projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Add new error code for invalid index
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
17b02e62 119#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
e5f0e151 267 return err;
02d98129
JH		 268}
269
0f4e68cf
JH		 270static int read_version(struct sock *sk, struct hci_dev *hdev,
271 void *data, u16 data_len)
a38528f1
JH		 272{
273 struct mgmt_rp_read_version rp;
274
275 BT_DBG("sock %p", sk);
276
277 rp.version = MGMT_VERSION;
278 put_unaligned_le16(MGMT_REVISION, &rp.revision);
279
aee9b218 280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 281 sizeof(rp));
a38528f1
JH		 282}
283
0f4e68cf
JH		 284static int read_commands(struct sock *sk, struct hci_dev *hdev,
285 void *data, u16 data_len)
e70bb2e8
JH		 286{
287 struct mgmt_rp_read_commands *rp;
288 u16 num_commands = ARRAY_SIZE(mgmt_commands);
289 u16 num_events = ARRAY_SIZE(mgmt_events);
290 u16 *opcode;
291 size_t rp_size;
292 int i, err;
293
294 BT_DBG("sock %p", sk);
295
296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
297
298 rp = kmalloc(rp_size, GFP_KERNEL);
299 if (!rp)
300 return -ENOMEM;
301
302 put_unaligned_le16(num_commands, &rp->num_commands);
303 put_unaligned_le16(num_events, &rp->num_events);
304
305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306 put_unaligned_le16(mgmt_commands[i], opcode);
307
308 for (i = 0; i < num_events; i++, opcode++)
309 put_unaligned_le16(mgmt_events[i], opcode);
310
aee9b218 311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 312 rp_size);
313 kfree(rp);
314
315 return err;
316}
317
0f4e68cf
JH		 318static int read_index_list(struct sock *sk, struct hci_dev *hdev,
319 void *data, u16 data_len)
faba42eb 320{
faba42eb
JH		 321 struct mgmt_rp_read_index_list *rp;
322 struct list_head *p;
8035ded4 323 struct hci_dev *d;
a38528f1 324 size_t rp_len;
faba42eb 325 u16 count;
a38528f1 326 int i, err;
faba42eb
JH		 327
328 BT_DBG("sock %p", sk);
329
330 read_lock(&hci_dev_list_lock);
331
332 count = 0;
333 list_for_each(p, &hci_dev_list) {
334 count++;
335 }
336
a38528f1
JH		 337 rp_len = sizeof(*rp) + (2 * count);
338 rp = kmalloc(rp_len, GFP_ATOMIC);
339 if (!rp) {
b2c60d42 340 read_unlock(&hci_dev_list_lock);
faba42eb 341 return -ENOMEM;
b2c60d42 342 }
faba42eb 343
faba42eb
JH		 344 put_unaligned_le16(count, &rp->num_controllers);
345
346 i = 0;
8035ded4 347 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 348 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 349 continue;
350
faba42eb
JH		 351 put_unaligned_le16(d->id, &rp->index[i++]);
352 BT_DBG("Added hci%u", d->id);
353 }
354
355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
370 settings |= MGMT_SETTING_CONNECTABLE;
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_PAIRABLE;
374
375 if (hdev->features[6] & LMP_SIMPLE_PAIR)
376 settings |= MGMT_SETTING_SSP;
377
378 if (!(hdev->features[4] & LMP_NO_BREDR)) {
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
381 }
382
d7b7e796
MH		 383 if (enable_hs)
384 settings |= MGMT_SETTING_HS;
385
386 if (enable_le) {
387 if (hdev->features[4] & LMP_LE)
388 settings |= MGMT_SETTING_LE;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
5e5282bb 404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_DISCOVERABLE;
406
a8b2d5c2 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_PAIRABLE;
409
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
412
06199cf8 413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_LE;
415
47990ea0 416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LINK_SECURITY;
418
84bde9d6 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_SSP;
421
6d80dfd0
JH		 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
69ab39ea
JH		 425 return settings;
426}
427
ef580372
JH		 428#define PNP_INFO_SVCLASS_ID 0x1200
429
430static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433};
434
435static u16 get_uuid16(u8 *uuid128)
436{
437 u32 val;
438 int i;
439
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
442 return 0;
443 }
444
445 memcpy(&val, &uuid128[12], 4);
446
447 val = le32_to_cpu(val);
448 if (val > 0xffff)
449 return 0;
450
451 return (u16) val;
452}
453
454static void create_eir(struct hci_dev *hdev, u8 *data)
455{
456 u8 *ptr = data;
457 u16 eir_len = 0;
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
461 size_t name_len;
462
463 name_len = strlen(hdev->dev_name);
464
465 if (name_len > 0) {
466 /* EIR Data type */
467 if (name_len > 48) {
468 name_len = 48;
469 ptr[1] = EIR_NAME_SHORT;
470 } else
471 ptr[1] = EIR_NAME_COMPLETE;
472
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
475
476 memcpy(ptr + 2, hdev->dev_name, name_len);
477
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
480 }
481
482 memset(uuid16_list, 0, sizeof(uuid16_list));
483
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 u16 uuid16;
487
488 uuid16 = get_uuid16(uuid->uuid);
489 if (uuid16 == 0)
490 return;
491
492 if (uuid16 < 0x1100)
493 continue;
494
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 continue;
497
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
500 truncated = 1;
501 break;
502 }
503
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
507 break;
508
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
512 }
513 }
514
515 if (uuid16_list[0] != 0) {
516 u8 *length = ptr;
517
518 /* EIR Data type */
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
520
521 ptr += 2;
522 eir_len += 2;
523
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
527 }
528
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
531 }
532}
533
534static int update_eir(struct hci_dev *hdev)
535{
536 struct hci_cp_write_eir cp;
537
504c8dcd 538 if (!hdev_is_powered(hdev))
7770c4aa
JH		 539 return 0;
540
ef580372
JH		 541 if (!(hdev->features[6] & LMP_EXT_INQ))
542 return 0;
543
84bde9d6 544 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 545 return 0;
546
a8b2d5c2 547 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 548 return 0;
549
550 memset(&cp, 0, sizeof(cp));
551
552 create_eir(hdev, cp.data);
553
554 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
555 return 0;
556
557 memcpy(hdev->eir, cp.data, sizeof(cp.data));
558
559 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
560}
561
562static u8 get_service_classes(struct hci_dev *hdev)
563{
564 struct bt_uuid *uuid;
565 u8 val = 0;
566
567 list_for_each_entry(uuid, &hdev->uuids, list)
568 val |= uuid->svc_hint;
569
570 return val;
571}
572
573static int update_class(struct hci_dev *hdev)
574{
575 u8 cod[3];
c95f0ba7 576 int err;
ef580372
JH		 577
578 BT_DBG("%s", hdev->name);
579
504c8dcd 580 if (!hdev_is_powered(hdev))
7770c4aa
JH		 581 return 0;
582
a8b2d5c2 583 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 584 return 0;
585
586 cod[0] = hdev->minor_class;
587 cod[1] = hdev->major_class;
588 cod[2] = get_service_classes(hdev);
589
590 if (memcmp(cod, hdev->dev_class, 3) == 0)
591 return 0;
592
c95f0ba7
JH		 593 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
594 if (err == 0)
595 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
596
597 return err;
ef580372
JH		 598}
599
7d78525d
JH		 600static void service_cache_off(struct work_struct *work)
601{
602 struct hci_dev *hdev = container_of(work, struct hci_dev,
603 service_cache.work);
604
a8b2d5c2 605 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 606 return;
607
608 hci_dev_lock(hdev);
609
610 update_eir(hdev);
611 update_class(hdev);
612
613 hci_dev_unlock(hdev);
614}
615
6a919082 616static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 617{
6a919082
JH		 618 if (!test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
619 return;
620
0cbf4ed6 621 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 622 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
623
0cbf4ed6
JH		 624 /* Non-mgmt controlled devices get this bit set
625 * implicitly so that pairing works for them, however
626 * for mgmt we require user-space to explicitly enable
627 * it
628 */
629 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
630 }
7d78525d
JH		 631}
632
0f4e68cf
JH		 633static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
634 void *data, u16 data_len)
0381101f 635{
a38528f1 636 struct mgmt_rp_read_info rp;
f7b64e69 637
bdb6d971 638 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 639
09fd0de5 640 hci_dev_lock(hdev);
f7b64e69 641
dc4fe30b
JH		 642 memset(&rp, 0, sizeof(rp));
643
69ab39ea 644 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 645
69ab39ea 646 rp.version = hdev->hci_ver;
f7b64e69 647
69ab39ea
JH		 648 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
649
650 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
651 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 652
a38528f1 653 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 654
dc4fe30b 655 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 656 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 657
09fd0de5 658 hci_dev_unlock(hdev);
0381101f 659
bdb6d971
JH		 660 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
661 sizeof(rp));
0381101f
JH		 662}
663
eec8d2bc
JH		 664static void mgmt_pending_free(struct pending_cmd *cmd)
665{
666 sock_put(cmd->sk);
c68fb7ff 667 kfree(cmd->param);
eec8d2bc
JH		 668 kfree(cmd);
669}
670
366a0336 671static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 672 struct hci_dev *hdev,
673 void *data, u16 len)
eec8d2bc
JH		 674{
675 struct pending_cmd *cmd;
676
677 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
678 if (!cmd)
366a0336 679 return NULL;
eec8d2bc
JH		 680
681 cmd->opcode = opcode;
2e58ef3e 682 cmd->index = hdev->id;
eec8d2bc 683
c68fb7ff
SJ		 684 cmd->param = kmalloc(len, GFP_ATOMIC);
685 if (!cmd->param) {
eec8d2bc 686 kfree(cmd);
366a0336 687 return NULL;
eec8d2bc
JH		 688 }
689
8fce6357
SJ		 690 if (data)
691 memcpy(cmd->param, data, len);
eec8d2bc
JH		 692
693 cmd->sk = sk;
694 sock_hold(sk);
695
2e58ef3e 696 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 697
366a0336 698 return cmd;
eec8d2bc
JH		 699}
700
744cf19e 701static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 702 void (*cb)(struct pending_cmd *cmd, void *data),
703 void *data)
704{
705 struct list_head *p, *n;
706
2e58ef3e 707 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 708 struct pending_cmd *cmd;
709
710 cmd = list_entry(p, struct pending_cmd, list);
711
b24752fe 712 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 713 continue;
714
eec8d2bc
JH		 715 cb(cmd, data);
716 }
717}
718
2e58ef3e 719static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 720{
8035ded4 721 struct pending_cmd *cmd;
eec8d2bc 722
2e58ef3e 723 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 724 if (cmd->opcode == opcode)
725 return cmd;
eec8d2bc
JH		 726 }
727
728 return NULL;
729}
730
a664b5bc 731static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 732{
73f22f62
JH		 733 list_del(&cmd->list);
734 mgmt_pending_free(cmd);
735}
736
69ab39ea 737static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 738{
69ab39ea 739 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 740
aee9b218
JH		 741 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
742 sizeof(settings));
8680570b
JH		 743}
744
bdb6d971
JH		 745static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
746 u16 len)
eec8d2bc 747{
650f726d 748 struct mgmt_mode *cp = data;
366a0336 749 struct pending_cmd *cmd;
4b34ee78 750 int err;
eec8d2bc 751
bdb6d971 752 BT_DBG("request for %s", hdev->name);
eec8d2bc 753
09fd0de5 754 hci_dev_lock(hdev);
eec8d2bc 755
f0d4b78a
MH		 756 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
757 cancel_delayed_work(&hdev->power_off);
758
759 if (cp->val) {
760 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
761 mgmt_powered(hdev, 1);
762 goto failed;
763 }
764 }
765
4b34ee78 766 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 767 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 768 goto failed;
769 }
770
2e58ef3e 771 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 772 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
ca69b795 773 MGMT_STATUS_BUSY);
eec8d2bc
JH		 774 goto failed;
775 }
776
2e58ef3e 777 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 778 if (!cmd) {
779 err = -ENOMEM;
eec8d2bc 780 goto failed;
366a0336 781 }
eec8d2bc 782
72a734ec 783 if (cp->val)
7f971041 784 schedule_work(&hdev->power_on);
eec8d2bc 785 else
80b7ab33 786 schedule_work(&hdev->power_off.work);
eec8d2bc 787
366a0336 788 err = 0;
eec8d2bc
JH		 789
790failed:
09fd0de5 791 hci_dev_unlock(hdev);
366a0336 792 return err;
eec8d2bc
JH		 793}
794
beadb2bd
JH		 795static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
796 u16 data_len, struct sock *skip_sk)
797{
798 struct sk_buff *skb;
799 struct mgmt_hdr *hdr;
800
801 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
802 if (!skb)
803 return -ENOMEM;
804
805 hdr = (void *) skb_put(skb, sizeof(*hdr));
806 hdr->opcode = cpu_to_le16(event);
807 if (hdev)
808 hdr->index = cpu_to_le16(hdev->id);
809 else
810 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
811 hdr->len = cpu_to_le16(data_len);
812
813 if (data)
814 memcpy(skb_put(skb, data_len), data, data_len);
815
97e0bdeb
MH		 816 /* Time stamp */
817 __net_timestamp(skb);
818
beadb2bd
JH		 819 hci_send_to_control(skb, skip_sk);
820 kfree_skb(skb);
821
822 return 0;
823}
824
825static int new_settings(struct hci_dev *hdev, struct sock *skip)
826{
827 __le32 ev;
828
829 ev = cpu_to_le32(get_current_settings(hdev));
830
831 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
832}
833
bdb6d971
JH		 834static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
835 u16 len)
73f22f62 836{
650f726d 837 struct mgmt_cp_set_discoverable *cp = data;
366a0336 838 struct pending_cmd *cmd;
5e5282bb 839 u16 timeout;
73f22f62
JH		 840 u8 scan;
841 int err;
842
bdb6d971 843 BT_DBG("request for %s", hdev->name);
73f22f62 844
24c54a90
MH		 845 timeout = get_unaligned_le16(&cp->timeout);
846 if (!cp->val && timeout > 0)
bdb6d971 847 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
ca69b795 848 MGMT_STATUS_INVALID_PARAMS);
73f22f62 849
09fd0de5 850 hci_dev_lock(hdev);
73f22f62 851
5e5282bb 852 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 853 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
ca69b795 854 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 855 goto failed;
856 }
857
2e58ef3e
JH		 858 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
859 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 860 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
ca69b795 861 MGMT_STATUS_BUSY);
73f22f62
JH		 862 goto failed;
863 }
864
5e5282bb 865 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 866 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
5e5282bb
JH		 867 MGMT_STATUS_REJECTED);
868 goto failed;
869 }
870
871 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 872 bool changed = false;
873
874 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
875 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
876 changed = true;
877 }
878
5e5282bb 879 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 880 if (err < 0)
881 goto failed;
882
883 if (changed)
884 err = new_settings(hdev, sk);
885
5e5282bb
JH		 886 goto failed;
887 }
888
889 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 890 if (hdev->discov_timeout > 0) {
891 cancel_delayed_work(&hdev->discov_off);
892 hdev->discov_timeout = 0;
893 }
894
895 if (cp->val && timeout > 0) {
896 hdev->discov_timeout = timeout;
897 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
898 msecs_to_jiffies(hdev->discov_timeout * 1000));
899 }
900
69ab39ea 901 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 902 goto failed;
903 }
904
2e58ef3e 905 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 906 if (!cmd) {
907 err = -ENOMEM;
73f22f62 908 goto failed;
366a0336 909 }
73f22f62
JH		 910
911 scan = SCAN_PAGE;
912
72a734ec 913 if (cp->val)
73f22f62 914 scan |= SCAN_INQUIRY;
16ab91ab 915 else
e0f9309f 916 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 917
918 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
919 if (err < 0)
a664b5bc 920 mgmt_pending_remove(cmd);
73f22f62 921
16ab91ab 922 if (cp->val)
5e5282bb 923 hdev->discov_timeout = timeout;
16ab91ab 924
73f22f62 925failed:
09fd0de5 926 hci_dev_unlock(hdev);
73f22f62
JH		 927 return err;
928}
929
bdb6d971
JH		 930static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
931 u16 len)
9fbcbb45 932{
650f726d 933 struct mgmt_mode *cp = data;
366a0336 934 struct pending_cmd *cmd;
9fbcbb45
JH		 935 u8 scan;
936 int err;
937
bdb6d971 938 BT_DBG("request for %s", hdev->name);
9fbcbb45 939
09fd0de5 940 hci_dev_lock(hdev);
9fbcbb45 941
4b34ee78 942 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 943 bool changed = false;
944
945 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
946 changed = true;
947
6bf0e469 948 if (cp->val) {
5e5282bb 949 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 950 } else {
5e5282bb
JH		 951 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
952 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
953 }
0224d2fa 954
5e5282bb 955 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 956 if (err < 0)
957 goto failed;
958
959 if (changed)
960 err = new_settings(hdev, sk);
961
9fbcbb45
JH		 962 goto failed;
963 }
964
2e58ef3e
JH		 965 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
966 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 967 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
ca69b795 968 MGMT_STATUS_BUSY);
9fbcbb45
JH		 969 goto failed;
970 }
971
5e5282bb 972 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 973 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 974 goto failed;
975 }
976
2e58ef3e 977 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 978 if (!cmd) {
979 err = -ENOMEM;
9fbcbb45 980 goto failed;
366a0336 981 }
9fbcbb45 982
6bf0e469 983 if (cp->val) {
9fbcbb45 984 scan = SCAN_PAGE;
6bf0e469 985 } else {
9fbcbb45
JH		 986 scan = 0;
987
df2c6c5e
JH		 988 if (test_bit(HCI_ISCAN, &hdev->flags) &&
989 hdev->discov_timeout > 0)
990 cancel_delayed_work(&hdev->discov_off);
991 }
992
9fbcbb45
JH		 993 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
994 if (err < 0)
a664b5bc 995 mgmt_pending_remove(cmd);
9fbcbb45
JH		 996
997failed:
09fd0de5 998 hci_dev_unlock(hdev);
9fbcbb45
JH		 999 return err;
1000}
1001
bdb6d971
JH		 1002static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1003 u16 len)
c542a06c 1004{
650f726d 1005 struct mgmt_mode *cp = data;
c542a06c
JH		 1006 int err;
1007
bdb6d971 1008 BT_DBG("request for %s", hdev->name);
c542a06c 1009
09fd0de5 1010 hci_dev_lock(hdev);
c542a06c
JH		 1011
1012 if (cp->val)
a8b2d5c2 1013 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1014 else
a8b2d5c2 1015 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1016
69ab39ea 1017 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1018 if (err < 0)
1019 goto failed;
1020
beadb2bd 1021 err = new_settings(hdev, sk);
c542a06c
JH		 1022
1023failed:
09fd0de5 1024 hci_dev_unlock(hdev);
c542a06c
JH		 1025 return err;
1026}
1027
bdb6d971
JH		 1028static int set_link_security(struct sock *sk, struct hci_dev *hdev,
1029 void *data, u16 len)
33ef95ed
JH		 1030{
1031 struct mgmt_mode *cp = data;
1032 struct pending_cmd *cmd;
816a11d5 1033 u8 val;
33ef95ed
JH		 1034 int err;
1035
bdb6d971 1036 BT_DBG("request for %s", hdev->name);
33ef95ed 1037
33ef95ed
JH		 1038 hci_dev_lock(hdev);
1039
4b34ee78 1040 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1041 bool changed = false;
1042
1043 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1044 &hdev->dev_flags)) {
1045 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1046 changed = true;
1047 }
1048
1049 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1050 if (err < 0)
1051 goto failed;
1052
1053 if (changed)
1054 err = new_settings(hdev, sk);
1055
33ef95ed
JH		 1056 goto failed;
1057 }
1058
1059 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1060 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
33ef95ed
JH		 1061 MGMT_STATUS_BUSY);
1062 goto failed;
1063 }
1064
1065 val = !!cp->val;
1066
1067 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1068 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1069 goto failed;
1070 }
1071
1072 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1073 if (!cmd) {
1074 err = -ENOMEM;
1075 goto failed;
1076 }
1077
1078 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1079 if (err < 0) {
1080 mgmt_pending_remove(cmd);
1081 goto failed;
1082 }
1083
1084failed:
1085 hci_dev_unlock(hdev);
33ef95ed
JH		 1086 return err;
1087}
1088
bdb6d971 1089static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1090{
1091 struct mgmt_mode *cp = data;
1092 struct pending_cmd *cmd;
816a11d5 1093 u8 val;
ed2c4ee3
JH		 1094 int err;
1095
bdb6d971 1096 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1097
ed2c4ee3
JH		 1098 hci_dev_lock(hdev);
1099
6c8f12c1 1100 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1101 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
6c8f12c1
JH		 1102 MGMT_STATUS_NOT_SUPPORTED);
1103 goto failed;
1104 }
1105
c0ecddc2
JH		 1106 val = !!cp->val;
1107
4b34ee78 1108 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1109 bool changed = false;
1110
1111 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1112 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1113 changed = true;
1114 }
1115
1116 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1117 if (err < 0)
1118 goto failed;
1119
1120 if (changed)
1121 err = new_settings(hdev, sk);
1122
ed2c4ee3
JH		 1123 goto failed;
1124 }
1125
1126 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
bdb6d971
JH		 1127 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1128 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1129 goto failed;
1130 }
1131
ed2c4ee3
JH		 1132 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1133 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1134 goto failed;
1135 }
1136
1137 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1138 if (!cmd) {
1139 err = -ENOMEM;
1140 goto failed;
1141 }
1142
1143 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1144 if (err < 0) {
1145 mgmt_pending_remove(cmd);
1146 goto failed;
1147 }
1148
1149failed:
1150 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1151 return err;
1152}
1153
bdb6d971 1154static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1155{
1156 struct mgmt_mode *cp = data;
6d80dfd0 1157
bdb6d971 1158 BT_DBG("request for %s", hdev->name);
6d80dfd0 1159
bdb6d971
JH		 1160 if (!enable_hs)
1161 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1162 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1163
1164 if (cp->val)
1165 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1166 else
1167 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1168
bdb6d971 1169 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1170}
1171
bdb6d971 1172static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1173{
1174 struct mgmt_mode *cp = data;
1175 struct hci_cp_write_le_host_supported hci_cp;
1176 struct pending_cmd *cmd;
06199cf8 1177 int err;
0b60eba1 1178 u8 val, enabled;
06199cf8 1179
bdb6d971 1180 BT_DBG("request for %s", hdev->name);
06199cf8 1181
1de028ce
JH		 1182 hci_dev_lock(hdev);
1183
06199cf8 1184 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1185 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
06199cf8 1186 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1187 goto unlock;
06199cf8
JH		 1188 }
1189
1190 val = !!cp->val;
0b60eba1 1191 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1192
0b60eba1 1193 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1194 bool changed = false;
1195
1196 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1197 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1198 changed = true;
1199 }
1200
1201 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1202 if (err < 0)
1de028ce 1203 goto unlock;
06199cf8
JH		 1204
1205 if (changed)
1206 err = new_settings(hdev, sk);
1207
1de028ce 1208 goto unlock;
06199cf8
JH		 1209 }
1210
1211 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971
JH		 1212 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1213 MGMT_STATUS_BUSY);
1de028ce 1214 goto unlock;
06199cf8
JH		 1215 }
1216
1217 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1218 if (!cmd) {
1219 err = -ENOMEM;
1de028ce 1220 goto unlock;
06199cf8
JH		 1221 }
1222
1223 memset(&hci_cp, 0, sizeof(hci_cp));
1224
1225 if (val) {
1226 hci_cp.le = val;
1227 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1228 }
1229
1230 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
1231 sizeof(hci_cp), &hci_cp);
1232 if (err < 0) {
1233 mgmt_pending_remove(cmd);
1de028ce 1234 goto unlock;
06199cf8
JH		 1235 }
1236
1de028ce
JH		 1237unlock:
1238 hci_dev_unlock(hdev);
06199cf8
JH		 1239 return err;
1240}
1241
bdb6d971 1242static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1243{
650f726d 1244 struct mgmt_cp_add_uuid *cp = data;
90e70454 1245 struct pending_cmd *cmd;
2aeb9a1a 1246 struct bt_uuid *uuid;
2aeb9a1a
JH		 1247 int err;
1248
bdb6d971 1249 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1250
09fd0de5 1251 hci_dev_lock(hdev);
2aeb9a1a 1252
c95f0ba7 1253 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1254 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
c95f0ba7
JH		 1255 MGMT_STATUS_BUSY);
1256 goto failed;
1257 }
1258
2aeb9a1a
JH		 1259 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1260 if (!uuid) {
1261 err = -ENOMEM;
1262 goto failed;
1263 }
1264
1265 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1266 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1267
1268 list_add(&uuid->list, &hdev->uuids);
1269
1aff6f09
JH		 1270 err = update_class(hdev);
1271 if (err < 0)
1272 goto failed;
1273
80a1e1db
JH		 1274 err = update_eir(hdev);
1275 if (err < 0)
1276 goto failed;
1277
90e70454 1278 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1279 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
90e70454
JH		 1280 hdev->dev_class, 3);
1281 goto failed;
1282 }
1283
1284 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1285 if (!cmd) {
1286 err = -ENOMEM;
1287 goto failed;
1288 }
2aeb9a1a
JH		 1289
1290failed:
09fd0de5 1291 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1292 return err;
1293}
1294
24b78d0f
JH		 1295static bool enable_service_cache(struct hci_dev *hdev)
1296{
1297 if (!hdev_is_powered(hdev))
1298 return false;
1299
1300 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1301 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1302 return true;
1303 }
1304
1305 return false;
1306}
1307
bdb6d971
JH		 1308static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1309 u16 len)
2aeb9a1a 1310{
650f726d 1311 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1312 struct pending_cmd *cmd;
2aeb9a1a 1313 struct list_head *p, *n;
2aeb9a1a 1314 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1315 int err, found;
1316
bdb6d971 1317 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1318
09fd0de5 1319 hci_dev_lock(hdev);
2aeb9a1a 1320
c95f0ba7 1321 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1322 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
c95f0ba7
JH		 1323 MGMT_STATUS_BUSY);
1324 goto unlock;
1325 }
1326
2aeb9a1a
JH		 1327 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1328 err = hci_uuids_clear(hdev);
4004b6d9 1329
24b78d0f 1330 if (enable_service_cache(hdev)) {
bdb6d971
JH		 1331 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1332 0, hdev->dev_class, 3);
24b78d0f
JH		 1333 goto unlock;
1334 }
4004b6d9 1335
9246a869 1336 goto update_class;
2aeb9a1a
JH		 1337 }
1338
1339 found = 0;
1340
1341 list_for_each_safe(p, n, &hdev->uuids) {
1342 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1343
1344 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1345 continue;
1346
1347 list_del(&match->list);
1348 found++;
1349 }
1350
1351 if (found == 0) {
bdb6d971 1352 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
ca69b795 1353 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1354 goto unlock;
1355 }
1356
9246a869 1357update_class:
1aff6f09
JH		 1358 err = update_class(hdev);
1359 if (err < 0)
1360 goto unlock;
1361
80a1e1db
JH		 1362 err = update_eir(hdev);
1363 if (err < 0)
1364 goto unlock;
1365
90e70454 1366 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1367 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
9997a533 1368 hdev->dev_class, 3);
90e70454
JH		 1369 goto unlock;
1370 }
1371
1372 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1373 if (!cmd) {
1374 err = -ENOMEM;
1375 goto unlock;
1376 }
2aeb9a1a
JH		 1377
1378unlock:
09fd0de5 1379 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1380 return err;
1381}
1382
bdb6d971
JH		 1383static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1384 u16 len)
1aff6f09 1385{
650f726d 1386 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1387 struct pending_cmd *cmd;
1aff6f09
JH		 1388 int err;
1389
bdb6d971 1390 BT_DBG("request for %s", hdev->name);
1aff6f09 1391
09fd0de5 1392 hci_dev_lock(hdev);
1aff6f09 1393
c95f0ba7 1394 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1395 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
c95f0ba7
JH		 1396 MGMT_STATUS_BUSY);
1397 goto unlock;
1398 }
1399
932f5ff5
JH		 1400 hdev->major_class = cp->major;
1401 hdev->minor_class = cp->minor;
1402
b5235a65 1403 if (!hdev_is_powered(hdev)) {
bdb6d971 1404 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
932f5ff5 1405 hdev->dev_class, 3);
b5235a65
JH		 1406 goto unlock;
1407 }
1408
a8b2d5c2 1409 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1410 hci_dev_unlock(hdev);
1411 cancel_delayed_work_sync(&hdev->service_cache);
1412 hci_dev_lock(hdev);
14c0b608 1413 update_eir(hdev);
7d78525d 1414 }
14c0b608 1415
1aff6f09 1416 err = update_class(hdev);
90e70454
JH		 1417 if (err < 0)
1418 goto unlock;
1aff6f09 1419
90e70454 1420 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1421 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
8ec37034 1422 hdev->dev_class, 3);
90e70454
JH		 1423 goto unlock;
1424 }
1425
1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1427 if (!cmd) {
1428 err = -ENOMEM;
1429 goto unlock;
1430 }
1aff6f09 1431
b5235a65 1432unlock:
09fd0de5 1433 hci_dev_unlock(hdev);
1aff6f09
JH		 1434 return err;
1435}
1436
bdb6d971
JH		 1437static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1438 u16 len)
55ed8ca1 1439{
650f726d 1440 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1441 u16 key_count, expected_len;
a492cd52 1442 int i;
55ed8ca1 1443
55ed8ca1
JH		 1444 key_count = get_unaligned_le16(&cp->key_count);
1445
86742e1e
JH		 1446 expected_len = sizeof(*cp) + key_count *
1447 sizeof(struct mgmt_link_key_info);
a492cd52 1448 if (expected_len != len) {
86742e1e 1449 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1450 len, expected_len);
bdb6d971 1451 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
ca69b795 1452 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1453 }
1454
bdb6d971 1455 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1456 key_count);
1457
09fd0de5 1458 hci_dev_lock(hdev);
55ed8ca1
JH		 1459
1460 hci_link_keys_clear(hdev);
1461
a8b2d5c2 1462 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1463
1464 if (cp->debug_keys)
a8b2d5c2 1465 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1466 else
a8b2d5c2 1467 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1468
a492cd52 1469 for (i = 0; i < key_count; i++) {
86742e1e 1470 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1471
d753fdc4
JH		 1472 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1473 key->type, key->pin_len);
55ed8ca1
JH		 1474 }
1475
bdb6d971 1476 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1477
09fd0de5 1478 hci_dev_unlock(hdev);
55ed8ca1 1479
a492cd52 1480 return 0;
55ed8ca1
JH		 1481}
1482
b1078ad0
JH		 1483static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1484 u8 addr_type, struct sock *skip_sk)
1485{
1486 struct mgmt_ev_device_unpaired ev;
1487
1488 bacpy(&ev.addr.bdaddr, bdaddr);
1489 ev.addr.type = addr_type;
1490
1491 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1492 skip_sk);
1493}
1494
bdb6d971
JH		 1495static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1496 u16 len)
55ed8ca1 1497{
124f6e35
JH		 1498 struct mgmt_cp_unpair_device *cp = data;
1499 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1500 struct hci_cp_disconnect dc;
1501 struct pending_cmd *cmd;
55ed8ca1 1502 struct hci_conn *conn;
55ed8ca1
JH		 1503 int err;
1504
09fd0de5 1505 hci_dev_lock(hdev);
55ed8ca1 1506
a8a1d19e 1507 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1508 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1509 rp.addr.type = cp->addr.type;
a8a1d19e 1510
86a8cfc6 1511 if (!hdev_is_powered(hdev)) {
bdb6d971 1512 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
86a8cfc6
JH		 1513 MGMT_STATUS_NOT_POWERED,
1514 &rp, sizeof(rp));
1515 goto unlock;
1516 }
1517
124f6e35
JH		 1518 if (cp->addr.type == MGMT_ADDR_BREDR)
1519 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1520 else
1521 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1522
55ed8ca1 1523 if (err < 0) {
bdb6d971 1524 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
86a8cfc6
JH		 1525 MGMT_STATUS_NOT_PAIRED,
1526 &rp, sizeof(rp));
55ed8ca1
JH		 1527 goto unlock;
1528 }
1529
86a8cfc6
JH		 1530 if (cp->disconnect) {
1531 if (cp->addr.type == MGMT_ADDR_BREDR)
1532 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1533 &cp->addr.bdaddr);
86a8cfc6
JH		 1534 else
1535 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1536 &cp->addr.bdaddr);
86a8cfc6
JH		 1537 } else {
1538 conn = NULL;
1539 }
124f6e35 1540
a8a1d19e 1541 if (!conn) {
bdb6d971 1542 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
aee9b218 1543 &rp, sizeof(rp));
b1078ad0 1544 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1545 goto unlock;
1546 }
55ed8ca1 1547
124f6e35
JH		 1548 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1549 sizeof(*cp));
a8a1d19e
JH		 1550 if (!cmd) {
1551 err = -ENOMEM;
1552 goto unlock;
55ed8ca1
JH		 1553 }
1554
a8a1d19e
JH		 1555 put_unaligned_le16(conn->handle, &dc.handle);
1556 dc.reason = 0x13; /* Remote User Terminated Connection */
1557 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1558 if (err < 0)
1559 mgmt_pending_remove(cmd);
1560
55ed8ca1 1561unlock:
09fd0de5 1562 hci_dev_unlock(hdev);
55ed8ca1
JH		 1563 return err;
1564}
1565
bdb6d971
JH		 1566static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1567 u16 len)
8962ee74 1568{
650f726d 1569 struct mgmt_cp_disconnect *cp = data;
8962ee74 1570 struct hci_cp_disconnect dc;
366a0336 1571 struct pending_cmd *cmd;
8962ee74 1572 struct hci_conn *conn;
8962ee74
JH		 1573 int err;
1574
1575 BT_DBG("");
1576
09fd0de5 1577 hci_dev_lock(hdev);
8962ee74
JH		 1578
1579 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1580 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 1581 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1582 goto failed;
1583 }
1584
2e58ef3e 1585 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1586 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 1587 MGMT_STATUS_BUSY);
8962ee74
JH		 1588 goto failed;
1589 }
1590
88c3df13
JH		 1591 if (cp->addr.type == MGMT_ADDR_BREDR)
1592 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1593 else
1594 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1595
8962ee74 1596 if (!conn) {
bdb6d971 1597 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 1598 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1599 goto failed;
1600 }
1601
2e58ef3e 1602 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1603 if (!cmd) {
1604 err = -ENOMEM;
8962ee74 1605 goto failed;
366a0336 1606 }
8962ee74
JH		 1607
1608 put_unaligned_le16(conn->handle, &dc.handle);
1609 dc.reason = 0x13; /* Remote User Terminated Connection */
1610
1611 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1612 if (err < 0)
a664b5bc 1613 mgmt_pending_remove(cmd);
8962ee74
JH		 1614
1615failed:
09fd0de5 1616 hci_dev_unlock(hdev);
8962ee74
JH		 1617 return err;
1618}
1619
48264f06 1620static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1621{
1622 switch (link_type) {
1623 case LE_LINK:
48264f06
JH		 1624 switch (addr_type) {
1625 case ADDR_LE_DEV_PUBLIC:
1626 return MGMT_ADDR_LE_PUBLIC;
1627 case ADDR_LE_DEV_RANDOM:
1628 return MGMT_ADDR_LE_RANDOM;
1629 default:
1630 return MGMT_ADDR_INVALID;
1631 }
4c659c39
JH		 1632 case ACL_LINK:
1633 return MGMT_ADDR_BREDR;
1634 default:
1635 return MGMT_ADDR_INVALID;
1636 }
1637}
1638
0f4e68cf
JH		 1639static int get_connections(struct sock *sk, struct hci_dev *hdev,
1640 void *data, u16 data_len)
2784eb41 1641{
2784eb41 1642 struct mgmt_rp_get_connections *rp;
8035ded4 1643 struct hci_conn *c;
a38528f1 1644 size_t rp_len;
60fc5fb6
JH		 1645 int err;
1646 u16 i;
2784eb41
JH		 1647
1648 BT_DBG("");
1649
09fd0de5 1650 hci_dev_lock(hdev);
2784eb41 1651
5f97c1df 1652 if (!hdev_is_powered(hdev)) {
bdb6d971 1653 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
5f97c1df
JH		 1654 MGMT_STATUS_NOT_POWERED);
1655 goto unlock;
1656 }
1657
60fc5fb6 1658 i = 0;
b644ba33
JH		 1659 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1660 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1661 i++;
2784eb41
JH		 1662 }
1663
60fc5fb6 1664 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1665 rp = kmalloc(rp_len, GFP_ATOMIC);
1666 if (!rp) {
2784eb41
JH		 1667 err = -ENOMEM;
1668 goto unlock;
1669 }
1670
2784eb41 1671 i = 0;
4c659c39 1672 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1673 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1674 continue;
4c659c39 1675 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1676 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1677 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1678 continue;
1679 i++;
1680 }
1681
60fc5fb6
JH		 1682 put_unaligned_le16(i, &rp->conn_count);
1683
4c659c39
JH		 1684 /* Recalculate length in case of filtered SCO connections, etc */
1685 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1686
bdb6d971
JH		 1687 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1688 rp_len);
2784eb41 1689
a38528f1 1690 kfree(rp);
5f97c1df
JH		 1691
1692unlock:
09fd0de5 1693 hci_dev_unlock(hdev);
2784eb41
JH		 1694 return err;
1695}
1696
bdb6d971
JH		 1697static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1698 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1699{
1700 struct pending_cmd *cmd;
1701 int err;
1702
2e58ef3e 1703 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1704 sizeof(*cp));
1705 if (!cmd)
1706 return -ENOMEM;
1707
d8457698
JH		 1708 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1709 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1710 if (err < 0)
1711 mgmt_pending_remove(cmd);
1712
1713 return err;
1714}
1715
bdb6d971
JH		 1716static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1717 u16 len)
980e1a53 1718{
96d97a67 1719 struct hci_conn *conn;
650f726d 1720 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1721 struct hci_cp_pin_code_reply reply;
366a0336 1722 struct pending_cmd *cmd;
980e1a53
JH		 1723 int err;
1724
1725 BT_DBG("");
1726
09fd0de5 1727 hci_dev_lock(hdev);
980e1a53 1728
4b34ee78 1729 if (!hdev_is_powered(hdev)) {
bdb6d971 1730 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1731 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1732 goto failed;
1733 }
1734
d8457698 1735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1736 if (!conn) {
bdb6d971 1737 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1738 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1739 goto failed;
1740 }
1741
1742 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1743 struct mgmt_cp_pin_code_neg_reply ncp;
1744
1745 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1746
1747 BT_ERR("PIN code is not 16 bytes long");
1748
bdb6d971 1749 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1750 if (err >= 0)
bdb6d971 1751 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1752 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1753
1754 goto failed;
1755 }
1756
00abfe44 1757 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1758 if (!cmd) {
1759 err = -ENOMEM;
980e1a53 1760 goto failed;
366a0336 1761 }
980e1a53 1762
d8457698 1763 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1764 reply.pin_len = cp->pin_len;
24718ca5 1765 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1766
1767 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1768 if (err < 0)
a664b5bc 1769 mgmt_pending_remove(cmd);
980e1a53
JH		 1770
1771failed:
09fd0de5 1772 hci_dev_unlock(hdev);
980e1a53
JH		 1773 return err;
1774}
1775
bdb6d971
JH		 1776static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1777 void *data, u16 len)
980e1a53 1778{
650f726d 1779 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1780 int err;
1781
1782 BT_DBG("");
1783
09fd0de5 1784 hci_dev_lock(hdev);
980e1a53 1785
4b34ee78 1786 if (!hdev_is_powered(hdev)) {
bdb6d971 1787 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1788 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1789 goto failed;
1790 }
1791
bdb6d971 1792 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1793
1794failed:
09fd0de5 1795 hci_dev_unlock(hdev);
980e1a53
JH		 1796 return err;
1797}
1798
bdb6d971
JH		 1799static int set_io_capability(struct sock *sk, struct hci_dev *hdev,
1800 void *data, u16 len)
17fa4b9d 1801{
650f726d 1802 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1803
1804 BT_DBG("");
1805
09fd0de5 1806 hci_dev_lock(hdev);
17fa4b9d
JH		 1807
1808 hdev->io_capability = cp->io_capability;
1809
1810 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1811 hdev->io_capability);
17fa4b9d 1812
09fd0de5 1813 hci_dev_unlock(hdev);
17fa4b9d 1814
bdb6d971
JH		 1815 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
1816 NULL, 0);
17fa4b9d
JH		 1817}
1818
e9a416b5
JH		 1819static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1820{
1821 struct hci_dev *hdev = conn->hdev;
8035ded4 1822 struct pending_cmd *cmd;
e9a416b5 1823
2e58ef3e 1824 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1825 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1826 continue;
1827
e9a416b5
JH		 1828 if (cmd->user_data != conn)
1829 continue;
1830
1831 return cmd;
1832 }
1833
1834 return NULL;
1835}
1836
1837static void pairing_complete(struct pending_cmd *cmd, u8 status)
1838{
1839 struct mgmt_rp_pair_device rp;
1840 struct hci_conn *conn = cmd->user_data;
1841
ba4e564f
JH		 1842 bacpy(&rp.addr.bdaddr, &conn->dst);
1843 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1844
aee9b218
JH		 1845 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1846 &rp, sizeof(rp));
e9a416b5
JH		 1847
1848 /* So we don't get further callbacks for this connection */
1849 conn->connect_cfm_cb = NULL;
1850 conn->security_cfm_cb = NULL;
1851 conn->disconn_cfm_cb = NULL;
1852
1853 hci_conn_put(conn);
1854
a664b5bc 1855 mgmt_pending_remove(cmd);
e9a416b5
JH		 1856}
1857
1858static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1859{
1860 struct pending_cmd *cmd;
1861
1862 BT_DBG("status %u", status);
1863
1864 cmd = find_pairing(conn);
56e5cb86 1865 if (!cmd)
e9a416b5 1866 BT_DBG("Unable to find a pending command");
56e5cb86 1867 else
e211326c 1868 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1869}
1870
bdb6d971
JH		 1871static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1872 u16 len)
e9a416b5 1873{
650f726d 1874 struct mgmt_cp_pair_device *cp = data;
1425acb7 1875 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1876 struct pending_cmd *cmd;
1877 u8 sec_level, auth_type;
1878 struct hci_conn *conn;
e9a416b5
JH		 1879 int err;
1880
1881 BT_DBG("");
1882
09fd0de5 1883 hci_dev_lock(hdev);
e9a416b5 1884
5f97c1df 1885 if (!hdev_is_powered(hdev)) {
bdb6d971 1886 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
5f97c1df
JH		 1887 MGMT_STATUS_NOT_POWERED);
1888 goto unlock;
1889 }
1890
c908df36
VCG		 1891 sec_level = BT_SECURITY_MEDIUM;
1892 if (cp->io_cap == 0x03)
e9a416b5 1893 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1894 else
e9a416b5 1895 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1896
ba4e564f
JH		 1897 if (cp->addr.type == MGMT_ADDR_BREDR)
1898 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1899 auth_type);
1900 else
ba4e564f 1901 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1902 auth_type);
1903
1425acb7
JH		 1904 memset(&rp, 0, sizeof(rp));
1905 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1906 rp.addr.type = cp->addr.type;
1907
30e76272 1908 if (IS_ERR(conn)) {
bdb6d971 1909 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
e211326c
JH		 1910 MGMT_STATUS_CONNECT_FAILED,
1911 &rp, sizeof(rp));
e9a416b5
JH		 1912 goto unlock;
1913 }
1914
1915 if (conn->connect_cfm_cb) {
1916 hci_conn_put(conn);
bdb6d971 1917 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
e211326c 1918 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1919 goto unlock;
1920 }
1921
2e58ef3e 1922 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1923 if (!cmd) {
1924 err = -ENOMEM;
1925 hci_conn_put(conn);
1926 goto unlock;
1927 }
1928
7a512d01 1929 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1930 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1931 conn->connect_cfm_cb = pairing_complete_cb;
1932
e9a416b5
JH		 1933 conn->security_cfm_cb = pairing_complete_cb;
1934 conn->disconn_cfm_cb = pairing_complete_cb;
1935 conn->io_capability = cp->io_cap;
1936 cmd->user_data = conn;
1937
1938 if (conn->state == BT_CONNECTED &&
1939 hci_conn_security(conn, sec_level, auth_type))
1940 pairing_complete(cmd, 0);
1941
1942 err = 0;
1943
1944unlock:
09fd0de5 1945 hci_dev_unlock(hdev);
e9a416b5
JH		 1946 return err;
1947}
1948
bdb6d971 1949static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev,
0f4e68cf 1950 void *data, u16 len)
28424707 1951{
0f4e68cf 1952 struct mgmt_addr_info *addr = data;
28424707
JH		 1953 struct pending_cmd *cmd;
1954 struct hci_conn *conn;
1955 int err;
1956
1957 BT_DBG("");
1958
28424707
JH		 1959 hci_dev_lock(hdev);
1960
5f97c1df 1961 if (!hdev_is_powered(hdev)) {
bdb6d971 1962 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
5f97c1df
JH		 1963 MGMT_STATUS_NOT_POWERED);
1964 goto unlock;
1965 }
1966
28424707
JH		 1967 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1968 if (!cmd) {
bdb6d971 1969 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
28424707
JH		 1970 MGMT_STATUS_INVALID_PARAMS);
1971 goto unlock;
1972 }
1973
1974 conn = cmd->user_data;
1975
1976 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1977 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
28424707
JH		 1978 MGMT_STATUS_INVALID_PARAMS);
1979 goto unlock;
1980 }
1981
1982 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1983
bdb6d971
JH		 1984 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1985 addr, sizeof(*addr));
28424707
JH		 1986unlock:
1987 hci_dev_unlock(hdev);
28424707
JH		 1988 return err;
1989}
1990
bdb6d971
JH		 1991static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1992 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
1993 u16 hci_op, __le32 passkey)
a5c29683 1994{
a5c29683 1995 struct pending_cmd *cmd;
0df4c185 1996 struct hci_conn *conn;
a5c29683
JH		 1997 int err;
1998
09fd0de5 1999 hci_dev_lock(hdev);
08ba5382 2000
4b34ee78 2001 if (!hdev_is_powered(hdev)) {
bdb6d971
JH		 2002 err = cmd_status(sk, hdev->id, mgmt_op,
2003 MGMT_STATUS_NOT_POWERED);
0df4c185 2004 goto done;
a5c29683
JH		 2005 }
2006
272d90df
JH		 2007 if (type == MGMT_ADDR_BREDR)
2008 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2009 else
47c15e2b 2010 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2011
2012 if (!conn) {
bdb6d971 2013 err = cmd_status(sk, hdev->id, mgmt_op,
47c15e2b 2014 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2015 goto done;
2016 }
47c15e2b 2017
272d90df 2018 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2019 /* Continue with pairing via SMP */
5fe57d9e
BG		 2020 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2021
2022 if (!err)
bdb6d971 2023 err = cmd_status(sk, hdev->id, mgmt_op,
5fe57d9e
BG		 2024 MGMT_STATUS_SUCCESS);
2025 else
bdb6d971 2026 err = cmd_status(sk, hdev->id, mgmt_op,
5fe57d9e 2027 MGMT_STATUS_FAILED);
47c15e2b 2028
47c15e2b
BG		 2029 goto done;
2030 }
2031
0df4c185 2032 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2033 if (!cmd) {
2034 err = -ENOMEM;
0df4c185 2035 goto done;
a5c29683
JH		 2036 }
2037
0df4c185 2038 /* Continue with pairing via HCI */
604086b7
BG		 2039 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2040 struct hci_cp_user_passkey_reply cp;
2041
2042 bacpy(&cp.bdaddr, bdaddr);
2043 cp.passkey = passkey;
2044 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2045 } else
2046 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2047
a664b5bc
JH		 2048 if (err < 0)
2049 mgmt_pending_remove(cmd);
a5c29683 2050
0df4c185 2051done:
09fd0de5 2052 hci_dev_unlock(hdev);
a5c29683
JH		 2053 return err;
2054}
2055
bdb6d971
JH		 2056static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev,
2057 void *data, u16 len)
0df4c185 2058{
650f726d 2059 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2060
2061 BT_DBG("");
2062
2063 if (len != sizeof(*cp))
bdb6d971 2064 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
0df4c185
BG		 2065 MGMT_STATUS_INVALID_PARAMS);
2066
bdb6d971 2067 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2068 MGMT_OP_USER_CONFIRM_REPLY,
2069 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2070}
2071
bdb6d971
JH		 2072static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2073 void *data, u16 len)
0df4c185 2074{
c9c2659f 2075 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2076
2077 BT_DBG("");
2078
bdb6d971 2079 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2080 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2081 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2082}
2083
bdb6d971
JH		 2084static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev,
2085 void *data, u16 len)
604086b7 2086{
650f726d 2087 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2088
2089 BT_DBG("");
2090
bdb6d971 2091 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2092 MGMT_OP_USER_PASSKEY_REPLY,
2093 HCI_OP_USER_PASSKEY_REPLY,
2094 cp->passkey);
604086b7
BG		 2095}
2096
bdb6d971
JH		 2097static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2098 void *data, u16 len)
604086b7 2099{
650f726d 2100 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2101
2102 BT_DBG("");
2103
bdb6d971 2104 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2105 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2106 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2107}
2108
bdb6d971 2109static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
b312b161
JH		 2110 u16 len)
2111{
650f726d 2112 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161 2113 struct hci_cp_write_local_name hci_cp;
b312b161
JH		 2114 struct pending_cmd *cmd;
2115 int err;
2116
2117 BT_DBG("");
2118
09fd0de5 2119 hci_dev_lock(hdev);
b312b161 2120
28cc7bde
JH		 2121 memcpy(hdev->short_name, mgmt_cp->short_name,
2122 sizeof(hdev->short_name));
2123
b5235a65 2124 if (!hdev_is_powered(hdev)) {
28cc7bde
JH		 2125 memcpy(hdev->dev_name, mgmt_cp->name, sizeof(hdev->dev_name));
2126
2127 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2128 data, len);
2129 if (err < 0)
2130 goto failed;
2131
2132 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2133 sk);
2134
b5235a65
JH		 2135 goto failed;
2136 }
2137
28cc7bde 2138 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2139 if (!cmd) {
2140 err = -ENOMEM;
2141 goto failed;
2142 }
2143
2144 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2145 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2146 &hci_cp);
2147 if (err < 0)
2148 mgmt_pending_remove(cmd);
2149
2150failed:
09fd0de5 2151 hci_dev_unlock(hdev);
b312b161
JH		 2152 return err;
2153}
2154
0f4e68cf
JH		 2155static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2156 void *data, u16 data_len)
c35938b2 2157{
c35938b2
SJ		 2158 struct pending_cmd *cmd;
2159 int err;
2160
bdb6d971 2161 BT_DBG("%s", hdev->name);
c35938b2 2162
09fd0de5 2163 hci_dev_lock(hdev);
c35938b2 2164
4b34ee78 2165 if (!hdev_is_powered(hdev)) {
bdb6d971 2166 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2167 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2168 goto unlock;
2169 }
2170
2171 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2172 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2173 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2174 goto unlock;
2175 }
2176
2e58ef3e 2177 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2178 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2179 MGMT_STATUS_BUSY);
c35938b2
SJ		 2180 goto unlock;
2181 }
2182
2e58ef3e 2183 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2184 if (!cmd) {
2185 err = -ENOMEM;
2186 goto unlock;
2187 }
2188
2189 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2190 if (err < 0)
2191 mgmt_pending_remove(cmd);
2192
2193unlock:
09fd0de5 2194 hci_dev_unlock(hdev);
c35938b2
SJ		 2195 return err;
2196}
2197
bdb6d971
JH		 2198static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2199 void *data, u16 len)
2763eda6 2200{
650f726d 2201 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2202 u8 status;
2763eda6
SJ		 2203 int err;
2204
bdb6d971 2205 BT_DBG("%s ", hdev->name);
2763eda6 2206
09fd0de5 2207 hci_dev_lock(hdev);
2763eda6 2208
5f97c1df 2209 if (!hdev_is_powered(hdev)) {
bdb6d971 2210 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5f97c1df
JH		 2211 MGMT_STATUS_NOT_POWERED,
2212 &cp->addr, sizeof(cp->addr));
2213 goto unlock;
2214 }
2215
664ce4cc 2216 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2217 cp->randomizer);
2218 if (err < 0)
bf1e3541 2219 status = MGMT_STATUS_FAILED;
2763eda6 2220 else
bf1e3541
JH		 2221 status = 0;
2222
bdb6d971 2223 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
bf1e3541 2224 &cp->addr, sizeof(cp->addr));
2763eda6 2225
5f97c1df 2226unlock:
09fd0de5 2227 hci_dev_unlock(hdev);
2763eda6
SJ		 2228 return err;
2229}
2230
bdb6d971 2231static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2232 void *data, u16 len)
2763eda6 2233{
650f726d 2234 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2235 u8 status;
2763eda6
SJ		 2236 int err;
2237
bdb6d971 2238 BT_DBG("%s", hdev->name);
2763eda6 2239
09fd0de5 2240 hci_dev_lock(hdev);
2763eda6 2241
5f97c1df 2242 if (!hdev_is_powered(hdev)) {
bdb6d971
JH		 2243 err = cmd_complete(sk, hdev->id,
2244 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2245 MGMT_STATUS_NOT_POWERED,
2246 &cp->addr, sizeof(cp->addr));
5f97c1df
JH		 2247 goto unlock;
2248 }
2249
664ce4cc 2250 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2251 if (err < 0)
bf1e3541 2252 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2253 else
bf1e3541
JH		 2254 status = 0;
2255
bdb6d971
JH		 2256 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2257 status, &cp->addr, sizeof(cp->addr));
2763eda6 2258
5f97c1df 2259unlock:
09fd0de5 2260 hci_dev_unlock(hdev);
2763eda6
SJ		 2261 return err;
2262}
2263
5e0452c0
AG		 2264int mgmt_interleaved_discovery(struct hci_dev *hdev)
2265{
2266 int err;
2267
2268 BT_DBG("%s", hdev->name);
2269
2270 hci_dev_lock(hdev);
2271
2272 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2273 if (err < 0)
2274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2275
2276 hci_dev_unlock(hdev);
2277
2278 return err;
2279}
2280
bdb6d971 2281static int start_discovery(struct sock *sk, struct hci_dev *hdev,
650f726d 2282 void *data, u16 len)
14a53664 2283{
650f726d 2284 struct mgmt_cp_start_discovery *cp = data;
14a53664 2285 struct pending_cmd *cmd;
14a53664
JH		 2286 int err;
2287
bdb6d971 2288 BT_DBG("%s", hdev->name);
14a53664 2289
09fd0de5 2290 hci_dev_lock(hdev);
14a53664 2291
4b34ee78 2292 if (!hdev_is_powered(hdev)) {
bdb6d971 2293 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
ca69b795 2294 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2295 goto failed;
2296 }
2297
ff9ef578 2298 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971
JH		 2299 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2300 MGMT_STATUS_BUSY);
ff9ef578
JH		 2301 goto failed;
2302 }
2303
2e58ef3e 2304 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2305 if (!cmd) {
2306 err = -ENOMEM;
2307 goto failed;
2308 }
2309
4aab14e5
AG		 2310 hdev->discovery.type = cp->type;
2311
2312 switch (hdev->discovery.type) {
f39799f5 2313 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2314 if (lmp_bredr_capable(hdev))
2315 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2316 else
2317 err = -ENOTSUPP;
f39799f5
AG		 2318 break;
2319
2320 case DISCOV_TYPE_LE:
8b90129c
AG		 2321 if (lmp_host_le_capable(hdev))
2322 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
3fd24153 2323 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2324 else
2325 err = -ENOTSUPP;
f39799f5
AG		 2326 break;
2327
5e0452c0 2328 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2329 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2330 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2331 LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE);
2332 else
2333 err = -ENOTSUPP;
5e0452c0
AG		 2334 break;
2335
f39799f5 2336 default:
3fd24153 2337 err = -EINVAL;
f39799f5 2338 }
3fd24153 2339
14a53664
JH		 2340 if (err < 0)
2341 mgmt_pending_remove(cmd);
ff9ef578
JH		 2342 else
2343 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2344
2345failed:
09fd0de5 2346 hci_dev_unlock(hdev);
14a53664
JH		 2347 return err;
2348}
2349
bdb6d971
JH		 2350static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2351 u16 len)
14a53664 2352{
d930650b 2353 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2354 struct pending_cmd *cmd;
30dc78e1
JH		 2355 struct hci_cp_remote_name_req_cancel cp;
2356 struct inquiry_entry *e;
14a53664
JH		 2357 int err;
2358
bdb6d971 2359 BT_DBG("%s", hdev->name);
14a53664 2360
09fd0de5 2361 hci_dev_lock(hdev);
14a53664 2362
30dc78e1 2363 if (!hci_discovery_active(hdev)) {
bdb6d971 2364 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
d930650b
JH		 2365 MGMT_STATUS_REJECTED,
2366 &mgmt_cp->type, sizeof(mgmt_cp->type));
2367 goto unlock;
2368 }
2369
2370 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2371 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
d930650b
JH		 2372 MGMT_STATUS_INVALID_PARAMS,
2373 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2374 goto unlock;
ff9ef578
JH		 2375 }
2376
2e58ef3e 2377 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2378 if (!cmd) {
2379 err = -ENOMEM;
30dc78e1
JH		 2380 goto unlock;
2381 }
2382
343f935b 2383 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2384 err = hci_cancel_inquiry(hdev);
2385 if (err < 0)
2386 mgmt_pending_remove(cmd);
2387 else
2388 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2389 goto unlock;
2390 }
2391
2392 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2393 if (!e) {
2394 mgmt_pending_remove(cmd);
bdb6d971 2395 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2396 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2397 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2398 goto unlock;
14a53664
JH		 2399 }
2400
30dc78e1
JH		 2401 bacpy(&cp.bdaddr, &e->data.bdaddr);
2402 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2403 sizeof(cp), &cp);
14a53664
JH		 2404 if (err < 0)
2405 mgmt_pending_remove(cmd);
ff9ef578
JH		 2406 else
2407 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2408
30dc78e1 2409unlock:
09fd0de5 2410 hci_dev_unlock(hdev);
14a53664
JH		 2411 return err;
2412}
2413
bdb6d971
JH		 2414static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2415 u16 len)
561aafbc 2416{
650f726d 2417 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2418 struct inquiry_entry *e;
561aafbc
JH		 2419 int err;
2420
bdb6d971 2421 BT_DBG("%s", hdev->name);
561aafbc 2422
561aafbc
JH		 2423 hci_dev_lock(hdev);
2424
30dc78e1 2425 if (!hci_discovery_active(hdev)) {
bdb6d971 2426 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
30dc78e1
JH		 2427 MGMT_STATUS_FAILED);
2428 goto failed;
2429 }
2430
a198e7b1 2431 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2432 if (!e) {
bdb6d971
JH		 2433 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2434 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2435 goto failed;
2436 }
2437
2438 if (cp->name_known) {
2439 e->name_state = NAME_KNOWN;
2440 list_del(&e->list);
2441 } else {
2442 e->name_state = NAME_NEEDED;
a3d4e20a 2443 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2444 }
2445
2446 err = 0;
2447
2448failed:
2449 hci_dev_unlock(hdev);
561aafbc
JH		 2450 return err;
2451}
2452
bdb6d971
JH		 2453static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2454 u16 len)
7fbec224 2455{
650f726d 2456 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2457 u8 status;
7fbec224
AJ		 2458 int err;
2459
bdb6d971 2460 BT_DBG("%s", hdev->name);
7fbec224 2461
09fd0de5 2462 hci_dev_lock(hdev);
5e762444 2463
88c1fe4b 2464 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2465 if (err < 0)
f0eeea8b 2466 status = MGMT_STATUS_FAILED;
7fbec224 2467 else
f0eeea8b
JH		 2468 status = 0;
2469
bdb6d971 2470 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
f0eeea8b 2471 &cp->addr, sizeof(cp->addr));
5e762444 2472
09fd0de5 2473 hci_dev_unlock(hdev);
7fbec224
AJ		 2474
2475 return err;
2476}
2477
bdb6d971
JH		 2478static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2479 u16 len)
7fbec224 2480{
650f726d 2481 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2482 u8 status;
7fbec224
AJ		 2483 int err;
2484
bdb6d971 2485 BT_DBG("%s", hdev->name);
7fbec224 2486
09fd0de5 2487 hci_dev_lock(hdev);
5e762444 2488
88c1fe4b 2489 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2490 if (err < 0)
f0eeea8b 2491 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2492 else
f0eeea8b
JH		 2493 status = 0;
2494
bdb6d971 2495 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
f0eeea8b 2496 &cp->addr, sizeof(cp->addr));
5e762444 2497
09fd0de5 2498 hci_dev_unlock(hdev);
7fbec224
AJ		 2499
2500 return err;
2501}
2502
bdb6d971
JH		 2503static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2504 void *data, u16 len)
f6422ec6 2505{
650f726d 2506 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2507 struct hci_cp_write_page_scan_activity acp;
2508 u8 type;
2509 int err;
2510
bdb6d971 2511 BT_DBG("%s", hdev->name);
f6422ec6 2512
5400c044 2513 if (!hdev_is_powered(hdev))
bdb6d971 2514 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5400c044
JH		 2515 MGMT_STATUS_NOT_POWERED);
2516
2517 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971
JH		 2518 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2519 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2520
2521 hci_dev_lock(hdev);
2522
f7c6869c 2523 if (cp->val) {
f6422ec6
AJ		 2524 type = PAGE_SCAN_TYPE_INTERLACED;
2525 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2526 } else {
2527 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2528 acp.interval = 0x0800; /* default 1.28 sec page scan */
2529 }
2530
2531 acp.window = 0x0012; /* default 11.25 msec page scan window */
2532
2533 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2534 sizeof(acp), &acp);
2535 if (err < 0) {
bdb6d971
JH		 2536 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2537 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2538 goto done;
2539 }
2540
2541 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2542 if (err < 0) {
bdb6d971
JH		 2543 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2544 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2545 goto done;
2546 }
2547
bdb6d971 2548 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
aee9b218 2549 NULL, 0);
f6422ec6
AJ		 2550done:
2551 hci_dev_unlock(hdev);
f6422ec6
AJ		 2552 return err;
2553}
2554
bdb6d971 2555static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
346af67b
VCG		 2556 void *cp_data, u16 len)
2557{
346af67b
VCG		 2558 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2559 u16 key_count, expected_len;
2560 int i;
2561
346af67b
VCG		 2562 key_count = get_unaligned_le16(&cp->key_count);
2563
2564 expected_len = sizeof(*cp) + key_count *
2565 sizeof(struct mgmt_ltk_info);
2566 if (expected_len != len) {
2567 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2568 len, expected_len);
bdb6d971 2569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
346af67b
VCG		 2570 EINVAL);
2571 }
2572
bdb6d971 2573 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2574
2575 hci_dev_lock(hdev);
2576
2577 hci_smp_ltks_clear(hdev);
2578
2579 for (i = 0; i < key_count; i++) {
2580 struct mgmt_ltk_info *key = &cp->keys[i];
2581 u8 type;
2582
2583 if (key->master)
2584 type = HCI_SMP_LTK;
2585 else
2586 type = HCI_SMP_LTK_SLAVE;
2587
2588 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2589 type, 0, key->authenticated, key->val,
2590 key->enc_size, key->ediv, key->rand);
2591 }
2592
2593 hci_dev_unlock(hdev);
346af67b
VCG		 2594
2595 return 0;
2596}
2597
0f4e68cf
JH		 2598struct mgmt_handler {
2599 int (*func) (struct sock *sk, struct hci_dev *hdev,
2600 void *data, u16 data_len);
be22b54e
JH		 2601 bool var_len;
2602 size_t data_len;
0f4e68cf
JH		 2603} mgmt_handlers[] = {
2604 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2605 { read_version, false, MGMT_READ_VERSION_SIZE },
2606 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2607 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2608 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2609 { set_powered, false, MGMT_SETTING_SIZE },
2610 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2611 { set_connectable, false, MGMT_SETTING_SIZE },
2612 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2613 { set_pairable, false, MGMT_SETTING_SIZE },
2614 { set_link_security, false, MGMT_SETTING_SIZE },
2615 { set_ssp, false, MGMT_SETTING_SIZE },
2616 { set_hs, false, MGMT_SETTING_SIZE },
2617 { set_le, false, MGMT_SETTING_SIZE },
2618 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2619 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2620 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2621 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2622 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2623 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2624 { disconnect, false, MGMT_DISCONNECT_SIZE },
2625 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2626 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2627 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2628 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2629 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2630 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2631 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2632 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2633 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2634 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2635 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2636 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2637 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2638 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2639 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2640 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2641 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2642 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2643 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
0f4e68cf
JH		 2644};
2645
2646
0381101f
JH		 2647int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2648{
650f726d
VCG		 2649 void *buf;
2650 u8 *cp;
0381101f 2651 struct mgmt_hdr *hdr;
4e51eae9 2652 u16 opcode, index, len;
bdb6d971 2653 struct hci_dev *hdev = NULL;
be22b54e 2654 struct mgmt_handler *handler;
0381101f
JH		 2655 int err;
2656
2657 BT_DBG("got %zu bytes", msglen);
2658
2659 if (msglen < sizeof(*hdr))
2660 return -EINVAL;
2661
e63a15ec 2662 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2663 if (!buf)
2664 return -ENOMEM;
2665
2666 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2667 err = -EFAULT;
2668 goto done;
2669 }
2670
650f726d 2671 hdr = buf;
0381101f 2672 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2673 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2674 len = get_unaligned_le16(&hdr->len);
2675
2676 if (len != msglen - sizeof(*hdr)) {
2677 err = -EINVAL;
2678 goto done;
2679 }
2680
0f4e68cf 2681 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2682 hdev = hci_dev_get(index);
2683 if (!hdev) {
2684 err = cmd_status(sk, index, opcode,
5f159032 2685 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2686 goto done;
2687 }
2688 }
2689
0f4e68cf
JH		 2690 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2691 mgmt_handlers[opcode].func == NULL) {
0381101f 2692 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2693 err = cmd_status(sk, index, opcode,
2694 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2695 goto done;
2696 }
2697
2698 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2699 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2700 err = cmd_status(sk, index, opcode,
5f159032 2701 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2702 goto done;
0381101f
JH		 2703 }
2704
be22b54e
JH		 2705 handler = &mgmt_handlers[opcode];
2706
2707 if ((handler->var_len && len < handler->data_len) ||
2708 (!handler->var_len && len != handler->data_len)) {
2709 err = cmd_status(sk, index, opcode,
2710 MGMT_STATUS_INVALID_PARAMS);
2711 goto done;
2712 }
2713
0f4e68cf
JH		 2714 if (hdev)
2715 mgmt_init_hdev(sk, hdev);
2716
2717 cp = buf + sizeof(*hdr);
2718
be22b54e 2719 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2720 if (err < 0)
2721 goto done;
2722
0381101f
JH		 2723 err = msglen;
2724
2725done:
bdb6d971
JH		 2726 if (hdev)
2727 hci_dev_put(hdev);
2728
0381101f
JH		 2729 kfree(buf);
2730 return err;
2731}
c71e97bf 2732
b24752fe
JH		 2733static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2734{
2735 u8 *status = data;
2736
2737 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2738 mgmt_pending_remove(cmd);
2739}
2740
744cf19e 2741int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2742{
744cf19e 2743 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2744}
2745
744cf19e 2746int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2747{
5f159032 2748 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2749
744cf19e 2750 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2751
744cf19e 2752 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2753}
2754
73f22f62 2755struct cmd_lookup {
eec8d2bc 2756 struct sock *sk;
69ab39ea 2757 struct hci_dev *hdev;
90e70454 2758 u8 mgmt_status;
eec8d2bc
JH		 2759};
2760
69ab39ea 2761static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2762{
73f22f62 2763 struct cmd_lookup *match = data;
eec8d2bc 2764
69ab39ea 2765 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2766
2767 list_del(&cmd->list);
2768
2769 if (match->sk == NULL) {
2770 match->sk = cmd->sk;
2771 sock_hold(match->sk);
2772 }
2773
2774 mgmt_pending_free(cmd);
c71e97bf 2775}
5add6af8 2776
744cf19e 2777int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2778{
76a7f3a4 2779 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2780 int err;
5add6af8 2781
5e5282bb
JH		 2782 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2783 return 0;
2784
69ab39ea 2785 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2786
5e5282bb
JH		 2787 if (powered) {
2788 u8 scan = 0;
2789
2790 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2791 scan |= SCAN_PAGE;
2792 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2793 scan |= SCAN_INQUIRY;
2794
2795 if (scan)
2796 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2797
2798 update_class(hdev);
2799 update_eir(hdev);
5e5282bb 2800 } else {
d4f68526 2801 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2802 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2803 }
2804
beadb2bd 2805 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2806
2807 if (match.sk)
2808 sock_put(match.sk);
2809
7bb895d6 2810 return err;
5add6af8 2811}
73f22f62 2812
744cf19e 2813int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2814{
76a7f3a4 2815 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2816 bool changed = false;
2817 int err = 0;
73f22f62 2818
5e5282bb
JH		 2819 if (discoverable) {
2820 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2821 changed = true;
2822 } else {
2823 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2824 changed = true;
2825 }
73f22f62 2826
ed9b5f2f
JH		 2827 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2828 &match);
2829
beadb2bd
JH		 2830 if (changed)
2831 err = new_settings(hdev, match.sk);
5e5282bb 2832
73f22f62
JH		 2833 if (match.sk)
2834 sock_put(match.sk);
2835
7bb895d6 2836 return err;
73f22f62 2837}
9fbcbb45 2838
744cf19e 2839int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2840{
76a7f3a4 2841 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2842 bool changed = false;
2843 int err = 0;
9fbcbb45 2844
5e5282bb
JH		 2845 if (connectable) {
2846 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2847 changed = true;
2848 } else {
2849 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2850 changed = true;
2851 }
9fbcbb45 2852
ed9b5f2f
JH		 2853 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2854 &match);
2855
beadb2bd
JH		 2856 if (changed)
2857 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2858
2859 if (match.sk)
2860 sock_put(match.sk);
2861
7bb895d6 2862 return err;
9fbcbb45 2863}
55ed8ca1 2864
744cf19e 2865int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2866{
ca69b795
JH		 2867 u8 mgmt_err = mgmt_status(status);
2868
2d7cee58 2869 if (scan & SCAN_PAGE)
744cf19e 2870 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2871 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2872
2873 if (scan & SCAN_INQUIRY)
744cf19e 2874 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2875 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2876
2877 return 0;
2878}
2879
744cf19e
JH		 2880int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2881 u8 persistent)
55ed8ca1 2882{
86742e1e 2883 struct mgmt_ev_new_link_key ev;
55ed8ca1 2884
a492cd52 2885 memset(&ev, 0, sizeof(ev));
55ed8ca1 2886
a492cd52 2887 ev.store_hint = persistent;
d753fdc4
JH		 2888 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2889 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2890 ev.key.type = key->type;
2891 memcpy(ev.key.val, key->val, 16);
2892 ev.key.pin_len = key->pin_len;
55ed8ca1 2893
744cf19e 2894 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2895}
f7520543 2896
346af67b
VCG		 2897int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2898{
2899 struct mgmt_ev_new_long_term_key ev;
2900
2901 memset(&ev, 0, sizeof(ev));
2902
2903 ev.store_hint = persistent;
2904 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2905 ev.key.addr.type = key->bdaddr_type;
2906 ev.key.authenticated = key->authenticated;
2907 ev.key.enc_size = key->enc_size;
2908 ev.key.ediv = key->ediv;
2909
2910 if (key->type == HCI_SMP_LTK)
2911 ev.key.master = 1;
2912
2913 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2914 memcpy(ev.key.val, key->val, sizeof(key->val));
2915
2916 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2917 &ev, sizeof(ev), NULL);
2918}
2919
afc747a6 2920int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
08c79b61
JH		 2921 u8 addr_type, u32 flags, u8 *name,
2922 u8 name_len, u8 *dev_class)
f7520543 2923{
b644ba33
JH		 2924 char buf[512];
2925 struct mgmt_ev_device_connected *ev = (void *) buf;
2926 u16 eir_len = 0;
f7520543 2927
b644ba33
JH		 2928 bacpy(&ev->addr.bdaddr, bdaddr);
2929 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2930
c95f0ba7 2931 ev->flags = __cpu_to_le32(flags);
08c79b61 2932
b644ba33
JH		 2933 if (name_len > 0)
2934 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2935 name, name_len);
2936
2937 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2938 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2939 EIR_CLASS_OF_DEV, dev_class, 3);
2940
2941 put_unaligned_le16(eir_len, &ev->eir_len);
2942
2943 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2944 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2945}
2946
8962ee74
JH		 2947static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2948{
c68fb7ff 2949 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2950 struct sock **sk = data;
a38528f1 2951 struct mgmt_rp_disconnect rp;
8962ee74 2952
88c3df13
JH		 2953 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2954 rp.addr.type = cp->addr.type;
8962ee74 2955
aee9b218
JH		 2956 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2957 sizeof(rp));
8962ee74
JH		 2958
2959 *sk = cmd->sk;
2960 sock_hold(*sk);
2961
a664b5bc 2962 mgmt_pending_remove(cmd);
8962ee74
JH		 2963}
2964
124f6e35 2965static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 2966{
b1078ad0 2967 struct hci_dev *hdev = data;
124f6e35
JH		 2968 struct mgmt_cp_unpair_device *cp = cmd->param;
2969 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2970
2971 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2972 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2973 rp.addr.type = cp->addr.type;
a8a1d19e 2974
b1078ad0
JH		 2975 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2976
aee9b218 2977 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 2978
2979 mgmt_pending_remove(cmd);
2980}
2981
afc747a6
JH		 2982int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2983 u8 link_type, u8 addr_type)
f7520543 2984{
4c659c39 2985 struct mgmt_addr_info ev;
8962ee74
JH		 2986 struct sock *sk = NULL;
2987 int err;
2988
744cf19e 2989 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2990
f7520543 2991 bacpy(&ev.bdaddr, bdaddr);
48264f06 2992 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2993
afc747a6
JH		 2994 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2995 sk);
8962ee74
JH		 2996
2997 if (sk)
2998 sock_put(sk);
2999
124f6e35 3000 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3001 hdev);
a8a1d19e 3002
8962ee74
JH		 3003 return err;
3004}
3005
88c3df13
JH		 3006int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3007 u8 link_type, u8 addr_type, u8 status)
8962ee74 3008{
88c3df13 3009 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3010 struct pending_cmd *cmd;
3011 int err;
3012
2e58ef3e 3013 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3014 if (!cmd)
3015 return -ENOENT;
3016
88c3df13
JH		 3017 bacpy(&rp.addr.bdaddr, bdaddr);
3018 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3019
88c3df13 3020 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3021 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3022
a664b5bc 3023 mgmt_pending_remove(cmd);
8962ee74 3024
b1078ad0
JH		 3025 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3026 hdev);
8962ee74 3027 return err;
f7520543 3028}
17d5c04c 3029
48264f06
JH		 3030int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3031 u8 addr_type, u8 status)
17d5c04c
JH		 3032{
3033 struct mgmt_ev_connect_failed ev;
3034
4c659c39 3035 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3036 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3037 ev.status = mgmt_status(status);
17d5c04c 3038
744cf19e 3039 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3040}
980e1a53 3041
744cf19e 3042int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3043{
3044 struct mgmt_ev_pin_code_request ev;
3045
d8457698
JH		 3046 bacpy(&ev.addr.bdaddr, bdaddr);
3047 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3048 ev.secure = secure;
980e1a53 3049
744cf19e 3050 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3051 NULL);
980e1a53
JH		 3052}
3053
744cf19e
JH		 3054int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3055 u8 status)
980e1a53
JH		 3056{
3057 struct pending_cmd *cmd;
ac56fb13 3058 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3059 int err;
3060
2e58ef3e 3061 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3062 if (!cmd)
3063 return -ENOENT;
3064
d8457698
JH		 3065 bacpy(&rp.addr.bdaddr, bdaddr);
3066 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3067
aee9b218
JH		 3068 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3069 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3070
a664b5bc 3071 mgmt_pending_remove(cmd);
980e1a53
JH		 3072
3073 return err;
3074}
3075
744cf19e
JH		 3076int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3077 u8 status)
980e1a53
JH		 3078{
3079 struct pending_cmd *cmd;
ac56fb13 3080 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3081 int err;
3082
2e58ef3e 3083 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3084 if (!cmd)
3085 return -ENOENT;
3086
d8457698
JH		 3087 bacpy(&rp.addr.bdaddr, bdaddr);
3088 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3089
aee9b218
JH		 3090 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3091 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3092
a664b5bc 3093 mgmt_pending_remove(cmd);
980e1a53
JH		 3094
3095 return err;
3096}
a5c29683 3097
744cf19e 3098int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3099 u8 link_type, u8 addr_type, __le32 value,
3100 u8 confirm_hint)
a5c29683
JH		 3101{
3102 struct mgmt_ev_user_confirm_request ev;
3103
744cf19e 3104 BT_DBG("%s", hdev->name);
a5c29683 3105
272d90df
JH		 3106 bacpy(&ev.addr.bdaddr, bdaddr);
3107 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3108 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3109 put_unaligned_le32(value, &ev.value);
3110
744cf19e 3111 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3112 NULL);
a5c29683
JH		 3113}
3114
272d90df
JH		 3115int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3116 u8 link_type, u8 addr_type)
604086b7
BG		 3117{
3118 struct mgmt_ev_user_passkey_request ev;
3119
3120 BT_DBG("%s", hdev->name);
3121
272d90df
JH		 3122 bacpy(&ev.addr.bdaddr, bdaddr);
3123 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3124
3125 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3126 NULL);
3127}
3128
0df4c185 3129static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3130 u8 link_type, u8 addr_type, u8 status,
3131 u8 opcode)
a5c29683
JH		 3132{
3133 struct pending_cmd *cmd;
3134 struct mgmt_rp_user_confirm_reply rp;
3135 int err;
3136
2e58ef3e 3137 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3138 if (!cmd)
3139 return -ENOENT;
3140
272d90df
JH		 3141 bacpy(&rp.addr.bdaddr, bdaddr);
3142 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3143 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3144 &rp, sizeof(rp));
a5c29683 3145
a664b5bc 3146 mgmt_pending_remove(cmd);
a5c29683
JH		 3147
3148 return err;
3149}
3150
744cf19e 3151int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3152 u8 link_type, u8 addr_type, u8 status)
a5c29683 3153{
272d90df
JH		 3154 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3155 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3156}
3157
272d90df
JH		 3158int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3159 u8 link_type, u8 addr_type, u8 status)
a5c29683 3160{
272d90df
JH		 3161 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3162 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3163}
2a611692 3164
604086b7 3165int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3166 u8 link_type, u8 addr_type, u8 status)
604086b7 3167{
272d90df
JH		 3168 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3169 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3170}
3171
272d90df
JH		 3172int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3173 u8 link_type, u8 addr_type, u8 status)
604086b7 3174{
272d90df
JH		 3175 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3176 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3177}
3178
bab73cb6
JH		 3179int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3180 u8 addr_type, u8 status)
2a611692
JH		 3181{
3182 struct mgmt_ev_auth_failed ev;
3183
bab73cb6
JH		 3184 bacpy(&ev.addr.bdaddr, bdaddr);
3185 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3186 ev.status = mgmt_status(status);
2a611692 3187
744cf19e 3188 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3189}
b312b161 3190
33ef95ed
JH		 3191int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3192{
3193 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3194 bool changed = false;
3195 int err = 0;
33ef95ed
JH		 3196
3197 if (status) {
3198 u8 mgmt_err = mgmt_status(status);
3199 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3200 cmd_status_rsp, &mgmt_err);
3201 return 0;
3202 }
3203
47990ea0
JH		 3204 if (test_bit(HCI_AUTH, &hdev->flags)) {
3205 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3206 changed = true;
3207 } else {
3208 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3209 changed = true;
3210 }
3211
33ef95ed
JH		 3212 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3213 &match);
3214
47990ea0
JH		 3215 if (changed)
3216 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3217
3218 if (match.sk)
3219 sock_put(match.sk);
3220
3221 return err;
3222}
3223
cacaf52f
JH		 3224static int clear_eir(struct hci_dev *hdev)
3225{
3226 struct hci_cp_write_eir cp;
3227
3228 if (!(hdev->features[6] & LMP_EXT_INQ))
3229 return 0;
3230
c80da27e
JH		 3231 memset(hdev->eir, 0, sizeof(hdev->eir));
3232
cacaf52f
JH		 3233 memset(&cp, 0, sizeof(cp));
3234
3235 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3236}
3237
c0ecddc2 3238int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3239{
3240 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3241 bool changed = false;
3242 int err = 0;
ed2c4ee3
JH		 3243
3244 if (status) {
3245 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3246
3247 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3248 &hdev->dev_flags))
3249 err = new_settings(hdev, NULL);
3250
ed2c4ee3
JH		 3251 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3252 cmd_status_rsp, &mgmt_err);
c0ecddc2
JH		 3253
3254 return err;
3255 }
3256
3257 if (enable) {
3258 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3259 changed = true;
3260 } else {
3261 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3262 changed = true;
ed2c4ee3
JH		 3263 }
3264
3265 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3266
c0ecddc2
JH		 3267 if (changed)
3268 err = new_settings(hdev, match.sk);
ed2c4ee3 3269
5fc6ebb1 3270 if (match.sk)
ed2c4ee3
JH		 3271 sock_put(match.sk);
3272
5fc6ebb1
JH		 3273 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3274 update_eir(hdev);
3275 else
3276 clear_eir(hdev);
cacaf52f 3277
ed2c4ee3
JH		 3278 return err;
3279}
3280
90e70454
JH		 3281static void class_rsp(struct pending_cmd *cmd, void *data)
3282{
3283 struct cmd_lookup *match = data;
3284
3285 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3286 match->hdev->dev_class, 3);
3287
3288 list_del(&cmd->list);
3289
3290 if (match->sk == NULL) {
3291 match->sk = cmd->sk;
3292 sock_hold(match->sk);
3293 }
3294
3295 mgmt_pending_free(cmd);
3296}
3297
7f9a903c
MH		 3298int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3299 u8 status)
3300{
90e70454
JH		 3301 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3302 int err = 0;
7f9a903c 3303
c95f0ba7
JH		 3304 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3305
90e70454
JH		 3306 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3307 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3308 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3309
3310 if (!status)
3311 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3312 dev_class, 3, NULL);
3313
3314 if (match.sk)
3315 sock_put(match.sk);
7f9a903c
MH		 3316
3317 return err;
3318}
3319
744cf19e 3320int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3321{
3322 struct pending_cmd *cmd;
3323 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3324 bool changed = false;
3325 int err = 0;
3326
3327 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3328 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3329 changed = true;
3330 }
b312b161
JH		 3331
3332 memset(&ev, 0, sizeof(ev));
3333 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3334 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3335
2e58ef3e 3336 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3337 if (!cmd)
3338 goto send_event;
3339
7bdaae4a
JH		 3340 /* Always assume that either the short or the complete name has
3341 * changed if there was a pending mgmt command */
3342 changed = true;
3343
b312b161 3344 if (status) {
744cf19e 3345 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3346 mgmt_status(status));
b312b161
JH		 3347 goto failed;
3348 }
3349
aee9b218 3350 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3351 sizeof(ev));
3352 if (err < 0)
3353 goto failed;
3354
3355send_event:
28cc7bde
JH		 3356 if (changed)
3357 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3358 sizeof(ev), cmd ? cmd->sk : NULL);
3359
f51d5b24 3360 update_eir(hdev);
b312b161
JH		 3361
3362failed:
3363 if (cmd)
3364 mgmt_pending_remove(cmd);
3365 return err;
3366}
c35938b2 3367
744cf19e
JH		 3368int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3369 u8 *randomizer, u8 status)
c35938b2
SJ		 3370{
3371 struct pending_cmd *cmd;
3372 int err;
3373
744cf19e 3374 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3375
2e58ef3e 3376 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3377 if (!cmd)
3378 return -ENOENT;
3379
3380 if (status) {
744cf19e 3381 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3382 MGMT_OP_READ_LOCAL_OOB_DATA,
3383 mgmt_status(status));
c35938b2
SJ		 3384 } else {
3385 struct mgmt_rp_read_local_oob_data rp;
3386
3387 memcpy(rp.hash, hash, sizeof(rp.hash));
3388 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3389
744cf19e
JH		 3390 err = cmd_complete(cmd->sk, hdev->id,
3391 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3392 0, &rp, sizeof(rp));
c35938b2
SJ		 3393 }
3394
3395 mgmt_pending_remove(cmd);
3396
3397 return err;
3398}
e17acd40 3399
06199cf8
JH		 3400int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3401{
3402 struct cmd_lookup match = { NULL, hdev };
3403 bool changed = false;
3404 int err = 0;
3405
3406 if (status) {
3407 u8 mgmt_err = mgmt_status(status);
3408
3409 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3410 &hdev->dev_flags))
3411 err = new_settings(hdev, NULL);
3412
3413 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3414 cmd_status_rsp, &mgmt_err);
3415
3416 return err;
3417 }
3418
3419 if (enable) {
3420 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3421 changed = true;
3422 } else {
3423 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3424 changed = true;
3425 }
3426
3427 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3428
3429 if (changed)
3430 err = new_settings(hdev, match.sk);
3431
3432 if (match.sk)
3433 sock_put(match.sk);
3434
3435 return err;
3436}
3437
48264f06 3438int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3439 u8 addr_type, u8 *dev_class, s8 rssi,
388fc8fa 3440 u8 cfm_name, u8 ssp, u8 *eir, u16 eir_len)
e17acd40 3441{
e319d2e7
JH		 3442 char buf[512];
3443 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3444 size_t ev_size;
e17acd40 3445
1dc06093
JH		 3446 /* Leave 5 bytes for a potential CoD field */
3447 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3448 return -EINVAL;
3449
1dc06093
JH		 3450 memset(buf, 0, sizeof(buf));
3451
e319d2e7
JH		 3452 bacpy(&ev->addr.bdaddr, bdaddr);
3453 ev->addr.type = link_to_mgmt(link_type, addr_type);
3454 ev->rssi = rssi;
9a395a80
JH		 3455 if (cfm_name)
3456 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3457 if (!ssp)
3458 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3459
1dc06093 3460 if (eir_len > 0)
e319d2e7 3461 memcpy(ev->eir, eir, eir_len);
e17acd40 3462
1dc06093
JH		 3463 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3464 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3465 dev_class, 3);
3466
3467 put_unaligned_le16(eir_len, &ev->eir_len);
3468
3469 ev_size = sizeof(*ev) + eir_len;
f8523598 3470
e319d2e7 3471 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3472}
a88a9652 3473
b644ba33
JH		 3474int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3475 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3476{
b644ba33
JH		 3477 struct mgmt_ev_device_found *ev;
3478 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3479 u16 eir_len;
a88a9652 3480
b644ba33 3481 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3482
b644ba33
JH		 3483 memset(buf, 0, sizeof(buf));
3484
3485 bacpy(&ev->addr.bdaddr, bdaddr);
3486 ev->addr.type = link_to_mgmt(link_type, addr_type);
3487 ev->rssi = rssi;
3488
3489 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3490 name_len);
3491
3492 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3493
053c7e0c
JH		 3494 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3495 sizeof(*ev) + eir_len, NULL);
a88a9652 3496}
314b2381 3497
7a135109 3498int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3499{
3500 struct pending_cmd *cmd;
f808e166 3501 u8 type;
164a6e78
JH		 3502 int err;
3503
203159d4
AG		 3504 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3505
2e58ef3e 3506 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3507 if (!cmd)
3508 return -ENOENT;
3509
f808e166
JH		 3510 type = hdev->discovery.type;
3511
3512 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3513 &type, sizeof(type));
164a6e78
JH		 3514 mgmt_pending_remove(cmd);
3515
3516 return err;
3517}
3518
e6d465cb
AG		 3519int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3520{
3521 struct pending_cmd *cmd;
3522 int err;
3523
3524 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3525 if (!cmd)
3526 return -ENOENT;
3527
d930650b
JH		 3528 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3529 &hdev->discovery.type,
3530 sizeof(hdev->discovery.type));
164a6e78
JH		 3531 mgmt_pending_remove(cmd);
3532
3533 return err;
3534}
3535
744cf19e 3536int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3537{
f963e8e9 3538 struct mgmt_ev_discovering ev;
164a6e78
JH		 3539 struct pending_cmd *cmd;
3540
343fb145
AG		 3541 BT_DBG("%s discovering %u", hdev->name, discovering);
3542
164a6e78 3543 if (discovering)
2e58ef3e 3544 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3545 else
2e58ef3e 3546 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3547
3548 if (cmd != NULL) {
f808e166
JH		 3549 u8 type = hdev->discovery.type;
3550
d930650b 3551 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3552 &type, sizeof(type));
164a6e78
JH		 3553 mgmt_pending_remove(cmd);
3554 }
3555
f963e8e9
JH		 3556 memset(&ev, 0, sizeof(ev));
3557 ev.type = hdev->discovery.type;
3558 ev.discovering = discovering;
3559
3560 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3561}
5e762444 3562
88c1fe4b 3563int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3564{
3565 struct pending_cmd *cmd;
3566 struct mgmt_ev_device_blocked ev;
3567
2e58ef3e 3568 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3569
88c1fe4b
JH		 3570 bacpy(&ev.addr.bdaddr, bdaddr);
3571 ev.addr.type = type;
5e762444 3572
744cf19e
JH		 3573 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3574 cmd ? cmd->sk : NULL);
5e762444
AJ		 3575}
3576
88c1fe4b 3577int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3578{
3579 struct pending_cmd *cmd;
3580 struct mgmt_ev_device_unblocked ev;
3581
2e58ef3e 3582 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3583
88c1fe4b
JH		 3584 bacpy(&ev.addr.bdaddr, bdaddr);
3585 ev.addr.type = type;
5e762444 3586
744cf19e
JH		 3587 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3588 cmd ? cmd->sk : NULL);
5e762444 3589}
d7b7e796
MH		 3590
3591module_param(enable_hs, bool, 0644);
3592MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3593
3594module_param(enable_le, bool, 0644);
3595MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux kernel - Deliverables
This page took 0.498172 seconds and 5 git commands to generate.