search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Enable zcache by default
[zen-stable.git] / net / bluetooth / mgmt.c
blobbc8e59dda78e2bf72f81c3eeacea748d5cbd78ae
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
37
38 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
39
40 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
41
42 struct pending_cmd {
43 struct list_head list;
44 u16 opcode;
45 int index;
46 void *param;
47 struct sock *sk;
48 void *user_data;
49 };
50
51 /* HCI to MGMT error code conversion table */
52 static u8 mgmt_status_table[] = {
53 MGMT_STATUS_SUCCESS,
54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
56 MGMT_STATUS_FAILED, /* Hardware Failure */
57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
65 MGMT_STATUS_BUSY, /* Command Disallowed */
66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
67 MGMT_STATUS_REJECTED, /* Rejected Security */
68 MGMT_STATUS_REJECTED, /* Rejected Personal */
69 MGMT_STATUS_TIMEOUT, /* Host Timeout */
70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
76 MGMT_STATUS_BUSY, /* Repeated Attempts */
77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
84 MGMT_STATUS_FAILED, /* Unspecified Error */
85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
91 MGMT_STATUS_FAILED, /* Unit Link Key Used */
92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
93 MGMT_STATUS_TIMEOUT, /* Instant Passed */
94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
95 MGMT_STATUS_FAILED, /* Transaction Collision */
96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
97 MGMT_STATUS_REJECTED, /* QoS Rejected */
98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
99 MGMT_STATUS_REJECTED, /* Insufficient Security */
100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
101 MGMT_STATUS_BUSY, /* Role Switch Pending */
102 MGMT_STATUS_FAILED, /* Slot Violation */
103 MGMT_STATUS_FAILED, /* Role Switch Failed */
104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
106 MGMT_STATUS_BUSY, /* Host Busy Pairing */
107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
108 MGMT_STATUS_BUSY, /* Controller Busy */
109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
114 };
115
116 static u8 mgmt_status(u8 hci_status)
117 {
118 if (hci_status < ARRAY_SIZE(mgmt_status_table))
119 return mgmt_status_table[hci_status];
120
121 return MGMT_STATUS_FAILED;
122 }
123
124 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
125 {
126 struct sk_buff *skb;
127 struct mgmt_hdr *hdr;
128 struct mgmt_ev_cmd_status *ev;
129 int err;
130
131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
132
133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
134 if (!skb)
135 return -ENOMEM;
136
137 hdr = (void *) skb_put(skb, sizeof(*hdr));
138
139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
140 hdr->index = cpu_to_le16(index);
141 hdr->len = cpu_to_le16(sizeof(*ev));
142
143 ev = (void *) skb_put(skb, sizeof(*ev));
144 ev->status = status;
145 put_unaligned_le16(cmd, &ev->opcode);
146
147 err = sock_queue_rcv_skb(sk, skb);
148 if (err < 0)
149 kfree_skb(skb);
150
151 return err;
152 }
153
154 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
155 size_t rp_len)
156 {
157 struct sk_buff *skb;
158 struct mgmt_hdr *hdr;
159 struct mgmt_ev_cmd_complete *ev;
160 int err;
161
162 BT_DBG("sock %p", sk);
163
164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
165 if (!skb)
166 return -ENOMEM;
167
168 hdr = (void *) skb_put(skb, sizeof(*hdr));
169
170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
171 hdr->index = cpu_to_le16(index);
172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
173
174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175 put_unaligned_le16(cmd, &ev->opcode);
176
177 if (rp)
178 memcpy(ev->data, rp, rp_len);
179
180 err = sock_queue_rcv_skb(sk, skb);
181 if (err < 0)
182 kfree_skb(skb);
183
184 return err;;
185 }
186
187 static int read_version(struct sock *sk)
188 {
189 struct mgmt_rp_read_version rp;
190
191 BT_DBG("sock %p", sk);
192
193 rp.version = MGMT_VERSION;
194 put_unaligned_le16(MGMT_REVISION, &rp.revision);
195
196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
197 sizeof(rp));
198 }
199
200 static int read_index_list(struct sock *sk)
201 {
202 struct mgmt_rp_read_index_list *rp;
203 struct list_head *p;
204 struct hci_dev *d;
205 size_t rp_len;
206 u16 count;
207 int i, err;
208
209 BT_DBG("sock %p", sk);
210
211 read_lock(&hci_dev_list_lock);
212
213 count = 0;
214 list_for_each(p, &hci_dev_list) {
215 count++;
216 }
217
218 rp_len = sizeof(*rp) + (2 * count);
219 rp = kmalloc(rp_len, GFP_ATOMIC);
220 if (!rp) {
221 read_unlock(&hci_dev_list_lock);
222 return -ENOMEM;
223 }
224
225 put_unaligned_le16(count, &rp->num_controllers);
226
227 i = 0;
228 list_for_each_entry(d, &hci_dev_list, list) {
229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->flags))
230 cancel_delayed_work(&d->power_off);
231
232 if (test_bit(HCI_SETUP, &d->flags))
233 continue;
234
235 put_unaligned_le16(d->id, &rp->index[i++]);
236 BT_DBG("Added hci%u", d->id);
237 }
238
239 read_unlock(&hci_dev_list_lock);
240
241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
242 rp_len);
243
244 kfree(rp);
245
246 return err;
247 }
248
249 static u32 get_supported_settings(struct hci_dev *hdev)
250 {
251 u32 settings = 0;
252
253 settings |= MGMT_SETTING_POWERED;
254 settings |= MGMT_SETTING_CONNECTABLE;
255 settings |= MGMT_SETTING_FAST_CONNECTABLE;
256 settings |= MGMT_SETTING_DISCOVERABLE;
257 settings |= MGMT_SETTING_PAIRABLE;
258
259 if (hdev->features[6] & LMP_SIMPLE_PAIR)
260 settings |= MGMT_SETTING_SSP;
261
262 if (!(hdev->features[4] & LMP_NO_BREDR)) {
263 settings |= MGMT_SETTING_BREDR;
264 settings |= MGMT_SETTING_LINK_SECURITY;
265 }
266
267 if (hdev->features[4] & LMP_LE)
268 settings |= MGMT_SETTING_LE;
269
270 return settings;
271 }
272
273 static u32 get_current_settings(struct hci_dev *hdev)
274 {
275 u32 settings = 0;
276
277 if (test_bit(HCI_UP, &hdev->flags))
278 settings |= MGMT_SETTING_POWERED;
279 else
280 return settings;
281
282 if (test_bit(HCI_PSCAN, &hdev->flags))
283 settings |= MGMT_SETTING_CONNECTABLE;
284
285 if (test_bit(HCI_ISCAN, &hdev->flags))
286 settings |= MGMT_SETTING_DISCOVERABLE;
287
288 if (test_bit(HCI_PAIRABLE, &hdev->flags))
289 settings |= MGMT_SETTING_PAIRABLE;
290
291 if (!(hdev->features[4] & LMP_NO_BREDR))
292 settings |= MGMT_SETTING_BREDR;
293
294 if (hdev->host_features[0] & LMP_HOST_LE)
295 settings |= MGMT_SETTING_LE;
296
297 if (test_bit(HCI_AUTH, &hdev->flags))
298 settings |= MGMT_SETTING_LINK_SECURITY;
299
300 if (hdev->ssp_mode > 0)
301 settings |= MGMT_SETTING_SSP;
302
303 return settings;
304 }
305
306 #define EIR_FLAGS 0x01 /* flags */
307 #define EIR_UUID16_SOME 0x02 /* 16-bit UUID, more available */
308 #define EIR_UUID16_ALL 0x03 /* 16-bit UUID, all listed */
309 #define EIR_UUID32_SOME 0x04 /* 32-bit UUID, more available */
310 #define EIR_UUID32_ALL 0x05 /* 32-bit UUID, all listed */
311 #define EIR_UUID128_SOME 0x06 /* 128-bit UUID, more available */
312 #define EIR_UUID128_ALL 0x07 /* 128-bit UUID, all listed */
313 #define EIR_NAME_SHORT 0x08 /* shortened local name */
314 #define EIR_NAME_COMPLETE 0x09 /* complete local name */
315 #define EIR_TX_POWER 0x0A /* transmit power level */
316 #define EIR_DEVICE_ID 0x10 /* device ID */
317
318 #define PNP_INFO_SVCLASS_ID 0x1200
319
320 static u8 bluetooth_base_uuid[] = {
321 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
322 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
323 };
324
325 static u16 get_uuid16(u8 *uuid128)
326 {
327 u32 val;
328 int i;
329
330 for (i = 0; i < 12; i++) {
331 if (bluetooth_base_uuid[i] != uuid128[i])
332 return 0;
333 }
334
335 memcpy(&val, &uuid128[12], 4);
336
337 val = le32_to_cpu(val);
338 if (val > 0xffff)
339 return 0;
340
341 return (u16) val;
342 }
343
344 static void create_eir(struct hci_dev *hdev, u8 *data)
345 {
346 u8 *ptr = data;
347 u16 eir_len = 0;
348 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
349 int i, truncated = 0;
350 struct bt_uuid *uuid;
351 size_t name_len;
352
353 name_len = strlen(hdev->dev_name);
354
355 if (name_len > 0) {
356 /* EIR Data type */
357 if (name_len > 48) {
358 name_len = 48;
359 ptr[1] = EIR_NAME_SHORT;
360 } else
361 ptr[1] = EIR_NAME_COMPLETE;
362
363 /* EIR Data length */
364 ptr[0] = name_len + 1;
365
366 memcpy(ptr + 2, hdev->dev_name, name_len);
367
368 eir_len += (name_len + 2);
369 ptr += (name_len + 2);
370 }
371
372 memset(uuid16_list, 0, sizeof(uuid16_list));
373
374 /* Group all UUID16 types */
375 list_for_each_entry(uuid, &hdev->uuids, list) {
376 u16 uuid16;
377
378 uuid16 = get_uuid16(uuid->uuid);
379 if (uuid16 == 0)
380 return;
381
382 if (uuid16 < 0x1100)
383 continue;
384
385 if (uuid16 == PNP_INFO_SVCLASS_ID)
386 continue;
387
388 /* Stop if not enough space to put next UUID */
389 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
390 truncated = 1;
391 break;
392 }
393
394 /* Check for duplicates */
395 for (i = 0; uuid16_list[i] != 0; i++)
396 if (uuid16_list[i] == uuid16)
397 break;
398
399 if (uuid16_list[i] == 0) {
400 uuid16_list[i] = uuid16;
401 eir_len += sizeof(u16);
402 }
403 }
404
405 if (uuid16_list[0] != 0) {
406 u8 *length = ptr;
407
408 /* EIR Data type */
409 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
410
411 ptr += 2;
412 eir_len += 2;
413
414 for (i = 0; uuid16_list[i] != 0; i++) {
415 *ptr++ = (uuid16_list[i] & 0x00ff);
416 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
417 }
418
419 /* EIR Data length */
420 *length = (i * sizeof(u16)) + 1;
421 }
422 }
423
424 static int update_eir(struct hci_dev *hdev)
425 {
426 struct hci_cp_write_eir cp;
427
428 if (!(hdev->features[6] & LMP_EXT_INQ))
429 return 0;
430
431 if (hdev->ssp_mode == 0)
432 return 0;
433
434 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
435 return 0;
436
437 memset(&cp, 0, sizeof(cp));
438
439 create_eir(hdev, cp.data);
440
441 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
442 return 0;
443
444 memcpy(hdev->eir, cp.data, sizeof(cp.data));
445
446 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
447 }
448
449 static u8 get_service_classes(struct hci_dev *hdev)
450 {
451 struct bt_uuid *uuid;
452 u8 val = 0;
453
454 list_for_each_entry(uuid, &hdev->uuids, list)
455 val |= uuid->svc_hint;
456
457 return val;
458 }
459
460 static int update_class(struct hci_dev *hdev)
461 {
462 u8 cod[3];
463
464 BT_DBG("%s", hdev->name);
465
466 if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
467 return 0;
468
469 cod[0] = hdev->minor_class;
470 cod[1] = hdev->major_class;
471 cod[2] = get_service_classes(hdev);
472
473 if (memcmp(cod, hdev->dev_class, 3) == 0)
474 return 0;
475
476 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
477 }
478
479 static void service_cache_off(struct work_struct *work)
480 {
481 struct hci_dev *hdev = container_of(work, struct hci_dev,
482 service_cache.work);
483
484 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags))
485 return;
486
487 hci_dev_lock(hdev);
488
489 update_eir(hdev);
490 update_class(hdev);
491
492 hci_dev_unlock(hdev);
493 }
494
495 static void mgmt_init_hdev(struct hci_dev *hdev)
496 {
497 if (!test_and_set_bit(HCI_MGMT, &hdev->flags))
498 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
499
500 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->flags))
501 schedule_delayed_work(&hdev->service_cache,
502 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
503 }
504
505 static int read_controller_info(struct sock *sk, u16 index)
506 {
507 struct mgmt_rp_read_info rp;
508 struct hci_dev *hdev;
509
510 BT_DBG("sock %p hci%u", sk, index);
511
512 hdev = hci_dev_get(index);
513 if (!hdev)
514 return cmd_status(sk, index, MGMT_OP_READ_INFO,
515 MGMT_STATUS_INVALID_PARAMS);
516
517 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->flags))
518 cancel_delayed_work_sync(&hdev->power_off);
519
520 hci_dev_lock(hdev);
521
522 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
523 mgmt_init_hdev(hdev);
524
525 memset(&rp, 0, sizeof(rp));
526
527 bacpy(&rp.bdaddr, &hdev->bdaddr);
528
529 rp.version = hdev->hci_ver;
530
531 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
532
533 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
534 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
535
536 memcpy(rp.dev_class, hdev->dev_class, 3);
537
538 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
539
540 hci_dev_unlock(hdev);
541 hci_dev_put(hdev);
542
543 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
544 }
545
546 static void mgmt_pending_free(struct pending_cmd *cmd)
547 {
548 sock_put(cmd->sk);
549 kfree(cmd->param);
550 kfree(cmd);
551 }
552
553 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
554 struct hci_dev *hdev,
555 void *data, u16 len)
556 {
557 struct pending_cmd *cmd;
558
559 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
560 if (!cmd)
561 return NULL;
562
563 cmd->opcode = opcode;
564 cmd->index = hdev->id;
565
566 cmd->param = kmalloc(len, GFP_ATOMIC);
567 if (!cmd->param) {
568 kfree(cmd);
569 return NULL;
570 }
571
572 if (data)
573 memcpy(cmd->param, data, len);
574
575 cmd->sk = sk;
576 sock_hold(sk);
577
578 list_add(&cmd->list, &hdev->mgmt_pending);
579
580 return cmd;
581 }
582
583 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
584 void (*cb)(struct pending_cmd *cmd, void *data),
585 void *data)
586 {
587 struct list_head *p, *n;
588
589 list_for_each_safe(p, n, &hdev->mgmt_pending) {
590 struct pending_cmd *cmd;
591
592 cmd = list_entry(p, struct pending_cmd, list);
593
594 if (opcode > 0 && cmd->opcode != opcode)
595 continue;
596
597 cb(cmd, data);
598 }
599 }
600
601 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
602 {
603 struct pending_cmd *cmd;
604
605 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
606 if (cmd->opcode == opcode)
607 return cmd;
608 }
609
610 return NULL;
611 }
612
613 static void mgmt_pending_remove(struct pending_cmd *cmd)
614 {
615 list_del(&cmd->list);
616 mgmt_pending_free(cmd);
617 }
618
619 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
620 {
621 __le32 settings = cpu_to_le32(get_current_settings(hdev));
622
623 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
624 }
625
626 static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
627 {
628 struct mgmt_mode *cp;
629 struct hci_dev *hdev;
630 struct pending_cmd *cmd;
631 int err, up;
632
633 cp = (void *) data;
634
635 BT_DBG("request for hci%u", index);
636
637 if (len != sizeof(*cp))
638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
640
641 hdev = hci_dev_get(index);
642 if (!hdev)
643 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
644 MGMT_STATUS_INVALID_PARAMS);
645
646 hci_dev_lock(hdev);
647
648 up = test_bit(HCI_UP, &hdev->flags);
649 if ((cp->val && up) || (!cp->val && !up)) {
650 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
651 goto failed;
652 }
653
654 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
655 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
656 MGMT_STATUS_BUSY);
657 goto failed;
658 }
659
660 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
661 if (!cmd) {
662 err = -ENOMEM;
663 goto failed;
664 }
665
666 if (cp->val)
667 schedule_work(&hdev->power_on);
668 else
669 schedule_work(&hdev->power_off.work);
670
671 err = 0;
672
673 failed:
674 hci_dev_unlock(hdev);
675 hci_dev_put(hdev);
676 return err;
677 }
678
679 static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
680 u16 len)
681 {
682 struct mgmt_cp_set_discoverable *cp;
683 struct hci_dev *hdev;
684 struct pending_cmd *cmd;
685 u8 scan;
686 int err;
687
688 cp = (void *) data;
689
690 BT_DBG("request for hci%u", index);
691
692 if (len != sizeof(*cp))
693 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
694 MGMT_STATUS_INVALID_PARAMS);
695
696 hdev = hci_dev_get(index);
697 if (!hdev)
698 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
699 MGMT_STATUS_INVALID_PARAMS);
700
701 hci_dev_lock(hdev);
702
703 if (!test_bit(HCI_UP, &hdev->flags)) {
704 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
705 MGMT_STATUS_NOT_POWERED);
706 goto failed;
707 }
708
709 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
710 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
711 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
712 MGMT_STATUS_BUSY);
713 goto failed;
714 }
715
716 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
717 test_bit(HCI_PSCAN, &hdev->flags)) {
718 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
719 goto failed;
720 }
721
722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
723 if (!cmd) {
724 err = -ENOMEM;
725 goto failed;
726 }
727
728 scan = SCAN_PAGE;
729
730 if (cp->val)
731 scan |= SCAN_INQUIRY;
732 else
733 cancel_delayed_work(&hdev->discov_off);
734
735 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
736 if (err < 0)
737 mgmt_pending_remove(cmd);
738
739 if (cp->val)
740 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
741
742 failed:
743 hci_dev_unlock(hdev);
744 hci_dev_put(hdev);
745
746 return err;
747 }
748
749 static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
750 u16 len)
751 {
752 struct mgmt_mode *cp;
753 struct hci_dev *hdev;
754 struct pending_cmd *cmd;
755 u8 scan;
756 int err;
757
758 cp = (void *) data;
759
760 BT_DBG("request for hci%u", index);
761
762 if (len != sizeof(*cp))
763 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764 MGMT_STATUS_INVALID_PARAMS);
765
766 hdev = hci_dev_get(index);
767 if (!hdev)
768 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
769 MGMT_STATUS_INVALID_PARAMS);
770
771 hci_dev_lock(hdev);
772
773 if (!test_bit(HCI_UP, &hdev->flags)) {
774 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
775 MGMT_STATUS_NOT_POWERED);
776 goto failed;
777 }
778
779 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
780 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
781 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
782 MGMT_STATUS_BUSY);
783 goto failed;
784 }
785
786 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
787 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
788 goto failed;
789 }
790
791 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
792 if (!cmd) {
793 err = -ENOMEM;
794 goto failed;
795 }
796
797 if (cp->val)
798 scan = SCAN_PAGE;
799 else
800 scan = 0;
801
802 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
803 if (err < 0)
804 mgmt_pending_remove(cmd);
805
806 failed:
807 hci_dev_unlock(hdev);
808 hci_dev_put(hdev);
809
810 return err;
811 }
812
813 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
814 u16 data_len, struct sock *skip_sk)
815 {
816 struct sk_buff *skb;
817 struct mgmt_hdr *hdr;
818
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
820 if (!skb)
821 return -ENOMEM;
822
823 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
824
825 hdr = (void *) skb_put(skb, sizeof(*hdr));
826 hdr->opcode = cpu_to_le16(event);
827 if (hdev)
828 hdr->index = cpu_to_le16(hdev->id);
829 else
830 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
831 hdr->len = cpu_to_le16(data_len);
832
833 if (data)
834 memcpy(skb_put(skb, data_len), data, data_len);
835
836 hci_send_to_sock(NULL, skb, skip_sk);
837 kfree_skb(skb);
838
839 return 0;
840 }
841
842 static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
843 u16 len)
844 {
845 struct mgmt_mode *cp;
846 struct hci_dev *hdev;
847 __le32 ev;
848 int err;
849
850 cp = (void *) data;
851
852 BT_DBG("request for hci%u", index);
853
854 if (len != sizeof(*cp))
855 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
856 MGMT_STATUS_INVALID_PARAMS);
857
858 hdev = hci_dev_get(index);
859 if (!hdev)
860 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
861 MGMT_STATUS_INVALID_PARAMS);
862
863 hci_dev_lock(hdev);
864
865 if (cp->val)
866 set_bit(HCI_PAIRABLE, &hdev->flags);
867 else
868 clear_bit(HCI_PAIRABLE, &hdev->flags);
869
870 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
871 if (err < 0)
872 goto failed;
873
874 ev = cpu_to_le32(get_current_settings(hdev));
875
876 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
877
878 failed:
879 hci_dev_unlock(hdev);
880 hci_dev_put(hdev);
881
882 return err;
883 }
884
885 static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
886 {
887 struct mgmt_cp_add_uuid *cp;
888 struct hci_dev *hdev;
889 struct bt_uuid *uuid;
890 int err;
891
892 cp = (void *) data;
893
894 BT_DBG("request for hci%u", index);
895
896 if (len != sizeof(*cp))
897 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
898 MGMT_STATUS_INVALID_PARAMS);
899
900 hdev = hci_dev_get(index);
901 if (!hdev)
902 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
903 MGMT_STATUS_INVALID_PARAMS);
904
905 hci_dev_lock(hdev);
906
907 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
908 if (!uuid) {
909 err = -ENOMEM;
910 goto failed;
911 }
912
913 memcpy(uuid->uuid, cp->uuid, 16);
914 uuid->svc_hint = cp->svc_hint;
915
916 list_add(&uuid->list, &hdev->uuids);
917
918 err = update_class(hdev);
919 if (err < 0)
920 goto failed;
921
922 err = update_eir(hdev);
923 if (err < 0)
924 goto failed;
925
926 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
927
928 failed:
929 hci_dev_unlock(hdev);
930 hci_dev_put(hdev);
931
932 return err;
933 }
934
935 static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
936 {
937 struct list_head *p, *n;
938 struct mgmt_cp_remove_uuid *cp;
939 struct hci_dev *hdev;
940 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
941 int err, found;
942
943 cp = (void *) data;
944
945 BT_DBG("request for hci%u", index);
946
947 if (len != sizeof(*cp))
948 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
949 MGMT_STATUS_INVALID_PARAMS);
950
951 hdev = hci_dev_get(index);
952 if (!hdev)
953 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
954 MGMT_STATUS_INVALID_PARAMS);
955
956 hci_dev_lock(hdev);
957
958 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
959 err = hci_uuids_clear(hdev);
960 goto unlock;
961 }
962
963 found = 0;
964
965 list_for_each_safe(p, n, &hdev->uuids) {
966 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
967
968 if (memcmp(match->uuid, cp->uuid, 16) != 0)
969 continue;
970
971 list_del(&match->list);
972 found++;
973 }
974
975 if (found == 0) {
976 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
977 MGMT_STATUS_INVALID_PARAMS);
978 goto unlock;
979 }
980
981 err = update_class(hdev);
982 if (err < 0)
983 goto unlock;
984
985 err = update_eir(hdev);
986 if (err < 0)
987 goto unlock;
988
989 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
990
991 unlock:
992 hci_dev_unlock(hdev);
993 hci_dev_put(hdev);
994
995 return err;
996 }
997
998 static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
999 u16 len)
1000 {
1001 struct hci_dev *hdev;
1002 struct mgmt_cp_set_dev_class *cp;
1003 int err;
1004
1005 cp = (void *) data;
1006
1007 BT_DBG("request for hci%u", index);
1008
1009 if (len != sizeof(*cp))
1010 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1011 MGMT_STATUS_INVALID_PARAMS);
1012
1013 hdev = hci_dev_get(index);
1014 if (!hdev)
1015 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1016 MGMT_STATUS_INVALID_PARAMS);
1017
1018 hci_dev_lock(hdev);
1019
1020 hdev->major_class = cp->major;
1021 hdev->minor_class = cp->minor;
1022
1023 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->flags)) {
1024 hci_dev_unlock(hdev);
1025 cancel_delayed_work_sync(&hdev->service_cache);
1026 hci_dev_lock(hdev);
1027 update_eir(hdev);
1028 }
1029
1030 err = update_class(hdev);
1031
1032 if (err == 0)
1033 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1034
1035 hci_dev_unlock(hdev);
1036 hci_dev_put(hdev);
1037
1038 return err;
1039 }
1040
1041 static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1042 u16 len)
1043 {
1044 struct hci_dev *hdev;
1045 struct mgmt_cp_load_link_keys *cp;
1046 u16 key_count, expected_len;
1047 int i;
1048
1049 cp = (void *) data;
1050
1051 if (len < sizeof(*cp))
1052 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1053 MGMT_STATUS_INVALID_PARAMS);
1054
1055 key_count = get_unaligned_le16(&cp->key_count);
1056
1057 expected_len = sizeof(*cp) + key_count *
1058 sizeof(struct mgmt_link_key_info);
1059 if (expected_len != len) {
1060 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1061 len, expected_len);
1062 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1063 MGMT_STATUS_INVALID_PARAMS);
1064 }
1065
1066 hdev = hci_dev_get(index);
1067 if (!hdev)
1068 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1069 MGMT_STATUS_INVALID_PARAMS);
1070
1071 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1072 key_count);
1073
1074 hci_dev_lock(hdev);
1075
1076 hci_link_keys_clear(hdev);
1077
1078 set_bit(HCI_LINK_KEYS, &hdev->flags);
1079
1080 if (cp->debug_keys)
1081 set_bit(HCI_DEBUG_KEYS, &hdev->flags);
1082 else
1083 clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
1084
1085 for (i = 0; i < key_count; i++) {
1086 struct mgmt_link_key_info *key = &cp->keys[i];
1087
1088 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1089 key->pin_len);
1090 }
1091
1092 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1093
1094 hci_dev_unlock(hdev);
1095 hci_dev_put(hdev);
1096
1097 return 0;
1098 }
1099
1100 static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1101 u16 len)
1102 {
1103 struct hci_dev *hdev;
1104 struct mgmt_cp_remove_keys *cp;
1105 struct mgmt_rp_remove_keys rp;
1106 struct hci_cp_disconnect dc;
1107 struct pending_cmd *cmd;
1108 struct hci_conn *conn;
1109 int err;
1110
1111 cp = (void *) data;
1112
1113 if (len != sizeof(*cp))
1114 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1115 MGMT_STATUS_INVALID_PARAMS);
1116
1117 hdev = hci_dev_get(index);
1118 if (!hdev)
1119 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1120 MGMT_STATUS_INVALID_PARAMS);
1121
1122 hci_dev_lock(hdev);
1123
1124 memset(&rp, 0, sizeof(rp));
1125 bacpy(&rp.bdaddr, &cp->bdaddr);
1126 rp.status = MGMT_STATUS_FAILED;
1127
1128 err = hci_remove_link_key(hdev, &cp->bdaddr);
1129 if (err < 0) {
1130 rp.status = MGMT_STATUS_NOT_PAIRED;
1131 goto unlock;
1132 }
1133
1134 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1135 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1136 sizeof(rp));
1137 goto unlock;
1138 }
1139
1140 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1141 if (!conn) {
1142 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1143 sizeof(rp));
1144 goto unlock;
1145 }
1146
1147 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1148 if (!cmd) {
1149 err = -ENOMEM;
1150 goto unlock;
1151 }
1152
1153 put_unaligned_le16(conn->handle, &dc.handle);
1154 dc.reason = 0x13; /* Remote User Terminated Connection */
1155 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1156 if (err < 0)
1157 mgmt_pending_remove(cmd);
1158
1159 unlock:
1160 if (err < 0)
1161 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1162 sizeof(rp));
1163 hci_dev_unlock(hdev);
1164 hci_dev_put(hdev);
1165
1166 return err;
1167 }
1168
1169 static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1170 {
1171 struct hci_dev *hdev;
1172 struct mgmt_cp_disconnect *cp;
1173 struct hci_cp_disconnect dc;
1174 struct pending_cmd *cmd;
1175 struct hci_conn *conn;
1176 int err;
1177
1178 BT_DBG("");
1179
1180 cp = (void *) data;
1181
1182 if (len != sizeof(*cp))
1183 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1184 MGMT_STATUS_INVALID_PARAMS);
1185
1186 hdev = hci_dev_get(index);
1187 if (!hdev)
1188 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1189 MGMT_STATUS_INVALID_PARAMS);
1190
1191 hci_dev_lock(hdev);
1192
1193 if (!test_bit(HCI_UP, &hdev->flags)) {
1194 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1195 MGMT_STATUS_NOT_POWERED);
1196 goto failed;
1197 }
1198
1199 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1200 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1201 MGMT_STATUS_BUSY);
1202 goto failed;
1203 }
1204
1205 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1206 if (!conn)
1207 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1208
1209 if (!conn) {
1210 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1211 MGMT_STATUS_NOT_CONNECTED);
1212 goto failed;
1213 }
1214
1215 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1216 if (!cmd) {
1217 err = -ENOMEM;
1218 goto failed;
1219 }
1220
1221 put_unaligned_le16(conn->handle, &dc.handle);
1222 dc.reason = 0x13; /* Remote User Terminated Connection */
1223
1224 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1225 if (err < 0)
1226 mgmt_pending_remove(cmd);
1227
1228 failed:
1229 hci_dev_unlock(hdev);
1230 hci_dev_put(hdev);
1231
1232 return err;
1233 }
1234
1235 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1236 {
1237 switch (link_type) {
1238 case LE_LINK:
1239 switch (addr_type) {
1240 case ADDR_LE_DEV_PUBLIC:
1241 return MGMT_ADDR_LE_PUBLIC;
1242 case ADDR_LE_DEV_RANDOM:
1243 return MGMT_ADDR_LE_RANDOM;
1244 default:
1245 return MGMT_ADDR_INVALID;
1246 }
1247 case ACL_LINK:
1248 return MGMT_ADDR_BREDR;
1249 default:
1250 return MGMT_ADDR_INVALID;
1251 }
1252 }
1253
1254 static int get_connections(struct sock *sk, u16 index)
1255 {
1256 struct mgmt_rp_get_connections *rp;
1257 struct hci_dev *hdev;
1258 struct hci_conn *c;
1259 struct list_head *p;
1260 size_t rp_len;
1261 u16 count;
1262 int i, err;
1263
1264 BT_DBG("");
1265
1266 hdev = hci_dev_get(index);
1267 if (!hdev)
1268 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1269 MGMT_STATUS_INVALID_PARAMS);
1270
1271 hci_dev_lock(hdev);
1272
1273 count = 0;
1274 list_for_each(p, &hdev->conn_hash.list) {
1275 count++;
1276 }
1277
1278 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1279 rp = kmalloc(rp_len, GFP_ATOMIC);
1280 if (!rp) {
1281 err = -ENOMEM;
1282 goto unlock;
1283 }
1284
1285 put_unaligned_le16(count, &rp->conn_count);
1286
1287 i = 0;
1288 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1289 bacpy(&rp->addr[i].bdaddr, &c->dst);
1290 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1291 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1292 continue;
1293 i++;
1294 }
1295
1296 /* Recalculate length in case of filtered SCO connections, etc */
1297 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1298
1299 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1300
1301 unlock:
1302 kfree(rp);
1303 hci_dev_unlock(hdev);
1304 hci_dev_put(hdev);
1305 return err;
1306 }
1307
1308 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1309 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1310 {
1311 struct pending_cmd *cmd;
1312 int err;
1313
1314 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1315 sizeof(*cp));
1316 if (!cmd)
1317 return -ENOMEM;
1318
1319 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1320 &cp->bdaddr);
1321 if (err < 0)
1322 mgmt_pending_remove(cmd);
1323
1324 return err;
1325 }
1326
1327 static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1328 u16 len)
1329 {
1330 struct hci_dev *hdev;
1331 struct hci_conn *conn;
1332 struct mgmt_cp_pin_code_reply *cp;
1333 struct mgmt_cp_pin_code_neg_reply ncp;
1334 struct hci_cp_pin_code_reply reply;
1335 struct pending_cmd *cmd;
1336 int err;
1337
1338 BT_DBG("");
1339
1340 cp = (void *) data;
1341
1342 if (len != sizeof(*cp))
1343 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1344 MGMT_STATUS_INVALID_PARAMS);
1345
1346 hdev = hci_dev_get(index);
1347 if (!hdev)
1348 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1349 MGMT_STATUS_INVALID_PARAMS);
1350
1351 hci_dev_lock(hdev);
1352
1353 if (!test_bit(HCI_UP, &hdev->flags)) {
1354 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1355 MGMT_STATUS_NOT_POWERED);
1356 goto failed;
1357 }
1358
1359 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1360 if (!conn) {
1361 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1362 MGMT_STATUS_NOT_CONNECTED);
1363 goto failed;
1364 }
1365
1366 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1367 bacpy(&ncp.bdaddr, &cp->bdaddr);
1368
1369 BT_ERR("PIN code is not 16 bytes long");
1370
1371 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1372 if (err >= 0)
1373 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1374 MGMT_STATUS_INVALID_PARAMS);
1375
1376 goto failed;
1377 }
1378
1379 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1380 if (!cmd) {
1381 err = -ENOMEM;
1382 goto failed;
1383 }
1384
1385 bacpy(&reply.bdaddr, &cp->bdaddr);
1386 reply.pin_len = cp->pin_len;
1387 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1388
1389 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1390 if (err < 0)
1391 mgmt_pending_remove(cmd);
1392
1393 failed:
1394 hci_dev_unlock(hdev);
1395 hci_dev_put(hdev);
1396
1397 return err;
1398 }
1399
1400 static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1401 u16 len)
1402 {
1403 struct hci_dev *hdev;
1404 struct mgmt_cp_pin_code_neg_reply *cp;
1405 int err;
1406
1407 BT_DBG("");
1408
1409 cp = (void *) data;
1410
1411 if (len != sizeof(*cp))
1412 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1413 MGMT_STATUS_INVALID_PARAMS);
1414
1415 hdev = hci_dev_get(index);
1416 if (!hdev)
1417 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1418 MGMT_STATUS_INVALID_PARAMS);
1419
1420 hci_dev_lock(hdev);
1421
1422 if (!test_bit(HCI_UP, &hdev->flags)) {
1423 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1424 MGMT_STATUS_NOT_POWERED);
1425 goto failed;
1426 }
1427
1428 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1429
1430 failed:
1431 hci_dev_unlock(hdev);
1432 hci_dev_put(hdev);
1433
1434 return err;
1435 }
1436
1437 static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1438 u16 len)
1439 {
1440 struct hci_dev *hdev;
1441 struct mgmt_cp_set_io_capability *cp;
1442
1443 BT_DBG("");
1444
1445 cp = (void *) data;
1446
1447 if (len != sizeof(*cp))
1448 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1449 MGMT_STATUS_INVALID_PARAMS);
1450
1451 hdev = hci_dev_get(index);
1452 if (!hdev)
1453 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1454 MGMT_STATUS_INVALID_PARAMS);
1455
1456 hci_dev_lock(hdev);
1457
1458 hdev->io_capability = cp->io_capability;
1459
1460 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1461 hdev->io_capability);
1462
1463 hci_dev_unlock(hdev);
1464 hci_dev_put(hdev);
1465
1466 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1467 }
1468
1469 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1470 {
1471 struct hci_dev *hdev = conn->hdev;
1472 struct pending_cmd *cmd;
1473
1474 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1475 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1476 continue;
1477
1478 if (cmd->user_data != conn)
1479 continue;
1480
1481 return cmd;
1482 }
1483
1484 return NULL;
1485 }
1486
1487 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1488 {
1489 struct mgmt_rp_pair_device rp;
1490 struct hci_conn *conn = cmd->user_data;
1491
1492 bacpy(&rp.addr.bdaddr, &conn->dst);
1493 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1494 rp.status = status;
1495
1496 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1497
1498 /* So we don't get further callbacks for this connection */
1499 conn->connect_cfm_cb = NULL;
1500 conn->security_cfm_cb = NULL;
1501 conn->disconn_cfm_cb = NULL;
1502
1503 hci_conn_put(conn);
1504
1505 mgmt_pending_remove(cmd);
1506 }
1507
1508 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1509 {
1510 struct pending_cmd *cmd;
1511
1512 BT_DBG("status %u", status);
1513
1514 cmd = find_pairing(conn);
1515 if (!cmd)
1516 BT_DBG("Unable to find a pending command");
1517 else
1518 pairing_complete(cmd, status);
1519 }
1520
1521 static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1522 {
1523 struct hci_dev *hdev;
1524 struct mgmt_cp_pair_device *cp;
1525 struct mgmt_rp_pair_device rp;
1526 struct pending_cmd *cmd;
1527 u8 sec_level, auth_type;
1528 struct hci_conn *conn;
1529 int err;
1530
1531 BT_DBG("");
1532
1533 cp = (void *) data;
1534
1535 if (len != sizeof(*cp))
1536 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1537 MGMT_STATUS_INVALID_PARAMS);
1538
1539 hdev = hci_dev_get(index);
1540 if (!hdev)
1541 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1542 MGMT_STATUS_INVALID_PARAMS);
1543
1544 hci_dev_lock(hdev);
1545
1546 sec_level = BT_SECURITY_MEDIUM;
1547 if (cp->io_cap == 0x03)
1548 auth_type = HCI_AT_DEDICATED_BONDING;
1549 else
1550 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1551
1552 if (cp->addr.type == MGMT_ADDR_BREDR)
1553 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1554 auth_type);
1555 else
1556 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1557 auth_type);
1558
1559 memset(&rp, 0, sizeof(rp));
1560 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1561 rp.addr.type = cp->addr.type;
1562
1563 if (IS_ERR(conn)) {
1564 rp.status = -PTR_ERR(conn);
1565 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1566 &rp, sizeof(rp));
1567 goto unlock;
1568 }
1569
1570 if (conn->connect_cfm_cb) {
1571 hci_conn_put(conn);
1572 rp.status = EBUSY;
1573 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1574 &rp, sizeof(rp));
1575 goto unlock;
1576 }
1577
1578 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1579 if (!cmd) {
1580 err = -ENOMEM;
1581 hci_conn_put(conn);
1582 goto unlock;
1583 }
1584
1585 /* For LE, just connecting isn't a proof that the pairing finished */
1586 if (cp->addr.type == MGMT_ADDR_BREDR)
1587 conn->connect_cfm_cb = pairing_complete_cb;
1588
1589 conn->security_cfm_cb = pairing_complete_cb;
1590 conn->disconn_cfm_cb = pairing_complete_cb;
1591 conn->io_capability = cp->io_cap;
1592 cmd->user_data = conn;
1593
1594 if (conn->state == BT_CONNECTED &&
1595 hci_conn_security(conn, sec_level, auth_type))
1596 pairing_complete(cmd, 0);
1597
1598 err = 0;
1599
1600 unlock:
1601 hci_dev_unlock(hdev);
1602 hci_dev_put(hdev);
1603
1604 return err;
1605 }
1606
1607 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1608 u16 mgmt_op, u16 hci_op, __le32 passkey)
1609 {
1610 struct pending_cmd *cmd;
1611 struct hci_dev *hdev;
1612 struct hci_conn *conn;
1613 int err;
1614
1615 hdev = hci_dev_get(index);
1616 if (!hdev)
1617 return cmd_status(sk, index, mgmt_op,
1618 MGMT_STATUS_INVALID_PARAMS);
1619
1620 hci_dev_lock(hdev);
1621
1622 if (!test_bit(HCI_UP, &hdev->flags)) {
1623 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1624 goto done;
1625 }
1626
1627 /*
1628 * Check for an existing ACL link, if present pair via
1629 * HCI commands.
1630 *
1631 * If no ACL link is present, check for an LE link and if
1632 * present, pair via the SMP engine.
1633 *
1634 * If neither ACL nor LE links are present, fail with error.
1635 */
1636 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1637 if (!conn) {
1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1639 if (!conn) {
1640 err = cmd_status(sk, index, mgmt_op,
1641 MGMT_STATUS_NOT_CONNECTED);
1642 goto done;
1643 }
1644
1645 /* Continue with pairing via SMP */
1646 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1647
1648 if (!err)
1649 err = cmd_status(sk, index, mgmt_op,
1650 MGMT_STATUS_SUCCESS);
1651 else
1652 err = cmd_status(sk, index, mgmt_op,
1653 MGMT_STATUS_FAILED);
1654
1655 goto done;
1656 }
1657
1658 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1659 if (!cmd) {
1660 err = -ENOMEM;
1661 goto done;
1662 }
1663
1664 /* Continue with pairing via HCI */
1665 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1666 struct hci_cp_user_passkey_reply cp;
1667
1668 bacpy(&cp.bdaddr, bdaddr);
1669 cp.passkey = passkey;
1670 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1671 } else
1672 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1673
1674 if (err < 0)
1675 mgmt_pending_remove(cmd);
1676
1677 done:
1678 hci_dev_unlock(hdev);
1679 hci_dev_put(hdev);
1680
1681 return err;
1682 }
1683
1684 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1685 {
1686 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1687
1688 BT_DBG("");
1689
1690 if (len != sizeof(*cp))
1691 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1692 MGMT_STATUS_INVALID_PARAMS);
1693
1694 return user_pairing_resp(sk, index, &cp->bdaddr,
1695 MGMT_OP_USER_CONFIRM_REPLY,
1696 HCI_OP_USER_CONFIRM_REPLY, 0);
1697 }
1698
1699 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1700 u16 len)
1701 {
1702 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1703
1704 BT_DBG("");
1705
1706 if (len != sizeof(*cp))
1707 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1708 MGMT_STATUS_INVALID_PARAMS);
1709
1710 return user_pairing_resp(sk, index, &cp->bdaddr,
1711 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1712 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1713 }
1714
1715 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1716 {
1717 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1718
1719 BT_DBG("");
1720
1721 if (len != sizeof(*cp))
1722 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1723 EINVAL);
1724
1725 return user_pairing_resp(sk, index, &cp->bdaddr,
1726 MGMT_OP_USER_PASSKEY_REPLY,
1727 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1728 }
1729
1730 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1731 u16 len)
1732 {
1733 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1734
1735 BT_DBG("");
1736
1737 if (len != sizeof(*cp))
1738 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1739 EINVAL);
1740
1741 return user_pairing_resp(sk, index, &cp->bdaddr,
1742 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1743 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1744 }
1745
1746 static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1747 u16 len)
1748 {
1749 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1750 struct hci_cp_write_local_name hci_cp;
1751 struct hci_dev *hdev;
1752 struct pending_cmd *cmd;
1753 int err;
1754
1755 BT_DBG("");
1756
1757 if (len != sizeof(*mgmt_cp))
1758 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1759 MGMT_STATUS_INVALID_PARAMS);
1760
1761 hdev = hci_dev_get(index);
1762 if (!hdev)
1763 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1764 MGMT_STATUS_INVALID_PARAMS);
1765
1766 hci_dev_lock(hdev);
1767
1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
1769 if (!cmd) {
1770 err = -ENOMEM;
1771 goto failed;
1772 }
1773
1774 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1775 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1776 &hci_cp);
1777 if (err < 0)
1778 mgmt_pending_remove(cmd);
1779
1780 failed:
1781 hci_dev_unlock(hdev);
1782 hci_dev_put(hdev);
1783
1784 return err;
1785 }
1786
1787 static int read_local_oob_data(struct sock *sk, u16 index)
1788 {
1789 struct hci_dev *hdev;
1790 struct pending_cmd *cmd;
1791 int err;
1792
1793 BT_DBG("hci%u", index);
1794
1795 hdev = hci_dev_get(index);
1796 if (!hdev)
1797 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1798 MGMT_STATUS_INVALID_PARAMS);
1799
1800 hci_dev_lock(hdev);
1801
1802 if (!test_bit(HCI_UP, &hdev->flags)) {
1803 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1804 MGMT_STATUS_NOT_POWERED);
1805 goto unlock;
1806 }
1807
1808 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1809 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1810 MGMT_STATUS_NOT_SUPPORTED);
1811 goto unlock;
1812 }
1813
1814 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1815 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1816 MGMT_STATUS_BUSY);
1817 goto unlock;
1818 }
1819
1820 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1821 if (!cmd) {
1822 err = -ENOMEM;
1823 goto unlock;
1824 }
1825
1826 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1827 if (err < 0)
1828 mgmt_pending_remove(cmd);
1829
1830 unlock:
1831 hci_dev_unlock(hdev);
1832 hci_dev_put(hdev);
1833
1834 return err;
1835 }
1836
1837 static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1838 u16 len)
1839 {
1840 struct hci_dev *hdev;
1841 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1842 int err;
1843
1844 BT_DBG("hci%u ", index);
1845
1846 if (len != sizeof(*cp))
1847 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1848 MGMT_STATUS_INVALID_PARAMS);
1849
1850 hdev = hci_dev_get(index);
1851 if (!hdev)
1852 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1853 MGMT_STATUS_INVALID_PARAMS);
1854
1855 hci_dev_lock(hdev);
1856
1857 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1858 cp->randomizer);
1859 if (err < 0)
1860 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1861 MGMT_STATUS_FAILED);
1862 else
1863 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1864 0);
1865
1866 hci_dev_unlock(hdev);
1867 hci_dev_put(hdev);
1868
1869 return err;
1870 }
1871
1872 static int remove_remote_oob_data(struct sock *sk, u16 index,
1873 unsigned char *data, u16 len)
1874 {
1875 struct hci_dev *hdev;
1876 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1877 int err;
1878
1879 BT_DBG("hci%u ", index);
1880
1881 if (len != sizeof(*cp))
1882 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1883 MGMT_STATUS_INVALID_PARAMS);
1884
1885 hdev = hci_dev_get(index);
1886 if (!hdev)
1887 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1888 MGMT_STATUS_INVALID_PARAMS);
1889
1890 hci_dev_lock(hdev);
1891
1892 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1893 if (err < 0)
1894 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1895 MGMT_STATUS_INVALID_PARAMS);
1896 else
1897 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1898 NULL, 0);
1899
1900 hci_dev_unlock(hdev);
1901 hci_dev_put(hdev);
1902
1903 return err;
1904 }
1905
1906 static int start_discovery(struct sock *sk, u16 index,
1907 unsigned char *data, u16 len)
1908 {
1909 struct mgmt_cp_start_discovery *cp = (void *) data;
1910 struct pending_cmd *cmd;
1911 struct hci_dev *hdev;
1912 int err;
1913
1914 BT_DBG("hci%u", index);
1915
1916 if (len != sizeof(*cp))
1917 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1918 MGMT_STATUS_INVALID_PARAMS);
1919
1920 hdev = hci_dev_get(index);
1921 if (!hdev)
1922 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1923 MGMT_STATUS_INVALID_PARAMS);
1924
1925 hci_dev_lock(hdev);
1926
1927 if (!test_bit(HCI_UP, &hdev->flags)) {
1928 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1929 MGMT_STATUS_NOT_POWERED);
1930 goto failed;
1931 }
1932
1933 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1934 if (!cmd) {
1935 err = -ENOMEM;
1936 goto failed;
1937 }
1938
1939 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1940 if (err < 0)
1941 mgmt_pending_remove(cmd);
1942
1943 failed:
1944 hci_dev_unlock(hdev);
1945 hci_dev_put(hdev);
1946
1947 return err;
1948 }
1949
1950 static int stop_discovery(struct sock *sk, u16 index)
1951 {
1952 struct hci_dev *hdev;
1953 struct pending_cmd *cmd;
1954 int err;
1955
1956 BT_DBG("hci%u", index);
1957
1958 hdev = hci_dev_get(index);
1959 if (!hdev)
1960 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1961 MGMT_STATUS_INVALID_PARAMS);
1962
1963 hci_dev_lock(hdev);
1964
1965 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
1966 if (!cmd) {
1967 err = -ENOMEM;
1968 goto failed;
1969 }
1970
1971 err = hci_cancel_inquiry(hdev);
1972 if (err < 0)
1973 mgmt_pending_remove(cmd);
1974
1975 failed:
1976 hci_dev_unlock(hdev);
1977 hci_dev_put(hdev);
1978
1979 return err;
1980 }
1981
1982 static int block_device(struct sock *sk, u16 index, unsigned char *data,
1983 u16 len)
1984 {
1985 struct hci_dev *hdev;
1986 struct mgmt_cp_block_device *cp = (void *) data;
1987 int err;
1988
1989 BT_DBG("hci%u", index);
1990
1991 if (len != sizeof(*cp))
1992 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1993 MGMT_STATUS_INVALID_PARAMS);
1994
1995 hdev = hci_dev_get(index);
1996 if (!hdev)
1997 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
1998 MGMT_STATUS_INVALID_PARAMS);
1999
2000 hci_dev_lock(hdev);
2001
2002 err = hci_blacklist_add(hdev, &cp->bdaddr);
2003 if (err < 0)
2004 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2005 MGMT_STATUS_FAILED);
2006 else
2007 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2008 NULL, 0);
2009
2010 hci_dev_unlock(hdev);
2011 hci_dev_put(hdev);
2012
2013 return err;
2014 }
2015
2016 static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2017 u16 len)
2018 {
2019 struct hci_dev *hdev;
2020 struct mgmt_cp_unblock_device *cp = (void *) data;
2021 int err;
2022
2023 BT_DBG("hci%u", index);
2024
2025 if (len != sizeof(*cp))
2026 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2027 MGMT_STATUS_INVALID_PARAMS);
2028
2029 hdev = hci_dev_get(index);
2030 if (!hdev)
2031 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2032 MGMT_STATUS_INVALID_PARAMS);
2033
2034 hci_dev_lock(hdev);
2035
2036 err = hci_blacklist_del(hdev, &cp->bdaddr);
2037
2038 if (err < 0)
2039 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2040 MGMT_STATUS_INVALID_PARAMS);
2041 else
2042 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2043 NULL, 0);
2044
2045 hci_dev_unlock(hdev);
2046 hci_dev_put(hdev);
2047
2048 return err;
2049 }
2050
2051 static int set_fast_connectable(struct sock *sk, u16 index,
2052 unsigned char *data, u16 len)
2053 {
2054 struct hci_dev *hdev;
2055 struct mgmt_mode *cp = (void *) data;
2056 struct hci_cp_write_page_scan_activity acp;
2057 u8 type;
2058 int err;
2059
2060 BT_DBG("hci%u", index);
2061
2062 if (len != sizeof(*cp))
2063 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2064 MGMT_STATUS_INVALID_PARAMS);
2065
2066 hdev = hci_dev_get(index);
2067 if (!hdev)
2068 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2069 MGMT_STATUS_INVALID_PARAMS);
2070
2071 hci_dev_lock(hdev);
2072
2073 if (cp->val) {
2074 type = PAGE_SCAN_TYPE_INTERLACED;
2075 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2076 } else {
2077 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2078 acp.interval = 0x0800; /* default 1.28 sec page scan */
2079 }
2080
2081 acp.window = 0x0012; /* default 11.25 msec page scan window */
2082
2083 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2084 sizeof(acp), &acp);
2085 if (err < 0) {
2086 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2087 MGMT_STATUS_FAILED);
2088 goto done;
2089 }
2090
2091 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2092 if (err < 0) {
2093 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2094 MGMT_STATUS_FAILED);
2095 goto done;
2096 }
2097
2098 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2099 NULL, 0);
2100 done:
2101 hci_dev_unlock(hdev);
2102 hci_dev_put(hdev);
2103
2104 return err;
2105 }
2106
2107 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2108 {
2109 unsigned char *buf;
2110 struct mgmt_hdr *hdr;
2111 u16 opcode, index, len;
2112 int err;
2113
2114 BT_DBG("got %zu bytes", msglen);
2115
2116 if (msglen < sizeof(*hdr))
2117 return -EINVAL;
2118
2119 buf = kmalloc(msglen, GFP_KERNEL);
2120 if (!buf)
2121 return -ENOMEM;
2122
2123 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2124 err = -EFAULT;
2125 goto done;
2126 }
2127
2128 hdr = (struct mgmt_hdr *) buf;
2129 opcode = get_unaligned_le16(&hdr->opcode);
2130 index = get_unaligned_le16(&hdr->index);
2131 len = get_unaligned_le16(&hdr->len);
2132
2133 if (len != msglen - sizeof(*hdr)) {
2134 err = -EINVAL;
2135 goto done;
2136 }
2137
2138 switch (opcode) {
2139 case MGMT_OP_READ_VERSION:
2140 err = read_version(sk);
2141 break;
2142 case MGMT_OP_READ_INDEX_LIST:
2143 err = read_index_list(sk);
2144 break;
2145 case MGMT_OP_READ_INFO:
2146 err = read_controller_info(sk, index);
2147 break;
2148 case MGMT_OP_SET_POWERED:
2149 err = set_powered(sk, index, buf + sizeof(*hdr), len);
2150 break;
2151 case MGMT_OP_SET_DISCOVERABLE:
2152 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
2153 break;
2154 case MGMT_OP_SET_CONNECTABLE:
2155 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
2156 break;
2157 case MGMT_OP_SET_FAST_CONNECTABLE:
2158 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2159 len);
2160 break;
2161 case MGMT_OP_SET_PAIRABLE:
2162 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
2163 break;
2164 case MGMT_OP_ADD_UUID:
2165 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2166 break;
2167 case MGMT_OP_REMOVE_UUID:
2168 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2169 break;
2170 case MGMT_OP_SET_DEV_CLASS:
2171 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
2172 break;
2173 case MGMT_OP_LOAD_LINK_KEYS:
2174 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
2175 break;
2176 case MGMT_OP_REMOVE_KEYS:
2177 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
2178 break;
2179 case MGMT_OP_DISCONNECT:
2180 err = disconnect(sk, index, buf + sizeof(*hdr), len);
2181 break;
2182 case MGMT_OP_GET_CONNECTIONS:
2183 err = get_connections(sk, index);
2184 break;
2185 case MGMT_OP_PIN_CODE_REPLY:
2186 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
2187 break;
2188 case MGMT_OP_PIN_CODE_NEG_REPLY:
2189 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
2190 break;
2191 case MGMT_OP_SET_IO_CAPABILITY:
2192 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
2193 break;
2194 case MGMT_OP_PAIR_DEVICE:
2195 err = pair_device(sk, index, buf + sizeof(*hdr), len);
2196 break;
2197 case MGMT_OP_USER_CONFIRM_REPLY:
2198 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
2199 break;
2200 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2201 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2202 len);
2203 break;
2204 case MGMT_OP_USER_PASSKEY_REPLY:
2205 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2206 break;
2207 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2208 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2209 len);
2210 break;
2211 case MGMT_OP_SET_LOCAL_NAME:
2212 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2213 break;
2214 case MGMT_OP_READ_LOCAL_OOB_DATA:
2215 err = read_local_oob_data(sk, index);
2216 break;
2217 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2218 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2219 break;
2220 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2221 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2222 len);
2223 break;
2224 case MGMT_OP_START_DISCOVERY:
2225 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
2226 break;
2227 case MGMT_OP_STOP_DISCOVERY:
2228 err = stop_discovery(sk, index);
2229 break;
2230 case MGMT_OP_BLOCK_DEVICE:
2231 err = block_device(sk, index, buf + sizeof(*hdr), len);
2232 break;
2233 case MGMT_OP_UNBLOCK_DEVICE:
2234 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2235 break;
2236 default:
2237 BT_DBG("Unknown op %u", opcode);
2238 err = cmd_status(sk, index, opcode,
2239 MGMT_STATUS_UNKNOWN_COMMAND);
2240 break;
2241 }
2242
2243 if (err < 0)
2244 goto done;
2245
2246 err = msglen;
2247
2248 done:
2249 kfree(buf);
2250 return err;
2251 }
2252
2253 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2254 {
2255 u8 *status = data;
2256
2257 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2258 mgmt_pending_remove(cmd);
2259 }
2260
2261 int mgmt_index_added(struct hci_dev *hdev)
2262 {
2263 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2264 }
2265
2266 int mgmt_index_removed(struct hci_dev *hdev)
2267 {
2268 u8 status = ENODEV;
2269
2270 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2271
2272 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2273 }
2274
2275 struct cmd_lookup {
2276 u8 val;
2277 struct sock *sk;
2278 struct hci_dev *hdev;
2279 };
2280
2281 static void settings_rsp(struct pending_cmd *cmd, void *data)
2282 {
2283 struct cmd_lookup *match = data;
2284
2285 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2286
2287 list_del(&cmd->list);
2288
2289 if (match->sk == NULL) {
2290 match->sk = cmd->sk;
2291 sock_hold(match->sk);
2292 }
2293
2294 mgmt_pending_free(cmd);
2295 }
2296
2297 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2298 {
2299 struct cmd_lookup match = { powered, NULL, hdev };
2300 __le32 ev;
2301 int ret;
2302
2303 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2304
2305 if (!powered) {
2306 u8 status = ENETDOWN;
2307 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2308 }
2309
2310 ev = cpu_to_le32(get_current_settings(hdev));
2311
2312 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2313 match.sk);
2314
2315 if (match.sk)
2316 sock_put(match.sk);
2317
2318 return ret;
2319 }
2320
2321 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2322 {
2323 struct cmd_lookup match = { discoverable, NULL, hdev };
2324 __le32 ev;
2325 int ret;
2326
2327 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2328
2329 ev = cpu_to_le32(get_current_settings(hdev));
2330
2331 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2332 match.sk);
2333 if (match.sk)
2334 sock_put(match.sk);
2335
2336 return ret;
2337 }
2338
2339 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2340 {
2341 __le32 ev;
2342 struct cmd_lookup match = { connectable, NULL, hdev };
2343 int ret;
2344
2345 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2346 &match);
2347
2348 ev = cpu_to_le32(get_current_settings(hdev));
2349
2350 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2351
2352 if (match.sk)
2353 sock_put(match.sk);
2354
2355 return ret;
2356 }
2357
2358 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2359 {
2360 u8 mgmt_err = mgmt_status(status);
2361
2362 if (scan & SCAN_PAGE)
2363 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2364 cmd_status_rsp, &mgmt_err);
2365
2366 if (scan & SCAN_INQUIRY)
2367 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2368 cmd_status_rsp, &mgmt_err);
2369
2370 return 0;
2371 }
2372
2373 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2374 u8 persistent)
2375 {
2376 struct mgmt_ev_new_link_key ev;
2377
2378 memset(&ev, 0, sizeof(ev));
2379
2380 ev.store_hint = persistent;
2381 bacpy(&ev.key.bdaddr, &key->bdaddr);
2382 ev.key.type = key->type;
2383 memcpy(ev.key.val, key->val, 16);
2384 ev.key.pin_len = key->pin_len;
2385
2386 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2387 }
2388
2389 int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2390 u8 addr_type)
2391 {
2392 struct mgmt_addr_info ev;
2393
2394 bacpy(&ev.bdaddr, bdaddr);
2395 ev.type = link_to_mgmt(link_type, addr_type);
2396
2397 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
2398 }
2399
2400 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2401 {
2402 struct mgmt_cp_disconnect *cp = cmd->param;
2403 struct sock **sk = data;
2404 struct mgmt_rp_disconnect rp;
2405
2406 bacpy(&rp.bdaddr, &cp->bdaddr);
2407 rp.status = 0;
2408
2409 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2410
2411 *sk = cmd->sk;
2412 sock_hold(*sk);
2413
2414 mgmt_pending_remove(cmd);
2415 }
2416
2417 static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2418 {
2419 u8 *status = data;
2420 struct mgmt_cp_remove_keys *cp = cmd->param;
2421 struct mgmt_rp_remove_keys rp;
2422
2423 memset(&rp, 0, sizeof(rp));
2424 bacpy(&rp.bdaddr, &cp->bdaddr);
2425 if (status != NULL)
2426 rp.status = *status;
2427
2428 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2429 sizeof(rp));
2430
2431 mgmt_pending_remove(cmd);
2432 }
2433
2434 int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2435 u8 addr_type)
2436 {
2437 struct mgmt_addr_info ev;
2438 struct sock *sk = NULL;
2439 int err;
2440
2441 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2442
2443 bacpy(&ev.bdaddr, bdaddr);
2444 ev.type = link_to_mgmt(link_type, addr_type);
2445
2446 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
2447
2448 if (sk)
2449 sock_put(sk);
2450
2451 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2452
2453 return err;
2454 }
2455
2456 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2457 {
2458 struct pending_cmd *cmd;
2459 u8 mgmt_err = mgmt_status(status);
2460 int err;
2461
2462 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2463 if (!cmd)
2464 return -ENOENT;
2465
2466 if (bdaddr) {
2467 struct mgmt_rp_disconnect rp;
2468
2469 bacpy(&rp.bdaddr, bdaddr);
2470 rp.status = status;
2471
2472 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2473 &rp, sizeof(rp));
2474 } else
2475 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
2476 mgmt_err);
2477
2478 mgmt_pending_remove(cmd);
2479
2480 return err;
2481 }
2482
2483 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2484 u8 addr_type, u8 status)
2485 {
2486 struct mgmt_ev_connect_failed ev;
2487
2488 bacpy(&ev.addr.bdaddr, bdaddr);
2489 ev.addr.type = link_to_mgmt(link_type, addr_type);
2490 ev.status = mgmt_status(status);
2491
2492 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2493 }
2494
2495 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2496 {
2497 struct mgmt_ev_pin_code_request ev;
2498
2499 bacpy(&ev.bdaddr, bdaddr);
2500 ev.secure = secure;
2501
2502 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2503 NULL);
2504 }
2505
2506 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2507 u8 status)
2508 {
2509 struct pending_cmd *cmd;
2510 struct mgmt_rp_pin_code_reply rp;
2511 int err;
2512
2513 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2514 if (!cmd)
2515 return -ENOENT;
2516
2517 bacpy(&rp.bdaddr, bdaddr);
2518 rp.status = mgmt_status(status);
2519
2520 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2521 sizeof(rp));
2522
2523 mgmt_pending_remove(cmd);
2524
2525 return err;
2526 }
2527
2528 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2529 u8 status)
2530 {
2531 struct pending_cmd *cmd;
2532 struct mgmt_rp_pin_code_reply rp;
2533 int err;
2534
2535 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2536 if (!cmd)
2537 return -ENOENT;
2538
2539 bacpy(&rp.bdaddr, bdaddr);
2540 rp.status = mgmt_status(status);
2541
2542 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2543 sizeof(rp));
2544
2545 mgmt_pending_remove(cmd);
2546
2547 return err;
2548 }
2549
2550 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2551 __le32 value, u8 confirm_hint)
2552 {
2553 struct mgmt_ev_user_confirm_request ev;
2554
2555 BT_DBG("%s", hdev->name);
2556
2557 bacpy(&ev.bdaddr, bdaddr);
2558 ev.confirm_hint = confirm_hint;
2559 put_unaligned_le32(value, &ev.value);
2560
2561 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2562 NULL);
2563 }
2564
2565 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2566 {
2567 struct mgmt_ev_user_passkey_request ev;
2568
2569 BT_DBG("%s", hdev->name);
2570
2571 bacpy(&ev.bdaddr, bdaddr);
2572
2573 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2574 NULL);
2575 }
2576
2577 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2578 u8 status, u8 opcode)
2579 {
2580 struct pending_cmd *cmd;
2581 struct mgmt_rp_user_confirm_reply rp;
2582 int err;
2583
2584 cmd = mgmt_pending_find(opcode, hdev);
2585 if (!cmd)
2586 return -ENOENT;
2587
2588 bacpy(&rp.bdaddr, bdaddr);
2589 rp.status = mgmt_status(status);
2590 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2591
2592 mgmt_pending_remove(cmd);
2593
2594 return err;
2595 }
2596
2597 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2598 u8 status)
2599 {
2600 return user_pairing_resp_complete(hdev, bdaddr, status,
2601 MGMT_OP_USER_CONFIRM_REPLY);
2602 }
2603
2604 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2605 bdaddr_t *bdaddr, u8 status)
2606 {
2607 return user_pairing_resp_complete(hdev, bdaddr, status,
2608 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2609 }
2610
2611 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2612 u8 status)
2613 {
2614 return user_pairing_resp_complete(hdev, bdaddr, status,
2615 MGMT_OP_USER_PASSKEY_REPLY);
2616 }
2617
2618 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2619 bdaddr_t *bdaddr, u8 status)
2620 {
2621 return user_pairing_resp_complete(hdev, bdaddr, status,
2622 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2623 }
2624
2625 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2626 {
2627 struct mgmt_ev_auth_failed ev;
2628
2629 bacpy(&ev.bdaddr, bdaddr);
2630 ev.status = mgmt_status(status);
2631
2632 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2633 }
2634
2635 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2636 {
2637 struct pending_cmd *cmd;
2638 struct mgmt_cp_set_local_name ev;
2639 int err;
2640
2641 memset(&ev, 0, sizeof(ev));
2642 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2643
2644 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2645 if (!cmd)
2646 goto send_event;
2647
2648 if (status) {
2649 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2650 mgmt_status(status));
2651 goto failed;
2652 }
2653
2654 update_eir(hdev);
2655
2656 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2657 sizeof(ev));
2658 if (err < 0)
2659 goto failed;
2660
2661 send_event:
2662 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2663 cmd ? cmd->sk : NULL);
2664
2665 failed:
2666 if (cmd)
2667 mgmt_pending_remove(cmd);
2668 return err;
2669 }
2670
2671 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2672 u8 *randomizer, u8 status)
2673 {
2674 struct pending_cmd *cmd;
2675 int err;
2676
2677 BT_DBG("%s status %u", hdev->name, status);
2678
2679 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2680 if (!cmd)
2681 return -ENOENT;
2682
2683 if (status) {
2684 err = cmd_status(cmd->sk, hdev->id,
2685 MGMT_OP_READ_LOCAL_OOB_DATA,
2686 mgmt_status(status));
2687 } else {
2688 struct mgmt_rp_read_local_oob_data rp;
2689
2690 memcpy(rp.hash, hash, sizeof(rp.hash));
2691 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2692
2693 err = cmd_complete(cmd->sk, hdev->id,
2694 MGMT_OP_READ_LOCAL_OOB_DATA,
2695 &rp, sizeof(rp));
2696 }
2697
2698 mgmt_pending_remove(cmd);
2699
2700 return err;
2701 }
2702
2703 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2704 u8 addr_type, u8 *dev_class, s8 rssi, u8 *eir)
2705 {
2706 struct mgmt_ev_device_found ev;
2707
2708 memset(&ev, 0, sizeof(ev));
2709
2710 bacpy(&ev.addr.bdaddr, bdaddr);
2711 ev.addr.type = link_to_mgmt(link_type, addr_type);
2712 ev.rssi = rssi;
2713
2714 if (eir)
2715 memcpy(ev.eir, eir, sizeof(ev.eir));
2716
2717 if (dev_class)
2718 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2719
2720 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
2721 }
2722
2723 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
2724 {
2725 struct mgmt_ev_remote_name ev;
2726
2727 memset(&ev, 0, sizeof(ev));
2728
2729 bacpy(&ev.bdaddr, bdaddr);
2730 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2731
2732 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
2733 }
2734
2735 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2736 {
2737 struct pending_cmd *cmd;
2738 int err;
2739
2740 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2741 if (!cmd)
2742 return -ENOENT;
2743
2744 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2745 mgmt_pending_remove(cmd);
2746
2747 return err;
2748 }
2749
2750 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2751 {
2752 struct pending_cmd *cmd;
2753 int err;
2754
2755 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2756 if (!cmd)
2757 return -ENOENT;
2758
2759 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2760 mgmt_pending_remove(cmd);
2761
2762 return err;
2763 }
2764
2765 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
2766 {
2767 struct pending_cmd *cmd;
2768
2769 if (discovering)
2770 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2771 else
2772 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2773
2774 if (cmd != NULL) {
2775 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
2776 mgmt_pending_remove(cmd);
2777 }
2778
2779 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
2780 sizeof(discovering), NULL);
2781 }
2782
2783 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2784 {
2785 struct pending_cmd *cmd;
2786 struct mgmt_ev_device_blocked ev;
2787
2788 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
2789
2790 bacpy(&ev.bdaddr, bdaddr);
2791
2792 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2793 cmd ? cmd->sk : NULL);
2794 }
2795
2796 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
2797 {
2798 struct pending_cmd *cmd;
2799 struct mgmt_ev_device_unblocked ev;
2800
2801 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
2802
2803 bacpy(&ev.bdaddr, bdaddr);
2804
2805 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2806 cmd ? cmd->sk : NULL);
2807 }