projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix clearing of persistent dev_flags
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
56b7d137 267 return err;;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f1f0eb02 395 if (hdev_is_powered(hdev))
f0d4b78a
MH		 396 settings |= MGMT_SETTING_POWERED;
397
5e5282bb 398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 399 settings |= MGMT_SETTING_CONNECTABLE;
400
5e5282bb 401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_DISCOVERABLE;
403
a8b2d5c2 404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
59e29406 410 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 411 settings |= MGMT_SETTING_LE;
412
413 if (test_bit(HCI_AUTH, &hdev->flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
415
84bde9d6 416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_SSP;
418
6d80dfd0
JH		 419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
69ab39ea
JH		 422 return settings;
423}
424
ef580372
JH		 425#define PNP_INFO_SVCLASS_ID 0x1200
426
427static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430};
431
432static u16 get_uuid16(u8 *uuid128)
433{
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 memcpy(&val, &uuid128[12], 4);
443
444 val = le32_to_cpu(val);
445 if (val > 0xffff)
446 return 0;
447
448 return (u16) val;
449}
450
451static void create_eir(struct hci_dev *hdev, u8 *data)
452{
453 u8 *ptr = data;
454 u16 eir_len = 0;
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
458 size_t name_len;
459
460 name_len = strlen(hdev->dev_name);
461
462 if (name_len > 0) {
463 /* EIR Data type */
464 if (name_len > 48) {
465 name_len = 48;
466 ptr[1] = EIR_NAME_SHORT;
467 } else
468 ptr[1] = EIR_NAME_COMPLETE;
469
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
472
473 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
477 }
478
479 memset(uuid16_list, 0, sizeof(uuid16_list));
480
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 u16 uuid16;
484
485 uuid16 = get_uuid16(uuid->uuid);
486 if (uuid16 == 0)
487 return;
488
489 if (uuid16 < 0x1100)
490 continue;
491
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
493 continue;
494
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497 truncated = 1;
498 break;
499 }
500
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
504 break;
505
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
509 }
510 }
511
512 if (uuid16_list[0] != 0) {
513 u8 *length = ptr;
514
515 /* EIR Data type */
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518 ptr += 2;
519 eir_len += 2;
520
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524 }
525
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
528 }
529}
530
531static int update_eir(struct hci_dev *hdev)
532{
533 struct hci_cp_write_eir cp;
534
535 if (!(hdev->features[6] & LMP_EXT_INQ))
536 return 0;
537
84bde9d6 538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 539 return 0;
540
a8b2d5c2 541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
544 memset(&cp, 0, sizeof(cp));
545
546 create_eir(hdev, cp.data);
547
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
549 return 0;
550
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
552
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
554}
555
556static u8 get_service_classes(struct hci_dev *hdev)
557{
558 struct bt_uuid *uuid;
559 u8 val = 0;
560
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
563
564 return val;
565}
566
567static int update_class(struct hci_dev *hdev)
568{
569 u8 cod[3];
570
571 BT_DBG("%s", hdev->name);
572
a8b2d5c2 573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 574 return 0;
575
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
579
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
581 return 0;
582
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
584}
585
7d78525d
JH		 586static void service_cache_off(struct work_struct *work)
587{
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
589 service_cache.work);
590
a8b2d5c2 591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 592 return;
593
594 hci_dev_lock(hdev);
595
596 update_eir(hdev);
597 update_class(hdev);
598
599 hci_dev_unlock(hdev);
600}
601
602static void mgmt_init_hdev(struct hci_dev *hdev)
603{
0cbf4ed6 604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
606
0cbf4ed6
JH		 607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
610 * it
611 */
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
613 }
614
a8b2d5c2 615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
618}
619
4e51eae9 620static int read_controller_info(struct sock *sk, u16 index)
0381101f 621{
a38528f1 622 struct mgmt_rp_read_info rp;
f7b64e69 623 struct hci_dev *hdev;
0381101f 624
4e51eae9 625 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 626
4e51eae9 627 hdev = hci_dev_get(index);
a38528f1 628 if (!hdev)
ca69b795
JH		 629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 631
09fd0de5 632 hci_dev_lock(hdev);
f7b64e69 633
7d78525d
JH		 634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
ebc99feb 636
dc4fe30b
JH		 637 memset(&rp, 0, sizeof(rp));
638
69ab39ea 639 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 640
69ab39ea 641 rp.version = hdev->hci_ver;
f7b64e69 642
69ab39ea
JH		 643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
644
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 647
a38528f1 648 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 649
dc4fe30b
JH		 650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
651
09fd0de5 652 hci_dev_unlock(hdev);
f7b64e69 653 hci_dev_put(hdev);
0381101f 654
aee9b218 655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 656}
657
eec8d2bc
JH		 658static void mgmt_pending_free(struct pending_cmd *cmd)
659{
660 sock_put(cmd->sk);
c68fb7ff 661 kfree(cmd->param);
eec8d2bc
JH		 662 kfree(cmd);
663}
664
366a0336 665static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 666 struct hci_dev *hdev,
667 void *data, u16 len)
eec8d2bc
JH		 668{
669 struct pending_cmd *cmd;
670
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
672 if (!cmd)
366a0336 673 return NULL;
eec8d2bc
JH		 674
675 cmd->opcode = opcode;
2e58ef3e 676 cmd->index = hdev->id;
eec8d2bc 677
c68fb7ff
SJ		 678 cmd->param = kmalloc(len, GFP_ATOMIC);
679 if (!cmd->param) {
eec8d2bc 680 kfree(cmd);
366a0336 681 return NULL;
eec8d2bc
JH		 682 }
683
8fce6357
SJ		 684 if (data)
685 memcpy(cmd->param, data, len);
eec8d2bc
JH		 686
687 cmd->sk = sk;
688 sock_hold(sk);
689
2e58ef3e 690 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 691
366a0336 692 return cmd;
eec8d2bc
JH		 693}
694
744cf19e 695static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 696 void (*cb)(struct pending_cmd *cmd, void *data),
697 void *data)
698{
699 struct list_head *p, *n;
700
2e58ef3e 701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 702 struct pending_cmd *cmd;
703
704 cmd = list_entry(p, struct pending_cmd, list);
705
b24752fe 706 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 707 continue;
708
eec8d2bc
JH		 709 cb(cmd, data);
710 }
711}
712
2e58ef3e 713static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 714{
8035ded4 715 struct pending_cmd *cmd;
eec8d2bc 716
2e58ef3e 717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 718 if (cmd->opcode == opcode)
719 return cmd;
eec8d2bc
JH		 720 }
721
722 return NULL;
723}
724
a664b5bc 725static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 726{
73f22f62
JH		 727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
729}
730
69ab39ea 731static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 732{
69ab39ea 733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 734
aee9b218
JH		 735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
736 sizeof(settings));
8680570b
JH		 737}
738
650f726d 739static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 740{
650f726d 741 struct mgmt_mode *cp = data;
eec8d2bc 742 struct hci_dev *hdev;
366a0336 743 struct pending_cmd *cmd;
4b34ee78 744 int err;
eec8d2bc 745
4e51eae9 746 BT_DBG("request for hci%u", index);
eec8d2bc 747
bdce7baf 748 if (len != sizeof(*cp))
ca69b795
JH		 749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 751
4e51eae9 752 hdev = hci_dev_get(index);
eec8d2bc 753 if (!hdev)
ca69b795
JH		 754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 756
09fd0de5 757 hci_dev_lock(hdev);
eec8d2bc 758
f0d4b78a
MH		 759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
761
762 if (cp->val) {
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
765 goto failed;
766 }
767 }
768
4b34ee78 769 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 771 goto failed;
772 }
773
2e58ef3e 774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
776 MGMT_STATUS_BUSY);
eec8d2bc
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
eec8d2bc 783 goto failed;
366a0336 784 }
eec8d2bc 785
72a734ec 786 if (cp->val)
7f971041 787 schedule_work(&hdev->power_on);
eec8d2bc 788 else
80b7ab33 789 schedule_work(&hdev->power_off.work);
eec8d2bc 790
366a0336 791 err = 0;
eec8d2bc
JH		 792
793failed:
09fd0de5 794 hci_dev_unlock(hdev);
eec8d2bc 795 hci_dev_put(hdev);
366a0336 796 return err;
eec8d2bc
JH		 797}
798
beadb2bd
JH		 799static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
800 u16 data_len, struct sock *skip_sk)
801{
802 struct sk_buff *skb;
803 struct mgmt_hdr *hdr;
804
805 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
806 if (!skb)
807 return -ENOMEM;
808
809 hdr = (void *) skb_put(skb, sizeof(*hdr));
810 hdr->opcode = cpu_to_le16(event);
811 if (hdev)
812 hdr->index = cpu_to_le16(hdev->id);
813 else
814 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
815 hdr->len = cpu_to_le16(data_len);
816
817 if (data)
818 memcpy(skb_put(skb, data_len), data, data_len);
819
820 hci_send_to_control(skb, skip_sk);
821 kfree_skb(skb);
822
823 return 0;
824}
825
826static int new_settings(struct hci_dev *hdev, struct sock *skip)
827{
828 __le32 ev;
829
830 ev = cpu_to_le32(get_current_settings(hdev));
831
832 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
833}
834
650f726d 835static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 836{
650f726d 837 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 838 struct hci_dev *hdev;
366a0336 839 struct pending_cmd *cmd;
5e5282bb 840 u16 timeout;
73f22f62
JH		 841 u8 scan;
842 int err;
843
4e51eae9 844 BT_DBG("request for hci%u", index);
73f22f62 845
bdce7baf 846 if (len != sizeof(*cp))
ca69b795
JH		 847 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
848 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 849
4e51eae9 850 hdev = hci_dev_get(index);
73f22f62 851 if (!hdev)
ca69b795
JH		 852 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
853 MGMT_STATUS_INVALID_PARAMS);
73f22f62 854
5e5282bb
JH		 855 timeout = get_unaligned_le16(&cp->timeout);
856
09fd0de5 857 hci_dev_lock(hdev);
73f22f62 858
5e5282bb 859 if (!hdev_is_powered(hdev) && timeout > 0) {
ca69b795
JH		 860 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
861 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 862 goto failed;
863 }
864
2e58ef3e
JH		 865 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
866 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 867 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
868 MGMT_STATUS_BUSY);
73f22f62
JH		 869 goto failed;
870 }
871
5e5282bb
JH		 872 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
873 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_REJECTED);
875 goto failed;
876 }
877
878 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 879 bool changed = false;
880
881 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
882 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
883 changed = true;
884 }
885
5e5282bb 886 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 887 if (err < 0)
888 goto failed;
889
890 if (changed)
891 err = new_settings(hdev, sk);
892
5e5282bb
JH		 893 goto failed;
894 }
895
896 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
69ab39ea 897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 898 goto failed;
899 }
900
2e58ef3e 901 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 902 if (!cmd) {
903 err = -ENOMEM;
73f22f62 904 goto failed;
366a0336 905 }
73f22f62
JH		 906
907 scan = SCAN_PAGE;
908
72a734ec 909 if (cp->val)
73f22f62 910 scan |= SCAN_INQUIRY;
16ab91ab 911 else
e0f9309f 912 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 913
914 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
915 if (err < 0)
a664b5bc 916 mgmt_pending_remove(cmd);
73f22f62 917
16ab91ab 918 if (cp->val)
5e5282bb 919 hdev->discov_timeout = timeout;
16ab91ab 920
73f22f62 921failed:
09fd0de5 922 hci_dev_unlock(hdev);
73f22f62
JH		 923 hci_dev_put(hdev);
924
925 return err;
926}
927
650f726d 928static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 929{
650f726d 930 struct mgmt_mode *cp = data;
9fbcbb45 931 struct hci_dev *hdev;
366a0336 932 struct pending_cmd *cmd;
9fbcbb45
JH		 933 u8 scan;
934 int err;
935
4e51eae9 936 BT_DBG("request for hci%u", index);
9fbcbb45 937
bdce7baf 938 if (len != sizeof(*cp))
ca69b795
JH		 939 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
940 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 941
4e51eae9 942 hdev = hci_dev_get(index);
9fbcbb45 943 if (!hdev)
ca69b795
JH		 944 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
945 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 946
09fd0de5 947 hci_dev_lock(hdev);
9fbcbb45 948
4b34ee78 949 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 950 bool changed = false;
951
952 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
953 changed = true;
954
5e5282bb
JH		 955 if (cp->val)
956 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
957 else {
958 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
959 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
960 }
0224d2fa 961
5e5282bb 962 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 963 if (err < 0)
964 goto failed;
965
966 if (changed)
967 err = new_settings(hdev, sk);
968
9fbcbb45
JH		 969 goto failed;
970 }
971
2e58ef3e
JH		 972 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
973 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 974 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
975 MGMT_STATUS_BUSY);
9fbcbb45
JH		 976 goto failed;
977 }
978
5e5282bb 979 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 980 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 981 goto failed;
982 }
983
2e58ef3e 984 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 985 if (!cmd) {
986 err = -ENOMEM;
9fbcbb45 987 goto failed;
366a0336 988 }
9fbcbb45 989
72a734ec 990 if (cp->val)
9fbcbb45 991 scan = SCAN_PAGE;
df2c6c5e 992 else {
9fbcbb45
JH		 993 scan = 0;
994
df2c6c5e
JH		 995 if (test_bit(HCI_ISCAN, &hdev->flags) &&
996 hdev->discov_timeout > 0)
997 cancel_delayed_work(&hdev->discov_off);
998 }
999
9fbcbb45
JH		 1000 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1001 if (err < 0)
a664b5bc 1002 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1003
1004failed:
09fd0de5 1005 hci_dev_unlock(hdev);
9fbcbb45
JH		 1006 hci_dev_put(hdev);
1007
1008 return err;
1009}
1010
650f726d 1011static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 1012{
650f726d 1013 struct mgmt_mode *cp = data;
c542a06c 1014 struct hci_dev *hdev;
c542a06c
JH		 1015 int err;
1016
4e51eae9 1017 BT_DBG("request for hci%u", index);
c542a06c 1018
bdce7baf 1019 if (len != sizeof(*cp))
ca69b795
JH		 1020 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1021 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1022
4e51eae9 1023 hdev = hci_dev_get(index);
c542a06c 1024 if (!hdev)
ca69b795
JH		 1025 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1026 MGMT_STATUS_INVALID_PARAMS);
c542a06c 1027
09fd0de5 1028 hci_dev_lock(hdev);
c542a06c
JH		 1029
1030 if (cp->val)
a8b2d5c2 1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1032 else
a8b2d5c2 1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1034
69ab39ea 1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1036 if (err < 0)
1037 goto failed;
1038
beadb2bd 1039 err = new_settings(hdev, sk);
c542a06c
JH		 1040
1041failed:
09fd0de5 1042 hci_dev_unlock(hdev);
c542a06c
JH		 1043 hci_dev_put(hdev);
1044
1045 return err;
1046}
1047
33ef95ed
JH		 1048static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1049{
1050 struct mgmt_mode *cp = data;
1051 struct pending_cmd *cmd;
1052 struct hci_dev *hdev;
1053 uint8_t val;
1054 int err;
1055
1056 BT_DBG("request for hci%u", index);
1057
1058 if (len != sizeof(*cp))
1059 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1060 MGMT_STATUS_INVALID_PARAMS);
1061
1062 hdev = hci_dev_get(index);
1063 if (!hdev)
1064 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1065 MGMT_STATUS_INVALID_PARAMS);
1066
1067 hci_dev_lock(hdev);
1068
4b34ee78 1069 if (!hdev_is_powered(hdev)) {
33ef95ed
JH		 1070 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1071 MGMT_STATUS_NOT_POWERED);
1072 goto failed;
1073 }
1074
1075 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1076 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1077 MGMT_STATUS_BUSY);
1078 goto failed;
1079 }
1080
1081 val = !!cp->val;
1082
1083 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1084 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1085 goto failed;
1086 }
1087
1088 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1089 if (!cmd) {
1090 err = -ENOMEM;
1091 goto failed;
1092 }
1093
1094 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1095 if (err < 0) {
1096 mgmt_pending_remove(cmd);
1097 goto failed;
1098 }
1099
1100failed:
1101 hci_dev_unlock(hdev);
1102 hci_dev_put(hdev);
1103
1104 return err;
1105}
1106
ed2c4ee3
JH		 1107static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1108{
1109 struct mgmt_mode *cp = data;
1110 struct pending_cmd *cmd;
1111 struct hci_dev *hdev;
1112 uint8_t val;
1113 int err;
1114
1115 BT_DBG("request for hci%u", index);
1116
1117 if (len != sizeof(*cp))
1118 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1119 MGMT_STATUS_INVALID_PARAMS);
1120
1121 hdev = hci_dev_get(index);
1122 if (!hdev)
1123 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1124 MGMT_STATUS_INVALID_PARAMS);
1125
1126 hci_dev_lock(hdev);
1127
4b34ee78 1128 if (!hdev_is_powered(hdev)) {
ed2c4ee3
JH		 1129 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1130 MGMT_STATUS_NOT_POWERED);
1131 goto failed;
1132 }
1133
1e163574
JH		 1134 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1135 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1136 MGMT_STATUS_NOT_SUPPORTED);
1137 goto failed;
1138 }
1139
ed2c4ee3
JH		 1140 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1141 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1142 goto failed;
1143 }
1144
1145 val = !!cp->val;
1146
1147 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1148 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1149 goto failed;
1150 }
1151
1152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1153 if (!cmd) {
1154 err = -ENOMEM;
1155 goto failed;
1156 }
1157
1158 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1159 if (err < 0) {
1160 mgmt_pending_remove(cmd);
1161 goto failed;
1162 }
1163
1164failed:
1165 hci_dev_unlock(hdev);
1166 hci_dev_put(hdev);
1167
1168 return err;
1169}
1170
6d80dfd0
JH		 1171static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1172{
1173 struct mgmt_mode *cp = data;
1174 struct hci_dev *hdev;
1175 int err;
1176
1177 BT_DBG("request for hci%u", index);
1178
1179 if (len != sizeof(*cp))
1180 return cmd_status(sk, index, MGMT_OP_SET_HS,
1181 MGMT_STATUS_INVALID_PARAMS);
1182
1183 hdev = hci_dev_get(index);
1184 if (!hdev)
1185 return cmd_status(sk, index, MGMT_OP_SET_HS,
1186 MGMT_STATUS_INVALID_PARAMS);
1187
1188 if (!enable_hs) {
1189 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1190 MGMT_STATUS_NOT_SUPPORTED);
1191 goto failed;
1192 }
1193
1194 if (cp->val)
1195 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1196 else
1197 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1198
1199 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1200
1201failed:
1202 hci_dev_put(hdev);
1203 return err;
1204}
1205
650f726d 1206static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1207{
650f726d 1208 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1209 struct hci_dev *hdev;
1210 struct bt_uuid *uuid;
2aeb9a1a
JH		 1211 int err;
1212
4e51eae9 1213 BT_DBG("request for hci%u", index);
2aeb9a1a 1214
bdce7baf 1215 if (len != sizeof(*cp))
ca69b795
JH		 1216 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1217 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1218
4e51eae9 1219 hdev = hci_dev_get(index);
2aeb9a1a 1220 if (!hdev)
ca69b795
JH		 1221 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1222 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1223
09fd0de5 1224 hci_dev_lock(hdev);
2aeb9a1a
JH		 1225
1226 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1227 if (!uuid) {
1228 err = -ENOMEM;
1229 goto failed;
1230 }
1231
1232 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1233 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1234
1235 list_add(&uuid->list, &hdev->uuids);
1236
1aff6f09
JH		 1237 err = update_class(hdev);
1238 if (err < 0)
1239 goto failed;
1240
80a1e1db
JH		 1241 err = update_eir(hdev);
1242 if (err < 0)
1243 goto failed;
1244
aee9b218 1245 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1246
1247failed:
09fd0de5 1248 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1249 hci_dev_put(hdev);
1250
1251 return err;
1252}
1253
650f726d 1254static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1255{
650f726d 1256 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1257 struct list_head *p, *n;
2aeb9a1a
JH		 1258 struct hci_dev *hdev;
1259 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1260 int err, found;
1261
4e51eae9 1262 BT_DBG("request for hci%u", index);
2aeb9a1a 1263
bdce7baf 1264 if (len != sizeof(*cp))
ca69b795
JH		 1265 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1266 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1267
4e51eae9 1268 hdev = hci_dev_get(index);
2aeb9a1a 1269 if (!hdev)
ca69b795
JH		 1270 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1271 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1272
09fd0de5 1273 hci_dev_lock(hdev);
2aeb9a1a
JH		 1274
1275 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1276 err = hci_uuids_clear(hdev);
1277 goto unlock;
1278 }
1279
1280 found = 0;
1281
1282 list_for_each_safe(p, n, &hdev->uuids) {
1283 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1284
1285 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1286 continue;
1287
1288 list_del(&match->list);
1289 found++;
1290 }
1291
1292 if (found == 0) {
ca69b795
JH		 1293 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1294 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1295 goto unlock;
1296 }
1297
1aff6f09
JH		 1298 err = update_class(hdev);
1299 if (err < 0)
1300 goto unlock;
1301
80a1e1db
JH		 1302 err = update_eir(hdev);
1303 if (err < 0)
1304 goto unlock;
1305
aee9b218 1306 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1307
1308unlock:
09fd0de5 1309 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1310 hci_dev_put(hdev);
1311
1312 return err;
1313}
1314
650f726d 1315static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1316{
1317 struct hci_dev *hdev;
650f726d 1318 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1319 int err;
1320
4e51eae9 1321 BT_DBG("request for hci%u", index);
1aff6f09 1322
bdce7baf 1323 if (len != sizeof(*cp))
ca69b795
JH		 1324 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1325 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1326
4e51eae9 1327 hdev = hci_dev_get(index);
1aff6f09 1328 if (!hdev)
ca69b795
JH		 1329 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1330 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1331
09fd0de5 1332 hci_dev_lock(hdev);
1aff6f09 1333
b5235a65
JH		 1334 if (!hdev_is_powered(hdev)) {
1335 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1336 MGMT_STATUS_NOT_POWERED);
1337 goto unlock;
1338 }
1339
1aff6f09
JH		 1340 hdev->major_class = cp->major;
1341 hdev->minor_class = cp->minor;
1342
a8b2d5c2 1343 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1344 hci_dev_unlock(hdev);
1345 cancel_delayed_work_sync(&hdev->service_cache);
1346 hci_dev_lock(hdev);
14c0b608 1347 update_eir(hdev);
7d78525d 1348 }
14c0b608 1349
1aff6f09
JH		 1350 err = update_class(hdev);
1351
1352 if (err == 0)
aee9b218
JH		 1353 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1354 NULL, 0);
1aff6f09 1355
b5235a65 1356unlock:
09fd0de5 1357 hci_dev_unlock(hdev);
1aff6f09
JH		 1358 hci_dev_put(hdev);
1359
1360 return err;
1361}
1362
650f726d 1363static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1364{
1365 struct hci_dev *hdev;
650f726d 1366 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1367 u16 key_count, expected_len;
a492cd52 1368 int i;
55ed8ca1 1369
bdce7baf 1370 if (len < sizeof(*cp))
ca69b795
JH		 1371 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1372 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1373
55ed8ca1
JH		 1374 key_count = get_unaligned_le16(&cp->key_count);
1375
86742e1e
JH		 1376 expected_len = sizeof(*cp) + key_count *
1377 sizeof(struct mgmt_link_key_info);
a492cd52 1378 if (expected_len != len) {
86742e1e 1379 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1380 len, expected_len);
ca69b795
JH		 1381 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1382 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1383 }
1384
4e51eae9 1385 hdev = hci_dev_get(index);
55ed8ca1 1386 if (!hdev)
ca69b795
JH		 1387 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1388 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1389
4e51eae9 1390 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1391 key_count);
1392
09fd0de5 1393 hci_dev_lock(hdev);
55ed8ca1
JH		 1394
1395 hci_link_keys_clear(hdev);
1396
a8b2d5c2 1397 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1398
1399 if (cp->debug_keys)
a8b2d5c2 1400 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1401 else
a8b2d5c2 1402 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1403
a492cd52 1404 for (i = 0; i < key_count; i++) {
86742e1e 1405 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1406
d753fdc4
JH		 1407 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1408 key->type, key->pin_len);
55ed8ca1
JH		 1409 }
1410
aee9b218 1411 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1412
09fd0de5 1413 hci_dev_unlock(hdev);
55ed8ca1
JH		 1414 hci_dev_put(hdev);
1415
a492cd52 1416 return 0;
55ed8ca1
JH		 1417}
1418
b1078ad0
JH		 1419static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1420 u8 addr_type, struct sock *skip_sk)
1421{
1422 struct mgmt_ev_device_unpaired ev;
1423
1424 bacpy(&ev.addr.bdaddr, bdaddr);
1425 ev.addr.type = addr_type;
1426
1427 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1428 skip_sk);
1429}
1430
124f6e35 1431static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1432{
1433 struct hci_dev *hdev;
124f6e35
JH		 1434 struct mgmt_cp_unpair_device *cp = data;
1435 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1436 struct hci_cp_disconnect dc;
1437 struct pending_cmd *cmd;
55ed8ca1 1438 struct hci_conn *conn;
aee9b218 1439 u8 status = 0;
55ed8ca1
JH		 1440 int err;
1441
bdce7baf 1442 if (len != sizeof(*cp))
124f6e35 1443 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1444 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1445
4e51eae9 1446 hdev = hci_dev_get(index);
55ed8ca1 1447 if (!hdev)
124f6e35 1448 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1449 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1450
09fd0de5 1451 hci_dev_lock(hdev);
55ed8ca1 1452
a8a1d19e 1453 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1454 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1455 rp.addr.type = cp->addr.type;
a8a1d19e 1456
124f6e35
JH		 1457 if (cp->addr.type == MGMT_ADDR_BREDR)
1458 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1459 else
1460 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1461
55ed8ca1 1462 if (err < 0) {
aee9b218 1463 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1464 goto unlock;
1465 }
1466
a8a1d19e 1467 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1468 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1469 &rp, sizeof(rp));
b1078ad0 1470 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1471 goto unlock;
a8a1d19e 1472 }
55ed8ca1 1473
124f6e35
JH		 1474 if (cp->addr.type == MGMT_ADDR_BREDR)
1475 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1476 &cp->addr.bdaddr);
1477 else
1478 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1479 &cp->addr.bdaddr);
1480
a8a1d19e 1481 if (!conn) {
aee9b218
JH		 1482 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1483 &rp, sizeof(rp));
b1078ad0 1484 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1485 goto unlock;
1486 }
55ed8ca1 1487
124f6e35
JH		 1488 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1489 sizeof(*cp));
a8a1d19e
JH		 1490 if (!cmd) {
1491 err = -ENOMEM;
1492 goto unlock;
55ed8ca1
JH		 1493 }
1494
a8a1d19e
JH		 1495 put_unaligned_le16(conn->handle, &dc.handle);
1496 dc.reason = 0x13; /* Remote User Terminated Connection */
1497 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1498 if (err < 0)
1499 mgmt_pending_remove(cmd);
1500
55ed8ca1 1501unlock:
ca69b795 1502 if (err < 0)
aee9b218
JH		 1503 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1504 &rp, sizeof(rp));
09fd0de5 1505 hci_dev_unlock(hdev);
55ed8ca1
JH		 1506 hci_dev_put(hdev);
1507
1508 return err;
1509}
1510
650f726d 1511static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1512{
1513 struct hci_dev *hdev;
650f726d 1514 struct mgmt_cp_disconnect *cp = data;
8962ee74 1515 struct hci_cp_disconnect dc;
366a0336 1516 struct pending_cmd *cmd;
8962ee74 1517 struct hci_conn *conn;
8962ee74
JH		 1518 int err;
1519
1520 BT_DBG("");
1521
bdce7baf 1522 if (len != sizeof(*cp))
ca69b795
JH		 1523 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1524 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1525
4e51eae9 1526 hdev = hci_dev_get(index);
8962ee74 1527 if (!hdev)
ca69b795
JH		 1528 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1529 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1530
09fd0de5 1531 hci_dev_lock(hdev);
8962ee74
JH		 1532
1533 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1534 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1535 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1536 goto failed;
1537 }
1538
2e58ef3e 1539 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1540 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1541 MGMT_STATUS_BUSY);
8962ee74
JH		 1542 goto failed;
1543 }
1544
88c3df13
JH		 1545 if (cp->addr.type == MGMT_ADDR_BREDR)
1546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1547 else
1548 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1549
8962ee74 1550 if (!conn) {
ca69b795
JH		 1551 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1552 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1553 goto failed;
1554 }
1555
2e58ef3e 1556 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1557 if (!cmd) {
1558 err = -ENOMEM;
8962ee74 1559 goto failed;
366a0336 1560 }
8962ee74
JH		 1561
1562 put_unaligned_le16(conn->handle, &dc.handle);
1563 dc.reason = 0x13; /* Remote User Terminated Connection */
1564
1565 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1566 if (err < 0)
a664b5bc 1567 mgmt_pending_remove(cmd);
8962ee74
JH		 1568
1569failed:
09fd0de5 1570 hci_dev_unlock(hdev);
8962ee74
JH		 1571 hci_dev_put(hdev);
1572
1573 return err;
1574}
1575
48264f06 1576static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1577{
1578 switch (link_type) {
1579 case LE_LINK:
48264f06
JH		 1580 switch (addr_type) {
1581 case ADDR_LE_DEV_PUBLIC:
1582 return MGMT_ADDR_LE_PUBLIC;
1583 case ADDR_LE_DEV_RANDOM:
1584 return MGMT_ADDR_LE_RANDOM;
1585 default:
1586 return MGMT_ADDR_INVALID;
1587 }
4c659c39
JH		 1588 case ACL_LINK:
1589 return MGMT_ADDR_BREDR;
1590 default:
1591 return MGMT_ADDR_INVALID;
1592 }
1593}
1594
8ce6284e 1595static int get_connections(struct sock *sk, u16 index)
2784eb41 1596{
2784eb41
JH		 1597 struct mgmt_rp_get_connections *rp;
1598 struct hci_dev *hdev;
8035ded4 1599 struct hci_conn *c;
a38528f1 1600 size_t rp_len;
4e51eae9 1601 u16 count;
2784eb41
JH		 1602 int i, err;
1603
1604 BT_DBG("");
1605
4e51eae9 1606 hdev = hci_dev_get(index);
2784eb41 1607 if (!hdev)
ca69b795
JH		 1608 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1609 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1610
09fd0de5 1611 hci_dev_lock(hdev);
2784eb41
JH		 1612
1613 count = 0;
b644ba33
JH		 1614 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1615 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1616 count++;
2784eb41
JH		 1617 }
1618
4c659c39 1619 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1620 rp = kmalloc(rp_len, GFP_ATOMIC);
1621 if (!rp) {
2784eb41
JH		 1622 err = -ENOMEM;
1623 goto unlock;
1624 }
1625
2784eb41
JH		 1626 put_unaligned_le16(count, &rp->conn_count);
1627
2784eb41 1628 i = 0;
4c659c39 1629 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1630 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1631 continue;
4c659c39 1632 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1633 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1634 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1635 continue;
1636 i++;
1637 }
1638
1639 /* Recalculate length in case of filtered SCO connections, etc */
1640 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1641
aee9b218 1642 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1643
1644unlock:
a38528f1 1645 kfree(rp);
09fd0de5 1646 hci_dev_unlock(hdev);
2784eb41
JH		 1647 hci_dev_put(hdev);
1648 return err;
1649}
1650
96d97a67
WR		 1651static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1652 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1653{
1654 struct pending_cmd *cmd;
1655 int err;
1656
2e58ef3e 1657 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1658 sizeof(*cp));
1659 if (!cmd)
1660 return -ENOMEM;
1661
d8457698
JH		 1662 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1663 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1664 if (err < 0)
1665 mgmt_pending_remove(cmd);
1666
1667 return err;
1668}
1669
650f726d 1670static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1671{
1672 struct hci_dev *hdev;
96d97a67 1673 struct hci_conn *conn;
650f726d 1674 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1675 struct hci_cp_pin_code_reply reply;
366a0336 1676 struct pending_cmd *cmd;
980e1a53
JH		 1677 int err;
1678
1679 BT_DBG("");
1680
bdce7baf 1681 if (len != sizeof(*cp))
ca69b795
JH		 1682 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1683 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1684
4e51eae9 1685 hdev = hci_dev_get(index);
980e1a53 1686 if (!hdev)
ca69b795
JH		 1687 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1688 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1689
09fd0de5 1690 hci_dev_lock(hdev);
980e1a53 1691
4b34ee78 1692 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1693 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1694 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1695 goto failed;
1696 }
1697
d8457698 1698 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1699 if (!conn) {
ca69b795
JH		 1700 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1701 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1702 goto failed;
1703 }
1704
1705 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1706 struct mgmt_cp_pin_code_neg_reply ncp;
1707
1708 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1709
1710 BT_ERR("PIN code is not 16 bytes long");
1711
1712 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1713 if (err >= 0)
1714 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1715 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1716
1717 goto failed;
1718 }
1719
650f726d
VCG		 1720 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1721 len);
366a0336
JH		 1722 if (!cmd) {
1723 err = -ENOMEM;
980e1a53 1724 goto failed;
366a0336 1725 }
980e1a53 1726
d8457698 1727 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1728 reply.pin_len = cp->pin_len;
24718ca5 1729 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1730
1731 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1732 if (err < 0)
a664b5bc 1733 mgmt_pending_remove(cmd);
980e1a53
JH		 1734
1735failed:
09fd0de5 1736 hci_dev_unlock(hdev);
980e1a53
JH		 1737 hci_dev_put(hdev);
1738
1739 return err;
1740}
1741
650f726d 1742static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1743{
1744 struct hci_dev *hdev;
650f726d 1745 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1746 int err;
1747
1748 BT_DBG("");
1749
bdce7baf
SJ		 1750 if (len != sizeof(*cp))
1751 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1752 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1753
4e51eae9 1754 hdev = hci_dev_get(index);
980e1a53 1755 if (!hdev)
4e51eae9 1756 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1757 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1758
09fd0de5 1759 hci_dev_lock(hdev);
980e1a53 1760
4b34ee78 1761 if (!hdev_is_powered(hdev)) {
4e51eae9 1762 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1763 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1764 goto failed;
1765 }
1766
96d97a67 1767 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1768
1769failed:
09fd0de5 1770 hci_dev_unlock(hdev);
980e1a53
JH		 1771 hci_dev_put(hdev);
1772
1773 return err;
1774}
1775
650f726d 1776static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1777{
1778 struct hci_dev *hdev;
650f726d 1779 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1780
1781 BT_DBG("");
1782
bdce7baf 1783 if (len != sizeof(*cp))
ca69b795
JH		 1784 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1785 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1786
4e51eae9 1787 hdev = hci_dev_get(index);
17fa4b9d 1788 if (!hdev)
ca69b795
JH		 1789 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1790 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1791
09fd0de5 1792 hci_dev_lock(hdev);
17fa4b9d
JH		 1793
1794 hdev->io_capability = cp->io_capability;
1795
1796 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1797 hdev->io_capability);
17fa4b9d 1798
09fd0de5 1799 hci_dev_unlock(hdev);
17fa4b9d
JH		 1800 hci_dev_put(hdev);
1801
aee9b218 1802 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1803}
1804
e9a416b5
JH		 1805static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1806{
1807 struct hci_dev *hdev = conn->hdev;
8035ded4 1808 struct pending_cmd *cmd;
e9a416b5 1809
2e58ef3e 1810 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1811 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1812 continue;
1813
e9a416b5
JH		 1814 if (cmd->user_data != conn)
1815 continue;
1816
1817 return cmd;
1818 }
1819
1820 return NULL;
1821}
1822
1823static void pairing_complete(struct pending_cmd *cmd, u8 status)
1824{
1825 struct mgmt_rp_pair_device rp;
1826 struct hci_conn *conn = cmd->user_data;
1827
ba4e564f
JH		 1828 bacpy(&rp.addr.bdaddr, &conn->dst);
1829 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1830
aee9b218
JH		 1831 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1832 &rp, sizeof(rp));
e9a416b5
JH		 1833
1834 /* So we don't get further callbacks for this connection */
1835 conn->connect_cfm_cb = NULL;
1836 conn->security_cfm_cb = NULL;
1837 conn->disconn_cfm_cb = NULL;
1838
1839 hci_conn_put(conn);
1840
a664b5bc 1841 mgmt_pending_remove(cmd);
e9a416b5
JH		 1842}
1843
1844static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1845{
1846 struct pending_cmd *cmd;
1847
1848 BT_DBG("status %u", status);
1849
1850 cmd = find_pairing(conn);
56e5cb86 1851 if (!cmd)
e9a416b5 1852 BT_DBG("Unable to find a pending command");
56e5cb86 1853 else
e211326c 1854 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1855}
1856
650f726d 1857static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1858{
1859 struct hci_dev *hdev;
650f726d 1860 struct mgmt_cp_pair_device *cp = data;
1425acb7 1861 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1862 struct pending_cmd *cmd;
1863 u8 sec_level, auth_type;
1864 struct hci_conn *conn;
e9a416b5
JH		 1865 int err;
1866
1867 BT_DBG("");
1868
bdce7baf 1869 if (len != sizeof(*cp))
ca69b795
JH		 1870 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1871 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1872
4e51eae9 1873 hdev = hci_dev_get(index);
e9a416b5 1874 if (!hdev)
ca69b795
JH		 1875 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1876 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1877
09fd0de5 1878 hci_dev_lock(hdev);
e9a416b5 1879
c908df36
VCG		 1880 sec_level = BT_SECURITY_MEDIUM;
1881 if (cp->io_cap == 0x03)
e9a416b5 1882 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1883 else
e9a416b5 1884 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1885
ba4e564f
JH		 1886 if (cp->addr.type == MGMT_ADDR_BREDR)
1887 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1888 auth_type);
1889 else
ba4e564f 1890 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1891 auth_type);
1892
1425acb7
JH		 1893 memset(&rp, 0, sizeof(rp));
1894 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1895 rp.addr.type = cp->addr.type;
1896
30e76272 1897 if (IS_ERR(conn)) {
e211326c
JH		 1898 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1899 MGMT_STATUS_CONNECT_FAILED,
1900 &rp, sizeof(rp));
e9a416b5
JH		 1901 goto unlock;
1902 }
1903
1904 if (conn->connect_cfm_cb) {
1905 hci_conn_put(conn);
e211326c
JH		 1906 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1907 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1908 goto unlock;
1909 }
1910
2e58ef3e 1911 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1912 if (!cmd) {
1913 err = -ENOMEM;
1914 hci_conn_put(conn);
1915 goto unlock;
1916 }
1917
7a512d01 1918 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1919 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1920 conn->connect_cfm_cb = pairing_complete_cb;
1921
e9a416b5
JH		 1922 conn->security_cfm_cb = pairing_complete_cb;
1923 conn->disconn_cfm_cb = pairing_complete_cb;
1924 conn->io_capability = cp->io_cap;
1925 cmd->user_data = conn;
1926
1927 if (conn->state == BT_CONNECTED &&
1928 hci_conn_security(conn, sec_level, auth_type))
1929 pairing_complete(cmd, 0);
1930
1931 err = 0;
1932
1933unlock:
09fd0de5 1934 hci_dev_unlock(hdev);
e9a416b5
JH		 1935 hci_dev_put(hdev);
1936
1937 return err;
1938}
1939
28424707
JH		 1940static int cancel_pair_device(struct sock *sk, u16 index,
1941 unsigned char *data, u16 len)
1942{
1943 struct mgmt_addr_info *addr = (void *) data;
1944 struct hci_dev *hdev;
1945 struct pending_cmd *cmd;
1946 struct hci_conn *conn;
1947 int err;
1948
1949 BT_DBG("");
1950
1951 if (len != sizeof(*addr))
1952 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1953 MGMT_STATUS_INVALID_PARAMS);
1954
1955 hdev = hci_dev_get(index);
1956 if (!hdev)
1957 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1958 MGMT_STATUS_INVALID_PARAMS);
1959
1960 hci_dev_lock(hdev);
1961
1962 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1963 if (!cmd) {
1964 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1965 MGMT_STATUS_INVALID_PARAMS);
1966 goto unlock;
1967 }
1968
1969 conn = cmd->user_data;
1970
1971 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1972 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1973 MGMT_STATUS_INVALID_PARAMS);
1974 goto unlock;
1975 }
1976
1977 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1978
aee9b218 1979 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 1980 sizeof(*addr));
1981unlock:
1982 hci_dev_unlock(hdev);
1983 hci_dev_put(hdev);
1984
1985 return err;
1986}
1987
0df4c185 1988static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1989 u8 type, u16 mgmt_op, u16 hci_op,
1990 __le32 passkey)
a5c29683 1991{
a5c29683
JH		 1992 struct pending_cmd *cmd;
1993 struct hci_dev *hdev;
0df4c185 1994 struct hci_conn *conn;
a5c29683
JH		 1995 int err;
1996
4e51eae9 1997 hdev = hci_dev_get(index);
a5c29683 1998 if (!hdev)
ca69b795
JH		 1999 return cmd_status(sk, index, mgmt_op,
2000 MGMT_STATUS_INVALID_PARAMS);
a5c29683 2001
09fd0de5 2002 hci_dev_lock(hdev);
08ba5382 2003
4b34ee78 2004 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 2005 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2006 goto done;
a5c29683
JH		 2007 }
2008
272d90df
JH		 2009 if (type == MGMT_ADDR_BREDR)
2010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2011 else
47c15e2b 2012 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2013
2014 if (!conn) {
2015 err = cmd_status(sk, index, mgmt_op,
47c15e2b 2016 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2017 goto done;
2018 }
47c15e2b 2019
272d90df 2020 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2021 /* Continue with pairing via SMP */
5fe57d9e
BG		 2022 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2023
2024 if (!err)
2025 err = cmd_status(sk, index, mgmt_op,
2026 MGMT_STATUS_SUCCESS);
2027 else
2028 err = cmd_status(sk, index, mgmt_op,
2029 MGMT_STATUS_FAILED);
47c15e2b 2030
47c15e2b
BG		 2031 goto done;
2032 }
2033
0df4c185 2034 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2035 if (!cmd) {
2036 err = -ENOMEM;
0df4c185 2037 goto done;
a5c29683
JH		 2038 }
2039
0df4c185 2040 /* Continue with pairing via HCI */
604086b7
BG		 2041 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2042 struct hci_cp_user_passkey_reply cp;
2043
2044 bacpy(&cp.bdaddr, bdaddr);
2045 cp.passkey = passkey;
2046 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2047 } else
2048 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2049
a664b5bc
JH		 2050 if (err < 0)
2051 mgmt_pending_remove(cmd);
a5c29683 2052
0df4c185 2053done:
09fd0de5 2054 hci_dev_unlock(hdev);
a5c29683
JH		 2055 hci_dev_put(hdev);
2056
2057 return err;
2058}
2059
0df4c185
BG		 2060static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2061{
650f726d 2062 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2063
2064 BT_DBG("");
2065
2066 if (len != sizeof(*cp))
2067 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2068 MGMT_STATUS_INVALID_PARAMS);
2069
272d90df
JH		 2070 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2071 MGMT_OP_USER_CONFIRM_REPLY,
2072 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2073}
2074
2075static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2076 u16 len)
2077{
c9c2659f 2078 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2079
2080 BT_DBG("");
2081
2082 if (len != sizeof(*cp))
2083 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2084 MGMT_STATUS_INVALID_PARAMS);
2085
272d90df
JH		 2086 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2087 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2088 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2089}
2090
604086b7
BG		 2091static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2092{
650f726d 2093 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2094
2095 BT_DBG("");
2096
2097 if (len != sizeof(*cp))
2098 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2099 EINVAL);
2100
272d90df
JH		 2101 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2102 MGMT_OP_USER_PASSKEY_REPLY,
2103 HCI_OP_USER_PASSKEY_REPLY,
2104 cp->passkey);
604086b7
BG		 2105}
2106
2107static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2108 u16 len)
2109{
650f726d 2110 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2111
2112 BT_DBG("");
2113
2114 if (len != sizeof(*cp))
2115 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2116 EINVAL);
2117
272d90df
JH		 2118 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2119 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2120 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2121}
2122
650f726d 2123static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2124 u16 len)
2125{
650f726d 2126 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2127 struct hci_cp_write_local_name hci_cp;
2128 struct hci_dev *hdev;
2129 struct pending_cmd *cmd;
2130 int err;
2131
2132 BT_DBG("");
2133
2134 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2135 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2136 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2137
2138 hdev = hci_dev_get(index);
2139 if (!hdev)
ca69b795
JH		 2140 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2141 MGMT_STATUS_INVALID_PARAMS);
b312b161 2142
09fd0de5 2143 hci_dev_lock(hdev);
b312b161 2144
b5235a65
JH		 2145 if (!hdev_is_powered(hdev)) {
2146 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2147 MGMT_STATUS_NOT_POWERED);
2148 goto failed;
2149 }
2150
650f726d
VCG		 2151 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2152 len);
b312b161
JH		 2153 if (!cmd) {
2154 err = -ENOMEM;
2155 goto failed;
2156 }
2157
2158 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2159 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2160 &hci_cp);
2161 if (err < 0)
2162 mgmt_pending_remove(cmd);
2163
2164failed:
09fd0de5 2165 hci_dev_unlock(hdev);
b312b161
JH		 2166 hci_dev_put(hdev);
2167
2168 return err;
2169}
2170
c35938b2
SJ		 2171static int read_local_oob_data(struct sock *sk, u16 index)
2172{
2173 struct hci_dev *hdev;
2174 struct pending_cmd *cmd;
2175 int err;
2176
2177 BT_DBG("hci%u", index);
2178
2179 hdev = hci_dev_get(index);
2180 if (!hdev)
2181 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2182 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2183
09fd0de5 2184 hci_dev_lock(hdev);
c35938b2 2185
4b34ee78 2186 if (!hdev_is_powered(hdev)) {
c35938b2 2187 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2188 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2189 goto unlock;
2190 }
2191
2192 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2193 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2194 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2195 goto unlock;
2196 }
2197
2e58ef3e 2198 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2199 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2200 MGMT_STATUS_BUSY);
c35938b2
SJ		 2201 goto unlock;
2202 }
2203
2e58ef3e 2204 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2205 if (!cmd) {
2206 err = -ENOMEM;
2207 goto unlock;
2208 }
2209
2210 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2211 if (err < 0)
2212 mgmt_pending_remove(cmd);
2213
2214unlock:
09fd0de5 2215 hci_dev_unlock(hdev);
c35938b2
SJ		 2216 hci_dev_put(hdev);
2217
2218 return err;
2219}
2220
650f726d
VCG		 2221static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2222 u16 len)
2763eda6
SJ		 2223{
2224 struct hci_dev *hdev;
650f726d 2225 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2226 u8 status;
2763eda6
SJ		 2227 int err;
2228
2229 BT_DBG("hci%u ", index);
2230
2231 if (len != sizeof(*cp))
2232 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2233 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2234
2235 hdev = hci_dev_get(index);
2236 if (!hdev)
bf1e3541
JH		 2237 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2238 MGMT_STATUS_INVALID_PARAMS,
2239 &cp->addr, sizeof(cp->addr));
2763eda6 2240
09fd0de5 2241 hci_dev_lock(hdev);
2763eda6 2242
664ce4cc 2243 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2244 cp->randomizer);
2245 if (err < 0)
bf1e3541 2246 status = MGMT_STATUS_FAILED;
2763eda6 2247 else
bf1e3541
JH		 2248 status = 0;
2249
2250 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2251 &cp->addr, sizeof(cp->addr));
2763eda6 2252
09fd0de5 2253 hci_dev_unlock(hdev);
2763eda6
SJ		 2254 hci_dev_put(hdev);
2255
2256 return err;
2257}
2258
2259static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2260 void *data, u16 len)
2763eda6
SJ		 2261{
2262 struct hci_dev *hdev;
650f726d 2263 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2264 u8 status;
2763eda6
SJ		 2265 int err;
2266
2267 BT_DBG("hci%u ", index);
2268
2269 if (len != sizeof(*cp))
2270 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2271 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2272
2273 hdev = hci_dev_get(index);
2274 if (!hdev)
bf1e3541
JH		 2275 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2276 MGMT_STATUS_INVALID_PARAMS,
2277 &cp->addr, sizeof(cp->addr));
2763eda6 2278
09fd0de5 2279 hci_dev_lock(hdev);
2763eda6 2280
664ce4cc 2281 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2282 if (err < 0)
bf1e3541 2283 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2284 else
bf1e3541
JH		 2285 status = 0;
2286
2287 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2288 &cp->addr, sizeof(cp->addr));
2763eda6 2289
09fd0de5 2290 hci_dev_unlock(hdev);
2763eda6
SJ		 2291 hci_dev_put(hdev);
2292
2293 return err;
2294}
2295
5e0452c0
AG		 2296static int discovery(struct hci_dev *hdev)
2297{
2298 int err;
2299
2300 if (lmp_host_le_capable(hdev)) {
2301 if (lmp_bredr_capable(hdev)) {
2302 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2303 LE_SCAN_INT, LE_SCAN_WIN,
2304 LE_SCAN_TIMEOUT_BREDR_LE);
2305 } else {
2306 hdev->discovery.type = DISCOV_TYPE_LE;
2307 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2308 LE_SCAN_INT, LE_SCAN_WIN,
2309 LE_SCAN_TIMEOUT_LE_ONLY);
2310 }
2311 } else {
2312 hdev->discovery.type = DISCOV_TYPE_BREDR;
2313 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2314 }
2315
2316 return err;
2317}
2318
2319int mgmt_interleaved_discovery(struct hci_dev *hdev)
2320{
2321 int err;
2322
2323 BT_DBG("%s", hdev->name);
2324
2325 hci_dev_lock(hdev);
2326
2327 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2328 if (err < 0)
2329 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2330
2331 hci_dev_unlock(hdev);
2332
2333 return err;
2334}
2335
450dfdaf 2336static int start_discovery(struct sock *sk, u16 index,
650f726d 2337 void *data, u16 len)
14a53664 2338{
650f726d 2339 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2340 struct pending_cmd *cmd;
2341 struct hci_dev *hdev;
2342 int err;
2343
2344 BT_DBG("hci%u", index);
2345
450dfdaf
JH		 2346 if (len != sizeof(*cp))
2347 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2348 MGMT_STATUS_INVALID_PARAMS);
2349
14a53664
JH		 2350 hdev = hci_dev_get(index);
2351 if (!hdev)
ca69b795
JH		 2352 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2353 MGMT_STATUS_INVALID_PARAMS);
14a53664 2354
09fd0de5 2355 hci_dev_lock(hdev);
14a53664 2356
4b34ee78 2357 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2358 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2359 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2360 goto failed;
2361 }
2362
ff9ef578
JH		 2363 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2364 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2365 MGMT_STATUS_BUSY);
2366 goto failed;
2367 }
2368
2e58ef3e 2369 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2370 if (!cmd) {
2371 err = -ENOMEM;
2372 goto failed;
2373 }
2374
4aab14e5
AG		 2375 hdev->discovery.type = cp->type;
2376
2377 switch (hdev->discovery.type) {
f39799f5 2378 case DISCOV_TYPE_BREDR:
3fd24153 2379 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2380 break;
2381
2382 case DISCOV_TYPE_LE:
3fd24153
AG		 2383 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2384 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2385 break;
2386
5e0452c0
AG		 2387 case DISCOV_TYPE_INTERLEAVED:
2388 err = discovery(hdev);
2389 break;
2390
f39799f5 2391 default:
3fd24153 2392 err = -EINVAL;
f39799f5 2393 }
3fd24153 2394
14a53664
JH		 2395 if (err < 0)
2396 mgmt_pending_remove(cmd);
ff9ef578
JH		 2397 else
2398 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2399
2400failed:
09fd0de5 2401 hci_dev_unlock(hdev);
14a53664
JH		 2402 hci_dev_put(hdev);
2403
2404 return err;
2405}
2406
d930650b 2407static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2408{
d930650b 2409 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2410 struct hci_dev *hdev;
2411 struct pending_cmd *cmd;
30dc78e1
JH		 2412 struct hci_cp_remote_name_req_cancel cp;
2413 struct inquiry_entry *e;
14a53664
JH		 2414 int err;
2415
2416 BT_DBG("hci%u", index);
2417
d930650b
JH		 2418 if (len != sizeof(*mgmt_cp))
2419 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2420 MGMT_STATUS_INVALID_PARAMS);
2421
14a53664
JH		 2422 hdev = hci_dev_get(index);
2423 if (!hdev)
ca69b795
JH		 2424 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2425 MGMT_STATUS_INVALID_PARAMS);
14a53664 2426
09fd0de5 2427 hci_dev_lock(hdev);
14a53664 2428
30dc78e1 2429 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2430 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2431 MGMT_STATUS_REJECTED,
2432 &mgmt_cp->type, sizeof(mgmt_cp->type));
2433 goto unlock;
2434 }
2435
2436 if (hdev->discovery.type != mgmt_cp->type) {
2437 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2438 MGMT_STATUS_INVALID_PARAMS,
2439 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2440 goto unlock;
ff9ef578
JH		 2441 }
2442
2e58ef3e 2443 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2444 if (!cmd) {
2445 err = -ENOMEM;
30dc78e1
JH		 2446 goto unlock;
2447 }
2448
343f935b 2449 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2450 err = hci_cancel_inquiry(hdev);
2451 if (err < 0)
2452 mgmt_pending_remove(cmd);
2453 else
2454 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2455 goto unlock;
2456 }
2457
2458 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2459 if (!e) {
2460 mgmt_pending_remove(cmd);
aee9b218 2461 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2462 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2463 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2464 goto unlock;
14a53664
JH		 2465 }
2466
30dc78e1
JH		 2467 bacpy(&cp.bdaddr, &e->data.bdaddr);
2468 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2469 sizeof(cp), &cp);
14a53664
JH		 2470 if (err < 0)
2471 mgmt_pending_remove(cmd);
ff9ef578
JH		 2472 else
2473 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2474
30dc78e1 2475unlock:
09fd0de5 2476 hci_dev_unlock(hdev);
14a53664
JH		 2477 hci_dev_put(hdev);
2478
2479 return err;
2480}
2481
650f726d 2482static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2483{
650f726d 2484 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2485 struct inquiry_entry *e;
2486 struct hci_dev *hdev;
2487 int err;
2488
2489 BT_DBG("hci%u", index);
2490
2491 if (len != sizeof(*cp))
2492 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2493 MGMT_STATUS_INVALID_PARAMS);
2494
2495 hdev = hci_dev_get(index);
2496 if (!hdev)
2497 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2498 MGMT_STATUS_INVALID_PARAMS);
2499
2500 hci_dev_lock(hdev);
2501
30dc78e1
JH		 2502 if (!hci_discovery_active(hdev)) {
2503 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2504 MGMT_STATUS_FAILED);
2505 goto failed;
2506 }
2507
a198e7b1 2508 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc
JH		 2509 if (!e) {
2510 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2511 MGMT_STATUS_INVALID_PARAMS);
2512 goto failed;
2513 }
2514
2515 if (cp->name_known) {
2516 e->name_state = NAME_KNOWN;
2517 list_del(&e->list);
2518 } else {
2519 e->name_state = NAME_NEEDED;
a3d4e20a 2520 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2521 }
2522
2523 err = 0;
2524
2525failed:
2526 hci_dev_unlock(hdev);
2527
2528 return err;
2529}
2530
650f726d 2531static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2532{
2533 struct hci_dev *hdev;
650f726d 2534 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2535 u8 status;
7fbec224
AJ		 2536 int err;
2537
2538 BT_DBG("hci%u", index);
2539
7fbec224
AJ		 2540 if (len != sizeof(*cp))
2541 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2542 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2543
2544 hdev = hci_dev_get(index);
2545 if (!hdev)
f0eeea8b
JH		 2546 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2547 MGMT_STATUS_INVALID_PARAMS,
2548 &cp->addr, sizeof(cp->addr));
7fbec224 2549
09fd0de5 2550 hci_dev_lock(hdev);
5e762444 2551
88c1fe4b 2552 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2553 if (err < 0)
f0eeea8b 2554 status = MGMT_STATUS_FAILED;
7fbec224 2555 else
f0eeea8b
JH		 2556 status = 0;
2557
2558 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2559 &cp->addr, sizeof(cp->addr));
5e762444 2560
09fd0de5 2561 hci_dev_unlock(hdev);
7fbec224
AJ		 2562 hci_dev_put(hdev);
2563
2564 return err;
2565}
2566
650f726d 2567static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2568{
2569 struct hci_dev *hdev;
650f726d 2570 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2571 u8 status;
7fbec224
AJ		 2572 int err;
2573
2574 BT_DBG("hci%u", index);
2575
7fbec224
AJ		 2576 if (len != sizeof(*cp))
2577 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2578 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2579
2580 hdev = hci_dev_get(index);
2581 if (!hdev)
f0eeea8b
JH		 2582 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2583 MGMT_STATUS_INVALID_PARAMS,
2584 &cp->addr, sizeof(cp->addr));
7fbec224 2585
09fd0de5 2586 hci_dev_lock(hdev);
5e762444 2587
88c1fe4b 2588 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2589 if (err < 0)
f0eeea8b 2590 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2591 else
f0eeea8b
JH		 2592 status = 0;
2593
2594 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2595 &cp->addr, sizeof(cp->addr));
5e762444 2596
09fd0de5 2597 hci_dev_unlock(hdev);
7fbec224
AJ		 2598 hci_dev_put(hdev);
2599
2600 return err;
2601}
2602
f6422ec6 2603static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2604 void *data, u16 len)
f6422ec6
AJ		 2605{
2606 struct hci_dev *hdev;
650f726d 2607 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2608 struct hci_cp_write_page_scan_activity acp;
2609 u8 type;
2610 int err;
2611
2612 BT_DBG("hci%u", index);
2613
2614 if (len != sizeof(*cp))
2615 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2616 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2617
2618 hdev = hci_dev_get(index);
2619 if (!hdev)
2620 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2621 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2622 if (!hdev_is_powered(hdev))
2623 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2624 MGMT_STATUS_NOT_POWERED);
2625
2626 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2627 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2628 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2629
2630 hci_dev_lock(hdev);
2631
f7c6869c 2632 if (cp->val) {
f6422ec6
AJ		 2633 type = PAGE_SCAN_TYPE_INTERLACED;
2634 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2635 } else {
2636 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2637 acp.interval = 0x0800; /* default 1.28 sec page scan */
2638 }
2639
2640 acp.window = 0x0012; /* default 11.25 msec page scan window */
2641
2642 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2643 sizeof(acp), &acp);
2644 if (err < 0) {
2645 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2646 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2647 goto done;
2648 }
2649
2650 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2651 if (err < 0) {
2652 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2653 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2654 goto done;
2655 }
2656
aee9b218
JH		 2657 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2658 NULL, 0);
f6422ec6
AJ		 2659done:
2660 hci_dev_unlock(hdev);
2661 hci_dev_put(hdev);
2662
2663 return err;
2664}
2665
346af67b
VCG		 2666static int load_long_term_keys(struct sock *sk, u16 index,
2667 void *cp_data, u16 len)
2668{
2669 struct hci_dev *hdev;
2670 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2671 u16 key_count, expected_len;
2672 int i;
2673
2674 if (len < sizeof(*cp))
2675 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2676 EINVAL);
2677
2678 key_count = get_unaligned_le16(&cp->key_count);
2679
2680 expected_len = sizeof(*cp) + key_count *
2681 sizeof(struct mgmt_ltk_info);
2682 if (expected_len != len) {
2683 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2684 len, expected_len);
2685 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2686 EINVAL);
2687 }
2688
2689 hdev = hci_dev_get(index);
2690 if (!hdev)
2691 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2692 ENODEV);
2693
2694 BT_DBG("hci%u key_count %u", index, key_count);
2695
2696 hci_dev_lock(hdev);
2697
2698 hci_smp_ltks_clear(hdev);
2699
2700 for (i = 0; i < key_count; i++) {
2701 struct mgmt_ltk_info *key = &cp->keys[i];
2702 u8 type;
2703
2704 if (key->master)
2705 type = HCI_SMP_LTK;
2706 else
2707 type = HCI_SMP_LTK_SLAVE;
2708
2709 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2710 type, 0, key->authenticated, key->val,
2711 key->enc_size, key->ediv, key->rand);
2712 }
2713
2714 hci_dev_unlock(hdev);
2715 hci_dev_put(hdev);
2716
2717 return 0;
2718}
2719
0381101f
JH		 2720int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2721{
650f726d
VCG		 2722 void *buf;
2723 u8 *cp;
0381101f 2724 struct mgmt_hdr *hdr;
4e51eae9 2725 u16 opcode, index, len;
0381101f
JH		 2726 int err;
2727
2728 BT_DBG("got %zu bytes", msglen);
2729
2730 if (msglen < sizeof(*hdr))
2731 return -EINVAL;
2732
e63a15ec 2733 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2734 if (!buf)
2735 return -ENOMEM;
2736
2737 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2738 err = -EFAULT;
2739 goto done;
2740 }
2741
650f726d 2742 hdr = buf;
0381101f 2743 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2744 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2745 len = get_unaligned_le16(&hdr->len);
2746
2747 if (len != msglen - sizeof(*hdr)) {
2748 err = -EINVAL;
2749 goto done;
2750 }
2751
650f726d
VCG		 2752 cp = buf + sizeof(*hdr);
2753
0381101f 2754 switch (opcode) {
02d98129
JH		 2755 case MGMT_OP_READ_VERSION:
2756 err = read_version(sk);
2757 break;
e70bb2e8
JH		 2758 case MGMT_OP_READ_COMMANDS:
2759 err = read_commands(sk);
2760 break;
faba42eb
JH		 2761 case MGMT_OP_READ_INDEX_LIST:
2762 err = read_index_list(sk);
2763 break;
f7b64e69 2764 case MGMT_OP_READ_INFO:
4e51eae9 2765 err = read_controller_info(sk, index);
f7b64e69 2766 break;
eec8d2bc 2767 case MGMT_OP_SET_POWERED:
650f726d 2768 err = set_powered(sk, index, cp, len);
eec8d2bc 2769 break;
73f22f62 2770 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2771 err = set_discoverable(sk, index, cp, len);
73f22f62 2772 break;
9fbcbb45 2773 case MGMT_OP_SET_CONNECTABLE:
650f726d 2774 err = set_connectable(sk, index, cp, len);
9fbcbb45 2775 break;
f7c6869c 2776 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2777 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2778 break;
c542a06c 2779 case MGMT_OP_SET_PAIRABLE:
650f726d 2780 err = set_pairable(sk, index, cp, len);
c542a06c 2781 break;
33ef95ed
JH		 2782 case MGMT_OP_SET_LINK_SECURITY:
2783 err = set_link_security(sk, index, cp, len);
2784 break;
ed2c4ee3
JH		 2785 case MGMT_OP_SET_SSP:
2786 err = set_ssp(sk, index, cp, len);
2787 break;
6d80dfd0
JH		 2788 case MGMT_OP_SET_HS:
2789 err = set_hs(sk, index, cp, len);
2790 break;
2aeb9a1a 2791 case MGMT_OP_ADD_UUID:
650f726d 2792 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2793 break;
2794 case MGMT_OP_REMOVE_UUID:
650f726d 2795 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2796 break;
1aff6f09 2797 case MGMT_OP_SET_DEV_CLASS:
650f726d 2798 err = set_dev_class(sk, index, cp, len);
1aff6f09 2799 break;
86742e1e 2800 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2801 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2802 break;
8962ee74 2803 case MGMT_OP_DISCONNECT:
650f726d 2804 err = disconnect(sk, index, cp, len);
8962ee74 2805 break;
2784eb41 2806 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2807 err = get_connections(sk, index);
2784eb41 2808 break;
980e1a53 2809 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2810 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2811 break;
2812 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2813 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2814 break;
17fa4b9d 2815 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2816 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2817 break;
e9a416b5 2818 case MGMT_OP_PAIR_DEVICE:
650f726d 2819 err = pair_device(sk, index, cp, len);
e9a416b5 2820 break;
28424707
JH		 2821 case MGMT_OP_CANCEL_PAIR_DEVICE:
2822 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2823 break;
124f6e35
JH		 2824 case MGMT_OP_UNPAIR_DEVICE:
2825 err = unpair_device(sk, index, cp, len);
2826 break;
a5c29683 2827 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2828 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2829 break;
2830 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2831 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2832 break;
604086b7 2833 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2834 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2835 break;
2836 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2837 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2838 break;
b312b161 2839 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2840 err = set_local_name(sk, index, cp, len);
b312b161 2841 break;
c35938b2
SJ		 2842 case MGMT_OP_READ_LOCAL_OOB_DATA:
2843 err = read_local_oob_data(sk, index);
2844 break;
2763eda6 2845 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2846 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2847 break;
2848 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2849 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2850 break;
14a53664 2851 case MGMT_OP_START_DISCOVERY:
650f726d 2852 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2853 break;
2854 case MGMT_OP_STOP_DISCOVERY:
d930650b 2855 err = stop_discovery(sk, index, cp, len);
14a53664 2856 break;
561aafbc 2857 case MGMT_OP_CONFIRM_NAME:
650f726d 2858 err = confirm_name(sk, index, cp, len);
561aafbc 2859 break;
7fbec224 2860 case MGMT_OP_BLOCK_DEVICE:
650f726d 2861 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2862 break;
2863 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2864 err = unblock_device(sk, index, cp, len);
7fbec224 2865 break;
346af67b
VCG		 2866 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2867 err = load_long_term_keys(sk, index, cp, len);
2868 break;
0381101f
JH		 2869 default:
2870 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2871 err = cmd_status(sk, index, opcode,
2872 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2873 break;
2874 }
2875
e41d8b4e
JH		 2876 if (err < 0)
2877 goto done;
2878
0381101f
JH		 2879 err = msglen;
2880
2881done:
2882 kfree(buf);
2883 return err;
2884}
c71e97bf 2885
b24752fe
JH		 2886static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2887{
2888 u8 *status = data;
2889
2890 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2891 mgmt_pending_remove(cmd);
2892}
2893
744cf19e 2894int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2895{
744cf19e 2896 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2897}
2898
744cf19e 2899int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2900{
b24752fe
JH		 2901 u8 status = ENODEV;
2902
744cf19e 2903 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2904
744cf19e 2905 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2906}
2907
73f22f62 2908struct cmd_lookup {
eec8d2bc 2909 struct sock *sk;
69ab39ea 2910 struct hci_dev *hdev;
eec8d2bc
JH		 2911};
2912
69ab39ea 2913static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2914{
73f22f62 2915 struct cmd_lookup *match = data;
eec8d2bc 2916
69ab39ea 2917 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2918
2919 list_del(&cmd->list);
2920
2921 if (match->sk == NULL) {
2922 match->sk = cmd->sk;
2923 sock_hold(match->sk);
2924 }
2925
2926 mgmt_pending_free(cmd);
c71e97bf 2927}
5add6af8 2928
744cf19e 2929int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2930{
76a7f3a4 2931 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2932 int err;
5add6af8 2933
5e5282bb
JH		 2934 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2935 return 0;
2936
69ab39ea 2937 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2938
5e5282bb
JH		 2939 if (powered) {
2940 u8 scan = 0;
2941
2942 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2943 scan |= SCAN_PAGE;
2944 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2945 scan |= SCAN_INQUIRY;
2946
2947 if (scan)
2948 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2949 } else {
b24752fe 2950 u8 status = ENETDOWN;
744cf19e 2951 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2952 }
2953
beadb2bd 2954 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2955
2956 if (match.sk)
2957 sock_put(match.sk);
2958
7bb895d6 2959 return err;
5add6af8 2960}
73f22f62 2961
744cf19e 2962int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2963{
76a7f3a4 2964 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2965 bool changed = false;
2966 int err = 0;
73f22f62 2967
69ab39ea 2968 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2969
5e5282bb
JH		 2970 if (discoverable) {
2971 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2972 changed = true;
2973 } else {
2974 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2975 changed = true;
2976 }
73f22f62 2977
beadb2bd
JH		 2978 if (changed)
2979 err = new_settings(hdev, match.sk);
5e5282bb 2980
73f22f62
JH		 2981 if (match.sk)
2982 sock_put(match.sk);
2983
7bb895d6 2984 return err;
73f22f62 2985}
9fbcbb45 2986
744cf19e 2987int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2988{
76a7f3a4 2989 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2990 bool changed = false;
2991 int err = 0;
9fbcbb45 2992
69ab39ea
JH		 2993 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2994 &match);
9fbcbb45 2995
5e5282bb
JH		 2996 if (connectable) {
2997 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2998 changed = true;
2999 } else {
3000 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3001 changed = true;
3002 }
9fbcbb45 3003
beadb2bd
JH		 3004 if (changed)
3005 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3006
3007 if (match.sk)
3008 sock_put(match.sk);
3009
7bb895d6 3010 return err;
9fbcbb45 3011}
55ed8ca1 3012
744cf19e 3013int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3014{
ca69b795
JH		 3015 u8 mgmt_err = mgmt_status(status);
3016
2d7cee58 3017 if (scan & SCAN_PAGE)
744cf19e 3018 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 3019 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3020
3021 if (scan & SCAN_INQUIRY)
744cf19e 3022 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 3023 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3024
3025 return 0;
3026}
3027
744cf19e
JH		 3028int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3029 u8 persistent)
55ed8ca1 3030{
86742e1e 3031 struct mgmt_ev_new_link_key ev;
55ed8ca1 3032
a492cd52 3033 memset(&ev, 0, sizeof(ev));
55ed8ca1 3034
a492cd52 3035 ev.store_hint = persistent;
d753fdc4
JH		 3036 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3037 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 3038 ev.key.type = key->type;
3039 memcpy(ev.key.val, key->val, 16);
3040 ev.key.pin_len = key->pin_len;
55ed8ca1 3041
744cf19e 3042 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3043}
f7520543 3044
346af67b
VCG		 3045int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3046{
3047 struct mgmt_ev_new_long_term_key ev;
3048
3049 memset(&ev, 0, sizeof(ev));
3050
3051 ev.store_hint = persistent;
3052 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3053 ev.key.addr.type = key->bdaddr_type;
3054 ev.key.authenticated = key->authenticated;
3055 ev.key.enc_size = key->enc_size;
3056 ev.key.ediv = key->ediv;
3057
3058 if (key->type == HCI_SMP_LTK)
3059 ev.key.master = 1;
3060
3061 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3062 memcpy(ev.key.val, key->val, sizeof(key->val));
3063
3064 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3065 &ev, sizeof(ev), NULL);
3066}
3067
afc747a6 3068int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 3069 u8 addr_type, u8 *name, u8 name_len,
3070 u8 *dev_class)
f7520543 3071{
b644ba33
JH		 3072 char buf[512];
3073 struct mgmt_ev_device_connected *ev = (void *) buf;
3074 u16 eir_len = 0;
f7520543 3075
b644ba33
JH		 3076 bacpy(&ev->addr.bdaddr, bdaddr);
3077 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3078
b644ba33
JH		 3079 if (name_len > 0)
3080 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3081 name, name_len);
3082
3083 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3084 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3085 EIR_CLASS_OF_DEV, dev_class, 3);
3086
3087 put_unaligned_le16(eir_len, &ev->eir_len);
3088
3089 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3090 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3091}
3092
8962ee74
JH		 3093static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3094{
c68fb7ff 3095 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3096 struct sock **sk = data;
a38528f1 3097 struct mgmt_rp_disconnect rp;
8962ee74 3098
88c3df13
JH		 3099 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3100 rp.addr.type = cp->addr.type;
8962ee74 3101
aee9b218
JH		 3102 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3103 sizeof(rp));
8962ee74
JH		 3104
3105 *sk = cmd->sk;
3106 sock_hold(*sk);
3107
a664b5bc 3108 mgmt_pending_remove(cmd);
8962ee74
JH		 3109}
3110
124f6e35 3111static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3112{
b1078ad0 3113 struct hci_dev *hdev = data;
124f6e35
JH		 3114 struct mgmt_cp_unpair_device *cp = cmd->param;
3115 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3116
3117 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3118 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3119 rp.addr.type = cp->addr.type;
a8a1d19e 3120
b1078ad0
JH		 3121 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3122
aee9b218 3123 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3124
3125 mgmt_pending_remove(cmd);
3126}
3127
afc747a6
JH		 3128int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3129 u8 link_type, u8 addr_type)
f7520543 3130{
4c659c39 3131 struct mgmt_addr_info ev;
8962ee74
JH		 3132 struct sock *sk = NULL;
3133 int err;
3134
744cf19e 3135 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3136
f7520543 3137 bacpy(&ev.bdaddr, bdaddr);
48264f06 3138 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3139
afc747a6
JH		 3140 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3141 sk);
8962ee74
JH		 3142
3143 if (sk)
3144 sock_put(sk);
3145
124f6e35 3146 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3147 hdev);
a8a1d19e 3148
8962ee74
JH		 3149 return err;
3150}
3151
88c3df13
JH		 3152int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3153 u8 link_type, u8 addr_type, u8 status)
8962ee74 3154{
88c3df13 3155 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3156 struct pending_cmd *cmd;
3157 int err;
3158
2e58ef3e 3159 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3160 if (!cmd)
3161 return -ENOENT;
3162
88c3df13
JH		 3163 bacpy(&rp.addr.bdaddr, bdaddr);
3164 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3165
88c3df13 3166 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3167 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3168
a664b5bc 3169 mgmt_pending_remove(cmd);
8962ee74 3170
b1078ad0
JH		 3171 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3172 hdev);
8962ee74 3173 return err;
f7520543 3174}
17d5c04c 3175
48264f06
JH		 3176int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3177 u8 addr_type, u8 status)
17d5c04c
JH		 3178{
3179 struct mgmt_ev_connect_failed ev;
3180
4c659c39 3181 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3182 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3183 ev.status = mgmt_status(status);
17d5c04c 3184
744cf19e 3185 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3186}
980e1a53 3187
744cf19e 3188int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3189{
3190 struct mgmt_ev_pin_code_request ev;
3191
d8457698
JH		 3192 bacpy(&ev.addr.bdaddr, bdaddr);
3193 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3194 ev.secure = secure;
980e1a53 3195
744cf19e 3196 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3197 NULL);
980e1a53
JH		 3198}
3199
744cf19e
JH		 3200int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3201 u8 status)
980e1a53
JH		 3202{
3203 struct pending_cmd *cmd;
ac56fb13 3204 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3205 int err;
3206
2e58ef3e 3207 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3208 if (!cmd)
3209 return -ENOENT;
3210
d8457698
JH		 3211 bacpy(&rp.addr.bdaddr, bdaddr);
3212 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3213
aee9b218
JH		 3214 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3215 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3216
a664b5bc 3217 mgmt_pending_remove(cmd);
980e1a53
JH		 3218
3219 return err;
3220}
3221
744cf19e
JH		 3222int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3223 u8 status)
980e1a53
JH		 3224{
3225 struct pending_cmd *cmd;
ac56fb13 3226 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3227 int err;
3228
2e58ef3e 3229 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3230 if (!cmd)
3231 return -ENOENT;
3232
d8457698
JH		 3233 bacpy(&rp.addr.bdaddr, bdaddr);
3234 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3235
aee9b218
JH		 3236 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3237 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3238
a664b5bc 3239 mgmt_pending_remove(cmd);
980e1a53
JH		 3240
3241 return err;
3242}
a5c29683 3243
744cf19e 3244int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3245 u8 link_type, u8 addr_type, __le32 value,
3246 u8 confirm_hint)
a5c29683
JH		 3247{
3248 struct mgmt_ev_user_confirm_request ev;
3249
744cf19e 3250 BT_DBG("%s", hdev->name);
a5c29683 3251
272d90df
JH		 3252 bacpy(&ev.addr.bdaddr, bdaddr);
3253 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3254 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3255 put_unaligned_le32(value, &ev.value);
3256
744cf19e 3257 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3258 NULL);
a5c29683
JH		 3259}
3260
272d90df
JH		 3261int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3262 u8 link_type, u8 addr_type)
604086b7
BG		 3263{
3264 struct mgmt_ev_user_passkey_request ev;
3265
3266 BT_DBG("%s", hdev->name);
3267
272d90df
JH		 3268 bacpy(&ev.addr.bdaddr, bdaddr);
3269 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3270
3271 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3272 NULL);
3273}
3274
0df4c185 3275static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3276 u8 link_type, u8 addr_type, u8 status,
3277 u8 opcode)
a5c29683
JH		 3278{
3279 struct pending_cmd *cmd;
3280 struct mgmt_rp_user_confirm_reply rp;
3281 int err;
3282
2e58ef3e 3283 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3284 if (!cmd)
3285 return -ENOENT;
3286
272d90df
JH		 3287 bacpy(&rp.addr.bdaddr, bdaddr);
3288 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3289 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3290 &rp, sizeof(rp));
a5c29683 3291
a664b5bc 3292 mgmt_pending_remove(cmd);
a5c29683
JH		 3293
3294 return err;
3295}
3296
744cf19e 3297int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3298 u8 link_type, u8 addr_type, u8 status)
a5c29683 3299{
272d90df
JH		 3300 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3301 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3302}
3303
272d90df
JH		 3304int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3305 u8 link_type, u8 addr_type, u8 status)
a5c29683 3306{
272d90df
JH		 3307 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3308 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3309}
2a611692 3310
604086b7 3311int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3312 u8 link_type, u8 addr_type, u8 status)
604086b7 3313{
272d90df
JH		 3314 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3315 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3316}
3317
272d90df
JH		 3318int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3319 u8 link_type, u8 addr_type, u8 status)
604086b7 3320{
272d90df
JH		 3321 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3322 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3323}
3324
bab73cb6
JH		 3325int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3326 u8 addr_type, u8 status)
2a611692
JH		 3327{
3328 struct mgmt_ev_auth_failed ev;
3329
bab73cb6
JH		 3330 bacpy(&ev.addr.bdaddr, bdaddr);
3331 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3332 ev.status = mgmt_status(status);
2a611692 3333
744cf19e 3334 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3335}
b312b161 3336
33ef95ed
JH		 3337int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3338{
3339 struct cmd_lookup match = { NULL, hdev };
33ef95ed
JH		 3340 int err;
3341
3342 if (status) {
3343 u8 mgmt_err = mgmt_status(status);
3344 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3345 cmd_status_rsp, &mgmt_err);
3346 return 0;
3347 }
3348
3349 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3350 &match);
3351
beadb2bd 3352 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3353
3354 if (match.sk)
3355 sock_put(match.sk);
3356
3357 return err;
3358}
3359
cacaf52f
JH		 3360static int clear_eir(struct hci_dev *hdev)
3361{
3362 struct hci_cp_write_eir cp;
3363
3364 if (!(hdev->features[6] & LMP_EXT_INQ))
3365 return 0;
3366
3367 memset(&cp, 0, sizeof(cp));
3368
3369 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3370}
3371
ed2c4ee3
JH		 3372int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3373{
3374 struct cmd_lookup match = { NULL, hdev };
ed2c4ee3
JH		 3375 int err;
3376
3377 if (status) {
3378 u8 mgmt_err = mgmt_status(status);
3379 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3380 cmd_status_rsp, &mgmt_err);
3381 return 0;
3382 }
3383
3384 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3385
beadb2bd 3386 err = new_settings(hdev, match.sk);
ed2c4ee3 3387
cacaf52f 3388 if (match.sk) {
ed2c4ee3
JH		 3389 sock_put(match.sk);
3390
cacaf52f
JH		 3391 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3392 update_eir(hdev);
3393 else
3394 clear_eir(hdev);
3395 }
3396
ed2c4ee3
JH		 3397 return err;
3398}
3399
744cf19e 3400int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3401{
3402 struct pending_cmd *cmd;
3403 struct mgmt_cp_set_local_name ev;
3404 int err;
3405
3406 memset(&ev, 0, sizeof(ev));
3407 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3408
2e58ef3e 3409 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3410 if (!cmd)
3411 goto send_event;
3412
3413 if (status) {
744cf19e 3414 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3415 mgmt_status(status));
b312b161
JH		 3416 goto failed;
3417 }
3418
744cf19e 3419 update_eir(hdev);
80a1e1db 3420
aee9b218 3421 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3422 sizeof(ev));
3423 if (err < 0)
3424 goto failed;
3425
3426send_event:
744cf19e 3427 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3428 cmd ? cmd->sk : NULL);
3429
3430failed:
3431 if (cmd)
3432 mgmt_pending_remove(cmd);
3433 return err;
3434}
c35938b2 3435
744cf19e
JH		 3436int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3437 u8 *randomizer, u8 status)
c35938b2
SJ		 3438{
3439 struct pending_cmd *cmd;
3440 int err;
3441
744cf19e 3442 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3443
2e58ef3e 3444 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3445 if (!cmd)
3446 return -ENOENT;
3447
3448 if (status) {
744cf19e 3449 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3450 MGMT_OP_READ_LOCAL_OOB_DATA,
3451 mgmt_status(status));
c35938b2
SJ		 3452 } else {
3453 struct mgmt_rp_read_local_oob_data rp;
3454
3455 memcpy(rp.hash, hash, sizeof(rp.hash));
3456 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3457
744cf19e
JH		 3458 err = cmd_complete(cmd->sk, hdev->id,
3459 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3460 0, &rp, sizeof(rp));
c35938b2
SJ		 3461 }
3462
3463 mgmt_pending_remove(cmd);
3464
3465 return err;
3466}
e17acd40 3467
48264f06 3468int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3469 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3470 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3471{
e319d2e7
JH		 3472 char buf[512];
3473 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3474 size_t ev_size;
e17acd40 3475
1dc06093
JH		 3476 /* Leave 5 bytes for a potential CoD field */
3477 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3478 return -EINVAL;
3479
1dc06093
JH		 3480 memset(buf, 0, sizeof(buf));
3481
e319d2e7
JH		 3482 bacpy(&ev->addr.bdaddr, bdaddr);
3483 ev->addr.type = link_to_mgmt(link_type, addr_type);
3484 ev->rssi = rssi;
3485 ev->confirm_name = cfm_name;
e17acd40 3486
1dc06093 3487 if (eir_len > 0)
e319d2e7 3488 memcpy(ev->eir, eir, eir_len);
e17acd40 3489
1dc06093
JH		 3490 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3491 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3492 dev_class, 3);
3493
3494 put_unaligned_le16(eir_len, &ev->eir_len);
3495
3496 ev_size = sizeof(*ev) + eir_len;
f8523598 3497
e319d2e7 3498 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3499}
a88a9652 3500
b644ba33
JH		 3501int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3502 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3503{
b644ba33
JH		 3504 struct mgmt_ev_device_found *ev;
3505 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3506 u16 eir_len;
a88a9652 3507
b644ba33 3508 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3509
b644ba33
JH		 3510 memset(buf, 0, sizeof(buf));
3511
3512 bacpy(&ev->addr.bdaddr, bdaddr);
3513 ev->addr.type = link_to_mgmt(link_type, addr_type);
3514 ev->rssi = rssi;
3515
3516 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3517 name_len);
3518
3519 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3520
053c7e0c
JH		 3521 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3522 sizeof(*ev) + eir_len, NULL);
a88a9652 3523}
314b2381 3524
7a135109 3525int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3526{
3527 struct pending_cmd *cmd;
f808e166 3528 u8 type;
164a6e78
JH		 3529 int err;
3530
203159d4
AG		 3531 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3532
2e58ef3e 3533 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3534 if (!cmd)
3535 return -ENOENT;
3536
f808e166
JH		 3537 type = hdev->discovery.type;
3538
3539 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3540 &type, sizeof(type));
164a6e78
JH		 3541 mgmt_pending_remove(cmd);
3542
3543 return err;
3544}
3545
e6d465cb
AG		 3546int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3547{
3548 struct pending_cmd *cmd;
3549 int err;
3550
3551 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3552 if (!cmd)
3553 return -ENOENT;
3554
d930650b
JH		 3555 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3556 &hdev->discovery.type,
3557 sizeof(hdev->discovery.type));
164a6e78
JH		 3558 mgmt_pending_remove(cmd);
3559
3560 return err;
3561}
3562
744cf19e 3563int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3564{
f963e8e9 3565 struct mgmt_ev_discovering ev;
164a6e78
JH		 3566 struct pending_cmd *cmd;
3567
343fb145
AG		 3568 BT_DBG("%s discovering %u", hdev->name, discovering);
3569
164a6e78 3570 if (discovering)
2e58ef3e 3571 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3572 else
2e58ef3e 3573 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3574
3575 if (cmd != NULL) {
f808e166
JH		 3576 u8 type = hdev->discovery.type;
3577
d930650b 3578 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3579 &type, sizeof(type));
164a6e78
JH		 3580 mgmt_pending_remove(cmd);
3581 }
3582
f963e8e9
JH		 3583 memset(&ev, 0, sizeof(ev));
3584 ev.type = hdev->discovery.type;
3585 ev.discovering = discovering;
3586
3587 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3588}
5e762444 3589
88c1fe4b 3590int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3591{
3592 struct pending_cmd *cmd;
3593 struct mgmt_ev_device_blocked ev;
3594
2e58ef3e 3595 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3596
88c1fe4b
JH		 3597 bacpy(&ev.addr.bdaddr, bdaddr);
3598 ev.addr.type = type;
5e762444 3599
744cf19e
JH		 3600 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3601 cmd ? cmd->sk : NULL);
5e762444
AJ		 3602}
3603
88c1fe4b 3604int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3605{
3606 struct pending_cmd *cmd;
3607 struct mgmt_ev_device_unblocked ev;
3608
2e58ef3e 3609 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3610
88c1fe4b
JH		 3611 bacpy(&ev.addr.bdaddr, bdaddr);
3612 ev.addr.type = type;
5e762444 3613
744cf19e
JH		 3614 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3615 cmd ? cmd->sk : NULL);
5e762444 3616}
d7b7e796
MH		 3617
3618module_param(enable_hs, bool, 0644);
3619MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3620
3621module_param(enable_le, bool, 0644);
3622MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
kernel source for telekom puls (alcatel/mediatek)