projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Fix Removing discoverable timeout in set_connectable
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
56b7d137 267 return err;;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f0d4b78a 395 if (!test_bit(HCI_UP, &hdev->flags))
69ab39ea
JH		 396 return settings;
397
f0d4b78a
MH		 398 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
5e5282bb 404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_DISCOVERABLE;
406
a8b2d5c2 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_PAIRABLE;
409
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
412
59e29406 413 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 414 settings |= MGMT_SETTING_LE;
415
416 if (test_bit(HCI_AUTH, &hdev->flags))
417 settings |= MGMT_SETTING_LINK_SECURITY;
418
84bde9d6 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_SSP;
421
6d80dfd0
JH		 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
69ab39ea
JH		 425 return settings;
426}
427
ef580372
JH		 428#define PNP_INFO_SVCLASS_ID 0x1200
429
430static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433};
434
435static u16 get_uuid16(u8 *uuid128)
436{
437 u32 val;
438 int i;
439
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
442 return 0;
443 }
444
445 memcpy(&val, &uuid128[12], 4);
446
447 val = le32_to_cpu(val);
448 if (val > 0xffff)
449 return 0;
450
451 return (u16) val;
452}
453
454static void create_eir(struct hci_dev *hdev, u8 *data)
455{
456 u8 *ptr = data;
457 u16 eir_len = 0;
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
461 size_t name_len;
462
463 name_len = strlen(hdev->dev_name);
464
465 if (name_len > 0) {
466 /* EIR Data type */
467 if (name_len > 48) {
468 name_len = 48;
469 ptr[1] = EIR_NAME_SHORT;
470 } else
471 ptr[1] = EIR_NAME_COMPLETE;
472
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
475
476 memcpy(ptr + 2, hdev->dev_name, name_len);
477
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
480 }
481
482 memset(uuid16_list, 0, sizeof(uuid16_list));
483
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 u16 uuid16;
487
488 uuid16 = get_uuid16(uuid->uuid);
489 if (uuid16 == 0)
490 return;
491
492 if (uuid16 < 0x1100)
493 continue;
494
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 continue;
497
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
500 truncated = 1;
501 break;
502 }
503
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
507 break;
508
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
512 }
513 }
514
515 if (uuid16_list[0] != 0) {
516 u8 *length = ptr;
517
518 /* EIR Data type */
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
520
521 ptr += 2;
522 eir_len += 2;
523
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
527 }
528
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
531 }
532}
533
534static int update_eir(struct hci_dev *hdev)
535{
536 struct hci_cp_write_eir cp;
537
538 if (!(hdev->features[6] & LMP_EXT_INQ))
539 return 0;
540
84bde9d6 541 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
a8b2d5c2 544 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 545 return 0;
546
547 memset(&cp, 0, sizeof(cp));
548
549 create_eir(hdev, cp.data);
550
551 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
552 return 0;
553
554 memcpy(hdev->eir, cp.data, sizeof(cp.data));
555
556 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
557}
558
559static u8 get_service_classes(struct hci_dev *hdev)
560{
561 struct bt_uuid *uuid;
562 u8 val = 0;
563
564 list_for_each_entry(uuid, &hdev->uuids, list)
565 val |= uuid->svc_hint;
566
567 return val;
568}
569
570static int update_class(struct hci_dev *hdev)
571{
572 u8 cod[3];
573
574 BT_DBG("%s", hdev->name);
575
a8b2d5c2 576 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 577 return 0;
578
579 cod[0] = hdev->minor_class;
580 cod[1] = hdev->major_class;
581 cod[2] = get_service_classes(hdev);
582
583 if (memcmp(cod, hdev->dev_class, 3) == 0)
584 return 0;
585
586 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
587}
588
7d78525d
JH		 589static void service_cache_off(struct work_struct *work)
590{
591 struct hci_dev *hdev = container_of(work, struct hci_dev,
592 service_cache.work);
593
a8b2d5c2 594 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 595 return;
596
597 hci_dev_lock(hdev);
598
599 update_eir(hdev);
600 update_class(hdev);
601
602 hci_dev_unlock(hdev);
603}
604
605static void mgmt_init_hdev(struct hci_dev *hdev)
606{
0cbf4ed6 607 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 608 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
609
0cbf4ed6
JH		 610 /* Non-mgmt controlled devices get this bit set
611 * implicitly so that pairing works for them, however
612 * for mgmt we require user-space to explicitly enable
613 * it
614 */
615 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
616 }
617
a8b2d5c2 618 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 619 schedule_delayed_work(&hdev->service_cache,
620 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
621}
622
4e51eae9 623static int read_controller_info(struct sock *sk, u16 index)
0381101f 624{
a38528f1 625 struct mgmt_rp_read_info rp;
f7b64e69 626 struct hci_dev *hdev;
0381101f 627
4e51eae9 628 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 629
4e51eae9 630 hdev = hci_dev_get(index);
a38528f1 631 if (!hdev)
ca69b795
JH		 632 return cmd_status(sk, index, MGMT_OP_READ_INFO,
633 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 634
09fd0de5 635 hci_dev_lock(hdev);
f7b64e69 636
7d78525d
JH		 637 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
638 mgmt_init_hdev(hdev);
ebc99feb 639
dc4fe30b
JH		 640 memset(&rp, 0, sizeof(rp));
641
69ab39ea 642 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 643
69ab39ea 644 rp.version = hdev->hci_ver;
f7b64e69 645
69ab39ea
JH		 646 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
647
648 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
649 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 650
a38528f1 651 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 652
dc4fe30b
JH		 653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
654
09fd0de5 655 hci_dev_unlock(hdev);
f7b64e69 656 hci_dev_put(hdev);
0381101f 657
aee9b218 658 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 659}
660
eec8d2bc
JH		 661static void mgmt_pending_free(struct pending_cmd *cmd)
662{
663 sock_put(cmd->sk);
c68fb7ff 664 kfree(cmd->param);
eec8d2bc
JH		 665 kfree(cmd);
666}
667
366a0336 668static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 669 struct hci_dev *hdev,
670 void *data, u16 len)
eec8d2bc
JH		 671{
672 struct pending_cmd *cmd;
673
674 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
675 if (!cmd)
366a0336 676 return NULL;
eec8d2bc
JH		 677
678 cmd->opcode = opcode;
2e58ef3e 679 cmd->index = hdev->id;
eec8d2bc 680
c68fb7ff
SJ		 681 cmd->param = kmalloc(len, GFP_ATOMIC);
682 if (!cmd->param) {
eec8d2bc 683 kfree(cmd);
366a0336 684 return NULL;
eec8d2bc
JH		 685 }
686
8fce6357
SJ		 687 if (data)
688 memcpy(cmd->param, data, len);
eec8d2bc
JH		 689
690 cmd->sk = sk;
691 sock_hold(sk);
692
2e58ef3e 693 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 694
366a0336 695 return cmd;
eec8d2bc
JH		 696}
697
744cf19e 698static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 699 void (*cb)(struct pending_cmd *cmd, void *data),
700 void *data)
701{
702 struct list_head *p, *n;
703
2e58ef3e 704 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 705 struct pending_cmd *cmd;
706
707 cmd = list_entry(p, struct pending_cmd, list);
708
b24752fe 709 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 710 continue;
711
eec8d2bc
JH		 712 cb(cmd, data);
713 }
714}
715
2e58ef3e 716static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 717{
8035ded4 718 struct pending_cmd *cmd;
eec8d2bc 719
2e58ef3e 720 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 721 if (cmd->opcode == opcode)
722 return cmd;
eec8d2bc
JH		 723 }
724
725 return NULL;
726}
727
a664b5bc 728static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 729{
73f22f62
JH		 730 list_del(&cmd->list);
731 mgmt_pending_free(cmd);
732}
733
69ab39ea 734static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 735{
69ab39ea 736 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 737
aee9b218
JH		 738 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
739 sizeof(settings));
8680570b
JH		 740}
741
650f726d 742static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 743{
650f726d 744 struct mgmt_mode *cp = data;
eec8d2bc 745 struct hci_dev *hdev;
366a0336 746 struct pending_cmd *cmd;
4b34ee78 747 int err;
eec8d2bc 748
4e51eae9 749 BT_DBG("request for hci%u", index);
eec8d2bc 750
bdce7baf 751 if (len != sizeof(*cp))
ca69b795
JH		 752 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
753 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 754
4e51eae9 755 hdev = hci_dev_get(index);
eec8d2bc 756 if (!hdev)
ca69b795
JH		 757 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
758 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 759
09fd0de5 760 hci_dev_lock(hdev);
eec8d2bc 761
f0d4b78a
MH		 762 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
763 cancel_delayed_work(&hdev->power_off);
764
765 if (cp->val) {
766 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
767 mgmt_powered(hdev, 1);
768 goto failed;
769 }
770 }
771
4b34ee78 772 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 773 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 774 goto failed;
775 }
776
2e58ef3e 777 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 778 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
779 MGMT_STATUS_BUSY);
eec8d2bc
JH		 780 goto failed;
781 }
782
2e58ef3e 783 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 784 if (!cmd) {
785 err = -ENOMEM;
eec8d2bc 786 goto failed;
366a0336 787 }
eec8d2bc 788
72a734ec 789 if (cp->val)
7f971041 790 schedule_work(&hdev->power_on);
eec8d2bc 791 else
80b7ab33 792 schedule_work(&hdev->power_off.work);
eec8d2bc 793
366a0336 794 err = 0;
eec8d2bc
JH		 795
796failed:
09fd0de5 797 hci_dev_unlock(hdev);
eec8d2bc 798 hci_dev_put(hdev);
366a0336 799 return err;
eec8d2bc
JH		 800}
801
650f726d 802static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 803{
650f726d 804 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 805 struct hci_dev *hdev;
366a0336 806 struct pending_cmd *cmd;
5e5282bb 807 u16 timeout;
73f22f62
JH		 808 u8 scan;
809 int err;
810
4e51eae9 811 BT_DBG("request for hci%u", index);
73f22f62 812
bdce7baf 813 if (len != sizeof(*cp))
ca69b795
JH		 814 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
815 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 816
4e51eae9 817 hdev = hci_dev_get(index);
73f22f62 818 if (!hdev)
ca69b795
JH		 819 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
820 MGMT_STATUS_INVALID_PARAMS);
73f22f62 821
5e5282bb
JH		 822 timeout = get_unaligned_le16(&cp->timeout);
823
09fd0de5 824 hci_dev_lock(hdev);
73f22f62 825
5e5282bb 826 if (!hdev_is_powered(hdev) && timeout > 0) {
ca69b795
JH		 827 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
828 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 829 goto failed;
830 }
831
2e58ef3e
JH		 832 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
833 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 834 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
835 MGMT_STATUS_BUSY);
73f22f62
JH		 836 goto failed;
837 }
838
5e5282bb
JH		 839 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
840 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
841 MGMT_STATUS_REJECTED);
842 goto failed;
843 }
844
845 if (!hdev_is_powered(hdev)) {
846 if (cp->val)
847 set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
848 else
849 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
850 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
851 goto failed;
852 }
853
854 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
69ab39ea 855 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 856 goto failed;
857 }
858
2e58ef3e 859 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 860 if (!cmd) {
861 err = -ENOMEM;
73f22f62 862 goto failed;
366a0336 863 }
73f22f62
JH		 864
865 scan = SCAN_PAGE;
866
72a734ec 867 if (cp->val)
73f22f62 868 scan |= SCAN_INQUIRY;
16ab91ab 869 else
e0f9309f 870 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 871
872 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
873 if (err < 0)
a664b5bc 874 mgmt_pending_remove(cmd);
73f22f62 875
16ab91ab 876 if (cp->val)
5e5282bb 877 hdev->discov_timeout = timeout;
16ab91ab 878
73f22f62 879failed:
09fd0de5 880 hci_dev_unlock(hdev);
73f22f62
JH		 881 hci_dev_put(hdev);
882
883 return err;
884}
885
650f726d 886static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 887{
650f726d 888 struct mgmt_mode *cp = data;
9fbcbb45 889 struct hci_dev *hdev;
366a0336 890 struct pending_cmd *cmd;
9fbcbb45
JH		 891 u8 scan;
892 int err;
893
4e51eae9 894 BT_DBG("request for hci%u", index);
9fbcbb45 895
bdce7baf 896 if (len != sizeof(*cp))
ca69b795
JH		 897 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
898 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 899
4e51eae9 900 hdev = hci_dev_get(index);
9fbcbb45 901 if (!hdev)
ca69b795
JH		 902 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
903 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 904
09fd0de5 905 hci_dev_lock(hdev);
9fbcbb45 906
4b34ee78 907 if (!hdev_is_powered(hdev)) {
5e5282bb
JH		 908 if (cp->val)
909 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
910 else {
911 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
912 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
913 }
914 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 915 goto failed;
916 }
917
2e58ef3e
JH		 918 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
919 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 920 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
921 MGMT_STATUS_BUSY);
9fbcbb45
JH		 922 goto failed;
923 }
924
5e5282bb 925 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 926 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 927 goto failed;
928 }
929
2e58ef3e 930 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 931 if (!cmd) {
932 err = -ENOMEM;
9fbcbb45 933 goto failed;
366a0336 934 }
9fbcbb45 935
72a734ec 936 if (cp->val)
9fbcbb45 937 scan = SCAN_PAGE;
df2c6c5e 938 else {
9fbcbb45
JH		 939 scan = 0;
940
df2c6c5e
JH		 941 if (test_bit(HCI_ISCAN, &hdev->flags) &&
942 hdev->discov_timeout > 0)
943 cancel_delayed_work(&hdev->discov_off);
944 }
945
9fbcbb45
JH		 946 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
947 if (err < 0)
a664b5bc 948 mgmt_pending_remove(cmd);
9fbcbb45
JH		 949
950failed:
09fd0de5 951 hci_dev_unlock(hdev);
9fbcbb45
JH		 952 hci_dev_put(hdev);
953
954 return err;
955}
956
744cf19e
JH		 957static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
958 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 959{
960 struct sk_buff *skb;
961 struct mgmt_hdr *hdr;
962
963 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
964 if (!skb)
965 return -ENOMEM;
966
c542a06c
JH		 967 hdr = (void *) skb_put(skb, sizeof(*hdr));
968 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 969 if (hdev)
970 hdr->index = cpu_to_le16(hdev->id);
971 else
972 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 973 hdr->len = cpu_to_le16(data_len);
974
4e51eae9
SJ		 975 if (data)
976 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c 977
470fe1b5 978 hci_send_to_control(skb, skip_sk);
c542a06c
JH		 979 kfree_skb(skb);
980
981 return 0;
982}
983
650f726d 984static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 985{
650f726d 986 struct mgmt_mode *cp = data;
c542a06c 987 struct hci_dev *hdev;
69ab39ea 988 __le32 ev;
c542a06c
JH		 989 int err;
990
4e51eae9 991 BT_DBG("request for hci%u", index);
c542a06c 992
bdce7baf 993 if (len != sizeof(*cp))
ca69b795
JH		 994 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
995 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 996
4e51eae9 997 hdev = hci_dev_get(index);
c542a06c 998 if (!hdev)
ca69b795
JH		 999 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1000 MGMT_STATUS_INVALID_PARAMS);
c542a06c 1001
09fd0de5 1002 hci_dev_lock(hdev);
c542a06c
JH		 1003
1004 if (cp->val)
a8b2d5c2 1005 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1006 else
a8b2d5c2 1007 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1008
69ab39ea 1009 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1010 if (err < 0)
1011 goto failed;
1012
69ab39ea 1013 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 1014
69ab39ea 1015 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 1016
1017failed:
09fd0de5 1018 hci_dev_unlock(hdev);
c542a06c
JH		 1019 hci_dev_put(hdev);
1020
1021 return err;
1022}
1023
33ef95ed
JH		 1024static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1025{
1026 struct mgmt_mode *cp = data;
1027 struct pending_cmd *cmd;
1028 struct hci_dev *hdev;
1029 uint8_t val;
1030 int err;
1031
1032 BT_DBG("request for hci%u", index);
1033
1034 if (len != sizeof(*cp))
1035 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1036 MGMT_STATUS_INVALID_PARAMS);
1037
1038 hdev = hci_dev_get(index);
1039 if (!hdev)
1040 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1041 MGMT_STATUS_INVALID_PARAMS);
1042
1043 hci_dev_lock(hdev);
1044
4b34ee78 1045 if (!hdev_is_powered(hdev)) {
33ef95ed
JH		 1046 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1047 MGMT_STATUS_NOT_POWERED);
1048 goto failed;
1049 }
1050
1051 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1052 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1053 MGMT_STATUS_BUSY);
1054 goto failed;
1055 }
1056
1057 val = !!cp->val;
1058
1059 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1060 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1061 goto failed;
1062 }
1063
1064 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1065 if (!cmd) {
1066 err = -ENOMEM;
1067 goto failed;
1068 }
1069
1070 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1071 if (err < 0) {
1072 mgmt_pending_remove(cmd);
1073 goto failed;
1074 }
1075
1076failed:
1077 hci_dev_unlock(hdev);
1078 hci_dev_put(hdev);
1079
1080 return err;
1081}
1082
ed2c4ee3
JH		 1083static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1084{
1085 struct mgmt_mode *cp = data;
1086 struct pending_cmd *cmd;
1087 struct hci_dev *hdev;
1088 uint8_t val;
1089 int err;
1090
1091 BT_DBG("request for hci%u", index);
1092
1093 if (len != sizeof(*cp))
1094 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1095 MGMT_STATUS_INVALID_PARAMS);
1096
1097 hdev = hci_dev_get(index);
1098 if (!hdev)
1099 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1100 MGMT_STATUS_INVALID_PARAMS);
1101
1102 hci_dev_lock(hdev);
1103
4b34ee78 1104 if (!hdev_is_powered(hdev)) {
ed2c4ee3
JH		 1105 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1106 MGMT_STATUS_NOT_POWERED);
1107 goto failed;
1108 }
1109
1e163574
JH		 1110 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1111 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1112 MGMT_STATUS_NOT_SUPPORTED);
1113 goto failed;
1114 }
1115
ed2c4ee3
JH		 1116 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1117 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1118 goto failed;
1119 }
1120
1121 val = !!cp->val;
1122
1123 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1124 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1125 goto failed;
1126 }
1127
1128 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1129 if (!cmd) {
1130 err = -ENOMEM;
1131 goto failed;
1132 }
1133
1134 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1135 if (err < 0) {
1136 mgmt_pending_remove(cmd);
1137 goto failed;
1138 }
1139
1140failed:
1141 hci_dev_unlock(hdev);
1142 hci_dev_put(hdev);
1143
1144 return err;
1145}
1146
6d80dfd0
JH		 1147static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1148{
1149 struct mgmt_mode *cp = data;
1150 struct hci_dev *hdev;
1151 int err;
1152
1153 BT_DBG("request for hci%u", index);
1154
1155 if (len != sizeof(*cp))
1156 return cmd_status(sk, index, MGMT_OP_SET_HS,
1157 MGMT_STATUS_INVALID_PARAMS);
1158
1159 hdev = hci_dev_get(index);
1160 if (!hdev)
1161 return cmd_status(sk, index, MGMT_OP_SET_HS,
1162 MGMT_STATUS_INVALID_PARAMS);
1163
1164 if (!enable_hs) {
1165 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1166 MGMT_STATUS_NOT_SUPPORTED);
1167 goto failed;
1168 }
1169
1170 if (cp->val)
1171 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1172 else
1173 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1174
1175 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1176
1177failed:
1178 hci_dev_put(hdev);
1179 return err;
1180}
1181
650f726d 1182static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1183{
650f726d 1184 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1185 struct hci_dev *hdev;
1186 struct bt_uuid *uuid;
2aeb9a1a
JH		 1187 int err;
1188
4e51eae9 1189 BT_DBG("request for hci%u", index);
2aeb9a1a 1190
bdce7baf 1191 if (len != sizeof(*cp))
ca69b795
JH		 1192 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1193 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1194
4e51eae9 1195 hdev = hci_dev_get(index);
2aeb9a1a 1196 if (!hdev)
ca69b795
JH		 1197 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1198 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1199
09fd0de5 1200 hci_dev_lock(hdev);
2aeb9a1a
JH		 1201
1202 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1203 if (!uuid) {
1204 err = -ENOMEM;
1205 goto failed;
1206 }
1207
1208 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1209 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1210
1211 list_add(&uuid->list, &hdev->uuids);
1212
1aff6f09
JH		 1213 err = update_class(hdev);
1214 if (err < 0)
1215 goto failed;
1216
80a1e1db
JH		 1217 err = update_eir(hdev);
1218 if (err < 0)
1219 goto failed;
1220
aee9b218 1221 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1222
1223failed:
09fd0de5 1224 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1225 hci_dev_put(hdev);
1226
1227 return err;
1228}
1229
650f726d 1230static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1231{
650f726d 1232 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1233 struct list_head *p, *n;
2aeb9a1a
JH		 1234 struct hci_dev *hdev;
1235 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1236 int err, found;
1237
4e51eae9 1238 BT_DBG("request for hci%u", index);
2aeb9a1a 1239
bdce7baf 1240 if (len != sizeof(*cp))
ca69b795
JH		 1241 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1242 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1243
4e51eae9 1244 hdev = hci_dev_get(index);
2aeb9a1a 1245 if (!hdev)
ca69b795
JH		 1246 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1247 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1248
09fd0de5 1249 hci_dev_lock(hdev);
2aeb9a1a
JH		 1250
1251 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1252 err = hci_uuids_clear(hdev);
1253 goto unlock;
1254 }
1255
1256 found = 0;
1257
1258 list_for_each_safe(p, n, &hdev->uuids) {
1259 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1260
1261 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1262 continue;
1263
1264 list_del(&match->list);
1265 found++;
1266 }
1267
1268 if (found == 0) {
ca69b795
JH		 1269 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1270 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1271 goto unlock;
1272 }
1273
1aff6f09
JH		 1274 err = update_class(hdev);
1275 if (err < 0)
1276 goto unlock;
1277
80a1e1db
JH		 1278 err = update_eir(hdev);
1279 if (err < 0)
1280 goto unlock;
1281
aee9b218 1282 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1283
1284unlock:
09fd0de5 1285 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1286 hci_dev_put(hdev);
1287
1288 return err;
1289}
1290
650f726d 1291static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1292{
1293 struct hci_dev *hdev;
650f726d 1294 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1295 int err;
1296
4e51eae9 1297 BT_DBG("request for hci%u", index);
1aff6f09 1298
bdce7baf 1299 if (len != sizeof(*cp))
ca69b795
JH		 1300 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1301 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1302
4e51eae9 1303 hdev = hci_dev_get(index);
1aff6f09 1304 if (!hdev)
ca69b795
JH		 1305 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1306 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1307
09fd0de5 1308 hci_dev_lock(hdev);
1aff6f09 1309
b5235a65
JH		 1310 if (!hdev_is_powered(hdev)) {
1311 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1312 MGMT_STATUS_NOT_POWERED);
1313 goto unlock;
1314 }
1315
1aff6f09
JH		 1316 hdev->major_class = cp->major;
1317 hdev->minor_class = cp->minor;
1318
a8b2d5c2 1319 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1320 hci_dev_unlock(hdev);
1321 cancel_delayed_work_sync(&hdev->service_cache);
1322 hci_dev_lock(hdev);
14c0b608 1323 update_eir(hdev);
7d78525d 1324 }
14c0b608 1325
1aff6f09
JH		 1326 err = update_class(hdev);
1327
1328 if (err == 0)
aee9b218
JH		 1329 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1330 NULL, 0);
1aff6f09 1331
b5235a65 1332unlock:
09fd0de5 1333 hci_dev_unlock(hdev);
1aff6f09
JH		 1334 hci_dev_put(hdev);
1335
1336 return err;
1337}
1338
650f726d 1339static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1340{
1341 struct hci_dev *hdev;
650f726d 1342 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1343 u16 key_count, expected_len;
a492cd52 1344 int i;
55ed8ca1 1345
bdce7baf 1346 if (len < sizeof(*cp))
ca69b795
JH		 1347 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1348 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1349
55ed8ca1
JH		 1350 key_count = get_unaligned_le16(&cp->key_count);
1351
86742e1e
JH		 1352 expected_len = sizeof(*cp) + key_count *
1353 sizeof(struct mgmt_link_key_info);
a492cd52 1354 if (expected_len != len) {
86742e1e 1355 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1356 len, expected_len);
ca69b795
JH		 1357 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1358 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1359 }
1360
4e51eae9 1361 hdev = hci_dev_get(index);
55ed8ca1 1362 if (!hdev)
ca69b795
JH		 1363 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1364 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1365
4e51eae9 1366 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1367 key_count);
1368
09fd0de5 1369 hci_dev_lock(hdev);
55ed8ca1
JH		 1370
1371 hci_link_keys_clear(hdev);
1372
a8b2d5c2 1373 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1374
1375 if (cp->debug_keys)
a8b2d5c2 1376 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1377 else
a8b2d5c2 1378 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1379
a492cd52 1380 for (i = 0; i < key_count; i++) {
86742e1e 1381 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1382
d753fdc4
JH		 1383 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1384 key->type, key->pin_len);
55ed8ca1
JH		 1385 }
1386
aee9b218 1387 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1388
09fd0de5 1389 hci_dev_unlock(hdev);
55ed8ca1
JH		 1390 hci_dev_put(hdev);
1391
a492cd52 1392 return 0;
55ed8ca1
JH		 1393}
1394
b1078ad0
JH		 1395static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1396 u8 addr_type, struct sock *skip_sk)
1397{
1398 struct mgmt_ev_device_unpaired ev;
1399
1400 bacpy(&ev.addr.bdaddr, bdaddr);
1401 ev.addr.type = addr_type;
1402
1403 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1404 skip_sk);
1405}
1406
124f6e35 1407static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1408{
1409 struct hci_dev *hdev;
124f6e35
JH		 1410 struct mgmt_cp_unpair_device *cp = data;
1411 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1412 struct hci_cp_disconnect dc;
1413 struct pending_cmd *cmd;
55ed8ca1 1414 struct hci_conn *conn;
aee9b218 1415 u8 status = 0;
55ed8ca1
JH		 1416 int err;
1417
bdce7baf 1418 if (len != sizeof(*cp))
124f6e35 1419 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1420 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1421
4e51eae9 1422 hdev = hci_dev_get(index);
55ed8ca1 1423 if (!hdev)
124f6e35 1424 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1425 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1426
09fd0de5 1427 hci_dev_lock(hdev);
55ed8ca1 1428
a8a1d19e 1429 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1430 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1431 rp.addr.type = cp->addr.type;
a8a1d19e 1432
124f6e35
JH		 1433 if (cp->addr.type == MGMT_ADDR_BREDR)
1434 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1435 else
1436 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1437
55ed8ca1 1438 if (err < 0) {
aee9b218 1439 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1440 goto unlock;
1441 }
1442
a8a1d19e 1443 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1444 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1445 &rp, sizeof(rp));
b1078ad0 1446 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1447 goto unlock;
a8a1d19e 1448 }
55ed8ca1 1449
124f6e35
JH		 1450 if (cp->addr.type == MGMT_ADDR_BREDR)
1451 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1452 &cp->addr.bdaddr);
1453 else
1454 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1455 &cp->addr.bdaddr);
1456
a8a1d19e 1457 if (!conn) {
aee9b218
JH		 1458 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1459 &rp, sizeof(rp));
b1078ad0 1460 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1461 goto unlock;
1462 }
55ed8ca1 1463
124f6e35
JH		 1464 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1465 sizeof(*cp));
a8a1d19e
JH		 1466 if (!cmd) {
1467 err = -ENOMEM;
1468 goto unlock;
55ed8ca1
JH		 1469 }
1470
a8a1d19e
JH		 1471 put_unaligned_le16(conn->handle, &dc.handle);
1472 dc.reason = 0x13; /* Remote User Terminated Connection */
1473 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1474 if (err < 0)
1475 mgmt_pending_remove(cmd);
1476
55ed8ca1 1477unlock:
ca69b795 1478 if (err < 0)
aee9b218
JH		 1479 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1480 &rp, sizeof(rp));
09fd0de5 1481 hci_dev_unlock(hdev);
55ed8ca1
JH		 1482 hci_dev_put(hdev);
1483
1484 return err;
1485}
1486
650f726d 1487static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1488{
1489 struct hci_dev *hdev;
650f726d 1490 struct mgmt_cp_disconnect *cp = data;
8962ee74 1491 struct hci_cp_disconnect dc;
366a0336 1492 struct pending_cmd *cmd;
8962ee74 1493 struct hci_conn *conn;
8962ee74
JH		 1494 int err;
1495
1496 BT_DBG("");
1497
bdce7baf 1498 if (len != sizeof(*cp))
ca69b795
JH		 1499 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1500 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1501
4e51eae9 1502 hdev = hci_dev_get(index);
8962ee74 1503 if (!hdev)
ca69b795
JH		 1504 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1505 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1506
09fd0de5 1507 hci_dev_lock(hdev);
8962ee74
JH		 1508
1509 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1510 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1511 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1512 goto failed;
1513 }
1514
2e58ef3e 1515 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1516 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1517 MGMT_STATUS_BUSY);
8962ee74
JH		 1518 goto failed;
1519 }
1520
88c3df13
JH		 1521 if (cp->addr.type == MGMT_ADDR_BREDR)
1522 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1523 else
1524 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1525
8962ee74 1526 if (!conn) {
ca69b795
JH		 1527 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1528 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1529 goto failed;
1530 }
1531
2e58ef3e 1532 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1533 if (!cmd) {
1534 err = -ENOMEM;
8962ee74 1535 goto failed;
366a0336 1536 }
8962ee74
JH		 1537
1538 put_unaligned_le16(conn->handle, &dc.handle);
1539 dc.reason = 0x13; /* Remote User Terminated Connection */
1540
1541 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1542 if (err < 0)
a664b5bc 1543 mgmt_pending_remove(cmd);
8962ee74
JH		 1544
1545failed:
09fd0de5 1546 hci_dev_unlock(hdev);
8962ee74
JH		 1547 hci_dev_put(hdev);
1548
1549 return err;
1550}
1551
48264f06 1552static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1553{
1554 switch (link_type) {
1555 case LE_LINK:
48264f06
JH		 1556 switch (addr_type) {
1557 case ADDR_LE_DEV_PUBLIC:
1558 return MGMT_ADDR_LE_PUBLIC;
1559 case ADDR_LE_DEV_RANDOM:
1560 return MGMT_ADDR_LE_RANDOM;
1561 default:
1562 return MGMT_ADDR_INVALID;
1563 }
4c659c39
JH		 1564 case ACL_LINK:
1565 return MGMT_ADDR_BREDR;
1566 default:
1567 return MGMT_ADDR_INVALID;
1568 }
1569}
1570
8ce6284e 1571static int get_connections(struct sock *sk, u16 index)
2784eb41 1572{
2784eb41
JH		 1573 struct mgmt_rp_get_connections *rp;
1574 struct hci_dev *hdev;
8035ded4 1575 struct hci_conn *c;
a38528f1 1576 size_t rp_len;
4e51eae9 1577 u16 count;
2784eb41
JH		 1578 int i, err;
1579
1580 BT_DBG("");
1581
4e51eae9 1582 hdev = hci_dev_get(index);
2784eb41 1583 if (!hdev)
ca69b795
JH		 1584 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1585 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1586
09fd0de5 1587 hci_dev_lock(hdev);
2784eb41
JH		 1588
1589 count = 0;
b644ba33
JH		 1590 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1591 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1592 count++;
2784eb41
JH		 1593 }
1594
4c659c39 1595 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1596 rp = kmalloc(rp_len, GFP_ATOMIC);
1597 if (!rp) {
2784eb41
JH		 1598 err = -ENOMEM;
1599 goto unlock;
1600 }
1601
2784eb41
JH		 1602 put_unaligned_le16(count, &rp->conn_count);
1603
2784eb41 1604 i = 0;
4c659c39 1605 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1606 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1607 continue;
4c659c39 1608 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1609 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1610 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1611 continue;
1612 i++;
1613 }
1614
1615 /* Recalculate length in case of filtered SCO connections, etc */
1616 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1617
aee9b218 1618 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1619
1620unlock:
a38528f1 1621 kfree(rp);
09fd0de5 1622 hci_dev_unlock(hdev);
2784eb41
JH		 1623 hci_dev_put(hdev);
1624 return err;
1625}
1626
96d97a67
WR		 1627static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1628 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1629{
1630 struct pending_cmd *cmd;
1631 int err;
1632
2e58ef3e 1633 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1634 sizeof(*cp));
1635 if (!cmd)
1636 return -ENOMEM;
1637
d8457698
JH		 1638 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1639 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1640 if (err < 0)
1641 mgmt_pending_remove(cmd);
1642
1643 return err;
1644}
1645
650f726d 1646static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1647{
1648 struct hci_dev *hdev;
96d97a67 1649 struct hci_conn *conn;
650f726d 1650 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1651 struct hci_cp_pin_code_reply reply;
366a0336 1652 struct pending_cmd *cmd;
980e1a53
JH		 1653 int err;
1654
1655 BT_DBG("");
1656
bdce7baf 1657 if (len != sizeof(*cp))
ca69b795
JH		 1658 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1659 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1660
4e51eae9 1661 hdev = hci_dev_get(index);
980e1a53 1662 if (!hdev)
ca69b795
JH		 1663 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1664 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1665
09fd0de5 1666 hci_dev_lock(hdev);
980e1a53 1667
4b34ee78 1668 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1669 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1670 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1671 goto failed;
1672 }
1673
d8457698 1674 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1675 if (!conn) {
ca69b795
JH		 1676 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1677 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1678 goto failed;
1679 }
1680
1681 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1682 struct mgmt_cp_pin_code_neg_reply ncp;
1683
1684 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1685
1686 BT_ERR("PIN code is not 16 bytes long");
1687
1688 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1689 if (err >= 0)
1690 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1691 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1692
1693 goto failed;
1694 }
1695
650f726d
VCG		 1696 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1697 len);
366a0336
JH		 1698 if (!cmd) {
1699 err = -ENOMEM;
980e1a53 1700 goto failed;
366a0336 1701 }
980e1a53 1702
d8457698 1703 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1704 reply.pin_len = cp->pin_len;
24718ca5 1705 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1706
1707 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1708 if (err < 0)
a664b5bc 1709 mgmt_pending_remove(cmd);
980e1a53
JH		 1710
1711failed:
09fd0de5 1712 hci_dev_unlock(hdev);
980e1a53
JH		 1713 hci_dev_put(hdev);
1714
1715 return err;
1716}
1717
650f726d 1718static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1719{
1720 struct hci_dev *hdev;
650f726d 1721 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1722 int err;
1723
1724 BT_DBG("");
1725
bdce7baf
SJ		 1726 if (len != sizeof(*cp))
1727 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1728 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1729
4e51eae9 1730 hdev = hci_dev_get(index);
980e1a53 1731 if (!hdev)
4e51eae9 1732 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1733 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1734
09fd0de5 1735 hci_dev_lock(hdev);
980e1a53 1736
4b34ee78 1737 if (!hdev_is_powered(hdev)) {
4e51eae9 1738 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1739 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1740 goto failed;
1741 }
1742
96d97a67 1743 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1744
1745failed:
09fd0de5 1746 hci_dev_unlock(hdev);
980e1a53
JH		 1747 hci_dev_put(hdev);
1748
1749 return err;
1750}
1751
650f726d 1752static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1753{
1754 struct hci_dev *hdev;
650f726d 1755 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1756
1757 BT_DBG("");
1758
bdce7baf 1759 if (len != sizeof(*cp))
ca69b795
JH		 1760 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1761 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1762
4e51eae9 1763 hdev = hci_dev_get(index);
17fa4b9d 1764 if (!hdev)
ca69b795
JH		 1765 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1766 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1767
09fd0de5 1768 hci_dev_lock(hdev);
17fa4b9d
JH		 1769
1770 hdev->io_capability = cp->io_capability;
1771
1772 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1773 hdev->io_capability);
17fa4b9d 1774
09fd0de5 1775 hci_dev_unlock(hdev);
17fa4b9d
JH		 1776 hci_dev_put(hdev);
1777
aee9b218 1778 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1779}
1780
e9a416b5
JH		 1781static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1782{
1783 struct hci_dev *hdev = conn->hdev;
8035ded4 1784 struct pending_cmd *cmd;
e9a416b5 1785
2e58ef3e 1786 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1787 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1788 continue;
1789
e9a416b5
JH		 1790 if (cmd->user_data != conn)
1791 continue;
1792
1793 return cmd;
1794 }
1795
1796 return NULL;
1797}
1798
1799static void pairing_complete(struct pending_cmd *cmd, u8 status)
1800{
1801 struct mgmt_rp_pair_device rp;
1802 struct hci_conn *conn = cmd->user_data;
1803
ba4e564f
JH		 1804 bacpy(&rp.addr.bdaddr, &conn->dst);
1805 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1806
aee9b218
JH		 1807 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1808 &rp, sizeof(rp));
e9a416b5
JH		 1809
1810 /* So we don't get further callbacks for this connection */
1811 conn->connect_cfm_cb = NULL;
1812 conn->security_cfm_cb = NULL;
1813 conn->disconn_cfm_cb = NULL;
1814
1815 hci_conn_put(conn);
1816
a664b5bc 1817 mgmt_pending_remove(cmd);
e9a416b5
JH		 1818}
1819
1820static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1821{
1822 struct pending_cmd *cmd;
1823
1824 BT_DBG("status %u", status);
1825
1826 cmd = find_pairing(conn);
56e5cb86 1827 if (!cmd)
e9a416b5 1828 BT_DBG("Unable to find a pending command");
56e5cb86 1829 else
e211326c 1830 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1831}
1832
650f726d 1833static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1834{
1835 struct hci_dev *hdev;
650f726d 1836 struct mgmt_cp_pair_device *cp = data;
1425acb7 1837 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1838 struct pending_cmd *cmd;
1839 u8 sec_level, auth_type;
1840 struct hci_conn *conn;
e9a416b5
JH		 1841 int err;
1842
1843 BT_DBG("");
1844
bdce7baf 1845 if (len != sizeof(*cp))
ca69b795
JH		 1846 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1847 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1848
4e51eae9 1849 hdev = hci_dev_get(index);
e9a416b5 1850 if (!hdev)
ca69b795
JH		 1851 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1852 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1853
09fd0de5 1854 hci_dev_lock(hdev);
e9a416b5 1855
c908df36
VCG		 1856 sec_level = BT_SECURITY_MEDIUM;
1857 if (cp->io_cap == 0x03)
e9a416b5 1858 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1859 else
e9a416b5 1860 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1861
ba4e564f
JH		 1862 if (cp->addr.type == MGMT_ADDR_BREDR)
1863 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1864 auth_type);
1865 else
ba4e564f 1866 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1867 auth_type);
1868
1425acb7
JH		 1869 memset(&rp, 0, sizeof(rp));
1870 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1871 rp.addr.type = cp->addr.type;
1872
30e76272 1873 if (IS_ERR(conn)) {
e211326c
JH		 1874 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1875 MGMT_STATUS_CONNECT_FAILED,
1876 &rp, sizeof(rp));
e9a416b5
JH		 1877 goto unlock;
1878 }
1879
1880 if (conn->connect_cfm_cb) {
1881 hci_conn_put(conn);
e211326c
JH		 1882 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1883 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1884 goto unlock;
1885 }
1886
2e58ef3e 1887 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1888 if (!cmd) {
1889 err = -ENOMEM;
1890 hci_conn_put(conn);
1891 goto unlock;
1892 }
1893
7a512d01 1894 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1895 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1896 conn->connect_cfm_cb = pairing_complete_cb;
1897
e9a416b5
JH		 1898 conn->security_cfm_cb = pairing_complete_cb;
1899 conn->disconn_cfm_cb = pairing_complete_cb;
1900 conn->io_capability = cp->io_cap;
1901 cmd->user_data = conn;
1902
1903 if (conn->state == BT_CONNECTED &&
1904 hci_conn_security(conn, sec_level, auth_type))
1905 pairing_complete(cmd, 0);
1906
1907 err = 0;
1908
1909unlock:
09fd0de5 1910 hci_dev_unlock(hdev);
e9a416b5
JH		 1911 hci_dev_put(hdev);
1912
1913 return err;
1914}
1915
28424707
JH		 1916static int cancel_pair_device(struct sock *sk, u16 index,
1917 unsigned char *data, u16 len)
1918{
1919 struct mgmt_addr_info *addr = (void *) data;
1920 struct hci_dev *hdev;
1921 struct pending_cmd *cmd;
1922 struct hci_conn *conn;
1923 int err;
1924
1925 BT_DBG("");
1926
1927 if (len != sizeof(*addr))
1928 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1929 MGMT_STATUS_INVALID_PARAMS);
1930
1931 hdev = hci_dev_get(index);
1932 if (!hdev)
1933 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1934 MGMT_STATUS_INVALID_PARAMS);
1935
1936 hci_dev_lock(hdev);
1937
1938 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1939 if (!cmd) {
1940 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1941 MGMT_STATUS_INVALID_PARAMS);
1942 goto unlock;
1943 }
1944
1945 conn = cmd->user_data;
1946
1947 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1948 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1949 MGMT_STATUS_INVALID_PARAMS);
1950 goto unlock;
1951 }
1952
1953 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1954
aee9b218 1955 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 1956 sizeof(*addr));
1957unlock:
1958 hci_dev_unlock(hdev);
1959 hci_dev_put(hdev);
1960
1961 return err;
1962}
1963
0df4c185 1964static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1965 u8 type, u16 mgmt_op, u16 hci_op,
1966 __le32 passkey)
a5c29683 1967{
a5c29683
JH		 1968 struct pending_cmd *cmd;
1969 struct hci_dev *hdev;
0df4c185 1970 struct hci_conn *conn;
a5c29683
JH		 1971 int err;
1972
4e51eae9 1973 hdev = hci_dev_get(index);
a5c29683 1974 if (!hdev)
ca69b795
JH		 1975 return cmd_status(sk, index, mgmt_op,
1976 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1977
09fd0de5 1978 hci_dev_lock(hdev);
08ba5382 1979
4b34ee78 1980 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 1981 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1982 goto done;
a5c29683
JH		 1983 }
1984
272d90df
JH		 1985 if (type == MGMT_ADDR_BREDR)
1986 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1987 else
47c15e2b 1988 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 1989
1990 if (!conn) {
1991 err = cmd_status(sk, index, mgmt_op,
47c15e2b 1992 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 1993 goto done;
1994 }
47c15e2b 1995
272d90df 1996 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 1997 /* Continue with pairing via SMP */
5fe57d9e
BG		 1998 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1999
2000 if (!err)
2001 err = cmd_status(sk, index, mgmt_op,
2002 MGMT_STATUS_SUCCESS);
2003 else
2004 err = cmd_status(sk, index, mgmt_op,
2005 MGMT_STATUS_FAILED);
47c15e2b 2006
47c15e2b
BG		 2007 goto done;
2008 }
2009
0df4c185 2010 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2011 if (!cmd) {
2012 err = -ENOMEM;
0df4c185 2013 goto done;
a5c29683
JH		 2014 }
2015
0df4c185 2016 /* Continue with pairing via HCI */
604086b7
BG		 2017 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2018 struct hci_cp_user_passkey_reply cp;
2019
2020 bacpy(&cp.bdaddr, bdaddr);
2021 cp.passkey = passkey;
2022 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2023 } else
2024 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2025
a664b5bc
JH		 2026 if (err < 0)
2027 mgmt_pending_remove(cmd);
a5c29683 2028
0df4c185 2029done:
09fd0de5 2030 hci_dev_unlock(hdev);
a5c29683
JH		 2031 hci_dev_put(hdev);
2032
2033 return err;
2034}
2035
0df4c185
BG		 2036static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2037{
650f726d 2038 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2039
2040 BT_DBG("");
2041
2042 if (len != sizeof(*cp))
2043 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2044 MGMT_STATUS_INVALID_PARAMS);
2045
272d90df
JH		 2046 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2047 MGMT_OP_USER_CONFIRM_REPLY,
2048 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2049}
2050
2051static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2052 u16 len)
2053{
c9c2659f 2054 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2055
2056 BT_DBG("");
2057
2058 if (len != sizeof(*cp))
2059 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2060 MGMT_STATUS_INVALID_PARAMS);
2061
272d90df
JH		 2062 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2063 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2064 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2065}
2066
604086b7
BG		 2067static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2068{
650f726d 2069 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2070
2071 BT_DBG("");
2072
2073 if (len != sizeof(*cp))
2074 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2075 EINVAL);
2076
272d90df
JH		 2077 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2078 MGMT_OP_USER_PASSKEY_REPLY,
2079 HCI_OP_USER_PASSKEY_REPLY,
2080 cp->passkey);
604086b7
BG		 2081}
2082
2083static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2084 u16 len)
2085{
650f726d 2086 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2087
2088 BT_DBG("");
2089
2090 if (len != sizeof(*cp))
2091 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2092 EINVAL);
2093
272d90df
JH		 2094 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2095 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2096 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2097}
2098
650f726d 2099static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2100 u16 len)
2101{
650f726d 2102 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2103 struct hci_cp_write_local_name hci_cp;
2104 struct hci_dev *hdev;
2105 struct pending_cmd *cmd;
2106 int err;
2107
2108 BT_DBG("");
2109
2110 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2111 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2112 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2113
2114 hdev = hci_dev_get(index);
2115 if (!hdev)
ca69b795
JH		 2116 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2117 MGMT_STATUS_INVALID_PARAMS);
b312b161 2118
09fd0de5 2119 hci_dev_lock(hdev);
b312b161 2120
b5235a65
JH		 2121 if (!hdev_is_powered(hdev)) {
2122 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2123 MGMT_STATUS_NOT_POWERED);
2124 goto failed;
2125 }
2126
650f726d
VCG		 2127 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2128 len);
b312b161
JH		 2129 if (!cmd) {
2130 err = -ENOMEM;
2131 goto failed;
2132 }
2133
2134 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2135 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2136 &hci_cp);
2137 if (err < 0)
2138 mgmt_pending_remove(cmd);
2139
2140failed:
09fd0de5 2141 hci_dev_unlock(hdev);
b312b161
JH		 2142 hci_dev_put(hdev);
2143
2144 return err;
2145}
2146
c35938b2
SJ		 2147static int read_local_oob_data(struct sock *sk, u16 index)
2148{
2149 struct hci_dev *hdev;
2150 struct pending_cmd *cmd;
2151 int err;
2152
2153 BT_DBG("hci%u", index);
2154
2155 hdev = hci_dev_get(index);
2156 if (!hdev)
2157 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2158 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2159
09fd0de5 2160 hci_dev_lock(hdev);
c35938b2 2161
4b34ee78 2162 if (!hdev_is_powered(hdev)) {
c35938b2 2163 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2164 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2165 goto unlock;
2166 }
2167
2168 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2169 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2170 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2171 goto unlock;
2172 }
2173
2e58ef3e 2174 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2175 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2176 MGMT_STATUS_BUSY);
c35938b2
SJ		 2177 goto unlock;
2178 }
2179
2e58ef3e 2180 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2181 if (!cmd) {
2182 err = -ENOMEM;
2183 goto unlock;
2184 }
2185
2186 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2187 if (err < 0)
2188 mgmt_pending_remove(cmd);
2189
2190unlock:
09fd0de5 2191 hci_dev_unlock(hdev);
c35938b2
SJ		 2192 hci_dev_put(hdev);
2193
2194 return err;
2195}
2196
650f726d
VCG		 2197static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2198 u16 len)
2763eda6
SJ		 2199{
2200 struct hci_dev *hdev;
650f726d 2201 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2202 u8 status;
2763eda6
SJ		 2203 int err;
2204
2205 BT_DBG("hci%u ", index);
2206
2207 if (len != sizeof(*cp))
2208 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2209 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2210
2211 hdev = hci_dev_get(index);
2212 if (!hdev)
bf1e3541
JH		 2213 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2214 MGMT_STATUS_INVALID_PARAMS,
2215 &cp->addr, sizeof(cp->addr));
2763eda6 2216
09fd0de5 2217 hci_dev_lock(hdev);
2763eda6 2218
664ce4cc 2219 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2220 cp->randomizer);
2221 if (err < 0)
bf1e3541 2222 status = MGMT_STATUS_FAILED;
2763eda6 2223 else
bf1e3541
JH		 2224 status = 0;
2225
2226 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2227 &cp->addr, sizeof(cp->addr));
2763eda6 2228
09fd0de5 2229 hci_dev_unlock(hdev);
2763eda6
SJ		 2230 hci_dev_put(hdev);
2231
2232 return err;
2233}
2234
2235static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2236 void *data, u16 len)
2763eda6
SJ		 2237{
2238 struct hci_dev *hdev;
650f726d 2239 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2240 u8 status;
2763eda6
SJ		 2241 int err;
2242
2243 BT_DBG("hci%u ", index);
2244
2245 if (len != sizeof(*cp))
2246 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2247 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2248
2249 hdev = hci_dev_get(index);
2250 if (!hdev)
bf1e3541
JH		 2251 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2252 MGMT_STATUS_INVALID_PARAMS,
2253 &cp->addr, sizeof(cp->addr));
2763eda6 2254
09fd0de5 2255 hci_dev_lock(hdev);
2763eda6 2256
664ce4cc 2257 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2258 if (err < 0)
bf1e3541 2259 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2260 else
bf1e3541
JH		 2261 status = 0;
2262
2263 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2264 &cp->addr, sizeof(cp->addr));
2763eda6 2265
09fd0de5 2266 hci_dev_unlock(hdev);
2763eda6
SJ		 2267 hci_dev_put(hdev);
2268
2269 return err;
2270}
2271
5e0452c0
AG		 2272static int discovery(struct hci_dev *hdev)
2273{
2274 int err;
2275
2276 if (lmp_host_le_capable(hdev)) {
2277 if (lmp_bredr_capable(hdev)) {
2278 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2279 LE_SCAN_INT, LE_SCAN_WIN,
2280 LE_SCAN_TIMEOUT_BREDR_LE);
2281 } else {
2282 hdev->discovery.type = DISCOV_TYPE_LE;
2283 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2284 LE_SCAN_INT, LE_SCAN_WIN,
2285 LE_SCAN_TIMEOUT_LE_ONLY);
2286 }
2287 } else {
2288 hdev->discovery.type = DISCOV_TYPE_BREDR;
2289 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2290 }
2291
2292 return err;
2293}
2294
2295int mgmt_interleaved_discovery(struct hci_dev *hdev)
2296{
2297 int err;
2298
2299 BT_DBG("%s", hdev->name);
2300
2301 hci_dev_lock(hdev);
2302
2303 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2304 if (err < 0)
2305 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2306
2307 hci_dev_unlock(hdev);
2308
2309 return err;
2310}
2311
450dfdaf 2312static int start_discovery(struct sock *sk, u16 index,
650f726d 2313 void *data, u16 len)
14a53664 2314{
650f726d 2315 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2316 struct pending_cmd *cmd;
2317 struct hci_dev *hdev;
2318 int err;
2319
2320 BT_DBG("hci%u", index);
2321
450dfdaf
JH		 2322 if (len != sizeof(*cp))
2323 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2324 MGMT_STATUS_INVALID_PARAMS);
2325
14a53664
JH		 2326 hdev = hci_dev_get(index);
2327 if (!hdev)
ca69b795
JH		 2328 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2329 MGMT_STATUS_INVALID_PARAMS);
14a53664 2330
09fd0de5 2331 hci_dev_lock(hdev);
14a53664 2332
4b34ee78 2333 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2334 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2335 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2336 goto failed;
2337 }
2338
ff9ef578
JH		 2339 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2340 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2341 MGMT_STATUS_BUSY);
2342 goto failed;
2343 }
2344
2e58ef3e 2345 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2346 if (!cmd) {
2347 err = -ENOMEM;
2348 goto failed;
2349 }
2350
4aab14e5
AG		 2351 hdev->discovery.type = cp->type;
2352
2353 switch (hdev->discovery.type) {
f39799f5 2354 case DISCOV_TYPE_BREDR:
3fd24153 2355 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2356 break;
2357
2358 case DISCOV_TYPE_LE:
3fd24153
AG		 2359 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2360 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2361 break;
2362
5e0452c0
AG		 2363 case DISCOV_TYPE_INTERLEAVED:
2364 err = discovery(hdev);
2365 break;
2366
f39799f5 2367 default:
3fd24153 2368 err = -EINVAL;
f39799f5 2369 }
3fd24153 2370
14a53664
JH		 2371 if (err < 0)
2372 mgmt_pending_remove(cmd);
ff9ef578
JH		 2373 else
2374 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2375
2376failed:
09fd0de5 2377 hci_dev_unlock(hdev);
14a53664
JH		 2378 hci_dev_put(hdev);
2379
2380 return err;
2381}
2382
d930650b 2383static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2384{
d930650b 2385 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2386 struct hci_dev *hdev;
2387 struct pending_cmd *cmd;
30dc78e1
JH		 2388 struct hci_cp_remote_name_req_cancel cp;
2389 struct inquiry_entry *e;
14a53664
JH		 2390 int err;
2391
2392 BT_DBG("hci%u", index);
2393
d930650b
JH		 2394 if (len != sizeof(*mgmt_cp))
2395 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2396 MGMT_STATUS_INVALID_PARAMS);
2397
14a53664
JH		 2398 hdev = hci_dev_get(index);
2399 if (!hdev)
ca69b795
JH		 2400 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2401 MGMT_STATUS_INVALID_PARAMS);
14a53664 2402
09fd0de5 2403 hci_dev_lock(hdev);
14a53664 2404
30dc78e1 2405 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2406 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2407 MGMT_STATUS_REJECTED,
2408 &mgmt_cp->type, sizeof(mgmt_cp->type));
2409 goto unlock;
2410 }
2411
2412 if (hdev->discovery.type != mgmt_cp->type) {
2413 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2414 MGMT_STATUS_INVALID_PARAMS,
2415 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2416 goto unlock;
ff9ef578
JH		 2417 }
2418
2e58ef3e 2419 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2420 if (!cmd) {
2421 err = -ENOMEM;
30dc78e1
JH		 2422 goto unlock;
2423 }
2424
343f935b 2425 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2426 err = hci_cancel_inquiry(hdev);
2427 if (err < 0)
2428 mgmt_pending_remove(cmd);
2429 else
2430 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2431 goto unlock;
2432 }
2433
2434 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2435 if (!e) {
2436 mgmt_pending_remove(cmd);
aee9b218 2437 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2438 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2439 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2440 goto unlock;
14a53664
JH		 2441 }
2442
30dc78e1
JH		 2443 bacpy(&cp.bdaddr, &e->data.bdaddr);
2444 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2445 sizeof(cp), &cp);
14a53664
JH		 2446 if (err < 0)
2447 mgmt_pending_remove(cmd);
ff9ef578
JH		 2448 else
2449 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2450
30dc78e1 2451unlock:
09fd0de5 2452 hci_dev_unlock(hdev);
14a53664
JH		 2453 hci_dev_put(hdev);
2454
2455 return err;
2456}
2457
650f726d 2458static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2459{
650f726d 2460 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2461 struct inquiry_entry *e;
2462 struct hci_dev *hdev;
2463 int err;
2464
2465 BT_DBG("hci%u", index);
2466
2467 if (len != sizeof(*cp))
2468 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2469 MGMT_STATUS_INVALID_PARAMS);
2470
2471 hdev = hci_dev_get(index);
2472 if (!hdev)
2473 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2474 MGMT_STATUS_INVALID_PARAMS);
2475
2476 hci_dev_lock(hdev);
2477
30dc78e1
JH		 2478 if (!hci_discovery_active(hdev)) {
2479 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2480 MGMT_STATUS_FAILED);
2481 goto failed;
2482 }
2483
a198e7b1 2484 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc
JH		 2485 if (!e) {
2486 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2487 MGMT_STATUS_INVALID_PARAMS);
2488 goto failed;
2489 }
2490
2491 if (cp->name_known) {
2492 e->name_state = NAME_KNOWN;
2493 list_del(&e->list);
2494 } else {
2495 e->name_state = NAME_NEEDED;
a3d4e20a 2496 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2497 }
2498
2499 err = 0;
2500
2501failed:
2502 hci_dev_unlock(hdev);
2503
2504 return err;
2505}
2506
650f726d 2507static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2508{
2509 struct hci_dev *hdev;
650f726d 2510 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2511 u8 status;
7fbec224
AJ		 2512 int err;
2513
2514 BT_DBG("hci%u", index);
2515
7fbec224
AJ		 2516 if (len != sizeof(*cp))
2517 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2518 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2519
2520 hdev = hci_dev_get(index);
2521 if (!hdev)
f0eeea8b
JH		 2522 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2523 MGMT_STATUS_INVALID_PARAMS,
2524 &cp->addr, sizeof(cp->addr));
7fbec224 2525
09fd0de5 2526 hci_dev_lock(hdev);
5e762444 2527
88c1fe4b 2528 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2529 if (err < 0)
f0eeea8b 2530 status = MGMT_STATUS_FAILED;
7fbec224 2531 else
f0eeea8b
JH		 2532 status = 0;
2533
2534 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2535 &cp->addr, sizeof(cp->addr));
5e762444 2536
09fd0de5 2537 hci_dev_unlock(hdev);
7fbec224
AJ		 2538 hci_dev_put(hdev);
2539
2540 return err;
2541}
2542
650f726d 2543static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2544{
2545 struct hci_dev *hdev;
650f726d 2546 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2547 u8 status;
7fbec224
AJ		 2548 int err;
2549
2550 BT_DBG("hci%u", index);
2551
7fbec224
AJ		 2552 if (len != sizeof(*cp))
2553 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2554 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2555
2556 hdev = hci_dev_get(index);
2557 if (!hdev)
f0eeea8b
JH		 2558 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2559 MGMT_STATUS_INVALID_PARAMS,
2560 &cp->addr, sizeof(cp->addr));
7fbec224 2561
09fd0de5 2562 hci_dev_lock(hdev);
5e762444 2563
88c1fe4b 2564 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2565 if (err < 0)
f0eeea8b 2566 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2567 else
f0eeea8b
JH		 2568 status = 0;
2569
2570 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2571 &cp->addr, sizeof(cp->addr));
5e762444 2572
09fd0de5 2573 hci_dev_unlock(hdev);
7fbec224
AJ		 2574 hci_dev_put(hdev);
2575
2576 return err;
2577}
2578
f6422ec6 2579static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2580 void *data, u16 len)
f6422ec6
AJ		 2581{
2582 struct hci_dev *hdev;
650f726d 2583 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2584 struct hci_cp_write_page_scan_activity acp;
2585 u8 type;
2586 int err;
2587
2588 BT_DBG("hci%u", index);
2589
2590 if (len != sizeof(*cp))
2591 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2592 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2593
2594 hdev = hci_dev_get(index);
2595 if (!hdev)
2596 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2597 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2598 if (!hdev_is_powered(hdev))
2599 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2600 MGMT_STATUS_NOT_POWERED);
2601
2602 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2603 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2604 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2605
2606 hci_dev_lock(hdev);
2607
f7c6869c 2608 if (cp->val) {
f6422ec6
AJ		 2609 type = PAGE_SCAN_TYPE_INTERLACED;
2610 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2611 } else {
2612 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2613 acp.interval = 0x0800; /* default 1.28 sec page scan */
2614 }
2615
2616 acp.window = 0x0012; /* default 11.25 msec page scan window */
2617
2618 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2619 sizeof(acp), &acp);
2620 if (err < 0) {
2621 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2622 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2623 goto done;
2624 }
2625
2626 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2627 if (err < 0) {
2628 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2629 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2630 goto done;
2631 }
2632
aee9b218
JH		 2633 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2634 NULL, 0);
f6422ec6
AJ		 2635done:
2636 hci_dev_unlock(hdev);
2637 hci_dev_put(hdev);
2638
2639 return err;
2640}
2641
346af67b
VCG		 2642static int load_long_term_keys(struct sock *sk, u16 index,
2643 void *cp_data, u16 len)
2644{
2645 struct hci_dev *hdev;
2646 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2647 u16 key_count, expected_len;
2648 int i;
2649
2650 if (len < sizeof(*cp))
2651 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2652 EINVAL);
2653
2654 key_count = get_unaligned_le16(&cp->key_count);
2655
2656 expected_len = sizeof(*cp) + key_count *
2657 sizeof(struct mgmt_ltk_info);
2658 if (expected_len != len) {
2659 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2660 len, expected_len);
2661 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2662 EINVAL);
2663 }
2664
2665 hdev = hci_dev_get(index);
2666 if (!hdev)
2667 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2668 ENODEV);
2669
2670 BT_DBG("hci%u key_count %u", index, key_count);
2671
2672 hci_dev_lock(hdev);
2673
2674 hci_smp_ltks_clear(hdev);
2675
2676 for (i = 0; i < key_count; i++) {
2677 struct mgmt_ltk_info *key = &cp->keys[i];
2678 u8 type;
2679
2680 if (key->master)
2681 type = HCI_SMP_LTK;
2682 else
2683 type = HCI_SMP_LTK_SLAVE;
2684
2685 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2686 type, 0, key->authenticated, key->val,
2687 key->enc_size, key->ediv, key->rand);
2688 }
2689
2690 hci_dev_unlock(hdev);
2691 hci_dev_put(hdev);
2692
2693 return 0;
2694}
2695
0381101f
JH		 2696int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2697{
650f726d
VCG		 2698 void *buf;
2699 u8 *cp;
0381101f 2700 struct mgmt_hdr *hdr;
4e51eae9 2701 u16 opcode, index, len;
0381101f
JH		 2702 int err;
2703
2704 BT_DBG("got %zu bytes", msglen);
2705
2706 if (msglen < sizeof(*hdr))
2707 return -EINVAL;
2708
e63a15ec 2709 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2710 if (!buf)
2711 return -ENOMEM;
2712
2713 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2714 err = -EFAULT;
2715 goto done;
2716 }
2717
650f726d 2718 hdr = buf;
0381101f 2719 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2720 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2721 len = get_unaligned_le16(&hdr->len);
2722
2723 if (len != msglen - sizeof(*hdr)) {
2724 err = -EINVAL;
2725 goto done;
2726 }
2727
650f726d
VCG		 2728 cp = buf + sizeof(*hdr);
2729
0381101f 2730 switch (opcode) {
02d98129
JH		 2731 case MGMT_OP_READ_VERSION:
2732 err = read_version(sk);
2733 break;
e70bb2e8
JH		 2734 case MGMT_OP_READ_COMMANDS:
2735 err = read_commands(sk);
2736 break;
faba42eb
JH		 2737 case MGMT_OP_READ_INDEX_LIST:
2738 err = read_index_list(sk);
2739 break;
f7b64e69 2740 case MGMT_OP_READ_INFO:
4e51eae9 2741 err = read_controller_info(sk, index);
f7b64e69 2742 break;
eec8d2bc 2743 case MGMT_OP_SET_POWERED:
650f726d 2744 err = set_powered(sk, index, cp, len);
eec8d2bc 2745 break;
73f22f62 2746 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2747 err = set_discoverable(sk, index, cp, len);
73f22f62 2748 break;
9fbcbb45 2749 case MGMT_OP_SET_CONNECTABLE:
650f726d 2750 err = set_connectable(sk, index, cp, len);
9fbcbb45 2751 break;
f7c6869c 2752 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2753 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2754 break;
c542a06c 2755 case MGMT_OP_SET_PAIRABLE:
650f726d 2756 err = set_pairable(sk, index, cp, len);
c542a06c 2757 break;
33ef95ed
JH		 2758 case MGMT_OP_SET_LINK_SECURITY:
2759 err = set_link_security(sk, index, cp, len);
2760 break;
ed2c4ee3
JH		 2761 case MGMT_OP_SET_SSP:
2762 err = set_ssp(sk, index, cp, len);
2763 break;
6d80dfd0
JH		 2764 case MGMT_OP_SET_HS:
2765 err = set_hs(sk, index, cp, len);
2766 break;
2aeb9a1a 2767 case MGMT_OP_ADD_UUID:
650f726d 2768 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2769 break;
2770 case MGMT_OP_REMOVE_UUID:
650f726d 2771 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2772 break;
1aff6f09 2773 case MGMT_OP_SET_DEV_CLASS:
650f726d 2774 err = set_dev_class(sk, index, cp, len);
1aff6f09 2775 break;
86742e1e 2776 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2777 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2778 break;
8962ee74 2779 case MGMT_OP_DISCONNECT:
650f726d 2780 err = disconnect(sk, index, cp, len);
8962ee74 2781 break;
2784eb41 2782 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2783 err = get_connections(sk, index);
2784eb41 2784 break;
980e1a53 2785 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2786 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2787 break;
2788 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2789 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2790 break;
17fa4b9d 2791 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2792 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2793 break;
e9a416b5 2794 case MGMT_OP_PAIR_DEVICE:
650f726d 2795 err = pair_device(sk, index, cp, len);
e9a416b5 2796 break;
28424707
JH		 2797 case MGMT_OP_CANCEL_PAIR_DEVICE:
2798 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2799 break;
124f6e35
JH		 2800 case MGMT_OP_UNPAIR_DEVICE:
2801 err = unpair_device(sk, index, cp, len);
2802 break;
a5c29683 2803 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2804 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2805 break;
2806 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2807 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2808 break;
604086b7 2809 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2810 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2811 break;
2812 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2813 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2814 break;
b312b161 2815 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2816 err = set_local_name(sk, index, cp, len);
b312b161 2817 break;
c35938b2
SJ		 2818 case MGMT_OP_READ_LOCAL_OOB_DATA:
2819 err = read_local_oob_data(sk, index);
2820 break;
2763eda6 2821 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2822 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2823 break;
2824 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2825 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2826 break;
14a53664 2827 case MGMT_OP_START_DISCOVERY:
650f726d 2828 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2829 break;
2830 case MGMT_OP_STOP_DISCOVERY:
d930650b 2831 err = stop_discovery(sk, index, cp, len);
14a53664 2832 break;
561aafbc 2833 case MGMT_OP_CONFIRM_NAME:
650f726d 2834 err = confirm_name(sk, index, cp, len);
561aafbc 2835 break;
7fbec224 2836 case MGMT_OP_BLOCK_DEVICE:
650f726d 2837 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2838 break;
2839 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2840 err = unblock_device(sk, index, cp, len);
7fbec224 2841 break;
346af67b
VCG		 2842 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2843 err = load_long_term_keys(sk, index, cp, len);
2844 break;
0381101f
JH		 2845 default:
2846 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2847 err = cmd_status(sk, index, opcode,
2848 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2849 break;
2850 }
2851
e41d8b4e
JH		 2852 if (err < 0)
2853 goto done;
2854
0381101f
JH		 2855 err = msglen;
2856
2857done:
2858 kfree(buf);
2859 return err;
2860}
c71e97bf 2861
b24752fe
JH		 2862static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2863{
2864 u8 *status = data;
2865
2866 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2867 mgmt_pending_remove(cmd);
2868}
2869
744cf19e 2870int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2871{
744cf19e 2872 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2873}
2874
744cf19e 2875int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2876{
b24752fe
JH		 2877 u8 status = ENODEV;
2878
744cf19e 2879 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2880
744cf19e 2881 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2882}
2883
73f22f62 2884struct cmd_lookup {
eec8d2bc 2885 struct sock *sk;
69ab39ea 2886 struct hci_dev *hdev;
eec8d2bc
JH		 2887};
2888
69ab39ea 2889static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2890{
73f22f62 2891 struct cmd_lookup *match = data;
eec8d2bc 2892
69ab39ea 2893 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2894
2895 list_del(&cmd->list);
2896
2897 if (match->sk == NULL) {
2898 match->sk = cmd->sk;
2899 sock_hold(match->sk);
2900 }
2901
2902 mgmt_pending_free(cmd);
c71e97bf 2903}
5add6af8 2904
744cf19e 2905int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2906{
76a7f3a4 2907 struct cmd_lookup match = { NULL, hdev };
69ab39ea 2908 __le32 ev;
7bb895d6 2909 int err;
5add6af8 2910
5e5282bb
JH		 2911 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2912 return 0;
2913
69ab39ea 2914 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2915
5e5282bb
JH		 2916 if (powered) {
2917 u8 scan = 0;
2918
2919 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2920 scan |= SCAN_PAGE;
2921 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2922 scan |= SCAN_INQUIRY;
2923
2924 if (scan)
2925 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2926 } else {
b24752fe 2927 u8 status = ENETDOWN;
744cf19e 2928 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2929 }
2930
69ab39ea 2931 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2932
7bb895d6 2933 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
69ab39ea 2934 match.sk);
eec8d2bc
JH		 2935
2936 if (match.sk)
2937 sock_put(match.sk);
2938
7bb895d6 2939 return err;
5add6af8 2940}
73f22f62 2941
744cf19e 2942int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2943{
76a7f3a4 2944 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2945 bool changed = false;
2946 int err = 0;
73f22f62 2947
69ab39ea 2948 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2949
5e5282bb
JH		 2950 if (discoverable) {
2951 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2952 changed = true;
2953 } else {
2954 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2955 changed = true;
2956 }
73f22f62 2957
5e5282bb
JH		 2958 if (changed) {
2959 __le32 ev = cpu_to_le32(get_current_settings(hdev));
2960 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2961 match.sk);
5e5282bb
JH		 2962 }
2963
73f22f62
JH		 2964 if (match.sk)
2965 sock_put(match.sk);
2966
7bb895d6 2967 return err;
73f22f62 2968}
9fbcbb45 2969
744cf19e 2970int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2971{
76a7f3a4 2972 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2973 bool changed = false;
2974 int err = 0;
9fbcbb45 2975
69ab39ea
JH		 2976 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2977 &match);
9fbcbb45 2978
5e5282bb
JH		 2979 if (connectable) {
2980 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2981 changed = true;
2982 } else {
2983 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2984 changed = true;
2985 }
9fbcbb45 2986
5e5282bb
JH		 2987 if (changed) {
2988 __le32 ev = cpu_to_le32(get_current_settings(hdev));
2989 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2990 match.sk);
2991 }
9fbcbb45
JH		 2992
2993 if (match.sk)
2994 sock_put(match.sk);
2995
7bb895d6 2996 return err;
9fbcbb45 2997}
55ed8ca1 2998
744cf19e 2999int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3000{
ca69b795
JH		 3001 u8 mgmt_err = mgmt_status(status);
3002
2d7cee58 3003 if (scan & SCAN_PAGE)
744cf19e 3004 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 3005 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3006
3007 if (scan & SCAN_INQUIRY)
744cf19e 3008 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 3009 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3010
3011 return 0;
3012}
3013
744cf19e
JH		 3014int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3015 u8 persistent)
55ed8ca1 3016{
86742e1e 3017 struct mgmt_ev_new_link_key ev;
55ed8ca1 3018
a492cd52 3019 memset(&ev, 0, sizeof(ev));
55ed8ca1 3020
a492cd52 3021 ev.store_hint = persistent;
d753fdc4
JH		 3022 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3023 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 3024 ev.key.type = key->type;
3025 memcpy(ev.key.val, key->val, 16);
3026 ev.key.pin_len = key->pin_len;
55ed8ca1 3027
744cf19e 3028 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3029}
f7520543 3030
346af67b
VCG		 3031int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3032{
3033 struct mgmt_ev_new_long_term_key ev;
3034
3035 memset(&ev, 0, sizeof(ev));
3036
3037 ev.store_hint = persistent;
3038 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3039 ev.key.addr.type = key->bdaddr_type;
3040 ev.key.authenticated = key->authenticated;
3041 ev.key.enc_size = key->enc_size;
3042 ev.key.ediv = key->ediv;
3043
3044 if (key->type == HCI_SMP_LTK)
3045 ev.key.master = 1;
3046
3047 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3048 memcpy(ev.key.val, key->val, sizeof(key->val));
3049
3050 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3051 &ev, sizeof(ev), NULL);
3052}
3053
afc747a6 3054int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 3055 u8 addr_type, u8 *name, u8 name_len,
3056 u8 *dev_class)
f7520543 3057{
b644ba33
JH		 3058 char buf[512];
3059 struct mgmt_ev_device_connected *ev = (void *) buf;
3060 u16 eir_len = 0;
f7520543 3061
b644ba33
JH		 3062 bacpy(&ev->addr.bdaddr, bdaddr);
3063 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3064
b644ba33
JH		 3065 if (name_len > 0)
3066 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3067 name, name_len);
3068
3069 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3070 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3071 EIR_CLASS_OF_DEV, dev_class, 3);
3072
3073 put_unaligned_le16(eir_len, &ev->eir_len);
3074
3075 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3076 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3077}
3078
8962ee74
JH		 3079static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3080{
c68fb7ff 3081 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3082 struct sock **sk = data;
a38528f1 3083 struct mgmt_rp_disconnect rp;
8962ee74 3084
88c3df13
JH		 3085 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3086 rp.addr.type = cp->addr.type;
8962ee74 3087
aee9b218
JH		 3088 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3089 sizeof(rp));
8962ee74
JH		 3090
3091 *sk = cmd->sk;
3092 sock_hold(*sk);
3093
a664b5bc 3094 mgmt_pending_remove(cmd);
8962ee74
JH		 3095}
3096
124f6e35 3097static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3098{
b1078ad0 3099 struct hci_dev *hdev = data;
124f6e35
JH		 3100 struct mgmt_cp_unpair_device *cp = cmd->param;
3101 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3102
3103 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3104 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3105 rp.addr.type = cp->addr.type;
a8a1d19e 3106
b1078ad0
JH		 3107 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3108
aee9b218 3109 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3110
3111 mgmt_pending_remove(cmd);
3112}
3113
afc747a6
JH		 3114int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3115 u8 link_type, u8 addr_type)
f7520543 3116{
4c659c39 3117 struct mgmt_addr_info ev;
8962ee74
JH		 3118 struct sock *sk = NULL;
3119 int err;
3120
744cf19e 3121 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3122
f7520543 3123 bacpy(&ev.bdaddr, bdaddr);
48264f06 3124 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3125
afc747a6
JH		 3126 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3127 sk);
8962ee74
JH		 3128
3129 if (sk)
3130 sock_put(sk);
3131
124f6e35 3132 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3133 hdev);
a8a1d19e 3134
8962ee74
JH		 3135 return err;
3136}
3137
88c3df13
JH		 3138int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3139 u8 link_type, u8 addr_type, u8 status)
8962ee74 3140{
88c3df13 3141 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3142 struct pending_cmd *cmd;
3143 int err;
3144
2e58ef3e 3145 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3146 if (!cmd)
3147 return -ENOENT;
3148
88c3df13
JH		 3149 bacpy(&rp.addr.bdaddr, bdaddr);
3150 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3151
88c3df13 3152 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3153 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3154
a664b5bc 3155 mgmt_pending_remove(cmd);
8962ee74 3156
b1078ad0
JH		 3157 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3158 hdev);
8962ee74 3159 return err;
f7520543 3160}
17d5c04c 3161
48264f06
JH		 3162int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3163 u8 addr_type, u8 status)
17d5c04c
JH		 3164{
3165 struct mgmt_ev_connect_failed ev;
3166
4c659c39 3167 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3168 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3169 ev.status = mgmt_status(status);
17d5c04c 3170
744cf19e 3171 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3172}
980e1a53 3173
744cf19e 3174int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3175{
3176 struct mgmt_ev_pin_code_request ev;
3177
d8457698
JH		 3178 bacpy(&ev.addr.bdaddr, bdaddr);
3179 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3180 ev.secure = secure;
980e1a53 3181
744cf19e 3182 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3183 NULL);
980e1a53
JH		 3184}
3185
744cf19e
JH		 3186int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3187 u8 status)
980e1a53
JH		 3188{
3189 struct pending_cmd *cmd;
ac56fb13 3190 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3191 int err;
3192
2e58ef3e 3193 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3194 if (!cmd)
3195 return -ENOENT;
3196
d8457698
JH		 3197 bacpy(&rp.addr.bdaddr, bdaddr);
3198 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3199
aee9b218
JH		 3200 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3201 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3202
a664b5bc 3203 mgmt_pending_remove(cmd);
980e1a53
JH		 3204
3205 return err;
3206}
3207
744cf19e
JH		 3208int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3209 u8 status)
980e1a53
JH		 3210{
3211 struct pending_cmd *cmd;
ac56fb13 3212 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3213 int err;
3214
2e58ef3e 3215 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3216 if (!cmd)
3217 return -ENOENT;
3218
d8457698
JH		 3219 bacpy(&rp.addr.bdaddr, bdaddr);
3220 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3221
aee9b218
JH		 3222 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3223 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3224
a664b5bc 3225 mgmt_pending_remove(cmd);
980e1a53
JH		 3226
3227 return err;
3228}
a5c29683 3229
744cf19e 3230int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3231 u8 link_type, u8 addr_type, __le32 value,
3232 u8 confirm_hint)
a5c29683
JH		 3233{
3234 struct mgmt_ev_user_confirm_request ev;
3235
744cf19e 3236 BT_DBG("%s", hdev->name);
a5c29683 3237
272d90df
JH		 3238 bacpy(&ev.addr.bdaddr, bdaddr);
3239 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3240 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3241 put_unaligned_le32(value, &ev.value);
3242
744cf19e 3243 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3244 NULL);
a5c29683
JH		 3245}
3246
272d90df
JH		 3247int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3248 u8 link_type, u8 addr_type)
604086b7
BG		 3249{
3250 struct mgmt_ev_user_passkey_request ev;
3251
3252 BT_DBG("%s", hdev->name);
3253
272d90df
JH		 3254 bacpy(&ev.addr.bdaddr, bdaddr);
3255 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3256
3257 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3258 NULL);
3259}
3260
0df4c185 3261static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3262 u8 link_type, u8 addr_type, u8 status,
3263 u8 opcode)
a5c29683
JH		 3264{
3265 struct pending_cmd *cmd;
3266 struct mgmt_rp_user_confirm_reply rp;
3267 int err;
3268
2e58ef3e 3269 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3270 if (!cmd)
3271 return -ENOENT;
3272
272d90df
JH		 3273 bacpy(&rp.addr.bdaddr, bdaddr);
3274 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3275 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3276 &rp, sizeof(rp));
a5c29683 3277
a664b5bc 3278 mgmt_pending_remove(cmd);
a5c29683
JH		 3279
3280 return err;
3281}
3282
744cf19e 3283int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3284 u8 link_type, u8 addr_type, u8 status)
a5c29683 3285{
272d90df
JH		 3286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3287 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3288}
3289
272d90df
JH		 3290int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3291 u8 link_type, u8 addr_type, u8 status)
a5c29683 3292{
272d90df
JH		 3293 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3294 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3295}
2a611692 3296
604086b7 3297int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3298 u8 link_type, u8 addr_type, u8 status)
604086b7 3299{
272d90df
JH		 3300 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3301 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3302}
3303
272d90df
JH		 3304int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3305 u8 link_type, u8 addr_type, u8 status)
604086b7 3306{
272d90df
JH		 3307 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3308 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3309}
3310
bab73cb6
JH		 3311int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3312 u8 addr_type, u8 status)
2a611692
JH		 3313{
3314 struct mgmt_ev_auth_failed ev;
3315
bab73cb6
JH		 3316 bacpy(&ev.addr.bdaddr, bdaddr);
3317 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3318 ev.status = mgmt_status(status);
2a611692 3319
744cf19e 3320 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3321}
b312b161 3322
33ef95ed
JH		 3323int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3324{
3325 struct cmd_lookup match = { NULL, hdev };
3326 __le32 ev;
3327 int err;
3328
3329 if (status) {
3330 u8 mgmt_err = mgmt_status(status);
3331 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3332 cmd_status_rsp, &mgmt_err);
3333 return 0;
3334 }
3335
3336 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3337 &match);
3338
3339 ev = cpu_to_le32(get_current_settings(hdev));
3340 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3341
3342 if (match.sk)
3343 sock_put(match.sk);
3344
3345 return err;
3346}
3347
cacaf52f
JH		 3348static int clear_eir(struct hci_dev *hdev)
3349{
3350 struct hci_cp_write_eir cp;
3351
3352 if (!(hdev->features[6] & LMP_EXT_INQ))
3353 return 0;
3354
3355 memset(&cp, 0, sizeof(cp));
3356
3357 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3358}
3359
ed2c4ee3
JH		 3360int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3361{
3362 struct cmd_lookup match = { NULL, hdev };
3363 __le32 ev;
3364 int err;
3365
3366 if (status) {
3367 u8 mgmt_err = mgmt_status(status);
3368 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3369 cmd_status_rsp, &mgmt_err);
3370 return 0;
3371 }
3372
3373 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3374
3375 ev = cpu_to_le32(get_current_settings(hdev));
3376 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3377
cacaf52f 3378 if (match.sk) {
ed2c4ee3
JH		 3379 sock_put(match.sk);
3380
cacaf52f
JH		 3381 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3382 update_eir(hdev);
3383 else
3384 clear_eir(hdev);
3385 }
3386
ed2c4ee3
JH		 3387 return err;
3388}
3389
744cf19e 3390int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3391{
3392 struct pending_cmd *cmd;
3393 struct mgmt_cp_set_local_name ev;
3394 int err;
3395
3396 memset(&ev, 0, sizeof(ev));
3397 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3398
2e58ef3e 3399 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3400 if (!cmd)
3401 goto send_event;
3402
3403 if (status) {
744cf19e 3404 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3405 mgmt_status(status));
b312b161
JH		 3406 goto failed;
3407 }
3408
744cf19e 3409 update_eir(hdev);
80a1e1db 3410
aee9b218 3411 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3412 sizeof(ev));
3413 if (err < 0)
3414 goto failed;
3415
3416send_event:
744cf19e 3417 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3418 cmd ? cmd->sk : NULL);
3419
3420failed:
3421 if (cmd)
3422 mgmt_pending_remove(cmd);
3423 return err;
3424}
c35938b2 3425
744cf19e
JH		 3426int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3427 u8 *randomizer, u8 status)
c35938b2
SJ		 3428{
3429 struct pending_cmd *cmd;
3430 int err;
3431
744cf19e 3432 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3433
2e58ef3e 3434 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3435 if (!cmd)
3436 return -ENOENT;
3437
3438 if (status) {
744cf19e 3439 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3440 MGMT_OP_READ_LOCAL_OOB_DATA,
3441 mgmt_status(status));
c35938b2
SJ		 3442 } else {
3443 struct mgmt_rp_read_local_oob_data rp;
3444
3445 memcpy(rp.hash, hash, sizeof(rp.hash));
3446 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3447
744cf19e
JH		 3448 err = cmd_complete(cmd->sk, hdev->id,
3449 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3450 0, &rp, sizeof(rp));
c35938b2
SJ		 3451 }
3452
3453 mgmt_pending_remove(cmd);
3454
3455 return err;
3456}
e17acd40 3457
48264f06 3458int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3459 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3460 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3461{
e319d2e7
JH		 3462 char buf[512];
3463 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3464 size_t ev_size;
e17acd40 3465
1dc06093
JH		 3466 /* Leave 5 bytes for a potential CoD field */
3467 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3468 return -EINVAL;
3469
1dc06093
JH		 3470 memset(buf, 0, sizeof(buf));
3471
e319d2e7
JH		 3472 bacpy(&ev->addr.bdaddr, bdaddr);
3473 ev->addr.type = link_to_mgmt(link_type, addr_type);
3474 ev->rssi = rssi;
3475 ev->confirm_name = cfm_name;
e17acd40 3476
1dc06093 3477 if (eir_len > 0)
e319d2e7 3478 memcpy(ev->eir, eir, eir_len);
e17acd40 3479
1dc06093
JH		 3480 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3481 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3482 dev_class, 3);
3483
3484 put_unaligned_le16(eir_len, &ev->eir_len);
3485
3486 ev_size = sizeof(*ev) + eir_len;
f8523598 3487
e319d2e7 3488 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3489}
a88a9652 3490
b644ba33
JH		 3491int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3492 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3493{
b644ba33
JH		 3494 struct mgmt_ev_device_found *ev;
3495 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3496 u16 eir_len;
a88a9652 3497
b644ba33 3498 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3499
b644ba33
JH		 3500 memset(buf, 0, sizeof(buf));
3501
3502 bacpy(&ev->addr.bdaddr, bdaddr);
3503 ev->addr.type = link_to_mgmt(link_type, addr_type);
3504 ev->rssi = rssi;
3505
3506 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3507 name_len);
3508
3509 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3510
053c7e0c
JH		 3511 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3512 sizeof(*ev) + eir_len, NULL);
a88a9652 3513}
314b2381 3514
7a135109 3515int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3516{
3517 struct pending_cmd *cmd;
f808e166 3518 u8 type;
164a6e78
JH		 3519 int err;
3520
203159d4
AG		 3521 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3522
2e58ef3e 3523 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3524 if (!cmd)
3525 return -ENOENT;
3526
f808e166
JH		 3527 type = hdev->discovery.type;
3528
3529 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3530 &type, sizeof(type));
164a6e78
JH		 3531 mgmt_pending_remove(cmd);
3532
3533 return err;
3534}
3535
e6d465cb
AG		 3536int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3537{
3538 struct pending_cmd *cmd;
3539 int err;
3540
3541 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3542 if (!cmd)
3543 return -ENOENT;
3544
d930650b
JH		 3545 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3546 &hdev->discovery.type,
3547 sizeof(hdev->discovery.type));
164a6e78
JH		 3548 mgmt_pending_remove(cmd);
3549
3550 return err;
3551}
3552
744cf19e 3553int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3554{
f963e8e9 3555 struct mgmt_ev_discovering ev;
164a6e78
JH		 3556 struct pending_cmd *cmd;
3557
343fb145
AG		 3558 BT_DBG("%s discovering %u", hdev->name, discovering);
3559
164a6e78 3560 if (discovering)
2e58ef3e 3561 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3562 else
2e58ef3e 3563 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3564
3565 if (cmd != NULL) {
f808e166
JH		 3566 u8 type = hdev->discovery.type;
3567
d930650b 3568 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3569 &type, sizeof(type));
164a6e78
JH		 3570 mgmt_pending_remove(cmd);
3571 }
3572
f963e8e9
JH		 3573 memset(&ev, 0, sizeof(ev));
3574 ev.type = hdev->discovery.type;
3575 ev.discovering = discovering;
3576
3577 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3578}
5e762444 3579
88c1fe4b 3580int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3581{
3582 struct pending_cmd *cmd;
3583 struct mgmt_ev_device_blocked ev;
3584
2e58ef3e 3585 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3586
88c1fe4b
JH		 3587 bacpy(&ev.addr.bdaddr, bdaddr);
3588 ev.addr.type = type;
5e762444 3589
744cf19e
JH		 3590 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3591 cmd ? cmd->sk : NULL);
5e762444
AJ		 3592}
3593
88c1fe4b 3594int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3595{
3596 struct pending_cmd *cmd;
3597 struct mgmt_ev_device_unblocked ev;
3598
2e58ef3e 3599 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3600
88c1fe4b
JH		 3601 bacpy(&ev.addr.bdaddr, bdaddr);
3602 ev.addr.type = type;
5e762444 3603
744cf19e
JH		 3604 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3605 cmd ? cmd->sk : NULL);
5e762444 3606}
d7b7e796
MH		 3607
3608module_param(enable_hs, bool, 0644);
3609MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3610
3611module_param(enable_le, bool, 0644);
3612MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux kernel - Deliverables
This page took 0.312026 seconds and 5 git commands to generate.