projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Add Intel copyright to mgmt files
[deliverable/linux.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/kernel.h>
28 #include <linux/uaccess.h>
29 #include <linux/module.h>
30 #include <asm/unaligned.h>
31
32 #include <net/bluetooth/bluetooth.h>
33 #include <net/bluetooth/hci_core.h>
34 #include <net/bluetooth/mgmt.h>
35 #include <net/bluetooth/smp.h>
36
37 #define MGMT_VERSION 0
38 #define MGMT_REVISION 1
39
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 };
79
80 static const u16 mgmt_events[] = {
81 MGMT_EV_CONTROLLER_ERROR,
82 MGMT_EV_INDEX_ADDED,
83 MGMT_EV_INDEX_REMOVED,
84 MGMT_EV_NEW_SETTINGS,
85 MGMT_EV_CLASS_OF_DEV_CHANGED,
86 MGMT_EV_LOCAL_NAME_CHANGED,
87 MGMT_EV_NEW_LINK_KEY,
88 MGMT_EV_NEW_LONG_TERM_KEY,
89 MGMT_EV_DEVICE_CONNECTED,
90 MGMT_EV_DEVICE_DISCONNECTED,
91 MGMT_EV_CONNECT_FAILED,
92 MGMT_EV_PIN_CODE_REQUEST,
93 MGMT_EV_USER_CONFIRM_REQUEST,
94 MGMT_EV_USER_PASSKEY_REQUEST,
95 MGMT_EV_AUTH_FAILED,
96 MGMT_EV_DEVICE_FOUND,
97 MGMT_EV_DISCOVERING,
98 MGMT_EV_DEVICE_BLOCKED,
99 MGMT_EV_DEVICE_UNBLOCKED,
100 MGMT_EV_DEVICE_UNPAIRED,
101 };
102
103 /*
104 * These LE scan and inquiry parameters were chosen according to LE General
105 * Discovery Procedure specification.
106 */
107 #define LE_SCAN_TYPE 0x01
108 #define LE_SCAN_WIN 0x12
109 #define LE_SCAN_INT 0x12
110 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
111
112 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
113
114 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
115
116 struct pending_cmd {
117 struct list_head list;
118 u16 opcode;
119 int index;
120 void *param;
121 struct sock *sk;
122 void *user_data;
123 };
124
125 /* HCI to MGMT error code conversion table */
126 static u8 mgmt_status_table[] = {
127 MGMT_STATUS_SUCCESS,
128 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
129 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
130 MGMT_STATUS_FAILED, /* Hardware Failure */
131 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
132 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
133 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
134 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
135 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
136 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
137 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
138 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
139 MGMT_STATUS_BUSY, /* Command Disallowed */
140 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
141 MGMT_STATUS_REJECTED, /* Rejected Security */
142 MGMT_STATUS_REJECTED, /* Rejected Personal */
143 MGMT_STATUS_TIMEOUT, /* Host Timeout */
144 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
145 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
146 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
147 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
148 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
149 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
150 MGMT_STATUS_BUSY, /* Repeated Attempts */
151 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
152 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
154 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
155 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
156 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
157 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
158 MGMT_STATUS_FAILED, /* Unspecified Error */
159 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
160 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
161 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
162 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
163 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
164 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
165 MGMT_STATUS_FAILED, /* Unit Link Key Used */
166 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
167 MGMT_STATUS_TIMEOUT, /* Instant Passed */
168 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
169 MGMT_STATUS_FAILED, /* Transaction Collision */
170 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
171 MGMT_STATUS_REJECTED, /* QoS Rejected */
172 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
173 MGMT_STATUS_REJECTED, /* Insufficient Security */
174 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
175 MGMT_STATUS_BUSY, /* Role Switch Pending */
176 MGMT_STATUS_FAILED, /* Slot Violation */
177 MGMT_STATUS_FAILED, /* Role Switch Failed */
178 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
179 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
180 MGMT_STATUS_BUSY, /* Host Busy Pairing */
181 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
182 MGMT_STATUS_BUSY, /* Controller Busy */
183 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
184 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
185 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
186 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
187 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
188 };
189
190 static u8 mgmt_status(u8 hci_status)
191 {
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196 }
197
198 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
199 {
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
203 int err;
204
205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
206
207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
213 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
214 hdr->index = cpu_to_le16(index);
215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
219 put_unaligned_le16(cmd, &ev->opcode);
220
221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
223 kfree_skb(skb);
224
225 return err;
226 }
227
228 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
229 size_t rp_len)
230 {
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
234 int err;
235
236 BT_DBG("sock %p", sk);
237
238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
243
244 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
245 hdr->index = cpu_to_le16(index);
246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
247
248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
249 put_unaligned_le16(cmd, &ev->opcode);
250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
253
254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
256 kfree_skb(skb);
257
258 return err;;
259 }
260
261 static int read_version(struct sock *sk)
262 {
263 struct mgmt_rp_read_version rp;
264
265 BT_DBG("sock %p", sk);
266
267 rp.version = MGMT_VERSION;
268 put_unaligned_le16(MGMT_REVISION, &rp.revision);
269
270 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
271 sizeof(rp));
272 }
273
274 static int read_commands(struct sock *sk)
275 {
276 struct mgmt_rp_read_commands *rp;
277 u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 u16 num_events = ARRAY_SIZE(mgmt_events);
279 u16 *opcode;
280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
291 put_unaligned_le16(num_commands, &rp->num_commands);
292 put_unaligned_le16(num_events, &rp->num_events);
293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, rp,
301 rp_size);
302 kfree(rp);
303
304 return err;
305 }
306
307 static int read_index_list(struct sock *sk)
308 {
309 struct mgmt_rp_read_index_list *rp;
310 struct list_head *p;
311 struct hci_dev *d;
312 size_t rp_len;
313 u16 count;
314 int i, err;
315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
321 list_for_each(p, &hci_dev_list) {
322 count++;
323 }
324
325 rp_len = sizeof(*rp) + (2 * count);
326 rp = kmalloc(rp_len, GFP_ATOMIC);
327 if (!rp) {
328 read_unlock(&hci_dev_list_lock);
329 return -ENOMEM;
330 }
331
332 put_unaligned_le16(count, &rp->num_controllers);
333
334 i = 0;
335 list_for_each_entry(d, &hci_dev_list, list) {
336 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
337 cancel_delayed_work(&d->power_off);
338
339 if (test_bit(HCI_SETUP, &d->dev_flags))
340 continue;
341
342 put_unaligned_le16(d->id, &rp->index[i++]);
343 BT_DBG("Added hci%u", d->id);
344 }
345
346 read_unlock(&hci_dev_list_lock);
347
348 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
349 rp_len);
350
351 kfree(rp);
352
353 return err;
354 }
355
356 static u32 get_supported_settings(struct hci_dev *hdev)
357 {
358 u32 settings = 0;
359
360 settings |= MGMT_SETTING_POWERED;
361 settings |= MGMT_SETTING_CONNECTABLE;
362 settings |= MGMT_SETTING_FAST_CONNECTABLE;
363 settings |= MGMT_SETTING_DISCOVERABLE;
364 settings |= MGMT_SETTING_PAIRABLE;
365
366 if (hdev->features[6] & LMP_SIMPLE_PAIR)
367 settings |= MGMT_SETTING_SSP;
368
369 if (!(hdev->features[4] & LMP_NO_BREDR)) {
370 settings |= MGMT_SETTING_BREDR;
371 settings |= MGMT_SETTING_LINK_SECURITY;
372 }
373
374 if (hdev->features[4] & LMP_LE)
375 settings |= MGMT_SETTING_LE;
376
377 return settings;
378 }
379
380 static u32 get_current_settings(struct hci_dev *hdev)
381 {
382 u32 settings = 0;
383
384 if (test_bit(HCI_UP, &hdev->flags))
385 settings |= MGMT_SETTING_POWERED;
386 else
387 return settings;
388
389 if (test_bit(HCI_PSCAN, &hdev->flags))
390 settings |= MGMT_SETTING_CONNECTABLE;
391
392 if (test_bit(HCI_ISCAN, &hdev->flags))
393 settings |= MGMT_SETTING_DISCOVERABLE;
394
395 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
396 settings |= MGMT_SETTING_PAIRABLE;
397
398 if (!(hdev->features[4] & LMP_NO_BREDR))
399 settings |= MGMT_SETTING_BREDR;
400
401 if (hdev->host_features[0] & LMP_HOST_LE)
402 settings |= MGMT_SETTING_LE;
403
404 if (test_bit(HCI_AUTH, &hdev->flags))
405 settings |= MGMT_SETTING_LINK_SECURITY;
406
407 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
408 settings |= MGMT_SETTING_SSP;
409
410 return settings;
411 }
412
413 #define PNP_INFO_SVCLASS_ID 0x1200
414
415 static u8 bluetooth_base_uuid[] = {
416 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
417 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
418 };
419
420 static u16 get_uuid16(u8 *uuid128)
421 {
422 u32 val;
423 int i;
424
425 for (i = 0; i < 12; i++) {
426 if (bluetooth_base_uuid[i] != uuid128[i])
427 return 0;
428 }
429
430 memcpy(&val, &uuid128[12], 4);
431
432 val = le32_to_cpu(val);
433 if (val > 0xffff)
434 return 0;
435
436 return (u16) val;
437 }
438
439 static void create_eir(struct hci_dev *hdev, u8 *data)
440 {
441 u8 *ptr = data;
442 u16 eir_len = 0;
443 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
444 int i, truncated = 0;
445 struct bt_uuid *uuid;
446 size_t name_len;
447
448 name_len = strlen(hdev->dev_name);
449
450 if (name_len > 0) {
451 /* EIR Data type */
452 if (name_len > 48) {
453 name_len = 48;
454 ptr[1] = EIR_NAME_SHORT;
455 } else
456 ptr[1] = EIR_NAME_COMPLETE;
457
458 /* EIR Data length */
459 ptr[0] = name_len + 1;
460
461 memcpy(ptr + 2, hdev->dev_name, name_len);
462
463 eir_len += (name_len + 2);
464 ptr += (name_len + 2);
465 }
466
467 memset(uuid16_list, 0, sizeof(uuid16_list));
468
469 /* Group all UUID16 types */
470 list_for_each_entry(uuid, &hdev->uuids, list) {
471 u16 uuid16;
472
473 uuid16 = get_uuid16(uuid->uuid);
474 if (uuid16 == 0)
475 return;
476
477 if (uuid16 < 0x1100)
478 continue;
479
480 if (uuid16 == PNP_INFO_SVCLASS_ID)
481 continue;
482
483 /* Stop if not enough space to put next UUID */
484 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
485 truncated = 1;
486 break;
487 }
488
489 /* Check for duplicates */
490 for (i = 0; uuid16_list[i] != 0; i++)
491 if (uuid16_list[i] == uuid16)
492 break;
493
494 if (uuid16_list[i] == 0) {
495 uuid16_list[i] = uuid16;
496 eir_len += sizeof(u16);
497 }
498 }
499
500 if (uuid16_list[0] != 0) {
501 u8 *length = ptr;
502
503 /* EIR Data type */
504 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
505
506 ptr += 2;
507 eir_len += 2;
508
509 for (i = 0; uuid16_list[i] != 0; i++) {
510 *ptr++ = (uuid16_list[i] & 0x00ff);
511 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
512 }
513
514 /* EIR Data length */
515 *length = (i * sizeof(u16)) + 1;
516 }
517 }
518
519 static int update_eir(struct hci_dev *hdev)
520 {
521 struct hci_cp_write_eir cp;
522
523 if (!(hdev->features[6] & LMP_EXT_INQ))
524 return 0;
525
526 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
527 return 0;
528
529 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
530 return 0;
531
532 memset(&cp, 0, sizeof(cp));
533
534 create_eir(hdev, cp.data);
535
536 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
537 return 0;
538
539 memcpy(hdev->eir, cp.data, sizeof(cp.data));
540
541 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
542 }
543
544 static u8 get_service_classes(struct hci_dev *hdev)
545 {
546 struct bt_uuid *uuid;
547 u8 val = 0;
548
549 list_for_each_entry(uuid, &hdev->uuids, list)
550 val |= uuid->svc_hint;
551
552 return val;
553 }
554
555 static int update_class(struct hci_dev *hdev)
556 {
557 u8 cod[3];
558
559 BT_DBG("%s", hdev->name);
560
561 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
562 return 0;
563
564 cod[0] = hdev->minor_class;
565 cod[1] = hdev->major_class;
566 cod[2] = get_service_classes(hdev);
567
568 if (memcmp(cod, hdev->dev_class, 3) == 0)
569 return 0;
570
571 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
572 }
573
574 static void service_cache_off(struct work_struct *work)
575 {
576 struct hci_dev *hdev = container_of(work, struct hci_dev,
577 service_cache.work);
578
579 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
580 return;
581
582 hci_dev_lock(hdev);
583
584 update_eir(hdev);
585 update_class(hdev);
586
587 hci_dev_unlock(hdev);
588 }
589
590 static void mgmt_init_hdev(struct hci_dev *hdev)
591 {
592 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
593 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
594
595 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
596 schedule_delayed_work(&hdev->service_cache,
597 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
598 }
599
600 static int read_controller_info(struct sock *sk, u16 index)
601 {
602 struct mgmt_rp_read_info rp;
603 struct hci_dev *hdev;
604
605 BT_DBG("sock %p hci%u", sk, index);
606
607 hdev = hci_dev_get(index);
608 if (!hdev)
609 return cmd_status(sk, index, MGMT_OP_READ_INFO,
610 MGMT_STATUS_INVALID_PARAMS);
611
612 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
613 cancel_delayed_work_sync(&hdev->power_off);
614
615 hci_dev_lock(hdev);
616
617 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
618 mgmt_init_hdev(hdev);
619
620 memset(&rp, 0, sizeof(rp));
621
622 bacpy(&rp.bdaddr, &hdev->bdaddr);
623
624 rp.version = hdev->hci_ver;
625
626 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
627
628 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
629 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
630
631 memcpy(rp.dev_class, hdev->dev_class, 3);
632
633 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
634
635 hci_dev_unlock(hdev);
636 hci_dev_put(hdev);
637
638 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
639 }
640
641 static void mgmt_pending_free(struct pending_cmd *cmd)
642 {
643 sock_put(cmd->sk);
644 kfree(cmd->param);
645 kfree(cmd);
646 }
647
648 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
649 struct hci_dev *hdev,
650 void *data, u16 len)
651 {
652 struct pending_cmd *cmd;
653
654 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
655 if (!cmd)
656 return NULL;
657
658 cmd->opcode = opcode;
659 cmd->index = hdev->id;
660
661 cmd->param = kmalloc(len, GFP_ATOMIC);
662 if (!cmd->param) {
663 kfree(cmd);
664 return NULL;
665 }
666
667 if (data)
668 memcpy(cmd->param, data, len);
669
670 cmd->sk = sk;
671 sock_hold(sk);
672
673 list_add(&cmd->list, &hdev->mgmt_pending);
674
675 return cmd;
676 }
677
678 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
679 void (*cb)(struct pending_cmd *cmd, void *data),
680 void *data)
681 {
682 struct list_head *p, *n;
683
684 list_for_each_safe(p, n, &hdev->mgmt_pending) {
685 struct pending_cmd *cmd;
686
687 cmd = list_entry(p, struct pending_cmd, list);
688
689 if (opcode > 0 && cmd->opcode != opcode)
690 continue;
691
692 cb(cmd, data);
693 }
694 }
695
696 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
697 {
698 struct pending_cmd *cmd;
699
700 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
701 if (cmd->opcode == opcode)
702 return cmd;
703 }
704
705 return NULL;
706 }
707
708 static void mgmt_pending_remove(struct pending_cmd *cmd)
709 {
710 list_del(&cmd->list);
711 mgmt_pending_free(cmd);
712 }
713
714 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
715 {
716 __le32 settings = cpu_to_le32(get_current_settings(hdev));
717
718 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
719 }
720
721 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
722 {
723 struct mgmt_mode *cp = data;
724 struct hci_dev *hdev;
725 struct pending_cmd *cmd;
726 int err, up;
727
728 BT_DBG("request for hci%u", index);
729
730 if (len != sizeof(*cp))
731 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
732 MGMT_STATUS_INVALID_PARAMS);
733
734 hdev = hci_dev_get(index);
735 if (!hdev)
736 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
737 MGMT_STATUS_INVALID_PARAMS);
738
739 hci_dev_lock(hdev);
740
741 up = test_bit(HCI_UP, &hdev->flags);
742 if ((cp->val && up) || (!cp->val && !up)) {
743 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
744 goto failed;
745 }
746
747 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
748 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
749 MGMT_STATUS_BUSY);
750 goto failed;
751 }
752
753 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
754 if (!cmd) {
755 err = -ENOMEM;
756 goto failed;
757 }
758
759 if (cp->val)
760 schedule_work(&hdev->power_on);
761 else
762 schedule_work(&hdev->power_off.work);
763
764 err = 0;
765
766 failed:
767 hci_dev_unlock(hdev);
768 hci_dev_put(hdev);
769 return err;
770 }
771
772 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
773 {
774 struct mgmt_cp_set_discoverable *cp = data;
775 struct hci_dev *hdev;
776 struct pending_cmd *cmd;
777 u8 scan;
778 int err;
779
780 BT_DBG("request for hci%u", index);
781
782 if (len != sizeof(*cp))
783 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
784 MGMT_STATUS_INVALID_PARAMS);
785
786 hdev = hci_dev_get(index);
787 if (!hdev)
788 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
789 MGMT_STATUS_INVALID_PARAMS);
790
791 hci_dev_lock(hdev);
792
793 if (!test_bit(HCI_UP, &hdev->flags)) {
794 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
795 MGMT_STATUS_NOT_POWERED);
796 goto failed;
797 }
798
799 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
800 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
801 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
802 MGMT_STATUS_BUSY);
803 goto failed;
804 }
805
806 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
807 test_bit(HCI_PSCAN, &hdev->flags)) {
808 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
809 goto failed;
810 }
811
812 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
813 if (!cmd) {
814 err = -ENOMEM;
815 goto failed;
816 }
817
818 scan = SCAN_PAGE;
819
820 if (cp->val)
821 scan |= SCAN_INQUIRY;
822 else
823 cancel_delayed_work(&hdev->discov_off);
824
825 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
826 if (err < 0)
827 mgmt_pending_remove(cmd);
828
829 if (cp->val)
830 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
831
832 failed:
833 hci_dev_unlock(hdev);
834 hci_dev_put(hdev);
835
836 return err;
837 }
838
839 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
840 {
841 struct mgmt_mode *cp = data;
842 struct hci_dev *hdev;
843 struct pending_cmd *cmd;
844 u8 scan;
845 int err;
846
847 BT_DBG("request for hci%u", index);
848
849 if (len != sizeof(*cp))
850 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
851 MGMT_STATUS_INVALID_PARAMS);
852
853 hdev = hci_dev_get(index);
854 if (!hdev)
855 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
856 MGMT_STATUS_INVALID_PARAMS);
857
858 hci_dev_lock(hdev);
859
860 if (!test_bit(HCI_UP, &hdev->flags)) {
861 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
862 MGMT_STATUS_NOT_POWERED);
863 goto failed;
864 }
865
866 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
867 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
868 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
869 MGMT_STATUS_BUSY);
870 goto failed;
871 }
872
873 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
874 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
875 goto failed;
876 }
877
878 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
879 if (!cmd) {
880 err = -ENOMEM;
881 goto failed;
882 }
883
884 if (cp->val)
885 scan = SCAN_PAGE;
886 else
887 scan = 0;
888
889 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
890 if (err < 0)
891 mgmt_pending_remove(cmd);
892
893 failed:
894 hci_dev_unlock(hdev);
895 hci_dev_put(hdev);
896
897 return err;
898 }
899
900 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
901 u16 data_len, struct sock *skip_sk)
902 {
903 struct sk_buff *skb;
904 struct mgmt_hdr *hdr;
905
906 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
907 if (!skb)
908 return -ENOMEM;
909
910 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
911
912 hdr = (void *) skb_put(skb, sizeof(*hdr));
913 hdr->opcode = cpu_to_le16(event);
914 if (hdev)
915 hdr->index = cpu_to_le16(hdev->id);
916 else
917 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
918 hdr->len = cpu_to_le16(data_len);
919
920 if (data)
921 memcpy(skb_put(skb, data_len), data, data_len);
922
923 hci_send_to_sock(NULL, skb, skip_sk);
924 kfree_skb(skb);
925
926 return 0;
927 }
928
929 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
930 {
931 struct mgmt_mode *cp = data;
932 struct hci_dev *hdev;
933 __le32 ev;
934 int err;
935
936 BT_DBG("request for hci%u", index);
937
938 if (len != sizeof(*cp))
939 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
940 MGMT_STATUS_INVALID_PARAMS);
941
942 hdev = hci_dev_get(index);
943 if (!hdev)
944 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
945 MGMT_STATUS_INVALID_PARAMS);
946
947 hci_dev_lock(hdev);
948
949 if (cp->val)
950 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
951 else
952 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
953
954 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
955 if (err < 0)
956 goto failed;
957
958 ev = cpu_to_le32(get_current_settings(hdev));
959
960 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
961
962 failed:
963 hci_dev_unlock(hdev);
964 hci_dev_put(hdev);
965
966 return err;
967 }
968
969 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
970 {
971 struct mgmt_mode *cp = data;
972 struct pending_cmd *cmd;
973 struct hci_dev *hdev;
974 uint8_t val;
975 int err;
976
977 BT_DBG("request for hci%u", index);
978
979 if (len != sizeof(*cp))
980 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
981 MGMT_STATUS_INVALID_PARAMS);
982
983 hdev = hci_dev_get(index);
984 if (!hdev)
985 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
986 MGMT_STATUS_INVALID_PARAMS);
987
988 hci_dev_lock(hdev);
989
990 if (!test_bit(HCI_UP, &hdev->flags)) {
991 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
992 MGMT_STATUS_NOT_POWERED);
993 goto failed;
994 }
995
996 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
997 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
998 MGMT_STATUS_BUSY);
999 goto failed;
1000 }
1001
1002 val = !!cp->val;
1003
1004 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1005 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1006 goto failed;
1007 }
1008
1009 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1010 if (!cmd) {
1011 err = -ENOMEM;
1012 goto failed;
1013 }
1014
1015 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1016 if (err < 0) {
1017 mgmt_pending_remove(cmd);
1018 goto failed;
1019 }
1020
1021 failed:
1022 hci_dev_unlock(hdev);
1023 hci_dev_put(hdev);
1024
1025 return err;
1026 }
1027
1028 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1029 {
1030 struct mgmt_mode *cp = data;
1031 struct pending_cmd *cmd;
1032 struct hci_dev *hdev;
1033 uint8_t val;
1034 int err;
1035
1036 BT_DBG("request for hci%u", index);
1037
1038 if (len != sizeof(*cp))
1039 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1040 MGMT_STATUS_INVALID_PARAMS);
1041
1042 hdev = hci_dev_get(index);
1043 if (!hdev)
1044 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1045 MGMT_STATUS_INVALID_PARAMS);
1046
1047 hci_dev_lock(hdev);
1048
1049 if (!test_bit(HCI_UP, &hdev->flags)) {
1050 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1051 MGMT_STATUS_NOT_POWERED);
1052 goto failed;
1053 }
1054
1055 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1056 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1057 goto failed;
1058 }
1059
1060 val = !!cp->val;
1061
1062 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1063 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1064 goto failed;
1065 }
1066
1067 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1068 if (!cmd) {
1069 err = -ENOMEM;
1070 goto failed;
1071 }
1072
1073 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1074 if (err < 0) {
1075 mgmt_pending_remove(cmd);
1076 goto failed;
1077 }
1078
1079 failed:
1080 hci_dev_unlock(hdev);
1081 hci_dev_put(hdev);
1082
1083 return err;
1084 }
1085
1086 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1087 {
1088 struct mgmt_cp_add_uuid *cp = data;
1089 struct hci_dev *hdev;
1090 struct bt_uuid *uuid;
1091 int err;
1092
1093 BT_DBG("request for hci%u", index);
1094
1095 if (len != sizeof(*cp))
1096 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1097 MGMT_STATUS_INVALID_PARAMS);
1098
1099 hdev = hci_dev_get(index);
1100 if (!hdev)
1101 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1102 MGMT_STATUS_INVALID_PARAMS);
1103
1104 hci_dev_lock(hdev);
1105
1106 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1107 if (!uuid) {
1108 err = -ENOMEM;
1109 goto failed;
1110 }
1111
1112 memcpy(uuid->uuid, cp->uuid, 16);
1113 uuid->svc_hint = cp->svc_hint;
1114
1115 list_add(&uuid->list, &hdev->uuids);
1116
1117 err = update_class(hdev);
1118 if (err < 0)
1119 goto failed;
1120
1121 err = update_eir(hdev);
1122 if (err < 0)
1123 goto failed;
1124
1125 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
1126
1127 failed:
1128 hci_dev_unlock(hdev);
1129 hci_dev_put(hdev);
1130
1131 return err;
1132 }
1133
1134 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1135 {
1136 struct mgmt_cp_remove_uuid *cp = data;
1137 struct list_head *p, *n;
1138 struct hci_dev *hdev;
1139 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1140 int err, found;
1141
1142 BT_DBG("request for hci%u", index);
1143
1144 if (len != sizeof(*cp))
1145 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1146 MGMT_STATUS_INVALID_PARAMS);
1147
1148 hdev = hci_dev_get(index);
1149 if (!hdev)
1150 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1151 MGMT_STATUS_INVALID_PARAMS);
1152
1153 hci_dev_lock(hdev);
1154
1155 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1156 err = hci_uuids_clear(hdev);
1157 goto unlock;
1158 }
1159
1160 found = 0;
1161
1162 list_for_each_safe(p, n, &hdev->uuids) {
1163 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1164
1165 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1166 continue;
1167
1168 list_del(&match->list);
1169 found++;
1170 }
1171
1172 if (found == 0) {
1173 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1174 MGMT_STATUS_INVALID_PARAMS);
1175 goto unlock;
1176 }
1177
1178 err = update_class(hdev);
1179 if (err < 0)
1180 goto unlock;
1181
1182 err = update_eir(hdev);
1183 if (err < 0)
1184 goto unlock;
1185
1186 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
1187
1188 unlock:
1189 hci_dev_unlock(hdev);
1190 hci_dev_put(hdev);
1191
1192 return err;
1193 }
1194
1195 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1196 {
1197 struct hci_dev *hdev;
1198 struct mgmt_cp_set_dev_class *cp = data;
1199 int err;
1200
1201 BT_DBG("request for hci%u", index);
1202
1203 if (len != sizeof(*cp))
1204 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1205 MGMT_STATUS_INVALID_PARAMS);
1206
1207 hdev = hci_dev_get(index);
1208 if (!hdev)
1209 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1210 MGMT_STATUS_INVALID_PARAMS);
1211
1212 hci_dev_lock(hdev);
1213
1214 hdev->major_class = cp->major;
1215 hdev->minor_class = cp->minor;
1216
1217 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1218 hci_dev_unlock(hdev);
1219 cancel_delayed_work_sync(&hdev->service_cache);
1220 hci_dev_lock(hdev);
1221 update_eir(hdev);
1222 }
1223
1224 err = update_class(hdev);
1225
1226 if (err == 0)
1227 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1228
1229 hci_dev_unlock(hdev);
1230 hci_dev_put(hdev);
1231
1232 return err;
1233 }
1234
1235 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1236 {
1237 struct hci_dev *hdev;
1238 struct mgmt_cp_load_link_keys *cp = data;
1239 u16 key_count, expected_len;
1240 int i;
1241
1242 if (len < sizeof(*cp))
1243 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1244 MGMT_STATUS_INVALID_PARAMS);
1245
1246 key_count = get_unaligned_le16(&cp->key_count);
1247
1248 expected_len = sizeof(*cp) + key_count *
1249 sizeof(struct mgmt_link_key_info);
1250 if (expected_len != len) {
1251 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1252 len, expected_len);
1253 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1254 MGMT_STATUS_INVALID_PARAMS);
1255 }
1256
1257 hdev = hci_dev_get(index);
1258 if (!hdev)
1259 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1260 MGMT_STATUS_INVALID_PARAMS);
1261
1262 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1263 key_count);
1264
1265 hci_dev_lock(hdev);
1266
1267 hci_link_keys_clear(hdev);
1268
1269 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1270
1271 if (cp->debug_keys)
1272 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1273 else
1274 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1275
1276 for (i = 0; i < key_count; i++) {
1277 struct mgmt_link_key_info *key = &cp->keys[i];
1278
1279 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1280 key->type, key->pin_len);
1281 }
1282
1283 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1284
1285 hci_dev_unlock(hdev);
1286 hci_dev_put(hdev);
1287
1288 return 0;
1289 }
1290
1291 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1292 u8 addr_type, struct sock *skip_sk)
1293 {
1294 struct mgmt_ev_device_unpaired ev;
1295
1296 bacpy(&ev.addr.bdaddr, bdaddr);
1297 ev.addr.type = addr_type;
1298
1299 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1300 skip_sk);
1301 }
1302
1303 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1304 {
1305 struct hci_dev *hdev;
1306 struct mgmt_cp_unpair_device *cp = data;
1307 struct mgmt_rp_unpair_device rp;
1308 struct hci_cp_disconnect dc;
1309 struct pending_cmd *cmd;
1310 struct hci_conn *conn;
1311 int err;
1312
1313 if (len != sizeof(*cp))
1314 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1315 MGMT_STATUS_INVALID_PARAMS);
1316
1317 hdev = hci_dev_get(index);
1318 if (!hdev)
1319 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1320 MGMT_STATUS_INVALID_PARAMS);
1321
1322 hci_dev_lock(hdev);
1323
1324 memset(&rp, 0, sizeof(rp));
1325 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1326 rp.addr.type = cp->addr.type;
1327
1328 if (cp->addr.type == MGMT_ADDR_BREDR)
1329 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1330 else
1331 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1332
1333 if (err < 0) {
1334 rp.status = MGMT_STATUS_NOT_PAIRED;
1335 goto unlock;
1336 }
1337
1338 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1339 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1340 sizeof(rp));
1341 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1342 goto unlock;
1343 }
1344
1345 if (cp->addr.type == MGMT_ADDR_BREDR)
1346 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1347 &cp->addr.bdaddr);
1348 else
1349 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1350 &cp->addr.bdaddr);
1351
1352 if (!conn) {
1353 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1354 sizeof(rp));
1355 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1356 goto unlock;
1357 }
1358
1359 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1360 sizeof(*cp));
1361 if (!cmd) {
1362 err = -ENOMEM;
1363 goto unlock;
1364 }
1365
1366 put_unaligned_le16(conn->handle, &dc.handle);
1367 dc.reason = 0x13; /* Remote User Terminated Connection */
1368 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1369 if (err < 0)
1370 mgmt_pending_remove(cmd);
1371
1372 unlock:
1373 if (err < 0)
1374 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1375 sizeof(rp));
1376 hci_dev_unlock(hdev);
1377 hci_dev_put(hdev);
1378
1379 return err;
1380 }
1381
1382 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1383 {
1384 struct hci_dev *hdev;
1385 struct mgmt_cp_disconnect *cp = data;
1386 struct hci_cp_disconnect dc;
1387 struct pending_cmd *cmd;
1388 struct hci_conn *conn;
1389 int err;
1390
1391 BT_DBG("");
1392
1393 if (len != sizeof(*cp))
1394 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1395 MGMT_STATUS_INVALID_PARAMS);
1396
1397 hdev = hci_dev_get(index);
1398 if (!hdev)
1399 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1400 MGMT_STATUS_INVALID_PARAMS);
1401
1402 hci_dev_lock(hdev);
1403
1404 if (!test_bit(HCI_UP, &hdev->flags)) {
1405 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1406 MGMT_STATUS_NOT_POWERED);
1407 goto failed;
1408 }
1409
1410 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1411 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1412 MGMT_STATUS_BUSY);
1413 goto failed;
1414 }
1415
1416 if (cp->addr.type == MGMT_ADDR_BREDR)
1417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1418 else
1419 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1420
1421 if (!conn) {
1422 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1423 MGMT_STATUS_NOT_CONNECTED);
1424 goto failed;
1425 }
1426
1427 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1428 if (!cmd) {
1429 err = -ENOMEM;
1430 goto failed;
1431 }
1432
1433 put_unaligned_le16(conn->handle, &dc.handle);
1434 dc.reason = 0x13; /* Remote User Terminated Connection */
1435
1436 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1437 if (err < 0)
1438 mgmt_pending_remove(cmd);
1439
1440 failed:
1441 hci_dev_unlock(hdev);
1442 hci_dev_put(hdev);
1443
1444 return err;
1445 }
1446
1447 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1448 {
1449 switch (link_type) {
1450 case LE_LINK:
1451 switch (addr_type) {
1452 case ADDR_LE_DEV_PUBLIC:
1453 return MGMT_ADDR_LE_PUBLIC;
1454 case ADDR_LE_DEV_RANDOM:
1455 return MGMT_ADDR_LE_RANDOM;
1456 default:
1457 return MGMT_ADDR_INVALID;
1458 }
1459 case ACL_LINK:
1460 return MGMT_ADDR_BREDR;
1461 default:
1462 return MGMT_ADDR_INVALID;
1463 }
1464 }
1465
1466 static int get_connections(struct sock *sk, u16 index)
1467 {
1468 struct mgmt_rp_get_connections *rp;
1469 struct hci_dev *hdev;
1470 struct hci_conn *c;
1471 size_t rp_len;
1472 u16 count;
1473 int i, err;
1474
1475 BT_DBG("");
1476
1477 hdev = hci_dev_get(index);
1478 if (!hdev)
1479 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1480 MGMT_STATUS_INVALID_PARAMS);
1481
1482 hci_dev_lock(hdev);
1483
1484 count = 0;
1485 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1486 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1487 count++;
1488 }
1489
1490 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1491 rp = kmalloc(rp_len, GFP_ATOMIC);
1492 if (!rp) {
1493 err = -ENOMEM;
1494 goto unlock;
1495 }
1496
1497 put_unaligned_le16(count, &rp->conn_count);
1498
1499 i = 0;
1500 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1501 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1502 continue;
1503 bacpy(&rp->addr[i].bdaddr, &c->dst);
1504 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1505 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1506 continue;
1507 i++;
1508 }
1509
1510 /* Recalculate length in case of filtered SCO connections, etc */
1511 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1512
1513 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1514
1515 unlock:
1516 kfree(rp);
1517 hci_dev_unlock(hdev);
1518 hci_dev_put(hdev);
1519 return err;
1520 }
1521
1522 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1523 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1524 {
1525 struct pending_cmd *cmd;
1526 int err;
1527
1528 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1529 sizeof(*cp));
1530 if (!cmd)
1531 return -ENOMEM;
1532
1533 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1534 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1535 if (err < 0)
1536 mgmt_pending_remove(cmd);
1537
1538 return err;
1539 }
1540
1541 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1542 {
1543 struct hci_dev *hdev;
1544 struct hci_conn *conn;
1545 struct mgmt_cp_pin_code_reply *cp = data;
1546 struct hci_cp_pin_code_reply reply;
1547 struct pending_cmd *cmd;
1548 int err;
1549
1550 BT_DBG("");
1551
1552 if (len != sizeof(*cp))
1553 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1554 MGMT_STATUS_INVALID_PARAMS);
1555
1556 hdev = hci_dev_get(index);
1557 if (!hdev)
1558 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1559 MGMT_STATUS_INVALID_PARAMS);
1560
1561 hci_dev_lock(hdev);
1562
1563 if (!test_bit(HCI_UP, &hdev->flags)) {
1564 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1565 MGMT_STATUS_NOT_POWERED);
1566 goto failed;
1567 }
1568
1569 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1570 if (!conn) {
1571 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1572 MGMT_STATUS_NOT_CONNECTED);
1573 goto failed;
1574 }
1575
1576 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1577 struct mgmt_cp_pin_code_neg_reply ncp;
1578
1579 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1580
1581 BT_ERR("PIN code is not 16 bytes long");
1582
1583 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1584 if (err >= 0)
1585 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1586 MGMT_STATUS_INVALID_PARAMS);
1587
1588 goto failed;
1589 }
1590
1591 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1592 len);
1593 if (!cmd) {
1594 err = -ENOMEM;
1595 goto failed;
1596 }
1597
1598 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1599 reply.pin_len = cp->pin_len;
1600 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1601
1602 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1603 if (err < 0)
1604 mgmt_pending_remove(cmd);
1605
1606 failed:
1607 hci_dev_unlock(hdev);
1608 hci_dev_put(hdev);
1609
1610 return err;
1611 }
1612
1613 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1614 {
1615 struct hci_dev *hdev;
1616 struct mgmt_cp_pin_code_neg_reply *cp = data;
1617 int err;
1618
1619 BT_DBG("");
1620
1621 if (len != sizeof(*cp))
1622 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1623 MGMT_STATUS_INVALID_PARAMS);
1624
1625 hdev = hci_dev_get(index);
1626 if (!hdev)
1627 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1628 MGMT_STATUS_INVALID_PARAMS);
1629
1630 hci_dev_lock(hdev);
1631
1632 if (!test_bit(HCI_UP, &hdev->flags)) {
1633 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1634 MGMT_STATUS_NOT_POWERED);
1635 goto failed;
1636 }
1637
1638 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1639
1640 failed:
1641 hci_dev_unlock(hdev);
1642 hci_dev_put(hdev);
1643
1644 return err;
1645 }
1646
1647 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1648 {
1649 struct hci_dev *hdev;
1650 struct mgmt_cp_set_io_capability *cp = data;
1651
1652 BT_DBG("");
1653
1654 if (len != sizeof(*cp))
1655 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1656 MGMT_STATUS_INVALID_PARAMS);
1657
1658 hdev = hci_dev_get(index);
1659 if (!hdev)
1660 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1661 MGMT_STATUS_INVALID_PARAMS);
1662
1663 hci_dev_lock(hdev);
1664
1665 hdev->io_capability = cp->io_capability;
1666
1667 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1668 hdev->io_capability);
1669
1670 hci_dev_unlock(hdev);
1671 hci_dev_put(hdev);
1672
1673 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1674 }
1675
1676 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1677 {
1678 struct hci_dev *hdev = conn->hdev;
1679 struct pending_cmd *cmd;
1680
1681 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1682 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1683 continue;
1684
1685 if (cmd->user_data != conn)
1686 continue;
1687
1688 return cmd;
1689 }
1690
1691 return NULL;
1692 }
1693
1694 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1695 {
1696 struct mgmt_rp_pair_device rp;
1697 struct hci_conn *conn = cmd->user_data;
1698
1699 bacpy(&rp.addr.bdaddr, &conn->dst);
1700 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1701 rp.status = status;
1702
1703 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1704
1705 /* So we don't get further callbacks for this connection */
1706 conn->connect_cfm_cb = NULL;
1707 conn->security_cfm_cb = NULL;
1708 conn->disconn_cfm_cb = NULL;
1709
1710 hci_conn_put(conn);
1711
1712 mgmt_pending_remove(cmd);
1713 }
1714
1715 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1716 {
1717 struct pending_cmd *cmd;
1718
1719 BT_DBG("status %u", status);
1720
1721 cmd = find_pairing(conn);
1722 if (!cmd)
1723 BT_DBG("Unable to find a pending command");
1724 else
1725 pairing_complete(cmd, status);
1726 }
1727
1728 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1729 {
1730 struct hci_dev *hdev;
1731 struct mgmt_cp_pair_device *cp = data;
1732 struct mgmt_rp_pair_device rp;
1733 struct pending_cmd *cmd;
1734 u8 sec_level, auth_type;
1735 struct hci_conn *conn;
1736 int err;
1737
1738 BT_DBG("");
1739
1740 if (len != sizeof(*cp))
1741 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1742 MGMT_STATUS_INVALID_PARAMS);
1743
1744 hdev = hci_dev_get(index);
1745 if (!hdev)
1746 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1747 MGMT_STATUS_INVALID_PARAMS);
1748
1749 hci_dev_lock(hdev);
1750
1751 sec_level = BT_SECURITY_MEDIUM;
1752 if (cp->io_cap == 0x03)
1753 auth_type = HCI_AT_DEDICATED_BONDING;
1754 else
1755 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1756
1757 if (cp->addr.type == MGMT_ADDR_BREDR)
1758 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1759 auth_type);
1760 else
1761 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1762 auth_type);
1763
1764 memset(&rp, 0, sizeof(rp));
1765 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1766 rp.addr.type = cp->addr.type;
1767
1768 if (IS_ERR(conn)) {
1769 rp.status = -PTR_ERR(conn);
1770 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1771 &rp, sizeof(rp));
1772 goto unlock;
1773 }
1774
1775 if (conn->connect_cfm_cb) {
1776 hci_conn_put(conn);
1777 rp.status = EBUSY;
1778 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1779 &rp, sizeof(rp));
1780 goto unlock;
1781 }
1782
1783 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1784 if (!cmd) {
1785 err = -ENOMEM;
1786 hci_conn_put(conn);
1787 goto unlock;
1788 }
1789
1790 /* For LE, just connecting isn't a proof that the pairing finished */
1791 if (cp->addr.type == MGMT_ADDR_BREDR)
1792 conn->connect_cfm_cb = pairing_complete_cb;
1793
1794 conn->security_cfm_cb = pairing_complete_cb;
1795 conn->disconn_cfm_cb = pairing_complete_cb;
1796 conn->io_capability = cp->io_cap;
1797 cmd->user_data = conn;
1798
1799 if (conn->state == BT_CONNECTED &&
1800 hci_conn_security(conn, sec_level, auth_type))
1801 pairing_complete(cmd, 0);
1802
1803 err = 0;
1804
1805 unlock:
1806 hci_dev_unlock(hdev);
1807 hci_dev_put(hdev);
1808
1809 return err;
1810 }
1811
1812 static int cancel_pair_device(struct sock *sk, u16 index,
1813 unsigned char *data, u16 len)
1814 {
1815 struct mgmt_addr_info *addr = (void *) data;
1816 struct hci_dev *hdev;
1817 struct pending_cmd *cmd;
1818 struct hci_conn *conn;
1819 int err;
1820
1821 BT_DBG("");
1822
1823 if (len != sizeof(*addr))
1824 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1825 MGMT_STATUS_INVALID_PARAMS);
1826
1827 hdev = hci_dev_get(index);
1828 if (!hdev)
1829 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1830 MGMT_STATUS_INVALID_PARAMS);
1831
1832 hci_dev_lock(hdev);
1833
1834 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1835 if (!cmd) {
1836 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1837 MGMT_STATUS_INVALID_PARAMS);
1838 goto unlock;
1839 }
1840
1841 conn = cmd->user_data;
1842
1843 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1844 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1845 MGMT_STATUS_INVALID_PARAMS);
1846 goto unlock;
1847 }
1848
1849 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1850
1851 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1852 sizeof(*addr));
1853 unlock:
1854 hci_dev_unlock(hdev);
1855 hci_dev_put(hdev);
1856
1857 return err;
1858 }
1859
1860 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1861 u8 type, u16 mgmt_op, u16 hci_op,
1862 __le32 passkey)
1863 {
1864 struct pending_cmd *cmd;
1865 struct hci_dev *hdev;
1866 struct hci_conn *conn;
1867 int err;
1868
1869 hdev = hci_dev_get(index);
1870 if (!hdev)
1871 return cmd_status(sk, index, mgmt_op,
1872 MGMT_STATUS_INVALID_PARAMS);
1873
1874 hci_dev_lock(hdev);
1875
1876 if (!test_bit(HCI_UP, &hdev->flags)) {
1877 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1878 goto done;
1879 }
1880
1881 if (type == MGMT_ADDR_BREDR)
1882 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1883 else
1884 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1885
1886 if (!conn) {
1887 err = cmd_status(sk, index, mgmt_op,
1888 MGMT_STATUS_NOT_CONNECTED);
1889 goto done;
1890 }
1891
1892 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
1893 /* Continue with pairing via SMP */
1894 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1895
1896 if (!err)
1897 err = cmd_status(sk, index, mgmt_op,
1898 MGMT_STATUS_SUCCESS);
1899 else
1900 err = cmd_status(sk, index, mgmt_op,
1901 MGMT_STATUS_FAILED);
1902
1903 goto done;
1904 }
1905
1906 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1907 if (!cmd) {
1908 err = -ENOMEM;
1909 goto done;
1910 }
1911
1912 /* Continue with pairing via HCI */
1913 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1914 struct hci_cp_user_passkey_reply cp;
1915
1916 bacpy(&cp.bdaddr, bdaddr);
1917 cp.passkey = passkey;
1918 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1919 } else
1920 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1921
1922 if (err < 0)
1923 mgmt_pending_remove(cmd);
1924
1925 done:
1926 hci_dev_unlock(hdev);
1927 hci_dev_put(hdev);
1928
1929 return err;
1930 }
1931
1932 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1933 {
1934 struct mgmt_cp_user_confirm_reply *cp = data;
1935
1936 BT_DBG("");
1937
1938 if (len != sizeof(*cp))
1939 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1940 MGMT_STATUS_INVALID_PARAMS);
1941
1942 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1943 MGMT_OP_USER_CONFIRM_REPLY,
1944 HCI_OP_USER_CONFIRM_REPLY, 0);
1945 }
1946
1947 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1948 u16 len)
1949 {
1950 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1951
1952 BT_DBG("");
1953
1954 if (len != sizeof(*cp))
1955 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1956 MGMT_STATUS_INVALID_PARAMS);
1957
1958 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1959 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1960 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1961 }
1962
1963 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1964 {
1965 struct mgmt_cp_user_passkey_reply *cp = data;
1966
1967 BT_DBG("");
1968
1969 if (len != sizeof(*cp))
1970 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1971 EINVAL);
1972
1973 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1974 MGMT_OP_USER_PASSKEY_REPLY,
1975 HCI_OP_USER_PASSKEY_REPLY,
1976 cp->passkey);
1977 }
1978
1979 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1980 u16 len)
1981 {
1982 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1983
1984 BT_DBG("");
1985
1986 if (len != sizeof(*cp))
1987 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1988 EINVAL);
1989
1990 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1991 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1992 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1993 }
1994
1995 static int set_local_name(struct sock *sk, u16 index, void *data,
1996 u16 len)
1997 {
1998 struct mgmt_cp_set_local_name *mgmt_cp = data;
1999 struct hci_cp_write_local_name hci_cp;
2000 struct hci_dev *hdev;
2001 struct pending_cmd *cmd;
2002 int err;
2003
2004 BT_DBG("");
2005
2006 if (len != sizeof(*mgmt_cp))
2007 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2008 MGMT_STATUS_INVALID_PARAMS);
2009
2010 hdev = hci_dev_get(index);
2011 if (!hdev)
2012 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2013 MGMT_STATUS_INVALID_PARAMS);
2014
2015 hci_dev_lock(hdev);
2016
2017 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2018 len);
2019 if (!cmd) {
2020 err = -ENOMEM;
2021 goto failed;
2022 }
2023
2024 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2025 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2026 &hci_cp);
2027 if (err < 0)
2028 mgmt_pending_remove(cmd);
2029
2030 failed:
2031 hci_dev_unlock(hdev);
2032 hci_dev_put(hdev);
2033
2034 return err;
2035 }
2036
2037 static int read_local_oob_data(struct sock *sk, u16 index)
2038 {
2039 struct hci_dev *hdev;
2040 struct pending_cmd *cmd;
2041 int err;
2042
2043 BT_DBG("hci%u", index);
2044
2045 hdev = hci_dev_get(index);
2046 if (!hdev)
2047 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2048 MGMT_STATUS_INVALID_PARAMS);
2049
2050 hci_dev_lock(hdev);
2051
2052 if (!test_bit(HCI_UP, &hdev->flags)) {
2053 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2054 MGMT_STATUS_NOT_POWERED);
2055 goto unlock;
2056 }
2057
2058 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2059 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2060 MGMT_STATUS_NOT_SUPPORTED);
2061 goto unlock;
2062 }
2063
2064 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2065 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2066 MGMT_STATUS_BUSY);
2067 goto unlock;
2068 }
2069
2070 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2071 if (!cmd) {
2072 err = -ENOMEM;
2073 goto unlock;
2074 }
2075
2076 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2077 if (err < 0)
2078 mgmt_pending_remove(cmd);
2079
2080 unlock:
2081 hci_dev_unlock(hdev);
2082 hci_dev_put(hdev);
2083
2084 return err;
2085 }
2086
2087 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2088 u16 len)
2089 {
2090 struct hci_dev *hdev;
2091 struct mgmt_cp_add_remote_oob_data *cp = data;
2092 int err;
2093
2094 BT_DBG("hci%u ", index);
2095
2096 if (len != sizeof(*cp))
2097 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2098 MGMT_STATUS_INVALID_PARAMS);
2099
2100 hdev = hci_dev_get(index);
2101 if (!hdev)
2102 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2103 MGMT_STATUS_INVALID_PARAMS);
2104
2105 hci_dev_lock(hdev);
2106
2107 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2108 cp->randomizer);
2109 if (err < 0)
2110 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2111 MGMT_STATUS_FAILED);
2112 else
2113 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
2114 0);
2115
2116 hci_dev_unlock(hdev);
2117 hci_dev_put(hdev);
2118
2119 return err;
2120 }
2121
2122 static int remove_remote_oob_data(struct sock *sk, u16 index,
2123 void *data, u16 len)
2124 {
2125 struct hci_dev *hdev;
2126 struct mgmt_cp_remove_remote_oob_data *cp = data;
2127 int err;
2128
2129 BT_DBG("hci%u ", index);
2130
2131 if (len != sizeof(*cp))
2132 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2133 MGMT_STATUS_INVALID_PARAMS);
2134
2135 hdev = hci_dev_get(index);
2136 if (!hdev)
2137 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2138 MGMT_STATUS_INVALID_PARAMS);
2139
2140 hci_dev_lock(hdev);
2141
2142 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2143 if (err < 0)
2144 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2145 MGMT_STATUS_INVALID_PARAMS);
2146 else
2147 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2148 NULL, 0);
2149
2150 hci_dev_unlock(hdev);
2151 hci_dev_put(hdev);
2152
2153 return err;
2154 }
2155
2156 static int start_discovery(struct sock *sk, u16 index,
2157 void *data, u16 len)
2158 {
2159 struct mgmt_cp_start_discovery *cp = data;
2160 unsigned long discov_type = cp->type;
2161 struct pending_cmd *cmd;
2162 struct hci_dev *hdev;
2163 int err;
2164
2165 BT_DBG("hci%u", index);
2166
2167 if (len != sizeof(*cp))
2168 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2169 MGMT_STATUS_INVALID_PARAMS);
2170
2171 hdev = hci_dev_get(index);
2172 if (!hdev)
2173 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2174 MGMT_STATUS_INVALID_PARAMS);
2175
2176 hci_dev_lock(hdev);
2177
2178 if (!test_bit(HCI_UP, &hdev->flags)) {
2179 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2180 MGMT_STATUS_NOT_POWERED);
2181 goto failed;
2182 }
2183
2184 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2185 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2186 MGMT_STATUS_BUSY);
2187 goto failed;
2188 }
2189
2190 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2191 if (!cmd) {
2192 err = -ENOMEM;
2193 goto failed;
2194 }
2195
2196 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
2197 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2198 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
2199 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
2200 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2201 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2202 else
2203 err = -EINVAL;
2204
2205 if (err < 0)
2206 mgmt_pending_remove(cmd);
2207 else
2208 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2209
2210 failed:
2211 hci_dev_unlock(hdev);
2212 hci_dev_put(hdev);
2213
2214 return err;
2215 }
2216
2217 static int stop_discovery(struct sock *sk, u16 index)
2218 {
2219 struct hci_dev *hdev;
2220 struct pending_cmd *cmd;
2221 struct hci_cp_remote_name_req_cancel cp;
2222 struct inquiry_entry *e;
2223 int err;
2224
2225 BT_DBG("hci%u", index);
2226
2227 hdev = hci_dev_get(index);
2228 if (!hdev)
2229 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2230 MGMT_STATUS_INVALID_PARAMS);
2231
2232 hci_dev_lock(hdev);
2233
2234 if (!hci_discovery_active(hdev)) {
2235 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2236 MGMT_STATUS_REJECTED);
2237 goto unlock;
2238 }
2239
2240 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2241 if (!cmd) {
2242 err = -ENOMEM;
2243 goto unlock;
2244 }
2245
2246 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2247 err = hci_cancel_inquiry(hdev);
2248 if (err < 0)
2249 mgmt_pending_remove(cmd);
2250 else
2251 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2252 goto unlock;
2253 }
2254
2255 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2256 if (!e) {
2257 mgmt_pending_remove(cmd);
2258 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2259 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2260 goto unlock;
2261 }
2262
2263 bacpy(&cp.bdaddr, &e->data.bdaddr);
2264 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2265 sizeof(cp), &cp);
2266 if (err < 0)
2267 mgmt_pending_remove(cmd);
2268 else
2269 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2270
2271 unlock:
2272 hci_dev_unlock(hdev);
2273 hci_dev_put(hdev);
2274
2275 return err;
2276 }
2277
2278 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2279 {
2280 struct mgmt_cp_confirm_name *cp = data;
2281 struct inquiry_entry *e;
2282 struct hci_dev *hdev;
2283 int err;
2284
2285 BT_DBG("hci%u", index);
2286
2287 if (len != sizeof(*cp))
2288 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2289 MGMT_STATUS_INVALID_PARAMS);
2290
2291 hdev = hci_dev_get(index);
2292 if (!hdev)
2293 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2294 MGMT_STATUS_INVALID_PARAMS);
2295
2296 hci_dev_lock(hdev);
2297
2298 if (!hci_discovery_active(hdev)) {
2299 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2300 MGMT_STATUS_FAILED);
2301 goto failed;
2302 }
2303
2304 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2305 if (!e) {
2306 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2307 MGMT_STATUS_INVALID_PARAMS);
2308 goto failed;
2309 }
2310
2311 if (cp->name_known) {
2312 e->name_state = NAME_KNOWN;
2313 list_del(&e->list);
2314 } else {
2315 e->name_state = NAME_NEEDED;
2316 hci_inquiry_cache_update_resolve(hdev, e);
2317 }
2318
2319 err = 0;
2320
2321 failed:
2322 hci_dev_unlock(hdev);
2323
2324 return err;
2325 }
2326
2327 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2328 {
2329 struct hci_dev *hdev;
2330 struct mgmt_cp_block_device *cp = data;
2331 int err;
2332
2333 BT_DBG("hci%u", index);
2334
2335 if (len != sizeof(*cp))
2336 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2337 MGMT_STATUS_INVALID_PARAMS);
2338
2339 hdev = hci_dev_get(index);
2340 if (!hdev)
2341 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2342 MGMT_STATUS_INVALID_PARAMS);
2343
2344 hci_dev_lock(hdev);
2345
2346 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2347 if (err < 0)
2348 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2349 MGMT_STATUS_FAILED);
2350 else
2351 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2352 NULL, 0);
2353
2354 hci_dev_unlock(hdev);
2355 hci_dev_put(hdev);
2356
2357 return err;
2358 }
2359
2360 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2361 {
2362 struct hci_dev *hdev;
2363 struct mgmt_cp_unblock_device *cp = data;
2364 int err;
2365
2366 BT_DBG("hci%u", index);
2367
2368 if (len != sizeof(*cp))
2369 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2370 MGMT_STATUS_INVALID_PARAMS);
2371
2372 hdev = hci_dev_get(index);
2373 if (!hdev)
2374 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2375 MGMT_STATUS_INVALID_PARAMS);
2376
2377 hci_dev_lock(hdev);
2378
2379 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2380
2381 if (err < 0)
2382 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2383 MGMT_STATUS_INVALID_PARAMS);
2384 else
2385 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2386 NULL, 0);
2387
2388 hci_dev_unlock(hdev);
2389 hci_dev_put(hdev);
2390
2391 return err;
2392 }
2393
2394 static int set_fast_connectable(struct sock *sk, u16 index,
2395 void *data, u16 len)
2396 {
2397 struct hci_dev *hdev;
2398 struct mgmt_mode *cp = data;
2399 struct hci_cp_write_page_scan_activity acp;
2400 u8 type;
2401 int err;
2402
2403 BT_DBG("hci%u", index);
2404
2405 if (len != sizeof(*cp))
2406 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2407 MGMT_STATUS_INVALID_PARAMS);
2408
2409 hdev = hci_dev_get(index);
2410 if (!hdev)
2411 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2412 MGMT_STATUS_INVALID_PARAMS);
2413
2414 hci_dev_lock(hdev);
2415
2416 if (cp->val) {
2417 type = PAGE_SCAN_TYPE_INTERLACED;
2418 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2419 } else {
2420 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2421 acp.interval = 0x0800; /* default 1.28 sec page scan */
2422 }
2423
2424 acp.window = 0x0012; /* default 11.25 msec page scan window */
2425
2426 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2427 sizeof(acp), &acp);
2428 if (err < 0) {
2429 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2430 MGMT_STATUS_FAILED);
2431 goto done;
2432 }
2433
2434 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2435 if (err < 0) {
2436 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2437 MGMT_STATUS_FAILED);
2438 goto done;
2439 }
2440
2441 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2442 NULL, 0);
2443 done:
2444 hci_dev_unlock(hdev);
2445 hci_dev_put(hdev);
2446
2447 return err;
2448 }
2449
2450 static int load_long_term_keys(struct sock *sk, u16 index,
2451 void *cp_data, u16 len)
2452 {
2453 struct hci_dev *hdev;
2454 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2455 u16 key_count, expected_len;
2456 int i;
2457
2458 if (len < sizeof(*cp))
2459 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2460 EINVAL);
2461
2462 key_count = get_unaligned_le16(&cp->key_count);
2463
2464 expected_len = sizeof(*cp) + key_count *
2465 sizeof(struct mgmt_ltk_info);
2466 if (expected_len != len) {
2467 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2468 len, expected_len);
2469 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2470 EINVAL);
2471 }
2472
2473 hdev = hci_dev_get(index);
2474 if (!hdev)
2475 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2476 ENODEV);
2477
2478 BT_DBG("hci%u key_count %u", index, key_count);
2479
2480 hci_dev_lock(hdev);
2481
2482 hci_smp_ltks_clear(hdev);
2483
2484 for (i = 0; i < key_count; i++) {
2485 struct mgmt_ltk_info *key = &cp->keys[i];
2486 u8 type;
2487
2488 if (key->master)
2489 type = HCI_SMP_LTK;
2490 else
2491 type = HCI_SMP_LTK_SLAVE;
2492
2493 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2494 type, 0, key->authenticated, key->val,
2495 key->enc_size, key->ediv, key->rand);
2496 }
2497
2498 hci_dev_unlock(hdev);
2499 hci_dev_put(hdev);
2500
2501 return 0;
2502 }
2503
2504 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2505 {
2506 void *buf;
2507 u8 *cp;
2508 struct mgmt_hdr *hdr;
2509 u16 opcode, index, len;
2510 int err;
2511
2512 BT_DBG("got %zu bytes", msglen);
2513
2514 if (msglen < sizeof(*hdr))
2515 return -EINVAL;
2516
2517 buf = kmalloc(msglen, GFP_KERNEL);
2518 if (!buf)
2519 return -ENOMEM;
2520
2521 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2522 err = -EFAULT;
2523 goto done;
2524 }
2525
2526 hdr = buf;
2527 opcode = get_unaligned_le16(&hdr->opcode);
2528 index = get_unaligned_le16(&hdr->index);
2529 len = get_unaligned_le16(&hdr->len);
2530
2531 if (len != msglen - sizeof(*hdr)) {
2532 err = -EINVAL;
2533 goto done;
2534 }
2535
2536 cp = buf + sizeof(*hdr);
2537
2538 switch (opcode) {
2539 case MGMT_OP_READ_VERSION:
2540 err = read_version(sk);
2541 break;
2542 case MGMT_OP_READ_COMMANDS:
2543 err = read_commands(sk);
2544 break;
2545 case MGMT_OP_READ_INDEX_LIST:
2546 err = read_index_list(sk);
2547 break;
2548 case MGMT_OP_READ_INFO:
2549 err = read_controller_info(sk, index);
2550 break;
2551 case MGMT_OP_SET_POWERED:
2552 err = set_powered(sk, index, cp, len);
2553 break;
2554 case MGMT_OP_SET_DISCOVERABLE:
2555 err = set_discoverable(sk, index, cp, len);
2556 break;
2557 case MGMT_OP_SET_CONNECTABLE:
2558 err = set_connectable(sk, index, cp, len);
2559 break;
2560 case MGMT_OP_SET_FAST_CONNECTABLE:
2561 err = set_fast_connectable(sk, index, cp, len);
2562 break;
2563 case MGMT_OP_SET_PAIRABLE:
2564 err = set_pairable(sk, index, cp, len);
2565 break;
2566 case MGMT_OP_SET_LINK_SECURITY:
2567 err = set_link_security(sk, index, cp, len);
2568 break;
2569 case MGMT_OP_SET_SSP:
2570 err = set_ssp(sk, index, cp, len);
2571 break;
2572 case MGMT_OP_ADD_UUID:
2573 err = add_uuid(sk, index, cp, len);
2574 break;
2575 case MGMT_OP_REMOVE_UUID:
2576 err = remove_uuid(sk, index, cp, len);
2577 break;
2578 case MGMT_OP_SET_DEV_CLASS:
2579 err = set_dev_class(sk, index, cp, len);
2580 break;
2581 case MGMT_OP_LOAD_LINK_KEYS:
2582 err = load_link_keys(sk, index, cp, len);
2583 break;
2584 case MGMT_OP_DISCONNECT:
2585 err = disconnect(sk, index, cp, len);
2586 break;
2587 case MGMT_OP_GET_CONNECTIONS:
2588 err = get_connections(sk, index);
2589 break;
2590 case MGMT_OP_PIN_CODE_REPLY:
2591 err = pin_code_reply(sk, index, cp, len);
2592 break;
2593 case MGMT_OP_PIN_CODE_NEG_REPLY:
2594 err = pin_code_neg_reply(sk, index, cp, len);
2595 break;
2596 case MGMT_OP_SET_IO_CAPABILITY:
2597 err = set_io_capability(sk, index, cp, len);
2598 break;
2599 case MGMT_OP_PAIR_DEVICE:
2600 err = pair_device(sk, index, cp, len);
2601 break;
2602 case MGMT_OP_CANCEL_PAIR_DEVICE:
2603 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2604 break;
2605 case MGMT_OP_UNPAIR_DEVICE:
2606 err = unpair_device(sk, index, cp, len);
2607 break;
2608 case MGMT_OP_USER_CONFIRM_REPLY:
2609 err = user_confirm_reply(sk, index, cp, len);
2610 break;
2611 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2612 err = user_confirm_neg_reply(sk, index, cp, len);
2613 break;
2614 case MGMT_OP_USER_PASSKEY_REPLY:
2615 err = user_passkey_reply(sk, index, cp, len);
2616 break;
2617 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2618 err = user_passkey_neg_reply(sk, index, cp, len);
2619 break;
2620 case MGMT_OP_SET_LOCAL_NAME:
2621 err = set_local_name(sk, index, cp, len);
2622 break;
2623 case MGMT_OP_READ_LOCAL_OOB_DATA:
2624 err = read_local_oob_data(sk, index);
2625 break;
2626 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2627 err = add_remote_oob_data(sk, index, cp, len);
2628 break;
2629 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2630 err = remove_remote_oob_data(sk, index, cp, len);
2631 break;
2632 case MGMT_OP_START_DISCOVERY:
2633 err = start_discovery(sk, index, cp, len);
2634 break;
2635 case MGMT_OP_STOP_DISCOVERY:
2636 err = stop_discovery(sk, index);
2637 break;
2638 case MGMT_OP_CONFIRM_NAME:
2639 err = confirm_name(sk, index, cp, len);
2640 break;
2641 case MGMT_OP_BLOCK_DEVICE:
2642 err = block_device(sk, index, cp, len);
2643 break;
2644 case MGMT_OP_UNBLOCK_DEVICE:
2645 err = unblock_device(sk, index, cp, len);
2646 break;
2647 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2648 err = load_long_term_keys(sk, index, cp, len);
2649 break;
2650 default:
2651 BT_DBG("Unknown op %u", opcode);
2652 err = cmd_status(sk, index, opcode,
2653 MGMT_STATUS_UNKNOWN_COMMAND);
2654 break;
2655 }
2656
2657 if (err < 0)
2658 goto done;
2659
2660 err = msglen;
2661
2662 done:
2663 kfree(buf);
2664 return err;
2665 }
2666
2667 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2668 {
2669 u8 *status = data;
2670
2671 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2672 mgmt_pending_remove(cmd);
2673 }
2674
2675 int mgmt_index_added(struct hci_dev *hdev)
2676 {
2677 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2678 }
2679
2680 int mgmt_index_removed(struct hci_dev *hdev)
2681 {
2682 u8 status = ENODEV;
2683
2684 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2685
2686 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2687 }
2688
2689 struct cmd_lookup {
2690 struct sock *sk;
2691 struct hci_dev *hdev;
2692 };
2693
2694 static void settings_rsp(struct pending_cmd *cmd, void *data)
2695 {
2696 struct cmd_lookup *match = data;
2697
2698 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2699
2700 list_del(&cmd->list);
2701
2702 if (match->sk == NULL) {
2703 match->sk = cmd->sk;
2704 sock_hold(match->sk);
2705 }
2706
2707 mgmt_pending_free(cmd);
2708 }
2709
2710 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2711 {
2712 struct cmd_lookup match = { NULL, hdev };
2713 __le32 ev;
2714 int err;
2715
2716 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2717
2718 if (!powered) {
2719 u8 status = ENETDOWN;
2720 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2721 }
2722
2723 ev = cpu_to_le32(get_current_settings(hdev));
2724
2725 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2726 match.sk);
2727
2728 if (match.sk)
2729 sock_put(match.sk);
2730
2731 return err;
2732 }
2733
2734 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2735 {
2736 struct cmd_lookup match = { NULL, hdev };
2737 __le32 ev;
2738 int err;
2739
2740 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2741
2742 ev = cpu_to_le32(get_current_settings(hdev));
2743
2744 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2745 match.sk);
2746 if (match.sk)
2747 sock_put(match.sk);
2748
2749 return err;
2750 }
2751
2752 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2753 {
2754 __le32 ev;
2755 struct cmd_lookup match = { NULL, hdev };
2756 int err;
2757
2758 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2759 &match);
2760
2761 ev = cpu_to_le32(get_current_settings(hdev));
2762
2763 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2764
2765 if (match.sk)
2766 sock_put(match.sk);
2767
2768 return err;
2769 }
2770
2771 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2772 {
2773 u8 mgmt_err = mgmt_status(status);
2774
2775 if (scan & SCAN_PAGE)
2776 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2777 cmd_status_rsp, &mgmt_err);
2778
2779 if (scan & SCAN_INQUIRY)
2780 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2781 cmd_status_rsp, &mgmt_err);
2782
2783 return 0;
2784 }
2785
2786 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2787 u8 persistent)
2788 {
2789 struct mgmt_ev_new_link_key ev;
2790
2791 memset(&ev, 0, sizeof(ev));
2792
2793 ev.store_hint = persistent;
2794 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2795 ev.key.addr.type = MGMT_ADDR_BREDR;
2796 ev.key.type = key->type;
2797 memcpy(ev.key.val, key->val, 16);
2798 ev.key.pin_len = key->pin_len;
2799
2800 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2801 }
2802
2803 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2804 {
2805 struct mgmt_ev_new_long_term_key ev;
2806
2807 memset(&ev, 0, sizeof(ev));
2808
2809 ev.store_hint = persistent;
2810 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2811 ev.key.addr.type = key->bdaddr_type;
2812 ev.key.authenticated = key->authenticated;
2813 ev.key.enc_size = key->enc_size;
2814 ev.key.ediv = key->ediv;
2815
2816 if (key->type == HCI_SMP_LTK)
2817 ev.key.master = 1;
2818
2819 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2820 memcpy(ev.key.val, key->val, sizeof(key->val));
2821
2822 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2823 &ev, sizeof(ev), NULL);
2824 }
2825
2826 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2827 u8 addr_type, u8 *name, u8 name_len,
2828 u8 *dev_class)
2829 {
2830 char buf[512];
2831 struct mgmt_ev_device_connected *ev = (void *) buf;
2832 u16 eir_len = 0;
2833
2834 bacpy(&ev->addr.bdaddr, bdaddr);
2835 ev->addr.type = link_to_mgmt(link_type, addr_type);
2836
2837 if (name_len > 0)
2838 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2839 name, name_len);
2840
2841 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2842 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2843 EIR_CLASS_OF_DEV, dev_class, 3);
2844
2845 put_unaligned_le16(eir_len, &ev->eir_len);
2846
2847 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2848 sizeof(*ev) + eir_len, NULL);
2849 }
2850
2851 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2852 {
2853 struct mgmt_cp_disconnect *cp = cmd->param;
2854 struct sock **sk = data;
2855 struct mgmt_rp_disconnect rp;
2856
2857 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2858 rp.addr.type = cp->addr.type;
2859 rp.status = 0;
2860
2861 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2862
2863 *sk = cmd->sk;
2864 sock_hold(*sk);
2865
2866 mgmt_pending_remove(cmd);
2867 }
2868
2869 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2870 {
2871 struct hci_dev *hdev = data;
2872 struct mgmt_cp_unpair_device *cp = cmd->param;
2873 struct mgmt_rp_unpair_device rp;
2874
2875 memset(&rp, 0, sizeof(rp));
2876 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2877 rp.addr.type = cp->addr.type;
2878
2879 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2880
2881 cmd_complete(cmd->sk, cmd->index, cmd->opcode, &rp, sizeof(rp));
2882
2883 mgmt_pending_remove(cmd);
2884 }
2885
2886 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2887 u8 link_type, u8 addr_type)
2888 {
2889 struct mgmt_addr_info ev;
2890 struct sock *sk = NULL;
2891 int err;
2892
2893 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2894
2895 bacpy(&ev.bdaddr, bdaddr);
2896 ev.type = link_to_mgmt(link_type, addr_type);
2897
2898 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2899 sk);
2900
2901 if (sk)
2902 sock_put(sk);
2903
2904 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2905 hdev);
2906
2907 return err;
2908 }
2909
2910 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2911 u8 link_type, u8 addr_type, u8 status)
2912 {
2913 struct mgmt_rp_disconnect rp;
2914 struct pending_cmd *cmd;
2915 int err;
2916
2917 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2918 if (!cmd)
2919 return -ENOENT;
2920
2921 bacpy(&rp.addr.bdaddr, bdaddr);
2922 rp.addr.type = link_to_mgmt(link_type, addr_type);
2923 rp.status = mgmt_status(status);
2924
2925 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2926 &rp, sizeof(rp));
2927
2928 mgmt_pending_remove(cmd);
2929
2930 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2931 hdev);
2932 return err;
2933 }
2934
2935 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2936 u8 addr_type, u8 status)
2937 {
2938 struct mgmt_ev_connect_failed ev;
2939
2940 bacpy(&ev.addr.bdaddr, bdaddr);
2941 ev.addr.type = link_to_mgmt(link_type, addr_type);
2942 ev.status = mgmt_status(status);
2943
2944 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2945 }
2946
2947 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2948 {
2949 struct mgmt_ev_pin_code_request ev;
2950
2951 bacpy(&ev.addr.bdaddr, bdaddr);
2952 ev.addr.type = MGMT_ADDR_BREDR;
2953 ev.secure = secure;
2954
2955 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2956 NULL);
2957 }
2958
2959 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2960 u8 status)
2961 {
2962 struct pending_cmd *cmd;
2963 struct mgmt_rp_pin_code_reply rp;
2964 int err;
2965
2966 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2967 if (!cmd)
2968 return -ENOENT;
2969
2970 bacpy(&rp.addr.bdaddr, bdaddr);
2971 rp.addr.type = MGMT_ADDR_BREDR;
2972 rp.status = mgmt_status(status);
2973
2974 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2975 sizeof(rp));
2976
2977 mgmt_pending_remove(cmd);
2978
2979 return err;
2980 }
2981
2982 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2983 u8 status)
2984 {
2985 struct pending_cmd *cmd;
2986 struct mgmt_rp_pin_code_reply rp;
2987 int err;
2988
2989 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2990 if (!cmd)
2991 return -ENOENT;
2992
2993 bacpy(&rp.addr.bdaddr, bdaddr);
2994 rp.addr.type = MGMT_ADDR_BREDR;
2995 rp.status = mgmt_status(status);
2996
2997 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2998 sizeof(rp));
2999
3000 mgmt_pending_remove(cmd);
3001
3002 return err;
3003 }
3004
3005 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3006 u8 link_type, u8 addr_type, __le32 value,
3007 u8 confirm_hint)
3008 {
3009 struct mgmt_ev_user_confirm_request ev;
3010
3011 BT_DBG("%s", hdev->name);
3012
3013 bacpy(&ev.addr.bdaddr, bdaddr);
3014 ev.addr.type = link_to_mgmt(link_type, addr_type);
3015 ev.confirm_hint = confirm_hint;
3016 put_unaligned_le32(value, &ev.value);
3017
3018 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3019 NULL);
3020 }
3021
3022 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3023 u8 link_type, u8 addr_type)
3024 {
3025 struct mgmt_ev_user_passkey_request ev;
3026
3027 BT_DBG("%s", hdev->name);
3028
3029 bacpy(&ev.addr.bdaddr, bdaddr);
3030 ev.addr.type = link_to_mgmt(link_type, addr_type);
3031
3032 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3033 NULL);
3034 }
3035
3036 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3037 u8 link_type, u8 addr_type, u8 status,
3038 u8 opcode)
3039 {
3040 struct pending_cmd *cmd;
3041 struct mgmt_rp_user_confirm_reply rp;
3042 int err;
3043
3044 cmd = mgmt_pending_find(opcode, hdev);
3045 if (!cmd)
3046 return -ENOENT;
3047
3048 bacpy(&rp.addr.bdaddr, bdaddr);
3049 rp.addr.type = link_to_mgmt(link_type, addr_type);
3050 rp.status = mgmt_status(status);
3051 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
3052
3053 mgmt_pending_remove(cmd);
3054
3055 return err;
3056 }
3057
3058 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3059 u8 link_type, u8 addr_type, u8 status)
3060 {
3061 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3062 status, MGMT_OP_USER_CONFIRM_REPLY);
3063 }
3064
3065 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3066 u8 link_type, u8 addr_type, u8 status)
3067 {
3068 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3069 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3070 }
3071
3072 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3073 u8 link_type, u8 addr_type, u8 status)
3074 {
3075 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3076 status, MGMT_OP_USER_PASSKEY_REPLY);
3077 }
3078
3079 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3080 u8 link_type, u8 addr_type, u8 status)
3081 {
3082 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3083 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3084 }
3085
3086 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3087 u8 addr_type, u8 status)
3088 {
3089 struct mgmt_ev_auth_failed ev;
3090
3091 bacpy(&ev.addr.bdaddr, bdaddr);
3092 ev.addr.type = link_to_mgmt(link_type, addr_type);
3093 ev.status = mgmt_status(status);
3094
3095 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3096 }
3097
3098 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3099 {
3100 struct cmd_lookup match = { NULL, hdev };
3101 __le32 ev;
3102 int err;
3103
3104 if (status) {
3105 u8 mgmt_err = mgmt_status(status);
3106 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3107 cmd_status_rsp, &mgmt_err);
3108 return 0;
3109 }
3110
3111 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3112 &match);
3113
3114 ev = cpu_to_le32(get_current_settings(hdev));
3115 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3116
3117 if (match.sk)
3118 sock_put(match.sk);
3119
3120 return err;
3121 }
3122
3123 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3124 {
3125 struct cmd_lookup match = { NULL, hdev };
3126 __le32 ev;
3127 int err;
3128
3129 if (status) {
3130 u8 mgmt_err = mgmt_status(status);
3131 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3132 cmd_status_rsp, &mgmt_err);
3133 return 0;
3134 }
3135
3136 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3137
3138 ev = cpu_to_le32(get_current_settings(hdev));
3139 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3140
3141 if (match.sk)
3142 sock_put(match.sk);
3143
3144 return err;
3145 }
3146
3147 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3148 {
3149 struct pending_cmd *cmd;
3150 struct mgmt_cp_set_local_name ev;
3151 int err;
3152
3153 memset(&ev, 0, sizeof(ev));
3154 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3155
3156 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3157 if (!cmd)
3158 goto send_event;
3159
3160 if (status) {
3161 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3162 mgmt_status(status));
3163 goto failed;
3164 }
3165
3166 update_eir(hdev);
3167
3168 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
3169 sizeof(ev));
3170 if (err < 0)
3171 goto failed;
3172
3173 send_event:
3174 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3175 cmd ? cmd->sk : NULL);
3176
3177 failed:
3178 if (cmd)
3179 mgmt_pending_remove(cmd);
3180 return err;
3181 }
3182
3183 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3184 u8 *randomizer, u8 status)
3185 {
3186 struct pending_cmd *cmd;
3187 int err;
3188
3189 BT_DBG("%s status %u", hdev->name, status);
3190
3191 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3192 if (!cmd)
3193 return -ENOENT;
3194
3195 if (status) {
3196 err = cmd_status(cmd->sk, hdev->id,
3197 MGMT_OP_READ_LOCAL_OOB_DATA,
3198 mgmt_status(status));
3199 } else {
3200 struct mgmt_rp_read_local_oob_data rp;
3201
3202 memcpy(rp.hash, hash, sizeof(rp.hash));
3203 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3204
3205 err = cmd_complete(cmd->sk, hdev->id,
3206 MGMT_OP_READ_LOCAL_OOB_DATA,
3207 &rp, sizeof(rp));
3208 }
3209
3210 mgmt_pending_remove(cmd);
3211
3212 return err;
3213 }
3214
3215 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3216 u8 addr_type, u8 *dev_class, s8 rssi,
3217 u8 cfm_name, u8 *eir, u16 eir_len)
3218 {
3219 char buf[512];
3220 struct mgmt_ev_device_found *ev = (void *) buf;
3221 size_t ev_size;
3222
3223 /* Leave 5 bytes for a potential CoD field */
3224 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3225 return -EINVAL;
3226
3227 memset(buf, 0, sizeof(buf));
3228
3229 bacpy(&ev->addr.bdaddr, bdaddr);
3230 ev->addr.type = link_to_mgmt(link_type, addr_type);
3231 ev->rssi = rssi;
3232 ev->confirm_name = cfm_name;
3233
3234 if (eir_len > 0)
3235 memcpy(ev->eir, eir, eir_len);
3236
3237 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3238 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3239 dev_class, 3);
3240
3241 put_unaligned_le16(eir_len, &ev->eir_len);
3242
3243 ev_size = sizeof(*ev) + eir_len;
3244
3245 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3246 }
3247
3248 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3249 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3250 {
3251 struct mgmt_ev_device_found *ev;
3252 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3253 u16 eir_len;
3254
3255 ev = (struct mgmt_ev_device_found *) buf;
3256
3257 memset(buf, 0, sizeof(buf));
3258
3259 bacpy(&ev->addr.bdaddr, bdaddr);
3260 ev->addr.type = link_to_mgmt(link_type, addr_type);
3261 ev->rssi = rssi;
3262
3263 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3264 name_len);
3265
3266 put_unaligned_le16(eir_len, &ev->eir_len);
3267
3268 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3269 sizeof(*ev) + eir_len, NULL);
3270 }
3271
3272 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3273 {
3274 struct pending_cmd *cmd;
3275 int err;
3276
3277 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3278
3279 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3280 if (!cmd)
3281 return -ENOENT;
3282
3283 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3284 mgmt_pending_remove(cmd);
3285
3286 return err;
3287 }
3288
3289 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3290 {
3291 struct pending_cmd *cmd;
3292 int err;
3293
3294 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3295 if (!cmd)
3296 return -ENOENT;
3297
3298 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3299 mgmt_pending_remove(cmd);
3300
3301 return err;
3302 }
3303
3304 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3305 {
3306 struct pending_cmd *cmd;
3307
3308 BT_DBG("%s discovering %u", hdev->name, discovering);
3309
3310 if (discovering)
3311 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3312 else
3313 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3314
3315 if (cmd != NULL) {
3316 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
3317 mgmt_pending_remove(cmd);
3318 }
3319
3320 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
3321 sizeof(discovering), NULL);
3322 }
3323
3324 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3325 {
3326 struct pending_cmd *cmd;
3327 struct mgmt_ev_device_blocked ev;
3328
3329 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3330
3331 bacpy(&ev.addr.bdaddr, bdaddr);
3332 ev.addr.type = type;
3333
3334 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3335 cmd ? cmd->sk : NULL);
3336 }
3337
3338 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3339 {
3340 struct pending_cmd *cmd;
3341 struct mgmt_ev_device_unblocked ev;
3342
3343 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3344
3345 bacpy(&ev.addr.bdaddr, bdaddr);
3346 ev.addr.type = type;
3347
3348 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3349 cmd ? cmd->sk : NULL);
3350 }
Linux kernel - Deliverables
This page took 0.222769 seconds and 6 git commands to generate.