projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Add convenience function for sending New Settings
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
56b7d137 267 return err;;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f1f0eb02 395 if (hdev_is_powered(hdev))
f0d4b78a
MH		 396 settings |= MGMT_SETTING_POWERED;
397
5e5282bb 398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 399 settings |= MGMT_SETTING_CONNECTABLE;
400
5e5282bb 401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_DISCOVERABLE;
403
a8b2d5c2 404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
59e29406 410 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 411 settings |= MGMT_SETTING_LE;
412
413 if (test_bit(HCI_AUTH, &hdev->flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
415
84bde9d6 416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_SSP;
418
6d80dfd0
JH		 419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
69ab39ea
JH		 422 return settings;
423}
424
ef580372
JH		 425#define PNP_INFO_SVCLASS_ID 0x1200
426
427static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430};
431
432static u16 get_uuid16(u8 *uuid128)
433{
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 memcpy(&val, &uuid128[12], 4);
443
444 val = le32_to_cpu(val);
445 if (val > 0xffff)
446 return 0;
447
448 return (u16) val;
449}
450
451static void create_eir(struct hci_dev *hdev, u8 *data)
452{
453 u8 *ptr = data;
454 u16 eir_len = 0;
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
458 size_t name_len;
459
460 name_len = strlen(hdev->dev_name);
461
462 if (name_len > 0) {
463 /* EIR Data type */
464 if (name_len > 48) {
465 name_len = 48;
466 ptr[1] = EIR_NAME_SHORT;
467 } else
468 ptr[1] = EIR_NAME_COMPLETE;
469
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
472
473 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
477 }
478
479 memset(uuid16_list, 0, sizeof(uuid16_list));
480
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 u16 uuid16;
484
485 uuid16 = get_uuid16(uuid->uuid);
486 if (uuid16 == 0)
487 return;
488
489 if (uuid16 < 0x1100)
490 continue;
491
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
493 continue;
494
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497 truncated = 1;
498 break;
499 }
500
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
504 break;
505
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
509 }
510 }
511
512 if (uuid16_list[0] != 0) {
513 u8 *length = ptr;
514
515 /* EIR Data type */
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518 ptr += 2;
519 eir_len += 2;
520
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524 }
525
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
528 }
529}
530
531static int update_eir(struct hci_dev *hdev)
532{
533 struct hci_cp_write_eir cp;
534
535 if (!(hdev->features[6] & LMP_EXT_INQ))
536 return 0;
537
84bde9d6 538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 539 return 0;
540
a8b2d5c2 541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
544 memset(&cp, 0, sizeof(cp));
545
546 create_eir(hdev, cp.data);
547
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
549 return 0;
550
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
552
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
554}
555
556static u8 get_service_classes(struct hci_dev *hdev)
557{
558 struct bt_uuid *uuid;
559 u8 val = 0;
560
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
563
564 return val;
565}
566
567static int update_class(struct hci_dev *hdev)
568{
569 u8 cod[3];
570
571 BT_DBG("%s", hdev->name);
572
a8b2d5c2 573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 574 return 0;
575
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
579
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
581 return 0;
582
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
584}
585
7d78525d
JH		 586static void service_cache_off(struct work_struct *work)
587{
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
589 service_cache.work);
590
a8b2d5c2 591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 592 return;
593
594 hci_dev_lock(hdev);
595
596 update_eir(hdev);
597 update_class(hdev);
598
599 hci_dev_unlock(hdev);
600}
601
602static void mgmt_init_hdev(struct hci_dev *hdev)
603{
0cbf4ed6 604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
606
0cbf4ed6
JH		 607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
610 * it
611 */
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
613 }
614
a8b2d5c2 615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
618}
619
4e51eae9 620static int read_controller_info(struct sock *sk, u16 index)
0381101f 621{
a38528f1 622 struct mgmt_rp_read_info rp;
f7b64e69 623 struct hci_dev *hdev;
0381101f 624
4e51eae9 625 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 626
4e51eae9 627 hdev = hci_dev_get(index);
a38528f1 628 if (!hdev)
ca69b795
JH		 629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 631
09fd0de5 632 hci_dev_lock(hdev);
f7b64e69 633
7d78525d
JH		 634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
ebc99feb 636
dc4fe30b
JH		 637 memset(&rp, 0, sizeof(rp));
638
69ab39ea 639 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 640
69ab39ea 641 rp.version = hdev->hci_ver;
f7b64e69 642
69ab39ea
JH		 643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
644
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 647
a38528f1 648 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 649
dc4fe30b
JH		 650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
651
09fd0de5 652 hci_dev_unlock(hdev);
f7b64e69 653 hci_dev_put(hdev);
0381101f 654
aee9b218 655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 656}
657
eec8d2bc
JH		 658static void mgmt_pending_free(struct pending_cmd *cmd)
659{
660 sock_put(cmd->sk);
c68fb7ff 661 kfree(cmd->param);
eec8d2bc
JH		 662 kfree(cmd);
663}
664
366a0336 665static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 666 struct hci_dev *hdev,
667 void *data, u16 len)
eec8d2bc
JH		 668{
669 struct pending_cmd *cmd;
670
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
672 if (!cmd)
366a0336 673 return NULL;
eec8d2bc
JH		 674
675 cmd->opcode = opcode;
2e58ef3e 676 cmd->index = hdev->id;
eec8d2bc 677
c68fb7ff
SJ		 678 cmd->param = kmalloc(len, GFP_ATOMIC);
679 if (!cmd->param) {
eec8d2bc 680 kfree(cmd);
366a0336 681 return NULL;
eec8d2bc
JH		 682 }
683
8fce6357
SJ		 684 if (data)
685 memcpy(cmd->param, data, len);
eec8d2bc
JH		 686
687 cmd->sk = sk;
688 sock_hold(sk);
689
2e58ef3e 690 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 691
366a0336 692 return cmd;
eec8d2bc
JH		 693}
694
744cf19e 695static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 696 void (*cb)(struct pending_cmd *cmd, void *data),
697 void *data)
698{
699 struct list_head *p, *n;
700
2e58ef3e 701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 702 struct pending_cmd *cmd;
703
704 cmd = list_entry(p, struct pending_cmd, list);
705
b24752fe 706 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 707 continue;
708
eec8d2bc
JH		 709 cb(cmd, data);
710 }
711}
712
2e58ef3e 713static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 714{
8035ded4 715 struct pending_cmd *cmd;
eec8d2bc 716
2e58ef3e 717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 718 if (cmd->opcode == opcode)
719 return cmd;
eec8d2bc
JH		 720 }
721
722 return NULL;
723}
724
a664b5bc 725static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 726{
73f22f62
JH		 727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
729}
730
69ab39ea 731static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 732{
69ab39ea 733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 734
aee9b218
JH		 735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
736 sizeof(settings));
8680570b
JH		 737}
738
650f726d 739static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 740{
650f726d 741 struct mgmt_mode *cp = data;
eec8d2bc 742 struct hci_dev *hdev;
366a0336 743 struct pending_cmd *cmd;
4b34ee78 744 int err;
eec8d2bc 745
4e51eae9 746 BT_DBG("request for hci%u", index);
eec8d2bc 747
bdce7baf 748 if (len != sizeof(*cp))
ca69b795
JH		 749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 751
4e51eae9 752 hdev = hci_dev_get(index);
eec8d2bc 753 if (!hdev)
ca69b795
JH		 754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 756
09fd0de5 757 hci_dev_lock(hdev);
eec8d2bc 758
f0d4b78a
MH		 759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
761
762 if (cp->val) {
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
765 goto failed;
766 }
767 }
768
4b34ee78 769 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 771 goto failed;
772 }
773
2e58ef3e 774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
776 MGMT_STATUS_BUSY);
eec8d2bc
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
eec8d2bc 783 goto failed;
366a0336 784 }
eec8d2bc 785
72a734ec 786 if (cp->val)
7f971041 787 schedule_work(&hdev->power_on);
eec8d2bc 788 else
80b7ab33 789 schedule_work(&hdev->power_off.work);
eec8d2bc 790
366a0336 791 err = 0;
eec8d2bc
JH		 792
793failed:
09fd0de5 794 hci_dev_unlock(hdev);
eec8d2bc 795 hci_dev_put(hdev);
366a0336 796 return err;
eec8d2bc
JH		 797}
798
beadb2bd
JH		 799static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
800 u16 data_len, struct sock *skip_sk)
801{
802 struct sk_buff *skb;
803 struct mgmt_hdr *hdr;
804
805 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
806 if (!skb)
807 return -ENOMEM;
808
809 hdr = (void *) skb_put(skb, sizeof(*hdr));
810 hdr->opcode = cpu_to_le16(event);
811 if (hdev)
812 hdr->index = cpu_to_le16(hdev->id);
813 else
814 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
815 hdr->len = cpu_to_le16(data_len);
816
817 if (data)
818 memcpy(skb_put(skb, data_len), data, data_len);
819
820 hci_send_to_control(skb, skip_sk);
821 kfree_skb(skb);
822
823 return 0;
824}
825
826static int new_settings(struct hci_dev *hdev, struct sock *skip)
827{
828 __le32 ev;
829
830 ev = cpu_to_le32(get_current_settings(hdev));
831
832 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
833}
834
650f726d 835static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 836{
650f726d 837 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 838 struct hci_dev *hdev;
366a0336 839 struct pending_cmd *cmd;
5e5282bb 840 u16 timeout;
73f22f62
JH		 841 u8 scan;
842 int err;
843
4e51eae9 844 BT_DBG("request for hci%u", index);
73f22f62 845
bdce7baf 846 if (len != sizeof(*cp))
ca69b795
JH		 847 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
848 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 849
4e51eae9 850 hdev = hci_dev_get(index);
73f22f62 851 if (!hdev)
ca69b795
JH		 852 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
853 MGMT_STATUS_INVALID_PARAMS);
73f22f62 854
5e5282bb
JH		 855 timeout = get_unaligned_le16(&cp->timeout);
856
09fd0de5 857 hci_dev_lock(hdev);
73f22f62 858
5e5282bb 859 if (!hdev_is_powered(hdev) && timeout > 0) {
ca69b795
JH		 860 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
861 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 862 goto failed;
863 }
864
2e58ef3e
JH		 865 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
866 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 867 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
868 MGMT_STATUS_BUSY);
73f22f62
JH		 869 goto failed;
870 }
871
5e5282bb
JH		 872 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
873 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_REJECTED);
875 goto failed;
876 }
877
878 if (!hdev_is_powered(hdev)) {
879 if (cp->val)
880 set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
881 else
882 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
883 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
884 goto failed;
885 }
886
887 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
69ab39ea 888 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 889 goto failed;
890 }
891
2e58ef3e 892 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 893 if (!cmd) {
894 err = -ENOMEM;
73f22f62 895 goto failed;
366a0336 896 }
73f22f62
JH		 897
898 scan = SCAN_PAGE;
899
72a734ec 900 if (cp->val)
73f22f62 901 scan |= SCAN_INQUIRY;
16ab91ab 902 else
e0f9309f 903 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 904
905 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
906 if (err < 0)
a664b5bc 907 mgmt_pending_remove(cmd);
73f22f62 908
16ab91ab 909 if (cp->val)
5e5282bb 910 hdev->discov_timeout = timeout;
16ab91ab 911
73f22f62 912failed:
09fd0de5 913 hci_dev_unlock(hdev);
73f22f62
JH		 914 hci_dev_put(hdev);
915
916 return err;
917}
918
650f726d 919static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 920{
650f726d 921 struct mgmt_mode *cp = data;
9fbcbb45 922 struct hci_dev *hdev;
366a0336 923 struct pending_cmd *cmd;
9fbcbb45
JH		 924 u8 scan;
925 int err;
926
4e51eae9 927 BT_DBG("request for hci%u", index);
9fbcbb45 928
bdce7baf 929 if (len != sizeof(*cp))
ca69b795
JH		 930 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
931 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 932
4e51eae9 933 hdev = hci_dev_get(index);
9fbcbb45 934 if (!hdev)
ca69b795
JH		 935 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
936 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 937
09fd0de5 938 hci_dev_lock(hdev);
9fbcbb45 939
4b34ee78 940 if (!hdev_is_powered(hdev)) {
5e5282bb
JH		 941 if (cp->val)
942 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
943 else {
944 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
945 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
946 }
947 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 948 goto failed;
949 }
950
2e58ef3e
JH		 951 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
952 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 953 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
954 MGMT_STATUS_BUSY);
9fbcbb45
JH		 955 goto failed;
956 }
957
5e5282bb 958 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 959 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 960 goto failed;
961 }
962
2e58ef3e 963 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 964 if (!cmd) {
965 err = -ENOMEM;
9fbcbb45 966 goto failed;
366a0336 967 }
9fbcbb45 968
72a734ec 969 if (cp->val)
9fbcbb45 970 scan = SCAN_PAGE;
df2c6c5e 971 else {
9fbcbb45
JH		 972 scan = 0;
973
df2c6c5e
JH		 974 if (test_bit(HCI_ISCAN, &hdev->flags) &&
975 hdev->discov_timeout > 0)
976 cancel_delayed_work(&hdev->discov_off);
977 }
978
9fbcbb45
JH		 979 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
980 if (err < 0)
a664b5bc 981 mgmt_pending_remove(cmd);
9fbcbb45
JH		 982
983failed:
09fd0de5 984 hci_dev_unlock(hdev);
9fbcbb45
JH		 985 hci_dev_put(hdev);
986
987 return err;
988}
989
650f726d 990static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 991{
650f726d 992 struct mgmt_mode *cp = data;
c542a06c 993 struct hci_dev *hdev;
c542a06c
JH		 994 int err;
995
4e51eae9 996 BT_DBG("request for hci%u", index);
c542a06c 997
bdce7baf 998 if (len != sizeof(*cp))
ca69b795
JH		 999 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1000 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1001
4e51eae9 1002 hdev = hci_dev_get(index);
c542a06c 1003 if (!hdev)
ca69b795
JH		 1004 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1005 MGMT_STATUS_INVALID_PARAMS);
c542a06c 1006
09fd0de5 1007 hci_dev_lock(hdev);
c542a06c
JH		 1008
1009 if (cp->val)
a8b2d5c2 1010 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1011 else
a8b2d5c2 1012 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1013
69ab39ea 1014 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1015 if (err < 0)
1016 goto failed;
1017
beadb2bd 1018 err = new_settings(hdev, sk);
c542a06c
JH		 1019
1020failed:
09fd0de5 1021 hci_dev_unlock(hdev);
c542a06c
JH		 1022 hci_dev_put(hdev);
1023
1024 return err;
1025}
1026
33ef95ed
JH		 1027static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1028{
1029 struct mgmt_mode *cp = data;
1030 struct pending_cmd *cmd;
1031 struct hci_dev *hdev;
1032 uint8_t val;
1033 int err;
1034
1035 BT_DBG("request for hci%u", index);
1036
1037 if (len != sizeof(*cp))
1038 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1039 MGMT_STATUS_INVALID_PARAMS);
1040
1041 hdev = hci_dev_get(index);
1042 if (!hdev)
1043 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1044 MGMT_STATUS_INVALID_PARAMS);
1045
1046 hci_dev_lock(hdev);
1047
4b34ee78 1048 if (!hdev_is_powered(hdev)) {
33ef95ed
JH		 1049 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1050 MGMT_STATUS_NOT_POWERED);
1051 goto failed;
1052 }
1053
1054 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1055 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1056 MGMT_STATUS_BUSY);
1057 goto failed;
1058 }
1059
1060 val = !!cp->val;
1061
1062 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1063 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1064 goto failed;
1065 }
1066
1067 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1068 if (!cmd) {
1069 err = -ENOMEM;
1070 goto failed;
1071 }
1072
1073 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1074 if (err < 0) {
1075 mgmt_pending_remove(cmd);
1076 goto failed;
1077 }
1078
1079failed:
1080 hci_dev_unlock(hdev);
1081 hci_dev_put(hdev);
1082
1083 return err;
1084}
1085
ed2c4ee3
JH		 1086static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1087{
1088 struct mgmt_mode *cp = data;
1089 struct pending_cmd *cmd;
1090 struct hci_dev *hdev;
1091 uint8_t val;
1092 int err;
1093
1094 BT_DBG("request for hci%u", index);
1095
1096 if (len != sizeof(*cp))
1097 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1098 MGMT_STATUS_INVALID_PARAMS);
1099
1100 hdev = hci_dev_get(index);
1101 if (!hdev)
1102 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1103 MGMT_STATUS_INVALID_PARAMS);
1104
1105 hci_dev_lock(hdev);
1106
4b34ee78 1107 if (!hdev_is_powered(hdev)) {
ed2c4ee3
JH		 1108 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1109 MGMT_STATUS_NOT_POWERED);
1110 goto failed;
1111 }
1112
1e163574
JH		 1113 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1114 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1115 MGMT_STATUS_NOT_SUPPORTED);
1116 goto failed;
1117 }
1118
ed2c4ee3
JH		 1119 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1120 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1121 goto failed;
1122 }
1123
1124 val = !!cp->val;
1125
1126 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1127 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1128 goto failed;
1129 }
1130
1131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1132 if (!cmd) {
1133 err = -ENOMEM;
1134 goto failed;
1135 }
1136
1137 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1138 if (err < 0) {
1139 mgmt_pending_remove(cmd);
1140 goto failed;
1141 }
1142
1143failed:
1144 hci_dev_unlock(hdev);
1145 hci_dev_put(hdev);
1146
1147 return err;
1148}
1149
6d80dfd0
JH		 1150static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1151{
1152 struct mgmt_mode *cp = data;
1153 struct hci_dev *hdev;
1154 int err;
1155
1156 BT_DBG("request for hci%u", index);
1157
1158 if (len != sizeof(*cp))
1159 return cmd_status(sk, index, MGMT_OP_SET_HS,
1160 MGMT_STATUS_INVALID_PARAMS);
1161
1162 hdev = hci_dev_get(index);
1163 if (!hdev)
1164 return cmd_status(sk, index, MGMT_OP_SET_HS,
1165 MGMT_STATUS_INVALID_PARAMS);
1166
1167 if (!enable_hs) {
1168 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1169 MGMT_STATUS_NOT_SUPPORTED);
1170 goto failed;
1171 }
1172
1173 if (cp->val)
1174 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1175 else
1176 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1177
1178 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1179
1180failed:
1181 hci_dev_put(hdev);
1182 return err;
1183}
1184
650f726d 1185static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1186{
650f726d 1187 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1188 struct hci_dev *hdev;
1189 struct bt_uuid *uuid;
2aeb9a1a
JH		 1190 int err;
1191
4e51eae9 1192 BT_DBG("request for hci%u", index);
2aeb9a1a 1193
bdce7baf 1194 if (len != sizeof(*cp))
ca69b795
JH		 1195 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1196 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1197
4e51eae9 1198 hdev = hci_dev_get(index);
2aeb9a1a 1199 if (!hdev)
ca69b795
JH		 1200 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1201 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1202
09fd0de5 1203 hci_dev_lock(hdev);
2aeb9a1a
JH		 1204
1205 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1206 if (!uuid) {
1207 err = -ENOMEM;
1208 goto failed;
1209 }
1210
1211 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1212 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1213
1214 list_add(&uuid->list, &hdev->uuids);
1215
1aff6f09
JH		 1216 err = update_class(hdev);
1217 if (err < 0)
1218 goto failed;
1219
80a1e1db
JH		 1220 err = update_eir(hdev);
1221 if (err < 0)
1222 goto failed;
1223
aee9b218 1224 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1225
1226failed:
09fd0de5 1227 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1228 hci_dev_put(hdev);
1229
1230 return err;
1231}
1232
650f726d 1233static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1234{
650f726d 1235 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1236 struct list_head *p, *n;
2aeb9a1a
JH		 1237 struct hci_dev *hdev;
1238 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1239 int err, found;
1240
4e51eae9 1241 BT_DBG("request for hci%u", index);
2aeb9a1a 1242
bdce7baf 1243 if (len != sizeof(*cp))
ca69b795
JH		 1244 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1245 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1246
4e51eae9 1247 hdev = hci_dev_get(index);
2aeb9a1a 1248 if (!hdev)
ca69b795
JH		 1249 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1250 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1251
09fd0de5 1252 hci_dev_lock(hdev);
2aeb9a1a
JH		 1253
1254 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1255 err = hci_uuids_clear(hdev);
1256 goto unlock;
1257 }
1258
1259 found = 0;
1260
1261 list_for_each_safe(p, n, &hdev->uuids) {
1262 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1263
1264 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1265 continue;
1266
1267 list_del(&match->list);
1268 found++;
1269 }
1270
1271 if (found == 0) {
ca69b795
JH		 1272 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1273 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1274 goto unlock;
1275 }
1276
1aff6f09
JH		 1277 err = update_class(hdev);
1278 if (err < 0)
1279 goto unlock;
1280
80a1e1db
JH		 1281 err = update_eir(hdev);
1282 if (err < 0)
1283 goto unlock;
1284
aee9b218 1285 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1286
1287unlock:
09fd0de5 1288 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1289 hci_dev_put(hdev);
1290
1291 return err;
1292}
1293
650f726d 1294static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1295{
1296 struct hci_dev *hdev;
650f726d 1297 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1298 int err;
1299
4e51eae9 1300 BT_DBG("request for hci%u", index);
1aff6f09 1301
bdce7baf 1302 if (len != sizeof(*cp))
ca69b795
JH		 1303 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1304 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1305
4e51eae9 1306 hdev = hci_dev_get(index);
1aff6f09 1307 if (!hdev)
ca69b795
JH		 1308 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1309 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1310
09fd0de5 1311 hci_dev_lock(hdev);
1aff6f09 1312
b5235a65
JH		 1313 if (!hdev_is_powered(hdev)) {
1314 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1315 MGMT_STATUS_NOT_POWERED);
1316 goto unlock;
1317 }
1318
1aff6f09
JH		 1319 hdev->major_class = cp->major;
1320 hdev->minor_class = cp->minor;
1321
a8b2d5c2 1322 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1323 hci_dev_unlock(hdev);
1324 cancel_delayed_work_sync(&hdev->service_cache);
1325 hci_dev_lock(hdev);
14c0b608 1326 update_eir(hdev);
7d78525d 1327 }
14c0b608 1328
1aff6f09
JH		 1329 err = update_class(hdev);
1330
1331 if (err == 0)
aee9b218
JH		 1332 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1333 NULL, 0);
1aff6f09 1334
b5235a65 1335unlock:
09fd0de5 1336 hci_dev_unlock(hdev);
1aff6f09
JH		 1337 hci_dev_put(hdev);
1338
1339 return err;
1340}
1341
650f726d 1342static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1343{
1344 struct hci_dev *hdev;
650f726d 1345 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1346 u16 key_count, expected_len;
a492cd52 1347 int i;
55ed8ca1 1348
bdce7baf 1349 if (len < sizeof(*cp))
ca69b795
JH		 1350 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1351 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1352
55ed8ca1
JH		 1353 key_count = get_unaligned_le16(&cp->key_count);
1354
86742e1e
JH		 1355 expected_len = sizeof(*cp) + key_count *
1356 sizeof(struct mgmt_link_key_info);
a492cd52 1357 if (expected_len != len) {
86742e1e 1358 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1359 len, expected_len);
ca69b795
JH		 1360 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1361 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1362 }
1363
4e51eae9 1364 hdev = hci_dev_get(index);
55ed8ca1 1365 if (!hdev)
ca69b795
JH		 1366 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1367 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1368
4e51eae9 1369 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1370 key_count);
1371
09fd0de5 1372 hci_dev_lock(hdev);
55ed8ca1
JH		 1373
1374 hci_link_keys_clear(hdev);
1375
a8b2d5c2 1376 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1377
1378 if (cp->debug_keys)
a8b2d5c2 1379 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1380 else
a8b2d5c2 1381 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1382
a492cd52 1383 for (i = 0; i < key_count; i++) {
86742e1e 1384 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1385
d753fdc4
JH		 1386 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1387 key->type, key->pin_len);
55ed8ca1
JH		 1388 }
1389
aee9b218 1390 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1391
09fd0de5 1392 hci_dev_unlock(hdev);
55ed8ca1
JH		 1393 hci_dev_put(hdev);
1394
a492cd52 1395 return 0;
55ed8ca1
JH		 1396}
1397
b1078ad0
JH		 1398static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1399 u8 addr_type, struct sock *skip_sk)
1400{
1401 struct mgmt_ev_device_unpaired ev;
1402
1403 bacpy(&ev.addr.bdaddr, bdaddr);
1404 ev.addr.type = addr_type;
1405
1406 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1407 skip_sk);
1408}
1409
124f6e35 1410static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1411{
1412 struct hci_dev *hdev;
124f6e35
JH		 1413 struct mgmt_cp_unpair_device *cp = data;
1414 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1415 struct hci_cp_disconnect dc;
1416 struct pending_cmd *cmd;
55ed8ca1 1417 struct hci_conn *conn;
aee9b218 1418 u8 status = 0;
55ed8ca1
JH		 1419 int err;
1420
bdce7baf 1421 if (len != sizeof(*cp))
124f6e35 1422 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1423 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1424
4e51eae9 1425 hdev = hci_dev_get(index);
55ed8ca1 1426 if (!hdev)
124f6e35 1427 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1428 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1429
09fd0de5 1430 hci_dev_lock(hdev);
55ed8ca1 1431
a8a1d19e 1432 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1433 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1434 rp.addr.type = cp->addr.type;
a8a1d19e 1435
124f6e35
JH		 1436 if (cp->addr.type == MGMT_ADDR_BREDR)
1437 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1438 else
1439 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1440
55ed8ca1 1441 if (err < 0) {
aee9b218 1442 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1443 goto unlock;
1444 }
1445
a8a1d19e 1446 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1447 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1448 &rp, sizeof(rp));
b1078ad0 1449 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1450 goto unlock;
a8a1d19e 1451 }
55ed8ca1 1452
124f6e35
JH		 1453 if (cp->addr.type == MGMT_ADDR_BREDR)
1454 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1455 &cp->addr.bdaddr);
1456 else
1457 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1458 &cp->addr.bdaddr);
1459
a8a1d19e 1460 if (!conn) {
aee9b218
JH		 1461 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1462 &rp, sizeof(rp));
b1078ad0 1463 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1464 goto unlock;
1465 }
55ed8ca1 1466
124f6e35
JH		 1467 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1468 sizeof(*cp));
a8a1d19e
JH		 1469 if (!cmd) {
1470 err = -ENOMEM;
1471 goto unlock;
55ed8ca1
JH		 1472 }
1473
a8a1d19e
JH		 1474 put_unaligned_le16(conn->handle, &dc.handle);
1475 dc.reason = 0x13; /* Remote User Terminated Connection */
1476 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1477 if (err < 0)
1478 mgmt_pending_remove(cmd);
1479
55ed8ca1 1480unlock:
ca69b795 1481 if (err < 0)
aee9b218
JH		 1482 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1483 &rp, sizeof(rp));
09fd0de5 1484 hci_dev_unlock(hdev);
55ed8ca1
JH		 1485 hci_dev_put(hdev);
1486
1487 return err;
1488}
1489
650f726d 1490static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1491{
1492 struct hci_dev *hdev;
650f726d 1493 struct mgmt_cp_disconnect *cp = data;
8962ee74 1494 struct hci_cp_disconnect dc;
366a0336 1495 struct pending_cmd *cmd;
8962ee74 1496 struct hci_conn *conn;
8962ee74
JH		 1497 int err;
1498
1499 BT_DBG("");
1500
bdce7baf 1501 if (len != sizeof(*cp))
ca69b795
JH		 1502 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1503 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1504
4e51eae9 1505 hdev = hci_dev_get(index);
8962ee74 1506 if (!hdev)
ca69b795
JH		 1507 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1508 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1509
09fd0de5 1510 hci_dev_lock(hdev);
8962ee74
JH		 1511
1512 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1513 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1514 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1515 goto failed;
1516 }
1517
2e58ef3e 1518 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1519 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1520 MGMT_STATUS_BUSY);
8962ee74
JH		 1521 goto failed;
1522 }
1523
88c3df13
JH		 1524 if (cp->addr.type == MGMT_ADDR_BREDR)
1525 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1526 else
1527 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1528
8962ee74 1529 if (!conn) {
ca69b795
JH		 1530 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1531 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1532 goto failed;
1533 }
1534
2e58ef3e 1535 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1536 if (!cmd) {
1537 err = -ENOMEM;
8962ee74 1538 goto failed;
366a0336 1539 }
8962ee74
JH		 1540
1541 put_unaligned_le16(conn->handle, &dc.handle);
1542 dc.reason = 0x13; /* Remote User Terminated Connection */
1543
1544 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1545 if (err < 0)
a664b5bc 1546 mgmt_pending_remove(cmd);
8962ee74
JH		 1547
1548failed:
09fd0de5 1549 hci_dev_unlock(hdev);
8962ee74
JH		 1550 hci_dev_put(hdev);
1551
1552 return err;
1553}
1554
48264f06 1555static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1556{
1557 switch (link_type) {
1558 case LE_LINK:
48264f06
JH		 1559 switch (addr_type) {
1560 case ADDR_LE_DEV_PUBLIC:
1561 return MGMT_ADDR_LE_PUBLIC;
1562 case ADDR_LE_DEV_RANDOM:
1563 return MGMT_ADDR_LE_RANDOM;
1564 default:
1565 return MGMT_ADDR_INVALID;
1566 }
4c659c39
JH		 1567 case ACL_LINK:
1568 return MGMT_ADDR_BREDR;
1569 default:
1570 return MGMT_ADDR_INVALID;
1571 }
1572}
1573
8ce6284e 1574static int get_connections(struct sock *sk, u16 index)
2784eb41 1575{
2784eb41
JH		 1576 struct mgmt_rp_get_connections *rp;
1577 struct hci_dev *hdev;
8035ded4 1578 struct hci_conn *c;
a38528f1 1579 size_t rp_len;
4e51eae9 1580 u16 count;
2784eb41
JH		 1581 int i, err;
1582
1583 BT_DBG("");
1584
4e51eae9 1585 hdev = hci_dev_get(index);
2784eb41 1586 if (!hdev)
ca69b795
JH		 1587 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1588 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1589
09fd0de5 1590 hci_dev_lock(hdev);
2784eb41
JH		 1591
1592 count = 0;
b644ba33
JH		 1593 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1594 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1595 count++;
2784eb41
JH		 1596 }
1597
4c659c39 1598 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1599 rp = kmalloc(rp_len, GFP_ATOMIC);
1600 if (!rp) {
2784eb41
JH		 1601 err = -ENOMEM;
1602 goto unlock;
1603 }
1604
2784eb41
JH		 1605 put_unaligned_le16(count, &rp->conn_count);
1606
2784eb41 1607 i = 0;
4c659c39 1608 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1609 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1610 continue;
4c659c39 1611 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1612 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1613 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1614 continue;
1615 i++;
1616 }
1617
1618 /* Recalculate length in case of filtered SCO connections, etc */
1619 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1620
aee9b218 1621 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1622
1623unlock:
a38528f1 1624 kfree(rp);
09fd0de5 1625 hci_dev_unlock(hdev);
2784eb41
JH		 1626 hci_dev_put(hdev);
1627 return err;
1628}
1629
96d97a67
WR		 1630static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1631 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1632{
1633 struct pending_cmd *cmd;
1634 int err;
1635
2e58ef3e 1636 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1637 sizeof(*cp));
1638 if (!cmd)
1639 return -ENOMEM;
1640
d8457698
JH		 1641 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1642 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1643 if (err < 0)
1644 mgmt_pending_remove(cmd);
1645
1646 return err;
1647}
1648
650f726d 1649static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1650{
1651 struct hci_dev *hdev;
96d97a67 1652 struct hci_conn *conn;
650f726d 1653 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1654 struct hci_cp_pin_code_reply reply;
366a0336 1655 struct pending_cmd *cmd;
980e1a53
JH		 1656 int err;
1657
1658 BT_DBG("");
1659
bdce7baf 1660 if (len != sizeof(*cp))
ca69b795
JH		 1661 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1662 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1663
4e51eae9 1664 hdev = hci_dev_get(index);
980e1a53 1665 if (!hdev)
ca69b795
JH		 1666 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1667 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1668
09fd0de5 1669 hci_dev_lock(hdev);
980e1a53 1670
4b34ee78 1671 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1672 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1673 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1674 goto failed;
1675 }
1676
d8457698 1677 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1678 if (!conn) {
ca69b795
JH		 1679 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1680 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1681 goto failed;
1682 }
1683
1684 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1685 struct mgmt_cp_pin_code_neg_reply ncp;
1686
1687 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1688
1689 BT_ERR("PIN code is not 16 bytes long");
1690
1691 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1692 if (err >= 0)
1693 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1694 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1695
1696 goto failed;
1697 }
1698
650f726d
VCG		 1699 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1700 len);
366a0336
JH		 1701 if (!cmd) {
1702 err = -ENOMEM;
980e1a53 1703 goto failed;
366a0336 1704 }
980e1a53 1705
d8457698 1706 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1707 reply.pin_len = cp->pin_len;
24718ca5 1708 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1709
1710 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1711 if (err < 0)
a664b5bc 1712 mgmt_pending_remove(cmd);
980e1a53
JH		 1713
1714failed:
09fd0de5 1715 hci_dev_unlock(hdev);
980e1a53
JH		 1716 hci_dev_put(hdev);
1717
1718 return err;
1719}
1720
650f726d 1721static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1722{
1723 struct hci_dev *hdev;
650f726d 1724 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1725 int err;
1726
1727 BT_DBG("");
1728
bdce7baf
SJ		 1729 if (len != sizeof(*cp))
1730 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1731 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1732
4e51eae9 1733 hdev = hci_dev_get(index);
980e1a53 1734 if (!hdev)
4e51eae9 1735 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1736 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1737
09fd0de5 1738 hci_dev_lock(hdev);
980e1a53 1739
4b34ee78 1740 if (!hdev_is_powered(hdev)) {
4e51eae9 1741 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1742 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1743 goto failed;
1744 }
1745
96d97a67 1746 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1747
1748failed:
09fd0de5 1749 hci_dev_unlock(hdev);
980e1a53
JH		 1750 hci_dev_put(hdev);
1751
1752 return err;
1753}
1754
650f726d 1755static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1756{
1757 struct hci_dev *hdev;
650f726d 1758 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1759
1760 BT_DBG("");
1761
bdce7baf 1762 if (len != sizeof(*cp))
ca69b795
JH		 1763 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1764 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1765
4e51eae9 1766 hdev = hci_dev_get(index);
17fa4b9d 1767 if (!hdev)
ca69b795
JH		 1768 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1769 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1770
09fd0de5 1771 hci_dev_lock(hdev);
17fa4b9d
JH		 1772
1773 hdev->io_capability = cp->io_capability;
1774
1775 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1776 hdev->io_capability);
17fa4b9d 1777
09fd0de5 1778 hci_dev_unlock(hdev);
17fa4b9d
JH		 1779 hci_dev_put(hdev);
1780
aee9b218 1781 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1782}
1783
e9a416b5
JH		 1784static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1785{
1786 struct hci_dev *hdev = conn->hdev;
8035ded4 1787 struct pending_cmd *cmd;
e9a416b5 1788
2e58ef3e 1789 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1790 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1791 continue;
1792
e9a416b5
JH		 1793 if (cmd->user_data != conn)
1794 continue;
1795
1796 return cmd;
1797 }
1798
1799 return NULL;
1800}
1801
1802static void pairing_complete(struct pending_cmd *cmd, u8 status)
1803{
1804 struct mgmt_rp_pair_device rp;
1805 struct hci_conn *conn = cmd->user_data;
1806
ba4e564f
JH		 1807 bacpy(&rp.addr.bdaddr, &conn->dst);
1808 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1809
aee9b218
JH		 1810 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1811 &rp, sizeof(rp));
e9a416b5
JH		 1812
1813 /* So we don't get further callbacks for this connection */
1814 conn->connect_cfm_cb = NULL;
1815 conn->security_cfm_cb = NULL;
1816 conn->disconn_cfm_cb = NULL;
1817
1818 hci_conn_put(conn);
1819
a664b5bc 1820 mgmt_pending_remove(cmd);
e9a416b5
JH		 1821}
1822
1823static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1824{
1825 struct pending_cmd *cmd;
1826
1827 BT_DBG("status %u", status);
1828
1829 cmd = find_pairing(conn);
56e5cb86 1830 if (!cmd)
e9a416b5 1831 BT_DBG("Unable to find a pending command");
56e5cb86 1832 else
e211326c 1833 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1834}
1835
650f726d 1836static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1837{
1838 struct hci_dev *hdev;
650f726d 1839 struct mgmt_cp_pair_device *cp = data;
1425acb7 1840 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1841 struct pending_cmd *cmd;
1842 u8 sec_level, auth_type;
1843 struct hci_conn *conn;
e9a416b5
JH		 1844 int err;
1845
1846 BT_DBG("");
1847
bdce7baf 1848 if (len != sizeof(*cp))
ca69b795
JH		 1849 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1850 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1851
4e51eae9 1852 hdev = hci_dev_get(index);
e9a416b5 1853 if (!hdev)
ca69b795
JH		 1854 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1855 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1856
09fd0de5 1857 hci_dev_lock(hdev);
e9a416b5 1858
c908df36
VCG		 1859 sec_level = BT_SECURITY_MEDIUM;
1860 if (cp->io_cap == 0x03)
e9a416b5 1861 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1862 else
e9a416b5 1863 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1864
ba4e564f
JH		 1865 if (cp->addr.type == MGMT_ADDR_BREDR)
1866 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1867 auth_type);
1868 else
ba4e564f 1869 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1870 auth_type);
1871
1425acb7
JH		 1872 memset(&rp, 0, sizeof(rp));
1873 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1874 rp.addr.type = cp->addr.type;
1875
30e76272 1876 if (IS_ERR(conn)) {
e211326c
JH		 1877 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1878 MGMT_STATUS_CONNECT_FAILED,
1879 &rp, sizeof(rp));
e9a416b5
JH		 1880 goto unlock;
1881 }
1882
1883 if (conn->connect_cfm_cb) {
1884 hci_conn_put(conn);
e211326c
JH		 1885 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1886 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1887 goto unlock;
1888 }
1889
2e58ef3e 1890 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1891 if (!cmd) {
1892 err = -ENOMEM;
1893 hci_conn_put(conn);
1894 goto unlock;
1895 }
1896
7a512d01 1897 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1898 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1899 conn->connect_cfm_cb = pairing_complete_cb;
1900
e9a416b5
JH		 1901 conn->security_cfm_cb = pairing_complete_cb;
1902 conn->disconn_cfm_cb = pairing_complete_cb;
1903 conn->io_capability = cp->io_cap;
1904 cmd->user_data = conn;
1905
1906 if (conn->state == BT_CONNECTED &&
1907 hci_conn_security(conn, sec_level, auth_type))
1908 pairing_complete(cmd, 0);
1909
1910 err = 0;
1911
1912unlock:
09fd0de5 1913 hci_dev_unlock(hdev);
e9a416b5
JH		 1914 hci_dev_put(hdev);
1915
1916 return err;
1917}
1918
28424707
JH		 1919static int cancel_pair_device(struct sock *sk, u16 index,
1920 unsigned char *data, u16 len)
1921{
1922 struct mgmt_addr_info *addr = (void *) data;
1923 struct hci_dev *hdev;
1924 struct pending_cmd *cmd;
1925 struct hci_conn *conn;
1926 int err;
1927
1928 BT_DBG("");
1929
1930 if (len != sizeof(*addr))
1931 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1932 MGMT_STATUS_INVALID_PARAMS);
1933
1934 hdev = hci_dev_get(index);
1935 if (!hdev)
1936 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1937 MGMT_STATUS_INVALID_PARAMS);
1938
1939 hci_dev_lock(hdev);
1940
1941 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1942 if (!cmd) {
1943 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1944 MGMT_STATUS_INVALID_PARAMS);
1945 goto unlock;
1946 }
1947
1948 conn = cmd->user_data;
1949
1950 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1951 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1952 MGMT_STATUS_INVALID_PARAMS);
1953 goto unlock;
1954 }
1955
1956 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1957
aee9b218 1958 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 1959 sizeof(*addr));
1960unlock:
1961 hci_dev_unlock(hdev);
1962 hci_dev_put(hdev);
1963
1964 return err;
1965}
1966
0df4c185 1967static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1968 u8 type, u16 mgmt_op, u16 hci_op,
1969 __le32 passkey)
a5c29683 1970{
a5c29683
JH		 1971 struct pending_cmd *cmd;
1972 struct hci_dev *hdev;
0df4c185 1973 struct hci_conn *conn;
a5c29683
JH		 1974 int err;
1975
4e51eae9 1976 hdev = hci_dev_get(index);
a5c29683 1977 if (!hdev)
ca69b795
JH		 1978 return cmd_status(sk, index, mgmt_op,
1979 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1980
09fd0de5 1981 hci_dev_lock(hdev);
08ba5382 1982
4b34ee78 1983 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 1984 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1985 goto done;
a5c29683
JH		 1986 }
1987
272d90df
JH		 1988 if (type == MGMT_ADDR_BREDR)
1989 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1990 else
47c15e2b 1991 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 1992
1993 if (!conn) {
1994 err = cmd_status(sk, index, mgmt_op,
47c15e2b 1995 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 1996 goto done;
1997 }
47c15e2b 1998
272d90df 1999 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2000 /* Continue with pairing via SMP */
5fe57d9e
BG		 2001 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2002
2003 if (!err)
2004 err = cmd_status(sk, index, mgmt_op,
2005 MGMT_STATUS_SUCCESS);
2006 else
2007 err = cmd_status(sk, index, mgmt_op,
2008 MGMT_STATUS_FAILED);
47c15e2b 2009
47c15e2b
BG		 2010 goto done;
2011 }
2012
0df4c185 2013 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2014 if (!cmd) {
2015 err = -ENOMEM;
0df4c185 2016 goto done;
a5c29683
JH		 2017 }
2018
0df4c185 2019 /* Continue with pairing via HCI */
604086b7
BG		 2020 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2021 struct hci_cp_user_passkey_reply cp;
2022
2023 bacpy(&cp.bdaddr, bdaddr);
2024 cp.passkey = passkey;
2025 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2026 } else
2027 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2028
a664b5bc
JH		 2029 if (err < 0)
2030 mgmt_pending_remove(cmd);
a5c29683 2031
0df4c185 2032done:
09fd0de5 2033 hci_dev_unlock(hdev);
a5c29683
JH		 2034 hci_dev_put(hdev);
2035
2036 return err;
2037}
2038
0df4c185
BG		 2039static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2040{
650f726d 2041 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2042
2043 BT_DBG("");
2044
2045 if (len != sizeof(*cp))
2046 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2047 MGMT_STATUS_INVALID_PARAMS);
2048
272d90df
JH		 2049 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2050 MGMT_OP_USER_CONFIRM_REPLY,
2051 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2052}
2053
2054static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2055 u16 len)
2056{
c9c2659f 2057 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2058
2059 BT_DBG("");
2060
2061 if (len != sizeof(*cp))
2062 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2063 MGMT_STATUS_INVALID_PARAMS);
2064
272d90df
JH		 2065 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2066 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2067 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2068}
2069
604086b7
BG		 2070static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2071{
650f726d 2072 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2073
2074 BT_DBG("");
2075
2076 if (len != sizeof(*cp))
2077 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2078 EINVAL);
2079
272d90df
JH		 2080 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2081 MGMT_OP_USER_PASSKEY_REPLY,
2082 HCI_OP_USER_PASSKEY_REPLY,
2083 cp->passkey);
604086b7
BG		 2084}
2085
2086static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2087 u16 len)
2088{
650f726d 2089 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2090
2091 BT_DBG("");
2092
2093 if (len != sizeof(*cp))
2094 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2095 EINVAL);
2096
272d90df
JH		 2097 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2098 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2099 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2100}
2101
650f726d 2102static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2103 u16 len)
2104{
650f726d 2105 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2106 struct hci_cp_write_local_name hci_cp;
2107 struct hci_dev *hdev;
2108 struct pending_cmd *cmd;
2109 int err;
2110
2111 BT_DBG("");
2112
2113 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2114 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2115 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2116
2117 hdev = hci_dev_get(index);
2118 if (!hdev)
ca69b795
JH		 2119 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2120 MGMT_STATUS_INVALID_PARAMS);
b312b161 2121
09fd0de5 2122 hci_dev_lock(hdev);
b312b161 2123
b5235a65
JH		 2124 if (!hdev_is_powered(hdev)) {
2125 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2126 MGMT_STATUS_NOT_POWERED);
2127 goto failed;
2128 }
2129
650f726d
VCG		 2130 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2131 len);
b312b161
JH		 2132 if (!cmd) {
2133 err = -ENOMEM;
2134 goto failed;
2135 }
2136
2137 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2138 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2139 &hci_cp);
2140 if (err < 0)
2141 mgmt_pending_remove(cmd);
2142
2143failed:
09fd0de5 2144 hci_dev_unlock(hdev);
b312b161
JH		 2145 hci_dev_put(hdev);
2146
2147 return err;
2148}
2149
c35938b2
SJ		 2150static int read_local_oob_data(struct sock *sk, u16 index)
2151{
2152 struct hci_dev *hdev;
2153 struct pending_cmd *cmd;
2154 int err;
2155
2156 BT_DBG("hci%u", index);
2157
2158 hdev = hci_dev_get(index);
2159 if (!hdev)
2160 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2161 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2162
09fd0de5 2163 hci_dev_lock(hdev);
c35938b2 2164
4b34ee78 2165 if (!hdev_is_powered(hdev)) {
c35938b2 2166 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2167 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2168 goto unlock;
2169 }
2170
2171 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2172 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2173 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2174 goto unlock;
2175 }
2176
2e58ef3e 2177 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2178 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2179 MGMT_STATUS_BUSY);
c35938b2
SJ		 2180 goto unlock;
2181 }
2182
2e58ef3e 2183 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2184 if (!cmd) {
2185 err = -ENOMEM;
2186 goto unlock;
2187 }
2188
2189 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2190 if (err < 0)
2191 mgmt_pending_remove(cmd);
2192
2193unlock:
09fd0de5 2194 hci_dev_unlock(hdev);
c35938b2
SJ		 2195 hci_dev_put(hdev);
2196
2197 return err;
2198}
2199
650f726d
VCG		 2200static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2201 u16 len)
2763eda6
SJ		 2202{
2203 struct hci_dev *hdev;
650f726d 2204 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2205 u8 status;
2763eda6
SJ		 2206 int err;
2207
2208 BT_DBG("hci%u ", index);
2209
2210 if (len != sizeof(*cp))
2211 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2212 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2213
2214 hdev = hci_dev_get(index);
2215 if (!hdev)
bf1e3541
JH		 2216 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2217 MGMT_STATUS_INVALID_PARAMS,
2218 &cp->addr, sizeof(cp->addr));
2763eda6 2219
09fd0de5 2220 hci_dev_lock(hdev);
2763eda6 2221
664ce4cc 2222 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2223 cp->randomizer);
2224 if (err < 0)
bf1e3541 2225 status = MGMT_STATUS_FAILED;
2763eda6 2226 else
bf1e3541
JH		 2227 status = 0;
2228
2229 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2230 &cp->addr, sizeof(cp->addr));
2763eda6 2231
09fd0de5 2232 hci_dev_unlock(hdev);
2763eda6
SJ		 2233 hci_dev_put(hdev);
2234
2235 return err;
2236}
2237
2238static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2239 void *data, u16 len)
2763eda6
SJ		 2240{
2241 struct hci_dev *hdev;
650f726d 2242 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2243 u8 status;
2763eda6
SJ		 2244 int err;
2245
2246 BT_DBG("hci%u ", index);
2247
2248 if (len != sizeof(*cp))
2249 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2250 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2251
2252 hdev = hci_dev_get(index);
2253 if (!hdev)
bf1e3541
JH		 2254 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2255 MGMT_STATUS_INVALID_PARAMS,
2256 &cp->addr, sizeof(cp->addr));
2763eda6 2257
09fd0de5 2258 hci_dev_lock(hdev);
2763eda6 2259
664ce4cc 2260 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2261 if (err < 0)
bf1e3541 2262 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2263 else
bf1e3541
JH		 2264 status = 0;
2265
2266 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2267 &cp->addr, sizeof(cp->addr));
2763eda6 2268
09fd0de5 2269 hci_dev_unlock(hdev);
2763eda6
SJ		 2270 hci_dev_put(hdev);
2271
2272 return err;
2273}
2274
5e0452c0
AG		 2275static int discovery(struct hci_dev *hdev)
2276{
2277 int err;
2278
2279 if (lmp_host_le_capable(hdev)) {
2280 if (lmp_bredr_capable(hdev)) {
2281 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2282 LE_SCAN_INT, LE_SCAN_WIN,
2283 LE_SCAN_TIMEOUT_BREDR_LE);
2284 } else {
2285 hdev->discovery.type = DISCOV_TYPE_LE;
2286 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2287 LE_SCAN_INT, LE_SCAN_WIN,
2288 LE_SCAN_TIMEOUT_LE_ONLY);
2289 }
2290 } else {
2291 hdev->discovery.type = DISCOV_TYPE_BREDR;
2292 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2293 }
2294
2295 return err;
2296}
2297
2298int mgmt_interleaved_discovery(struct hci_dev *hdev)
2299{
2300 int err;
2301
2302 BT_DBG("%s", hdev->name);
2303
2304 hci_dev_lock(hdev);
2305
2306 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2307 if (err < 0)
2308 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2309
2310 hci_dev_unlock(hdev);
2311
2312 return err;
2313}
2314
450dfdaf 2315static int start_discovery(struct sock *sk, u16 index,
650f726d 2316 void *data, u16 len)
14a53664 2317{
650f726d 2318 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2319 struct pending_cmd *cmd;
2320 struct hci_dev *hdev;
2321 int err;
2322
2323 BT_DBG("hci%u", index);
2324
450dfdaf
JH		 2325 if (len != sizeof(*cp))
2326 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2327 MGMT_STATUS_INVALID_PARAMS);
2328
14a53664
JH		 2329 hdev = hci_dev_get(index);
2330 if (!hdev)
ca69b795
JH		 2331 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2332 MGMT_STATUS_INVALID_PARAMS);
14a53664 2333
09fd0de5 2334 hci_dev_lock(hdev);
14a53664 2335
4b34ee78 2336 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2337 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2338 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2339 goto failed;
2340 }
2341
ff9ef578
JH		 2342 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2343 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2344 MGMT_STATUS_BUSY);
2345 goto failed;
2346 }
2347
2e58ef3e 2348 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2349 if (!cmd) {
2350 err = -ENOMEM;
2351 goto failed;
2352 }
2353
4aab14e5
AG		 2354 hdev->discovery.type = cp->type;
2355
2356 switch (hdev->discovery.type) {
f39799f5 2357 case DISCOV_TYPE_BREDR:
3fd24153 2358 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2359 break;
2360
2361 case DISCOV_TYPE_LE:
3fd24153
AG		 2362 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2363 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2364 break;
2365
5e0452c0
AG		 2366 case DISCOV_TYPE_INTERLEAVED:
2367 err = discovery(hdev);
2368 break;
2369
f39799f5 2370 default:
3fd24153 2371 err = -EINVAL;
f39799f5 2372 }
3fd24153 2373
14a53664
JH		 2374 if (err < 0)
2375 mgmt_pending_remove(cmd);
ff9ef578
JH		 2376 else
2377 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2378
2379failed:
09fd0de5 2380 hci_dev_unlock(hdev);
14a53664
JH		 2381 hci_dev_put(hdev);
2382
2383 return err;
2384}
2385
d930650b 2386static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2387{
d930650b 2388 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2389 struct hci_dev *hdev;
2390 struct pending_cmd *cmd;
30dc78e1
JH		 2391 struct hci_cp_remote_name_req_cancel cp;
2392 struct inquiry_entry *e;
14a53664
JH		 2393 int err;
2394
2395 BT_DBG("hci%u", index);
2396
d930650b
JH		 2397 if (len != sizeof(*mgmt_cp))
2398 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2399 MGMT_STATUS_INVALID_PARAMS);
2400
14a53664
JH		 2401 hdev = hci_dev_get(index);
2402 if (!hdev)
ca69b795
JH		 2403 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2404 MGMT_STATUS_INVALID_PARAMS);
14a53664 2405
09fd0de5 2406 hci_dev_lock(hdev);
14a53664 2407
30dc78e1 2408 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2409 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2410 MGMT_STATUS_REJECTED,
2411 &mgmt_cp->type, sizeof(mgmt_cp->type));
2412 goto unlock;
2413 }
2414
2415 if (hdev->discovery.type != mgmt_cp->type) {
2416 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2417 MGMT_STATUS_INVALID_PARAMS,
2418 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2419 goto unlock;
ff9ef578
JH		 2420 }
2421
2e58ef3e 2422 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2423 if (!cmd) {
2424 err = -ENOMEM;
30dc78e1
JH		 2425 goto unlock;
2426 }
2427
343f935b 2428 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2429 err = hci_cancel_inquiry(hdev);
2430 if (err < 0)
2431 mgmt_pending_remove(cmd);
2432 else
2433 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2434 goto unlock;
2435 }
2436
2437 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2438 if (!e) {
2439 mgmt_pending_remove(cmd);
aee9b218 2440 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2441 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2442 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2443 goto unlock;
14a53664
JH		 2444 }
2445
30dc78e1
JH		 2446 bacpy(&cp.bdaddr, &e->data.bdaddr);
2447 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2448 sizeof(cp), &cp);
14a53664
JH		 2449 if (err < 0)
2450 mgmt_pending_remove(cmd);
ff9ef578
JH		 2451 else
2452 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2453
30dc78e1 2454unlock:
09fd0de5 2455 hci_dev_unlock(hdev);
14a53664
JH		 2456 hci_dev_put(hdev);
2457
2458 return err;
2459}
2460
650f726d 2461static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2462{
650f726d 2463 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2464 struct inquiry_entry *e;
2465 struct hci_dev *hdev;
2466 int err;
2467
2468 BT_DBG("hci%u", index);
2469
2470 if (len != sizeof(*cp))
2471 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2472 MGMT_STATUS_INVALID_PARAMS);
2473
2474 hdev = hci_dev_get(index);
2475 if (!hdev)
2476 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2477 MGMT_STATUS_INVALID_PARAMS);
2478
2479 hci_dev_lock(hdev);
2480
30dc78e1
JH		 2481 if (!hci_discovery_active(hdev)) {
2482 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2483 MGMT_STATUS_FAILED);
2484 goto failed;
2485 }
2486
a198e7b1 2487 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc
JH		 2488 if (!e) {
2489 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2490 MGMT_STATUS_INVALID_PARAMS);
2491 goto failed;
2492 }
2493
2494 if (cp->name_known) {
2495 e->name_state = NAME_KNOWN;
2496 list_del(&e->list);
2497 } else {
2498 e->name_state = NAME_NEEDED;
a3d4e20a 2499 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2500 }
2501
2502 err = 0;
2503
2504failed:
2505 hci_dev_unlock(hdev);
2506
2507 return err;
2508}
2509
650f726d 2510static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2511{
2512 struct hci_dev *hdev;
650f726d 2513 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2514 u8 status;
7fbec224
AJ		 2515 int err;
2516
2517 BT_DBG("hci%u", index);
2518
7fbec224
AJ		 2519 if (len != sizeof(*cp))
2520 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2521 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2522
2523 hdev = hci_dev_get(index);
2524 if (!hdev)
f0eeea8b
JH		 2525 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2526 MGMT_STATUS_INVALID_PARAMS,
2527 &cp->addr, sizeof(cp->addr));
7fbec224 2528
09fd0de5 2529 hci_dev_lock(hdev);
5e762444 2530
88c1fe4b 2531 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2532 if (err < 0)
f0eeea8b 2533 status = MGMT_STATUS_FAILED;
7fbec224 2534 else
f0eeea8b
JH		 2535 status = 0;
2536
2537 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2538 &cp->addr, sizeof(cp->addr));
5e762444 2539
09fd0de5 2540 hci_dev_unlock(hdev);
7fbec224
AJ		 2541 hci_dev_put(hdev);
2542
2543 return err;
2544}
2545
650f726d 2546static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2547{
2548 struct hci_dev *hdev;
650f726d 2549 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2550 u8 status;
7fbec224
AJ		 2551 int err;
2552
2553 BT_DBG("hci%u", index);
2554
7fbec224
AJ		 2555 if (len != sizeof(*cp))
2556 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2557 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2558
2559 hdev = hci_dev_get(index);
2560 if (!hdev)
f0eeea8b
JH		 2561 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2562 MGMT_STATUS_INVALID_PARAMS,
2563 &cp->addr, sizeof(cp->addr));
7fbec224 2564
09fd0de5 2565 hci_dev_lock(hdev);
5e762444 2566
88c1fe4b 2567 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2568 if (err < 0)
f0eeea8b 2569 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2570 else
f0eeea8b
JH		 2571 status = 0;
2572
2573 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2574 &cp->addr, sizeof(cp->addr));
5e762444 2575
09fd0de5 2576 hci_dev_unlock(hdev);
7fbec224
AJ		 2577 hci_dev_put(hdev);
2578
2579 return err;
2580}
2581
f6422ec6 2582static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2583 void *data, u16 len)
f6422ec6
AJ		 2584{
2585 struct hci_dev *hdev;
650f726d 2586 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2587 struct hci_cp_write_page_scan_activity acp;
2588 u8 type;
2589 int err;
2590
2591 BT_DBG("hci%u", index);
2592
2593 if (len != sizeof(*cp))
2594 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2595 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2596
2597 hdev = hci_dev_get(index);
2598 if (!hdev)
2599 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2600 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2601 if (!hdev_is_powered(hdev))
2602 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2603 MGMT_STATUS_NOT_POWERED);
2604
2605 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2606 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2607 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2608
2609 hci_dev_lock(hdev);
2610
f7c6869c 2611 if (cp->val) {
f6422ec6
AJ		 2612 type = PAGE_SCAN_TYPE_INTERLACED;
2613 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2614 } else {
2615 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2616 acp.interval = 0x0800; /* default 1.28 sec page scan */
2617 }
2618
2619 acp.window = 0x0012; /* default 11.25 msec page scan window */
2620
2621 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2622 sizeof(acp), &acp);
2623 if (err < 0) {
2624 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2625 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2626 goto done;
2627 }
2628
2629 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2630 if (err < 0) {
2631 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2632 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2633 goto done;
2634 }
2635
aee9b218
JH		 2636 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2637 NULL, 0);
f6422ec6
AJ		 2638done:
2639 hci_dev_unlock(hdev);
2640 hci_dev_put(hdev);
2641
2642 return err;
2643}
2644
346af67b
VCG		 2645static int load_long_term_keys(struct sock *sk, u16 index,
2646 void *cp_data, u16 len)
2647{
2648 struct hci_dev *hdev;
2649 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2650 u16 key_count, expected_len;
2651 int i;
2652
2653 if (len < sizeof(*cp))
2654 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2655 EINVAL);
2656
2657 key_count = get_unaligned_le16(&cp->key_count);
2658
2659 expected_len = sizeof(*cp) + key_count *
2660 sizeof(struct mgmt_ltk_info);
2661 if (expected_len != len) {
2662 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2663 len, expected_len);
2664 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2665 EINVAL);
2666 }
2667
2668 hdev = hci_dev_get(index);
2669 if (!hdev)
2670 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2671 ENODEV);
2672
2673 BT_DBG("hci%u key_count %u", index, key_count);
2674
2675 hci_dev_lock(hdev);
2676
2677 hci_smp_ltks_clear(hdev);
2678
2679 for (i = 0; i < key_count; i++) {
2680 struct mgmt_ltk_info *key = &cp->keys[i];
2681 u8 type;
2682
2683 if (key->master)
2684 type = HCI_SMP_LTK;
2685 else
2686 type = HCI_SMP_LTK_SLAVE;
2687
2688 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2689 type, 0, key->authenticated, key->val,
2690 key->enc_size, key->ediv, key->rand);
2691 }
2692
2693 hci_dev_unlock(hdev);
2694 hci_dev_put(hdev);
2695
2696 return 0;
2697}
2698
0381101f
JH		 2699int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2700{
650f726d
VCG		 2701 void *buf;
2702 u8 *cp;
0381101f 2703 struct mgmt_hdr *hdr;
4e51eae9 2704 u16 opcode, index, len;
0381101f
JH		 2705 int err;
2706
2707 BT_DBG("got %zu bytes", msglen);
2708
2709 if (msglen < sizeof(*hdr))
2710 return -EINVAL;
2711
e63a15ec 2712 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2713 if (!buf)
2714 return -ENOMEM;
2715
2716 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2717 err = -EFAULT;
2718 goto done;
2719 }
2720
650f726d 2721 hdr = buf;
0381101f 2722 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2723 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2724 len = get_unaligned_le16(&hdr->len);
2725
2726 if (len != msglen - sizeof(*hdr)) {
2727 err = -EINVAL;
2728 goto done;
2729 }
2730
650f726d
VCG		 2731 cp = buf + sizeof(*hdr);
2732
0381101f 2733 switch (opcode) {
02d98129
JH		 2734 case MGMT_OP_READ_VERSION:
2735 err = read_version(sk);
2736 break;
e70bb2e8
JH		 2737 case MGMT_OP_READ_COMMANDS:
2738 err = read_commands(sk);
2739 break;
faba42eb
JH		 2740 case MGMT_OP_READ_INDEX_LIST:
2741 err = read_index_list(sk);
2742 break;
f7b64e69 2743 case MGMT_OP_READ_INFO:
4e51eae9 2744 err = read_controller_info(sk, index);
f7b64e69 2745 break;
eec8d2bc 2746 case MGMT_OP_SET_POWERED:
650f726d 2747 err = set_powered(sk, index, cp, len);
eec8d2bc 2748 break;
73f22f62 2749 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2750 err = set_discoverable(sk, index, cp, len);
73f22f62 2751 break;
9fbcbb45 2752 case MGMT_OP_SET_CONNECTABLE:
650f726d 2753 err = set_connectable(sk, index, cp, len);
9fbcbb45 2754 break;
f7c6869c 2755 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2756 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2757 break;
c542a06c 2758 case MGMT_OP_SET_PAIRABLE:
650f726d 2759 err = set_pairable(sk, index, cp, len);
c542a06c 2760 break;
33ef95ed
JH		 2761 case MGMT_OP_SET_LINK_SECURITY:
2762 err = set_link_security(sk, index, cp, len);
2763 break;
ed2c4ee3
JH		 2764 case MGMT_OP_SET_SSP:
2765 err = set_ssp(sk, index, cp, len);
2766 break;
6d80dfd0
JH		 2767 case MGMT_OP_SET_HS:
2768 err = set_hs(sk, index, cp, len);
2769 break;
2aeb9a1a 2770 case MGMT_OP_ADD_UUID:
650f726d 2771 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2772 break;
2773 case MGMT_OP_REMOVE_UUID:
650f726d 2774 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2775 break;
1aff6f09 2776 case MGMT_OP_SET_DEV_CLASS:
650f726d 2777 err = set_dev_class(sk, index, cp, len);
1aff6f09 2778 break;
86742e1e 2779 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2780 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2781 break;
8962ee74 2782 case MGMT_OP_DISCONNECT:
650f726d 2783 err = disconnect(sk, index, cp, len);
8962ee74 2784 break;
2784eb41 2785 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2786 err = get_connections(sk, index);
2784eb41 2787 break;
980e1a53 2788 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2789 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2790 break;
2791 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2792 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2793 break;
17fa4b9d 2794 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2795 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2796 break;
e9a416b5 2797 case MGMT_OP_PAIR_DEVICE:
650f726d 2798 err = pair_device(sk, index, cp, len);
e9a416b5 2799 break;
28424707
JH		 2800 case MGMT_OP_CANCEL_PAIR_DEVICE:
2801 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2802 break;
124f6e35
JH		 2803 case MGMT_OP_UNPAIR_DEVICE:
2804 err = unpair_device(sk, index, cp, len);
2805 break;
a5c29683 2806 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2807 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2808 break;
2809 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2810 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2811 break;
604086b7 2812 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2813 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2814 break;
2815 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2816 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2817 break;
b312b161 2818 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2819 err = set_local_name(sk, index, cp, len);
b312b161 2820 break;
c35938b2
SJ		 2821 case MGMT_OP_READ_LOCAL_OOB_DATA:
2822 err = read_local_oob_data(sk, index);
2823 break;
2763eda6 2824 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2825 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2826 break;
2827 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2828 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2829 break;
14a53664 2830 case MGMT_OP_START_DISCOVERY:
650f726d 2831 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2832 break;
2833 case MGMT_OP_STOP_DISCOVERY:
d930650b 2834 err = stop_discovery(sk, index, cp, len);
14a53664 2835 break;
561aafbc 2836 case MGMT_OP_CONFIRM_NAME:
650f726d 2837 err = confirm_name(sk, index, cp, len);
561aafbc 2838 break;
7fbec224 2839 case MGMT_OP_BLOCK_DEVICE:
650f726d 2840 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2841 break;
2842 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2843 err = unblock_device(sk, index, cp, len);
7fbec224 2844 break;
346af67b
VCG		 2845 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2846 err = load_long_term_keys(sk, index, cp, len);
2847 break;
0381101f
JH		 2848 default:
2849 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2850 err = cmd_status(sk, index, opcode,
2851 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2852 break;
2853 }
2854
e41d8b4e
JH		 2855 if (err < 0)
2856 goto done;
2857
0381101f
JH		 2858 err = msglen;
2859
2860done:
2861 kfree(buf);
2862 return err;
2863}
c71e97bf 2864
b24752fe
JH		 2865static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2866{
2867 u8 *status = data;
2868
2869 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2870 mgmt_pending_remove(cmd);
2871}
2872
744cf19e 2873int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2874{
744cf19e 2875 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2876}
2877
744cf19e 2878int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2879{
b24752fe
JH		 2880 u8 status = ENODEV;
2881
744cf19e 2882 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2883
744cf19e 2884 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2885}
2886
73f22f62 2887struct cmd_lookup {
eec8d2bc 2888 struct sock *sk;
69ab39ea 2889 struct hci_dev *hdev;
eec8d2bc
JH		 2890};
2891
69ab39ea 2892static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2893{
73f22f62 2894 struct cmd_lookup *match = data;
eec8d2bc 2895
69ab39ea 2896 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2897
2898 list_del(&cmd->list);
2899
2900 if (match->sk == NULL) {
2901 match->sk = cmd->sk;
2902 sock_hold(match->sk);
2903 }
2904
2905 mgmt_pending_free(cmd);
c71e97bf 2906}
5add6af8 2907
744cf19e 2908int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2909{
76a7f3a4 2910 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2911 int err;
5add6af8 2912
5e5282bb
JH		 2913 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2914 return 0;
2915
69ab39ea 2916 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2917
5e5282bb
JH		 2918 if (powered) {
2919 u8 scan = 0;
2920
2921 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2922 scan |= SCAN_PAGE;
2923 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2924 scan |= SCAN_INQUIRY;
2925
2926 if (scan)
2927 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2928 } else {
b24752fe 2929 u8 status = ENETDOWN;
744cf19e 2930 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2931 }
2932
beadb2bd 2933 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2934
2935 if (match.sk)
2936 sock_put(match.sk);
2937
7bb895d6 2938 return err;
5add6af8 2939}
73f22f62 2940
744cf19e 2941int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2942{
76a7f3a4 2943 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2944 bool changed = false;
2945 int err = 0;
73f22f62 2946
69ab39ea 2947 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2948
5e5282bb
JH		 2949 if (discoverable) {
2950 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2951 changed = true;
2952 } else {
2953 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2954 changed = true;
2955 }
73f22f62 2956
beadb2bd
JH		 2957 if (changed)
2958 err = new_settings(hdev, match.sk);
5e5282bb 2959
73f22f62
JH		 2960 if (match.sk)
2961 sock_put(match.sk);
2962
7bb895d6 2963 return err;
73f22f62 2964}
9fbcbb45 2965
744cf19e 2966int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2967{
76a7f3a4 2968 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2969 bool changed = false;
2970 int err = 0;
9fbcbb45 2971
69ab39ea
JH		 2972 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2973 &match);
9fbcbb45 2974
5e5282bb
JH		 2975 if (connectable) {
2976 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2977 changed = true;
2978 } else {
2979 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2980 changed = true;
2981 }
9fbcbb45 2982
beadb2bd
JH		 2983 if (changed)
2984 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2985
2986 if (match.sk)
2987 sock_put(match.sk);
2988
7bb895d6 2989 return err;
9fbcbb45 2990}
55ed8ca1 2991
744cf19e 2992int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2993{
ca69b795
JH		 2994 u8 mgmt_err = mgmt_status(status);
2995
2d7cee58 2996 if (scan & SCAN_PAGE)
744cf19e 2997 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2998 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2999
3000 if (scan & SCAN_INQUIRY)
744cf19e 3001 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 3002 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3003
3004 return 0;
3005}
3006
744cf19e
JH		 3007int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3008 u8 persistent)
55ed8ca1 3009{
86742e1e 3010 struct mgmt_ev_new_link_key ev;
55ed8ca1 3011
a492cd52 3012 memset(&ev, 0, sizeof(ev));
55ed8ca1 3013
a492cd52 3014 ev.store_hint = persistent;
d753fdc4
JH		 3015 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3016 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 3017 ev.key.type = key->type;
3018 memcpy(ev.key.val, key->val, 16);
3019 ev.key.pin_len = key->pin_len;
55ed8ca1 3020
744cf19e 3021 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3022}
f7520543 3023
346af67b
VCG		 3024int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3025{
3026 struct mgmt_ev_new_long_term_key ev;
3027
3028 memset(&ev, 0, sizeof(ev));
3029
3030 ev.store_hint = persistent;
3031 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3032 ev.key.addr.type = key->bdaddr_type;
3033 ev.key.authenticated = key->authenticated;
3034 ev.key.enc_size = key->enc_size;
3035 ev.key.ediv = key->ediv;
3036
3037 if (key->type == HCI_SMP_LTK)
3038 ev.key.master = 1;
3039
3040 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3041 memcpy(ev.key.val, key->val, sizeof(key->val));
3042
3043 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3044 &ev, sizeof(ev), NULL);
3045}
3046
afc747a6 3047int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 3048 u8 addr_type, u8 *name, u8 name_len,
3049 u8 *dev_class)
f7520543 3050{
b644ba33
JH		 3051 char buf[512];
3052 struct mgmt_ev_device_connected *ev = (void *) buf;
3053 u16 eir_len = 0;
f7520543 3054
b644ba33
JH		 3055 bacpy(&ev->addr.bdaddr, bdaddr);
3056 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3057
b644ba33
JH		 3058 if (name_len > 0)
3059 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3060 name, name_len);
3061
3062 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3063 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3064 EIR_CLASS_OF_DEV, dev_class, 3);
3065
3066 put_unaligned_le16(eir_len, &ev->eir_len);
3067
3068 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3069 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3070}
3071
8962ee74
JH		 3072static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3073{
c68fb7ff 3074 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3075 struct sock **sk = data;
a38528f1 3076 struct mgmt_rp_disconnect rp;
8962ee74 3077
88c3df13
JH		 3078 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3079 rp.addr.type = cp->addr.type;
8962ee74 3080
aee9b218
JH		 3081 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3082 sizeof(rp));
8962ee74
JH		 3083
3084 *sk = cmd->sk;
3085 sock_hold(*sk);
3086
a664b5bc 3087 mgmt_pending_remove(cmd);
8962ee74
JH		 3088}
3089
124f6e35 3090static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3091{
b1078ad0 3092 struct hci_dev *hdev = data;
124f6e35
JH		 3093 struct mgmt_cp_unpair_device *cp = cmd->param;
3094 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3095
3096 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3097 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3098 rp.addr.type = cp->addr.type;
a8a1d19e 3099
b1078ad0
JH		 3100 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3101
aee9b218 3102 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3103
3104 mgmt_pending_remove(cmd);
3105}
3106
afc747a6
JH		 3107int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3108 u8 link_type, u8 addr_type)
f7520543 3109{
4c659c39 3110 struct mgmt_addr_info ev;
8962ee74
JH		 3111 struct sock *sk = NULL;
3112 int err;
3113
744cf19e 3114 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3115
f7520543 3116 bacpy(&ev.bdaddr, bdaddr);
48264f06 3117 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3118
afc747a6
JH		 3119 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3120 sk);
8962ee74
JH		 3121
3122 if (sk)
3123 sock_put(sk);
3124
124f6e35 3125 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3126 hdev);
a8a1d19e 3127
8962ee74
JH		 3128 return err;
3129}
3130
88c3df13
JH		 3131int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3132 u8 link_type, u8 addr_type, u8 status)
8962ee74 3133{
88c3df13 3134 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3135 struct pending_cmd *cmd;
3136 int err;
3137
2e58ef3e 3138 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3139 if (!cmd)
3140 return -ENOENT;
3141
88c3df13
JH		 3142 bacpy(&rp.addr.bdaddr, bdaddr);
3143 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3144
88c3df13 3145 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3146 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3147
a664b5bc 3148 mgmt_pending_remove(cmd);
8962ee74 3149
b1078ad0
JH		 3150 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3151 hdev);
8962ee74 3152 return err;
f7520543 3153}
17d5c04c 3154
48264f06
JH		 3155int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3156 u8 addr_type, u8 status)
17d5c04c
JH		 3157{
3158 struct mgmt_ev_connect_failed ev;
3159
4c659c39 3160 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3161 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3162 ev.status = mgmt_status(status);
17d5c04c 3163
744cf19e 3164 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3165}
980e1a53 3166
744cf19e 3167int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3168{
3169 struct mgmt_ev_pin_code_request ev;
3170
d8457698
JH		 3171 bacpy(&ev.addr.bdaddr, bdaddr);
3172 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3173 ev.secure = secure;
980e1a53 3174
744cf19e 3175 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3176 NULL);
980e1a53
JH		 3177}
3178
744cf19e
JH		 3179int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3180 u8 status)
980e1a53
JH		 3181{
3182 struct pending_cmd *cmd;
ac56fb13 3183 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3184 int err;
3185
2e58ef3e 3186 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3187 if (!cmd)
3188 return -ENOENT;
3189
d8457698
JH		 3190 bacpy(&rp.addr.bdaddr, bdaddr);
3191 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3192
aee9b218
JH		 3193 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3194 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3195
a664b5bc 3196 mgmt_pending_remove(cmd);
980e1a53
JH		 3197
3198 return err;
3199}
3200
744cf19e
JH		 3201int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3202 u8 status)
980e1a53
JH		 3203{
3204 struct pending_cmd *cmd;
ac56fb13 3205 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3206 int err;
3207
2e58ef3e 3208 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3209 if (!cmd)
3210 return -ENOENT;
3211
d8457698
JH		 3212 bacpy(&rp.addr.bdaddr, bdaddr);
3213 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3214
aee9b218
JH		 3215 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3216 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3217
a664b5bc 3218 mgmt_pending_remove(cmd);
980e1a53
JH		 3219
3220 return err;
3221}
a5c29683 3222
744cf19e 3223int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3224 u8 link_type, u8 addr_type, __le32 value,
3225 u8 confirm_hint)
a5c29683
JH		 3226{
3227 struct mgmt_ev_user_confirm_request ev;
3228
744cf19e 3229 BT_DBG("%s", hdev->name);
a5c29683 3230
272d90df
JH		 3231 bacpy(&ev.addr.bdaddr, bdaddr);
3232 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3233 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3234 put_unaligned_le32(value, &ev.value);
3235
744cf19e 3236 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3237 NULL);
a5c29683
JH		 3238}
3239
272d90df
JH		 3240int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3241 u8 link_type, u8 addr_type)
604086b7
BG		 3242{
3243 struct mgmt_ev_user_passkey_request ev;
3244
3245 BT_DBG("%s", hdev->name);
3246
272d90df
JH		 3247 bacpy(&ev.addr.bdaddr, bdaddr);
3248 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3249
3250 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3251 NULL);
3252}
3253
0df4c185 3254static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3255 u8 link_type, u8 addr_type, u8 status,
3256 u8 opcode)
a5c29683
JH		 3257{
3258 struct pending_cmd *cmd;
3259 struct mgmt_rp_user_confirm_reply rp;
3260 int err;
3261
2e58ef3e 3262 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3263 if (!cmd)
3264 return -ENOENT;
3265
272d90df
JH		 3266 bacpy(&rp.addr.bdaddr, bdaddr);
3267 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3268 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3269 &rp, sizeof(rp));
a5c29683 3270
a664b5bc 3271 mgmt_pending_remove(cmd);
a5c29683
JH		 3272
3273 return err;
3274}
3275
744cf19e 3276int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3277 u8 link_type, u8 addr_type, u8 status)
a5c29683 3278{
272d90df
JH		 3279 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3280 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3281}
3282
272d90df
JH		 3283int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3284 u8 link_type, u8 addr_type, u8 status)
a5c29683 3285{
272d90df
JH		 3286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3287 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3288}
2a611692 3289
604086b7 3290int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3291 u8 link_type, u8 addr_type, u8 status)
604086b7 3292{
272d90df
JH		 3293 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3294 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3295}
3296
272d90df
JH		 3297int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3298 u8 link_type, u8 addr_type, u8 status)
604086b7 3299{
272d90df
JH		 3300 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3301 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3302}
3303
bab73cb6
JH		 3304int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3305 u8 addr_type, u8 status)
2a611692
JH		 3306{
3307 struct mgmt_ev_auth_failed ev;
3308
bab73cb6
JH		 3309 bacpy(&ev.addr.bdaddr, bdaddr);
3310 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3311 ev.status = mgmt_status(status);
2a611692 3312
744cf19e 3313 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3314}
b312b161 3315
33ef95ed
JH		 3316int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3317{
3318 struct cmd_lookup match = { NULL, hdev };
33ef95ed
JH		 3319 int err;
3320
3321 if (status) {
3322 u8 mgmt_err = mgmt_status(status);
3323 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3324 cmd_status_rsp, &mgmt_err);
3325 return 0;
3326 }
3327
3328 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3329 &match);
3330
beadb2bd 3331 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3332
3333 if (match.sk)
3334 sock_put(match.sk);
3335
3336 return err;
3337}
3338
cacaf52f
JH		 3339static int clear_eir(struct hci_dev *hdev)
3340{
3341 struct hci_cp_write_eir cp;
3342
3343 if (!(hdev->features[6] & LMP_EXT_INQ))
3344 return 0;
3345
3346 memset(&cp, 0, sizeof(cp));
3347
3348 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3349}
3350
ed2c4ee3
JH		 3351int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3352{
3353 struct cmd_lookup match = { NULL, hdev };
ed2c4ee3
JH		 3354 int err;
3355
3356 if (status) {
3357 u8 mgmt_err = mgmt_status(status);
3358 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3359 cmd_status_rsp, &mgmt_err);
3360 return 0;
3361 }
3362
3363 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3364
beadb2bd 3365 err = new_settings(hdev, match.sk);
ed2c4ee3 3366
cacaf52f 3367 if (match.sk) {
ed2c4ee3
JH		 3368 sock_put(match.sk);
3369
cacaf52f
JH		 3370 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3371 update_eir(hdev);
3372 else
3373 clear_eir(hdev);
3374 }
3375
ed2c4ee3
JH		 3376 return err;
3377}
3378
744cf19e 3379int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3380{
3381 struct pending_cmd *cmd;
3382 struct mgmt_cp_set_local_name ev;
3383 int err;
3384
3385 memset(&ev, 0, sizeof(ev));
3386 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3387
2e58ef3e 3388 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3389 if (!cmd)
3390 goto send_event;
3391
3392 if (status) {
744cf19e 3393 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3394 mgmt_status(status));
b312b161
JH		 3395 goto failed;
3396 }
3397
744cf19e 3398 update_eir(hdev);
80a1e1db 3399
aee9b218 3400 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3401 sizeof(ev));
3402 if (err < 0)
3403 goto failed;
3404
3405send_event:
744cf19e 3406 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3407 cmd ? cmd->sk : NULL);
3408
3409failed:
3410 if (cmd)
3411 mgmt_pending_remove(cmd);
3412 return err;
3413}
c35938b2 3414
744cf19e
JH		 3415int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3416 u8 *randomizer, u8 status)
c35938b2
SJ		 3417{
3418 struct pending_cmd *cmd;
3419 int err;
3420
744cf19e 3421 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3422
2e58ef3e 3423 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3424 if (!cmd)
3425 return -ENOENT;
3426
3427 if (status) {
744cf19e 3428 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3429 MGMT_OP_READ_LOCAL_OOB_DATA,
3430 mgmt_status(status));
c35938b2
SJ		 3431 } else {
3432 struct mgmt_rp_read_local_oob_data rp;
3433
3434 memcpy(rp.hash, hash, sizeof(rp.hash));
3435 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3436
744cf19e
JH		 3437 err = cmd_complete(cmd->sk, hdev->id,
3438 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3439 0, &rp, sizeof(rp));
c35938b2
SJ		 3440 }
3441
3442 mgmt_pending_remove(cmd);
3443
3444 return err;
3445}
e17acd40 3446
48264f06 3447int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3448 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3449 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3450{
e319d2e7
JH		 3451 char buf[512];
3452 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3453 size_t ev_size;
e17acd40 3454
1dc06093
JH		 3455 /* Leave 5 bytes for a potential CoD field */
3456 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3457 return -EINVAL;
3458
1dc06093
JH		 3459 memset(buf, 0, sizeof(buf));
3460
e319d2e7
JH		 3461 bacpy(&ev->addr.bdaddr, bdaddr);
3462 ev->addr.type = link_to_mgmt(link_type, addr_type);
3463 ev->rssi = rssi;
3464 ev->confirm_name = cfm_name;
e17acd40 3465
1dc06093 3466 if (eir_len > 0)
e319d2e7 3467 memcpy(ev->eir, eir, eir_len);
e17acd40 3468
1dc06093
JH		 3469 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3470 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3471 dev_class, 3);
3472
3473 put_unaligned_le16(eir_len, &ev->eir_len);
3474
3475 ev_size = sizeof(*ev) + eir_len;
f8523598 3476
e319d2e7 3477 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3478}
a88a9652 3479
b644ba33
JH		 3480int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3481 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3482{
b644ba33
JH		 3483 struct mgmt_ev_device_found *ev;
3484 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3485 u16 eir_len;
a88a9652 3486
b644ba33 3487 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3488
b644ba33
JH		 3489 memset(buf, 0, sizeof(buf));
3490
3491 bacpy(&ev->addr.bdaddr, bdaddr);
3492 ev->addr.type = link_to_mgmt(link_type, addr_type);
3493 ev->rssi = rssi;
3494
3495 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3496 name_len);
3497
3498 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3499
053c7e0c
JH		 3500 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3501 sizeof(*ev) + eir_len, NULL);
a88a9652 3502}
314b2381 3503
7a135109 3504int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3505{
3506 struct pending_cmd *cmd;
f808e166 3507 u8 type;
164a6e78
JH		 3508 int err;
3509
203159d4
AG		 3510 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3511
2e58ef3e 3512 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3513 if (!cmd)
3514 return -ENOENT;
3515
f808e166
JH		 3516 type = hdev->discovery.type;
3517
3518 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3519 &type, sizeof(type));
164a6e78
JH		 3520 mgmt_pending_remove(cmd);
3521
3522 return err;
3523}
3524
e6d465cb
AG		 3525int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3526{
3527 struct pending_cmd *cmd;
3528 int err;
3529
3530 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3531 if (!cmd)
3532 return -ENOENT;
3533
d930650b
JH		 3534 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3535 &hdev->discovery.type,
3536 sizeof(hdev->discovery.type));
164a6e78
JH		 3537 mgmt_pending_remove(cmd);
3538
3539 return err;
3540}
3541
744cf19e 3542int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3543{
f963e8e9 3544 struct mgmt_ev_discovering ev;
164a6e78
JH		 3545 struct pending_cmd *cmd;
3546
343fb145
AG		 3547 BT_DBG("%s discovering %u", hdev->name, discovering);
3548
164a6e78 3549 if (discovering)
2e58ef3e 3550 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3551 else
2e58ef3e 3552 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3553
3554 if (cmd != NULL) {
f808e166
JH		 3555 u8 type = hdev->discovery.type;
3556
d930650b 3557 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3558 &type, sizeof(type));
164a6e78
JH		 3559 mgmt_pending_remove(cmd);
3560 }
3561
f963e8e9
JH		 3562 memset(&ev, 0, sizeof(ev));
3563 ev.type = hdev->discovery.type;
3564 ev.discovering = discovering;
3565
3566 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3567}
5e762444 3568
88c1fe4b 3569int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3570{
3571 struct pending_cmd *cmd;
3572 struct mgmt_ev_device_blocked ev;
3573
2e58ef3e 3574 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3575
88c1fe4b
JH		 3576 bacpy(&ev.addr.bdaddr, bdaddr);
3577 ev.addr.type = type;
5e762444 3578
744cf19e
JH		 3579 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3580 cmd ? cmd->sk : NULL);
5e762444
AJ		 3581}
3582
88c1fe4b 3583int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3584{
3585 struct pending_cmd *cmd;
3586 struct mgmt_ev_device_unblocked ev;
3587
2e58ef3e 3588 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3589
88c1fe4b
JH		 3590 bacpy(&ev.addr.bdaddr, bdaddr);
3591 ev.addr.type = type;
5e762444 3592
744cf19e
JH		 3593 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3594 cmd ? cmd->sk : NULL);
5e762444 3595}
d7b7e796
MH		 3596
3597module_param(enable_hs, bool, 0644);
3598MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3599
3600module_param(enable_le, bool, 0644);
3601MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux kernel - Deliverables
This page took 0.318936 seconds and 5 git commands to generate.