &uuid128[12], 4);
585
586 val = le32_to_cpu(val);
587 if (val > 0xffff)
588 return 0;
589
590 return (u16) val;
591}
592
593static void create_eir(struct hci_dev *hdev, u8 *data)
594{
595 u8 *ptr = data;
596 u16 eir_len = 0;
597 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
598 int i, truncated = 0;
8035ded4 599 struct bt_uuid *uuid;
80a1e1db
JH		 600 size_t name_len;
601
602 name_len = strlen(hdev->dev_name);
603
604 if (name_len > 0) {
605 /* EIR Data type */
606 if (name_len > 48) {
607 name_len = 48;
608 ptr[1] = EIR_NAME_SHORT;
609 } else
610 ptr[1] = EIR_NAME_COMPLETE;
611
612 /* EIR Data length */
613 ptr[0] = name_len + 1;
614
615 memcpy(ptr + 2, hdev->dev_name, name_len);
616
617 eir_len += (name_len + 2);
618 ptr += (name_len + 2);
619 }
620
621 memset(uuid16_list, 0, sizeof(uuid16_list));
622
623 /* Group all UUID16 types */
8035ded4 624 list_for_each_entry(uuid, &hdev->uuids, list) {
80a1e1db
JH		 625 u16 uuid16;
626
627 uuid16 = get_uuid16(uuid->uuid);
628 if (uuid16 == 0)
629 return;
630
631 if (uuid16 < 0x1100)
632 continue;
633
634 if (uuid16 == PNP_INFO_SVCLASS_ID)
635 continue;
636
637 /* Stop if not enough space to put next UUID */
638 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
639 truncated = 1;
640 break;
641 }
642
643 /* Check for duplicates */
644 for (i = 0; uuid16_list[i] != 0; i++)
645 if (uuid16_list[i] == uuid16)
646 break;
647
648 if (uuid16_list[i] == 0) {
649 uuid16_list[i] = uuid16;
650 eir_len += sizeof(u16);
651 }
652 }
653
654 if (uuid16_list[0] != 0) {
655 u8 *length = ptr;
656
657 /* EIR Data type */
658 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
659
660 ptr += 2;
661 eir_len += 2;
662
663 for (i = 0; uuid16_list[i] != 0; i++) {
664 *ptr++ = (uuid16_list[i] & 0x00ff);
665 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
666 }
667
668 /* EIR Data length */
669 *length = (i * sizeof(u16)) + 1;
670 }
671}
672
673static int update_eir(struct hci_dev *hdev)
674{
675 struct hci_cp_write_eir cp;
676
677 if (!(hdev->features[6] & LMP_EXT_INQ))
678 return 0;
679
680 if (hdev->ssp_mode == 0)
681 return 0;
682
683 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
684 return 0;
685
686 memset(&cp, 0, sizeof(cp));
687
688 create_eir(hdev, cp.data);
689
690 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
691 return 0;
692
693 memcpy(hdev->eir, cp.data, sizeof(cp.data));
694
695 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
696}
697
1aff6f09
JH		 698static u8 get_service_classes(struct hci_dev *hdev)
699{
12dc0743 700 struct bt_uuid *uuid;
1aff6f09
JH		 701 u8 val = 0;
702
12dc0743 703 list_for_each_entry(uuid, &hdev->uuids, list)
1aff6f09 704 val |= uuid->svc_hint;
1aff6f09
JH		 705
706 return val;
707}
708
709static int update_class(struct hci_dev *hdev)
710{
711 u8 cod[3];
712
713 BT_DBG("%s", hdev->name);
714
715 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
716 return 0;
717
718 cod[0] = hdev->minor_class;
719 cod[1] = hdev->major_class;
720 cod[2] = get_service_classes(hdev);
721
722 if (memcmp(cod, hdev->dev_class, 3) == 0)
723 return 0;
724
725 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
726}
727
4e51eae9 728static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 729{
730 struct mgmt_cp_add_uuid *cp;
731 struct hci_dev *hdev;
732 struct bt_uuid *uuid;
2aeb9a1a
JH		 733 int err;
734
735 cp = (void *) data;
2aeb9a1a 736
4e51eae9 737 BT_DBG("request for hci%u", index);
2aeb9a1a 738
bdce7baf
SJ		 739 if (len != sizeof(*cp))
740 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
741
4e51eae9 742 hdev = hci_dev_get(index);
2aeb9a1a 743 if (!hdev)
4e51eae9 744 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
2aeb9a1a 745
8c156c32 746 hci_dev_lock_bh(hdev);
2aeb9a1a
JH		 747
748 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
749 if (!uuid) {
750 err = -ENOMEM;
751 goto failed;
752 }
753
754 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 755 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 756
757 list_add(&uuid->list, &hdev->uuids);
758
1aff6f09
JH		 759 err = update_class(hdev);
760 if (err < 0)
761 goto failed;
762
80a1e1db
JH		 763 err = update_eir(hdev);
764 if (err < 0)
765 goto failed;
766
4e51eae9 767 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 768
769failed:
8c156c32 770 hci_dev_unlock_bh(hdev);
2aeb9a1a
JH		 771 hci_dev_put(hdev);
772
773 return err;
774}
775
4e51eae9 776static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 777{
778 struct list_head *p, *n;
779cb850 779 struct mgmt_cp_remove_uuid *cp;
2aeb9a1a
JH		 780 struct hci_dev *hdev;
781 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 782 int err, found;
783
784 cp = (void *) data;
2aeb9a1a 785
4e51eae9 786 BT_DBG("request for hci%u", index);
2aeb9a1a 787
bdce7baf
SJ		 788 if (len != sizeof(*cp))
789 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
790
4e51eae9 791 hdev = hci_dev_get(index);
2aeb9a1a 792 if (!hdev)
4e51eae9 793 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
2aeb9a1a 794
8c156c32 795 hci_dev_lock_bh(hdev);
2aeb9a1a
JH		 796
797 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
798 err = hci_uuids_clear(hdev);
799 goto unlock;
800 }
801
802 found = 0;
803
804 list_for_each_safe(p, n, &hdev->uuids) {
805 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
806
807 if (memcmp(match->uuid, cp->uuid, 16) != 0)
808 continue;
809
810 list_del(&match->list);
811 found++;
812 }
813
814 if (found == 0) {
4e51eae9 815 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
2aeb9a1a
JH		 816 goto unlock;
817 }
818
1aff6f09
JH		 819 err = update_class(hdev);
820 if (err < 0)
821 goto unlock;
822
80a1e1db
JH		 823 err = update_eir(hdev);
824 if (err < 0)
825 goto unlock;
826
4e51eae9 827 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 828
829unlock:
8c156c32 830 hci_dev_unlock_bh(hdev);
2aeb9a1a
JH		 831 hci_dev_put(hdev);
832
833 return err;
834}
835
4e51eae9
SJ		 836static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
837 u16 len)
1aff6f09
JH		 838{
839 struct hci_dev *hdev;
840 struct mgmt_cp_set_dev_class *cp;
1aff6f09
JH		 841 int err;
842
843 cp = (void *) data;
1aff6f09 844
4e51eae9 845 BT_DBG("request for hci%u", index);
1aff6f09 846
bdce7baf
SJ		 847 if (len != sizeof(*cp))
848 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
849
4e51eae9 850 hdev = hci_dev_get(index);
1aff6f09 851 if (!hdev)
4e51eae9 852 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
1aff6f09 853
8c156c32 854 hci_dev_lock_bh(hdev);
1aff6f09
JH		 855
856 hdev->major_class = cp->major;
857 hdev->minor_class = cp->minor;
858
859 err = update_class(hdev);
860
861 if (err == 0)
4e51eae9 862 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 863
8c156c32 864 hci_dev_unlock_bh(hdev);
1aff6f09
JH		 865 hci_dev_put(hdev);
866
867 return err;
868}
869
4e51eae9
SJ		 870static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
871 u16 len)
1aff6f09
JH		 872{
873 struct hci_dev *hdev;
874 struct mgmt_cp_set_service_cache *cp;
1aff6f09
JH		 875 int err;
876
877 cp = (void *) data;
1aff6f09 878
bdce7baf 879 if (len != sizeof(*cp))
b8534e0f 880 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
bdce7baf 881
4e51eae9 882 hdev = hci_dev_get(index);
1aff6f09 883 if (!hdev)
4e51eae9 884 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
1aff6f09 885
8c156c32 886 hci_dev_lock_bh(hdev);
1aff6f09 887
4e51eae9 888 BT_DBG("hci%u enable %d", index, cp->enable);
1aff6f09
JH		 889
890 if (cp->enable) {
891 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
892 err = 0;
893 } else {
894 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
895 err = update_class(hdev);
80a1e1db
JH		 896 if (err == 0)
897 err = update_eir(hdev);
1aff6f09
JH		 898 }
899
900 if (err == 0)
4e51eae9
SJ		 901 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
902 0);
e5b82e58
GP		 903 else
904 cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, -err);
905
1aff6f09 906
8c156c32 907 hci_dev_unlock_bh(hdev);
1aff6f09
JH		 908 hci_dev_put(hdev);
909
910 return err;
911}
912
86742e1e
JH		 913static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
914 u16 len)
55ed8ca1
JH		 915{
916 struct hci_dev *hdev;
86742e1e 917 struct mgmt_cp_load_link_keys *cp;
4e51eae9 918 u16 key_count, expected_len;
a492cd52 919 int i;
55ed8ca1
JH		 920
921 cp = (void *) data;
bdce7baf
SJ		 922
923 if (len < sizeof(*cp))
86742e1e 924 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
bdce7baf 925
55ed8ca1
JH		 926 key_count = get_unaligned_le16(&cp->key_count);
927
86742e1e
JH		 928 expected_len = sizeof(*cp) + key_count *
929 sizeof(struct mgmt_link_key_info);
a492cd52 930 if (expected_len != len) {
86742e1e 931 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 932 len, expected_len);
86742e1e 933 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, EINVAL);
55ed8ca1
JH		 934 }
935
4e51eae9 936 hdev = hci_dev_get(index);
55ed8ca1 937 if (!hdev)
86742e1e 938 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS, ENODEV);
55ed8ca1 939
4e51eae9 940 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 941 key_count);
942
8c156c32 943 hci_dev_lock_bh(hdev);
55ed8ca1
JH		 944
945 hci_link_keys_clear(hdev);
946
947 set_bit(HCI_LINK_KEYS, &hdev->flags);
948
949 if (cp->debug_keys)
950 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
951 else
952 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
953
a492cd52 954 for (i = 0; i < key_count; i++) {
86742e1e 955 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 956
d25e28ab 957 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 958 key->pin_len);
959 }
960
8c156c32 961 hci_dev_unlock_bh(hdev);
55ed8ca1
JH		 962 hci_dev_put(hdev);
963
a492cd52 964 return 0;
55ed8ca1
JH		 965}
966
86742e1e
JH		 967static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
968 u16 len)
55ed8ca1
JH		 969{
970 struct hci_dev *hdev;
86742e1e 971 struct mgmt_cp_remove_keys *cp;
55ed8ca1 972 struct hci_conn *conn;
55ed8ca1
JH		 973 int err;
974
975 cp = (void *) data;
55ed8ca1 976
bdce7baf 977 if (len != sizeof(*cp))
86742e1e 978 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, EINVAL);
bdce7baf 979
4e51eae9 980 hdev = hci_dev_get(index);
55ed8ca1 981 if (!hdev)
86742e1e 982 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, ENODEV);
55ed8ca1 983
8c156c32 984 hci_dev_lock_bh(hdev);
55ed8ca1
JH		 985
986 err = hci_remove_link_key(hdev, &cp->bdaddr);
987 if (err < 0) {
86742e1e 988 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
55ed8ca1
JH		 989 goto unlock;
990 }
991
992 err = 0;
993
994 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
995 goto unlock;
996
997 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
998 if (conn) {
999 struct hci_cp_disconnect dc;
1000
1001 put_unaligned_le16(conn->handle, &dc.handle);
1002 dc.reason = 0x13; /* Remote User Terminated Connection */
94ac0272 1003 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
55ed8ca1
JH		 1004 }
1005
1006unlock:
8c156c32 1007 hci_dev_unlock_bh(hdev);
55ed8ca1
JH		 1008 hci_dev_put(hdev);
1009
1010 return err;
1011}
1012
4e51eae9 1013static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
8962ee74
JH		 1014{
1015 struct hci_dev *hdev;
1016 struct mgmt_cp_disconnect *cp;
1017 struct hci_cp_disconnect dc;
366a0336 1018 struct pending_cmd *cmd;
8962ee74 1019 struct hci_conn *conn;
8962ee74
JH		 1020 int err;
1021
1022 BT_DBG("");
1023
1024 cp = (void *) data;
8962ee74 1025
bdce7baf
SJ		 1026 if (len != sizeof(*cp))
1027 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1028
4e51eae9 1029 hdev = hci_dev_get(index);
8962ee74 1030 if (!hdev)
4e51eae9 1031 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
8962ee74 1032
8c156c32 1033 hci_dev_lock_bh(hdev);
8962ee74
JH		 1034
1035 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1036 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
8962ee74
JH		 1037 goto failed;
1038 }
1039
2e58ef3e 1040 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
4e51eae9 1041 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
8962ee74
JH		 1042 goto failed;
1043 }
1044
1045 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
365227e5
VCG		 1046 if (!conn)
1047 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1048
8962ee74 1049 if (!conn) {
4e51eae9 1050 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
8962ee74
JH		 1051 goto failed;
1052 }
1053
2e58ef3e 1054 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1055 if (!cmd) {
1056 err = -ENOMEM;
8962ee74 1057 goto failed;
366a0336 1058 }
8962ee74
JH		 1059
1060 put_unaligned_le16(conn->handle, &dc.handle);
1061 dc.reason = 0x13; /* Remote User Terminated Connection */
1062
1063 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1064 if (err < 0)
a664b5bc 1065 mgmt_pending_remove(cmd);
8962ee74
JH		 1066
1067failed:
8c156c32 1068 hci_dev_unlock_bh(hdev);
8962ee74
JH		 1069 hci_dev_put(hdev);
1070
1071 return err;
1072}
1073
4c659c39
JH		 1074static u8 link_to_mgmt(u8 link_type)
1075{
1076 switch (link_type) {
1077 case LE_LINK:
1078 return MGMT_ADDR_LE;
1079 case ACL_LINK:
1080 return MGMT_ADDR_BREDR;
1081 default:
1082 return MGMT_ADDR_INVALID;
1083 }
1084}
1085
8ce6284e 1086static int get_connections(struct sock *sk, u16 index)
2784eb41 1087{
2784eb41
JH		 1088 struct mgmt_rp_get_connections *rp;
1089 struct hci_dev *hdev;
8035ded4 1090 struct hci_conn *c;
2784eb41 1091 struct list_head *p;
a38528f1 1092 size_t rp_len;
4e51eae9 1093 u16 count;
2784eb41
JH		 1094 int i, err;
1095
1096 BT_DBG("");
1097
4e51eae9 1098 hdev = hci_dev_get(index);
2784eb41 1099 if (!hdev)
4e51eae9 1100 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
2784eb41 1101
8c156c32 1102 hci_dev_lock_bh(hdev);
2784eb41
JH		 1103
1104 count = 0;
1105 list_for_each(p, &hdev->conn_hash.list) {
1106 count++;
1107 }
1108
4c659c39 1109 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1110 rp = kmalloc(rp_len, GFP_ATOMIC);
1111 if (!rp) {
2784eb41
JH		 1112 err = -ENOMEM;
1113 goto unlock;
1114 }
1115
2784eb41
JH		 1116 put_unaligned_le16(count, &rp->conn_count);
1117
2784eb41 1118 i = 0;
4c659c39
JH		 1119 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1120 bacpy(&rp->addr[i].bdaddr, &c->dst);
1121 rp->addr[i].type = link_to_mgmt(c->type);
1122 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1123 continue;
1124 i++;
1125 }
1126
1127 /* Recalculate length in case of filtered SCO connections, etc */
1128 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1129
4e51eae9 1130 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1131
1132unlock:
a38528f1 1133 kfree(rp);
8c156c32 1134 hci_dev_unlock_bh(hdev);
2784eb41
JH		 1135 hci_dev_put(hdev);
1136 return err;
1137}
1138
96d97a67
WR		 1139static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1140 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1141{
1142 struct pending_cmd *cmd;
1143 int err;
1144
2e58ef3e 1145 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1146 sizeof(*cp));
1147 if (!cmd)
1148 return -ENOMEM;
1149
1150 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1151 &cp->bdaddr);
1152 if (err < 0)
1153 mgmt_pending_remove(cmd);
1154
1155 return err;
1156}
1157
4e51eae9
SJ		 1158static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1159 u16 len)
980e1a53
JH		 1160{
1161 struct hci_dev *hdev;
96d97a67 1162 struct hci_conn *conn;
980e1a53 1163 struct mgmt_cp_pin_code_reply *cp;
96d97a67 1164 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1165 struct hci_cp_pin_code_reply reply;
366a0336 1166 struct pending_cmd *cmd;
980e1a53
JH		 1167 int err;
1168
1169 BT_DBG("");
1170
1171 cp = (void *) data;
980e1a53 1172
bdce7baf
SJ		 1173 if (len != sizeof(*cp))
1174 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1175
4e51eae9 1176 hdev = hci_dev_get(index);
980e1a53 1177 if (!hdev)
4e51eae9 1178 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
980e1a53 1179
8c156c32 1180 hci_dev_lock_bh(hdev);
980e1a53
JH		 1181
1182 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1183 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
980e1a53
JH		 1184 goto failed;
1185 }
1186
96d97a67
WR		 1187 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1188 if (!conn) {
1189 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1190 goto failed;
1191 }
1192
1193 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1194 bacpy(&ncp.bdaddr, &cp->bdaddr);
1195
1196 BT_ERR("PIN code is not 16 bytes long");
1197
1198 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1199 if (err >= 0)
1200 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1201 EINVAL);
1202
1203 goto failed;
1204 }
1205
2e58ef3e 1206 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1207 if (!cmd) {
1208 err = -ENOMEM;
980e1a53 1209 goto failed;
366a0336 1210 }
980e1a53
JH		 1211
1212 bacpy(&reply.bdaddr, &cp->bdaddr);
1213 reply.pin_len = cp->pin_len;
24718ca5 1214 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1215
1216 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1217 if (err < 0)
a664b5bc 1218 mgmt_pending_remove(cmd);
980e1a53
JH		 1219
1220failed:
8c156c32 1221 hci_dev_unlock_bh(hdev);
980e1a53
JH		 1222 hci_dev_put(hdev);
1223
1224 return err;
1225}
1226
4e51eae9
SJ		 1227static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1228 u16 len)
980e1a53
JH		 1229{
1230 struct hci_dev *hdev;
1231 struct mgmt_cp_pin_code_neg_reply *cp;
980e1a53
JH		 1232 int err;
1233
1234 BT_DBG("");
1235
1236 cp = (void *) data;
980e1a53 1237
bdce7baf
SJ		 1238 if (len != sizeof(*cp))
1239 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1240 EINVAL);
1241
4e51eae9 1242 hdev = hci_dev_get(index);
980e1a53 1243 if (!hdev)
4e51eae9
SJ		 1244 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1245 ENODEV);
980e1a53 1246
8c156c32 1247 hci_dev_lock_bh(hdev);
980e1a53
JH		 1248
1249 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9
SJ		 1250 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1251 ENETDOWN);
980e1a53
JH		 1252 goto failed;
1253 }
1254
96d97a67 1255 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1256
1257failed:
8c156c32 1258 hci_dev_unlock_bh(hdev);
980e1a53
JH		 1259 hci_dev_put(hdev);
1260
1261 return err;
1262}
1263
4e51eae9
SJ		 1264static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1265 u16 len)
17fa4b9d
JH		 1266{
1267 struct hci_dev *hdev;
1268 struct mgmt_cp_set_io_capability *cp;
17fa4b9d
JH		 1269
1270 BT_DBG("");
1271
1272 cp = (void *) data;
17fa4b9d 1273
bdce7baf 1274 if (len != sizeof(*cp))
b8534e0f 1275 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
bdce7baf 1276
4e51eae9 1277 hdev = hci_dev_get(index);
17fa4b9d 1278 if (!hdev)
4e51eae9 1279 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
17fa4b9d 1280
8c156c32 1281 hci_dev_lock_bh(hdev);
17fa4b9d
JH		 1282
1283 hdev->io_capability = cp->io_capability;
1284
1285 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1286 hdev->io_capability);
17fa4b9d 1287
8c156c32 1288 hci_dev_unlock_bh(hdev);
17fa4b9d
JH		 1289 hci_dev_put(hdev);
1290
4e51eae9 1291 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1292}
1293
e9a416b5
JH		 1294static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1295{
1296 struct hci_dev *hdev = conn->hdev;
8035ded4 1297 struct pending_cmd *cmd;
e9a416b5 1298
2e58ef3e 1299 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1300 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1301 continue;
1302
1303 if (cmd->index != hdev->id)
1304 continue;
1305
1306 if (cmd->user_data != conn)
1307 continue;
1308
1309 return cmd;
1310 }
1311
1312 return NULL;
1313}
1314
1315static void pairing_complete(struct pending_cmd *cmd, u8 status)
1316{
1317 struct mgmt_rp_pair_device rp;
1318 struct hci_conn *conn = cmd->user_data;
1319
e9a416b5
JH		 1320 bacpy(&rp.bdaddr, &conn->dst);
1321 rp.status = status;
1322
4e51eae9 1323 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1324
1325 /* So we don't get further callbacks for this connection */
1326 conn->connect_cfm_cb = NULL;
1327 conn->security_cfm_cb = NULL;
1328 conn->disconn_cfm_cb = NULL;
1329
1330 hci_conn_put(conn);
1331
a664b5bc 1332 mgmt_pending_remove(cmd);
e9a416b5
JH		 1333}
1334
1335static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1336{
1337 struct pending_cmd *cmd;
56e5cb86 1338 struct hci_dev *hdev = conn->hdev;
e9a416b5
JH		 1339
1340 BT_DBG("status %u", status);
1341
56e5cb86
JH		 1342 hci_dev_lock_bh(hdev);
1343
e9a416b5 1344 cmd = find_pairing(conn);
56e5cb86 1345 if (!cmd)
e9a416b5 1346 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1347 else
1348 pairing_complete(cmd, status);
e9a416b5 1349
56e5cb86 1350 hci_dev_unlock_bh(hdev);
e9a416b5
JH		 1351}
1352
4e51eae9 1353static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
e9a416b5
JH		 1354{
1355 struct hci_dev *hdev;
1356 struct mgmt_cp_pair_device *cp;
1357 struct pending_cmd *cmd;
7a512d01 1358 struct adv_entry *entry;
e9a416b5
JH		 1359 u8 sec_level, auth_type;
1360 struct hci_conn *conn;
e9a416b5
JH		 1361 int err;
1362
1363 BT_DBG("");
1364
1365 cp = (void *) data;
e9a416b5 1366
bdce7baf
SJ		 1367 if (len != sizeof(*cp))
1368 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1369
4e51eae9 1370 hdev = hci_dev_get(index);
e9a416b5 1371 if (!hdev)
4e51eae9 1372 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
e9a416b5 1373
8c156c32 1374 hci_dev_lock_bh(hdev);
e9a416b5 1375
c908df36
VCG		 1376 sec_level = BT_SECURITY_MEDIUM;
1377 if (cp->io_cap == 0x03)
e9a416b5 1378 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1379 else
e9a416b5 1380 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1381
7a512d01
VCG		 1382 entry = hci_find_adv_entry(hdev, &cp->bdaddr);
1383 if (entry)
1384 conn = hci_connect(hdev, LE_LINK, &cp->bdaddr, sec_level,
1385 auth_type);
1386 else
1387 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level,
1388 auth_type);
1389
30e76272
VT		 1390 if (IS_ERR(conn)) {
1391 err = PTR_ERR(conn);
e9a416b5
JH		 1392 goto unlock;
1393 }
1394
1395 if (conn->connect_cfm_cb) {
1396 hci_conn_put(conn);
4e51eae9 1397 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
e9a416b5
JH		 1398 goto unlock;
1399 }
1400
2e58ef3e 1401 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1402 if (!cmd) {
1403 err = -ENOMEM;
1404 hci_conn_put(conn);
1405 goto unlock;
1406 }
1407
7a512d01
VCG		 1408 /* For LE, just connecting isn't a proof that the pairing finished */
1409 if (!entry)
1410 conn->connect_cfm_cb = pairing_complete_cb;
1411
e9a416b5
JH		 1412 conn->security_cfm_cb = pairing_complete_cb;
1413 conn->disconn_cfm_cb = pairing_complete_cb;
1414 conn->io_capability = cp->io_cap;
1415 cmd->user_data = conn;
1416
1417 if (conn->state == BT_CONNECTED &&
1418 hci_conn_security(conn, sec_level, auth_type))
1419 pairing_complete(cmd, 0);
1420
1421 err = 0;
1422
1423unlock:
8c156c32 1424 hci_dev_unlock_bh(hdev);
e9a416b5
JH		 1425 hci_dev_put(hdev);
1426
1427 return err;
1428}
1429
4e51eae9
SJ		 1430static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1431 u16 len, int success)
a5c29683
JH		 1432{
1433 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
4e51eae9 1434 u16 mgmt_op, hci_op;
a5c29683
JH		 1435 struct pending_cmd *cmd;
1436 struct hci_dev *hdev;
1437 int err;
1438
1439 BT_DBG("");
1440
a5c29683
JH		 1441 if (success) {
1442 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1443 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1444 } else {
1445 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1446 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1447 }
1448
bdce7baf
SJ		 1449 if (len != sizeof(*cp))
1450 return cmd_status(sk, index, mgmt_op, EINVAL);
1451
4e51eae9 1452 hdev = hci_dev_get(index);
a5c29683 1453 if (!hdev)
4e51eae9 1454 return cmd_status(sk, index, mgmt_op, ENODEV);
a5c29683 1455
8c156c32 1456 hci_dev_lock_bh(hdev);
08ba5382 1457
a5c29683 1458 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1459 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
a5c29683
JH		 1460 goto failed;
1461 }
1462
2e58ef3e 1463 cmd = mgmt_pending_add(sk, mgmt_op, hdev, data, len);
a5c29683
JH		 1464 if (!cmd) {
1465 err = -ENOMEM;
1466 goto failed;
1467 }
1468
1469 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
a664b5bc
JH		 1470 if (err < 0)
1471 mgmt_pending_remove(cmd);
a5c29683
JH		 1472
1473failed:
8c156c32 1474 hci_dev_unlock_bh(hdev);
a5c29683
JH		 1475 hci_dev_put(hdev);
1476
1477 return err;
1478}
1479
b312b161
JH		 1480static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1481 u16 len)
1482{
1483 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1484 struct hci_cp_write_local_name hci_cp;
1485 struct hci_dev *hdev;
1486 struct pending_cmd *cmd;
1487 int err;
1488
1489 BT_DBG("");
1490
1491 if (len != sizeof(*mgmt_cp))
1492 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1493
1494 hdev = hci_dev_get(index);
1495 if (!hdev)
1496 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1497
8c156c32 1498 hci_dev_lock_bh(hdev);
b312b161 1499
2e58ef3e 1500 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 1501 if (!cmd) {
1502 err = -ENOMEM;
1503 goto failed;
1504 }
1505
1506 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1507 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1508 &hci_cp);
1509 if (err < 0)
1510 mgmt_pending_remove(cmd);
1511
1512failed:
8c156c32 1513 hci_dev_unlock_bh(hdev);
b312b161
JH		 1514 hci_dev_put(hdev);
1515
1516 return err;
1517}
1518
c35938b2
SJ		 1519static int read_local_oob_data(struct sock *sk, u16 index)
1520{
1521 struct hci_dev *hdev;
1522 struct pending_cmd *cmd;
1523 int err;
1524
1525 BT_DBG("hci%u", index);
1526
1527 hdev = hci_dev_get(index);
1528 if (!hdev)
1529 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1530 ENODEV);
1531
8c156c32 1532 hci_dev_lock_bh(hdev);
c35938b2
SJ		 1533
1534 if (!test_bit(HCI_UP, &hdev->flags)) {
1535 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1536 ENETDOWN);
1537 goto unlock;
1538 }
1539
1540 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1541 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1542 EOPNOTSUPP);
1543 goto unlock;
1544 }
1545
2e58ef3e 1546 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
c35938b2
SJ		 1547 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1548 goto unlock;
1549 }
1550
2e58ef3e 1551 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1552 if (!cmd) {
1553 err = -ENOMEM;
1554 goto unlock;
1555 }
1556
1557 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1558 if (err < 0)
1559 mgmt_pending_remove(cmd);
1560
1561unlock:
8c156c32 1562 hci_dev_unlock_bh(hdev);
c35938b2
SJ		 1563 hci_dev_put(hdev);
1564
1565 return err;
1566}
1567
2763eda6
SJ		 1568static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1569 u16 len)
1570{
1571 struct hci_dev *hdev;
1572 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1573 int err;
1574
1575 BT_DBG("hci%u ", index);
1576
1577 if (len != sizeof(*cp))
1578 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1579 EINVAL);
1580
1581 hdev = hci_dev_get(index);
1582 if (!hdev)
1583 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1584 ENODEV);
1585
8c156c32 1586 hci_dev_lock_bh(hdev);
2763eda6
SJ		 1587
1588 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1589 cp->randomizer);
1590 if (err < 0)
1591 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1592 else
1593 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1594 0);
1595
8c156c32 1596 hci_dev_unlock_bh(hdev);
2763eda6
SJ		 1597 hci_dev_put(hdev);
1598
1599 return err;
1600}
1601
1602static int remove_remote_oob_data(struct sock *sk, u16 index,
1603 unsigned char *data, u16 len)
1604{
1605 struct hci_dev *hdev;
1606 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1607 int err;
1608
1609 BT_DBG("hci%u ", index);
1610
1611 if (len != sizeof(*cp))
1612 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1613 EINVAL);
1614
1615 hdev = hci_dev_get(index);
1616 if (!hdev)
1617 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1618 ENODEV);
1619
8c156c32 1620 hci_dev_lock_bh(hdev);
2763eda6
SJ		 1621
1622 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1623 if (err < 0)
1624 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1625 -err);
1626 else
1627 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1628 NULL, 0);
1629
8c156c32 1630 hci_dev_unlock_bh(hdev);
2763eda6
SJ		 1631 hci_dev_put(hdev);
1632
1633 return err;
1634}
1635
14a53664
JH		 1636static int start_discovery(struct sock *sk, u16 index)
1637{
14a53664
JH		 1638 struct pending_cmd *cmd;
1639 struct hci_dev *hdev;
1640 int err;
1641
1642 BT_DBG("hci%u", index);
1643
1644 hdev = hci_dev_get(index);
1645 if (!hdev)
1646 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1647
1648 hci_dev_lock_bh(hdev);
1649
bd2d1334
JH		 1650 if (!test_bit(HCI_UP, &hdev->flags)) {
1651 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENETDOWN);
1652 goto failed;
1653 }
1654
2e58ef3e 1655 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1656 if (!cmd) {
1657 err = -ENOMEM;
1658 goto failed;
1659 }
1660
2519a1fc 1661 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
14a53664
JH		 1662 if (err < 0)
1663 mgmt_pending_remove(cmd);
1664
1665failed:
1666 hci_dev_unlock_bh(hdev);
1667 hci_dev_put(hdev);
1668
1669 return err;
1670}
1671
1672static int stop_discovery(struct sock *sk, u16 index)
1673{
1674 struct hci_dev *hdev;
1675 struct pending_cmd *cmd;
1676 int err;
1677
1678 BT_DBG("hci%u", index);
1679
1680 hdev = hci_dev_get(index);
1681 if (!hdev)
1682 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1683
1684 hci_dev_lock_bh(hdev);
1685
2e58ef3e 1686 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1687 if (!cmd) {
1688 err = -ENOMEM;
1689 goto failed;
1690 }
1691
023d5049 1692 err = hci_cancel_inquiry(hdev);
14a53664
JH		 1693 if (err < 0)
1694 mgmt_pending_remove(cmd);
1695
1696failed:
1697 hci_dev_unlock_bh(hdev);
1698 hci_dev_put(hdev);
1699
1700 return err;
1701}
1702
7fbec224
AJ		 1703static int block_device(struct sock *sk, u16 index, unsigned char *data,
1704 u16 len)
1705{
1706 struct hci_dev *hdev;
5e762444 1707 struct mgmt_cp_block_device *cp = (void *) data;
7fbec224
AJ		 1708 int err;
1709
1710 BT_DBG("hci%u", index);
1711
7fbec224
AJ		 1712 if (len != sizeof(*cp))
1713 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1714 EINVAL);
1715
1716 hdev = hci_dev_get(index);
1717 if (!hdev)
1718 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1719 ENODEV);
1720
5e762444
AJ		 1721 hci_dev_lock_bh(hdev);
1722
7fbec224 1723 err = hci_blacklist_add(hdev, &cp->bdaddr);
7fbec224
AJ		 1724 if (err < 0)
1725 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1726 else
1727 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1728 NULL, 0);
5e762444 1729
5e762444 1730 hci_dev_unlock_bh(hdev);
7fbec224
AJ		 1731 hci_dev_put(hdev);
1732
1733 return err;
1734}
1735
1736static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1737 u16 len)
1738{
1739 struct hci_dev *hdev;
5e762444 1740 struct mgmt_cp_unblock_device *cp = (void *) data;
7fbec224
AJ		 1741 int err;
1742
1743 BT_DBG("hci%u", index);
1744
7fbec224
AJ		 1745 if (len != sizeof(*cp))
1746 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1747 EINVAL);
1748
1749 hdev = hci_dev_get(index);
1750 if (!hdev)
1751 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1752 ENODEV);
1753
5e762444
AJ		 1754 hci_dev_lock_bh(hdev);
1755
7fbec224
AJ		 1756 err = hci_blacklist_del(hdev, &cp->bdaddr);
1757
1758 if (err < 0)
1759 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1760 else
1761 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1762 NULL, 0);
5e762444 1763
5e762444 1764 hci_dev_unlock_bh(hdev);
7fbec224
AJ		 1765 hci_dev_put(hdev);
1766
1767 return err;
1768}
1769
f6422ec6
AJ		 1770static int set_fast_connectable(struct sock *sk, u16 index,
1771 unsigned char *data, u16 len)
1772{
1773 struct hci_dev *hdev;
1774 struct mgmt_cp_set_fast_connectable *cp = (void *) data;
1775 struct hci_cp_write_page_scan_activity acp;
1776 u8 type;
1777 int err;
1778
1779 BT_DBG("hci%u", index);
1780
1781 if (len != sizeof(*cp))
1782 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1783 EINVAL);
1784
1785 hdev = hci_dev_get(index);
1786 if (!hdev)
1787 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1788 ENODEV);
1789
1790 hci_dev_lock(hdev);
1791
1792 if (cp->enable) {
1793 type = PAGE_SCAN_TYPE_INTERLACED;
1794 acp.interval = 0x0024; /* 22.5 msec page scan interval */
1795 } else {
1796 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1797 acp.interval = 0x0800; /* default 1.28 sec page scan */
1798 }
1799
1800 acp.window = 0x0012; /* default 11.25 msec page scan window */
1801
1802 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1803 sizeof(acp), &acp);
1804 if (err < 0) {
1805 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1806 -err);
1807 goto done;
1808 }
1809
1810 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
1811 if (err < 0) {
1812 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1813 -err);
1814 goto done;
1815 }
1816
1817 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
1818 NULL, 0);
1819done:
1820 hci_dev_unlock(hdev);
1821 hci_dev_put(hdev);
1822
1823 return err;
1824}
1825
0381101f
JH		 1826int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1827{
1828 unsigned char *buf;
1829 struct mgmt_hdr *hdr;
4e51eae9 1830 u16 opcode, index, len;
0381101f
JH		 1831 int err;
1832
1833 BT_DBG("got %zu bytes", msglen);
1834
1835 if (msglen < sizeof(*hdr))
1836 return -EINVAL;
1837
e63a15ec 1838 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 1839 if (!buf)
1840 return -ENOMEM;
1841
1842 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1843 err = -EFAULT;
1844 goto done;
1845 }
1846
1847 hdr = (struct mgmt_hdr *) buf;
1848 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 1849 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 1850 len = get_unaligned_le16(&hdr->len);
1851
1852 if (len != msglen - sizeof(*hdr)) {
1853 err = -EINVAL;
1854 goto done;
1855 }
1856
1857 switch (opcode) {
02d98129
JH		 1858 case MGMT_OP_READ_VERSION:
1859 err = read_version(sk);
1860 break;
faba42eb
JH		 1861 case MGMT_OP_READ_INDEX_LIST:
1862 err = read_index_list(sk);
1863 break;
f7b64e69 1864 case MGMT_OP_READ_INFO:
4e51eae9 1865 err = read_controller_info(sk, index);
f7b64e69 1866 break;
eec8d2bc 1867 case MGMT_OP_SET_POWERED:
4e51eae9 1868 err = set_powered(sk, index, buf + sizeof(*hdr), len);
eec8d2bc 1869 break;
73f22f62 1870 case MGMT_OP_SET_DISCOVERABLE:
4e51eae9 1871 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
73f22f62 1872 break;
9fbcbb45 1873 case MGMT_OP_SET_CONNECTABLE:
4e51eae9 1874 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
9fbcbb45 1875 break;
c542a06c 1876 case MGMT_OP_SET_PAIRABLE:
4e51eae9 1877 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
c542a06c 1878 break;
2aeb9a1a 1879 case MGMT_OP_ADD_UUID:
4e51eae9 1880 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a
JH		 1881 break;
1882 case MGMT_OP_REMOVE_UUID:
4e51eae9 1883 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a 1884 break;
1aff6f09 1885 case MGMT_OP_SET_DEV_CLASS:
4e51eae9 1886 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1aff6f09
JH		 1887 break;
1888 case MGMT_OP_SET_SERVICE_CACHE:
4e51eae9 1889 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1aff6f09 1890 break;
86742e1e
JH		 1891 case MGMT_OP_LOAD_LINK_KEYS:
1892 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 1893 break;
86742e1e
JH		 1894 case MGMT_OP_REMOVE_KEYS:
1895 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 1896 break;
8962ee74 1897 case MGMT_OP_DISCONNECT:
4e51eae9 1898 err = disconnect(sk, index, buf + sizeof(*hdr), len);
8962ee74 1899 break;
2784eb41 1900 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 1901 err = get_connections(sk, index);
2784eb41 1902 break;
980e1a53 1903 case MGMT_OP_PIN_CODE_REPLY:
4e51eae9 1904 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53
JH		 1905 break;
1906 case MGMT_OP_PIN_CODE_NEG_REPLY:
4e51eae9 1907 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53 1908 break;
17fa4b9d 1909 case MGMT_OP_SET_IO_CAPABILITY:
4e51eae9 1910 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
17fa4b9d 1911 break;
e9a416b5 1912 case MGMT_OP_PAIR_DEVICE:
4e51eae9 1913 err = pair_device(sk, index, buf + sizeof(*hdr), len);
e9a416b5 1914 break;
a5c29683 1915 case MGMT_OP_USER_CONFIRM_REPLY:
4e51eae9 1916 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
a5c29683
JH		 1917 break;
1918 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
4e51eae9 1919 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
a5c29683 1920 break;
b312b161
JH		 1921 case MGMT_OP_SET_LOCAL_NAME:
1922 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1923 break;
c35938b2
SJ		 1924 case MGMT_OP_READ_LOCAL_OOB_DATA:
1925 err = read_local_oob_data(sk, index);
1926 break;
2763eda6
SJ		 1927 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1928 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1929 break;
1930 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1931 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1932 len);
1933 break;
14a53664
JH		 1934 case MGMT_OP_START_DISCOVERY:
1935 err = start_discovery(sk, index);
1936 break;
1937 case MGMT_OP_STOP_DISCOVERY:
1938 err = stop_discovery(sk, index);
1939 break;
7fbec224
AJ		 1940 case MGMT_OP_BLOCK_DEVICE:
1941 err = block_device(sk, index, buf + sizeof(*hdr), len);
1942 break;
1943 case MGMT_OP_UNBLOCK_DEVICE:
1944 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1945 break;
f6422ec6
AJ		 1946 case MGMT_OP_SET_FAST_CONNECTABLE:
1947 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
1948 len);
1949 break;
0381101f
JH		 1950 default:
1951 BT_DBG("Unknown op %u", opcode);
4e51eae9 1952 err = cmd_status(sk, index, opcode, 0x01);
0381101f
JH		 1953 break;
1954 }
1955
e41d8b4e
JH		 1956 if (err < 0)
1957 goto done;
1958
0381101f
JH		 1959 err = msglen;
1960
1961done:
1962 kfree(buf);
1963 return err;
1964}
c71e97bf 1965
b24752fe
JH		 1966static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1967{
1968 u8 *status = data;
1969
1970 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1971 mgmt_pending_remove(cmd);
1972}
1973
744cf19e 1974int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 1975{
744cf19e 1976 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 1977}
1978
744cf19e 1979int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 1980{
b24752fe
JH		 1981 u8 status = ENODEV;
1982
744cf19e 1983 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 1984
744cf19e 1985 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 1986}
1987
73f22f62 1988struct cmd_lookup {
72a734ec 1989 u8 val;
eec8d2bc
JH		 1990 struct sock *sk;
1991};
1992
72a734ec 1993static void mode_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 1994{
c68fb7ff 1995 struct mgmt_mode *cp = cmd->param;
73f22f62 1996 struct cmd_lookup *match = data;
eec8d2bc 1997
72a734ec 1998 if (cp->val != match->val)
eec8d2bc
JH		 1999 return;
2000
053f0211 2001 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
eec8d2bc
JH		 2002
2003 list_del(&cmd->list);
2004
2005 if (match->sk == NULL) {
2006 match->sk = cmd->sk;
2007 sock_hold(match->sk);
2008 }
2009
2010 mgmt_pending_free(cmd);
c71e97bf 2011}
5add6af8 2012
744cf19e 2013int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2014{
72a734ec 2015 struct mgmt_mode ev;
73f22f62 2016 struct cmd_lookup match = { powered, NULL };
eec8d2bc 2017 int ret;
5add6af8 2018
744cf19e 2019 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, mode_rsp, &match);
5add6af8 2020
b24752fe
JH		 2021 if (!powered) {
2022 u8 status = ENETDOWN;
744cf19e 2023 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2024 }
2025
72a734ec 2026 ev.val = powered;
eec8d2bc 2027
744cf19e 2028 ret = mgmt_event(MGMT_EV_POWERED, hdev, &ev, sizeof(ev), match.sk);
eec8d2bc
JH		 2029
2030 if (match.sk)
2031 sock_put(match.sk);
2032
2033 return ret;
5add6af8 2034}
73f22f62 2035
744cf19e 2036int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2037{
72a734ec 2038 struct mgmt_mode ev;
73f22f62
JH		 2039 struct cmd_lookup match = { discoverable, NULL };
2040 int ret;
2041
744cf19e 2042 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, mode_rsp, &match);
72a734ec 2043
72a734ec 2044 ev.val = discoverable;
73f22f62 2045
744cf19e 2046 ret = mgmt_event(MGMT_EV_DISCOVERABLE, hdev, &ev, sizeof(ev),
4e51eae9 2047 match.sk);
73f22f62
JH		 2048
2049 if (match.sk)
2050 sock_put(match.sk);
2051
2052 return ret;
2053}
9fbcbb45 2054
744cf19e 2055int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2056{
72a734ec 2057 struct mgmt_mode ev;
9fbcbb45
JH		 2058 struct cmd_lookup match = { connectable, NULL };
2059 int ret;
2060
744cf19e 2061 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, mode_rsp, &match);
9fbcbb45 2062
72a734ec 2063 ev.val = connectable;
9fbcbb45 2064
744cf19e 2065 ret = mgmt_event(MGMT_EV_CONNECTABLE, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2066
2067 if (match.sk)
2068 sock_put(match.sk);
2069
2070 return ret;
2071}
55ed8ca1 2072
744cf19e 2073int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58
JH		 2074{
2075 if (scan & SCAN_PAGE)
744cf19e 2076 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2d7cee58
JH		 2077 cmd_status_rsp, &status);
2078
2079 if (scan & SCAN_INQUIRY)
744cf19e 2080 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2d7cee58
JH		 2081 cmd_status_rsp, &status);
2082
2083 return 0;
2084}
2085
744cf19e
JH		 2086int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2087 u8 persistent)
55ed8ca1 2088{
86742e1e 2089 struct mgmt_ev_new_link_key ev;
55ed8ca1 2090
a492cd52 2091 memset(&ev, 0, sizeof(ev));
55ed8ca1 2092
a492cd52
VCG		 2093 ev.store_hint = persistent;
2094 bacpy(&ev.key.bdaddr, &key->bdaddr);
2095 ev.key.type = key->type;
2096 memcpy(ev.key.val, key->val, 16);
2097 ev.key.pin_len = key->pin_len;
55ed8ca1 2098
744cf19e 2099 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2100}
f7520543 2101
744cf19e 2102int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type)
f7520543 2103{
4c659c39 2104 struct mgmt_addr_info ev;
f7520543 2105
f7520543 2106 bacpy(&ev.bdaddr, bdaddr);
4c659c39 2107 ev.type = link_to_mgmt(link_type);
f7520543 2108
744cf19e 2109 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
f7520543
JH		 2110}
2111
8962ee74
JH		 2112static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2113{
c68fb7ff 2114 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2115 struct sock **sk = data;
a38528f1 2116 struct mgmt_rp_disconnect rp;
8962ee74 2117
a38528f1 2118 bacpy(&rp.bdaddr, &cp->bdaddr);
8962ee74 2119
4e51eae9 2120 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2121
2122 *sk = cmd->sk;
2123 sock_hold(*sk);
2124
a664b5bc 2125 mgmt_pending_remove(cmd);
8962ee74
JH		 2126}
2127
744cf19e 2128int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
f7520543 2129{
4c659c39 2130 struct mgmt_addr_info ev;
8962ee74
JH		 2131 struct sock *sk = NULL;
2132 int err;
2133
744cf19e 2134 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2135
f7520543 2136 bacpy(&ev.bdaddr, bdaddr);
4c659c39 2137 ev.type = link_to_mgmt(type);
f7520543 2138
744cf19e 2139 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 2140
2141 if (sk)
2142 sock_put(sk);
2143
2144 return err;
2145}
2146
744cf19e 2147int mgmt_disconnect_failed(struct hci_dev *hdev)
8962ee74
JH		 2148{
2149 struct pending_cmd *cmd;
2150 int err;
2151
2e58ef3e 2152 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2153 if (!cmd)
2154 return -ENOENT;
2155
744cf19e 2156 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT, EIO);
8962ee74 2157
a664b5bc 2158 mgmt_pending_remove(cmd);
8962ee74
JH		 2159
2160 return err;
f7520543 2161}
17d5c04c 2162
744cf19e
JH		 2163int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2164 u8 status)
17d5c04c
JH		 2165{
2166 struct mgmt_ev_connect_failed ev;
2167
4c659c39
JH		 2168 bacpy(&ev.addr.bdaddr, bdaddr);
2169 ev.addr.type = link_to_mgmt(type);
17d5c04c
JH		 2170 ev.status = status;
2171
744cf19e 2172 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2173}
980e1a53 2174
744cf19e 2175int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2176{
2177 struct mgmt_ev_pin_code_request ev;
2178
980e1a53 2179 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2180 ev.secure = secure;
980e1a53 2181
744cf19e 2182 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2183 NULL);
980e1a53
JH		 2184}
2185
744cf19e
JH		 2186int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2187 u8 status)
980e1a53
JH		 2188{
2189 struct pending_cmd *cmd;
ac56fb13 2190 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2191 int err;
2192
2e58ef3e 2193 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2194 if (!cmd)
2195 return -ENOENT;
2196
ac56fb13
JH		 2197 bacpy(&rp.bdaddr, bdaddr);
2198 rp.status = status;
2199
744cf19e 2200 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2201 sizeof(rp));
980e1a53 2202
a664b5bc 2203 mgmt_pending_remove(cmd);
980e1a53
JH		 2204
2205 return err;
2206}
2207
744cf19e
JH		 2208int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2209 u8 status)
980e1a53
JH		 2210{
2211 struct pending_cmd *cmd;
ac56fb13 2212 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2213 int err;
2214
2e58ef3e 2215 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2216 if (!cmd)
2217 return -ENOENT;
2218
ac56fb13
JH		 2219 bacpy(&rp.bdaddr, bdaddr);
2220 rp.status = status;
2221
744cf19e 2222 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2223 sizeof(rp));
980e1a53 2224
a664b5bc 2225 mgmt_pending_remove(cmd);
980e1a53
JH		 2226
2227 return err;
2228}
a5c29683 2229
744cf19e
JH		 2230int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2231 __le32 value, u8 confirm_hint)
a5c29683
JH		 2232{
2233 struct mgmt_ev_user_confirm_request ev;
2234
744cf19e 2235 BT_DBG("%s", hdev->name);
a5c29683 2236
a5c29683 2237 bacpy(&ev.bdaddr, bdaddr);
55bc1a37 2238 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2239 put_unaligned_le32(value, &ev.value);
2240
744cf19e 2241 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2242 NULL);
a5c29683
JH		 2243}
2244
744cf19e
JH		 2245static int confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2246 u8 status, u8 opcode)
a5c29683
JH		 2247{
2248 struct pending_cmd *cmd;
2249 struct mgmt_rp_user_confirm_reply rp;
2250 int err;
2251
2e58ef3e 2252 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2253 if (!cmd)
2254 return -ENOENT;
2255
a5c29683
JH		 2256 bacpy(&rp.bdaddr, bdaddr);
2257 rp.status = status;
744cf19e 2258 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2259
a664b5bc 2260 mgmt_pending_remove(cmd);
a5c29683
JH		 2261
2262 return err;
2263}
2264
744cf19e
JH		 2265int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2266 u8 status)
a5c29683 2267{
744cf19e 2268 return confirm_reply_complete(hdev, bdaddr, status,
a5c29683
JH		 2269 MGMT_OP_USER_CONFIRM_REPLY);
2270}
2271
744cf19e
JH		 2272int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2273 bdaddr_t *bdaddr, u8 status)
a5c29683 2274{
744cf19e 2275 return confirm_reply_complete(hdev, bdaddr, status,
a5c29683
JH		 2276 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2277}
2a611692 2278
744cf19e 2279int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2a611692
JH		 2280{
2281 struct mgmt_ev_auth_failed ev;
2282
2a611692
JH		 2283 bacpy(&ev.bdaddr, bdaddr);
2284 ev.status = status;
2285
744cf19e 2286 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2287}
b312b161 2288
744cf19e 2289int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2290{
2291 struct pending_cmd *cmd;
2292 struct mgmt_cp_set_local_name ev;
2293 int err;
2294
2295 memset(&ev, 0, sizeof(ev));
2296 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2297
2e58ef3e 2298 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2299 if (!cmd)
2300 goto send_event;
2301
2302 if (status) {
744cf19e
JH		 2303 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2304 EIO);
b312b161
JH		 2305 goto failed;
2306 }
2307
744cf19e 2308 update_eir(hdev);
80a1e1db 2309
744cf19e 2310 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2311 sizeof(ev));
2312 if (err < 0)
2313 goto failed;
2314
2315send_event:
744cf19e 2316 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2317 cmd ? cmd->sk : NULL);
2318
2319failed:
2320 if (cmd)
2321 mgmt_pending_remove(cmd);
2322 return err;
2323}
c35938b2 2324
744cf19e
JH		 2325int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2326 u8 *randomizer, u8 status)
c35938b2
SJ		 2327{
2328 struct pending_cmd *cmd;
2329 int err;
2330
744cf19e 2331 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2332
2e58ef3e 2333 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2334 if (!cmd)
2335 return -ENOENT;
2336
2337 if (status) {
744cf19e
JH		 2338 err = cmd_status(cmd->sk, hdev->id,
2339 MGMT_OP_READ_LOCAL_OOB_DATA, EIO);
c35938b2
SJ		 2340 } else {
2341 struct mgmt_rp_read_local_oob_data rp;
2342
2343 memcpy(rp.hash, hash, sizeof(rp.hash));
2344 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2345
744cf19e
JH		 2346 err = cmd_complete(cmd->sk, hdev->id,
2347 MGMT_OP_READ_LOCAL_OOB_DATA,
2348 &rp, sizeof(rp));
c35938b2
SJ		 2349 }
2350
2351 mgmt_pending_remove(cmd);
2352
2353 return err;
2354}
e17acd40 2355
744cf19e
JH		 2356int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type,
2357 u8 *dev_class, s8 rssi, u8 *eir)
e17acd40
JH		 2358{
2359 struct mgmt_ev_device_found ev;
2360
2361 memset(&ev, 0, sizeof(ev));
2362
4c659c39
JH		 2363 bacpy(&ev.addr.bdaddr, bdaddr);
2364 ev.addr.type = link_to_mgmt(type);
e17acd40
JH		 2365 ev.rssi = rssi;
2366
2367 if (eir)
2368 memcpy(ev.eir, eir, sizeof(ev.eir));
2369
f8523598
AG		 2370 if (dev_class)
2371 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2372
744cf19e 2373 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
e17acd40 2374}
a88a9652 2375
744cf19e 2376int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
a88a9652
JH		 2377{
2378 struct mgmt_ev_remote_name ev;
2379
2380 memset(&ev, 0, sizeof(ev));
2381
2382 bacpy(&ev.bdaddr, bdaddr);
2383 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2384
744cf19e 2385 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
a88a9652 2386}
314b2381 2387
744cf19e 2388int mgmt_inquiry_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2389{
2390 struct pending_cmd *cmd;
2391 int err;
2392
2e58ef3e 2393 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 2394 if (!cmd)
2395 return -ENOENT;
2396
744cf19e 2397 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, status);
164a6e78
JH		 2398 mgmt_pending_remove(cmd);
2399
2400 return err;
2401}
2402
744cf19e 2403int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 2404{
164a6e78
JH		 2405 struct pending_cmd *cmd;
2406
2407 if (discovering)
2e58ef3e 2408 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 2409 else
2e58ef3e 2410 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 2411
2412 if (cmd != NULL) {
744cf19e 2413 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 2414 mgmt_pending_remove(cmd);
2415 }
2416
744cf19e 2417 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 2418 sizeof(discovering), NULL);
2419}
5e762444 2420
744cf19e 2421int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2422{
2423 struct pending_cmd *cmd;
2424 struct mgmt_ev_device_blocked ev;
2425
2e58ef3e 2426 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444
AJ		 2427
2428 bacpy(&ev.bdaddr, bdaddr);
2429
744cf19e
JH		 2430 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2431 cmd ? cmd->sk : NULL);
5e762444
AJ		 2432}
2433
744cf19e 2434int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2435{
2436 struct pending_cmd *cmd;
2437 struct mgmt_ev_device_unblocked ev;
2438
2e58ef3e 2439 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444
AJ		 2440
2441 bacpy(&ev.bdaddr, bdaddr);
2442
744cf19e
JH		 2443 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2444 cmd ? cmd->sk : NULL);
5e762444 2445}
Linux kernel - Deliverables
This page took 0.370076 seconds and 5 git commands to generate.