projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Fix current settings values when powered off
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
56b7d137 267 return err;;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f1f0eb02 395 if (hdev_is_powered(hdev))
f0d4b78a
MH		 396 settings |= MGMT_SETTING_POWERED;
397
5e5282bb 398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 399 settings |= MGMT_SETTING_CONNECTABLE;
400
5e5282bb 401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_DISCOVERABLE;
403
a8b2d5c2 404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
59e29406 410 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 411 settings |= MGMT_SETTING_LE;
412
413 if (test_bit(HCI_AUTH, &hdev->flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
415
84bde9d6 416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_SSP;
418
6d80dfd0
JH		 419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
69ab39ea
JH		 422 return settings;
423}
424
ef580372
JH		 425#define PNP_INFO_SVCLASS_ID 0x1200
426
427static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430};
431
432static u16 get_uuid16(u8 *uuid128)
433{
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 memcpy(&val, &uuid128[12], 4);
443
444 val = le32_to_cpu(val);
445 if (val > 0xffff)
446 return 0;
447
448 return (u16) val;
449}
450
451static void create_eir(struct hci_dev *hdev, u8 *data)
452{
453 u8 *ptr = data;
454 u16 eir_len = 0;
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
458 size_t name_len;
459
460 name_len = strlen(hdev->dev_name);
461
462 if (name_len > 0) {
463 /* EIR Data type */
464 if (name_len > 48) {
465 name_len = 48;
466 ptr[1] = EIR_NAME_SHORT;
467 } else
468 ptr[1] = EIR_NAME_COMPLETE;
469
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
472
473 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
477 }
478
479 memset(uuid16_list, 0, sizeof(uuid16_list));
480
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 u16 uuid16;
484
485 uuid16 = get_uuid16(uuid->uuid);
486 if (uuid16 == 0)
487 return;
488
489 if (uuid16 < 0x1100)
490 continue;
491
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
493 continue;
494
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497 truncated = 1;
498 break;
499 }
500
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
504 break;
505
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
509 }
510 }
511
512 if (uuid16_list[0] != 0) {
513 u8 *length = ptr;
514
515 /* EIR Data type */
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518 ptr += 2;
519 eir_len += 2;
520
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524 }
525
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
528 }
529}
530
531static int update_eir(struct hci_dev *hdev)
532{
533 struct hci_cp_write_eir cp;
534
535 if (!(hdev->features[6] & LMP_EXT_INQ))
536 return 0;
537
84bde9d6 538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 539 return 0;
540
a8b2d5c2 541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
544 memset(&cp, 0, sizeof(cp));
545
546 create_eir(hdev, cp.data);
547
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
549 return 0;
550
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
552
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
554}
555
556static u8 get_service_classes(struct hci_dev *hdev)
557{
558 struct bt_uuid *uuid;
559 u8 val = 0;
560
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
563
564 return val;
565}
566
567static int update_class(struct hci_dev *hdev)
568{
569 u8 cod[3];
570
571 BT_DBG("%s", hdev->name);
572
a8b2d5c2 573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 574 return 0;
575
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
579
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
581 return 0;
582
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
584}
585
7d78525d
JH		 586static void service_cache_off(struct work_struct *work)
587{
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
589 service_cache.work);
590
a8b2d5c2 591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 592 return;
593
594 hci_dev_lock(hdev);
595
596 update_eir(hdev);
597 update_class(hdev);
598
599 hci_dev_unlock(hdev);
600}
601
602static void mgmt_init_hdev(struct hci_dev *hdev)
603{
0cbf4ed6 604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
606
0cbf4ed6
JH		 607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
610 * it
611 */
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
613 }
614
a8b2d5c2 615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
618}
619
4e51eae9 620static int read_controller_info(struct sock *sk, u16 index)
0381101f 621{
a38528f1 622 struct mgmt_rp_read_info rp;
f7b64e69 623 struct hci_dev *hdev;
0381101f 624
4e51eae9 625 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 626
4e51eae9 627 hdev = hci_dev_get(index);
a38528f1 628 if (!hdev)
ca69b795
JH		 629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 631
09fd0de5 632 hci_dev_lock(hdev);
f7b64e69 633
7d78525d
JH		 634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
ebc99feb 636
dc4fe30b
JH		 637 memset(&rp, 0, sizeof(rp));
638
69ab39ea 639 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 640
69ab39ea 641 rp.version = hdev->hci_ver;
f7b64e69 642
69ab39ea
JH		 643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
644
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 647
a38528f1 648 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 649
dc4fe30b
JH		 650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
651
09fd0de5 652 hci_dev_unlock(hdev);
f7b64e69 653 hci_dev_put(hdev);
0381101f 654
aee9b218 655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 656}
657
eec8d2bc
JH		 658static void mgmt_pending_free(struct pending_cmd *cmd)
659{
660 sock_put(cmd->sk);
c68fb7ff 661 kfree(cmd->param);
eec8d2bc
JH		 662 kfree(cmd);
663}
664
366a0336 665static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 666 struct hci_dev *hdev,
667 void *data, u16 len)
eec8d2bc
JH		 668{
669 struct pending_cmd *cmd;
670
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
672 if (!cmd)
366a0336 673 return NULL;
eec8d2bc
JH		 674
675 cmd->opcode = opcode;
2e58ef3e 676 cmd->index = hdev->id;
eec8d2bc 677
c68fb7ff
SJ		 678 cmd->param = kmalloc(len, GFP_ATOMIC);
679 if (!cmd->param) {
eec8d2bc 680 kfree(cmd);
366a0336 681 return NULL;
eec8d2bc
JH		 682 }
683
8fce6357
SJ		 684 if (data)
685 memcpy(cmd->param, data, len);
eec8d2bc
JH		 686
687 cmd->sk = sk;
688 sock_hold(sk);
689
2e58ef3e 690 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 691
366a0336 692 return cmd;
eec8d2bc
JH		 693}
694
744cf19e 695static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 696 void (*cb)(struct pending_cmd *cmd, void *data),
697 void *data)
698{
699 struct list_head *p, *n;
700
2e58ef3e 701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 702 struct pending_cmd *cmd;
703
704 cmd = list_entry(p, struct pending_cmd, list);
705
b24752fe 706 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 707 continue;
708
eec8d2bc
JH		 709 cb(cmd, data);
710 }
711}
712
2e58ef3e 713static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 714{
8035ded4 715 struct pending_cmd *cmd;
eec8d2bc 716
2e58ef3e 717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 718 if (cmd->opcode == opcode)
719 return cmd;
eec8d2bc
JH		 720 }
721
722 return NULL;
723}
724
a664b5bc 725static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 726{
73f22f62
JH		 727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
729}
730
69ab39ea 731static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 732{
69ab39ea 733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 734
aee9b218
JH		 735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
736 sizeof(settings));
8680570b
JH		 737}
738
650f726d 739static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 740{
650f726d 741 struct mgmt_mode *cp = data;
eec8d2bc 742 struct hci_dev *hdev;
366a0336 743 struct pending_cmd *cmd;
4b34ee78 744 int err;
eec8d2bc 745
4e51eae9 746 BT_DBG("request for hci%u", index);
eec8d2bc 747
bdce7baf 748 if (len != sizeof(*cp))
ca69b795
JH		 749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 751
4e51eae9 752 hdev = hci_dev_get(index);
eec8d2bc 753 if (!hdev)
ca69b795
JH		 754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 756
09fd0de5 757 hci_dev_lock(hdev);
eec8d2bc 758
f0d4b78a
MH		 759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
761
762 if (cp->val) {
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
765 goto failed;
766 }
767 }
768
4b34ee78 769 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 771 goto failed;
772 }
773
2e58ef3e 774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
776 MGMT_STATUS_BUSY);
eec8d2bc
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
eec8d2bc 783 goto failed;
366a0336 784 }
eec8d2bc 785
72a734ec 786 if (cp->val)
7f971041 787 schedule_work(&hdev->power_on);
eec8d2bc 788 else
80b7ab33 789 schedule_work(&hdev->power_off.work);
eec8d2bc 790
366a0336 791 err = 0;
eec8d2bc
JH		 792
793failed:
09fd0de5 794 hci_dev_unlock(hdev);
eec8d2bc 795 hci_dev_put(hdev);
366a0336 796 return err;
eec8d2bc
JH		 797}
798
650f726d 799static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 800{
650f726d 801 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 802 struct hci_dev *hdev;
366a0336 803 struct pending_cmd *cmd;
5e5282bb 804 u16 timeout;
73f22f62
JH		 805 u8 scan;
806 int err;
807
4e51eae9 808 BT_DBG("request for hci%u", index);
73f22f62 809
bdce7baf 810 if (len != sizeof(*cp))
ca69b795
JH		 811 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
812 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 813
4e51eae9 814 hdev = hci_dev_get(index);
73f22f62 815 if (!hdev)
ca69b795
JH		 816 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
817 MGMT_STATUS_INVALID_PARAMS);
73f22f62 818
5e5282bb
JH		 819 timeout = get_unaligned_le16(&cp->timeout);
820
09fd0de5 821 hci_dev_lock(hdev);
73f22f62 822
5e5282bb 823 if (!hdev_is_powered(hdev) && timeout > 0) {
ca69b795
JH		 824 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
825 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 826 goto failed;
827 }
828
2e58ef3e
JH		 829 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
830 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 831 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
832 MGMT_STATUS_BUSY);
73f22f62
JH		 833 goto failed;
834 }
835
5e5282bb
JH		 836 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
837 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
838 MGMT_STATUS_REJECTED);
839 goto failed;
840 }
841
842 if (!hdev_is_powered(hdev)) {
843 if (cp->val)
844 set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
845 else
846 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
847 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
848 goto failed;
849 }
850
851 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
69ab39ea 852 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 853 goto failed;
854 }
855
2e58ef3e 856 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 857 if (!cmd) {
858 err = -ENOMEM;
73f22f62 859 goto failed;
366a0336 860 }
73f22f62
JH		 861
862 scan = SCAN_PAGE;
863
72a734ec 864 if (cp->val)
73f22f62 865 scan |= SCAN_INQUIRY;
16ab91ab 866 else
e0f9309f 867 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 868
869 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
870 if (err < 0)
a664b5bc 871 mgmt_pending_remove(cmd);
73f22f62 872
16ab91ab 873 if (cp->val)
5e5282bb 874 hdev->discov_timeout = timeout;
16ab91ab 875
73f22f62 876failed:
09fd0de5 877 hci_dev_unlock(hdev);
73f22f62
JH		 878 hci_dev_put(hdev);
879
880 return err;
881}
882
650f726d 883static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 884{
650f726d 885 struct mgmt_mode *cp = data;
9fbcbb45 886 struct hci_dev *hdev;
366a0336 887 struct pending_cmd *cmd;
9fbcbb45
JH		 888 u8 scan;
889 int err;
890
4e51eae9 891 BT_DBG("request for hci%u", index);
9fbcbb45 892
bdce7baf 893 if (len != sizeof(*cp))
ca69b795
JH		 894 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
895 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 896
4e51eae9 897 hdev = hci_dev_get(index);
9fbcbb45 898 if (!hdev)
ca69b795
JH		 899 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
900 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 901
09fd0de5 902 hci_dev_lock(hdev);
9fbcbb45 903
4b34ee78 904 if (!hdev_is_powered(hdev)) {
5e5282bb
JH		 905 if (cp->val)
906 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
907 else {
908 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
909 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
910 }
911 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 912 goto failed;
913 }
914
2e58ef3e
JH		 915 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
916 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 917 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
918 MGMT_STATUS_BUSY);
9fbcbb45
JH		 919 goto failed;
920 }
921
5e5282bb 922 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 923 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 924 goto failed;
925 }
926
2e58ef3e 927 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 928 if (!cmd) {
929 err = -ENOMEM;
9fbcbb45 930 goto failed;
366a0336 931 }
9fbcbb45 932
72a734ec 933 if (cp->val)
9fbcbb45 934 scan = SCAN_PAGE;
df2c6c5e 935 else {
9fbcbb45
JH		 936 scan = 0;
937
df2c6c5e
JH		 938 if (test_bit(HCI_ISCAN, &hdev->flags) &&
939 hdev->discov_timeout > 0)
940 cancel_delayed_work(&hdev->discov_off);
941 }
942
9fbcbb45
JH		 943 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
944 if (err < 0)
a664b5bc 945 mgmt_pending_remove(cmd);
9fbcbb45
JH		 946
947failed:
09fd0de5 948 hci_dev_unlock(hdev);
9fbcbb45
JH		 949 hci_dev_put(hdev);
950
951 return err;
952}
953
744cf19e
JH		 954static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
955 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 956{
957 struct sk_buff *skb;
958 struct mgmt_hdr *hdr;
959
960 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
961 if (!skb)
962 return -ENOMEM;
963
c542a06c
JH		 964 hdr = (void *) skb_put(skb, sizeof(*hdr));
965 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 966 if (hdev)
967 hdr->index = cpu_to_le16(hdev->id);
968 else
969 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 970 hdr->len = cpu_to_le16(data_len);
971
4e51eae9
SJ		 972 if (data)
973 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c 974
470fe1b5 975 hci_send_to_control(skb, skip_sk);
c542a06c
JH		 976 kfree_skb(skb);
977
978 return 0;
979}
980
650f726d 981static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 982{
650f726d 983 struct mgmt_mode *cp = data;
c542a06c 984 struct hci_dev *hdev;
69ab39ea 985 __le32 ev;
c542a06c
JH		 986 int err;
987
4e51eae9 988 BT_DBG("request for hci%u", index);
c542a06c 989
bdce7baf 990 if (len != sizeof(*cp))
ca69b795
JH		 991 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
992 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 993
4e51eae9 994 hdev = hci_dev_get(index);
c542a06c 995 if (!hdev)
ca69b795
JH		 996 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
997 MGMT_STATUS_INVALID_PARAMS);
c542a06c 998
09fd0de5 999 hci_dev_lock(hdev);
c542a06c
JH		 1000
1001 if (cp->val)
a8b2d5c2 1002 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1003 else
a8b2d5c2 1004 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1005
69ab39ea 1006 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1007 if (err < 0)
1008 goto failed;
1009
69ab39ea 1010 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 1011
69ab39ea 1012 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 1013
1014failed:
09fd0de5 1015 hci_dev_unlock(hdev);
c542a06c
JH		 1016 hci_dev_put(hdev);
1017
1018 return err;
1019}
1020
33ef95ed
JH		 1021static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1022{
1023 struct mgmt_mode *cp = data;
1024 struct pending_cmd *cmd;
1025 struct hci_dev *hdev;
1026 uint8_t val;
1027 int err;
1028
1029 BT_DBG("request for hci%u", index);
1030
1031 if (len != sizeof(*cp))
1032 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1033 MGMT_STATUS_INVALID_PARAMS);
1034
1035 hdev = hci_dev_get(index);
1036 if (!hdev)
1037 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1038 MGMT_STATUS_INVALID_PARAMS);
1039
1040 hci_dev_lock(hdev);
1041
4b34ee78 1042 if (!hdev_is_powered(hdev)) {
33ef95ed
JH		 1043 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1044 MGMT_STATUS_NOT_POWERED);
1045 goto failed;
1046 }
1047
1048 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1049 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1050 MGMT_STATUS_BUSY);
1051 goto failed;
1052 }
1053
1054 val = !!cp->val;
1055
1056 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1057 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1058 goto failed;
1059 }
1060
1061 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1062 if (!cmd) {
1063 err = -ENOMEM;
1064 goto failed;
1065 }
1066
1067 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1068 if (err < 0) {
1069 mgmt_pending_remove(cmd);
1070 goto failed;
1071 }
1072
1073failed:
1074 hci_dev_unlock(hdev);
1075 hci_dev_put(hdev);
1076
1077 return err;
1078}
1079
ed2c4ee3
JH		 1080static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1081{
1082 struct mgmt_mode *cp = data;
1083 struct pending_cmd *cmd;
1084 struct hci_dev *hdev;
1085 uint8_t val;
1086 int err;
1087
1088 BT_DBG("request for hci%u", index);
1089
1090 if (len != sizeof(*cp))
1091 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1092 MGMT_STATUS_INVALID_PARAMS);
1093
1094 hdev = hci_dev_get(index);
1095 if (!hdev)
1096 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1097 MGMT_STATUS_INVALID_PARAMS);
1098
1099 hci_dev_lock(hdev);
1100
4b34ee78 1101 if (!hdev_is_powered(hdev)) {
ed2c4ee3
JH		 1102 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1103 MGMT_STATUS_NOT_POWERED);
1104 goto failed;
1105 }
1106
1e163574
JH		 1107 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1108 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1109 MGMT_STATUS_NOT_SUPPORTED);
1110 goto failed;
1111 }
1112
ed2c4ee3
JH		 1113 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1114 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1115 goto failed;
1116 }
1117
1118 val = !!cp->val;
1119
1120 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1121 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1122 goto failed;
1123 }
1124
1125 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1126 if (!cmd) {
1127 err = -ENOMEM;
1128 goto failed;
1129 }
1130
1131 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1132 if (err < 0) {
1133 mgmt_pending_remove(cmd);
1134 goto failed;
1135 }
1136
1137failed:
1138 hci_dev_unlock(hdev);
1139 hci_dev_put(hdev);
1140
1141 return err;
1142}
1143
6d80dfd0
JH		 1144static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1145{
1146 struct mgmt_mode *cp = data;
1147 struct hci_dev *hdev;
1148 int err;
1149
1150 BT_DBG("request for hci%u", index);
1151
1152 if (len != sizeof(*cp))
1153 return cmd_status(sk, index, MGMT_OP_SET_HS,
1154 MGMT_STATUS_INVALID_PARAMS);
1155
1156 hdev = hci_dev_get(index);
1157 if (!hdev)
1158 return cmd_status(sk, index, MGMT_OP_SET_HS,
1159 MGMT_STATUS_INVALID_PARAMS);
1160
1161 if (!enable_hs) {
1162 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1163 MGMT_STATUS_NOT_SUPPORTED);
1164 goto failed;
1165 }
1166
1167 if (cp->val)
1168 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1169 else
1170 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1171
1172 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1173
1174failed:
1175 hci_dev_put(hdev);
1176 return err;
1177}
1178
650f726d 1179static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1180{
650f726d 1181 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1182 struct hci_dev *hdev;
1183 struct bt_uuid *uuid;
2aeb9a1a
JH		 1184 int err;
1185
4e51eae9 1186 BT_DBG("request for hci%u", index);
2aeb9a1a 1187
bdce7baf 1188 if (len != sizeof(*cp))
ca69b795
JH		 1189 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1190 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1191
4e51eae9 1192 hdev = hci_dev_get(index);
2aeb9a1a 1193 if (!hdev)
ca69b795
JH		 1194 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1195 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1196
09fd0de5 1197 hci_dev_lock(hdev);
2aeb9a1a
JH		 1198
1199 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1200 if (!uuid) {
1201 err = -ENOMEM;
1202 goto failed;
1203 }
1204
1205 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1206 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1207
1208 list_add(&uuid->list, &hdev->uuids);
1209
1aff6f09
JH		 1210 err = update_class(hdev);
1211 if (err < 0)
1212 goto failed;
1213
80a1e1db
JH		 1214 err = update_eir(hdev);
1215 if (err < 0)
1216 goto failed;
1217
aee9b218 1218 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1219
1220failed:
09fd0de5 1221 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1222 hci_dev_put(hdev);
1223
1224 return err;
1225}
1226
650f726d 1227static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1228{
650f726d 1229 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1230 struct list_head *p, *n;
2aeb9a1a
JH		 1231 struct hci_dev *hdev;
1232 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1233 int err, found;
1234
4e51eae9 1235 BT_DBG("request for hci%u", index);
2aeb9a1a 1236
bdce7baf 1237 if (len != sizeof(*cp))
ca69b795
JH		 1238 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1239 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1240
4e51eae9 1241 hdev = hci_dev_get(index);
2aeb9a1a 1242 if (!hdev)
ca69b795
JH		 1243 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1244 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1245
09fd0de5 1246 hci_dev_lock(hdev);
2aeb9a1a
JH		 1247
1248 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1249 err = hci_uuids_clear(hdev);
1250 goto unlock;
1251 }
1252
1253 found = 0;
1254
1255 list_for_each_safe(p, n, &hdev->uuids) {
1256 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1257
1258 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1259 continue;
1260
1261 list_del(&match->list);
1262 found++;
1263 }
1264
1265 if (found == 0) {
ca69b795
JH		 1266 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1267 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1268 goto unlock;
1269 }
1270
1aff6f09
JH		 1271 err = update_class(hdev);
1272 if (err < 0)
1273 goto unlock;
1274
80a1e1db
JH		 1275 err = update_eir(hdev);
1276 if (err < 0)
1277 goto unlock;
1278
aee9b218 1279 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1280
1281unlock:
09fd0de5 1282 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1283 hci_dev_put(hdev);
1284
1285 return err;
1286}
1287
650f726d 1288static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1289{
1290 struct hci_dev *hdev;
650f726d 1291 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1292 int err;
1293
4e51eae9 1294 BT_DBG("request for hci%u", index);
1aff6f09 1295
bdce7baf 1296 if (len != sizeof(*cp))
ca69b795
JH		 1297 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1298 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1299
4e51eae9 1300 hdev = hci_dev_get(index);
1aff6f09 1301 if (!hdev)
ca69b795
JH		 1302 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1303 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1304
09fd0de5 1305 hci_dev_lock(hdev);
1aff6f09 1306
b5235a65
JH		 1307 if (!hdev_is_powered(hdev)) {
1308 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1309 MGMT_STATUS_NOT_POWERED);
1310 goto unlock;
1311 }
1312
1aff6f09
JH		 1313 hdev->major_class = cp->major;
1314 hdev->minor_class = cp->minor;
1315
a8b2d5c2 1316 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1317 hci_dev_unlock(hdev);
1318 cancel_delayed_work_sync(&hdev->service_cache);
1319 hci_dev_lock(hdev);
14c0b608 1320 update_eir(hdev);
7d78525d 1321 }
14c0b608 1322
1aff6f09
JH		 1323 err = update_class(hdev);
1324
1325 if (err == 0)
aee9b218
JH		 1326 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1327 NULL, 0);
1aff6f09 1328
b5235a65 1329unlock:
09fd0de5 1330 hci_dev_unlock(hdev);
1aff6f09
JH		 1331 hci_dev_put(hdev);
1332
1333 return err;
1334}
1335
650f726d 1336static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1337{
1338 struct hci_dev *hdev;
650f726d 1339 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1340 u16 key_count, expected_len;
a492cd52 1341 int i;
55ed8ca1 1342
bdce7baf 1343 if (len < sizeof(*cp))
ca69b795
JH		 1344 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1345 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1346
55ed8ca1
JH		 1347 key_count = get_unaligned_le16(&cp->key_count);
1348
86742e1e
JH		 1349 expected_len = sizeof(*cp) + key_count *
1350 sizeof(struct mgmt_link_key_info);
a492cd52 1351 if (expected_len != len) {
86742e1e 1352 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1353 len, expected_len);
ca69b795
JH		 1354 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1355 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1356 }
1357
4e51eae9 1358 hdev = hci_dev_get(index);
55ed8ca1 1359 if (!hdev)
ca69b795
JH		 1360 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1361 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1362
4e51eae9 1363 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1364 key_count);
1365
09fd0de5 1366 hci_dev_lock(hdev);
55ed8ca1
JH		 1367
1368 hci_link_keys_clear(hdev);
1369
a8b2d5c2 1370 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1371
1372 if (cp->debug_keys)
a8b2d5c2 1373 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1374 else
a8b2d5c2 1375 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1376
a492cd52 1377 for (i = 0; i < key_count; i++) {
86742e1e 1378 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1379
d753fdc4
JH		 1380 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1381 key->type, key->pin_len);
55ed8ca1
JH		 1382 }
1383
aee9b218 1384 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1385
09fd0de5 1386 hci_dev_unlock(hdev);
55ed8ca1
JH		 1387 hci_dev_put(hdev);
1388
a492cd52 1389 return 0;
55ed8ca1
JH		 1390}
1391
b1078ad0
JH		 1392static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1393 u8 addr_type, struct sock *skip_sk)
1394{
1395 struct mgmt_ev_device_unpaired ev;
1396
1397 bacpy(&ev.addr.bdaddr, bdaddr);
1398 ev.addr.type = addr_type;
1399
1400 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1401 skip_sk);
1402}
1403
124f6e35 1404static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1405{
1406 struct hci_dev *hdev;
124f6e35
JH		 1407 struct mgmt_cp_unpair_device *cp = data;
1408 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1409 struct hci_cp_disconnect dc;
1410 struct pending_cmd *cmd;
55ed8ca1 1411 struct hci_conn *conn;
aee9b218 1412 u8 status = 0;
55ed8ca1
JH		 1413 int err;
1414
bdce7baf 1415 if (len != sizeof(*cp))
124f6e35 1416 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1417 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1418
4e51eae9 1419 hdev = hci_dev_get(index);
55ed8ca1 1420 if (!hdev)
124f6e35 1421 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1422 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1423
09fd0de5 1424 hci_dev_lock(hdev);
55ed8ca1 1425
a8a1d19e 1426 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1427 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1428 rp.addr.type = cp->addr.type;
a8a1d19e 1429
124f6e35
JH		 1430 if (cp->addr.type == MGMT_ADDR_BREDR)
1431 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1432 else
1433 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1434
55ed8ca1 1435 if (err < 0) {
aee9b218 1436 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1437 goto unlock;
1438 }
1439
a8a1d19e 1440 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1441 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1442 &rp, sizeof(rp));
b1078ad0 1443 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1444 goto unlock;
a8a1d19e 1445 }
55ed8ca1 1446
124f6e35
JH		 1447 if (cp->addr.type == MGMT_ADDR_BREDR)
1448 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1449 &cp->addr.bdaddr);
1450 else
1451 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1452 &cp->addr.bdaddr);
1453
a8a1d19e 1454 if (!conn) {
aee9b218
JH		 1455 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1456 &rp, sizeof(rp));
b1078ad0 1457 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1458 goto unlock;
1459 }
55ed8ca1 1460
124f6e35
JH		 1461 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1462 sizeof(*cp));
a8a1d19e
JH		 1463 if (!cmd) {
1464 err = -ENOMEM;
1465 goto unlock;
55ed8ca1
JH		 1466 }
1467
a8a1d19e
JH		 1468 put_unaligned_le16(conn->handle, &dc.handle);
1469 dc.reason = 0x13; /* Remote User Terminated Connection */
1470 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1471 if (err < 0)
1472 mgmt_pending_remove(cmd);
1473
55ed8ca1 1474unlock:
ca69b795 1475 if (err < 0)
aee9b218
JH		 1476 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1477 &rp, sizeof(rp));
09fd0de5 1478 hci_dev_unlock(hdev);
55ed8ca1
JH		 1479 hci_dev_put(hdev);
1480
1481 return err;
1482}
1483
650f726d 1484static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1485{
1486 struct hci_dev *hdev;
650f726d 1487 struct mgmt_cp_disconnect *cp = data;
8962ee74 1488 struct hci_cp_disconnect dc;
366a0336 1489 struct pending_cmd *cmd;
8962ee74 1490 struct hci_conn *conn;
8962ee74
JH		 1491 int err;
1492
1493 BT_DBG("");
1494
bdce7baf 1495 if (len != sizeof(*cp))
ca69b795
JH		 1496 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1497 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1498
4e51eae9 1499 hdev = hci_dev_get(index);
8962ee74 1500 if (!hdev)
ca69b795
JH		 1501 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1502 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1503
09fd0de5 1504 hci_dev_lock(hdev);
8962ee74
JH		 1505
1506 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1507 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1508 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1509 goto failed;
1510 }
1511
2e58ef3e 1512 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1513 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1514 MGMT_STATUS_BUSY);
8962ee74
JH		 1515 goto failed;
1516 }
1517
88c3df13
JH		 1518 if (cp->addr.type == MGMT_ADDR_BREDR)
1519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1520 else
1521 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1522
8962ee74 1523 if (!conn) {
ca69b795
JH		 1524 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1525 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1526 goto failed;
1527 }
1528
2e58ef3e 1529 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1530 if (!cmd) {
1531 err = -ENOMEM;
8962ee74 1532 goto failed;
366a0336 1533 }
8962ee74
JH		 1534
1535 put_unaligned_le16(conn->handle, &dc.handle);
1536 dc.reason = 0x13; /* Remote User Terminated Connection */
1537
1538 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1539 if (err < 0)
a664b5bc 1540 mgmt_pending_remove(cmd);
8962ee74
JH		 1541
1542failed:
09fd0de5 1543 hci_dev_unlock(hdev);
8962ee74
JH		 1544 hci_dev_put(hdev);
1545
1546 return err;
1547}
1548
48264f06 1549static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1550{
1551 switch (link_type) {
1552 case LE_LINK:
48264f06
JH		 1553 switch (addr_type) {
1554 case ADDR_LE_DEV_PUBLIC:
1555 return MGMT_ADDR_LE_PUBLIC;
1556 case ADDR_LE_DEV_RANDOM:
1557 return MGMT_ADDR_LE_RANDOM;
1558 default:
1559 return MGMT_ADDR_INVALID;
1560 }
4c659c39
JH		 1561 case ACL_LINK:
1562 return MGMT_ADDR_BREDR;
1563 default:
1564 return MGMT_ADDR_INVALID;
1565 }
1566}
1567
8ce6284e 1568static int get_connections(struct sock *sk, u16 index)
2784eb41 1569{
2784eb41
JH		 1570 struct mgmt_rp_get_connections *rp;
1571 struct hci_dev *hdev;
8035ded4 1572 struct hci_conn *c;
a38528f1 1573 size_t rp_len;
4e51eae9 1574 u16 count;
2784eb41
JH		 1575 int i, err;
1576
1577 BT_DBG("");
1578
4e51eae9 1579 hdev = hci_dev_get(index);
2784eb41 1580 if (!hdev)
ca69b795
JH		 1581 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1582 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1583
09fd0de5 1584 hci_dev_lock(hdev);
2784eb41
JH		 1585
1586 count = 0;
b644ba33
JH		 1587 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1588 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1589 count++;
2784eb41
JH		 1590 }
1591
4c659c39 1592 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1593 rp = kmalloc(rp_len, GFP_ATOMIC);
1594 if (!rp) {
2784eb41
JH		 1595 err = -ENOMEM;
1596 goto unlock;
1597 }
1598
2784eb41
JH		 1599 put_unaligned_le16(count, &rp->conn_count);
1600
2784eb41 1601 i = 0;
4c659c39 1602 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1603 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1604 continue;
4c659c39 1605 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1606 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1607 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1608 continue;
1609 i++;
1610 }
1611
1612 /* Recalculate length in case of filtered SCO connections, etc */
1613 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1614
aee9b218 1615 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1616
1617unlock:
a38528f1 1618 kfree(rp);
09fd0de5 1619 hci_dev_unlock(hdev);
2784eb41
JH		 1620 hci_dev_put(hdev);
1621 return err;
1622}
1623
96d97a67
WR		 1624static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1625 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1626{
1627 struct pending_cmd *cmd;
1628 int err;
1629
2e58ef3e 1630 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1631 sizeof(*cp));
1632 if (!cmd)
1633 return -ENOMEM;
1634
d8457698
JH		 1635 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1636 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1637 if (err < 0)
1638 mgmt_pending_remove(cmd);
1639
1640 return err;
1641}
1642
650f726d 1643static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1644{
1645 struct hci_dev *hdev;
96d97a67 1646 struct hci_conn *conn;
650f726d 1647 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1648 struct hci_cp_pin_code_reply reply;
366a0336 1649 struct pending_cmd *cmd;
980e1a53
JH		 1650 int err;
1651
1652 BT_DBG("");
1653
bdce7baf 1654 if (len != sizeof(*cp))
ca69b795
JH		 1655 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1656 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1657
4e51eae9 1658 hdev = hci_dev_get(index);
980e1a53 1659 if (!hdev)
ca69b795
JH		 1660 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1661 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1662
09fd0de5 1663 hci_dev_lock(hdev);
980e1a53 1664
4b34ee78 1665 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1666 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1667 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1668 goto failed;
1669 }
1670
d8457698 1671 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1672 if (!conn) {
ca69b795
JH		 1673 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1674 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1675 goto failed;
1676 }
1677
1678 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1679 struct mgmt_cp_pin_code_neg_reply ncp;
1680
1681 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1682
1683 BT_ERR("PIN code is not 16 bytes long");
1684
1685 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1686 if (err >= 0)
1687 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1688 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1689
1690 goto failed;
1691 }
1692
650f726d
VCG		 1693 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1694 len);
366a0336
JH		 1695 if (!cmd) {
1696 err = -ENOMEM;
980e1a53 1697 goto failed;
366a0336 1698 }
980e1a53 1699
d8457698 1700 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1701 reply.pin_len = cp->pin_len;
24718ca5 1702 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1703
1704 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1705 if (err < 0)
a664b5bc 1706 mgmt_pending_remove(cmd);
980e1a53
JH		 1707
1708failed:
09fd0de5 1709 hci_dev_unlock(hdev);
980e1a53
JH		 1710 hci_dev_put(hdev);
1711
1712 return err;
1713}
1714
650f726d 1715static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1716{
1717 struct hci_dev *hdev;
650f726d 1718 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1719 int err;
1720
1721 BT_DBG("");
1722
bdce7baf
SJ		 1723 if (len != sizeof(*cp))
1724 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1725 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1726
4e51eae9 1727 hdev = hci_dev_get(index);
980e1a53 1728 if (!hdev)
4e51eae9 1729 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1730 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1731
09fd0de5 1732 hci_dev_lock(hdev);
980e1a53 1733
4b34ee78 1734 if (!hdev_is_powered(hdev)) {
4e51eae9 1735 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1736 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1737 goto failed;
1738 }
1739
96d97a67 1740 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1741
1742failed:
09fd0de5 1743 hci_dev_unlock(hdev);
980e1a53
JH		 1744 hci_dev_put(hdev);
1745
1746 return err;
1747}
1748
650f726d 1749static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1750{
1751 struct hci_dev *hdev;
650f726d 1752 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1753
1754 BT_DBG("");
1755
bdce7baf 1756 if (len != sizeof(*cp))
ca69b795
JH		 1757 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1758 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1759
4e51eae9 1760 hdev = hci_dev_get(index);
17fa4b9d 1761 if (!hdev)
ca69b795
JH		 1762 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1763 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1764
09fd0de5 1765 hci_dev_lock(hdev);
17fa4b9d
JH		 1766
1767 hdev->io_capability = cp->io_capability;
1768
1769 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1770 hdev->io_capability);
17fa4b9d 1771
09fd0de5 1772 hci_dev_unlock(hdev);
17fa4b9d
JH		 1773 hci_dev_put(hdev);
1774
aee9b218 1775 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1776}
1777
e9a416b5
JH		 1778static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1779{
1780 struct hci_dev *hdev = conn->hdev;
8035ded4 1781 struct pending_cmd *cmd;
e9a416b5 1782
2e58ef3e 1783 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1784 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1785 continue;
1786
e9a416b5
JH		 1787 if (cmd->user_data != conn)
1788 continue;
1789
1790 return cmd;
1791 }
1792
1793 return NULL;
1794}
1795
1796static void pairing_complete(struct pending_cmd *cmd, u8 status)
1797{
1798 struct mgmt_rp_pair_device rp;
1799 struct hci_conn *conn = cmd->user_data;
1800
ba4e564f
JH		 1801 bacpy(&rp.addr.bdaddr, &conn->dst);
1802 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1803
aee9b218
JH		 1804 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1805 &rp, sizeof(rp));
e9a416b5
JH		 1806
1807 /* So we don't get further callbacks for this connection */
1808 conn->connect_cfm_cb = NULL;
1809 conn->security_cfm_cb = NULL;
1810 conn->disconn_cfm_cb = NULL;
1811
1812 hci_conn_put(conn);
1813
a664b5bc 1814 mgmt_pending_remove(cmd);
e9a416b5
JH		 1815}
1816
1817static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1818{
1819 struct pending_cmd *cmd;
1820
1821 BT_DBG("status %u", status);
1822
1823 cmd = find_pairing(conn);
56e5cb86 1824 if (!cmd)
e9a416b5 1825 BT_DBG("Unable to find a pending command");
56e5cb86 1826 else
e211326c 1827 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1828}
1829
650f726d 1830static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1831{
1832 struct hci_dev *hdev;
650f726d 1833 struct mgmt_cp_pair_device *cp = data;
1425acb7 1834 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1835 struct pending_cmd *cmd;
1836 u8 sec_level, auth_type;
1837 struct hci_conn *conn;
e9a416b5
JH		 1838 int err;
1839
1840 BT_DBG("");
1841
bdce7baf 1842 if (len != sizeof(*cp))
ca69b795
JH		 1843 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1844 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1845
4e51eae9 1846 hdev = hci_dev_get(index);
e9a416b5 1847 if (!hdev)
ca69b795
JH		 1848 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1849 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1850
09fd0de5 1851 hci_dev_lock(hdev);
e9a416b5 1852
c908df36
VCG		 1853 sec_level = BT_SECURITY_MEDIUM;
1854 if (cp->io_cap == 0x03)
e9a416b5 1855 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1856 else
e9a416b5 1857 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1858
ba4e564f
JH		 1859 if (cp->addr.type == MGMT_ADDR_BREDR)
1860 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1861 auth_type);
1862 else
ba4e564f 1863 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1864 auth_type);
1865
1425acb7
JH		 1866 memset(&rp, 0, sizeof(rp));
1867 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1868 rp.addr.type = cp->addr.type;
1869
30e76272 1870 if (IS_ERR(conn)) {
e211326c
JH		 1871 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1872 MGMT_STATUS_CONNECT_FAILED,
1873 &rp, sizeof(rp));
e9a416b5
JH		 1874 goto unlock;
1875 }
1876
1877 if (conn->connect_cfm_cb) {
1878 hci_conn_put(conn);
e211326c
JH		 1879 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1880 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1881 goto unlock;
1882 }
1883
2e58ef3e 1884 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1885 if (!cmd) {
1886 err = -ENOMEM;
1887 hci_conn_put(conn);
1888 goto unlock;
1889 }
1890
7a512d01 1891 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1892 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1893 conn->connect_cfm_cb = pairing_complete_cb;
1894
e9a416b5
JH		 1895 conn->security_cfm_cb = pairing_complete_cb;
1896 conn->disconn_cfm_cb = pairing_complete_cb;
1897 conn->io_capability = cp->io_cap;
1898 cmd->user_data = conn;
1899
1900 if (conn->state == BT_CONNECTED &&
1901 hci_conn_security(conn, sec_level, auth_type))
1902 pairing_complete(cmd, 0);
1903
1904 err = 0;
1905
1906unlock:
09fd0de5 1907 hci_dev_unlock(hdev);
e9a416b5
JH		 1908 hci_dev_put(hdev);
1909
1910 return err;
1911}
1912
28424707
JH		 1913static int cancel_pair_device(struct sock *sk, u16 index,
1914 unsigned char *data, u16 len)
1915{
1916 struct mgmt_addr_info *addr = (void *) data;
1917 struct hci_dev *hdev;
1918 struct pending_cmd *cmd;
1919 struct hci_conn *conn;
1920 int err;
1921
1922 BT_DBG("");
1923
1924 if (len != sizeof(*addr))
1925 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1926 MGMT_STATUS_INVALID_PARAMS);
1927
1928 hdev = hci_dev_get(index);
1929 if (!hdev)
1930 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1931 MGMT_STATUS_INVALID_PARAMS);
1932
1933 hci_dev_lock(hdev);
1934
1935 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1936 if (!cmd) {
1937 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1938 MGMT_STATUS_INVALID_PARAMS);
1939 goto unlock;
1940 }
1941
1942 conn = cmd->user_data;
1943
1944 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1945 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1946 MGMT_STATUS_INVALID_PARAMS);
1947 goto unlock;
1948 }
1949
1950 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1951
aee9b218 1952 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 1953 sizeof(*addr));
1954unlock:
1955 hci_dev_unlock(hdev);
1956 hci_dev_put(hdev);
1957
1958 return err;
1959}
1960
0df4c185 1961static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1962 u8 type, u16 mgmt_op, u16 hci_op,
1963 __le32 passkey)
a5c29683 1964{
a5c29683
JH		 1965 struct pending_cmd *cmd;
1966 struct hci_dev *hdev;
0df4c185 1967 struct hci_conn *conn;
a5c29683
JH		 1968 int err;
1969
4e51eae9 1970 hdev = hci_dev_get(index);
a5c29683 1971 if (!hdev)
ca69b795
JH		 1972 return cmd_status(sk, index, mgmt_op,
1973 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1974
09fd0de5 1975 hci_dev_lock(hdev);
08ba5382 1976
4b34ee78 1977 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 1978 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1979 goto done;
a5c29683
JH		 1980 }
1981
272d90df
JH		 1982 if (type == MGMT_ADDR_BREDR)
1983 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1984 else
47c15e2b 1985 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 1986
1987 if (!conn) {
1988 err = cmd_status(sk, index, mgmt_op,
47c15e2b 1989 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 1990 goto done;
1991 }
47c15e2b 1992
272d90df 1993 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 1994 /* Continue with pairing via SMP */
5fe57d9e
BG		 1995 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1996
1997 if (!err)
1998 err = cmd_status(sk, index, mgmt_op,
1999 MGMT_STATUS_SUCCESS);
2000 else
2001 err = cmd_status(sk, index, mgmt_op,
2002 MGMT_STATUS_FAILED);
47c15e2b 2003
47c15e2b
BG		 2004 goto done;
2005 }
2006
0df4c185 2007 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2008 if (!cmd) {
2009 err = -ENOMEM;
0df4c185 2010 goto done;
a5c29683
JH		 2011 }
2012
0df4c185 2013 /* Continue with pairing via HCI */
604086b7
BG		 2014 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2015 struct hci_cp_user_passkey_reply cp;
2016
2017 bacpy(&cp.bdaddr, bdaddr);
2018 cp.passkey = passkey;
2019 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2020 } else
2021 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2022
a664b5bc
JH		 2023 if (err < 0)
2024 mgmt_pending_remove(cmd);
a5c29683 2025
0df4c185 2026done:
09fd0de5 2027 hci_dev_unlock(hdev);
a5c29683
JH		 2028 hci_dev_put(hdev);
2029
2030 return err;
2031}
2032
0df4c185
BG		 2033static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2034{
650f726d 2035 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2036
2037 BT_DBG("");
2038
2039 if (len != sizeof(*cp))
2040 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2041 MGMT_STATUS_INVALID_PARAMS);
2042
272d90df
JH		 2043 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2044 MGMT_OP_USER_CONFIRM_REPLY,
2045 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2046}
2047
2048static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2049 u16 len)
2050{
c9c2659f 2051 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2052
2053 BT_DBG("");
2054
2055 if (len != sizeof(*cp))
2056 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2057 MGMT_STATUS_INVALID_PARAMS);
2058
272d90df
JH		 2059 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2060 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2061 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2062}
2063
604086b7
BG		 2064static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2065{
650f726d 2066 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2067
2068 BT_DBG("");
2069
2070 if (len != sizeof(*cp))
2071 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2072 EINVAL);
2073
272d90df
JH		 2074 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2075 MGMT_OP_USER_PASSKEY_REPLY,
2076 HCI_OP_USER_PASSKEY_REPLY,
2077 cp->passkey);
604086b7
BG		 2078}
2079
2080static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2081 u16 len)
2082{
650f726d 2083 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2084
2085 BT_DBG("");
2086
2087 if (len != sizeof(*cp))
2088 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2089 EINVAL);
2090
272d90df
JH		 2091 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2092 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2093 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2094}
2095
650f726d 2096static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2097 u16 len)
2098{
650f726d 2099 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2100 struct hci_cp_write_local_name hci_cp;
2101 struct hci_dev *hdev;
2102 struct pending_cmd *cmd;
2103 int err;
2104
2105 BT_DBG("");
2106
2107 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2108 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2109 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2110
2111 hdev = hci_dev_get(index);
2112 if (!hdev)
ca69b795
JH		 2113 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2114 MGMT_STATUS_INVALID_PARAMS);
b312b161 2115
09fd0de5 2116 hci_dev_lock(hdev);
b312b161 2117
b5235a65
JH		 2118 if (!hdev_is_powered(hdev)) {
2119 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2120 MGMT_STATUS_NOT_POWERED);
2121 goto failed;
2122 }
2123
650f726d
VCG		 2124 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2125 len);
b312b161
JH		 2126 if (!cmd) {
2127 err = -ENOMEM;
2128 goto failed;
2129 }
2130
2131 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2132 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2133 &hci_cp);
2134 if (err < 0)
2135 mgmt_pending_remove(cmd);
2136
2137failed:
09fd0de5 2138 hci_dev_unlock(hdev);
b312b161
JH		 2139 hci_dev_put(hdev);
2140
2141 return err;
2142}
2143
c35938b2
SJ		 2144static int read_local_oob_data(struct sock *sk, u16 index)
2145{
2146 struct hci_dev *hdev;
2147 struct pending_cmd *cmd;
2148 int err;
2149
2150 BT_DBG("hci%u", index);
2151
2152 hdev = hci_dev_get(index);
2153 if (!hdev)
2154 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2155 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2156
09fd0de5 2157 hci_dev_lock(hdev);
c35938b2 2158
4b34ee78 2159 if (!hdev_is_powered(hdev)) {
c35938b2 2160 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2161 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2162 goto unlock;
2163 }
2164
2165 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2166 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2167 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2168 goto unlock;
2169 }
2170
2e58ef3e 2171 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2172 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2173 MGMT_STATUS_BUSY);
c35938b2
SJ		 2174 goto unlock;
2175 }
2176
2e58ef3e 2177 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2178 if (!cmd) {
2179 err = -ENOMEM;
2180 goto unlock;
2181 }
2182
2183 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2184 if (err < 0)
2185 mgmt_pending_remove(cmd);
2186
2187unlock:
09fd0de5 2188 hci_dev_unlock(hdev);
c35938b2
SJ		 2189 hci_dev_put(hdev);
2190
2191 return err;
2192}
2193
650f726d
VCG		 2194static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2195 u16 len)
2763eda6
SJ		 2196{
2197 struct hci_dev *hdev;
650f726d 2198 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2199 u8 status;
2763eda6
SJ		 2200 int err;
2201
2202 BT_DBG("hci%u ", index);
2203
2204 if (len != sizeof(*cp))
2205 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2206 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2207
2208 hdev = hci_dev_get(index);
2209 if (!hdev)
bf1e3541
JH		 2210 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2211 MGMT_STATUS_INVALID_PARAMS,
2212 &cp->addr, sizeof(cp->addr));
2763eda6 2213
09fd0de5 2214 hci_dev_lock(hdev);
2763eda6 2215
664ce4cc 2216 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2217 cp->randomizer);
2218 if (err < 0)
bf1e3541 2219 status = MGMT_STATUS_FAILED;
2763eda6 2220 else
bf1e3541
JH		 2221 status = 0;
2222
2223 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2224 &cp->addr, sizeof(cp->addr));
2763eda6 2225
09fd0de5 2226 hci_dev_unlock(hdev);
2763eda6
SJ		 2227 hci_dev_put(hdev);
2228
2229 return err;
2230}
2231
2232static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2233 void *data, u16 len)
2763eda6
SJ		 2234{
2235 struct hci_dev *hdev;
650f726d 2236 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2237 u8 status;
2763eda6
SJ		 2238 int err;
2239
2240 BT_DBG("hci%u ", index);
2241
2242 if (len != sizeof(*cp))
2243 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2244 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2245
2246 hdev = hci_dev_get(index);
2247 if (!hdev)
bf1e3541
JH		 2248 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2249 MGMT_STATUS_INVALID_PARAMS,
2250 &cp->addr, sizeof(cp->addr));
2763eda6 2251
09fd0de5 2252 hci_dev_lock(hdev);
2763eda6 2253
664ce4cc 2254 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2255 if (err < 0)
bf1e3541 2256 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2257 else
bf1e3541
JH		 2258 status = 0;
2259
2260 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2261 &cp->addr, sizeof(cp->addr));
2763eda6 2262
09fd0de5 2263 hci_dev_unlock(hdev);
2763eda6
SJ		 2264 hci_dev_put(hdev);
2265
2266 return err;
2267}
2268
5e0452c0
AG		 2269static int discovery(struct hci_dev *hdev)
2270{
2271 int err;
2272
2273 if (lmp_host_le_capable(hdev)) {
2274 if (lmp_bredr_capable(hdev)) {
2275 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2276 LE_SCAN_INT, LE_SCAN_WIN,
2277 LE_SCAN_TIMEOUT_BREDR_LE);
2278 } else {
2279 hdev->discovery.type = DISCOV_TYPE_LE;
2280 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2281 LE_SCAN_INT, LE_SCAN_WIN,
2282 LE_SCAN_TIMEOUT_LE_ONLY);
2283 }
2284 } else {
2285 hdev->discovery.type = DISCOV_TYPE_BREDR;
2286 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2287 }
2288
2289 return err;
2290}
2291
2292int mgmt_interleaved_discovery(struct hci_dev *hdev)
2293{
2294 int err;
2295
2296 BT_DBG("%s", hdev->name);
2297
2298 hci_dev_lock(hdev);
2299
2300 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2301 if (err < 0)
2302 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2303
2304 hci_dev_unlock(hdev);
2305
2306 return err;
2307}
2308
450dfdaf 2309static int start_discovery(struct sock *sk, u16 index,
650f726d 2310 void *data, u16 len)
14a53664 2311{
650f726d 2312 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2313 struct pending_cmd *cmd;
2314 struct hci_dev *hdev;
2315 int err;
2316
2317 BT_DBG("hci%u", index);
2318
450dfdaf
JH		 2319 if (len != sizeof(*cp))
2320 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2321 MGMT_STATUS_INVALID_PARAMS);
2322
14a53664
JH		 2323 hdev = hci_dev_get(index);
2324 if (!hdev)
ca69b795
JH		 2325 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2326 MGMT_STATUS_INVALID_PARAMS);
14a53664 2327
09fd0de5 2328 hci_dev_lock(hdev);
14a53664 2329
4b34ee78 2330 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2331 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2332 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2333 goto failed;
2334 }
2335
ff9ef578
JH		 2336 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2337 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2338 MGMT_STATUS_BUSY);
2339 goto failed;
2340 }
2341
2e58ef3e 2342 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2343 if (!cmd) {
2344 err = -ENOMEM;
2345 goto failed;
2346 }
2347
4aab14e5
AG		 2348 hdev->discovery.type = cp->type;
2349
2350 switch (hdev->discovery.type) {
f39799f5 2351 case DISCOV_TYPE_BREDR:
3fd24153 2352 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2353 break;
2354
2355 case DISCOV_TYPE_LE:
3fd24153
AG		 2356 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2357 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2358 break;
2359
5e0452c0
AG		 2360 case DISCOV_TYPE_INTERLEAVED:
2361 err = discovery(hdev);
2362 break;
2363
f39799f5 2364 default:
3fd24153 2365 err = -EINVAL;
f39799f5 2366 }
3fd24153 2367
14a53664
JH		 2368 if (err < 0)
2369 mgmt_pending_remove(cmd);
ff9ef578
JH		 2370 else
2371 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2372
2373failed:
09fd0de5 2374 hci_dev_unlock(hdev);
14a53664
JH		 2375 hci_dev_put(hdev);
2376
2377 return err;
2378}
2379
d930650b 2380static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2381{
d930650b 2382 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2383 struct hci_dev *hdev;
2384 struct pending_cmd *cmd;
30dc78e1
JH		 2385 struct hci_cp_remote_name_req_cancel cp;
2386 struct inquiry_entry *e;
14a53664
JH		 2387 int err;
2388
2389 BT_DBG("hci%u", index);
2390
d930650b
JH		 2391 if (len != sizeof(*mgmt_cp))
2392 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2393 MGMT_STATUS_INVALID_PARAMS);
2394
14a53664
JH		 2395 hdev = hci_dev_get(index);
2396 if (!hdev)
ca69b795
JH		 2397 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2398 MGMT_STATUS_INVALID_PARAMS);
14a53664 2399
09fd0de5 2400 hci_dev_lock(hdev);
14a53664 2401
30dc78e1 2402 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2403 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2404 MGMT_STATUS_REJECTED,
2405 &mgmt_cp->type, sizeof(mgmt_cp->type));
2406 goto unlock;
2407 }
2408
2409 if (hdev->discovery.type != mgmt_cp->type) {
2410 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2411 MGMT_STATUS_INVALID_PARAMS,
2412 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2413 goto unlock;
ff9ef578
JH		 2414 }
2415
2e58ef3e 2416 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2417 if (!cmd) {
2418 err = -ENOMEM;
30dc78e1
JH		 2419 goto unlock;
2420 }
2421
343f935b 2422 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2423 err = hci_cancel_inquiry(hdev);
2424 if (err < 0)
2425 mgmt_pending_remove(cmd);
2426 else
2427 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2428 goto unlock;
2429 }
2430
2431 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2432 if (!e) {
2433 mgmt_pending_remove(cmd);
aee9b218 2434 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2435 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2436 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2437 goto unlock;
14a53664
JH		 2438 }
2439
30dc78e1
JH		 2440 bacpy(&cp.bdaddr, &e->data.bdaddr);
2441 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2442 sizeof(cp), &cp);
14a53664
JH		 2443 if (err < 0)
2444 mgmt_pending_remove(cmd);
ff9ef578
JH		 2445 else
2446 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2447
30dc78e1 2448unlock:
09fd0de5 2449 hci_dev_unlock(hdev);
14a53664
JH		 2450 hci_dev_put(hdev);
2451
2452 return err;
2453}
2454
650f726d 2455static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2456{
650f726d 2457 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2458 struct inquiry_entry *e;
2459 struct hci_dev *hdev;
2460 int err;
2461
2462 BT_DBG("hci%u", index);
2463
2464 if (len != sizeof(*cp))
2465 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2466 MGMT_STATUS_INVALID_PARAMS);
2467
2468 hdev = hci_dev_get(index);
2469 if (!hdev)
2470 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2471 MGMT_STATUS_INVALID_PARAMS);
2472
2473 hci_dev_lock(hdev);
2474
30dc78e1
JH		 2475 if (!hci_discovery_active(hdev)) {
2476 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2477 MGMT_STATUS_FAILED);
2478 goto failed;
2479 }
2480
a198e7b1 2481 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc
JH		 2482 if (!e) {
2483 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2484 MGMT_STATUS_INVALID_PARAMS);
2485 goto failed;
2486 }
2487
2488 if (cp->name_known) {
2489 e->name_state = NAME_KNOWN;
2490 list_del(&e->list);
2491 } else {
2492 e->name_state = NAME_NEEDED;
a3d4e20a 2493 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2494 }
2495
2496 err = 0;
2497
2498failed:
2499 hci_dev_unlock(hdev);
2500
2501 return err;
2502}
2503
650f726d 2504static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2505{
2506 struct hci_dev *hdev;
650f726d 2507 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2508 u8 status;
7fbec224
AJ		 2509 int err;
2510
2511 BT_DBG("hci%u", index);
2512
7fbec224
AJ		 2513 if (len != sizeof(*cp))
2514 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2515 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2516
2517 hdev = hci_dev_get(index);
2518 if (!hdev)
f0eeea8b
JH		 2519 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2520 MGMT_STATUS_INVALID_PARAMS,
2521 &cp->addr, sizeof(cp->addr));
7fbec224 2522
09fd0de5 2523 hci_dev_lock(hdev);
5e762444 2524
88c1fe4b 2525 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2526 if (err < 0)
f0eeea8b 2527 status = MGMT_STATUS_FAILED;
7fbec224 2528 else
f0eeea8b
JH		 2529 status = 0;
2530
2531 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2532 &cp->addr, sizeof(cp->addr));
5e762444 2533
09fd0de5 2534 hci_dev_unlock(hdev);
7fbec224
AJ		 2535 hci_dev_put(hdev);
2536
2537 return err;
2538}
2539
650f726d 2540static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2541{
2542 struct hci_dev *hdev;
650f726d 2543 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2544 u8 status;
7fbec224
AJ		 2545 int err;
2546
2547 BT_DBG("hci%u", index);
2548
7fbec224
AJ		 2549 if (len != sizeof(*cp))
2550 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2551 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2552
2553 hdev = hci_dev_get(index);
2554 if (!hdev)
f0eeea8b
JH		 2555 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2556 MGMT_STATUS_INVALID_PARAMS,
2557 &cp->addr, sizeof(cp->addr));
7fbec224 2558
09fd0de5 2559 hci_dev_lock(hdev);
5e762444 2560
88c1fe4b 2561 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2562 if (err < 0)
f0eeea8b 2563 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2564 else
f0eeea8b
JH		 2565 status = 0;
2566
2567 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2568 &cp->addr, sizeof(cp->addr));
5e762444 2569
09fd0de5 2570 hci_dev_unlock(hdev);
7fbec224
AJ		 2571 hci_dev_put(hdev);
2572
2573 return err;
2574}
2575
f6422ec6 2576static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2577 void *data, u16 len)
f6422ec6
AJ		 2578{
2579 struct hci_dev *hdev;
650f726d 2580 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2581 struct hci_cp_write_page_scan_activity acp;
2582 u8 type;
2583 int err;
2584
2585 BT_DBG("hci%u", index);
2586
2587 if (len != sizeof(*cp))
2588 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2589 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2590
2591 hdev = hci_dev_get(index);
2592 if (!hdev)
2593 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2594 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2595 if (!hdev_is_powered(hdev))
2596 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2597 MGMT_STATUS_NOT_POWERED);
2598
2599 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2600 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2601 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2602
2603 hci_dev_lock(hdev);
2604
f7c6869c 2605 if (cp->val) {
f6422ec6
AJ		 2606 type = PAGE_SCAN_TYPE_INTERLACED;
2607 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2608 } else {
2609 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2610 acp.interval = 0x0800; /* default 1.28 sec page scan */
2611 }
2612
2613 acp.window = 0x0012; /* default 11.25 msec page scan window */
2614
2615 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2616 sizeof(acp), &acp);
2617 if (err < 0) {
2618 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2619 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2620 goto done;
2621 }
2622
2623 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2624 if (err < 0) {
2625 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2626 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2627 goto done;
2628 }
2629
aee9b218
JH		 2630 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2631 NULL, 0);
f6422ec6
AJ		 2632done:
2633 hci_dev_unlock(hdev);
2634 hci_dev_put(hdev);
2635
2636 return err;
2637}
2638
346af67b
VCG		 2639static int load_long_term_keys(struct sock *sk, u16 index,
2640 void *cp_data, u16 len)
2641{
2642 struct hci_dev *hdev;
2643 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2644 u16 key_count, expected_len;
2645 int i;
2646
2647 if (len < sizeof(*cp))
2648 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2649 EINVAL);
2650
2651 key_count = get_unaligned_le16(&cp->key_count);
2652
2653 expected_len = sizeof(*cp) + key_count *
2654 sizeof(struct mgmt_ltk_info);
2655 if (expected_len != len) {
2656 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2657 len, expected_len);
2658 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2659 EINVAL);
2660 }
2661
2662 hdev = hci_dev_get(index);
2663 if (!hdev)
2664 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2665 ENODEV);
2666
2667 BT_DBG("hci%u key_count %u", index, key_count);
2668
2669 hci_dev_lock(hdev);
2670
2671 hci_smp_ltks_clear(hdev);
2672
2673 for (i = 0; i < key_count; i++) {
2674 struct mgmt_ltk_info *key = &cp->keys[i];
2675 u8 type;
2676
2677 if (key->master)
2678 type = HCI_SMP_LTK;
2679 else
2680 type = HCI_SMP_LTK_SLAVE;
2681
2682 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2683 type, 0, key->authenticated, key->val,
2684 key->enc_size, key->ediv, key->rand);
2685 }
2686
2687 hci_dev_unlock(hdev);
2688 hci_dev_put(hdev);
2689
2690 return 0;
2691}
2692
0381101f
JH		 2693int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2694{
650f726d
VCG		 2695 void *buf;
2696 u8 *cp;
0381101f 2697 struct mgmt_hdr *hdr;
4e51eae9 2698 u16 opcode, index, len;
0381101f
JH		 2699 int err;
2700
2701 BT_DBG("got %zu bytes", msglen);
2702
2703 if (msglen < sizeof(*hdr))
2704 return -EINVAL;
2705
e63a15ec 2706 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2707 if (!buf)
2708 return -ENOMEM;
2709
2710 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2711 err = -EFAULT;
2712 goto done;
2713 }
2714
650f726d 2715 hdr = buf;
0381101f 2716 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2717 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2718 len = get_unaligned_le16(&hdr->len);
2719
2720 if (len != msglen - sizeof(*hdr)) {
2721 err = -EINVAL;
2722 goto done;
2723 }
2724
650f726d
VCG		 2725 cp = buf + sizeof(*hdr);
2726
0381101f 2727 switch (opcode) {
02d98129
JH		 2728 case MGMT_OP_READ_VERSION:
2729 err = read_version(sk);
2730 break;
e70bb2e8
JH		 2731 case MGMT_OP_READ_COMMANDS:
2732 err = read_commands(sk);
2733 break;
faba42eb
JH		 2734 case MGMT_OP_READ_INDEX_LIST:
2735 err = read_index_list(sk);
2736 break;
f7b64e69 2737 case MGMT_OP_READ_INFO:
4e51eae9 2738 err = read_controller_info(sk, index);
f7b64e69 2739 break;
eec8d2bc 2740 case MGMT_OP_SET_POWERED:
650f726d 2741 err = set_powered(sk, index, cp, len);
eec8d2bc 2742 break;
73f22f62 2743 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2744 err = set_discoverable(sk, index, cp, len);
73f22f62 2745 break;
9fbcbb45 2746 case MGMT_OP_SET_CONNECTABLE:
650f726d 2747 err = set_connectable(sk, index, cp, len);
9fbcbb45 2748 break;
f7c6869c 2749 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2750 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2751 break;
c542a06c 2752 case MGMT_OP_SET_PAIRABLE:
650f726d 2753 err = set_pairable(sk, index, cp, len);
c542a06c 2754 break;
33ef95ed
JH		 2755 case MGMT_OP_SET_LINK_SECURITY:
2756 err = set_link_security(sk, index, cp, len);
2757 break;
ed2c4ee3
JH		 2758 case MGMT_OP_SET_SSP:
2759 err = set_ssp(sk, index, cp, len);
2760 break;
6d80dfd0
JH		 2761 case MGMT_OP_SET_HS:
2762 err = set_hs(sk, index, cp, len);
2763 break;
2aeb9a1a 2764 case MGMT_OP_ADD_UUID:
650f726d 2765 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2766 break;
2767 case MGMT_OP_REMOVE_UUID:
650f726d 2768 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2769 break;
1aff6f09 2770 case MGMT_OP_SET_DEV_CLASS:
650f726d 2771 err = set_dev_class(sk, index, cp, len);
1aff6f09 2772 break;
86742e1e 2773 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2774 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2775 break;
8962ee74 2776 case MGMT_OP_DISCONNECT:
650f726d 2777 err = disconnect(sk, index, cp, len);
8962ee74 2778 break;
2784eb41 2779 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2780 err = get_connections(sk, index);
2784eb41 2781 break;
980e1a53 2782 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2783 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2784 break;
2785 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2786 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2787 break;
17fa4b9d 2788 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2789 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2790 break;
e9a416b5 2791 case MGMT_OP_PAIR_DEVICE:
650f726d 2792 err = pair_device(sk, index, cp, len);
e9a416b5 2793 break;
28424707
JH		 2794 case MGMT_OP_CANCEL_PAIR_DEVICE:
2795 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2796 break;
124f6e35
JH		 2797 case MGMT_OP_UNPAIR_DEVICE:
2798 err = unpair_device(sk, index, cp, len);
2799 break;
a5c29683 2800 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2801 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2802 break;
2803 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2804 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2805 break;
604086b7 2806 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2807 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2808 break;
2809 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2810 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2811 break;
b312b161 2812 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2813 err = set_local_name(sk, index, cp, len);
b312b161 2814 break;
c35938b2
SJ		 2815 case MGMT_OP_READ_LOCAL_OOB_DATA:
2816 err = read_local_oob_data(sk, index);
2817 break;
2763eda6 2818 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2819 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2820 break;
2821 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2822 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2823 break;
14a53664 2824 case MGMT_OP_START_DISCOVERY:
650f726d 2825 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2826 break;
2827 case MGMT_OP_STOP_DISCOVERY:
d930650b 2828 err = stop_discovery(sk, index, cp, len);
14a53664 2829 break;
561aafbc 2830 case MGMT_OP_CONFIRM_NAME:
650f726d 2831 err = confirm_name(sk, index, cp, len);
561aafbc 2832 break;
7fbec224 2833 case MGMT_OP_BLOCK_DEVICE:
650f726d 2834 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2835 break;
2836 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2837 err = unblock_device(sk, index, cp, len);
7fbec224 2838 break;
346af67b
VCG		 2839 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2840 err = load_long_term_keys(sk, index, cp, len);
2841 break;
0381101f
JH		 2842 default:
2843 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2844 err = cmd_status(sk, index, opcode,
2845 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2846 break;
2847 }
2848
e41d8b4e
JH		 2849 if (err < 0)
2850 goto done;
2851
0381101f
JH		 2852 err = msglen;
2853
2854done:
2855 kfree(buf);
2856 return err;
2857}
c71e97bf 2858
b24752fe
JH		 2859static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2860{
2861 u8 *status = data;
2862
2863 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2864 mgmt_pending_remove(cmd);
2865}
2866
744cf19e 2867int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2868{
744cf19e 2869 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2870}
2871
744cf19e 2872int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2873{
b24752fe
JH		 2874 u8 status = ENODEV;
2875
744cf19e 2876 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2877
744cf19e 2878 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2879}
2880
73f22f62 2881struct cmd_lookup {
eec8d2bc 2882 struct sock *sk;
69ab39ea 2883 struct hci_dev *hdev;
eec8d2bc
JH		 2884};
2885
69ab39ea 2886static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2887{
73f22f62 2888 struct cmd_lookup *match = data;
eec8d2bc 2889
69ab39ea 2890 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2891
2892 list_del(&cmd->list);
2893
2894 if (match->sk == NULL) {
2895 match->sk = cmd->sk;
2896 sock_hold(match->sk);
2897 }
2898
2899 mgmt_pending_free(cmd);
c71e97bf 2900}
5add6af8 2901
744cf19e 2902int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2903{
76a7f3a4 2904 struct cmd_lookup match = { NULL, hdev };
69ab39ea 2905 __le32 ev;
7bb895d6 2906 int err;
5add6af8 2907
5e5282bb
JH		 2908 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2909 return 0;
2910
69ab39ea 2911 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2912
5e5282bb
JH		 2913 if (powered) {
2914 u8 scan = 0;
2915
2916 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2917 scan |= SCAN_PAGE;
2918 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2919 scan |= SCAN_INQUIRY;
2920
2921 if (scan)
2922 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2923 } else {
b24752fe 2924 u8 status = ENETDOWN;
744cf19e 2925 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2926 }
2927
69ab39ea 2928 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2929
7bb895d6 2930 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
69ab39ea 2931 match.sk);
eec8d2bc
JH		 2932
2933 if (match.sk)
2934 sock_put(match.sk);
2935
7bb895d6 2936 return err;
5add6af8 2937}
73f22f62 2938
744cf19e 2939int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2940{
76a7f3a4 2941 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2942 bool changed = false;
2943 int err = 0;
73f22f62 2944
69ab39ea 2945 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2946
5e5282bb
JH		 2947 if (discoverable) {
2948 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2949 changed = true;
2950 } else {
2951 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2952 changed = true;
2953 }
73f22f62 2954
5e5282bb
JH		 2955 if (changed) {
2956 __le32 ev = cpu_to_le32(get_current_settings(hdev));
2957 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2958 match.sk);
5e5282bb
JH		 2959 }
2960
73f22f62
JH		 2961 if (match.sk)
2962 sock_put(match.sk);
2963
7bb895d6 2964 return err;
73f22f62 2965}
9fbcbb45 2966
744cf19e 2967int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2968{
76a7f3a4 2969 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2970 bool changed = false;
2971 int err = 0;
9fbcbb45 2972
69ab39ea
JH		 2973 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2974 &match);
9fbcbb45 2975
5e5282bb
JH		 2976 if (connectable) {
2977 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2978 changed = true;
2979 } else {
2980 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2981 changed = true;
2982 }
9fbcbb45 2983
5e5282bb
JH		 2984 if (changed) {
2985 __le32 ev = cpu_to_le32(get_current_settings(hdev));
2986 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2987 match.sk);
2988 }
9fbcbb45
JH		 2989
2990 if (match.sk)
2991 sock_put(match.sk);
2992
7bb895d6 2993 return err;
9fbcbb45 2994}
55ed8ca1 2995
744cf19e 2996int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2997{
ca69b795
JH		 2998 u8 mgmt_err = mgmt_status(status);
2999
2d7cee58 3000 if (scan & SCAN_PAGE)
744cf19e 3001 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 3002 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3003
3004 if (scan & SCAN_INQUIRY)
744cf19e 3005 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 3006 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3007
3008 return 0;
3009}
3010
744cf19e
JH		 3011int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3012 u8 persistent)
55ed8ca1 3013{
86742e1e 3014 struct mgmt_ev_new_link_key ev;
55ed8ca1 3015
a492cd52 3016 memset(&ev, 0, sizeof(ev));
55ed8ca1 3017
a492cd52 3018 ev.store_hint = persistent;
d753fdc4
JH		 3019 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3020 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 3021 ev.key.type = key->type;
3022 memcpy(ev.key.val, key->val, 16);
3023 ev.key.pin_len = key->pin_len;
55ed8ca1 3024
744cf19e 3025 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3026}
f7520543 3027
346af67b
VCG		 3028int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3029{
3030 struct mgmt_ev_new_long_term_key ev;
3031
3032 memset(&ev, 0, sizeof(ev));
3033
3034 ev.store_hint = persistent;
3035 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3036 ev.key.addr.type = key->bdaddr_type;
3037 ev.key.authenticated = key->authenticated;
3038 ev.key.enc_size = key->enc_size;
3039 ev.key.ediv = key->ediv;
3040
3041 if (key->type == HCI_SMP_LTK)
3042 ev.key.master = 1;
3043
3044 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3045 memcpy(ev.key.val, key->val, sizeof(key->val));
3046
3047 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3048 &ev, sizeof(ev), NULL);
3049}
3050
afc747a6 3051int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 3052 u8 addr_type, u8 *name, u8 name_len,
3053 u8 *dev_class)
f7520543 3054{
b644ba33
JH		 3055 char buf[512];
3056 struct mgmt_ev_device_connected *ev = (void *) buf;
3057 u16 eir_len = 0;
f7520543 3058
b644ba33
JH		 3059 bacpy(&ev->addr.bdaddr, bdaddr);
3060 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3061
b644ba33
JH		 3062 if (name_len > 0)
3063 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3064 name, name_len);
3065
3066 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3067 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3068 EIR_CLASS_OF_DEV, dev_class, 3);
3069
3070 put_unaligned_le16(eir_len, &ev->eir_len);
3071
3072 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3073 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3074}
3075
8962ee74
JH		 3076static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3077{
c68fb7ff 3078 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3079 struct sock **sk = data;
a38528f1 3080 struct mgmt_rp_disconnect rp;
8962ee74 3081
88c3df13
JH		 3082 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3083 rp.addr.type = cp->addr.type;
8962ee74 3084
aee9b218
JH		 3085 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3086 sizeof(rp));
8962ee74
JH		 3087
3088 *sk = cmd->sk;
3089 sock_hold(*sk);
3090
a664b5bc 3091 mgmt_pending_remove(cmd);
8962ee74
JH		 3092}
3093
124f6e35 3094static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3095{
b1078ad0 3096 struct hci_dev *hdev = data;
124f6e35
JH		 3097 struct mgmt_cp_unpair_device *cp = cmd->param;
3098 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3099
3100 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3101 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3102 rp.addr.type = cp->addr.type;
a8a1d19e 3103
b1078ad0
JH		 3104 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3105
aee9b218 3106 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3107
3108 mgmt_pending_remove(cmd);
3109}
3110
afc747a6
JH		 3111int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3112 u8 link_type, u8 addr_type)
f7520543 3113{
4c659c39 3114 struct mgmt_addr_info ev;
8962ee74
JH		 3115 struct sock *sk = NULL;
3116 int err;
3117
744cf19e 3118 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3119
f7520543 3120 bacpy(&ev.bdaddr, bdaddr);
48264f06 3121 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3122
afc747a6
JH		 3123 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3124 sk);
8962ee74
JH		 3125
3126 if (sk)
3127 sock_put(sk);
3128
124f6e35 3129 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3130 hdev);
a8a1d19e 3131
8962ee74
JH		 3132 return err;
3133}
3134
88c3df13
JH		 3135int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3136 u8 link_type, u8 addr_type, u8 status)
8962ee74 3137{
88c3df13 3138 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3139 struct pending_cmd *cmd;
3140 int err;
3141
2e58ef3e 3142 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3143 if (!cmd)
3144 return -ENOENT;
3145
88c3df13
JH		 3146 bacpy(&rp.addr.bdaddr, bdaddr);
3147 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3148
88c3df13 3149 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3150 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3151
a664b5bc 3152 mgmt_pending_remove(cmd);
8962ee74 3153
b1078ad0
JH		 3154 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3155 hdev);
8962ee74 3156 return err;
f7520543 3157}
17d5c04c 3158
48264f06
JH		 3159int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3160 u8 addr_type, u8 status)
17d5c04c
JH		 3161{
3162 struct mgmt_ev_connect_failed ev;
3163
4c659c39 3164 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3165 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3166 ev.status = mgmt_status(status);
17d5c04c 3167
744cf19e 3168 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3169}
980e1a53 3170
744cf19e 3171int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3172{
3173 struct mgmt_ev_pin_code_request ev;
3174
d8457698
JH		 3175 bacpy(&ev.addr.bdaddr, bdaddr);
3176 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3177 ev.secure = secure;
980e1a53 3178
744cf19e 3179 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3180 NULL);
980e1a53
JH		 3181}
3182
744cf19e
JH		 3183int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3184 u8 status)
980e1a53
JH		 3185{
3186 struct pending_cmd *cmd;
ac56fb13 3187 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3188 int err;
3189
2e58ef3e 3190 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3191 if (!cmd)
3192 return -ENOENT;
3193
d8457698
JH		 3194 bacpy(&rp.addr.bdaddr, bdaddr);
3195 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3196
aee9b218
JH		 3197 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3198 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3199
a664b5bc 3200 mgmt_pending_remove(cmd);
980e1a53
JH		 3201
3202 return err;
3203}
3204
744cf19e
JH		 3205int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3206 u8 status)
980e1a53
JH		 3207{
3208 struct pending_cmd *cmd;
ac56fb13 3209 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3210 int err;
3211
2e58ef3e 3212 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3213 if (!cmd)
3214 return -ENOENT;
3215
d8457698
JH		 3216 bacpy(&rp.addr.bdaddr, bdaddr);
3217 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3218
aee9b218
JH		 3219 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3220 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3221
a664b5bc 3222 mgmt_pending_remove(cmd);
980e1a53
JH		 3223
3224 return err;
3225}
a5c29683 3226
744cf19e 3227int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3228 u8 link_type, u8 addr_type, __le32 value,
3229 u8 confirm_hint)
a5c29683
JH		 3230{
3231 struct mgmt_ev_user_confirm_request ev;
3232
744cf19e 3233 BT_DBG("%s", hdev->name);
a5c29683 3234
272d90df
JH		 3235 bacpy(&ev.addr.bdaddr, bdaddr);
3236 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3237 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3238 put_unaligned_le32(value, &ev.value);
3239
744cf19e 3240 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3241 NULL);
a5c29683
JH		 3242}
3243
272d90df
JH		 3244int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3245 u8 link_type, u8 addr_type)
604086b7
BG		 3246{
3247 struct mgmt_ev_user_passkey_request ev;
3248
3249 BT_DBG("%s", hdev->name);
3250
272d90df
JH		 3251 bacpy(&ev.addr.bdaddr, bdaddr);
3252 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3253
3254 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3255 NULL);
3256}
3257
0df4c185 3258static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3259 u8 link_type, u8 addr_type, u8 status,
3260 u8 opcode)
a5c29683
JH		 3261{
3262 struct pending_cmd *cmd;
3263 struct mgmt_rp_user_confirm_reply rp;
3264 int err;
3265
2e58ef3e 3266 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3267 if (!cmd)
3268 return -ENOENT;
3269
272d90df
JH		 3270 bacpy(&rp.addr.bdaddr, bdaddr);
3271 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3272 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3273 &rp, sizeof(rp));
a5c29683 3274
a664b5bc 3275 mgmt_pending_remove(cmd);
a5c29683
JH		 3276
3277 return err;
3278}
3279
744cf19e 3280int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3281 u8 link_type, u8 addr_type, u8 status)
a5c29683 3282{
272d90df
JH		 3283 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3284 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3285}
3286
272d90df
JH		 3287int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3288 u8 link_type, u8 addr_type, u8 status)
a5c29683 3289{
272d90df
JH		 3290 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3291 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3292}
2a611692 3293
604086b7 3294int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3295 u8 link_type, u8 addr_type, u8 status)
604086b7 3296{
272d90df
JH		 3297 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3298 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3299}
3300
272d90df
JH		 3301int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3302 u8 link_type, u8 addr_type, u8 status)
604086b7 3303{
272d90df
JH		 3304 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3305 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3306}
3307
bab73cb6
JH		 3308int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3309 u8 addr_type, u8 status)
2a611692
JH		 3310{
3311 struct mgmt_ev_auth_failed ev;
3312
bab73cb6
JH		 3313 bacpy(&ev.addr.bdaddr, bdaddr);
3314 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3315 ev.status = mgmt_status(status);
2a611692 3316
744cf19e 3317 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3318}
b312b161 3319
33ef95ed
JH		 3320int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3321{
3322 struct cmd_lookup match = { NULL, hdev };
3323 __le32 ev;
3324 int err;
3325
3326 if (status) {
3327 u8 mgmt_err = mgmt_status(status);
3328 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3329 cmd_status_rsp, &mgmt_err);
3330 return 0;
3331 }
3332
3333 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3334 &match);
3335
3336 ev = cpu_to_le32(get_current_settings(hdev));
3337 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3338
3339 if (match.sk)
3340 sock_put(match.sk);
3341
3342 return err;
3343}
3344
cacaf52f
JH		 3345static int clear_eir(struct hci_dev *hdev)
3346{
3347 struct hci_cp_write_eir cp;
3348
3349 if (!(hdev->features[6] & LMP_EXT_INQ))
3350 return 0;
3351
3352 memset(&cp, 0, sizeof(cp));
3353
3354 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3355}
3356
ed2c4ee3
JH		 3357int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3358{
3359 struct cmd_lookup match = { NULL, hdev };
3360 __le32 ev;
3361 int err;
3362
3363 if (status) {
3364 u8 mgmt_err = mgmt_status(status);
3365 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3366 cmd_status_rsp, &mgmt_err);
3367 return 0;
3368 }
3369
3370 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3371
3372 ev = cpu_to_le32(get_current_settings(hdev));
3373 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3374
cacaf52f 3375 if (match.sk) {
ed2c4ee3
JH		 3376 sock_put(match.sk);
3377
cacaf52f
JH		 3378 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3379 update_eir(hdev);
3380 else
3381 clear_eir(hdev);
3382 }
3383
ed2c4ee3
JH		 3384 return err;
3385}
3386
744cf19e 3387int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3388{
3389 struct pending_cmd *cmd;
3390 struct mgmt_cp_set_local_name ev;
3391 int err;
3392
3393 memset(&ev, 0, sizeof(ev));
3394 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3395
2e58ef3e 3396 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3397 if (!cmd)
3398 goto send_event;
3399
3400 if (status) {
744cf19e 3401 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3402 mgmt_status(status));
b312b161
JH		 3403 goto failed;
3404 }
3405
744cf19e 3406 update_eir(hdev);
80a1e1db 3407
aee9b218 3408 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3409 sizeof(ev));
3410 if (err < 0)
3411 goto failed;
3412
3413send_event:
744cf19e 3414 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3415 cmd ? cmd->sk : NULL);
3416
3417failed:
3418 if (cmd)
3419 mgmt_pending_remove(cmd);
3420 return err;
3421}
c35938b2 3422
744cf19e
JH		 3423int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3424 u8 *randomizer, u8 status)
c35938b2
SJ		 3425{
3426 struct pending_cmd *cmd;
3427 int err;
3428
744cf19e 3429 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3430
2e58ef3e 3431 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3432 if (!cmd)
3433 return -ENOENT;
3434
3435 if (status) {
744cf19e 3436 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3437 MGMT_OP_READ_LOCAL_OOB_DATA,
3438 mgmt_status(status));
c35938b2
SJ		 3439 } else {
3440 struct mgmt_rp_read_local_oob_data rp;
3441
3442 memcpy(rp.hash, hash, sizeof(rp.hash));
3443 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3444
744cf19e
JH		 3445 err = cmd_complete(cmd->sk, hdev->id,
3446 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3447 0, &rp, sizeof(rp));
c35938b2
SJ		 3448 }
3449
3450 mgmt_pending_remove(cmd);
3451
3452 return err;
3453}
e17acd40 3454
48264f06 3455int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3456 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3457 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3458{
e319d2e7
JH		 3459 char buf[512];
3460 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3461 size_t ev_size;
e17acd40 3462
1dc06093
JH		 3463 /* Leave 5 bytes for a potential CoD field */
3464 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3465 return -EINVAL;
3466
1dc06093
JH		 3467 memset(buf, 0, sizeof(buf));
3468
e319d2e7
JH		 3469 bacpy(&ev->addr.bdaddr, bdaddr);
3470 ev->addr.type = link_to_mgmt(link_type, addr_type);
3471 ev->rssi = rssi;
3472 ev->confirm_name = cfm_name;
e17acd40 3473
1dc06093 3474 if (eir_len > 0)
e319d2e7 3475 memcpy(ev->eir, eir, eir_len);
e17acd40 3476
1dc06093
JH		 3477 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3478 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3479 dev_class, 3);
3480
3481 put_unaligned_le16(eir_len, &ev->eir_len);
3482
3483 ev_size = sizeof(*ev) + eir_len;
f8523598 3484
e319d2e7 3485 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3486}
a88a9652 3487
b644ba33
JH		 3488int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3489 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3490{
b644ba33
JH		 3491 struct mgmt_ev_device_found *ev;
3492 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3493 u16 eir_len;
a88a9652 3494
b644ba33 3495 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3496
b644ba33
JH		 3497 memset(buf, 0, sizeof(buf));
3498
3499 bacpy(&ev->addr.bdaddr, bdaddr);
3500 ev->addr.type = link_to_mgmt(link_type, addr_type);
3501 ev->rssi = rssi;
3502
3503 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3504 name_len);
3505
3506 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3507
053c7e0c
JH		 3508 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3509 sizeof(*ev) + eir_len, NULL);
a88a9652 3510}
314b2381 3511
7a135109 3512int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3513{
3514 struct pending_cmd *cmd;
f808e166 3515 u8 type;
164a6e78
JH		 3516 int err;
3517
203159d4
AG		 3518 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3519
2e58ef3e 3520 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3521 if (!cmd)
3522 return -ENOENT;
3523
f808e166
JH		 3524 type = hdev->discovery.type;
3525
3526 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3527 &type, sizeof(type));
164a6e78
JH		 3528 mgmt_pending_remove(cmd);
3529
3530 return err;
3531}
3532
e6d465cb
AG		 3533int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3534{
3535 struct pending_cmd *cmd;
3536 int err;
3537
3538 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3539 if (!cmd)
3540 return -ENOENT;
3541
d930650b
JH		 3542 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3543 &hdev->discovery.type,
3544 sizeof(hdev->discovery.type));
164a6e78
JH		 3545 mgmt_pending_remove(cmd);
3546
3547 return err;
3548}
3549
744cf19e 3550int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3551{
f963e8e9 3552 struct mgmt_ev_discovering ev;
164a6e78
JH		 3553 struct pending_cmd *cmd;
3554
343fb145
AG		 3555 BT_DBG("%s discovering %u", hdev->name, discovering);
3556
164a6e78 3557 if (discovering)
2e58ef3e 3558 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3559 else
2e58ef3e 3560 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3561
3562 if (cmd != NULL) {
f808e166
JH		 3563 u8 type = hdev->discovery.type;
3564
d930650b 3565 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3566 &type, sizeof(type));
164a6e78
JH		 3567 mgmt_pending_remove(cmd);
3568 }
3569
f963e8e9
JH		 3570 memset(&ev, 0, sizeof(ev));
3571 ev.type = hdev->discovery.type;
3572 ev.discovering = discovering;
3573
3574 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3575}
5e762444 3576
88c1fe4b 3577int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3578{
3579 struct pending_cmd *cmd;
3580 struct mgmt_ev_device_blocked ev;
3581
2e58ef3e 3582 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3583
88c1fe4b
JH		 3584 bacpy(&ev.addr.bdaddr, bdaddr);
3585 ev.addr.type = type;
5e762444 3586
744cf19e
JH		 3587 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3588 cmd ? cmd->sk : NULL);
5e762444
AJ		 3589}
3590
88c1fe4b 3591int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3592{
3593 struct pending_cmd *cmd;
3594 struct mgmt_ev_device_unblocked ev;
3595
2e58ef3e 3596 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3597
88c1fe4b
JH		 3598 bacpy(&ev.addr.bdaddr, bdaddr);
3599 ev.addr.type = type;
5e762444 3600
744cf19e
JH		 3601 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3602 cmd ? cmd->sk : NULL);
5e762444 3603}
d7b7e796
MH		 3604
3605module_param(enable_hs, bool, 0644);
3606MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3607
3608module_param(enable_le, bool, 0644);
3609MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux kernel - Deliverables
This page took 0.346709 seconds and 5 git commands to generate.