search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzi...
[linux-2.6/next.git] / net / bluetooth / mgmt.c
blob53e109eb043e073a22479b479082bdee0a321d6d
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/uaccess.h>
26 #include <asm/unaligned.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/mgmt.h>
31
32 #define MGMT_VERSION 0
33 #define MGMT_REVISION 1
34
35 struct pending_cmd {
36 struct list_head list;
37 __u16 opcode;
38 int index;
39 void *param;
40 struct sock *sk;
41 void *user_data;
42 };
43
44 static LIST_HEAD(cmd_list);
45
46 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47 {
48 struct sk_buff *skb;
49 struct mgmt_hdr *hdr;
50 struct mgmt_ev_cmd_status *ev;
51
52 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
53
54 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55 if (!skb)
56 return -ENOMEM;
57
58 hdr = (void *) skb_put(skb, sizeof(*hdr));
59
60 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61 hdr->index = cpu_to_le16(index);
62 hdr->len = cpu_to_le16(sizeof(*ev));
63
64 ev = (void *) skb_put(skb, sizeof(*ev));
65 ev->status = status;
66 put_unaligned_le16(cmd, &ev->opcode);
67
68 if (sock_queue_rcv_skb(sk, skb) < 0)
69 kfree_skb(skb);
70
71 return 0;
72 }
73
74 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75 size_t rp_len)
76 {
77 struct sk_buff *skb;
78 struct mgmt_hdr *hdr;
79 struct mgmt_ev_cmd_complete *ev;
80
81 BT_DBG("sock %p", sk);
82
83 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
84 if (!skb)
85 return -ENOMEM;
86
87 hdr = (void *) skb_put(skb, sizeof(*hdr));
88
89 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90 hdr->index = cpu_to_le16(index);
91 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
92
93 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94 put_unaligned_le16(cmd, &ev->opcode);
95
96 if (rp)
97 memcpy(ev->data, rp, rp_len);
98
99 if (sock_queue_rcv_skb(sk, skb) < 0)
100 kfree_skb(skb);
101
102 return 0;
103 }
104
105 static int read_version(struct sock *sk)
106 {
107 struct mgmt_rp_read_version rp;
108
109 BT_DBG("sock %p", sk);
110
111 rp.version = MGMT_VERSION;
112 put_unaligned_le16(MGMT_REVISION, &rp.revision);
113
114 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115 sizeof(rp));
116 }
117
118 static int read_index_list(struct sock *sk)
119 {
120 struct mgmt_rp_read_index_list *rp;
121 struct list_head *p;
122 size_t rp_len;
123 u16 count;
124 int i, err;
125
126 BT_DBG("sock %p", sk);
127
128 read_lock(&hci_dev_list_lock);
129
130 count = 0;
131 list_for_each(p, &hci_dev_list) {
132 count++;
133 }
134
135 rp_len = sizeof(*rp) + (2 * count);
136 rp = kmalloc(rp_len, GFP_ATOMIC);
137 if (!rp) {
138 read_unlock(&hci_dev_list_lock);
139 return -ENOMEM;
140 }
141
142 put_unaligned_le16(count, &rp->num_controllers);
143
144 i = 0;
145 list_for_each(p, &hci_dev_list) {
146 struct hci_dev *d = list_entry(p, struct hci_dev, list);
147
148 hci_del_off_timer(d);
149
150 set_bit(HCI_MGMT, &d->flags);
151
152 if (test_bit(HCI_SETUP, &d->flags))
153 continue;
154
155 put_unaligned_le16(d->id, &rp->index[i++]);
156 BT_DBG("Added hci%u", d->id);
157 }
158
159 read_unlock(&hci_dev_list_lock);
160
161 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162 rp_len);
163
164 kfree(rp);
165
166 return err;
167 }
168
169 static int read_controller_info(struct sock *sk, u16 index)
170 {
171 struct mgmt_rp_read_info rp;
172 struct hci_dev *hdev;
173
174 BT_DBG("sock %p hci%u", sk, index);
175
176 hdev = hci_dev_get(index);
177 if (!hdev)
178 return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179
180 hci_del_off_timer(hdev);
181
182 hci_dev_lock_bh(hdev);
183
184 set_bit(HCI_MGMT, &hdev->flags);
185
186 memset(&rp, 0, sizeof(rp));
187
188 rp.type = hdev->dev_type;
189
190 rp.powered = test_bit(HCI_UP, &hdev->flags);
191 rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
192 rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
193 rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
194
195 if (test_bit(HCI_AUTH, &hdev->flags))
196 rp.sec_mode = 3;
197 else if (hdev->ssp_mode > 0)
198 rp.sec_mode = 4;
199 else
200 rp.sec_mode = 2;
201
202 bacpy(&rp.bdaddr, &hdev->bdaddr);
203 memcpy(rp.features, hdev->features, 8);
204 memcpy(rp.dev_class, hdev->dev_class, 3);
205 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
206 rp.hci_ver = hdev->hci_ver;
207 put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
208
209 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210
211 hci_dev_unlock_bh(hdev);
212 hci_dev_put(hdev);
213
214 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
215 }
216
217 static void mgmt_pending_free(struct pending_cmd *cmd)
218 {
219 sock_put(cmd->sk);
220 kfree(cmd->param);
221 kfree(cmd);
222 }
223
224 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
225 u16 index, void *data, u16 len)
226 {
227 struct pending_cmd *cmd;
228
229 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
230 if (!cmd)
231 return NULL;
232
233 cmd->opcode = opcode;
234 cmd->index = index;
235
236 cmd->param = kmalloc(len, GFP_ATOMIC);
237 if (!cmd->param) {
238 kfree(cmd);
239 return NULL;
240 }
241
242 if (data)
243 memcpy(cmd->param, data, len);
244
245 cmd->sk = sk;
246 sock_hold(sk);
247
248 list_add(&cmd->list, &cmd_list);
249
250 return cmd;
251 }
252
253 static void mgmt_pending_foreach(u16 opcode, int index,
254 void (*cb)(struct pending_cmd *cmd, void *data),
255 void *data)
256 {
257 struct list_head *p, *n;
258
259 list_for_each_safe(p, n, &cmd_list) {
260 struct pending_cmd *cmd;
261
262 cmd = list_entry(p, struct pending_cmd, list);
263
264 if (cmd->opcode != opcode)
265 continue;
266
267 if (index >= 0 && cmd->index != index)
268 continue;
269
270 cb(cmd, data);
271 }
272 }
273
274 static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
275 {
276 struct list_head *p;
277
278 list_for_each(p, &cmd_list) {
279 struct pending_cmd *cmd;
280
281 cmd = list_entry(p, struct pending_cmd, list);
282
283 if (cmd->opcode != opcode)
284 continue;
285
286 if (index >= 0 && cmd->index != index)
287 continue;
288
289 return cmd;
290 }
291
292 return NULL;
293 }
294
295 static void mgmt_pending_remove(struct pending_cmd *cmd)
296 {
297 list_del(&cmd->list);
298 mgmt_pending_free(cmd);
299 }
300
301 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
302 {
303 struct mgmt_mode *cp;
304 struct hci_dev *hdev;
305 struct pending_cmd *cmd;
306 int err, up;
307
308 cp = (void *) data;
309
310 BT_DBG("request for hci%u", index);
311
312 if (len != sizeof(*cp))
313 return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314
315 hdev = hci_dev_get(index);
316 if (!hdev)
317 return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318
319 hci_dev_lock_bh(hdev);
320
321 up = test_bit(HCI_UP, &hdev->flags);
322 if ((cp->val && up) || (!cp->val && !up)) {
323 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
324 goto failed;
325 }
326
327 if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
328 err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
329 goto failed;
330 }
331
332 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
333 if (!cmd) {
334 err = -ENOMEM;
335 goto failed;
336 }
337
338 if (cp->val)
339 queue_work(hdev->workqueue, &hdev->power_on);
340 else
341 queue_work(hdev->workqueue, &hdev->power_off);
342
343 err = 0;
344
345 failed:
346 hci_dev_unlock_bh(hdev);
347 hci_dev_put(hdev);
348 return err;
349 }
350
351 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352 u16 len)
353 {
354 struct mgmt_mode *cp;
355 struct hci_dev *hdev;
356 struct pending_cmd *cmd;
357 u8 scan;
358 int err;
359
360 cp = (void *) data;
361
362 BT_DBG("request for hci%u", index);
363
364 if (len != sizeof(*cp))
365 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366
367 hdev = hci_dev_get(index);
368 if (!hdev)
369 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370
371 hci_dev_lock_bh(hdev);
372
373 if (!test_bit(HCI_UP, &hdev->flags)) {
374 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
375 goto failed;
376 }
377
378 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
379 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
380 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
381 goto failed;
382 }
383
384 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
385 test_bit(HCI_PSCAN, &hdev->flags)) {
386 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
387 goto failed;
388 }
389
390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
391 if (!cmd) {
392 err = -ENOMEM;
393 goto failed;
394 }
395
396 scan = SCAN_PAGE;
397
398 if (cp->val)
399 scan |= SCAN_INQUIRY;
400
401 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
402 if (err < 0)
403 mgmt_pending_remove(cmd);
404
405 failed:
406 hci_dev_unlock_bh(hdev);
407 hci_dev_put(hdev);
408
409 return err;
410 }
411
412 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413 u16 len)
414 {
415 struct mgmt_mode *cp;
416 struct hci_dev *hdev;
417 struct pending_cmd *cmd;
418 u8 scan;
419 int err;
420
421 cp = (void *) data;
422
423 BT_DBG("request for hci%u", index);
424
425 if (len != sizeof(*cp))
426 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
427
428 hdev = hci_dev_get(index);
429 if (!hdev)
430 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
431
432 hci_dev_lock_bh(hdev);
433
434 if (!test_bit(HCI_UP, &hdev->flags)) {
435 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436 goto failed;
437 }
438
439 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
440 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
441 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442 goto failed;
443 }
444
445 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
446 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447 goto failed;
448 }
449
450 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
451 if (!cmd) {
452 err = -ENOMEM;
453 goto failed;
454 }
455
456 if (cp->val)
457 scan = SCAN_PAGE;
458 else
459 scan = 0;
460
461 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
462 if (err < 0)
463 mgmt_pending_remove(cmd);
464
465 failed:
466 hci_dev_unlock_bh(hdev);
467 hci_dev_put(hdev);
468
469 return err;
470 }
471
472 static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
473 struct sock *skip_sk)
474 {
475 struct sk_buff *skb;
476 struct mgmt_hdr *hdr;
477
478 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479 if (!skb)
480 return -ENOMEM;
481
482 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
483
484 hdr = (void *) skb_put(skb, sizeof(*hdr));
485 hdr->opcode = cpu_to_le16(event);
486 hdr->index = cpu_to_le16(index);
487 hdr->len = cpu_to_le16(data_len);
488
489 if (data)
490 memcpy(skb_put(skb, data_len), data, data_len);
491
492 hci_send_to_sock(NULL, skb, skip_sk);
493 kfree_skb(skb);
494
495 return 0;
496 }
497
498 static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499 {
500 struct mgmt_mode rp;
501
502 rp.val = val;
503
504 return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
505 }
506
507 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508 u16 len)
509 {
510 struct mgmt_mode *cp, ev;
511 struct hci_dev *hdev;
512 int err;
513
514 cp = (void *) data;
515
516 BT_DBG("request for hci%u", index);
517
518 if (len != sizeof(*cp))
519 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520
521 hdev = hci_dev_get(index);
522 if (!hdev)
523 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
524
525 hci_dev_lock_bh(hdev);
526
527 if (cp->val)
528 set_bit(HCI_PAIRABLE, &hdev->flags);
529 else
530 clear_bit(HCI_PAIRABLE, &hdev->flags);
531
532 err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533 if (err < 0)
534 goto failed;
535
536 ev.val = cp->val;
537
538 err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539
540 failed:
541 hci_dev_unlock_bh(hdev);
542 hci_dev_put(hdev);
543
544 return err;
545 }
546
547 #define EIR_FLAGS 0x01 /* flags */
548 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
549 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
550 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
551 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
552 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
553 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
554 #define EIR_NAME_SHORT 0x08 /* shortened local name */
555 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
556 #define EIR_TX_POWER 0x0A /* transmit power level */
557 #define EIR_DEVICE_ID 0x10 /* device ID */
558
559 #define PNP_INFO_SVCLASS_ID 0x1200
560
561 static u8 bluetooth_base_uuid[] = {
562 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564 };
565
566 static u16 get_uuid16(u8 *uuid128)
567 {
568 u32 val;
569 int i;
570
571 for (i = 0; i < 12; i++) {
572 if (bluetooth_base_uuid[i] != uuid128[i])
573 return 0;
574 }
575
576 memcpy(&val, &uuid128[12], 4);
577
578 val = le32_to_cpu(val);
579 if (val > 0xffff)
580 return 0;
581
582 return (u16) val;
583 }
584
585 static void create_eir(struct hci_dev *hdev, u8 *data)
586 {
587 u8 *ptr = data;
588 u16 eir_len = 0;
589 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590 int i, truncated = 0;
591 struct list_head *p;
592 size_t name_len;
593
594 name_len = strlen(hdev->dev_name);
595
596 if (name_len > 0) {
597 /* EIR Data type */
598 if (name_len > 48) {
599 name_len = 48;
600 ptr[1] = EIR_NAME_SHORT;
601 } else
602 ptr[1] = EIR_NAME_COMPLETE;
603
604 /* EIR Data length */
605 ptr[0] = name_len + 1;
606
607 memcpy(ptr + 2, hdev->dev_name, name_len);
608
609 eir_len += (name_len + 2);
610 ptr += (name_len + 2);
611 }
612
613 memset(uuid16_list, 0, sizeof(uuid16_list));
614
615 /* Group all UUID16 types */
616 list_for_each(p, &hdev->uuids) {
617 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618 u16 uuid16;
619
620 uuid16 = get_uuid16(uuid->uuid);
621 if (uuid16 == 0)
622 return;
623
624 if (uuid16 < 0x1100)
625 continue;
626
627 if (uuid16 == PNP_INFO_SVCLASS_ID)
628 continue;
629
630 /* Stop if not enough space to put next UUID */
631 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632 truncated = 1;
633 break;
634 }
635
636 /* Check for duplicates */
637 for (i = 0; uuid16_list[i] != 0; i++)
638 if (uuid16_list[i] == uuid16)
639 break;
640
641 if (uuid16_list[i] == 0) {
642 uuid16_list[i] = uuid16;
643 eir_len += sizeof(u16);
644 }
645 }
646
647 if (uuid16_list[0] != 0) {
648 u8 *length = ptr;
649
650 /* EIR Data type */
651 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652
653 ptr += 2;
654 eir_len += 2;
655
656 for (i = 0; uuid16_list[i] != 0; i++) {
657 *ptr++ = (uuid16_list[i] & 0x00ff);
658 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659 }
660
661 /* EIR Data length */
662 *length = (i * sizeof(u16)) + 1;
663 }
664 }
665
666 static int update_eir(struct hci_dev *hdev)
667 {
668 struct hci_cp_write_eir cp;
669
670 if (!(hdev->features[6] & LMP_EXT_INQ))
671 return 0;
672
673 if (hdev->ssp_mode == 0)
674 return 0;
675
676 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677 return 0;
678
679 memset(&cp, 0, sizeof(cp));
680
681 create_eir(hdev, cp.data);
682
683 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684 return 0;
685
686 memcpy(hdev->eir, cp.data, sizeof(cp.data));
687
688 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689 }
690
691 static u8 get_service_classes(struct hci_dev *hdev)
692 {
693 struct list_head *p;
694 u8 val = 0;
695
696 list_for_each(p, &hdev->uuids) {
697 struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
698
699 val |= uuid->svc_hint;
700 }
701
702 return val;
703 }
704
705 static int update_class(struct hci_dev *hdev)
706 {
707 u8 cod[3];
708
709 BT_DBG("%s", hdev->name);
710
711 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712 return 0;
713
714 cod[0] = hdev->minor_class;
715 cod[1] = hdev->major_class;
716 cod[2] = get_service_classes(hdev);
717
718 if (memcmp(cod, hdev->dev_class, 3) == 0)
719 return 0;
720
721 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722 }
723
724 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
725 {
726 struct mgmt_cp_add_uuid *cp;
727 struct hci_dev *hdev;
728 struct bt_uuid *uuid;
729 int err;
730
731 cp = (void *) data;
732
733 BT_DBG("request for hci%u", index);
734
735 if (len != sizeof(*cp))
736 return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
737
738 hdev = hci_dev_get(index);
739 if (!hdev)
740 return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
741
742 hci_dev_lock_bh(hdev);
743
744 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745 if (!uuid) {
746 err = -ENOMEM;
747 goto failed;
748 }
749
750 memcpy(uuid->uuid, cp->uuid, 16);
751 uuid->svc_hint = cp->svc_hint;
752
753 list_add(&uuid->list, &hdev->uuids);
754
755 err = update_class(hdev);
756 if (err < 0)
757 goto failed;
758
759 err = update_eir(hdev);
760 if (err < 0)
761 goto failed;
762
763 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764
765 failed:
766 hci_dev_unlock_bh(hdev);
767 hci_dev_put(hdev);
768
769 return err;
770 }
771
772 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
773 {
774 struct list_head *p, *n;
775 struct mgmt_cp_remove_uuid *cp;
776 struct hci_dev *hdev;
777 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778 int err, found;
779
780 cp = (void *) data;
781
782 BT_DBG("request for hci%u", index);
783
784 if (len != sizeof(*cp))
785 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
786
787 hdev = hci_dev_get(index);
788 if (!hdev)
789 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
790
791 hci_dev_lock_bh(hdev);
792
793 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794 err = hci_uuids_clear(hdev);
795 goto unlock;
796 }
797
798 found = 0;
799
800 list_for_each_safe(p, n, &hdev->uuids) {
801 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
802
803 if (memcmp(match->uuid, cp->uuid, 16) != 0)
804 continue;
805
806 list_del(&match->list);
807 found++;
808 }
809
810 if (found == 0) {
811 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
812 goto unlock;
813 }
814
815 err = update_class(hdev);
816 if (err < 0)
817 goto unlock;
818
819 err = update_eir(hdev);
820 if (err < 0)
821 goto unlock;
822
823 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824
825 unlock:
826 hci_dev_unlock_bh(hdev);
827 hci_dev_put(hdev);
828
829 return err;
830 }
831
832 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833 u16 len)
834 {
835 struct hci_dev *hdev;
836 struct mgmt_cp_set_dev_class *cp;
837 int err;
838
839 cp = (void *) data;
840
841 BT_DBG("request for hci%u", index);
842
843 if (len != sizeof(*cp))
844 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
845
846 hdev = hci_dev_get(index);
847 if (!hdev)
848 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
849
850 hci_dev_lock_bh(hdev);
851
852 hdev->major_class = cp->major;
853 hdev->minor_class = cp->minor;
854
855 err = update_class(hdev);
856
857 if (err == 0)
858 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
859
860 hci_dev_unlock_bh(hdev);
861 hci_dev_put(hdev);
862
863 return err;
864 }
865
866 static int set_service_cache(struct sock *sk, u16 index, unsigned char *data,
867 u16 len)
868 {
869 struct hci_dev *hdev;
870 struct mgmt_cp_set_service_cache *cp;
871 int err;
872
873 cp = (void *) data;
874
875 if (len != sizeof(*cp))
876 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
877
878 hdev = hci_dev_get(index);
879 if (!hdev)
880 return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
881
882 hci_dev_lock_bh(hdev);
883
884 BT_DBG("hci%u enable %d", index, cp->enable);
885
886 if (cp->enable) {
887 set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888 err = 0;
889 } else {
890 clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891 err = update_class(hdev);
892 if (err == 0)
893 err = update_eir(hdev);
894 }
895
896 if (err == 0)
897 err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898 0);
899
900 hci_dev_unlock_bh(hdev);
901 hci_dev_put(hdev);
902
903 return err;
904 }
905
906 static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
907 {
908 struct hci_dev *hdev;
909 struct mgmt_cp_load_keys *cp;
910 u16 key_count, expected_len;
911 int i, err;
912
913 cp = (void *) data;
914
915 if (len < sizeof(*cp))
916 return -EINVAL;
917
918 key_count = get_unaligned_le16(&cp->key_count);
919
920 expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
921 if (expected_len > len) {
922 BT_ERR("load_keys: expected at least %u bytes, got %u bytes",
923 expected_len, len);
924 return -EINVAL;
925 }
926
927 hdev = hci_dev_get(index);
928 if (!hdev)
929 return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
930
931 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932 key_count);
933
934 hci_dev_lock_bh(hdev);
935
936 hci_link_keys_clear(hdev);
937
938 set_bit(HCI_LINK_KEYS, &hdev->flags);
939
940 if (cp->debug_keys)
941 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
942 else
943 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
944
945 len -= sizeof(*cp);
946 i = 0;
947
948 while (i < len) {
949 struct mgmt_key_info *key = (void *) cp->keys + i;
950
951 i += sizeof(*key) + key->dlen;
952
953 if (key->type == HCI_LK_SMP_LTK) {
954 struct key_master_id *id = (void *) key->data;
955
956 if (key->dlen != sizeof(struct key_master_id))
957 continue;
958
959 hci_add_ltk(hdev, 0, &key->bdaddr, key->pin_len,
960 id->ediv, id->rand, key->val);
961
962 continue;
963 }
964
965 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
966 key->pin_len);
967 }
968
969 err = cmd_complete(sk, index, MGMT_OP_LOAD_KEYS, NULL, 0);
970
971 hci_dev_unlock_bh(hdev);
972 hci_dev_put(hdev);
973
974 return err;
975 }
976
977 static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
978 {
979 struct hci_dev *hdev;
980 struct mgmt_cp_remove_key *cp;
981 struct hci_conn *conn;
982 int err;
983
984 cp = (void *) data;
985
986 if (len != sizeof(*cp))
987 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
988
989 hdev = hci_dev_get(index);
990 if (!hdev)
991 return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
992
993 hci_dev_lock_bh(hdev);
994
995 err = hci_remove_link_key(hdev, &cp->bdaddr);
996 if (err < 0) {
997 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
998 goto unlock;
999 }
1000
1001 err = 0;
1002
1003 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
1004 goto unlock;
1005
1006 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1007 if (conn) {
1008 struct hci_cp_disconnect dc;
1009
1010 put_unaligned_le16(conn->handle, &dc.handle);
1011 dc.reason = 0x13; /* Remote User Terminated Connection */
1012 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1013 }
1014
1015 unlock:
1016 hci_dev_unlock_bh(hdev);
1017 hci_dev_put(hdev);
1018
1019 return err;
1020 }
1021
1022 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1023 {
1024 struct hci_dev *hdev;
1025 struct mgmt_cp_disconnect *cp;
1026 struct hci_cp_disconnect dc;
1027 struct pending_cmd *cmd;
1028 struct hci_conn *conn;
1029 int err;
1030
1031 BT_DBG("");
1032
1033 cp = (void *) data;
1034
1035 if (len != sizeof(*cp))
1036 return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1037
1038 hdev = hci_dev_get(index);
1039 if (!hdev)
1040 return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1041
1042 hci_dev_lock_bh(hdev);
1043
1044 if (!test_bit(HCI_UP, &hdev->flags)) {
1045 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1046 goto failed;
1047 }
1048
1049 if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1050 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1051 goto failed;
1052 }
1053
1054 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1055 if (!conn)
1056 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1057
1058 if (!conn) {
1059 err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1060 goto failed;
1061 }
1062
1063 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1064 if (!cmd) {
1065 err = -ENOMEM;
1066 goto failed;
1067 }
1068
1069 put_unaligned_le16(conn->handle, &dc.handle);
1070 dc.reason = 0x13; /* Remote User Terminated Connection */
1071
1072 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1073 if (err < 0)
1074 mgmt_pending_remove(cmd);
1075
1076 failed:
1077 hci_dev_unlock_bh(hdev);
1078 hci_dev_put(hdev);
1079
1080 return err;
1081 }
1082
1083 static int get_connections(struct sock *sk, u16 index)
1084 {
1085 struct mgmt_rp_get_connections *rp;
1086 struct hci_dev *hdev;
1087 struct list_head *p;
1088 size_t rp_len;
1089 u16 count;
1090 int i, err;
1091
1092 BT_DBG("");
1093
1094 hdev = hci_dev_get(index);
1095 if (!hdev)
1096 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1097
1098 hci_dev_lock_bh(hdev);
1099
1100 count = 0;
1101 list_for_each(p, &hdev->conn_hash.list) {
1102 count++;
1103 }
1104
1105 rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1106 rp = kmalloc(rp_len, GFP_ATOMIC);
1107 if (!rp) {
1108 err = -ENOMEM;
1109 goto unlock;
1110 }
1111
1112 put_unaligned_le16(count, &rp->conn_count);
1113
1114 i = 0;
1115 list_for_each(p, &hdev->conn_hash.list) {
1116 struct hci_conn *c = list_entry(p, struct hci_conn, list);
1117
1118 bacpy(&rp->conn[i++], &c->dst);
1119 }
1120
1121 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1122
1123 unlock:
1124 kfree(rp);
1125 hci_dev_unlock_bh(hdev);
1126 hci_dev_put(hdev);
1127 return err;
1128 }
1129
1130 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1131 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1132 {
1133 struct pending_cmd *cmd;
1134 int err;
1135
1136 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp,
1137 sizeof(*cp));
1138 if (!cmd)
1139 return -ENOMEM;
1140
1141 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1142 &cp->bdaddr);
1143 if (err < 0)
1144 mgmt_pending_remove(cmd);
1145
1146 return err;
1147 }
1148
1149 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1150 u16 len)
1151 {
1152 struct hci_dev *hdev;
1153 struct hci_conn *conn;
1154 struct mgmt_cp_pin_code_reply *cp;
1155 struct mgmt_cp_pin_code_neg_reply ncp;
1156 struct hci_cp_pin_code_reply reply;
1157 struct pending_cmd *cmd;
1158 int err;
1159
1160 BT_DBG("");
1161
1162 cp = (void *) data;
1163
1164 if (len != sizeof(*cp))
1165 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1166
1167 hdev = hci_dev_get(index);
1168 if (!hdev)
1169 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1170
1171 hci_dev_lock_bh(hdev);
1172
1173 if (!test_bit(HCI_UP, &hdev->flags)) {
1174 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1175 goto failed;
1176 }
1177
1178 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1179 if (!conn) {
1180 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN);
1181 goto failed;
1182 }
1183
1184 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1185 bacpy(&ncp.bdaddr, &cp->bdaddr);
1186
1187 BT_ERR("PIN code is not 16 bytes long");
1188
1189 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1190 if (err >= 0)
1191 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1192 EINVAL);
1193
1194 goto failed;
1195 }
1196
1197 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1198 if (!cmd) {
1199 err = -ENOMEM;
1200 goto failed;
1201 }
1202
1203 bacpy(&reply.bdaddr, &cp->bdaddr);
1204 reply.pin_len = cp->pin_len;
1205 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1206
1207 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1208 if (err < 0)
1209 mgmt_pending_remove(cmd);
1210
1211 failed:
1212 hci_dev_unlock_bh(hdev);
1213 hci_dev_put(hdev);
1214
1215 return err;
1216 }
1217
1218 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1219 u16 len)
1220 {
1221 struct hci_dev *hdev;
1222 struct mgmt_cp_pin_code_neg_reply *cp;
1223 int err;
1224
1225 BT_DBG("");
1226
1227 cp = (void *) data;
1228
1229 if (len != sizeof(*cp))
1230 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1231 EINVAL);
1232
1233 hdev = hci_dev_get(index);
1234 if (!hdev)
1235 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1236 ENODEV);
1237
1238 hci_dev_lock_bh(hdev);
1239
1240 if (!test_bit(HCI_UP, &hdev->flags)) {
1241 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1242 ENETDOWN);
1243 goto failed;
1244 }
1245
1246 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1247
1248 failed:
1249 hci_dev_unlock_bh(hdev);
1250 hci_dev_put(hdev);
1251
1252 return err;
1253 }
1254
1255 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1256 u16 len)
1257 {
1258 struct hci_dev *hdev;
1259 struct mgmt_cp_set_io_capability *cp;
1260
1261 BT_DBG("");
1262
1263 cp = (void *) data;
1264
1265 if (len != sizeof(*cp))
1266 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1267
1268 hdev = hci_dev_get(index);
1269 if (!hdev)
1270 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1271
1272 hci_dev_lock_bh(hdev);
1273
1274 hdev->io_capability = cp->io_capability;
1275
1276 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1277 hdev->io_capability);
1278
1279 hci_dev_unlock_bh(hdev);
1280 hci_dev_put(hdev);
1281
1282 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1283 }
1284
1285 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1286 {
1287 struct hci_dev *hdev = conn->hdev;
1288 struct list_head *p;
1289
1290 list_for_each(p, &cmd_list) {
1291 struct pending_cmd *cmd;
1292
1293 cmd = list_entry(p, struct pending_cmd, list);
1294
1295 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1296 continue;
1297
1298 if (cmd->index != hdev->id)
1299 continue;
1300
1301 if (cmd->user_data != conn)
1302 continue;
1303
1304 return cmd;
1305 }
1306
1307 return NULL;
1308 }
1309
1310 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1311 {
1312 struct mgmt_rp_pair_device rp;
1313 struct hci_conn *conn = cmd->user_data;
1314
1315 bacpy(&rp.bdaddr, &conn->dst);
1316 rp.status = status;
1317
1318 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1319
1320 /* So we don't get further callbacks for this connection */
1321 conn->connect_cfm_cb = NULL;
1322 conn->security_cfm_cb = NULL;
1323 conn->disconn_cfm_cb = NULL;
1324
1325 hci_conn_put(conn);
1326
1327 mgmt_pending_remove(cmd);
1328 }
1329
1330 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1331 {
1332 struct pending_cmd *cmd;
1333
1334 BT_DBG("status %u", status);
1335
1336 cmd = find_pairing(conn);
1337 if (!cmd) {
1338 BT_DBG("Unable to find a pending command");
1339 return;
1340 }
1341
1342 pairing_complete(cmd, status);
1343 }
1344
1345 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1346 {
1347 struct hci_dev *hdev;
1348 struct mgmt_cp_pair_device *cp;
1349 struct pending_cmd *cmd;
1350 u8 sec_level, auth_type;
1351 struct hci_conn *conn;
1352 int err;
1353
1354 BT_DBG("");
1355
1356 cp = (void *) data;
1357
1358 if (len != sizeof(*cp))
1359 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1360
1361 hdev = hci_dev_get(index);
1362 if (!hdev)
1363 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1364
1365 hci_dev_lock_bh(hdev);
1366
1367 if (cp->io_cap == 0x03) {
1368 sec_level = BT_SECURITY_MEDIUM;
1369 auth_type = HCI_AT_DEDICATED_BONDING;
1370 } else {
1371 sec_level = BT_SECURITY_HIGH;
1372 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1373 }
1374
1375 conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1376 if (IS_ERR(conn)) {
1377 err = PTR_ERR(conn);
1378 goto unlock;
1379 }
1380
1381 if (conn->connect_cfm_cb) {
1382 hci_conn_put(conn);
1383 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1384 goto unlock;
1385 }
1386
1387 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1388 if (!cmd) {
1389 err = -ENOMEM;
1390 hci_conn_put(conn);
1391 goto unlock;
1392 }
1393
1394 conn->connect_cfm_cb = pairing_complete_cb;
1395 conn->security_cfm_cb = pairing_complete_cb;
1396 conn->disconn_cfm_cb = pairing_complete_cb;
1397 conn->io_capability = cp->io_cap;
1398 cmd->user_data = conn;
1399
1400 if (conn->state == BT_CONNECTED &&
1401 hci_conn_security(conn, sec_level, auth_type))
1402 pairing_complete(cmd, 0);
1403
1404 err = 0;
1405
1406 unlock:
1407 hci_dev_unlock_bh(hdev);
1408 hci_dev_put(hdev);
1409
1410 return err;
1411 }
1412
1413 static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1414 u16 len, int success)
1415 {
1416 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1417 u16 mgmt_op, hci_op;
1418 struct pending_cmd *cmd;
1419 struct hci_dev *hdev;
1420 int err;
1421
1422 BT_DBG("");
1423
1424 if (success) {
1425 mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1426 hci_op = HCI_OP_USER_CONFIRM_REPLY;
1427 } else {
1428 mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1429 hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1430 }
1431
1432 if (len != sizeof(*cp))
1433 return cmd_status(sk, index, mgmt_op, EINVAL);
1434
1435 hdev = hci_dev_get(index);
1436 if (!hdev)
1437 return cmd_status(sk, index, mgmt_op, ENODEV);
1438
1439 hci_dev_lock_bh(hdev);
1440
1441 if (!test_bit(HCI_UP, &hdev->flags)) {
1442 err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1443 goto failed;
1444 }
1445
1446 cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1447 if (!cmd) {
1448 err = -ENOMEM;
1449 goto failed;
1450 }
1451
1452 err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1453 if (err < 0)
1454 mgmt_pending_remove(cmd);
1455
1456 failed:
1457 hci_dev_unlock_bh(hdev);
1458 hci_dev_put(hdev);
1459
1460 return err;
1461 }
1462
1463 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1464 u16 len)
1465 {
1466 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1467 struct hci_cp_write_local_name hci_cp;
1468 struct hci_dev *hdev;
1469 struct pending_cmd *cmd;
1470 int err;
1471
1472 BT_DBG("");
1473
1474 if (len != sizeof(*mgmt_cp))
1475 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1476
1477 hdev = hci_dev_get(index);
1478 if (!hdev)
1479 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1480
1481 hci_dev_lock_bh(hdev);
1482
1483 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1484 if (!cmd) {
1485 err = -ENOMEM;
1486 goto failed;
1487 }
1488
1489 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1490 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1491 &hci_cp);
1492 if (err < 0)
1493 mgmt_pending_remove(cmd);
1494
1495 failed:
1496 hci_dev_unlock_bh(hdev);
1497 hci_dev_put(hdev);
1498
1499 return err;
1500 }
1501
1502 static int read_local_oob_data(struct sock *sk, u16 index)
1503 {
1504 struct hci_dev *hdev;
1505 struct pending_cmd *cmd;
1506 int err;
1507
1508 BT_DBG("hci%u", index);
1509
1510 hdev = hci_dev_get(index);
1511 if (!hdev)
1512 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1513 ENODEV);
1514
1515 hci_dev_lock_bh(hdev);
1516
1517 if (!test_bit(HCI_UP, &hdev->flags)) {
1518 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1519 ENETDOWN);
1520 goto unlock;
1521 }
1522
1523 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1524 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1525 EOPNOTSUPP);
1526 goto unlock;
1527 }
1528
1529 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1530 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1531 goto unlock;
1532 }
1533
1534 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1535 if (!cmd) {
1536 err = -ENOMEM;
1537 goto unlock;
1538 }
1539
1540 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1541 if (err < 0)
1542 mgmt_pending_remove(cmd);
1543
1544 unlock:
1545 hci_dev_unlock_bh(hdev);
1546 hci_dev_put(hdev);
1547
1548 return err;
1549 }
1550
1551 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1552 u16 len)
1553 {
1554 struct hci_dev *hdev;
1555 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1556 int err;
1557
1558 BT_DBG("hci%u ", index);
1559
1560 if (len != sizeof(*cp))
1561 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1562 EINVAL);
1563
1564 hdev = hci_dev_get(index);
1565 if (!hdev)
1566 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1567 ENODEV);
1568
1569 hci_dev_lock_bh(hdev);
1570
1571 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1572 cp->randomizer);
1573 if (err < 0)
1574 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1575 else
1576 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1577 0);
1578
1579 hci_dev_unlock_bh(hdev);
1580 hci_dev_put(hdev);
1581
1582 return err;
1583 }
1584
1585 static int remove_remote_oob_data(struct sock *sk, u16 index,
1586 unsigned char *data, u16 len)
1587 {
1588 struct hci_dev *hdev;
1589 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1590 int err;
1591
1592 BT_DBG("hci%u ", index);
1593
1594 if (len != sizeof(*cp))
1595 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1596 EINVAL);
1597
1598 hdev = hci_dev_get(index);
1599 if (!hdev)
1600 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1601 ENODEV);
1602
1603 hci_dev_lock_bh(hdev);
1604
1605 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1606 if (err < 0)
1607 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1608 -err);
1609 else
1610 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1611 NULL, 0);
1612
1613 hci_dev_unlock_bh(hdev);
1614 hci_dev_put(hdev);
1615
1616 return err;
1617 }
1618
1619 static int start_discovery(struct sock *sk, u16 index)
1620 {
1621 u8 lap[3] = { 0x33, 0x8b, 0x9e };
1622 struct hci_cp_inquiry cp;
1623 struct pending_cmd *cmd;
1624 struct hci_dev *hdev;
1625 int err;
1626
1627 BT_DBG("hci%u", index);
1628
1629 hdev = hci_dev_get(index);
1630 if (!hdev)
1631 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1632
1633 hci_dev_lock_bh(hdev);
1634
1635 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1636 if (!cmd) {
1637 err = -ENOMEM;
1638 goto failed;
1639 }
1640
1641 memset(&cp, 0, sizeof(cp));
1642 memcpy(&cp.lap, lap, 3);
1643 cp.length = 0x08;
1644 cp.num_rsp = 0x00;
1645
1646 err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1647 if (err < 0)
1648 mgmt_pending_remove(cmd);
1649
1650 failed:
1651 hci_dev_unlock_bh(hdev);
1652 hci_dev_put(hdev);
1653
1654 return err;
1655 }
1656
1657 static int stop_discovery(struct sock *sk, u16 index)
1658 {
1659 struct hci_dev *hdev;
1660 struct pending_cmd *cmd;
1661 int err;
1662
1663 BT_DBG("hci%u", index);
1664
1665 hdev = hci_dev_get(index);
1666 if (!hdev)
1667 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1668
1669 hci_dev_lock_bh(hdev);
1670
1671 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1672 if (!cmd) {
1673 err = -ENOMEM;
1674 goto failed;
1675 }
1676
1677 err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1678 if (err < 0)
1679 mgmt_pending_remove(cmd);
1680
1681 failed:
1682 hci_dev_unlock_bh(hdev);
1683 hci_dev_put(hdev);
1684
1685 return err;
1686 }
1687
1688 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1689 u16 len)
1690 {
1691 struct hci_dev *hdev;
1692 struct mgmt_cp_block_device *cp;
1693 int err;
1694
1695 BT_DBG("hci%u", index);
1696
1697 cp = (void *) data;
1698
1699 if (len != sizeof(*cp))
1700 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1701 EINVAL);
1702
1703 hdev = hci_dev_get(index);
1704 if (!hdev)
1705 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1706 ENODEV);
1707
1708 err = hci_blacklist_add(hdev, &cp->bdaddr);
1709
1710 if (err < 0)
1711 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE, -err);
1712 else
1713 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
1714 NULL, 0);
1715 hci_dev_put(hdev);
1716
1717 return err;
1718 }
1719
1720 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
1721 u16 len)
1722 {
1723 struct hci_dev *hdev;
1724 struct mgmt_cp_unblock_device *cp;
1725 int err;
1726
1727 BT_DBG("hci%u", index);
1728
1729 cp = (void *) data;
1730
1731 if (len != sizeof(*cp))
1732 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1733 EINVAL);
1734
1735 hdev = hci_dev_get(index);
1736 if (!hdev)
1737 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1738 ENODEV);
1739
1740 err = hci_blacklist_del(hdev, &cp->bdaddr);
1741
1742 if (err < 0)
1743 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE, -err);
1744 else
1745 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
1746 NULL, 0);
1747 hci_dev_put(hdev);
1748
1749 return err;
1750 }
1751
1752 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1753 {
1754 unsigned char *buf;
1755 struct mgmt_hdr *hdr;
1756 u16 opcode, index, len;
1757 int err;
1758
1759 BT_DBG("got %zu bytes", msglen);
1760
1761 if (msglen < sizeof(*hdr))
1762 return -EINVAL;
1763
1764 buf = kmalloc(msglen, GFP_KERNEL);
1765 if (!buf)
1766 return -ENOMEM;
1767
1768 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1769 err = -EFAULT;
1770 goto done;
1771 }
1772
1773 hdr = (struct mgmt_hdr *) buf;
1774 opcode = get_unaligned_le16(&hdr->opcode);
1775 index = get_unaligned_le16(&hdr->index);
1776 len = get_unaligned_le16(&hdr->len);
1777
1778 if (len != msglen - sizeof(*hdr)) {
1779 err = -EINVAL;
1780 goto done;
1781 }
1782
1783 switch (opcode) {
1784 case MGMT_OP_READ_VERSION:
1785 err = read_version(sk);
1786 break;
1787 case MGMT_OP_READ_INDEX_LIST:
1788 err = read_index_list(sk);
1789 break;
1790 case MGMT_OP_READ_INFO:
1791 err = read_controller_info(sk, index);
1792 break;
1793 case MGMT_OP_SET_POWERED:
1794 err = set_powered(sk, index, buf + sizeof(*hdr), len);
1795 break;
1796 case MGMT_OP_SET_DISCOVERABLE:
1797 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1798 break;
1799 case MGMT_OP_SET_CONNECTABLE:
1800 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1801 break;
1802 case MGMT_OP_SET_PAIRABLE:
1803 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1804 break;
1805 case MGMT_OP_ADD_UUID:
1806 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1807 break;
1808 case MGMT_OP_REMOVE_UUID:
1809 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1810 break;
1811 case MGMT_OP_SET_DEV_CLASS:
1812 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1813 break;
1814 case MGMT_OP_SET_SERVICE_CACHE:
1815 err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1816 break;
1817 case MGMT_OP_LOAD_KEYS:
1818 err = load_keys(sk, index, buf + sizeof(*hdr), len);
1819 break;
1820 case MGMT_OP_REMOVE_KEY:
1821 err = remove_key(sk, index, buf + sizeof(*hdr), len);
1822 break;
1823 case MGMT_OP_DISCONNECT:
1824 err = disconnect(sk, index, buf + sizeof(*hdr), len);
1825 break;
1826 case MGMT_OP_GET_CONNECTIONS:
1827 err = get_connections(sk, index);
1828 break;
1829 case MGMT_OP_PIN_CODE_REPLY:
1830 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1831 break;
1832 case MGMT_OP_PIN_CODE_NEG_REPLY:
1833 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1834 break;
1835 case MGMT_OP_SET_IO_CAPABILITY:
1836 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1837 break;
1838 case MGMT_OP_PAIR_DEVICE:
1839 err = pair_device(sk, index, buf + sizeof(*hdr), len);
1840 break;
1841 case MGMT_OP_USER_CONFIRM_REPLY:
1842 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1843 break;
1844 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1845 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1846 break;
1847 case MGMT_OP_SET_LOCAL_NAME:
1848 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1849 break;
1850 case MGMT_OP_READ_LOCAL_OOB_DATA:
1851 err = read_local_oob_data(sk, index);
1852 break;
1853 case MGMT_OP_ADD_REMOTE_OOB_DATA:
1854 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1855 break;
1856 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1857 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1858 len);
1859 break;
1860 case MGMT_OP_START_DISCOVERY:
1861 err = start_discovery(sk, index);
1862 break;
1863 case MGMT_OP_STOP_DISCOVERY:
1864 err = stop_discovery(sk, index);
1865 break;
1866 case MGMT_OP_BLOCK_DEVICE:
1867 err = block_device(sk, index, buf + sizeof(*hdr), len);
1868 break;
1869 case MGMT_OP_UNBLOCK_DEVICE:
1870 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
1871 break;
1872 default:
1873 BT_DBG("Unknown op %u", opcode);
1874 err = cmd_status(sk, index, opcode, 0x01);
1875 break;
1876 }
1877
1878 if (err < 0)
1879 goto done;
1880
1881 err = msglen;
1882
1883 done:
1884 kfree(buf);
1885 return err;
1886 }
1887
1888 int mgmt_index_added(u16 index)
1889 {
1890 return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1891 }
1892
1893 int mgmt_index_removed(u16 index)
1894 {
1895 return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1896 }
1897
1898 struct cmd_lookup {
1899 u8 val;
1900 struct sock *sk;
1901 };
1902
1903 static void mode_rsp(struct pending_cmd *cmd, void *data)
1904 {
1905 struct mgmt_mode *cp = cmd->param;
1906 struct cmd_lookup *match = data;
1907
1908 if (cp->val != match->val)
1909 return;
1910
1911 send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1912
1913 list_del(&cmd->list);
1914
1915 if (match->sk == NULL) {
1916 match->sk = cmd->sk;
1917 sock_hold(match->sk);
1918 }
1919
1920 mgmt_pending_free(cmd);
1921 }
1922
1923 int mgmt_powered(u16 index, u8 powered)
1924 {
1925 struct mgmt_mode ev;
1926 struct cmd_lookup match = { powered, NULL };
1927 int ret;
1928
1929 mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1930
1931 ev.val = powered;
1932
1933 ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1934
1935 if (match.sk)
1936 sock_put(match.sk);
1937
1938 return ret;
1939 }
1940
1941 int mgmt_discoverable(u16 index, u8 discoverable)
1942 {
1943 struct mgmt_mode ev;
1944 struct cmd_lookup match = { discoverable, NULL };
1945 int ret;
1946
1947 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1948
1949 ev.val = discoverable;
1950
1951 ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1952 match.sk);
1953
1954 if (match.sk)
1955 sock_put(match.sk);
1956
1957 return ret;
1958 }
1959
1960 int mgmt_connectable(u16 index, u8 connectable)
1961 {
1962 struct mgmt_mode ev;
1963 struct cmd_lookup match = { connectable, NULL };
1964 int ret;
1965
1966 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1967
1968 ev.val = connectable;
1969
1970 ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1971
1972 if (match.sk)
1973 sock_put(match.sk);
1974
1975 return ret;
1976 }
1977
1978 int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
1979 {
1980 struct mgmt_ev_new_key *ev;
1981 int err, total;
1982
1983 total = sizeof(struct mgmt_ev_new_key) + key->dlen;
1984 ev = kzalloc(total, GFP_ATOMIC);
1985 if (!ev)
1986 return -ENOMEM;
1987
1988 bacpy(&ev->key.bdaddr, &key->bdaddr);
1989 ev->key.type = key->type;
1990 memcpy(ev->key.val, key->val, 16);
1991 ev->key.pin_len = key->pin_len;
1992 ev->key.dlen = key->dlen;
1993 ev->store_hint = persistent;
1994
1995 memcpy(ev->key.data, key->data, key->dlen);
1996
1997 err = mgmt_event(MGMT_EV_NEW_KEY, index, ev, total, NULL);
1998
1999 kfree(ev);
2000
2001 return err;
2002 }
2003
2004 int mgmt_connected(u16 index, bdaddr_t *bdaddr)
2005 {
2006 struct mgmt_ev_connected ev;
2007
2008 bacpy(&ev.bdaddr, bdaddr);
2009
2010 return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
2011 }
2012
2013 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2014 {
2015 struct mgmt_cp_disconnect *cp = cmd->param;
2016 struct sock **sk = data;
2017 struct mgmt_rp_disconnect rp;
2018
2019 bacpy(&rp.bdaddr, &cp->bdaddr);
2020
2021 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2022
2023 *sk = cmd->sk;
2024 sock_hold(*sk);
2025
2026 mgmt_pending_remove(cmd);
2027 }
2028
2029 int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
2030 {
2031 struct mgmt_ev_disconnected ev;
2032 struct sock *sk = NULL;
2033 int err;
2034
2035 mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
2036
2037 bacpy(&ev.bdaddr, bdaddr);
2038
2039 err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
2040
2041 if (sk)
2042 sock_put(sk);
2043
2044 return err;
2045 }
2046
2047 int mgmt_disconnect_failed(u16 index)
2048 {
2049 struct pending_cmd *cmd;
2050 int err;
2051
2052 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
2053 if (!cmd)
2054 return -ENOENT;
2055
2056 err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
2057
2058 mgmt_pending_remove(cmd);
2059
2060 return err;
2061 }
2062
2063 int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2064 {
2065 struct mgmt_ev_connect_failed ev;
2066
2067 bacpy(&ev.bdaddr, bdaddr);
2068 ev.status = status;
2069
2070 return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
2071 }
2072
2073 int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
2074 {
2075 struct mgmt_ev_pin_code_request ev;
2076
2077 bacpy(&ev.bdaddr, bdaddr);
2078 ev.secure = secure;
2079
2080 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
2081 NULL);
2082 }
2083
2084 int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2085 {
2086 struct pending_cmd *cmd;
2087 struct mgmt_rp_pin_code_reply rp;
2088 int err;
2089
2090 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
2091 if (!cmd)
2092 return -ENOENT;
2093
2094 bacpy(&rp.bdaddr, bdaddr);
2095 rp.status = status;
2096
2097 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
2098 sizeof(rp));
2099
2100 mgmt_pending_remove(cmd);
2101
2102 return err;
2103 }
2104
2105 int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2106 {
2107 struct pending_cmd *cmd;
2108 struct mgmt_rp_pin_code_reply rp;
2109 int err;
2110
2111 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
2112 if (!cmd)
2113 return -ENOENT;
2114
2115 bacpy(&rp.bdaddr, bdaddr);
2116 rp.status = status;
2117
2118 err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2119 sizeof(rp));
2120
2121 mgmt_pending_remove(cmd);
2122
2123 return err;
2124 }
2125
2126 int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2127 u8 confirm_hint)
2128 {
2129 struct mgmt_ev_user_confirm_request ev;
2130
2131 BT_DBG("hci%u", index);
2132
2133 bacpy(&ev.bdaddr, bdaddr);
2134 ev.confirm_hint = confirm_hint;
2135 put_unaligned_le32(value, &ev.value);
2136
2137 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2138 NULL);
2139 }
2140
2141 static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2142 u8 opcode)
2143 {
2144 struct pending_cmd *cmd;
2145 struct mgmt_rp_user_confirm_reply rp;
2146 int err;
2147
2148 cmd = mgmt_pending_find(opcode, index);
2149 if (!cmd)
2150 return -ENOENT;
2151
2152 bacpy(&rp.bdaddr, bdaddr);
2153 rp.status = status;
2154 err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2155
2156 mgmt_pending_remove(cmd);
2157
2158 return err;
2159 }
2160
2161 int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2162 {
2163 return confirm_reply_complete(index, bdaddr, status,
2164 MGMT_OP_USER_CONFIRM_REPLY);
2165 }
2166
2167 int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2168 {
2169 return confirm_reply_complete(index, bdaddr, status,
2170 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2171 }
2172
2173 int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2174 {
2175 struct mgmt_ev_auth_failed ev;
2176
2177 bacpy(&ev.bdaddr, bdaddr);
2178 ev.status = status;
2179
2180 return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2181 }
2182
2183 int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2184 {
2185 struct pending_cmd *cmd;
2186 struct hci_dev *hdev;
2187 struct mgmt_cp_set_local_name ev;
2188 int err;
2189
2190 memset(&ev, 0, sizeof(ev));
2191 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2192
2193 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2194 if (!cmd)
2195 goto send_event;
2196
2197 if (status) {
2198 err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2199 goto failed;
2200 }
2201
2202 hdev = hci_dev_get(index);
2203 if (hdev) {
2204 hci_dev_lock_bh(hdev);
2205 update_eir(hdev);
2206 hci_dev_unlock_bh(hdev);
2207 hci_dev_put(hdev);
2208 }
2209
2210 err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2211 sizeof(ev));
2212 if (err < 0)
2213 goto failed;
2214
2215 send_event:
2216 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2217 cmd ? cmd->sk : NULL);
2218
2219 failed:
2220 if (cmd)
2221 mgmt_pending_remove(cmd);
2222 return err;
2223 }
2224
2225 int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2226 u8 status)
2227 {
2228 struct pending_cmd *cmd;
2229 int err;
2230
2231 BT_DBG("hci%u status %u", index, status);
2232
2233 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2234 if (!cmd)
2235 return -ENOENT;
2236
2237 if (status) {
2238 err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2239 EIO);
2240 } else {
2241 struct mgmt_rp_read_local_oob_data rp;
2242
2243 memcpy(rp.hash, hash, sizeof(rp.hash));
2244 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2245
2246 err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2247 &rp, sizeof(rp));
2248 }
2249
2250 mgmt_pending_remove(cmd);
2251
2252 return err;
2253 }
2254
2255 int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2256 u8 *eir)
2257 {
2258 struct mgmt_ev_device_found ev;
2259
2260 memset(&ev, 0, sizeof(ev));
2261
2262 bacpy(&ev.bdaddr, bdaddr);
2263 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2264 ev.rssi = rssi;
2265
2266 if (eir)
2267 memcpy(ev.eir, eir, sizeof(ev.eir));
2268
2269 return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2270 }
2271
2272 int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2273 {
2274 struct mgmt_ev_remote_name ev;
2275
2276 memset(&ev, 0, sizeof(ev));
2277
2278 bacpy(&ev.bdaddr, bdaddr);
2279 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2280
2281 return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2282 }
2283
2284 int mgmt_discovering(u16 index, u8 discovering)
2285 {
2286 return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2287 sizeof(discovering), NULL);
2288 }
linux-next