Avoid beyond bounds copy while caching ACL
[zen-stable.git] / net / bluetooth / mgmt.c
blobbc8e59dda78e2bf72f81c3eeacea748d5cbd78ae
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
23 /* Bluetooth HCI Management interface */
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
38 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
40 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
42 struct pending_cmd {
43 struct list_head list;
44 u16 opcode;
45 int index;
46 void *param;
47 struct sock *sk;
48 void *user_data;
51 /* HCI to MGMT error code conversion table */
52 static u8 mgmt_status_table[] = {
53 MGMT_STATUS_SUCCESS,
54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
56 MGMT_STATUS_FAILED, /* Hardware Failure */
57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
65 MGMT_STATUS_BUSY, /* Command Disallowed */
66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
67 MGMT_STATUS_REJECTED, /* Rejected Security */
68 MGMT_STATUS_REJECTED, /* Rejected Personal */
69 MGMT_STATUS_TIMEOUT, /* Host Timeout */
70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
76 MGMT_STATUS_BUSY, /* Repeated Attempts */
77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
84 MGMT_STATUS_FAILED, /* Unspecified Error */
85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
91 MGMT_STATUS_FAILED, /* Unit Link Key Used */
92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
93 MGMT_STATUS_TIMEOUT, /* Instant Passed */
94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
95 MGMT_STATUS_FAILED, /* Transaction Collision */
96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
97 MGMT_STATUS_REJECTED, /* QoS Rejected */
98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
99 MGMT_STATUS_REJECTED, /* Insufficient Security */
100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
101 MGMT_STATUS_BUSY, /* Role Switch Pending */
102 MGMT_STATUS_FAILED, /* Slot Violation */
103 MGMT_STATUS_FAILED, /* Role Switch Failed */
104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
106 MGMT_STATUS_BUSY, /* Host Busy Pairing */
107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
108 MGMT_STATUS_BUSY, /* Controller Busy */
109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
116 static u8 mgmt_status(u8 hci_status)
118 if (hci_status < ARRAY_SIZE(mgmt_status_table))
119 return mgmt_status_table[hci_status];
121 return MGMT_STATUS_FAILED;
124 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
126 struct sk_buff *skb;
127 struct mgmt_hdr *hdr;
128 struct mgmt_ev_cmd_status *ev;
129 int err;
131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
134 if (!skb)
135 return -ENOMEM;
137 hdr = (void *) skb_put(skb, sizeof(*hdr));
139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
140 hdr->index = cpu_to_le16(index);
141 hdr->len = cpu_to_le16(sizeof(*ev));
143 ev = (void *) skb_put(skb, sizeof(*ev));
144 ev->status = status;
145 put_unaligned_le16(cmd, &ev->opcode);
147 err = sock_queue_rcv_skb(sk, skb);
148 if (err < 0)
149 kfree_skb(skb);
151 return err;
154 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
155 size_t rp_len)
157 struct sk_buff *skb;
158 struct mgmt_hdr *hdr;
159 struct mgmt_ev_cmd_complete *ev;
160 int err;
162 BT_DBG("sock %p", sk);
164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
165 if (!skb)
166 return -ENOMEM;
168 hdr = (void *) skb_put(skb, sizeof(*hdr));
170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
171 hdr->index = cpu_to_le16(index);
172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175 put_unaligned_le16(cmd, &ev->opcode);
177 if (rp)
178 memcpy(ev->data, rp, rp_len);
180 err = sock_queue_rcv_skb(sk, skb);
181 if (err < 0)
182 kfree_skb(skb);
184 return err;;
187 static int read_version(struct sock *sk)
189 struct mgmt_rp_read_version rp;
191 BT_DBG("sock %p", sk);
193 rp.version = MGMT_VERSION;
194 put_unaligned_le16(MGMT_REVISION, &rp.revision);
196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
197 sizeof(rp));
200 static int read_index_list(struct sock *sk)
202 struct mgmt_rp_read_index_list *rp;
203 struct list_head *p;
204 struct hci_dev *d;
205 size_t rp_len;
206 u16 count;
207 int i, err;
209 BT_DBG("sock %p", sk);
211 read_lock(&hci_dev_list_lock);
213 count = 0;
214 list_for_each(p, &hci_dev_list) {
215 count++;
218 rp_len = sizeof(*rp) + (2 * count);
219 rp = kmalloc(rp_len, GFP_ATOMIC);
220 if (!rp) {
221 read_unlock(&hci_dev_list_lock);
222 return -ENOMEM;
225 put_unaligned_le16(count, &rp->num_controllers);
227 i = 0;
228 list_for_each_entry(d, &hci_dev_list, list) {
229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
230 cancel_delayed_work(&d->power_off);
232 if (test_bit(HCI_SETUP, &d->flags))
233 continue;
235 put_unaligned_le16(d->id, &rp->index[i++]);
236 BT_DBG("Added hci%u", d->id);
239 read_unlock(&hci_dev_list_lock);
241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
242 rp_len);
244 kfree(rp);
246 return err;
249 static u32 get_supported_settings(struct hci_dev *hdev)
251 u32 settings = 0;
253 settings |= MGMT_SETTING_POWERED;
254 settings |= MGMT_SETTING_CONNECTABLE;
255 settings |= MGMT_SETTING_FAST_CONNECTABLE;
256 settings |= MGMT_SETTING_DISCOVERABLE;
257 settings |= MGMT_SETTING_PAIRABLE;
259 if (hdev->features[6] & LMP_SIMPLE_PAIR)
260 settings |= MGMT_SETTING_SSP;
262 if (!(hdev->features[4] & LMP_NO_BREDR)) {
263 settings |= MGMT_SETTING_BREDR;
264 settings |= MGMT_SETTING_LINK_SECURITY;
267 if (hdev->features[4] & LMP_LE)
268 settings |= MGMT_SETTING_LE;
270 return settings;
273 static u32 get_current_settings(struct hci_dev *hdev)
275 u32 settings = 0;
277 if (test_bit(HCI_UP, &hdev->flags))
278 settings |= MGMT_SETTING_POWERED;
279 else
280 return settings;
282 if (test_bit(HCI_PSCAN, &hdev->flags))
283 settings |= MGMT_SETTING_CONNECTABLE;
285 if (test_bit(HCI_ISCAN, &hdev->flags))
286 settings |= MGMT_SETTING_DISCOVERABLE;
288 if (test_bit(HCI_PAIRABLE, &hdev->flags))
289 settings |= MGMT_SETTING_PAIRABLE;
291 if (!(hdev->features[4] & LMP_NO_BREDR))
292 settings |= MGMT_SETTING_BREDR;
294 if (hdev->host_features[0] & LMP_HOST_LE)
295 settings |= MGMT_SETTING_LE;
297 if (test_bit(HCI_AUTH, &hdev->flags))
298 settings |= MGMT_SETTING_LINK_SECURITY;
300 if (hdev->ssp_mode > 0)
301 settings |= MGMT_SETTING_SSP;
303 return settings;
306 #define EIR_FLAGS 0x01 /* flags */
307 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
308 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
309 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
310 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
311 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
312 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
313 #define EIR_NAME_SHORT 0x08 /* shortened local name */
314 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
315 #define EIR_TX_POWER 0x0A /* transmit power level */
316 #define EIR_DEVICE_ID 0x10 /* device ID */
318 #define PNP_INFO_SVCLASS_ID 0x1200
320 static u8 bluetooth_base_uuid[] = {
321 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
322 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
325 static u16 get_uuid16(u8 *uuid128)
327 u32 val;
328 int i;
330 for (i = 0; i < 12; i++) {
331 if (bluetooth_base_uuid[i] != uuid128[i])
332 return 0;
335 memcpy(&val, &uuid128[12], 4);
337 val = le32_to_cpu(val);
338 if (val > 0xffff)
339 return 0;
341 return (u16) val;
344 static void create_eir(struct hci_dev *hdev, u8 *data)
346 u8 *ptr = data;
347 u16 eir_len = 0;
348 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
349 int i, truncated = 0;
350 struct bt_uuid *uuid;
351 size_t name_len;
353 name_len = strlen(hdev->dev_name);
355 if (name_len > 0) {
356 /* EIR Data type */
357 if (name_len > 48) {
358 name_len = 48;
359 ptr[1] = EIR_NAME_SHORT;
360 } else
361 ptr[1] = EIR_NAME_COMPLETE;
363 /* EIR Data length */
364 ptr[0] = name_len + 1;
366 memcpy(ptr + 2, hdev->dev_name, name_len);
368 eir_len += (name_len + 2);
369 ptr += (name_len + 2);
372 memset(uuid16_list, 0, sizeof(uuid16_list));
374 /* Group all UUID16 types */
375 list_for_each_entry(uuid, &hdev->uuids, list) {
376 u16 uuid16;
378 uuid16 = get_uuid16(uuid->uuid);
379 if (uuid16 == 0)
380 return;
382 if (uuid16 < 0x1100)
383 continue;
385 if (uuid16 == PNP_INFO_SVCLASS_ID)
386 continue;
388 /* Stop if not enough space to put next UUID */
389 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
390 truncated = 1;
391 break;
394 /* Check for duplicates */
395 for (i = 0; uuid16_list[i] != 0; i++)
396 if (uuid16_list[i] == uuid16)
397 break;
399 if (uuid16_list[i] == 0) {
400 uuid16_list[i] = uuid16;
401 eir_len += sizeof(u16);
405 if (uuid16_list[0] != 0) {
406 u8 *length = ptr;
408 /* EIR Data type */
409 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
411 ptr += 2;
412 eir_len += 2;
414 for (i = 0; uuid16_list[i] != 0; i++) {
415 *ptr++ = (uuid16_list[i] & 0x00ff);
416 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
419 /* EIR Data length */
420 *length = (i * sizeof(u16)) + 1;
424 static int update_eir(struct hci_dev *hdev)
426 struct hci_cp_write_eir cp;
428 if (!(hdev->features[6] & LMP_EXT_INQ))
429 return 0;
431 if (hdev->ssp_mode == 0)
432 return 0;
434 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
435 return 0;
437 memset(&cp, 0, sizeof(cp));
439 create_eir(hdev, cp.data);
441 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
442 return 0;
444 memcpy(hdev->eir, cp.data, sizeof(cp.data));
446 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
449 static u8 get_service_classes(struct hci_dev *hdev)
451 struct bt_uuid *uuid;
452 u8 val = 0;
454 list_for_each_entry(uuid, &hdev->uuids, list)
455 val |= uuid->svc_hint;
457 return val;
460 static int update_class(struct hci_dev *hdev)
462 u8 cod[3];
464 BT_DBG("%s", hdev->name);
466 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
467 return 0;
469 cod[0] = hdev->minor_class;
470 cod[1] = hdev->major_class;
471 cod[2] = get_service_classes(hdev);
473 if (memcmp(cod, hdev->dev_class, 3) == 0)
474 return 0;
476 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
479 static void service_cache_off(struct work_struct *work)
481 struct hci_dev *hdev = container_of(work, struct hci_dev,
482 service_cache.work);
484 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
485 return;
487 hci_dev_lock(hdev);
489 update_eir(hdev);
490 update_class(hdev);
492 hci_dev_unlock(hdev);
495 static void mgmt_init_hdev(struct hci_dev *hdev)
497 if (!test_and_set_bit(HCI_MGMT, &hdev->flags))
498 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
500 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->flags))
501 schedule_delayed_work(&hdev->service_cache,
502 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
505 static int read_controller_info(struct sock *sk, u16 index)
507 struct mgmt_rp_read_info rp;
508 struct hci_dev *hdev;
510 BT_DBG("sock %p hci%u", sk, index);
512 hdev = hci_dev_get(index);
513 if (!hdev)
514 return cmd_status(sk, index, MGMT_OP_READ_INFO,
515 MGMT_STATUS_INVALID_PARAMS);
517 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
518 cancel_delayed_work_sync(&hdev->power_off);
520 hci_dev_lock(hdev);
522 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
523 mgmt_init_hdev(hdev);
525 memset(&rp, 0, sizeof(rp));
527 bacpy(&rp.bdaddr, &hdev->bdaddr);
529 rp.version = hdev->hci_ver;
531 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
533 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
534 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
536 memcpy(rp.dev_class, hdev->dev_class, 3);
538 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
540 hci_dev_unlock(hdev);
541 hci_dev_put(hdev);
543 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
546 static void mgmt_pending_free(struct pending_cmd *cmd)
548 sock_put(cmd->sk);
549 kfree(cmd->param);
550 kfree(cmd);
553 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
554 struct hci_dev *hdev,
555 void *data, u16 len)
557 struct pending_cmd *cmd;
559 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
560 if (!cmd)
561 return NULL;
563 cmd->opcode = opcode;
564 cmd->index = hdev->id;
566 cmd->param = kmalloc(len, GFP_ATOMIC);
567 if (!cmd->param) {
568 kfree(cmd);
569 return NULL;
572 if (data)
573 memcpy(cmd->param, data, len);
575 cmd->sk = sk;
576 sock_hold(sk);
578 list_add(&cmd->list, &hdev->mgmt_pending);
580 return cmd;
583 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
584 void (*cb)(struct pending_cmd *cmd, void *data),
585 void *data)
587 struct list_head *p, *n;
589 list_for_each_safe(p, n, &hdev->mgmt_pending) {
590 struct pending_cmd *cmd;
592 cmd = list_entry(p, struct pending_cmd, list);
594 if (opcode > 0 && cmd->opcode != opcode)
595 continue;
597 cb(cmd, data);
601 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
603 struct pending_cmd *cmd;
605 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
606 if (cmd->opcode == opcode)
607 return cmd;
610 return NULL;
613 static void mgmt_pending_remove(struct pending_cmd *cmd)
615 list_del(&cmd->list);
616 mgmt_pending_free(cmd);
619 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
621 __le32 settings = cpu_to_le32(get_current_settings(hdev));
623 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
626 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
628 struct mgmt_mode *cp;
629 struct hci_dev *hdev;
630 struct pending_cmd *cmd;
631 int err, up;
633 cp = (void *) data;
635 BT_DBG("request for hci%u", index);
637 if (len != sizeof(*cp))
638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
641 hdev = hci_dev_get(index);
642 if (!hdev)
643 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
644 MGMT_STATUS_INVALID_PARAMS);
646 hci_dev_lock(hdev);
648 up = test_bit(HCI_UP, &hdev->flags);
649 if ((cp->val && up) || (!cp->val && !up)) {
650 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
651 goto failed;
654 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
655 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
656 MGMT_STATUS_BUSY);
657 goto failed;
660 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
661 if (!cmd) {
662 err = -ENOMEM;
663 goto failed;
666 if (cp->val)
667 schedule_work(&hdev->power_on);
668 else
669 schedule_work(&hdev->power_off.work);
671 err = 0;
673 failed:
674 hci_dev_unlock(hdev);
675 hci_dev_put(hdev);
676 return err;
679 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
680 u16 len)
682 struct mgmt_cp_set_discoverable *cp;
683 struct hci_dev *hdev;
684 struct pending_cmd *cmd;
685 u8 scan;
686 int err;
688 cp = (void *) data;
690 BT_DBG("request for hci%u", index);
692 if (len != sizeof(*cp))
693 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
694 MGMT_STATUS_INVALID_PARAMS);
696 hdev = hci_dev_get(index);
697 if (!hdev)
698 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
699 MGMT_STATUS_INVALID_PARAMS);
701 hci_dev_lock(hdev);
703 if (!test_bit(HCI_UP, &hdev->flags)) {
704 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
705 MGMT_STATUS_NOT_POWERED);
706 goto failed;
709 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
710 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
711 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
712 MGMT_STATUS_BUSY);
713 goto failed;
716 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
717 test_bit(HCI_PSCAN, &hdev->flags)) {
718 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
719 goto failed;
722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
723 if (!cmd) {
724 err = -ENOMEM;
725 goto failed;
728 scan = SCAN_PAGE;
730 if (cp->val)
731 scan |= SCAN_INQUIRY;
732 else
733 cancel_delayed_work(&hdev->discov_off);
735 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
736 if (err < 0)
737 mgmt_pending_remove(cmd);
739 if (cp->val)
740 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
742 failed:
743 hci_dev_unlock(hdev);
744 hci_dev_put(hdev);
746 return err;
749 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
750 u16 len)
752 struct mgmt_mode *cp;
753 struct hci_dev *hdev;
754 struct pending_cmd *cmd;
755 u8 scan;
756 int err;
758 cp = (void *) data;
760 BT_DBG("request for hci%u", index);
762 if (len != sizeof(*cp))
763 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764 MGMT_STATUS_INVALID_PARAMS);
766 hdev = hci_dev_get(index);
767 if (!hdev)
768 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
769 MGMT_STATUS_INVALID_PARAMS);
771 hci_dev_lock(hdev);
773 if (!test_bit(HCI_UP, &hdev->flags)) {
774 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
775 MGMT_STATUS_NOT_POWERED);
776 goto failed;
779 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
780 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
781 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
782 MGMT_STATUS_BUSY);
783 goto failed;
786 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
787 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
788 goto failed;
791 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
792 if (!cmd) {
793 err = -ENOMEM;
794 goto failed;
797 if (cp->val)
798 scan = SCAN_PAGE;
799 else
800 scan = 0;
802 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
803 if (err < 0)
804 mgmt_pending_remove(cmd);
806 failed:
807 hci_dev_unlock(hdev);
808 hci_dev_put(hdev);
810 return err;
813 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
814 u16 data_len, struct sock *skip_sk)
816 struct sk_buff *skb;
817 struct mgmt_hdr *hdr;
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
820 if (!skb)
821 return -ENOMEM;
823 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
825 hdr = (void *) skb_put(skb, sizeof(*hdr));
826 hdr->opcode = cpu_to_le16(event);
827 if (hdev)
828 hdr->index = cpu_to_le16(hdev->id);
829 else
830 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
831 hdr->len = cpu_to_le16(data_len);
833 if (data)
834 memcpy(skb_put(skb, data_len), data, data_len);
836 hci_send_to_sock(NULL, skb, skip_sk);
837 kfree_skb(skb);
839 return 0;
842 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
843 u16 len)
845 struct mgmt_mode *cp;
846 struct hci_dev *hdev;
847 __le32 ev;
848 int err;
850 cp = (void *) data;
852 BT_DBG("request for hci%u", index);
854 if (len != sizeof(*cp))
855 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
856 MGMT_STATUS_INVALID_PARAMS);
858 hdev = hci_dev_get(index);
859 if (!hdev)
860 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
861 MGMT_STATUS_INVALID_PARAMS);
863 hci_dev_lock(hdev);
865 if (cp->val)
866 set_bit(HCI_PAIRABLE, &hdev->flags);
867 else
868 clear_bit(HCI_PAIRABLE, &hdev->flags);
870 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
871 if (err < 0)
872 goto failed;
874 ev = cpu_to_le32(get_current_settings(hdev));
876 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
878 failed:
879 hci_dev_unlock(hdev);
880 hci_dev_put(hdev);
882 return err;
885 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
887 struct mgmt_cp_add_uuid *cp;
888 struct hci_dev *hdev;
889 struct bt_uuid *uuid;
890 int err;
892 cp = (void *) data;
894 BT_DBG("request for hci%u", index);
896 if (len != sizeof(*cp))
897 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
898 MGMT_STATUS_INVALID_PARAMS);
900 hdev = hci_dev_get(index);
901 if (!hdev)
902 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
903 MGMT_STATUS_INVALID_PARAMS);
905 hci_dev_lock(hdev);
907 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
908 if (!uuid) {
909 err = -ENOMEM;
910 goto failed;
913 memcpy(uuid->uuid, cp->uuid, 16);
914 uuid->svc_hint = cp->svc_hint;
916 list_add(&uuid->list, &hdev->uuids);
918 err = update_class(hdev);
919 if (err < 0)
920 goto failed;
922 err = update_eir(hdev);
923 if (err < 0)
924 goto failed;
926 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
928 failed:
929 hci_dev_unlock(hdev);
930 hci_dev_put(hdev);
932 return err;
935 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
937 struct list_head *p, *n;
938 struct mgmt_cp_remove_uuid *cp;
939 struct hci_dev *hdev;
940 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
941 int err, found;
943 cp = (void *) data;
945 BT_DBG("request for hci%u", index);
947 if (len != sizeof(*cp))
948 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
949 MGMT_STATUS_INVALID_PARAMS);
951 hdev = hci_dev_get(index);
952 if (!hdev)
953 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
954 MGMT_STATUS_INVALID_PARAMS);
956 hci_dev_lock(hdev);
958 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
959 err = hci_uuids_clear(hdev);
960 goto unlock;
963 found = 0;
965 list_for_each_safe(p, n, &hdev->uuids) {
966 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
968 if (memcmp(match->uuid, cp->uuid, 16) != 0)
969 continue;
971 list_del(&match->list);
972 found++;
975 if (found == 0) {
976 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
977 MGMT_STATUS_INVALID_PARAMS);
978 goto unlock;
981 err = update_class(hdev);
982 if (err < 0)
983 goto unlock;
985 err = update_eir(hdev);
986 if (err < 0)
987 goto unlock;
989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
991 unlock:
992 hci_dev_unlock(hdev);
993 hci_dev_put(hdev);
995 return err;
998 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
999 u16 len)
1001 struct hci_dev *hdev;
1002 struct mgmt_cp_set_dev_class *cp;
1003 int err;
1005 cp = (void *) data;
1007 BT_DBG("request for hci%u", index);
1009 if (len != sizeof(*cp))
1010 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1011 MGMT_STATUS_INVALID_PARAMS);
1013 hdev = hci_dev_get(index);
1014 if (!hdev)
1015 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1016 MGMT_STATUS_INVALID_PARAMS);
1018 hci_dev_lock(hdev);
1020 hdev->major_class = cp->major;
1021 hdev->minor_class = cp->minor;
1023 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) {
1024 hci_dev_unlock(hdev);
1025 cancel_delayed_work_sync(&hdev->service_cache);
1026 hci_dev_lock(hdev);
1027 update_eir(hdev);
1030 err = update_class(hdev);
1032 if (err == 0)
1033 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1035 hci_dev_unlock(hdev);
1036 hci_dev_put(hdev);
1038 return err;
1041 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1042 u16 len)
1044 struct hci_dev *hdev;
1045 struct mgmt_cp_load_link_keys *cp;
1046 u16 key_count, expected_len;
1047 int i;
1049 cp = (void *) data;
1051 if (len < sizeof(*cp))
1052 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1053 MGMT_STATUS_INVALID_PARAMS);
1055 key_count = get_unaligned_le16(&cp->key_count);
1057 expected_len = sizeof(*cp) + key_count *
1058 sizeof(struct mgmt_link_key_info);
1059 if (expected_len != len) {
1060 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1061 len, expected_len);
1062 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1063 MGMT_STATUS_INVALID_PARAMS);
1066 hdev = hci_dev_get(index);
1067 if (!hdev)
1068 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1069 MGMT_STATUS_INVALID_PARAMS);
1071 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1072 key_count);
1074 hci_dev_lock(hdev);
1076 hci_link_keys_clear(hdev);
1078 set_bit(HCI_LINK_KEYS, &hdev->flags);
1080 if (cp->debug_keys)
1081 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
1082 else
1083 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
1085 for (i = 0; i < key_count; i++) {
1086 struct mgmt_link_key_info *key = &cp->keys[i];
1088 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1089 key->pin_len);
1092 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1094 hci_dev_unlock(hdev);
1095 hci_dev_put(hdev);
1097 return 0;
1100 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1101 u16 len)
1103 struct hci_dev *hdev;
1104 struct mgmt_cp_remove_keys *cp;
1105 struct mgmt_rp_remove_keys rp;
1106 struct hci_cp_disconnect dc;
1107 struct pending_cmd *cmd;
1108 struct hci_conn *conn;
1109 int err;
1111 cp = (void *) data;
1113 if (len != sizeof(*cp))
1114 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1115 MGMT_STATUS_INVALID_PARAMS);
1117 hdev = hci_dev_get(index);
1118 if (!hdev)
1119 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1120 MGMT_STATUS_INVALID_PARAMS);
1122 hci_dev_lock(hdev);
1124 memset(&rp, 0, sizeof(rp));
1125 bacpy(&rp.bdaddr, &cp->bdaddr);
1126 rp.status = MGMT_STATUS_FAILED;
1128 err = hci_remove_link_key(hdev, &cp->bdaddr);
1129 if (err < 0) {
1130 rp.status = MGMT_STATUS_NOT_PAIRED;
1131 goto unlock;
1134 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1135 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1136 sizeof(rp));
1137 goto unlock;
1140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1141 if (!conn) {
1142 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1143 sizeof(rp));
1144 goto unlock;
1147 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1148 if (!cmd) {
1149 err = -ENOMEM;
1150 goto unlock;
1153 put_unaligned_le16(conn->handle, &dc.handle);
1154 dc.reason = 0x13; /* Remote User Terminated Connection */
1155 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1156 if (err < 0)
1157 mgmt_pending_remove(cmd);
1159 unlock:
1160 if (err < 0)
1161 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1162 sizeof(rp));
1163 hci_dev_unlock(hdev);
1164 hci_dev_put(hdev);
1166 return err;
1169 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1171 struct hci_dev *hdev;
1172 struct mgmt_cp_disconnect *cp;
1173 struct hci_cp_disconnect dc;
1174 struct pending_cmd *cmd;
1175 struct hci_conn *conn;
1176 int err;
1178 BT_DBG("");
1180 cp = (void *) data;
1182 if (len != sizeof(*cp))
1183 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1184 MGMT_STATUS_INVALID_PARAMS);
1186 hdev = hci_dev_get(index);
1187 if (!hdev)
1188 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1189 MGMT_STATUS_INVALID_PARAMS);
1191 hci_dev_lock(hdev);
1193 if (!test_bit(HCI_UP, &hdev->flags)) {
1194 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1195 MGMT_STATUS_NOT_POWERED);
1196 goto failed;
1199 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1200 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1201 MGMT_STATUS_BUSY);
1202 goto failed;
1205 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1206 if (!conn)
1207 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1209 if (!conn) {
1210 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1211 MGMT_STATUS_NOT_CONNECTED);
1212 goto failed;
1215 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1216 if (!cmd) {
1217 err = -ENOMEM;
1218 goto failed;
1221 put_unaligned_le16(conn->handle, &dc.handle);
1222 dc.reason = 0x13; /* Remote User Terminated Connection */
1224 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1225 if (err < 0)
1226 mgmt_pending_remove(cmd);
1228 failed:
1229 hci_dev_unlock(hdev);
1230 hci_dev_put(hdev);
1232 return err;
1235 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1237 switch (link_type) {
1238 case LE_LINK:
1239 switch (addr_type) {
1240 case ADDR_LE_DEV_PUBLIC:
1241 return MGMT_ADDR_LE_PUBLIC;
1242 case ADDR_LE_DEV_RANDOM:
1243 return MGMT_ADDR_LE_RANDOM;
1244 default:
1245 return MGMT_ADDR_INVALID;
1247 case ACL_LINK:
1248 return MGMT_ADDR_BREDR;
1249 default:
1250 return MGMT_ADDR_INVALID;
1254 static int get_connections(struct sock *sk, u16 index)
1256 struct mgmt_rp_get_connections *rp;
1257 struct hci_dev *hdev;
1258 struct hci_conn *c;
1259 struct list_head *p;
1260 size_t rp_len;
1261 u16 count;
1262 int i, err;
1264 BT_DBG("");
1266 hdev = hci_dev_get(index);
1267 if (!hdev)
1268 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1269 MGMT_STATUS_INVALID_PARAMS);
1271 hci_dev_lock(hdev);
1273 count = 0;
1274 list_for_each(p, &hdev->conn_hash.list) {
1275 count++;
1278 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1279 rp = kmalloc(rp_len, GFP_ATOMIC);
1280 if (!rp) {
1281 err = -ENOMEM;
1282 goto unlock;
1285 put_unaligned_le16(count, &rp->conn_count);
1287 i = 0;
1288 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1289 bacpy(&rp->addr[i].bdaddr, &c->dst);
1290 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1291 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1292 continue;
1293 i++;
1296 /* Recalculate length in case of filtered SCO connections, etc */
1297 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1299 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1301 unlock:
1302 kfree(rp);
1303 hci_dev_unlock(hdev);
1304 hci_dev_put(hdev);
1305 return err;
1308 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1309 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1311 struct pending_cmd *cmd;
1312 int err;
1314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1315 sizeof(*cp));
1316 if (!cmd)
1317 return -ENOMEM;
1319 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1320 &cp->bdaddr);
1321 if (err < 0)
1322 mgmt_pending_remove(cmd);
1324 return err;
1327 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1328 u16 len)
1330 struct hci_dev *hdev;
1331 struct hci_conn *conn;
1332 struct mgmt_cp_pin_code_reply *cp;
1333 struct mgmt_cp_pin_code_neg_reply ncp;
1334 struct hci_cp_pin_code_reply reply;
1335 struct pending_cmd *cmd;
1336 int err;
1338 BT_DBG("");
1340 cp = (void *) data;
1342 if (len != sizeof(*cp))
1343 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1344 MGMT_STATUS_INVALID_PARAMS);
1346 hdev = hci_dev_get(index);
1347 if (!hdev)
1348 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1349 MGMT_STATUS_INVALID_PARAMS);
1351 hci_dev_lock(hdev);
1353 if (!test_bit(HCI_UP, &hdev->flags)) {
1354 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1355 MGMT_STATUS_NOT_POWERED);
1356 goto failed;
1359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1360 if (!conn) {
1361 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1362 MGMT_STATUS_NOT_CONNECTED);
1363 goto failed;
1366 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1367 bacpy(&ncp.bdaddr, &cp->bdaddr);
1369 BT_ERR("PIN code is not 16 bytes long");
1371 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1372 if (err >= 0)
1373 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1374 MGMT_STATUS_INVALID_PARAMS);
1376 goto failed;
1379 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1380 if (!cmd) {
1381 err = -ENOMEM;
1382 goto failed;
1385 bacpy(&reply.bdaddr, &cp->bdaddr);
1386 reply.pin_len = cp->pin_len;
1387 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1389 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1390 if (err < 0)
1391 mgmt_pending_remove(cmd);
1393 failed:
1394 hci_dev_unlock(hdev);
1395 hci_dev_put(hdev);
1397 return err;
1400 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1401 u16 len)
1403 struct hci_dev *hdev;
1404 struct mgmt_cp_pin_code_neg_reply *cp;
1405 int err;
1407 BT_DBG("");
1409 cp = (void *) data;
1411 if (len != sizeof(*cp))
1412 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1413 MGMT_STATUS_INVALID_PARAMS);
1415 hdev = hci_dev_get(index);
1416 if (!hdev)
1417 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1418 MGMT_STATUS_INVALID_PARAMS);
1420 hci_dev_lock(hdev);
1422 if (!test_bit(HCI_UP, &hdev->flags)) {
1423 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1424 MGMT_STATUS_NOT_POWERED);
1425 goto failed;
1428 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1430 failed:
1431 hci_dev_unlock(hdev);
1432 hci_dev_put(hdev);
1434 return err;
1437 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1438 u16 len)
1440 struct hci_dev *hdev;
1441 struct mgmt_cp_set_io_capability *cp;
1443 BT_DBG("");
1445 cp = (void *) data;
1447 if (len != sizeof(*cp))
1448 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1449 MGMT_STATUS_INVALID_PARAMS);
1451 hdev = hci_dev_get(index);
1452 if (!hdev)
1453 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1454 MGMT_STATUS_INVALID_PARAMS);
1456 hci_dev_lock(hdev);
1458 hdev->io_capability = cp->io_capability;
1460 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1461 hdev->io_capability);
1463 hci_dev_unlock(hdev);
1464 hci_dev_put(hdev);
1466 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1469 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1471 struct hci_dev *hdev = conn->hdev;
1472 struct pending_cmd *cmd;
1474 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1475 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1476 continue;
1478 if (cmd->user_data != conn)
1479 continue;
1481 return cmd;
1484 return NULL;
1487 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1489 struct mgmt_rp_pair_device rp;
1490 struct hci_conn *conn = cmd->user_data;
1492 bacpy(&rp.addr.bdaddr, &conn->dst);
1493 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1494 rp.status = status;
1496 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1498 /* So we don't get further callbacks for this connection */
1499 conn->connect_cfm_cb = NULL;
1500 conn->security_cfm_cb = NULL;
1501 conn->disconn_cfm_cb = NULL;
1503 hci_conn_put(conn);
1505 mgmt_pending_remove(cmd);
1508 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1510 struct pending_cmd *cmd;
1512 BT_DBG("status %u", status);
1514 cmd = find_pairing(conn);
1515 if (!cmd)
1516 BT_DBG("Unable to find a pending command");
1517 else
1518 pairing_complete(cmd, status);
1521 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1523 struct hci_dev *hdev;
1524 struct mgmt_cp_pair_device *cp;
1525 struct mgmt_rp_pair_device rp;
1526 struct pending_cmd *cmd;
1527 u8 sec_level, auth_type;
1528 struct hci_conn *conn;
1529 int err;
1531 BT_DBG("");
1533 cp = (void *) data;
1535 if (len != sizeof(*cp))
1536 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1537 MGMT_STATUS_INVALID_PARAMS);
1539 hdev = hci_dev_get(index);
1540 if (!hdev)
1541 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1542 MGMT_STATUS_INVALID_PARAMS);
1544 hci_dev_lock(hdev);
1546 sec_level = BT_SECURITY_MEDIUM;
1547 if (cp->io_cap == 0x03)
1548 auth_type = HCI_AT_DEDICATED_BONDING;
1549 else
1550 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1552 if (cp->addr.type == MGMT_ADDR_BREDR)
1553 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1554 auth_type);
1555 else
1556 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1557 auth_type);
1559 memset(&rp, 0, sizeof(rp));
1560 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1561 rp.addr.type = cp->addr.type;
1563 if (IS_ERR(conn)) {
1564 rp.status = -PTR_ERR(conn);
1565 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1566 &rp, sizeof(rp));
1567 goto unlock;
1570 if (conn->connect_cfm_cb) {
1571 hci_conn_put(conn);
1572 rp.status = EBUSY;
1573 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1574 &rp, sizeof(rp));
1575 goto unlock;
1578 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1579 if (!cmd) {
1580 err = -ENOMEM;
1581 hci_conn_put(conn);
1582 goto unlock;
1585 /* For LE, just connecting isn't a proof that the pairing finished */
1586 if (cp->addr.type == MGMT_ADDR_BREDR)
1587 conn->connect_cfm_cb = pairing_complete_cb;
1589 conn->security_cfm_cb = pairing_complete_cb;
1590 conn->disconn_cfm_cb = pairing_complete_cb;
1591 conn->io_capability = cp->io_cap;
1592 cmd->user_data = conn;
1594 if (conn->state == BT_CONNECTED &&
1595 hci_conn_security(conn, sec_level, auth_type))
1596 pairing_complete(cmd, 0);
1598 err = 0;
1600 unlock:
1601 hci_dev_unlock(hdev);
1602 hci_dev_put(hdev);
1604 return err;
1607 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1608 u16 mgmt_op, u16 hci_op, __le32 passkey)
1610 struct pending_cmd *cmd;
1611 struct hci_dev *hdev;
1612 struct hci_conn *conn;
1613 int err;
1615 hdev = hci_dev_get(index);
1616 if (!hdev)
1617 return cmd_status(sk, index, mgmt_op,
1618 MGMT_STATUS_INVALID_PARAMS);
1620 hci_dev_lock(hdev);
1622 if (!test_bit(HCI_UP, &hdev->flags)) {
1623 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1624 goto done;
1628 * Check for an existing ACL link, if present pair via
1629 * HCI commands.
1631 * If no ACL link is present, check for an LE link and if
1632 * present, pair via the SMP engine.
1634 * If neither ACL nor LE links are present, fail with error.
1636 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1637 if (!conn) {
1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1639 if (!conn) {
1640 err = cmd_status(sk, index, mgmt_op,
1641 MGMT_STATUS_NOT_CONNECTED);
1642 goto done;
1645 /* Continue with pairing via SMP */
1646 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1648 if (!err)
1649 err = cmd_status(sk, index, mgmt_op,
1650 MGMT_STATUS_SUCCESS);
1651 else
1652 err = cmd_status(sk, index, mgmt_op,
1653 MGMT_STATUS_FAILED);
1655 goto done;
1658 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1659 if (!cmd) {
1660 err = -ENOMEM;
1661 goto done;
1664 /* Continue with pairing via HCI */
1665 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1666 struct hci_cp_user_passkey_reply cp;
1668 bacpy(&cp.bdaddr, bdaddr);
1669 cp.passkey = passkey;
1670 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1671 } else
1672 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1674 if (err < 0)
1675 mgmt_pending_remove(cmd);
1677 done:
1678 hci_dev_unlock(hdev);
1679 hci_dev_put(hdev);
1681 return err;
1684 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1686 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1688 BT_DBG("");
1690 if (len != sizeof(*cp))
1691 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1692 MGMT_STATUS_INVALID_PARAMS);
1694 return user_pairing_resp(sk, index, &cp->bdaddr,
1695 MGMT_OP_USER_CONFIRM_REPLY,
1696 HCI_OP_USER_CONFIRM_REPLY, 0);
1699 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1700 u16 len)
1702 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1704 BT_DBG("");
1706 if (len != sizeof(*cp))
1707 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1708 MGMT_STATUS_INVALID_PARAMS);
1710 return user_pairing_resp(sk, index, &cp->bdaddr,
1711 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1712 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1715 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1717 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1719 BT_DBG("");
1721 if (len != sizeof(*cp))
1722 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1723 EINVAL);
1725 return user_pairing_resp(sk, index, &cp->bdaddr,
1726 MGMT_OP_USER_PASSKEY_REPLY,
1727 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1730 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1731 u16 len)
1733 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1735 BT_DBG("");
1737 if (len != sizeof(*cp))
1738 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1739 EINVAL);
1741 return user_pairing_resp(sk, index, &cp->bdaddr,
1742 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1743 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1746 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1747 u16 len)
1749 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1750 struct hci_cp_write_local_name hci_cp;
1751 struct hci_dev *hdev;
1752 struct pending_cmd *cmd;
1753 int err;
1755 BT_DBG("");
1757 if (len != sizeof(*mgmt_cp))
1758 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1759 MGMT_STATUS_INVALID_PARAMS);
1761 hdev = hci_dev_get(index);
1762 if (!hdev)
1763 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1764 MGMT_STATUS_INVALID_PARAMS);
1766 hci_dev_lock(hdev);
1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1769 if (!cmd) {
1770 err = -ENOMEM;
1771 goto failed;
1774 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1775 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1776 &hci_cp);
1777 if (err < 0)
1778 mgmt_pending_remove(cmd);
1780 failed:
1781 hci_dev_unlock(hdev);
1782 hci_dev_put(hdev);
1784 return err;
1787 static int read_local_oob_data(struct sock *sk, u16 index)
1789 struct hci_dev *hdev;
1790 struct pending_cmd *cmd;
1791 int err;
1793 BT_DBG("hci%u", index);
1795 hdev = hci_dev_get(index);
1796 if (!hdev)
1797 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1798 MGMT_STATUS_INVALID_PARAMS);
1800 hci_dev_lock(hdev);
1802 if (!test_bit(HCI_UP, &hdev->flags)) {
1803 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1804 MGMT_STATUS_NOT_POWERED);
1805 goto unlock;
1808 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1809 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1810 MGMT_STATUS_NOT_SUPPORTED);
1811 goto unlock;
1814 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1815 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1816 MGMT_STATUS_BUSY);
1817 goto unlock;
1820 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1821 if (!cmd) {
1822 err = -ENOMEM;
1823 goto unlock;
1826 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1827 if (err < 0)
1828 mgmt_pending_remove(cmd);
1830 unlock:
1831 hci_dev_unlock(hdev);
1832 hci_dev_put(hdev);
1834 return err;
1837 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1838 u16 len)
1840 struct hci_dev *hdev;
1841 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1842 int err;
1844 BT_DBG("hci%u ", index);
1846 if (len != sizeof(*cp))
1847 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1848 MGMT_STATUS_INVALID_PARAMS);
1850 hdev = hci_dev_get(index);
1851 if (!hdev)
1852 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1853 MGMT_STATUS_INVALID_PARAMS);
1855 hci_dev_lock(hdev);
1857 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1858 cp->randomizer);
1859 if (err < 0)
1860 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1861 MGMT_STATUS_FAILED);
1862 else
1863 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1866 hci_dev_unlock(hdev);
1867 hci_dev_put(hdev);
1869 return err;
1872 static int remove_remote_oob_data(struct sock *sk, u16 index,
1873 unsigned char *data, u16 len)
1875 struct hci_dev *hdev;
1876 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1877 int err;
1879 BT_DBG("hci%u ", index);
1881 if (len != sizeof(*cp))
1882 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1883 MGMT_STATUS_INVALID_PARAMS);
1885 hdev = hci_dev_get(index);
1886 if (!hdev)
1887 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1888 MGMT_STATUS_INVALID_PARAMS);
1890 hci_dev_lock(hdev);
1892 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1893 if (err < 0)
1894 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1895 MGMT_STATUS_INVALID_PARAMS);
1896 else
1897 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1898 NULL, 0);
1900 hci_dev_unlock(hdev);
1901 hci_dev_put(hdev);
1903 return err;
1906 static int start_discovery(struct sock *sk, u16 index,
1907 unsigned char *data, u16 len)
1909 struct mgmt_cp_start_discovery *cp = (void *) data;
1910 struct pending_cmd *cmd;
1911 struct hci_dev *hdev;
1912 int err;
1914 BT_DBG("hci%u", index);
1916 if (len != sizeof(*cp))
1917 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1918 MGMT_STATUS_INVALID_PARAMS);
1920 hdev = hci_dev_get(index);
1921 if (!hdev)
1922 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1923 MGMT_STATUS_INVALID_PARAMS);
1925 hci_dev_lock(hdev);
1927 if (!test_bit(HCI_UP, &hdev->flags)) {
1928 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1929 MGMT_STATUS_NOT_POWERED);
1930 goto failed;
1933 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1934 if (!cmd) {
1935 err = -ENOMEM;
1936 goto failed;
1939 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1940 if (err < 0)
1941 mgmt_pending_remove(cmd);
1943 failed:
1944 hci_dev_unlock(hdev);
1945 hci_dev_put(hdev);
1947 return err;
1950 static int stop_discovery(struct sock *sk, u16 index)
1952 struct hci_dev *hdev;
1953 struct pending_cmd *cmd;
1954 int err;
1956 BT_DBG("hci%u", index);
1958 hdev = hci_dev_get(index);
1959 if (!hdev)
1960 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1961 MGMT_STATUS_INVALID_PARAMS);
1963 hci_dev_lock(hdev);
1965 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1966 if (!cmd) {
1967 err = -ENOMEM;
1968 goto failed;
1971 err = hci_cancel_inquiry(hdev);
1972 if (err < 0)
1973 mgmt_pending_remove(cmd);
1975 failed:
1976 hci_dev_unlock(hdev);
1977 hci_dev_put(hdev);
1979 return err;
1982 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1983 u16 len)
1985 struct hci_dev *hdev;
1986 struct mgmt_cp_block_device *cp = (void *) data;
1987 int err;
1989 BT_DBG("hci%u", index);
1991 if (len != sizeof(*cp))
1992 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1993 MGMT_STATUS_INVALID_PARAMS);
1995 hdev = hci_dev_get(index);
1996 if (!hdev)
1997 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1998 MGMT_STATUS_INVALID_PARAMS);
2000 hci_dev_lock(hdev);
2002 err = hci_blacklist_add(hdev, &cp->bdaddr);
2003 if (err < 0)
2004 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2005 MGMT_STATUS_FAILED);
2006 else
2007 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2008 NULL, 0);
2010 hci_dev_unlock(hdev);
2011 hci_dev_put(hdev);
2013 return err;
2016 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2017 u16 len)
2019 struct hci_dev *hdev;
2020 struct mgmt_cp_unblock_device *cp = (void *) data;
2021 int err;
2023 BT_DBG("hci%u", index);
2025 if (len != sizeof(*cp))
2026 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2027 MGMT_STATUS_INVALID_PARAMS);
2029 hdev = hci_dev_get(index);
2030 if (!hdev)
2031 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2032 MGMT_STATUS_INVALID_PARAMS);
2034 hci_dev_lock(hdev);
2036 err = hci_blacklist_del(hdev, &cp->bdaddr);
2038 if (err < 0)
2039 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2040 MGMT_STATUS_INVALID_PARAMS);
2041 else
2042 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2043 NULL, 0);
2045 hci_dev_unlock(hdev);
2046 hci_dev_put(hdev);
2048 return err;
2051 static int set_fast_connectable(struct sock *sk, u16 index,
2052 unsigned char *data, u16 len)
2054 struct hci_dev *hdev;
2055 struct mgmt_mode *cp = (void *) data;
2056 struct hci_cp_write_page_scan_activity acp;
2057 u8 type;
2058 int err;
2060 BT_DBG("hci%u", index);
2062 if (len != sizeof(*cp))
2063 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2064 MGMT_STATUS_INVALID_PARAMS);
2066 hdev = hci_dev_get(index);
2067 if (!hdev)
2068 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2069 MGMT_STATUS_INVALID_PARAMS);
2071 hci_dev_lock(hdev);
2073 if (cp->val) {
2074 type = PAGE_SCAN_TYPE_INTERLACED;
2075 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2076 } else {
2077 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2078 acp.interval = 0x0800; /* default 1.28 sec page scan */
2081 acp.window = 0x0012; /* default 11.25 msec page scan window */
2083 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2084 sizeof(acp), &acp);
2085 if (err < 0) {
2086 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2087 MGMT_STATUS_FAILED);
2088 goto done;
2091 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2092 if (err < 0) {
2093 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2094 MGMT_STATUS_FAILED);
2095 goto done;
2098 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2099 NULL, 0);
2100 done:
2101 hci_dev_unlock(hdev);
2102 hci_dev_put(hdev);
2104 return err;
2107 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2109 unsigned char *buf;
2110 struct mgmt_hdr *hdr;
2111 u16 opcode, index, len;
2112 int err;
2114 BT_DBG("got %zu bytes", msglen);
2116 if (msglen < sizeof(*hdr))
2117 return -EINVAL;
2119 buf = kmalloc(msglen, GFP_KERNEL);
2120 if (!buf)
2121 return -ENOMEM;
2123 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2124 err = -EFAULT;
2125 goto done;
2128 hdr = (struct mgmt_hdr *) buf;
2129 opcode = get_unaligned_le16(&hdr->opcode);
2130 index = get_unaligned_le16(&hdr->index);
2131 len = get_unaligned_le16(&hdr->len);
2133 if (len != msglen - sizeof(*hdr)) {
2134 err = -EINVAL;
2135 goto done;
2138 switch (opcode) {
2139 case MGMT_OP_READ_VERSION:
2140 err = read_version(sk);
2141 break;
2142 case MGMT_OP_READ_INDEX_LIST:
2143 err = read_index_list(sk);
2144 break;
2145 case MGMT_OP_READ_INFO:
2146 err = read_controller_info(sk, index);
2147 break;
2148 case MGMT_OP_SET_POWERED:
2149 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2150 break;
2151 case MGMT_OP_SET_DISCOVERABLE:
2152 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2153 break;
2154 case MGMT_OP_SET_CONNECTABLE:
2155 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2156 break;
2157 case MGMT_OP_SET_FAST_CONNECTABLE:
2158 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2159 len);
2160 break;
2161 case MGMT_OP_SET_PAIRABLE:
2162 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2163 break;
2164 case MGMT_OP_ADD_UUID:
2165 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2166 break;
2167 case MGMT_OP_REMOVE_UUID:
2168 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2169 break;
2170 case MGMT_OP_SET_DEV_CLASS:
2171 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2172 break;
2173 case MGMT_OP_LOAD_LINK_KEYS:
2174 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2175 break;
2176 case MGMT_OP_REMOVE_KEYS:
2177 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2178 break;
2179 case MGMT_OP_DISCONNECT:
2180 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2181 break;
2182 case MGMT_OP_GET_CONNECTIONS:
2183 err = get_connections(sk, index);
2184 break;
2185 case MGMT_OP_PIN_CODE_REPLY:
2186 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2187 break;
2188 case MGMT_OP_PIN_CODE_NEG_REPLY:
2189 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2190 break;
2191 case MGMT_OP_SET_IO_CAPABILITY:
2192 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2193 break;
2194 case MGMT_OP_PAIR_DEVICE:
2195 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2196 break;
2197 case MGMT_OP_USER_CONFIRM_REPLY:
2198 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2199 break;
2200 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2201 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2202 len);
2203 break;
2204 case MGMT_OP_USER_PASSKEY_REPLY:
2205 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2206 break;
2207 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2208 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2209 len);
2210 break;
2211 case MGMT_OP_SET_LOCAL_NAME:
2212 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2213 break;
2214 case MGMT_OP_READ_LOCAL_OOB_DATA:
2215 err = read_local_oob_data(sk, index);
2216 break;
2217 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2218 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2219 break;
2220 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2221 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2222 len);
2223 break;
2224 case MGMT_OP_START_DISCOVERY:
2225 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2226 break;
2227 case MGMT_OP_STOP_DISCOVERY:
2228 err = stop_discovery(sk, index);
2229 break;
2230 case MGMT_OP_BLOCK_DEVICE:
2231 err = block_device(sk, index, buf + sizeof(*hdr), len);
2232 break;
2233 case MGMT_OP_UNBLOCK_DEVICE:
2234 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2235 break;
2236 default:
2237 BT_DBG("Unknown op %u", opcode);
2238 err = cmd_status(sk, index, opcode,
2239 MGMT_STATUS_UNKNOWN_COMMAND);
2240 break;
2243 if (err < 0)
2244 goto done;
2246 err = msglen;
2248 done:
2249 kfree(buf);
2250 return err;
2253 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2255 u8 *status = data;
2257 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2258 mgmt_pending_remove(cmd);
2261 int mgmt_index_added(struct hci_dev *hdev)
2263 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2266 int mgmt_index_removed(struct hci_dev *hdev)
2268 u8 status = ENODEV;
2270 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2272 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2275 struct cmd_lookup {
2276 u8 val;
2277 struct sock *sk;
2278 struct hci_dev *hdev;
2281 static void settings_rsp(struct pending_cmd *cmd, void *data)
2283 struct cmd_lookup *match = data;
2285 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2287 list_del(&cmd->list);
2289 if (match->sk == NULL) {
2290 match->sk = cmd->sk;
2291 sock_hold(match->sk);
2294 mgmt_pending_free(cmd);
2297 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2299 struct cmd_lookup match = { powered, NULL, hdev };
2300 __le32 ev;
2301 int ret;
2303 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2305 if (!powered) {
2306 u8 status = ENETDOWN;
2307 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2310 ev = cpu_to_le32(get_current_settings(hdev));
2312 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2313 match.sk);
2315 if (match.sk)
2316 sock_put(match.sk);
2318 return ret;
2321 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2323 struct cmd_lookup match = { discoverable, NULL, hdev };
2324 __le32 ev;
2325 int ret;
2327 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2329 ev = cpu_to_le32(get_current_settings(hdev));
2331 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2332 match.sk);
2333 if (match.sk)
2334 sock_put(match.sk);
2336 return ret;
2339 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2341 __le32 ev;
2342 struct cmd_lookup match = { connectable, NULL, hdev };
2343 int ret;
2345 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2346 &match);
2348 ev = cpu_to_le32(get_current_settings(hdev));
2350 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2352 if (match.sk)
2353 sock_put(match.sk);
2355 return ret;
2358 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2360 u8 mgmt_err = mgmt_status(status);
2362 if (scan & SCAN_PAGE)
2363 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2364 cmd_status_rsp, &mgmt_err);
2366 if (scan & SCAN_INQUIRY)
2367 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2368 cmd_status_rsp, &mgmt_err);
2370 return 0;
2373 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2374 u8 persistent)
2376 struct mgmt_ev_new_link_key ev;
2378 memset(&ev, 0, sizeof(ev));
2380 ev.store_hint = persistent;
2381 bacpy(&ev.key.bdaddr, &key->bdaddr);
2382 ev.key.type = key->type;
2383 memcpy(ev.key.val, key->val, 16);
2384 ev.key.pin_len = key->pin_len;
2386 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2389 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2390 u8 addr_type)
2392 struct mgmt_addr_info ev;
2394 bacpy(&ev.bdaddr, bdaddr);
2395 ev.type = link_to_mgmt(link_type, addr_type);
2397 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2400 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2402 struct mgmt_cp_disconnect *cp = cmd->param;
2403 struct sock **sk = data;
2404 struct mgmt_rp_disconnect rp;
2406 bacpy(&rp.bdaddr, &cp->bdaddr);
2407 rp.status = 0;
2409 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2411 *sk = cmd->sk;
2412 sock_hold(*sk);
2414 mgmt_pending_remove(cmd);
2417 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2419 u8 *status = data;
2420 struct mgmt_cp_remove_keys *cp = cmd->param;
2421 struct mgmt_rp_remove_keys rp;
2423 memset(&rp, 0, sizeof(rp));
2424 bacpy(&rp.bdaddr, &cp->bdaddr);
2425 if (status != NULL)
2426 rp.status = *status;
2428 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2429 sizeof(rp));
2431 mgmt_pending_remove(cmd);
2434 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2435 u8 addr_type)
2437 struct mgmt_addr_info ev;
2438 struct sock *sk = NULL;
2439 int err;
2441 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2443 bacpy(&ev.bdaddr, bdaddr);
2444 ev.type = link_to_mgmt(link_type, addr_type);
2446 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2448 if (sk)
2449 sock_put(sk);
2451 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2453 return err;
2456 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2458 struct pending_cmd *cmd;
2459 u8 mgmt_err = mgmt_status(status);
2460 int err;
2462 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2463 if (!cmd)
2464 return -ENOENT;
2466 if (bdaddr) {
2467 struct mgmt_rp_disconnect rp;
2469 bacpy(&rp.bdaddr, bdaddr);
2470 rp.status = status;
2472 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2473 &rp, sizeof(rp));
2474 } else
2475 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2476 mgmt_err);
2478 mgmt_pending_remove(cmd);
2480 return err;
2483 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2484 u8 addr_type, u8 status)
2486 struct mgmt_ev_connect_failed ev;
2488 bacpy(&ev.addr.bdaddr, bdaddr);
2489 ev.addr.type = link_to_mgmt(link_type, addr_type);
2490 ev.status = mgmt_status(status);
2492 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2495 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2497 struct mgmt_ev_pin_code_request ev;
2499 bacpy(&ev.bdaddr, bdaddr);
2500 ev.secure = secure;
2502 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2503 NULL);
2506 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2507 u8 status)
2509 struct pending_cmd *cmd;
2510 struct mgmt_rp_pin_code_reply rp;
2511 int err;
2513 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2514 if (!cmd)
2515 return -ENOENT;
2517 bacpy(&rp.bdaddr, bdaddr);
2518 rp.status = mgmt_status(status);
2520 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2521 sizeof(rp));
2523 mgmt_pending_remove(cmd);
2525 return err;
2528 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2529 u8 status)
2531 struct pending_cmd *cmd;
2532 struct mgmt_rp_pin_code_reply rp;
2533 int err;
2535 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2536 if (!cmd)
2537 return -ENOENT;
2539 bacpy(&rp.bdaddr, bdaddr);
2540 rp.status = mgmt_status(status);
2542 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2543 sizeof(rp));
2545 mgmt_pending_remove(cmd);
2547 return err;
2550 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2551 __le32 value, u8 confirm_hint)
2553 struct mgmt_ev_user_confirm_request ev;
2555 BT_DBG("%s", hdev->name);
2557 bacpy(&ev.bdaddr, bdaddr);
2558 ev.confirm_hint = confirm_hint;
2559 put_unaligned_le32(value, &ev.value);
2561 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2562 NULL);
2565 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2567 struct mgmt_ev_user_passkey_request ev;
2569 BT_DBG("%s", hdev->name);
2571 bacpy(&ev.bdaddr, bdaddr);
2573 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2574 NULL);
2577 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2578 u8 status, u8 opcode)
2580 struct pending_cmd *cmd;
2581 struct mgmt_rp_user_confirm_reply rp;
2582 int err;
2584 cmd = mgmt_pending_find(opcode, hdev);
2585 if (!cmd)
2586 return -ENOENT;
2588 bacpy(&rp.bdaddr, bdaddr);
2589 rp.status = mgmt_status(status);
2590 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2592 mgmt_pending_remove(cmd);
2594 return err;
2597 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2598 u8 status)
2600 return user_pairing_resp_complete(hdev, bdaddr, status,
2601 MGMT_OP_USER_CONFIRM_REPLY);
2604 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2605 bdaddr_t *bdaddr, u8 status)
2607 return user_pairing_resp_complete(hdev, bdaddr, status,
2608 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2611 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2612 u8 status)
2614 return user_pairing_resp_complete(hdev, bdaddr, status,
2615 MGMT_OP_USER_PASSKEY_REPLY);
2618 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2619 bdaddr_t *bdaddr, u8 status)
2621 return user_pairing_resp_complete(hdev, bdaddr, status,
2622 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2625 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2627 struct mgmt_ev_auth_failed ev;
2629 bacpy(&ev.bdaddr, bdaddr);
2630 ev.status = mgmt_status(status);
2632 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2635 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2637 struct pending_cmd *cmd;
2638 struct mgmt_cp_set_local_name ev;
2639 int err;
2641 memset(&ev, 0, sizeof(ev));
2642 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2644 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2645 if (!cmd)
2646 goto send_event;
2648 if (status) {
2649 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2650 mgmt_status(status));
2651 goto failed;
2654 update_eir(hdev);
2656 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2657 sizeof(ev));
2658 if (err < 0)
2659 goto failed;
2661 send_event:
2662 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2663 cmd ? cmd->sk : NULL);
2665 failed:
2666 if (cmd)
2667 mgmt_pending_remove(cmd);
2668 return err;
2671 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2672 u8 *randomizer, u8 status)
2674 struct pending_cmd *cmd;
2675 int err;
2677 BT_DBG("%s status %u", hdev->name, status);
2679 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2680 if (!cmd)
2681 return -ENOENT;
2683 if (status) {
2684 err = cmd_status(cmd->sk, hdev->id,
2685 MGMT_OP_READ_LOCAL_OOB_DATA,
2686 mgmt_status(status));
2687 } else {
2688 struct mgmt_rp_read_local_oob_data rp;
2690 memcpy(rp.hash, hash, sizeof(rp.hash));
2691 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2693 err = cmd_complete(cmd->sk, hdev->id,
2694 MGMT_OP_READ_LOCAL_OOB_DATA,
2695 &rp, sizeof(rp));
2698 mgmt_pending_remove(cmd);
2700 return err;
2703 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2704 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2706 struct mgmt_ev_device_found ev;
2708 memset(&ev, 0, sizeof(ev));
2710 bacpy(&ev.addr.bdaddr, bdaddr);
2711 ev.addr.type = link_to_mgmt(link_type, addr_type);
2712 ev.rssi = rssi;
2714 if (eir)
2715 memcpy(ev.eir, eir, sizeof(ev.eir));
2717 if (dev_class)
2718 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2720 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2723 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2725 struct mgmt_ev_remote_name ev;
2727 memset(&ev, 0, sizeof(ev));
2729 bacpy(&ev.bdaddr, bdaddr);
2730 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2732 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2735 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2737 struct pending_cmd *cmd;
2738 int err;
2740 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2741 if (!cmd)
2742 return -ENOENT;
2744 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2745 mgmt_pending_remove(cmd);
2747 return err;
2750 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2752 struct pending_cmd *cmd;
2753 int err;
2755 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2756 if (!cmd)
2757 return -ENOENT;
2759 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2760 mgmt_pending_remove(cmd);
2762 return err;
2765 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2767 struct pending_cmd *cmd;
2769 if (discovering)
2770 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2771 else
2772 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2774 if (cmd != NULL) {
2775 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2776 mgmt_pending_remove(cmd);
2779 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2780 sizeof(discovering), NULL);
2783 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2785 struct pending_cmd *cmd;
2786 struct mgmt_ev_device_blocked ev;
2788 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2790 bacpy(&ev.bdaddr, bdaddr);
2792 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2793 cmd ? cmd->sk : NULL);
2796 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2798 struct pending_cmd *cmd;
2799 struct mgmt_ev_device_unblocked ev;
2801 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2803 bacpy(&ev.bdaddr, bdaddr);
2805 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2806 cmd ? cmd->sk : NULL);