projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Fix returning proper command status for start_discovery
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 bool enable_hs;
36
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 2
39
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79 };
80
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
103 };
104
105 /*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
114
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
117
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
123 struct pending_cmd {
124 struct list_head list;
125 u16 opcode;
126 int index;
127 void *param;
128 struct sock *sk;
129 void *user_data;
130 };
131
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195 };
196
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
198 {
199 return hdev->dev_type == HCI_BREDR;
200 }
201
202 static u8 mgmt_status(u8 hci_status)
203 {
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208 }
209
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
211 {
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
215 int err;
216
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
218
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
231 ev->opcode = cpu_to_le16(cmd);
232
233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
235 kfree_skb(skb);
236
237 return err;
238 }
239
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
242 {
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
246 int err;
247
248 BT_DBG("sock %p", sk);
249
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
255
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
259
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
262 ev->status = status;
263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
266
267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
269 kfree_skb(skb);
270
271 return err;
272 }
273
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
276 {
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
283
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
285 sizeof(rp));
286 }
287
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
290 {
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
294 __le16 *opcode;
295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 rp_size);
317 kfree(rp);
318
319 return err;
320 }
321
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
324 {
325 struct mgmt_rp_read_index_list *rp;
326 struct hci_dev *d;
327 size_t rp_len;
328 u16 count;
329 int err;
330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
340 count++;
341 }
342
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
346 read_unlock(&hci_dev_list_lock);
347 return -ENOMEM;
348 }
349
350 count = 0;
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
353 continue;
354
355 if (!mgmt_valid_hdev(d))
356 continue;
357
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
360 }
361
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
365 read_unlock(&hci_dev_list_lock);
366
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
368 rp_len);
369
370 kfree(rp);
371
372 return err;
373 }
374
375 static u32 get_supported_settings(struct hci_dev *hdev)
376 {
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
381
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
384
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
398
399 return settings;
400 }
401
402 static u32 get_current_settings(struct hci_dev *hdev)
403 {
404 u32 settings = 0;
405
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
408
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
411
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
414
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
417
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
420
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
423
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
426
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
429
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
433 return settings;
434 }
435
436 #define PNP_INFO_SVCLASS_ID 0x1200
437
438 static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
441 };
442
443 static u16 get_uuid16(u8 *uuid128)
444 {
445 u32 val;
446 int i;
447
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
450 return 0;
451 }
452
453 val = get_unaligned_le32(&uuid128[12]);
454 if (val > 0xffff)
455 return 0;
456
457 return (u16) val;
458 }
459
460 static void create_eir(struct hci_dev *hdev, u8 *data)
461 {
462 u8 *ptr = data;
463 u16 eir_len = 0;
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
467 size_t name_len;
468
469 name_len = strlen(hdev->dev_name);
470
471 if (name_len > 0) {
472 /* EIR Data type */
473 if (name_len > 48) {
474 name_len = 48;
475 ptr[1] = EIR_NAME_SHORT;
476 } else
477 ptr[1] = EIR_NAME_COMPLETE;
478
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
481
482 memcpy(ptr + 2, hdev->dev_name, name_len);
483
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
486 }
487
488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
489 ptr[0] = 2;
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
492
493 eir_len += 3;
494 ptr += 3;
495 }
496
497 if (hdev->devid_source > 0) {
498 ptr[0] = 9;
499 ptr[1] = EIR_DEVICE_ID;
500
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
505
506 eir_len += 10;
507 ptr += 10;
508 }
509
510 memset(uuid16_list, 0, sizeof(uuid16_list));
511
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
514 u16 uuid16;
515
516 uuid16 = get_uuid16(uuid->uuid);
517 if (uuid16 == 0)
518 return;
519
520 if (uuid16 < 0x1100)
521 continue;
522
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
524 continue;
525
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
528 truncated = 1;
529 break;
530 }
531
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
535 break;
536
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
540 }
541 }
542
543 if (uuid16_list[0] != 0) {
544 u8 *length = ptr;
545
546 /* EIR Data type */
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
548
549 ptr += 2;
550 eir_len += 2;
551
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
555 }
556
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
559 }
560 }
561
562 static int update_eir(struct hci_dev *hdev)
563 {
564 struct hci_cp_write_eir cp;
565
566 if (!hdev_is_powered(hdev))
567 return 0;
568
569 if (!lmp_ext_inq_capable(hdev))
570 return 0;
571
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
573 return 0;
574
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
576 return 0;
577
578 memset(&cp, 0, sizeof(cp));
579
580 create_eir(hdev, cp.data);
581
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
583 return 0;
584
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
586
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
588 }
589
590 static u8 get_service_classes(struct hci_dev *hdev)
591 {
592 struct bt_uuid *uuid;
593 u8 val = 0;
594
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
597
598 return val;
599 }
600
601 static int update_class(struct hci_dev *hdev)
602 {
603 u8 cod[3];
604 int err;
605
606 BT_DBG("%s", hdev->name);
607
608 if (!hdev_is_powered(hdev))
609 return 0;
610
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
612 return 0;
613
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
617
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
619 return 0;
620
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
622 if (err == 0)
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
624
625 return err;
626 }
627
628 static void service_cache_off(struct work_struct *work)
629 {
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
631 service_cache.work);
632
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
634 return;
635
636 hci_dev_lock(hdev);
637
638 update_eir(hdev);
639 update_class(hdev);
640
641 hci_dev_unlock(hdev);
642 }
643
644 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
645 {
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
647 return;
648
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
650
651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
654 * it
655 */
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
657 }
658
659 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
661 {
662 struct mgmt_rp_read_info rp;
663
664 BT_DBG("sock %p %s", sk, hdev->name);
665
666 hci_dev_lock(hdev);
667
668 memset(&rp, 0, sizeof(rp));
669
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
671
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
674
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
677
678 memcpy(rp.dev_class, hdev->dev_class, 3);
679
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
682
683 hci_dev_unlock(hdev);
684
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
686 sizeof(rp));
687 }
688
689 static void mgmt_pending_free(struct pending_cmd *cmd)
690 {
691 sock_put(cmd->sk);
692 kfree(cmd->param);
693 kfree(cmd);
694 }
695
696 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
698 u16 len)
699 {
700 struct pending_cmd *cmd;
701
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
703 if (!cmd)
704 return NULL;
705
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
708
709 cmd->param = kmalloc(len, GFP_KERNEL);
710 if (!cmd->param) {
711 kfree(cmd);
712 return NULL;
713 }
714
715 if (data)
716 memcpy(cmd->param, data, len);
717
718 cmd->sk = sk;
719 sock_hold(sk);
720
721 list_add(&cmd->list, &hdev->mgmt_pending);
722
723 return cmd;
724 }
725
726 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
728 void *data),
729 void *data)
730 {
731 struct list_head *p, *n;
732
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
735
736 cmd = list_entry(p, struct pending_cmd, list);
737
738 if (opcode > 0 && cmd->opcode != opcode)
739 continue;
740
741 cb(cmd, data);
742 }
743 }
744
745 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
746 {
747 struct pending_cmd *cmd;
748
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
751 return cmd;
752 }
753
754 return NULL;
755 }
756
757 static void mgmt_pending_remove(struct pending_cmd *cmd)
758 {
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
761 }
762
763 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
764 {
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
766
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
768 sizeof(settings));
769 }
770
771 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
772 u16 len)
773 {
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
776 int err;
777
778 BT_DBG("request for %s", hdev->name);
779
780 if (cp->val != 0x00 && cp->val != 0x01)
781 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
782 MGMT_STATUS_INVALID_PARAMS);
783
784 hci_dev_lock(hdev);
785
786 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
787 cancel_delayed_work(&hdev->power_off);
788
789 if (cp->val) {
790 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
791 mgmt_powered(hdev, 1);
792 goto failed;
793 }
794 }
795
796 if (!!cp->val == hdev_is_powered(hdev)) {
797 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
798 goto failed;
799 }
800
801 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
802 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
803 MGMT_STATUS_BUSY);
804 goto failed;
805 }
806
807 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
808 if (!cmd) {
809 err = -ENOMEM;
810 goto failed;
811 }
812
813 if (cp->val)
814 schedule_work(&hdev->power_on);
815 else
816 schedule_work(&hdev->power_off.work);
817
818 err = 0;
819
820 failed:
821 hci_dev_unlock(hdev);
822 return err;
823 }
824
825 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
826 struct sock *skip_sk)
827 {
828 struct sk_buff *skb;
829 struct mgmt_hdr *hdr;
830
831 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
832 if (!skb)
833 return -ENOMEM;
834
835 hdr = (void *) skb_put(skb, sizeof(*hdr));
836 hdr->opcode = cpu_to_le16(event);
837 if (hdev)
838 hdr->index = cpu_to_le16(hdev->id);
839 else
840 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
841 hdr->len = cpu_to_le16(data_len);
842
843 if (data)
844 memcpy(skb_put(skb, data_len), data, data_len);
845
846 /* Time stamp */
847 __net_timestamp(skb);
848
849 hci_send_to_control(skb, skip_sk);
850 kfree_skb(skb);
851
852 return 0;
853 }
854
855 static int new_settings(struct hci_dev *hdev, struct sock *skip)
856 {
857 __le32 ev;
858
859 ev = cpu_to_le32(get_current_settings(hdev));
860
861 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
862 }
863
864 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
865 u16 len)
866 {
867 struct mgmt_cp_set_discoverable *cp = data;
868 struct pending_cmd *cmd;
869 u16 timeout;
870 u8 scan;
871 int err;
872
873 BT_DBG("request for %s", hdev->name);
874
875 if (!lmp_bredr_capable(hdev))
876 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
877 MGMT_STATUS_NOT_SUPPORTED);
878
879 if (cp->val != 0x00 && cp->val != 0x01)
880 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
881 MGMT_STATUS_INVALID_PARAMS);
882
883 timeout = __le16_to_cpu(cp->timeout);
884 if (!cp->val && timeout > 0)
885 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
886 MGMT_STATUS_INVALID_PARAMS);
887
888 hci_dev_lock(hdev);
889
890 if (!hdev_is_powered(hdev) && timeout > 0) {
891 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
892 MGMT_STATUS_NOT_POWERED);
893 goto failed;
894 }
895
896 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
897 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
898 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
899 MGMT_STATUS_BUSY);
900 goto failed;
901 }
902
903 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
904 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
905 MGMT_STATUS_REJECTED);
906 goto failed;
907 }
908
909 if (!hdev_is_powered(hdev)) {
910 bool changed = false;
911
912 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
913 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
914 changed = true;
915 }
916
917 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
918 if (err < 0)
919 goto failed;
920
921 if (changed)
922 err = new_settings(hdev, sk);
923
924 goto failed;
925 }
926
927 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
928 if (hdev->discov_timeout > 0) {
929 cancel_delayed_work(&hdev->discov_off);
930 hdev->discov_timeout = 0;
931 }
932
933 if (cp->val && timeout > 0) {
934 hdev->discov_timeout = timeout;
935 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
936 msecs_to_jiffies(hdev->discov_timeout * 1000));
937 }
938
939 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
940 goto failed;
941 }
942
943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
944 if (!cmd) {
945 err = -ENOMEM;
946 goto failed;
947 }
948
949 scan = SCAN_PAGE;
950
951 if (cp->val)
952 scan |= SCAN_INQUIRY;
953 else
954 cancel_delayed_work(&hdev->discov_off);
955
956 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
957 if (err < 0)
958 mgmt_pending_remove(cmd);
959
960 if (cp->val)
961 hdev->discov_timeout = timeout;
962
963 failed:
964 hci_dev_unlock(hdev);
965 return err;
966 }
967
968 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
969 u16 len)
970 {
971 struct mgmt_mode *cp = data;
972 struct pending_cmd *cmd;
973 u8 scan;
974 int err;
975
976 BT_DBG("request for %s", hdev->name);
977
978 if (!lmp_bredr_capable(hdev))
979 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
980 MGMT_STATUS_NOT_SUPPORTED);
981
982 if (cp->val != 0x00 && cp->val != 0x01)
983 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
984 MGMT_STATUS_INVALID_PARAMS);
985
986 hci_dev_lock(hdev);
987
988 if (!hdev_is_powered(hdev)) {
989 bool changed = false;
990
991 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
992 changed = true;
993
994 if (cp->val) {
995 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
996 } else {
997 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
998 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
999 }
1000
1001 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1002 if (err < 0)
1003 goto failed;
1004
1005 if (changed)
1006 err = new_settings(hdev, sk);
1007
1008 goto failed;
1009 }
1010
1011 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1012 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1013 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1014 MGMT_STATUS_BUSY);
1015 goto failed;
1016 }
1017
1018 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1019 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1020 goto failed;
1021 }
1022
1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1024 if (!cmd) {
1025 err = -ENOMEM;
1026 goto failed;
1027 }
1028
1029 if (cp->val) {
1030 scan = SCAN_PAGE;
1031 } else {
1032 scan = 0;
1033
1034 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1035 hdev->discov_timeout > 0)
1036 cancel_delayed_work(&hdev->discov_off);
1037 }
1038
1039 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1040 if (err < 0)
1041 mgmt_pending_remove(cmd);
1042
1043 failed:
1044 hci_dev_unlock(hdev);
1045 return err;
1046 }
1047
1048 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1049 u16 len)
1050 {
1051 struct mgmt_mode *cp = data;
1052 int err;
1053
1054 BT_DBG("request for %s", hdev->name);
1055
1056 if (cp->val != 0x00 && cp->val != 0x01)
1057 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1058 MGMT_STATUS_INVALID_PARAMS);
1059
1060 hci_dev_lock(hdev);
1061
1062 if (cp->val)
1063 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1064 else
1065 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1066
1067 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1068 if (err < 0)
1069 goto failed;
1070
1071 err = new_settings(hdev, sk);
1072
1073 failed:
1074 hci_dev_unlock(hdev);
1075 return err;
1076 }
1077
1078 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1079 u16 len)
1080 {
1081 struct mgmt_mode *cp = data;
1082 struct pending_cmd *cmd;
1083 u8 val;
1084 int err;
1085
1086 BT_DBG("request for %s", hdev->name);
1087
1088 if (!lmp_bredr_capable(hdev))
1089 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1090 MGMT_STATUS_NOT_SUPPORTED);
1091
1092 if (cp->val != 0x00 && cp->val != 0x01)
1093 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1094 MGMT_STATUS_INVALID_PARAMS);
1095
1096 hci_dev_lock(hdev);
1097
1098 if (!hdev_is_powered(hdev)) {
1099 bool changed = false;
1100
1101 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1102 &hdev->dev_flags)) {
1103 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1104 changed = true;
1105 }
1106
1107 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1108 if (err < 0)
1109 goto failed;
1110
1111 if (changed)
1112 err = new_settings(hdev, sk);
1113
1114 goto failed;
1115 }
1116
1117 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1118 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1119 MGMT_STATUS_BUSY);
1120 goto failed;
1121 }
1122
1123 val = !!cp->val;
1124
1125 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1126 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1127 goto failed;
1128 }
1129
1130 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1131 if (!cmd) {
1132 err = -ENOMEM;
1133 goto failed;
1134 }
1135
1136 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1137 if (err < 0) {
1138 mgmt_pending_remove(cmd);
1139 goto failed;
1140 }
1141
1142 failed:
1143 hci_dev_unlock(hdev);
1144 return err;
1145 }
1146
1147 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1148 {
1149 struct mgmt_mode *cp = data;
1150 struct pending_cmd *cmd;
1151 u8 val;
1152 int err;
1153
1154 BT_DBG("request for %s", hdev->name);
1155
1156 if (!lmp_ssp_capable(hdev))
1157 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1158 MGMT_STATUS_NOT_SUPPORTED);
1159
1160 if (cp->val != 0x00 && cp->val != 0x01)
1161 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1162 MGMT_STATUS_INVALID_PARAMS);
1163
1164 hci_dev_lock(hdev);
1165
1166 val = !!cp->val;
1167
1168 if (!hdev_is_powered(hdev)) {
1169 bool changed = false;
1170
1171 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1172 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1173 changed = true;
1174 }
1175
1176 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1177 if (err < 0)
1178 goto failed;
1179
1180 if (changed)
1181 err = new_settings(hdev, sk);
1182
1183 goto failed;
1184 }
1185
1186 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1187 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1188 MGMT_STATUS_BUSY);
1189 goto failed;
1190 }
1191
1192 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1193 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1194 goto failed;
1195 }
1196
1197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1198 if (!cmd) {
1199 err = -ENOMEM;
1200 goto failed;
1201 }
1202
1203 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1204 if (err < 0) {
1205 mgmt_pending_remove(cmd);
1206 goto failed;
1207 }
1208
1209 failed:
1210 hci_dev_unlock(hdev);
1211 return err;
1212 }
1213
1214 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1215 {
1216 struct mgmt_mode *cp = data;
1217
1218 BT_DBG("request for %s", hdev->name);
1219
1220 if (!enable_hs)
1221 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1222 MGMT_STATUS_NOT_SUPPORTED);
1223
1224 if (cp->val != 0x00 && cp->val != 0x01)
1225 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1226 MGMT_STATUS_INVALID_PARAMS);
1227
1228 if (cp->val)
1229 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1230 else
1231 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1232
1233 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1234 }
1235
1236 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1237 {
1238 struct mgmt_mode *cp = data;
1239 struct hci_cp_write_le_host_supported hci_cp;
1240 struct pending_cmd *cmd;
1241 int err;
1242 u8 val, enabled;
1243
1244 BT_DBG("request for %s", hdev->name);
1245
1246 if (!lmp_le_capable(hdev))
1247 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1248 MGMT_STATUS_NOT_SUPPORTED);
1249
1250 if (cp->val != 0x00 && cp->val != 0x01)
1251 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1252 MGMT_STATUS_INVALID_PARAMS);
1253
1254 hci_dev_lock(hdev);
1255
1256 val = !!cp->val;
1257 enabled = lmp_host_le_capable(hdev);
1258
1259 if (!hdev_is_powered(hdev) || val == enabled) {
1260 bool changed = false;
1261
1262 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1263 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1264 changed = true;
1265 }
1266
1267 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1268 if (err < 0)
1269 goto unlock;
1270
1271 if (changed)
1272 err = new_settings(hdev, sk);
1273
1274 goto unlock;
1275 }
1276
1277 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1278 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1279 MGMT_STATUS_BUSY);
1280 goto unlock;
1281 }
1282
1283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1284 if (!cmd) {
1285 err = -ENOMEM;
1286 goto unlock;
1287 }
1288
1289 memset(&hci_cp, 0, sizeof(hci_cp));
1290
1291 if (val) {
1292 hci_cp.le = val;
1293 hci_cp.simul = lmp_le_br_capable(hdev);
1294 }
1295
1296 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1297 &hci_cp);
1298 if (err < 0)
1299 mgmt_pending_remove(cmd);
1300
1301 unlock:
1302 hci_dev_unlock(hdev);
1303 return err;
1304 }
1305
1306 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1307 {
1308 struct mgmt_cp_add_uuid *cp = data;
1309 struct pending_cmd *cmd;
1310 struct bt_uuid *uuid;
1311 int err;
1312
1313 BT_DBG("request for %s", hdev->name);
1314
1315 hci_dev_lock(hdev);
1316
1317 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1318 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1319 MGMT_STATUS_BUSY);
1320 goto failed;
1321 }
1322
1323 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1324 if (!uuid) {
1325 err = -ENOMEM;
1326 goto failed;
1327 }
1328
1329 memcpy(uuid->uuid, cp->uuid, 16);
1330 uuid->svc_hint = cp->svc_hint;
1331
1332 list_add(&uuid->list, &hdev->uuids);
1333
1334 err = update_class(hdev);
1335 if (err < 0)
1336 goto failed;
1337
1338 err = update_eir(hdev);
1339 if (err < 0)
1340 goto failed;
1341
1342 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1343 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1344 hdev->dev_class, 3);
1345 goto failed;
1346 }
1347
1348 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1349 if (!cmd)
1350 err = -ENOMEM;
1351
1352 failed:
1353 hci_dev_unlock(hdev);
1354 return err;
1355 }
1356
1357 static bool enable_service_cache(struct hci_dev *hdev)
1358 {
1359 if (!hdev_is_powered(hdev))
1360 return false;
1361
1362 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1363 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1364 return true;
1365 }
1366
1367 return false;
1368 }
1369
1370 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1371 u16 len)
1372 {
1373 struct mgmt_cp_remove_uuid *cp = data;
1374 struct pending_cmd *cmd;
1375 struct list_head *p, *n;
1376 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1377 int err, found;
1378
1379 BT_DBG("request for %s", hdev->name);
1380
1381 hci_dev_lock(hdev);
1382
1383 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1384 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1385 MGMT_STATUS_BUSY);
1386 goto unlock;
1387 }
1388
1389 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1390 err = hci_uuids_clear(hdev);
1391
1392 if (enable_service_cache(hdev)) {
1393 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1394 0, hdev->dev_class, 3);
1395 goto unlock;
1396 }
1397
1398 goto update_class;
1399 }
1400
1401 found = 0;
1402
1403 list_for_each_safe(p, n, &hdev->uuids) {
1404 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1405
1406 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1407 continue;
1408
1409 list_del(&match->list);
1410 kfree(match);
1411 found++;
1412 }
1413
1414 if (found == 0) {
1415 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1416 MGMT_STATUS_INVALID_PARAMS);
1417 goto unlock;
1418 }
1419
1420 update_class:
1421 err = update_class(hdev);
1422 if (err < 0)
1423 goto unlock;
1424
1425 err = update_eir(hdev);
1426 if (err < 0)
1427 goto unlock;
1428
1429 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1430 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1431 hdev->dev_class, 3);
1432 goto unlock;
1433 }
1434
1435 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1436 if (!cmd)
1437 err = -ENOMEM;
1438
1439 unlock:
1440 hci_dev_unlock(hdev);
1441 return err;
1442 }
1443
1444 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1445 u16 len)
1446 {
1447 struct mgmt_cp_set_dev_class *cp = data;
1448 struct pending_cmd *cmd;
1449 int err;
1450
1451 BT_DBG("request for %s", hdev->name);
1452
1453 if (!lmp_bredr_capable(hdev))
1454 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1455 MGMT_STATUS_NOT_SUPPORTED);
1456
1457 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1458 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1459 MGMT_STATUS_BUSY);
1460
1461 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1462 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1463 MGMT_STATUS_INVALID_PARAMS);
1464
1465 hci_dev_lock(hdev);
1466
1467 hdev->major_class = cp->major;
1468 hdev->minor_class = cp->minor;
1469
1470 if (!hdev_is_powered(hdev)) {
1471 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1472 hdev->dev_class, 3);
1473 goto unlock;
1474 }
1475
1476 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1477 hci_dev_unlock(hdev);
1478 cancel_delayed_work_sync(&hdev->service_cache);
1479 hci_dev_lock(hdev);
1480 update_eir(hdev);
1481 }
1482
1483 err = update_class(hdev);
1484 if (err < 0)
1485 goto unlock;
1486
1487 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1488 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1489 hdev->dev_class, 3);
1490 goto unlock;
1491 }
1492
1493 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1494 if (!cmd)
1495 err = -ENOMEM;
1496
1497 unlock:
1498 hci_dev_unlock(hdev);
1499 return err;
1500 }
1501
1502 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1503 u16 len)
1504 {
1505 struct mgmt_cp_load_link_keys *cp = data;
1506 u16 key_count, expected_len;
1507 int i;
1508
1509 key_count = __le16_to_cpu(cp->key_count);
1510
1511 expected_len = sizeof(*cp) + key_count *
1512 sizeof(struct mgmt_link_key_info);
1513 if (expected_len != len) {
1514 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1515 len, expected_len);
1516 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1517 MGMT_STATUS_INVALID_PARAMS);
1518 }
1519
1520 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1521 key_count);
1522
1523 hci_dev_lock(hdev);
1524
1525 hci_link_keys_clear(hdev);
1526
1527 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1528
1529 if (cp->debug_keys)
1530 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1531 else
1532 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1533
1534 for (i = 0; i < key_count; i++) {
1535 struct mgmt_link_key_info *key = &cp->keys[i];
1536
1537 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1538 key->type, key->pin_len);
1539 }
1540
1541 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1542
1543 hci_dev_unlock(hdev);
1544
1545 return 0;
1546 }
1547
1548 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1549 u8 addr_type, struct sock *skip_sk)
1550 {
1551 struct mgmt_ev_device_unpaired ev;
1552
1553 bacpy(&ev.addr.bdaddr, bdaddr);
1554 ev.addr.type = addr_type;
1555
1556 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1557 skip_sk);
1558 }
1559
1560 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1561 u16 len)
1562 {
1563 struct mgmt_cp_unpair_device *cp = data;
1564 struct mgmt_rp_unpair_device rp;
1565 struct hci_cp_disconnect dc;
1566 struct pending_cmd *cmd;
1567 struct hci_conn *conn;
1568 int err;
1569
1570 hci_dev_lock(hdev);
1571
1572 memset(&rp, 0, sizeof(rp));
1573 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1574 rp.addr.type = cp->addr.type;
1575
1576 if (!hdev_is_powered(hdev)) {
1577 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1578 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1579 goto unlock;
1580 }
1581
1582 if (cp->addr.type == BDADDR_BREDR)
1583 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1584 else
1585 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1586
1587 if (err < 0) {
1588 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1589 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1590 goto unlock;
1591 }
1592
1593 if (cp->disconnect) {
1594 if (cp->addr.type == BDADDR_BREDR)
1595 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1596 &cp->addr.bdaddr);
1597 else
1598 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1599 &cp->addr.bdaddr);
1600 } else {
1601 conn = NULL;
1602 }
1603
1604 if (!conn) {
1605 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1606 &rp, sizeof(rp));
1607 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1608 goto unlock;
1609 }
1610
1611 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1612 sizeof(*cp));
1613 if (!cmd) {
1614 err = -ENOMEM;
1615 goto unlock;
1616 }
1617
1618 dc.handle = cpu_to_le16(conn->handle);
1619 dc.reason = 0x13; /* Remote User Terminated Connection */
1620 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1621 if (err < 0)
1622 mgmt_pending_remove(cmd);
1623
1624 unlock:
1625 hci_dev_unlock(hdev);
1626 return err;
1627 }
1628
1629 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1630 u16 len)
1631 {
1632 struct mgmt_cp_disconnect *cp = data;
1633 struct hci_cp_disconnect dc;
1634 struct pending_cmd *cmd;
1635 struct hci_conn *conn;
1636 int err;
1637
1638 BT_DBG("");
1639
1640 hci_dev_lock(hdev);
1641
1642 if (!test_bit(HCI_UP, &hdev->flags)) {
1643 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1644 MGMT_STATUS_NOT_POWERED);
1645 goto failed;
1646 }
1647
1648 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1649 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1650 MGMT_STATUS_BUSY);
1651 goto failed;
1652 }
1653
1654 if (cp->addr.type == BDADDR_BREDR)
1655 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1656 &cp->addr.bdaddr);
1657 else
1658 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1659
1660 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1661 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1662 MGMT_STATUS_NOT_CONNECTED);
1663 goto failed;
1664 }
1665
1666 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1667 if (!cmd) {
1668 err = -ENOMEM;
1669 goto failed;
1670 }
1671
1672 dc.handle = cpu_to_le16(conn->handle);
1673 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1674
1675 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1676 if (err < 0)
1677 mgmt_pending_remove(cmd);
1678
1679 failed:
1680 hci_dev_unlock(hdev);
1681 return err;
1682 }
1683
1684 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1685 {
1686 switch (link_type) {
1687 case LE_LINK:
1688 switch (addr_type) {
1689 case ADDR_LE_DEV_PUBLIC:
1690 return BDADDR_LE_PUBLIC;
1691
1692 default:
1693 /* Fallback to LE Random address type */
1694 return BDADDR_LE_RANDOM;
1695 }
1696
1697 default:
1698 /* Fallback to BR/EDR type */
1699 return BDADDR_BREDR;
1700 }
1701 }
1702
1703 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1704 u16 data_len)
1705 {
1706 struct mgmt_rp_get_connections *rp;
1707 struct hci_conn *c;
1708 size_t rp_len;
1709 int err;
1710 u16 i;
1711
1712 BT_DBG("");
1713
1714 hci_dev_lock(hdev);
1715
1716 if (!hdev_is_powered(hdev)) {
1717 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1718 MGMT_STATUS_NOT_POWERED);
1719 goto unlock;
1720 }
1721
1722 i = 0;
1723 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1724 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1725 i++;
1726 }
1727
1728 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1729 rp = kmalloc(rp_len, GFP_KERNEL);
1730 if (!rp) {
1731 err = -ENOMEM;
1732 goto unlock;
1733 }
1734
1735 i = 0;
1736 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1737 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1738 continue;
1739 bacpy(&rp->addr[i].bdaddr, &c->dst);
1740 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1741 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1742 continue;
1743 i++;
1744 }
1745
1746 rp->conn_count = cpu_to_le16(i);
1747
1748 /* Recalculate length in case of filtered SCO connections, etc */
1749 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1750
1751 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1752 rp_len);
1753
1754 kfree(rp);
1755
1756 unlock:
1757 hci_dev_unlock(hdev);
1758 return err;
1759 }
1760
1761 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1762 struct mgmt_cp_pin_code_neg_reply *cp)
1763 {
1764 struct pending_cmd *cmd;
1765 int err;
1766
1767 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1768 sizeof(*cp));
1769 if (!cmd)
1770 return -ENOMEM;
1771
1772 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1773 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1774 if (err < 0)
1775 mgmt_pending_remove(cmd);
1776
1777 return err;
1778 }
1779
1780 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1781 u16 len)
1782 {
1783 struct hci_conn *conn;
1784 struct mgmt_cp_pin_code_reply *cp = data;
1785 struct hci_cp_pin_code_reply reply;
1786 struct pending_cmd *cmd;
1787 int err;
1788
1789 BT_DBG("");
1790
1791 hci_dev_lock(hdev);
1792
1793 if (!hdev_is_powered(hdev)) {
1794 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1795 MGMT_STATUS_NOT_POWERED);
1796 goto failed;
1797 }
1798
1799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1800 if (!conn) {
1801 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1802 MGMT_STATUS_NOT_CONNECTED);
1803 goto failed;
1804 }
1805
1806 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1807 struct mgmt_cp_pin_code_neg_reply ncp;
1808
1809 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1810
1811 BT_ERR("PIN code is not 16 bytes long");
1812
1813 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1814 if (err >= 0)
1815 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1816 MGMT_STATUS_INVALID_PARAMS);
1817
1818 goto failed;
1819 }
1820
1821 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1822 if (!cmd) {
1823 err = -ENOMEM;
1824 goto failed;
1825 }
1826
1827 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1828 reply.pin_len = cp->pin_len;
1829 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1830
1831 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1832 if (err < 0)
1833 mgmt_pending_remove(cmd);
1834
1835 failed:
1836 hci_dev_unlock(hdev);
1837 return err;
1838 }
1839
1840 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1841 u16 len)
1842 {
1843 struct mgmt_cp_set_io_capability *cp = data;
1844
1845 BT_DBG("");
1846
1847 hci_dev_lock(hdev);
1848
1849 hdev->io_capability = cp->io_capability;
1850
1851 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1852 hdev->io_capability);
1853
1854 hci_dev_unlock(hdev);
1855
1856 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1857 0);
1858 }
1859
1860 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1861 {
1862 struct hci_dev *hdev = conn->hdev;
1863 struct pending_cmd *cmd;
1864
1865 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1866 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1867 continue;
1868
1869 if (cmd->user_data != conn)
1870 continue;
1871
1872 return cmd;
1873 }
1874
1875 return NULL;
1876 }
1877
1878 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1879 {
1880 struct mgmt_rp_pair_device rp;
1881 struct hci_conn *conn = cmd->user_data;
1882
1883 bacpy(&rp.addr.bdaddr, &conn->dst);
1884 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1885
1886 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1887 &rp, sizeof(rp));
1888
1889 /* So we don't get further callbacks for this connection */
1890 conn->connect_cfm_cb = NULL;
1891 conn->security_cfm_cb = NULL;
1892 conn->disconn_cfm_cb = NULL;
1893
1894 hci_conn_put(conn);
1895
1896 mgmt_pending_remove(cmd);
1897 }
1898
1899 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1900 {
1901 struct pending_cmd *cmd;
1902
1903 BT_DBG("status %u", status);
1904
1905 cmd = find_pairing(conn);
1906 if (!cmd)
1907 BT_DBG("Unable to find a pending command");
1908 else
1909 pairing_complete(cmd, mgmt_status(status));
1910 }
1911
1912 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1913 {
1914 struct pending_cmd *cmd;
1915
1916 BT_DBG("status %u", status);
1917
1918 if (!status)
1919 return;
1920
1921 cmd = find_pairing(conn);
1922 if (!cmd)
1923 BT_DBG("Unable to find a pending command");
1924 else
1925 pairing_complete(cmd, mgmt_status(status));
1926 }
1927
1928 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1929 u16 len)
1930 {
1931 struct mgmt_cp_pair_device *cp = data;
1932 struct mgmt_rp_pair_device rp;
1933 struct pending_cmd *cmd;
1934 u8 sec_level, auth_type;
1935 struct hci_conn *conn;
1936 int err;
1937
1938 BT_DBG("");
1939
1940 hci_dev_lock(hdev);
1941
1942 if (!hdev_is_powered(hdev)) {
1943 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1944 MGMT_STATUS_NOT_POWERED);
1945 goto unlock;
1946 }
1947
1948 sec_level = BT_SECURITY_MEDIUM;
1949 if (cp->io_cap == 0x03)
1950 auth_type = HCI_AT_DEDICATED_BONDING;
1951 else
1952 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1953
1954 if (cp->addr.type == BDADDR_BREDR)
1955 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1956 cp->addr.type, sec_level, auth_type);
1957 else
1958 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1959 cp->addr.type, sec_level, auth_type);
1960
1961 memset(&rp, 0, sizeof(rp));
1962 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1963 rp.addr.type = cp->addr.type;
1964
1965 if (IS_ERR(conn)) {
1966 int status;
1967
1968 if (PTR_ERR(conn) == -EBUSY)
1969 status = MGMT_STATUS_BUSY;
1970 else
1971 status = MGMT_STATUS_CONNECT_FAILED;
1972
1973 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1974 status, &rp,
1975 sizeof(rp));
1976 goto unlock;
1977 }
1978
1979 if (conn->connect_cfm_cb) {
1980 hci_conn_put(conn);
1981 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1982 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1983 goto unlock;
1984 }
1985
1986 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1987 if (!cmd) {
1988 err = -ENOMEM;
1989 hci_conn_put(conn);
1990 goto unlock;
1991 }
1992
1993 /* For LE, just connecting isn't a proof that the pairing finished */
1994 if (cp->addr.type == BDADDR_BREDR)
1995 conn->connect_cfm_cb = pairing_complete_cb;
1996 else
1997 conn->connect_cfm_cb = le_connect_complete_cb;
1998
1999 conn->security_cfm_cb = pairing_complete_cb;
2000 conn->disconn_cfm_cb = pairing_complete_cb;
2001 conn->io_capability = cp->io_cap;
2002 cmd->user_data = conn;
2003
2004 if (conn->state == BT_CONNECTED &&
2005 hci_conn_security(conn, sec_level, auth_type))
2006 pairing_complete(cmd, 0);
2007
2008 err = 0;
2009
2010 unlock:
2011 hci_dev_unlock(hdev);
2012 return err;
2013 }
2014
2015 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2016 u16 len)
2017 {
2018 struct mgmt_addr_info *addr = data;
2019 struct pending_cmd *cmd;
2020 struct hci_conn *conn;
2021 int err;
2022
2023 BT_DBG("");
2024
2025 hci_dev_lock(hdev);
2026
2027 if (!hdev_is_powered(hdev)) {
2028 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2029 MGMT_STATUS_NOT_POWERED);
2030 goto unlock;
2031 }
2032
2033 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2034 if (!cmd) {
2035 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2036 MGMT_STATUS_INVALID_PARAMS);
2037 goto unlock;
2038 }
2039
2040 conn = cmd->user_data;
2041
2042 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2043 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2044 MGMT_STATUS_INVALID_PARAMS);
2045 goto unlock;
2046 }
2047
2048 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2049
2050 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2051 addr, sizeof(*addr));
2052 unlock:
2053 hci_dev_unlock(hdev);
2054 return err;
2055 }
2056
2057 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2058 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2059 u16 hci_op, __le32 passkey)
2060 {
2061 struct pending_cmd *cmd;
2062 struct hci_conn *conn;
2063 int err;
2064
2065 hci_dev_lock(hdev);
2066
2067 if (!hdev_is_powered(hdev)) {
2068 err = cmd_status(sk, hdev->id, mgmt_op,
2069 MGMT_STATUS_NOT_POWERED);
2070 goto done;
2071 }
2072
2073 if (type == BDADDR_BREDR)
2074 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2075 else
2076 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2077
2078 if (!conn) {
2079 err = cmd_status(sk, hdev->id, mgmt_op,
2080 MGMT_STATUS_NOT_CONNECTED);
2081 goto done;
2082 }
2083
2084 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2085 /* Continue with pairing via SMP */
2086 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2087
2088 if (!err)
2089 err = cmd_status(sk, hdev->id, mgmt_op,
2090 MGMT_STATUS_SUCCESS);
2091 else
2092 err = cmd_status(sk, hdev->id, mgmt_op,
2093 MGMT_STATUS_FAILED);
2094
2095 goto done;
2096 }
2097
2098 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2099 if (!cmd) {
2100 err = -ENOMEM;
2101 goto done;
2102 }
2103
2104 /* Continue with pairing via HCI */
2105 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2106 struct hci_cp_user_passkey_reply cp;
2107
2108 bacpy(&cp.bdaddr, bdaddr);
2109 cp.passkey = passkey;
2110 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2111 } else
2112 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2113
2114 if (err < 0)
2115 mgmt_pending_remove(cmd);
2116
2117 done:
2118 hci_dev_unlock(hdev);
2119 return err;
2120 }
2121
2122 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2123 void *data, u16 len)
2124 {
2125 struct mgmt_cp_pin_code_neg_reply *cp = data;
2126
2127 BT_DBG("");
2128
2129 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2130 MGMT_OP_PIN_CODE_NEG_REPLY,
2131 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2132 }
2133
2134 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2135 u16 len)
2136 {
2137 struct mgmt_cp_user_confirm_reply *cp = data;
2138
2139 BT_DBG("");
2140
2141 if (len != sizeof(*cp))
2142 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2143 MGMT_STATUS_INVALID_PARAMS);
2144
2145 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2146 MGMT_OP_USER_CONFIRM_REPLY,
2147 HCI_OP_USER_CONFIRM_REPLY, 0);
2148 }
2149
2150 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2151 void *data, u16 len)
2152 {
2153 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2154
2155 BT_DBG("");
2156
2157 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2158 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2159 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2160 }
2161
2162 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2163 u16 len)
2164 {
2165 struct mgmt_cp_user_passkey_reply *cp = data;
2166
2167 BT_DBG("");
2168
2169 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2170 MGMT_OP_USER_PASSKEY_REPLY,
2171 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2172 }
2173
2174 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2175 void *data, u16 len)
2176 {
2177 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2178
2179 BT_DBG("");
2180
2181 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2182 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2183 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2184 }
2185
2186 static int update_name(struct hci_dev *hdev, const char *name)
2187 {
2188 struct hci_cp_write_local_name cp;
2189
2190 memcpy(cp.name, name, sizeof(cp.name));
2191
2192 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2193 }
2194
2195 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2196 u16 len)
2197 {
2198 struct mgmt_cp_set_local_name *cp = data;
2199 struct pending_cmd *cmd;
2200 int err;
2201
2202 BT_DBG("");
2203
2204 hci_dev_lock(hdev);
2205
2206 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2207
2208 if (!hdev_is_powered(hdev)) {
2209 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2210
2211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2212 data, len);
2213 if (err < 0)
2214 goto failed;
2215
2216 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2217 sk);
2218
2219 goto failed;
2220 }
2221
2222 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2223 if (!cmd) {
2224 err = -ENOMEM;
2225 goto failed;
2226 }
2227
2228 err = update_name(hdev, cp->name);
2229 if (err < 0)
2230 mgmt_pending_remove(cmd);
2231
2232 failed:
2233 hci_dev_unlock(hdev);
2234 return err;
2235 }
2236
2237 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2238 void *data, u16 data_len)
2239 {
2240 struct pending_cmd *cmd;
2241 int err;
2242
2243 BT_DBG("%s", hdev->name);
2244
2245 hci_dev_lock(hdev);
2246
2247 if (!hdev_is_powered(hdev)) {
2248 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2249 MGMT_STATUS_NOT_POWERED);
2250 goto unlock;
2251 }
2252
2253 if (!lmp_ssp_capable(hdev)) {
2254 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2255 MGMT_STATUS_NOT_SUPPORTED);
2256 goto unlock;
2257 }
2258
2259 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2260 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2261 MGMT_STATUS_BUSY);
2262 goto unlock;
2263 }
2264
2265 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2266 if (!cmd) {
2267 err = -ENOMEM;
2268 goto unlock;
2269 }
2270
2271 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2272 if (err < 0)
2273 mgmt_pending_remove(cmd);
2274
2275 unlock:
2276 hci_dev_unlock(hdev);
2277 return err;
2278 }
2279
2280 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2281 void *data, u16 len)
2282 {
2283 struct mgmt_cp_add_remote_oob_data *cp = data;
2284 u8 status;
2285 int err;
2286
2287 BT_DBG("%s ", hdev->name);
2288
2289 hci_dev_lock(hdev);
2290
2291 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2292 cp->randomizer);
2293 if (err < 0)
2294 status = MGMT_STATUS_FAILED;
2295 else
2296 status = MGMT_STATUS_SUCCESS;
2297
2298 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2299 &cp->addr, sizeof(cp->addr));
2300
2301 hci_dev_unlock(hdev);
2302 return err;
2303 }
2304
2305 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2306 void *data, u16 len)
2307 {
2308 struct mgmt_cp_remove_remote_oob_data *cp = data;
2309 u8 status;
2310 int err;
2311
2312 BT_DBG("%s", hdev->name);
2313
2314 hci_dev_lock(hdev);
2315
2316 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2317 if (err < 0)
2318 status = MGMT_STATUS_INVALID_PARAMS;
2319 else
2320 status = MGMT_STATUS_SUCCESS;
2321
2322 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2323 status, &cp->addr, sizeof(cp->addr));
2324
2325 hci_dev_unlock(hdev);
2326 return err;
2327 }
2328
2329 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2330 {
2331 int err;
2332
2333 BT_DBG("%s", hdev->name);
2334
2335 hci_dev_lock(hdev);
2336
2337 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2338 if (err < 0)
2339 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2340
2341 hci_dev_unlock(hdev);
2342
2343 return err;
2344 }
2345
2346 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2347 void *data, u16 len)
2348 {
2349 struct mgmt_cp_start_discovery *cp = data;
2350 struct pending_cmd *cmd;
2351 int err;
2352
2353 BT_DBG("%s", hdev->name);
2354
2355 hci_dev_lock(hdev);
2356
2357 if (!hdev_is_powered(hdev)) {
2358 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2359 MGMT_STATUS_NOT_POWERED);
2360 goto failed;
2361 }
2362
2363 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2364 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2365 MGMT_STATUS_BUSY);
2366 goto failed;
2367 }
2368
2369 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2370 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2371 MGMT_STATUS_BUSY);
2372 goto failed;
2373 }
2374
2375 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2376 if (!cmd) {
2377 err = -ENOMEM;
2378 goto failed;
2379 }
2380
2381 hdev->discovery.type = cp->type;
2382
2383 switch (hdev->discovery.type) {
2384 case DISCOV_TYPE_BREDR:
2385 if (!lmp_bredr_capable(hdev)) {
2386 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2387 MGMT_STATUS_NOT_SUPPORTED);
2388 mgmt_pending_remove(cmd);
2389 goto failed;
2390 }
2391
2392 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2393 break;
2394
2395 case DISCOV_TYPE_LE:
2396 if (!lmp_host_le_capable(hdev)) {
2397 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2398 MGMT_STATUS_NOT_SUPPORTED);
2399 mgmt_pending_remove(cmd);
2400 goto failed;
2401 }
2402
2403 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2404 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2405 break;
2406
2407 case DISCOV_TYPE_INTERLEAVED:
2408 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2409 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2410 MGMT_STATUS_NOT_SUPPORTED);
2411 mgmt_pending_remove(cmd);
2412 goto failed;
2413 }
2414
2415 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2416 LE_SCAN_TIMEOUT_BREDR_LE);
2417 break;
2418
2419 default:
2420 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2421 MGMT_STATUS_INVALID_PARAMS);
2422 mgmt_pending_remove(cmd);
2423 goto failed;
2424 }
2425
2426 if (err < 0)
2427 mgmt_pending_remove(cmd);
2428 else
2429 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2430
2431 failed:
2432 hci_dev_unlock(hdev);
2433 return err;
2434 }
2435
2436 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2437 u16 len)
2438 {
2439 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2440 struct pending_cmd *cmd;
2441 struct hci_cp_remote_name_req_cancel cp;
2442 struct inquiry_entry *e;
2443 int err;
2444
2445 BT_DBG("%s", hdev->name);
2446
2447 hci_dev_lock(hdev);
2448
2449 if (!hci_discovery_active(hdev)) {
2450 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2451 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2452 sizeof(mgmt_cp->type));
2453 goto unlock;
2454 }
2455
2456 if (hdev->discovery.type != mgmt_cp->type) {
2457 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2458 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2459 sizeof(mgmt_cp->type));
2460 goto unlock;
2461 }
2462
2463 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2464 if (!cmd) {
2465 err = -ENOMEM;
2466 goto unlock;
2467 }
2468
2469 switch (hdev->discovery.state) {
2470 case DISCOVERY_FINDING:
2471 if (test_bit(HCI_INQUIRY, &hdev->flags))
2472 err = hci_cancel_inquiry(hdev);
2473 else
2474 err = hci_cancel_le_scan(hdev);
2475
2476 break;
2477
2478 case DISCOVERY_RESOLVING:
2479 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2480 NAME_PENDING);
2481 if (!e) {
2482 mgmt_pending_remove(cmd);
2483 err = cmd_complete(sk, hdev->id,
2484 MGMT_OP_STOP_DISCOVERY, 0,
2485 &mgmt_cp->type,
2486 sizeof(mgmt_cp->type));
2487 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2488 goto unlock;
2489 }
2490
2491 bacpy(&cp.bdaddr, &e->data.bdaddr);
2492 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2493 sizeof(cp), &cp);
2494
2495 break;
2496
2497 default:
2498 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2499 err = -EFAULT;
2500 }
2501
2502 if (err < 0)
2503 mgmt_pending_remove(cmd);
2504 else
2505 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2506
2507 unlock:
2508 hci_dev_unlock(hdev);
2509 return err;
2510 }
2511
2512 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2513 u16 len)
2514 {
2515 struct mgmt_cp_confirm_name *cp = data;
2516 struct inquiry_entry *e;
2517 int err;
2518
2519 BT_DBG("%s", hdev->name);
2520
2521 hci_dev_lock(hdev);
2522
2523 if (!hci_discovery_active(hdev)) {
2524 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2525 MGMT_STATUS_FAILED);
2526 goto failed;
2527 }
2528
2529 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2530 if (!e) {
2531 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2532 MGMT_STATUS_INVALID_PARAMS);
2533 goto failed;
2534 }
2535
2536 if (cp->name_known) {
2537 e->name_state = NAME_KNOWN;
2538 list_del(&e->list);
2539 } else {
2540 e->name_state = NAME_NEEDED;
2541 hci_inquiry_cache_update_resolve(hdev, e);
2542 }
2543
2544 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2545 sizeof(cp->addr));
2546
2547 failed:
2548 hci_dev_unlock(hdev);
2549 return err;
2550 }
2551
2552 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2553 u16 len)
2554 {
2555 struct mgmt_cp_block_device *cp = data;
2556 u8 status;
2557 int err;
2558
2559 BT_DBG("%s", hdev->name);
2560
2561 hci_dev_lock(hdev);
2562
2563 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2564 if (err < 0)
2565 status = MGMT_STATUS_FAILED;
2566 else
2567 status = MGMT_STATUS_SUCCESS;
2568
2569 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2570 &cp->addr, sizeof(cp->addr));
2571
2572 hci_dev_unlock(hdev);
2573
2574 return err;
2575 }
2576
2577 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2578 u16 len)
2579 {
2580 struct mgmt_cp_unblock_device *cp = data;
2581 u8 status;
2582 int err;
2583
2584 BT_DBG("%s", hdev->name);
2585
2586 hci_dev_lock(hdev);
2587
2588 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2589 if (err < 0)
2590 status = MGMT_STATUS_INVALID_PARAMS;
2591 else
2592 status = MGMT_STATUS_SUCCESS;
2593
2594 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2595 &cp->addr, sizeof(cp->addr));
2596
2597 hci_dev_unlock(hdev);
2598
2599 return err;
2600 }
2601
2602 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2603 u16 len)
2604 {
2605 struct mgmt_cp_set_device_id *cp = data;
2606 int err;
2607 __u16 source;
2608
2609 BT_DBG("%s", hdev->name);
2610
2611 source = __le16_to_cpu(cp->source);
2612
2613 if (source > 0x0002)
2614 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2615 MGMT_STATUS_INVALID_PARAMS);
2616
2617 hci_dev_lock(hdev);
2618
2619 hdev->devid_source = source;
2620 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2621 hdev->devid_product = __le16_to_cpu(cp->product);
2622 hdev->devid_version = __le16_to_cpu(cp->version);
2623
2624 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2625
2626 update_eir(hdev);
2627
2628 hci_dev_unlock(hdev);
2629
2630 return err;
2631 }
2632
2633 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2634 void *data, u16 len)
2635 {
2636 struct mgmt_mode *cp = data;
2637 struct hci_cp_write_page_scan_activity acp;
2638 u8 type;
2639 int err;
2640
2641 BT_DBG("%s", hdev->name);
2642
2643 if (!lmp_bredr_capable(hdev))
2644 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2645 MGMT_STATUS_NOT_SUPPORTED);
2646
2647 if (cp->val != 0x00 && cp->val != 0x01)
2648 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2649 MGMT_STATUS_INVALID_PARAMS);
2650
2651 if (!hdev_is_powered(hdev))
2652 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2653 MGMT_STATUS_NOT_POWERED);
2654
2655 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2656 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2657 MGMT_STATUS_REJECTED);
2658
2659 hci_dev_lock(hdev);
2660
2661 if (cp->val) {
2662 type = PAGE_SCAN_TYPE_INTERLACED;
2663
2664 /* 160 msec page scan interval */
2665 acp.interval = __constant_cpu_to_le16(0x0100);
2666 } else {
2667 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2668
2669 /* default 1.28 sec page scan */
2670 acp.interval = __constant_cpu_to_le16(0x0800);
2671 }
2672
2673 /* default 11.25 msec page scan window */
2674 acp.window = __constant_cpu_to_le16(0x0012);
2675
2676 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2677 &acp);
2678 if (err < 0) {
2679 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2680 MGMT_STATUS_FAILED);
2681 goto done;
2682 }
2683
2684 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2685 if (err < 0) {
2686 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2687 MGMT_STATUS_FAILED);
2688 goto done;
2689 }
2690
2691 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2692 NULL, 0);
2693 done:
2694 hci_dev_unlock(hdev);
2695 return err;
2696 }
2697
2698 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2699 void *cp_data, u16 len)
2700 {
2701 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2702 u16 key_count, expected_len;
2703 int i, err;
2704
2705 key_count = __le16_to_cpu(cp->key_count);
2706
2707 expected_len = sizeof(*cp) + key_count *
2708 sizeof(struct mgmt_ltk_info);
2709 if (expected_len != len) {
2710 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2711 len, expected_len);
2712 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2713 EINVAL);
2714 }
2715
2716 BT_DBG("%s key_count %u", hdev->name, key_count);
2717
2718 hci_dev_lock(hdev);
2719
2720 hci_smp_ltks_clear(hdev);
2721
2722 for (i = 0; i < key_count; i++) {
2723 struct mgmt_ltk_info *key = &cp->keys[i];
2724 u8 type;
2725
2726 if (key->master)
2727 type = HCI_SMP_LTK;
2728 else
2729 type = HCI_SMP_LTK_SLAVE;
2730
2731 hci_add_ltk(hdev, &key->addr.bdaddr,
2732 bdaddr_to_le(key->addr.type),
2733 type, 0, key->authenticated, key->val,
2734 key->enc_size, key->ediv, key->rand);
2735 }
2736
2737 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2738 NULL, 0);
2739
2740 hci_dev_unlock(hdev);
2741
2742 return err;
2743 }
2744
2745 static const struct mgmt_handler {
2746 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2747 u16 data_len);
2748 bool var_len;
2749 size_t data_len;
2750 } mgmt_handlers[] = {
2751 { NULL }, /* 0x0000 (no command) */
2752 { read_version, false, MGMT_READ_VERSION_SIZE },
2753 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2754 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2755 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2756 { set_powered, false, MGMT_SETTING_SIZE },
2757 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2758 { set_connectable, false, MGMT_SETTING_SIZE },
2759 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2760 { set_pairable, false, MGMT_SETTING_SIZE },
2761 { set_link_security, false, MGMT_SETTING_SIZE },
2762 { set_ssp, false, MGMT_SETTING_SIZE },
2763 { set_hs, false, MGMT_SETTING_SIZE },
2764 { set_le, false, MGMT_SETTING_SIZE },
2765 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2766 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2767 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2768 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2769 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2770 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2771 { disconnect, false, MGMT_DISCONNECT_SIZE },
2772 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2773 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2774 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2775 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2776 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2777 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2778 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2779 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2780 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2781 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2782 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2783 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2784 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2785 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2786 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2787 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2788 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2789 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2790 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2791 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2792 };
2793
2794
2795 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2796 {
2797 void *buf;
2798 u8 *cp;
2799 struct mgmt_hdr *hdr;
2800 u16 opcode, index, len;
2801 struct hci_dev *hdev = NULL;
2802 const struct mgmt_handler *handler;
2803 int err;
2804
2805 BT_DBG("got %zu bytes", msglen);
2806
2807 if (msglen < sizeof(*hdr))
2808 return -EINVAL;
2809
2810 buf = kmalloc(msglen, GFP_KERNEL);
2811 if (!buf)
2812 return -ENOMEM;
2813
2814 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2815 err = -EFAULT;
2816 goto done;
2817 }
2818
2819 hdr = buf;
2820 opcode = __le16_to_cpu(hdr->opcode);
2821 index = __le16_to_cpu(hdr->index);
2822 len = __le16_to_cpu(hdr->len);
2823
2824 if (len != msglen - sizeof(*hdr)) {
2825 err = -EINVAL;
2826 goto done;
2827 }
2828
2829 if (index != MGMT_INDEX_NONE) {
2830 hdev = hci_dev_get(index);
2831 if (!hdev) {
2832 err = cmd_status(sk, index, opcode,
2833 MGMT_STATUS_INVALID_INDEX);
2834 goto done;
2835 }
2836 }
2837
2838 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2839 mgmt_handlers[opcode].func == NULL) {
2840 BT_DBG("Unknown op %u", opcode);
2841 err = cmd_status(sk, index, opcode,
2842 MGMT_STATUS_UNKNOWN_COMMAND);
2843 goto done;
2844 }
2845
2846 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2847 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2848 err = cmd_status(sk, index, opcode,
2849 MGMT_STATUS_INVALID_INDEX);
2850 goto done;
2851 }
2852
2853 handler = &mgmt_handlers[opcode];
2854
2855 if ((handler->var_len && len < handler->data_len) ||
2856 (!handler->var_len && len != handler->data_len)) {
2857 err = cmd_status(sk, index, opcode,
2858 MGMT_STATUS_INVALID_PARAMS);
2859 goto done;
2860 }
2861
2862 if (hdev)
2863 mgmt_init_hdev(sk, hdev);
2864
2865 cp = buf + sizeof(*hdr);
2866
2867 err = handler->func(sk, hdev, cp, len);
2868 if (err < 0)
2869 goto done;
2870
2871 err = msglen;
2872
2873 done:
2874 if (hdev)
2875 hci_dev_put(hdev);
2876
2877 kfree(buf);
2878 return err;
2879 }
2880
2881 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2882 {
2883 u8 *status = data;
2884
2885 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2886 mgmt_pending_remove(cmd);
2887 }
2888
2889 int mgmt_index_added(struct hci_dev *hdev)
2890 {
2891 if (!mgmt_valid_hdev(hdev))
2892 return -ENOTSUPP;
2893
2894 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2895 }
2896
2897 int mgmt_index_removed(struct hci_dev *hdev)
2898 {
2899 u8 status = MGMT_STATUS_INVALID_INDEX;
2900
2901 if (!mgmt_valid_hdev(hdev))
2902 return -ENOTSUPP;
2903
2904 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2905
2906 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2907 }
2908
2909 struct cmd_lookup {
2910 struct sock *sk;
2911 struct hci_dev *hdev;
2912 u8 mgmt_status;
2913 };
2914
2915 static void settings_rsp(struct pending_cmd *cmd, void *data)
2916 {
2917 struct cmd_lookup *match = data;
2918
2919 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2920
2921 list_del(&cmd->list);
2922
2923 if (match->sk == NULL) {
2924 match->sk = cmd->sk;
2925 sock_hold(match->sk);
2926 }
2927
2928 mgmt_pending_free(cmd);
2929 }
2930
2931 static int set_bredr_scan(struct hci_dev *hdev)
2932 {
2933 u8 scan = 0;
2934
2935 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2936 scan |= SCAN_PAGE;
2937 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2938 scan |= SCAN_INQUIRY;
2939
2940 if (!scan)
2941 return 0;
2942
2943 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2944 }
2945
2946 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2947 {
2948 struct cmd_lookup match = { NULL, hdev };
2949 int err;
2950
2951 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2952 return 0;
2953
2954 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2955
2956 if (powered) {
2957 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2958 !lmp_host_ssp_capable(hdev)) {
2959 u8 ssp = 1;
2960
2961 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2962 }
2963
2964 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2965 struct hci_cp_write_le_host_supported cp;
2966
2967 cp.le = 1;
2968 cp.simul = lmp_le_br_capable(hdev);
2969
2970 /* Check first if we already have the right
2971 * host state (host features set)
2972 */
2973 if (cp.le != lmp_host_le_capable(hdev) ||
2974 cp.simul != lmp_host_le_br_capable(hdev))
2975 hci_send_cmd(hdev,
2976 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2977 sizeof(cp), &cp);
2978 }
2979
2980 if (lmp_bredr_capable(hdev)) {
2981 set_bredr_scan(hdev);
2982 update_class(hdev);
2983 update_name(hdev, hdev->dev_name);
2984 update_eir(hdev);
2985 }
2986 } else {
2987 u8 status = MGMT_STATUS_NOT_POWERED;
2988 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2989 }
2990
2991 err = new_settings(hdev, match.sk);
2992
2993 if (match.sk)
2994 sock_put(match.sk);
2995
2996 return err;
2997 }
2998
2999 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3000 {
3001 struct cmd_lookup match = { NULL, hdev };
3002 bool changed = false;
3003 int err = 0;
3004
3005 if (discoverable) {
3006 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3007 changed = true;
3008 } else {
3009 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3010 changed = true;
3011 }
3012
3013 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3014 &match);
3015
3016 if (changed)
3017 err = new_settings(hdev, match.sk);
3018
3019 if (match.sk)
3020 sock_put(match.sk);
3021
3022 return err;
3023 }
3024
3025 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3026 {
3027 struct cmd_lookup match = { NULL, hdev };
3028 bool changed = false;
3029 int err = 0;
3030
3031 if (connectable) {
3032 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3033 changed = true;
3034 } else {
3035 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3036 changed = true;
3037 }
3038
3039 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3040 &match);
3041
3042 if (changed)
3043 err = new_settings(hdev, match.sk);
3044
3045 if (match.sk)
3046 sock_put(match.sk);
3047
3048 return err;
3049 }
3050
3051 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3052 {
3053 u8 mgmt_err = mgmt_status(status);
3054
3055 if (scan & SCAN_PAGE)
3056 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3057 cmd_status_rsp, &mgmt_err);
3058
3059 if (scan & SCAN_INQUIRY)
3060 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3061 cmd_status_rsp, &mgmt_err);
3062
3063 return 0;
3064 }
3065
3066 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3067 bool persistent)
3068 {
3069 struct mgmt_ev_new_link_key ev;
3070
3071 memset(&ev, 0, sizeof(ev));
3072
3073 ev.store_hint = persistent;
3074 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3075 ev.key.addr.type = BDADDR_BREDR;
3076 ev.key.type = key->type;
3077 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3078 ev.key.pin_len = key->pin_len;
3079
3080 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3081 }
3082
3083 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3084 {
3085 struct mgmt_ev_new_long_term_key ev;
3086
3087 memset(&ev, 0, sizeof(ev));
3088
3089 ev.store_hint = persistent;
3090 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3091 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3092 ev.key.authenticated = key->authenticated;
3093 ev.key.enc_size = key->enc_size;
3094 ev.key.ediv = key->ediv;
3095
3096 if (key->type == HCI_SMP_LTK)
3097 ev.key.master = 1;
3098
3099 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3100 memcpy(ev.key.val, key->val, sizeof(key->val));
3101
3102 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3103 NULL);
3104 }
3105
3106 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3107 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3108 u8 *dev_class)
3109 {
3110 char buf[512];
3111 struct mgmt_ev_device_connected *ev = (void *) buf;
3112 u16 eir_len = 0;
3113
3114 bacpy(&ev->addr.bdaddr, bdaddr);
3115 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3116
3117 ev->flags = __cpu_to_le32(flags);
3118
3119 if (name_len > 0)
3120 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3121 name, name_len);
3122
3123 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3124 eir_len = eir_append_data(ev->eir, eir_len,
3125 EIR_CLASS_OF_DEV, dev_class, 3);
3126
3127 ev->eir_len = cpu_to_le16(eir_len);
3128
3129 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3130 sizeof(*ev) + eir_len, NULL);
3131 }
3132
3133 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3134 {
3135 struct mgmt_cp_disconnect *cp = cmd->param;
3136 struct sock **sk = data;
3137 struct mgmt_rp_disconnect rp;
3138
3139 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3140 rp.addr.type = cp->addr.type;
3141
3142 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3143 sizeof(rp));
3144
3145 *sk = cmd->sk;
3146 sock_hold(*sk);
3147
3148 mgmt_pending_remove(cmd);
3149 }
3150
3151 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3152 {
3153 struct hci_dev *hdev = data;
3154 struct mgmt_cp_unpair_device *cp = cmd->param;
3155 struct mgmt_rp_unpair_device rp;
3156
3157 memset(&rp, 0, sizeof(rp));
3158 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3159 rp.addr.type = cp->addr.type;
3160
3161 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3162
3163 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3164
3165 mgmt_pending_remove(cmd);
3166 }
3167
3168 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3169 u8 link_type, u8 addr_type, u8 reason)
3170 {
3171 struct mgmt_ev_device_disconnected ev;
3172 struct sock *sk = NULL;
3173 int err;
3174
3175 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3176
3177 bacpy(&ev.addr.bdaddr, bdaddr);
3178 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3179 ev.reason = reason;
3180
3181 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3182 sk);
3183
3184 if (sk)
3185 sock_put(sk);
3186
3187 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3188 hdev);
3189
3190 return err;
3191 }
3192
3193 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3194 u8 link_type, u8 addr_type, u8 status)
3195 {
3196 struct mgmt_rp_disconnect rp;
3197 struct pending_cmd *cmd;
3198 int err;
3199
3200 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3201 hdev);
3202
3203 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3204 if (!cmd)
3205 return -ENOENT;
3206
3207 bacpy(&rp.addr.bdaddr, bdaddr);
3208 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3209
3210 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3211 mgmt_status(status), &rp, sizeof(rp));
3212
3213 mgmt_pending_remove(cmd);
3214
3215 return err;
3216 }
3217
3218 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3219 u8 addr_type, u8 status)
3220 {
3221 struct mgmt_ev_connect_failed ev;
3222
3223 bacpy(&ev.addr.bdaddr, bdaddr);
3224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3225 ev.status = mgmt_status(status);
3226
3227 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3228 }
3229
3230 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3231 {
3232 struct mgmt_ev_pin_code_request ev;
3233
3234 bacpy(&ev.addr.bdaddr, bdaddr);
3235 ev.addr.type = BDADDR_BREDR;
3236 ev.secure = secure;
3237
3238 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3239 NULL);
3240 }
3241
3242 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3243 u8 status)
3244 {
3245 struct pending_cmd *cmd;
3246 struct mgmt_rp_pin_code_reply rp;
3247 int err;
3248
3249 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3250 if (!cmd)
3251 return -ENOENT;
3252
3253 bacpy(&rp.addr.bdaddr, bdaddr);
3254 rp.addr.type = BDADDR_BREDR;
3255
3256 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3257 mgmt_status(status), &rp, sizeof(rp));
3258
3259 mgmt_pending_remove(cmd);
3260
3261 return err;
3262 }
3263
3264 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3265 u8 status)
3266 {
3267 struct pending_cmd *cmd;
3268 struct mgmt_rp_pin_code_reply rp;
3269 int err;
3270
3271 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3272 if (!cmd)
3273 return -ENOENT;
3274
3275 bacpy(&rp.addr.bdaddr, bdaddr);
3276 rp.addr.type = BDADDR_BREDR;
3277
3278 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3279 mgmt_status(status), &rp, sizeof(rp));
3280
3281 mgmt_pending_remove(cmd);
3282
3283 return err;
3284 }
3285
3286 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3287 u8 link_type, u8 addr_type, __le32 value,
3288 u8 confirm_hint)
3289 {
3290 struct mgmt_ev_user_confirm_request ev;
3291
3292 BT_DBG("%s", hdev->name);
3293
3294 bacpy(&ev.addr.bdaddr, bdaddr);
3295 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3296 ev.confirm_hint = confirm_hint;
3297 ev.value = value;
3298
3299 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3300 NULL);
3301 }
3302
3303 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3304 u8 link_type, u8 addr_type)
3305 {
3306 struct mgmt_ev_user_passkey_request ev;
3307
3308 BT_DBG("%s", hdev->name);
3309
3310 bacpy(&ev.addr.bdaddr, bdaddr);
3311 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3312
3313 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3314 NULL);
3315 }
3316
3317 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3318 u8 link_type, u8 addr_type, u8 status,
3319 u8 opcode)
3320 {
3321 struct pending_cmd *cmd;
3322 struct mgmt_rp_user_confirm_reply rp;
3323 int err;
3324
3325 cmd = mgmt_pending_find(opcode, hdev);
3326 if (!cmd)
3327 return -ENOENT;
3328
3329 bacpy(&rp.addr.bdaddr, bdaddr);
3330 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3331 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3332 &rp, sizeof(rp));
3333
3334 mgmt_pending_remove(cmd);
3335
3336 return err;
3337 }
3338
3339 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3340 u8 link_type, u8 addr_type, u8 status)
3341 {
3342 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3343 status, MGMT_OP_USER_CONFIRM_REPLY);
3344 }
3345
3346 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3347 u8 link_type, u8 addr_type, u8 status)
3348 {
3349 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3350 status,
3351 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3352 }
3353
3354 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3355 u8 link_type, u8 addr_type, u8 status)
3356 {
3357 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3358 status, MGMT_OP_USER_PASSKEY_REPLY);
3359 }
3360
3361 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3362 u8 link_type, u8 addr_type, u8 status)
3363 {
3364 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3365 status,
3366 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3367 }
3368
3369 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3370 u8 link_type, u8 addr_type, u32 passkey,
3371 u8 entered)
3372 {
3373 struct mgmt_ev_passkey_notify ev;
3374
3375 BT_DBG("%s", hdev->name);
3376
3377 bacpy(&ev.addr.bdaddr, bdaddr);
3378 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3379 ev.passkey = __cpu_to_le32(passkey);
3380 ev.entered = entered;
3381
3382 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3383 }
3384
3385 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3386 u8 addr_type, u8 status)
3387 {
3388 struct mgmt_ev_auth_failed ev;
3389
3390 bacpy(&ev.addr.bdaddr, bdaddr);
3391 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3392 ev.status = mgmt_status(status);
3393
3394 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3395 }
3396
3397 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3398 {
3399 struct cmd_lookup match = { NULL, hdev };
3400 bool changed = false;
3401 int err = 0;
3402
3403 if (status) {
3404 u8 mgmt_err = mgmt_status(status);
3405 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3406 cmd_status_rsp, &mgmt_err);
3407 return 0;
3408 }
3409
3410 if (test_bit(HCI_AUTH, &hdev->flags)) {
3411 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3412 changed = true;
3413 } else {
3414 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3415 changed = true;
3416 }
3417
3418 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3419 &match);
3420
3421 if (changed)
3422 err = new_settings(hdev, match.sk);
3423
3424 if (match.sk)
3425 sock_put(match.sk);
3426
3427 return err;
3428 }
3429
3430 static int clear_eir(struct hci_dev *hdev)
3431 {
3432 struct hci_cp_write_eir cp;
3433
3434 if (!lmp_ext_inq_capable(hdev))
3435 return 0;
3436
3437 memset(hdev->eir, 0, sizeof(hdev->eir));
3438
3439 memset(&cp, 0, sizeof(cp));
3440
3441 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3442 }
3443
3444 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3445 {
3446 struct cmd_lookup match = { NULL, hdev };
3447 bool changed = false;
3448 int err = 0;
3449
3450 if (status) {
3451 u8 mgmt_err = mgmt_status(status);
3452
3453 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3454 &hdev->dev_flags))
3455 err = new_settings(hdev, NULL);
3456
3457 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3458 &mgmt_err);
3459
3460 return err;
3461 }
3462
3463 if (enable) {
3464 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3465 changed = true;
3466 } else {
3467 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3468 changed = true;
3469 }
3470
3471 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3472
3473 if (changed)
3474 err = new_settings(hdev, match.sk);
3475
3476 if (match.sk)
3477 sock_put(match.sk);
3478
3479 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3480 update_eir(hdev);
3481 else
3482 clear_eir(hdev);
3483
3484 return err;
3485 }
3486
3487 static void class_rsp(struct pending_cmd *cmd, void *data)
3488 {
3489 struct cmd_lookup *match = data;
3490
3491 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3492 match->hdev->dev_class, 3);
3493
3494 list_del(&cmd->list);
3495
3496 if (match->sk == NULL) {
3497 match->sk = cmd->sk;
3498 sock_hold(match->sk);
3499 }
3500
3501 mgmt_pending_free(cmd);
3502 }
3503
3504 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3505 u8 status)
3506 {
3507 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3508 int err = 0;
3509
3510 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3511
3512 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3513 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3514 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3515
3516 if (!status)
3517 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3518 3, NULL);
3519
3520 if (match.sk)
3521 sock_put(match.sk);
3522
3523 return err;
3524 }
3525
3526 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3527 {
3528 struct pending_cmd *cmd;
3529 struct mgmt_cp_set_local_name ev;
3530 bool changed = false;
3531 int err = 0;
3532
3533 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3534 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3535 changed = true;
3536 }
3537
3538 memset(&ev, 0, sizeof(ev));
3539 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3540 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3541
3542 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3543 if (!cmd)
3544 goto send_event;
3545
3546 /* Always assume that either the short or the complete name has
3547 * changed if there was a pending mgmt command */
3548 changed = true;
3549
3550 if (status) {
3551 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3552 mgmt_status(status));
3553 goto failed;
3554 }
3555
3556 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3557 sizeof(ev));
3558 if (err < 0)
3559 goto failed;
3560
3561 send_event:
3562 if (changed)
3563 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3564 sizeof(ev), cmd ? cmd->sk : NULL);
3565
3566 /* EIR is taken care of separately when powering on the
3567 * adapter so only update them here if this is a name change
3568 * unrelated to power on.
3569 */
3570 if (!test_bit(HCI_INIT, &hdev->flags))
3571 update_eir(hdev);
3572
3573 failed:
3574 if (cmd)
3575 mgmt_pending_remove(cmd);
3576 return err;
3577 }
3578
3579 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3580 u8 *randomizer, u8 status)
3581 {
3582 struct pending_cmd *cmd;
3583 int err;
3584
3585 BT_DBG("%s status %u", hdev->name, status);
3586
3587 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3588 if (!cmd)
3589 return -ENOENT;
3590
3591 if (status) {
3592 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3593 mgmt_status(status));
3594 } else {
3595 struct mgmt_rp_read_local_oob_data rp;
3596
3597 memcpy(rp.hash, hash, sizeof(rp.hash));
3598 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3599
3600 err = cmd_complete(cmd->sk, hdev->id,
3601 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3602 sizeof(rp));
3603 }
3604
3605 mgmt_pending_remove(cmd);
3606
3607 return err;
3608 }
3609
3610 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3611 {
3612 struct cmd_lookup match = { NULL, hdev };
3613 bool changed = false;
3614 int err = 0;
3615
3616 if (status) {
3617 u8 mgmt_err = mgmt_status(status);
3618
3619 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3620 &hdev->dev_flags))
3621 err = new_settings(hdev, NULL);
3622
3623 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3624 &mgmt_err);
3625
3626 return err;
3627 }
3628
3629 if (enable) {
3630 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3631 changed = true;
3632 } else {
3633 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3634 changed = true;
3635 }
3636
3637 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3638
3639 if (changed)
3640 err = new_settings(hdev, match.sk);
3641
3642 if (match.sk)
3643 sock_put(match.sk);
3644
3645 return err;
3646 }
3647
3648 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3649 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3650 ssp, u8 *eir, u16 eir_len)
3651 {
3652 char buf[512];
3653 struct mgmt_ev_device_found *ev = (void *) buf;
3654 size_t ev_size;
3655
3656 /* Leave 5 bytes for a potential CoD field */
3657 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3658 return -EINVAL;
3659
3660 memset(buf, 0, sizeof(buf));
3661
3662 bacpy(&ev->addr.bdaddr, bdaddr);
3663 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3664 ev->rssi = rssi;
3665 if (cfm_name)
3666 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3667 if (!ssp)
3668 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3669
3670 if (eir_len > 0)
3671 memcpy(ev->eir, eir, eir_len);
3672
3673 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3674 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3675 dev_class, 3);
3676
3677 ev->eir_len = cpu_to_le16(eir_len);
3678 ev_size = sizeof(*ev) + eir_len;
3679
3680 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3681 }
3682
3683 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3684 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3685 {
3686 struct mgmt_ev_device_found *ev;
3687 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3688 u16 eir_len;
3689
3690 ev = (struct mgmt_ev_device_found *) buf;
3691
3692 memset(buf, 0, sizeof(buf));
3693
3694 bacpy(&ev->addr.bdaddr, bdaddr);
3695 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3696 ev->rssi = rssi;
3697
3698 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3699 name_len);
3700
3701 ev->eir_len = cpu_to_le16(eir_len);
3702
3703 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3704 sizeof(*ev) + eir_len, NULL);
3705 }
3706
3707 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3708 {
3709 struct pending_cmd *cmd;
3710 u8 type;
3711 int err;
3712
3713 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3714
3715 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3716 if (!cmd)
3717 return -ENOENT;
3718
3719 type = hdev->discovery.type;
3720
3721 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3722 &type, sizeof(type));
3723 mgmt_pending_remove(cmd);
3724
3725 return err;
3726 }
3727
3728 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3729 {
3730 struct pending_cmd *cmd;
3731 int err;
3732
3733 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3734 if (!cmd)
3735 return -ENOENT;
3736
3737 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3738 &hdev->discovery.type, sizeof(hdev->discovery.type));
3739 mgmt_pending_remove(cmd);
3740
3741 return err;
3742 }
3743
3744 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3745 {
3746 struct mgmt_ev_discovering ev;
3747 struct pending_cmd *cmd;
3748
3749 BT_DBG("%s discovering %u", hdev->name, discovering);
3750
3751 if (discovering)
3752 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3753 else
3754 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3755
3756 if (cmd != NULL) {
3757 u8 type = hdev->discovery.type;
3758
3759 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3760 sizeof(type));
3761 mgmt_pending_remove(cmd);
3762 }
3763
3764 memset(&ev, 0, sizeof(ev));
3765 ev.type = hdev->discovery.type;
3766 ev.discovering = discovering;
3767
3768 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3769 }
3770
3771 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3772 {
3773 struct pending_cmd *cmd;
3774 struct mgmt_ev_device_blocked ev;
3775
3776 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3777
3778 bacpy(&ev.addr.bdaddr, bdaddr);
3779 ev.addr.type = type;
3780
3781 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3782 cmd ? cmd->sk : NULL);
3783 }
3784
3785 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3786 {
3787 struct pending_cmd *cmd;
3788 struct mgmt_ev_device_unblocked ev;
3789
3790 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3791
3792 bacpy(&ev.addr.bdaddr, bdaddr);
3793 ev.addr.type = type;
3794
3795 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3796 cmd ? cmd->sk : NULL);
3797 }
3798
3799 module_param(enable_hs, bool, 0644);
3800 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
kernel source for telekom puls (alcatel/mediatek)