projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add address type to mgmt blacklist messages
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
ca69b795 25#include <linux/kernel.h>
72359753 26#include <linux/uaccess.h>
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
02d98129
JH		 35#define MGMT_VERSION 0
36#define MGMT_REVISION 1
37
3fd24153
AG		 38/*
39 * These LE scan and inquiry parameters were chosen according to LE General
40 * Discovery Procedure specification.
41 */
42#define LE_SCAN_TYPE 0x01
43#define LE_SCAN_WIN 0x12
44#define LE_SCAN_INT 0x12
45#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
46
e8777525 47#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
2519a1fc 48
7d78525d
JH		 49#define SERVICE_CACHE_TIMEOUT (5 * 1000)
50
eec8d2bc
JH		 51struct pending_cmd {
52 struct list_head list;
fc2f4b13 53 u16 opcode;
eec8d2bc 54 int index;
c68fb7ff 55 void *param;
eec8d2bc 56 struct sock *sk;
e9a416b5 57 void *user_data;
eec8d2bc
JH		 58};
59
ca69b795
JH		 60/* HCI to MGMT error code conversion table */
61static u8 mgmt_status_table[] = {
62 MGMT_STATUS_SUCCESS,
63 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
64 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
65 MGMT_STATUS_FAILED, /* Hardware Failure */
66 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
67 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
68 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
69 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
70 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
71 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
72 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
73 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
74 MGMT_STATUS_BUSY, /* Command Disallowed */
75 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
76 MGMT_STATUS_REJECTED, /* Rejected Security */
77 MGMT_STATUS_REJECTED, /* Rejected Personal */
78 MGMT_STATUS_TIMEOUT, /* Host Timeout */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
80 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
81 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
82 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
83 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
84 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
85 MGMT_STATUS_BUSY, /* Repeated Attempts */
86 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
87 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
88 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
89 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
90 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
91 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
92 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
93 MGMT_STATUS_FAILED, /* Unspecified Error */
94 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
95 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
96 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
97 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
98 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
99 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
100 MGMT_STATUS_FAILED, /* Unit Link Key Used */
101 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
102 MGMT_STATUS_TIMEOUT, /* Instant Passed */
103 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
104 MGMT_STATUS_FAILED, /* Transaction Collision */
105 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
106 MGMT_STATUS_REJECTED, /* QoS Rejected */
107 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
108 MGMT_STATUS_REJECTED, /* Insufficient Security */
109 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
110 MGMT_STATUS_BUSY, /* Role Switch Pending */
111 MGMT_STATUS_FAILED, /* Slot Violation */
112 MGMT_STATUS_FAILED, /* Role Switch Failed */
113 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
114 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
115 MGMT_STATUS_BUSY, /* Host Busy Pairing */
116 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
117 MGMT_STATUS_BUSY, /* Controller Busy */
118 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
119 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
120 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
121 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
122 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
123};
124
125static u8 mgmt_status(u8 hci_status)
126{
127 if (hci_status < ARRAY_SIZE(mgmt_status_table))
128 return mgmt_status_table[hci_status];
129
130 return MGMT_STATUS_FAILED;
131}
132
4e51eae9 133static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 134{
135 struct sk_buff *skb;
136 struct mgmt_hdr *hdr;
137 struct mgmt_ev_cmd_status *ev;
56b7d137 138 int err;
f7b64e69 139
34eb525c 140 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 141
142 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
143 if (!skb)
144 return -ENOMEM;
145
146 hdr = (void *) skb_put(skb, sizeof(*hdr));
147
148 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 149 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 150 hdr->len = cpu_to_le16(sizeof(*ev));
151
152 ev = (void *) skb_put(skb, sizeof(*ev));
153 ev->status = status;
154 put_unaligned_le16(cmd, &ev->opcode);
155
56b7d137
GP		 156 err = sock_queue_rcv_skb(sk, skb);
157 if (err < 0)
f7b64e69
JH		 158 kfree_skb(skb);
159
56b7d137 160 return err;
f7b64e69
JH		 161}
162
4e51eae9
SJ		 163static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
164 size_t rp_len)
02d98129
JH		 165{
166 struct sk_buff *skb;
167 struct mgmt_hdr *hdr;
168 struct mgmt_ev_cmd_complete *ev;
56b7d137 169 int err;
02d98129
JH		 170
171 BT_DBG("sock %p", sk);
172
a38528f1 173 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 174 if (!skb)
175 return -ENOMEM;
176
177 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 178
a38528f1 179 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 180 hdr->index = cpu_to_le16(index);
a38528f1 181 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 182
a38528f1
JH		 183 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
184 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 185
186 if (rp)
187 memcpy(ev->data, rp, rp_len);
02d98129 188
56b7d137
GP		 189 err = sock_queue_rcv_skb(sk, skb);
190 if (err < 0)
02d98129
JH		 191 kfree_skb(skb);
192
56b7d137 193 return err;;
02d98129
JH		 194}
195
a38528f1
JH		 196static int read_version(struct sock *sk)
197{
198 struct mgmt_rp_read_version rp;
199
200 BT_DBG("sock %p", sk);
201
202 rp.version = MGMT_VERSION;
203 put_unaligned_le16(MGMT_REVISION, &rp.revision);
204
4e51eae9
SJ		 205 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
206 sizeof(rp));
a38528f1
JH		 207}
208
faba42eb
JH		 209static int read_index_list(struct sock *sk)
210{
faba42eb
JH		 211 struct mgmt_rp_read_index_list *rp;
212 struct list_head *p;
8035ded4 213 struct hci_dev *d;
a38528f1 214 size_t rp_len;
faba42eb 215 u16 count;
a38528f1 216 int i, err;
faba42eb
JH		 217
218 BT_DBG("sock %p", sk);
219
220 read_lock(&hci_dev_list_lock);
221
222 count = 0;
223 list_for_each(p, &hci_dev_list) {
224 count++;
225 }
226
a38528f1
JH		 227 rp_len = sizeof(*rp) + (2 * count);
228 rp = kmalloc(rp_len, GFP_ATOMIC);
229 if (!rp) {
b2c60d42 230 read_unlock(&hci_dev_list_lock);
faba42eb 231 return -ENOMEM;
b2c60d42 232 }
faba42eb 233
faba42eb
JH		 234 put_unaligned_le16(count, &rp->num_controllers);
235
236 i = 0;
8035ded4 237 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 238 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
e0f9309f 239 cancel_delayed_work(&d->power_off);
ab81cbf9 240
a8b2d5c2 241 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 242 continue;
243
faba42eb
JH		 244 put_unaligned_le16(d->id, &rp->index[i++]);
245 BT_DBG("Added hci%u", d->id);
246 }
247
248 read_unlock(&hci_dev_list_lock);
249
4e51eae9
SJ		 250 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
251 rp_len);
faba42eb 252
a38528f1
JH		 253 kfree(rp);
254
255 return err;
faba42eb
JH		 256}
257
69ab39ea
JH		 258static u32 get_supported_settings(struct hci_dev *hdev)
259{
260 u32 settings = 0;
261
262 settings |= MGMT_SETTING_POWERED;
263 settings |= MGMT_SETTING_CONNECTABLE;
264 settings |= MGMT_SETTING_FAST_CONNECTABLE;
265 settings |= MGMT_SETTING_DISCOVERABLE;
266 settings |= MGMT_SETTING_PAIRABLE;
267
268 if (hdev->features[6] & LMP_SIMPLE_PAIR)
269 settings |= MGMT_SETTING_SSP;
270
271 if (!(hdev->features[4] & LMP_NO_BREDR)) {
272 settings |= MGMT_SETTING_BREDR;
273 settings |= MGMT_SETTING_LINK_SECURITY;
274 }
275
276 if (hdev->features[4] & LMP_LE)
277 settings |= MGMT_SETTING_LE;
278
279 return settings;
280}
281
282static u32 get_current_settings(struct hci_dev *hdev)
283{
284 u32 settings = 0;
285
286 if (test_bit(HCI_UP, &hdev->flags))
287 settings |= MGMT_SETTING_POWERED;
288 else
289 return settings;
290
291 if (test_bit(HCI_PSCAN, &hdev->flags))
292 settings |= MGMT_SETTING_CONNECTABLE;
293
294 if (test_bit(HCI_ISCAN, &hdev->flags))
295 settings |= MGMT_SETTING_DISCOVERABLE;
296
a8b2d5c2 297 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 298 settings |= MGMT_SETTING_PAIRABLE;
299
300 if (!(hdev->features[4] & LMP_NO_BREDR))
301 settings |= MGMT_SETTING_BREDR;
302
59e29406 303 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 304 settings |= MGMT_SETTING_LE;
305
306 if (test_bit(HCI_AUTH, &hdev->flags))
307 settings |= MGMT_SETTING_LINK_SECURITY;
308
84bde9d6 309 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 310 settings |= MGMT_SETTING_SSP;
311
312 return settings;
313}
314
ef580372
JH		 315#define PNP_INFO_SVCLASS_ID 0x1200
316
317static u8 bluetooth_base_uuid[] = {
318 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
319 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
320};
321
322static u16 get_uuid16(u8 *uuid128)
323{
324 u32 val;
325 int i;
326
327 for (i = 0; i < 12; i++) {
328 if (bluetooth_base_uuid[i] != uuid128[i])
329 return 0;
330 }
331
332 memcpy(&val, &uuid128[12], 4);
333
334 val = le32_to_cpu(val);
335 if (val > 0xffff)
336 return 0;
337
338 return (u16) val;
339}
340
341static void create_eir(struct hci_dev *hdev, u8 *data)
342{
343 u8 *ptr = data;
344 u16 eir_len = 0;
345 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
346 int i, truncated = 0;
347 struct bt_uuid *uuid;
348 size_t name_len;
349
350 name_len = strlen(hdev->dev_name);
351
352 if (name_len > 0) {
353 /* EIR Data type */
354 if (name_len > 48) {
355 name_len = 48;
356 ptr[1] = EIR_NAME_SHORT;
357 } else
358 ptr[1] = EIR_NAME_COMPLETE;
359
360 /* EIR Data length */
361 ptr[0] = name_len + 1;
362
363 memcpy(ptr + 2, hdev->dev_name, name_len);
364
365 eir_len += (name_len + 2);
366 ptr += (name_len + 2);
367 }
368
369 memset(uuid16_list, 0, sizeof(uuid16_list));
370
371 /* Group all UUID16 types */
372 list_for_each_entry(uuid, &hdev->uuids, list) {
373 u16 uuid16;
374
375 uuid16 = get_uuid16(uuid->uuid);
376 if (uuid16 == 0)
377 return;
378
379 if (uuid16 < 0x1100)
380 continue;
381
382 if (uuid16 == PNP_INFO_SVCLASS_ID)
383 continue;
384
385 /* Stop if not enough space to put next UUID */
386 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
387 truncated = 1;
388 break;
389 }
390
391 /* Check for duplicates */
392 for (i = 0; uuid16_list[i] != 0; i++)
393 if (uuid16_list[i] == uuid16)
394 break;
395
396 if (uuid16_list[i] == 0) {
397 uuid16_list[i] = uuid16;
398 eir_len += sizeof(u16);
399 }
400 }
401
402 if (uuid16_list[0] != 0) {
403 u8 *length = ptr;
404
405 /* EIR Data type */
406 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
407
408 ptr += 2;
409 eir_len += 2;
410
411 for (i = 0; uuid16_list[i] != 0; i++) {
412 *ptr++ = (uuid16_list[i] & 0x00ff);
413 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
414 }
415
416 /* EIR Data length */
417 *length = (i * sizeof(u16)) + 1;
418 }
419}
420
421static int update_eir(struct hci_dev *hdev)
422{
423 struct hci_cp_write_eir cp;
424
425 if (!(hdev->features[6] & LMP_EXT_INQ))
426 return 0;
427
84bde9d6 428 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 429 return 0;
430
a8b2d5c2 431 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 432 return 0;
433
434 memset(&cp, 0, sizeof(cp));
435
436 create_eir(hdev, cp.data);
437
438 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
439 return 0;
440
441 memcpy(hdev->eir, cp.data, sizeof(cp.data));
442
443 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
444}
445
446static u8 get_service_classes(struct hci_dev *hdev)
447{
448 struct bt_uuid *uuid;
449 u8 val = 0;
450
451 list_for_each_entry(uuid, &hdev->uuids, list)
452 val |= uuid->svc_hint;
453
454 return val;
455}
456
457static int update_class(struct hci_dev *hdev)
458{
459 u8 cod[3];
460
461 BT_DBG("%s", hdev->name);
462
a8b2d5c2 463 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 464 return 0;
465
466 cod[0] = hdev->minor_class;
467 cod[1] = hdev->major_class;
468 cod[2] = get_service_classes(hdev);
469
470 if (memcmp(cod, hdev->dev_class, 3) == 0)
471 return 0;
472
473 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
474}
475
7d78525d
JH		 476static void service_cache_off(struct work_struct *work)
477{
478 struct hci_dev *hdev = container_of(work, struct hci_dev,
479 service_cache.work);
480
a8b2d5c2 481 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 482 return;
483
484 hci_dev_lock(hdev);
485
486 update_eir(hdev);
487 update_class(hdev);
488
489 hci_dev_unlock(hdev);
490}
491
492static void mgmt_init_hdev(struct hci_dev *hdev)
493{
a8b2d5c2 494 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
7d78525d
JH		 495 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
496
a8b2d5c2 497 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 498 schedule_delayed_work(&hdev->service_cache,
499 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
500}
501
4e51eae9 502static int read_controller_info(struct sock *sk, u16 index)
0381101f 503{
a38528f1 504 struct mgmt_rp_read_info rp;
f7b64e69 505 struct hci_dev *hdev;
0381101f 506
4e51eae9 507 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 508
4e51eae9 509 hdev = hci_dev_get(index);
a38528f1 510 if (!hdev)
ca69b795
JH		 511 return cmd_status(sk, index, MGMT_OP_READ_INFO,
512 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 513
a8b2d5c2 514 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3243553f 515 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 516
09fd0de5 517 hci_dev_lock(hdev);
f7b64e69 518
7d78525d
JH		 519 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
520 mgmt_init_hdev(hdev);
ebc99feb 521
dc4fe30b
JH		 522 memset(&rp, 0, sizeof(rp));
523
69ab39ea 524 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 525
69ab39ea 526 rp.version = hdev->hci_ver;
f7b64e69 527
69ab39ea
JH		 528 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
529
530 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
531 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 532
a38528f1 533 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 534
dc4fe30b
JH		 535 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
536
09fd0de5 537 hci_dev_unlock(hdev);
f7b64e69 538 hci_dev_put(hdev);
0381101f 539
4e51eae9 540 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 541}
542
eec8d2bc
JH		 543static void mgmt_pending_free(struct pending_cmd *cmd)
544{
545 sock_put(cmd->sk);
c68fb7ff 546 kfree(cmd->param);
eec8d2bc
JH		 547 kfree(cmd);
548}
549
366a0336 550static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 551 struct hci_dev *hdev,
552 void *data, u16 len)
eec8d2bc
JH		 553{
554 struct pending_cmd *cmd;
555
556 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
557 if (!cmd)
366a0336 558 return NULL;
eec8d2bc
JH		 559
560 cmd->opcode = opcode;
2e58ef3e 561 cmd->index = hdev->id;
eec8d2bc 562
c68fb7ff
SJ		 563 cmd->param = kmalloc(len, GFP_ATOMIC);
564 if (!cmd->param) {
eec8d2bc 565 kfree(cmd);
366a0336 566 return NULL;
eec8d2bc
JH		 567 }
568
8fce6357
SJ		 569 if (data)
570 memcpy(cmd->param, data, len);
eec8d2bc
JH		 571
572 cmd->sk = sk;
573 sock_hold(sk);
574
2e58ef3e 575 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 576
366a0336 577 return cmd;
eec8d2bc
JH		 578}
579
744cf19e 580static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 581 void (*cb)(struct pending_cmd *cmd, void *data),
582 void *data)
583{
584 struct list_head *p, *n;
585
2e58ef3e 586 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 587 struct pending_cmd *cmd;
588
589 cmd = list_entry(p, struct pending_cmd, list);
590
b24752fe 591 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 592 continue;
593
eec8d2bc
JH		 594 cb(cmd, data);
595 }
596}
597
2e58ef3e 598static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 599{
8035ded4 600 struct pending_cmd *cmd;
eec8d2bc 601
2e58ef3e 602 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 603 if (cmd->opcode == opcode)
604 return cmd;
eec8d2bc
JH		 605 }
606
607 return NULL;
608}
609
a664b5bc 610static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 611{
73f22f62
JH		 612 list_del(&cmd->list);
613 mgmt_pending_free(cmd);
614}
615
69ab39ea 616static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 617{
69ab39ea 618 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 619
69ab39ea 620 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
8680570b
JH		 621}
622
650f726d 623static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 624{
650f726d 625 struct mgmt_mode *cp = data;
eec8d2bc 626 struct hci_dev *hdev;
366a0336 627 struct pending_cmd *cmd;
366a0336 628 int err, up;
eec8d2bc 629
4e51eae9 630 BT_DBG("request for hci%u", index);
eec8d2bc 631
bdce7baf 632 if (len != sizeof(*cp))
ca69b795
JH		 633 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
634 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 635
4e51eae9 636 hdev = hci_dev_get(index);
eec8d2bc 637 if (!hdev)
ca69b795
JH		 638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 640
09fd0de5 641 hci_dev_lock(hdev);
eec8d2bc
JH		 642
643 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 644 if ((cp->val && up) || (!cp->val && !up)) {
69ab39ea 645 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 646 goto failed;
647 }
648
2e58ef3e 649 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 650 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
651 MGMT_STATUS_BUSY);
eec8d2bc
JH		 652 goto failed;
653 }
654
2e58ef3e 655 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 656 if (!cmd) {
657 err = -ENOMEM;
eec8d2bc 658 goto failed;
366a0336 659 }
eec8d2bc 660
72a734ec 661 if (cp->val)
7f971041 662 schedule_work(&hdev->power_on);
eec8d2bc 663 else
80b7ab33 664 schedule_work(&hdev->power_off.work);
eec8d2bc 665
366a0336 666 err = 0;
eec8d2bc
JH		 667
668failed:
09fd0de5 669 hci_dev_unlock(hdev);
eec8d2bc 670 hci_dev_put(hdev);
366a0336 671 return err;
eec8d2bc
JH		 672}
673
650f726d 674static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 675{
650f726d 676 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 677 struct hci_dev *hdev;
366a0336 678 struct pending_cmd *cmd;
73f22f62
JH		 679 u8 scan;
680 int err;
681
4e51eae9 682 BT_DBG("request for hci%u", index);
73f22f62 683
bdce7baf 684 if (len != sizeof(*cp))
ca69b795
JH		 685 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
686 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 687
4e51eae9 688 hdev = hci_dev_get(index);
73f22f62 689 if (!hdev)
ca69b795
JH		 690 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
691 MGMT_STATUS_INVALID_PARAMS);
73f22f62 692
09fd0de5 693 hci_dev_lock(hdev);
73f22f62
JH		 694
695 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 696 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
697 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 698 goto failed;
699 }
700
2e58ef3e
JH		 701 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
702 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 703 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
704 MGMT_STATUS_BUSY);
73f22f62
JH		 705 goto failed;
706 }
707
72a734ec 708 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 709 test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 710 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 711 goto failed;
712 }
713
2e58ef3e 714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 715 if (!cmd) {
716 err = -ENOMEM;
73f22f62 717 goto failed;
366a0336 718 }
73f22f62
JH		 719
720 scan = SCAN_PAGE;
721
72a734ec 722 if (cp->val)
73f22f62 723 scan |= SCAN_INQUIRY;
16ab91ab 724 else
e0f9309f 725 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 726
727 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
728 if (err < 0)
a664b5bc 729 mgmt_pending_remove(cmd);
73f22f62 730
16ab91ab
JH		 731 if (cp->val)
732 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
733
73f22f62 734failed:
09fd0de5 735 hci_dev_unlock(hdev);
73f22f62
JH		 736 hci_dev_put(hdev);
737
738 return err;
739}
740
650f726d 741static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 742{
650f726d 743 struct mgmt_mode *cp = data;
9fbcbb45 744 struct hci_dev *hdev;
366a0336 745 struct pending_cmd *cmd;
9fbcbb45
JH		 746 u8 scan;
747 int err;
748
4e51eae9 749 BT_DBG("request for hci%u", index);
9fbcbb45 750
bdce7baf 751 if (len != sizeof(*cp))
ca69b795
JH		 752 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
753 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 754
4e51eae9 755 hdev = hci_dev_get(index);
9fbcbb45 756 if (!hdev)
ca69b795
JH		 757 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
758 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 759
09fd0de5 760 hci_dev_lock(hdev);
9fbcbb45
JH		 761
762 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 763 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764 MGMT_STATUS_NOT_POWERED);
9fbcbb45
JH		 765 goto failed;
766 }
767
2e58ef3e
JH		 768 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
769 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 770 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
771 MGMT_STATUS_BUSY);
9fbcbb45
JH		 772 goto failed;
773 }
774
72a734ec 775 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 776 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
9fbcbb45 783 goto failed;
366a0336 784 }
9fbcbb45 785
72a734ec 786 if (cp->val)
9fbcbb45
JH		 787 scan = SCAN_PAGE;
788 else
789 scan = 0;
790
791 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
792 if (err < 0)
a664b5bc 793 mgmt_pending_remove(cmd);
9fbcbb45
JH		 794
795failed:
09fd0de5 796 hci_dev_unlock(hdev);
9fbcbb45
JH		 797 hci_dev_put(hdev);
798
799 return err;
800}
801
744cf19e
JH		 802static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
803 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 804{
805 struct sk_buff *skb;
806 struct mgmt_hdr *hdr;
807
808 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
809 if (!skb)
810 return -ENOMEM;
811
812 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
813
814 hdr = (void *) skb_put(skb, sizeof(*hdr));
815 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 816 if (hdev)
817 hdr->index = cpu_to_le16(hdev->id);
818 else
819 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 820 hdr->len = cpu_to_le16(data_len);
821
4e51eae9
SJ		 822 if (data)
823 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 824
825 hci_send_to_sock(NULL, skb, skip_sk);
826 kfree_skb(skb);
827
828 return 0;
829}
830
650f726d 831static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 832{
650f726d 833 struct mgmt_mode *cp = data;
c542a06c 834 struct hci_dev *hdev;
69ab39ea 835 __le32 ev;
c542a06c
JH		 836 int err;
837
4e51eae9 838 BT_DBG("request for hci%u", index);
c542a06c 839
bdce7baf 840 if (len != sizeof(*cp))
ca69b795
JH		 841 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
842 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 843
4e51eae9 844 hdev = hci_dev_get(index);
c542a06c 845 if (!hdev)
ca69b795
JH		 846 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
847 MGMT_STATUS_INVALID_PARAMS);
c542a06c 848
09fd0de5 849 hci_dev_lock(hdev);
c542a06c
JH		 850
851 if (cp->val)
a8b2d5c2 852 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 853 else
a8b2d5c2 854 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 855
69ab39ea 856 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 857 if (err < 0)
858 goto failed;
859
69ab39ea 860 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 861
69ab39ea 862 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 863
864failed:
09fd0de5 865 hci_dev_unlock(hdev);
c542a06c
JH		 866 hci_dev_put(hdev);
867
868 return err;
869}
870
650f726d 871static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 872{
650f726d 873 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 874 struct hci_dev *hdev;
875 struct bt_uuid *uuid;
2aeb9a1a
JH		 876 int err;
877
4e51eae9 878 BT_DBG("request for hci%u", index);
2aeb9a1a 879
bdce7baf 880 if (len != sizeof(*cp))
ca69b795
JH		 881 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
882 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 883
4e51eae9 884 hdev = hci_dev_get(index);
2aeb9a1a 885 if (!hdev)
ca69b795
JH		 886 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
887 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 888
09fd0de5 889 hci_dev_lock(hdev);
2aeb9a1a
JH		 890
891 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
892 if (!uuid) {
893 err = -ENOMEM;
894 goto failed;
895 }
896
897 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 898 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 899
900 list_add(&uuid->list, &hdev->uuids);
901
1aff6f09
JH		 902 err = update_class(hdev);
903 if (err < 0)
904 goto failed;
905
80a1e1db
JH		 906 err = update_eir(hdev);
907 if (err < 0)
908 goto failed;
909
4e51eae9 910 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 911
912failed:
09fd0de5 913 hci_dev_unlock(hdev);
2aeb9a1a
JH		 914 hci_dev_put(hdev);
915
916 return err;
917}
918
650f726d 919static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 920{
650f726d 921 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 922 struct list_head *p, *n;
2aeb9a1a
JH		 923 struct hci_dev *hdev;
924 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 925 int err, found;
926
4e51eae9 927 BT_DBG("request for hci%u", index);
2aeb9a1a 928
bdce7baf 929 if (len != sizeof(*cp))
ca69b795
JH		 930 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
931 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 932
4e51eae9 933 hdev = hci_dev_get(index);
2aeb9a1a 934 if (!hdev)
ca69b795
JH		 935 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
936 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 937
09fd0de5 938 hci_dev_lock(hdev);
2aeb9a1a
JH		 939
940 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
941 err = hci_uuids_clear(hdev);
942 goto unlock;
943 }
944
945 found = 0;
946
947 list_for_each_safe(p, n, &hdev->uuids) {
948 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
949
950 if (memcmp(match->uuid, cp->uuid, 16) != 0)
951 continue;
952
953 list_del(&match->list);
954 found++;
955 }
956
957 if (found == 0) {
ca69b795
JH		 958 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
959 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 960 goto unlock;
961 }
962
1aff6f09
JH		 963 err = update_class(hdev);
964 if (err < 0)
965 goto unlock;
966
80a1e1db
JH		 967 err = update_eir(hdev);
968 if (err < 0)
969 goto unlock;
970
4e51eae9 971 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 972
973unlock:
09fd0de5 974 hci_dev_unlock(hdev);
2aeb9a1a
JH		 975 hci_dev_put(hdev);
976
977 return err;
978}
979
650f726d 980static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 981{
982 struct hci_dev *hdev;
650f726d 983 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 984 int err;
985
4e51eae9 986 BT_DBG("request for hci%u", index);
1aff6f09 987
bdce7baf 988 if (len != sizeof(*cp))
ca69b795
JH		 989 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
990 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 991
4e51eae9 992 hdev = hci_dev_get(index);
1aff6f09 993 if (!hdev)
ca69b795
JH		 994 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
995 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 996
09fd0de5 997 hci_dev_lock(hdev);
1aff6f09
JH		 998
999 hdev->major_class = cp->major;
1000 hdev->minor_class = cp->minor;
1001
a8b2d5c2 1002 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1003 hci_dev_unlock(hdev);
1004 cancel_delayed_work_sync(&hdev->service_cache);
1005 hci_dev_lock(hdev);
14c0b608 1006 update_eir(hdev);
7d78525d 1007 }
14c0b608 1008
1aff6f09
JH		 1009 err = update_class(hdev);
1010
1011 if (err == 0)
4e51eae9 1012 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 1013
09fd0de5 1014 hci_dev_unlock(hdev);
1aff6f09
JH		 1015 hci_dev_put(hdev);
1016
1017 return err;
1018}
1019
650f726d 1020static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1021{
1022 struct hci_dev *hdev;
650f726d 1023 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1024 u16 key_count, expected_len;
a492cd52 1025 int i;
55ed8ca1 1026
bdce7baf 1027 if (len < sizeof(*cp))
ca69b795
JH		 1028 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1029 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1030
55ed8ca1
JH		 1031 key_count = get_unaligned_le16(&cp->key_count);
1032
86742e1e
JH		 1033 expected_len = sizeof(*cp) + key_count *
1034 sizeof(struct mgmt_link_key_info);
a492cd52 1035 if (expected_len != len) {
86742e1e 1036 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1037 len, expected_len);
ca69b795
JH		 1038 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1039 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1040 }
1041
4e51eae9 1042 hdev = hci_dev_get(index);
55ed8ca1 1043 if (!hdev)
ca69b795
JH		 1044 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1045 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1046
4e51eae9 1047 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1048 key_count);
1049
09fd0de5 1050 hci_dev_lock(hdev);
55ed8ca1
JH		 1051
1052 hci_link_keys_clear(hdev);
1053
a8b2d5c2 1054 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1055
1056 if (cp->debug_keys)
a8b2d5c2 1057 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1058 else
a8b2d5c2 1059 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1060
a492cd52 1061 for (i = 0; i < key_count; i++) {
86742e1e 1062 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1063
d25e28ab 1064 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 1065 key->pin_len);
1066 }
1067
0e5f875a
JH		 1068 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1069
09fd0de5 1070 hci_dev_unlock(hdev);
55ed8ca1
JH		 1071 hci_dev_put(hdev);
1072
a492cd52 1073 return 0;
55ed8ca1
JH		 1074}
1075
124f6e35 1076static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1077{
1078 struct hci_dev *hdev;
124f6e35
JH		 1079 struct mgmt_cp_unpair_device *cp = data;
1080 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1081 struct hci_cp_disconnect dc;
1082 struct pending_cmd *cmd;
55ed8ca1 1083 struct hci_conn *conn;
55ed8ca1
JH		 1084 int err;
1085
bdce7baf 1086 if (len != sizeof(*cp))
124f6e35 1087 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1088 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1089
4e51eae9 1090 hdev = hci_dev_get(index);
55ed8ca1 1091 if (!hdev)
124f6e35 1092 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1093 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1094
09fd0de5 1095 hci_dev_lock(hdev);
55ed8ca1 1096
a8a1d19e 1097 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1098 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1099 rp.addr.type = cp->addr.type;
ca69b795 1100 rp.status = MGMT_STATUS_FAILED;
a8a1d19e 1101
124f6e35
JH		 1102 if (cp->addr.type == MGMT_ADDR_BREDR)
1103 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1104 else
1105 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1106
55ed8ca1 1107 if (err < 0) {
ca69b795 1108 rp.status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1109 goto unlock;
1110 }
1111
a8a1d19e 1112 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
124f6e35 1113 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
a8a1d19e 1114 sizeof(rp));
55ed8ca1 1115 goto unlock;
a8a1d19e 1116 }
55ed8ca1 1117
124f6e35
JH		 1118 if (cp->addr.type == MGMT_ADDR_BREDR)
1119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1120 &cp->addr.bdaddr);
1121 else
1122 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1123 &cp->addr.bdaddr);
1124
a8a1d19e 1125 if (!conn) {
124f6e35 1126 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
a8a1d19e
JH		 1127 sizeof(rp));
1128 goto unlock;
1129 }
55ed8ca1 1130
124f6e35
JH		 1131 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1132 sizeof(*cp));
a8a1d19e
JH		 1133 if (!cmd) {
1134 err = -ENOMEM;
1135 goto unlock;
55ed8ca1
JH		 1136 }
1137
a8a1d19e
JH		 1138 put_unaligned_le16(conn->handle, &dc.handle);
1139 dc.reason = 0x13; /* Remote User Terminated Connection */
1140 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1141 if (err < 0)
1142 mgmt_pending_remove(cmd);
1143
55ed8ca1 1144unlock:
ca69b795 1145 if (err < 0)
124f6e35 1146 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
a8a1d19e 1147 sizeof(rp));
09fd0de5 1148 hci_dev_unlock(hdev);
55ed8ca1
JH		 1149 hci_dev_put(hdev);
1150
1151 return err;
1152}
1153
650f726d 1154static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1155{
1156 struct hci_dev *hdev;
650f726d 1157 struct mgmt_cp_disconnect *cp = data;
8962ee74 1158 struct hci_cp_disconnect dc;
366a0336 1159 struct pending_cmd *cmd;
8962ee74 1160 struct hci_conn *conn;
8962ee74
JH		 1161 int err;
1162
1163 BT_DBG("");
1164
bdce7baf 1165 if (len != sizeof(*cp))
ca69b795
JH		 1166 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1167 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1168
4e51eae9 1169 hdev = hci_dev_get(index);
8962ee74 1170 if (!hdev)
ca69b795
JH		 1171 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1173
09fd0de5 1174 hci_dev_lock(hdev);
8962ee74
JH		 1175
1176 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1177 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1178 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1179 goto failed;
1180 }
1181
2e58ef3e 1182 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1183 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1184 MGMT_STATUS_BUSY);
8962ee74
JH		 1185 goto failed;
1186 }
1187
88c3df13
JH		 1188 if (cp->addr.type == MGMT_ADDR_BREDR)
1189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1190 else
1191 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1192
8962ee74 1193 if (!conn) {
ca69b795
JH		 1194 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1195 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1196 goto failed;
1197 }
1198
2e58ef3e 1199 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1200 if (!cmd) {
1201 err = -ENOMEM;
8962ee74 1202 goto failed;
366a0336 1203 }
8962ee74
JH		 1204
1205 put_unaligned_le16(conn->handle, &dc.handle);
1206 dc.reason = 0x13; /* Remote User Terminated Connection */
1207
1208 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1209 if (err < 0)
a664b5bc 1210 mgmt_pending_remove(cmd);
8962ee74
JH		 1211
1212failed:
09fd0de5 1213 hci_dev_unlock(hdev);
8962ee74
JH		 1214 hci_dev_put(hdev);
1215
1216 return err;
1217}
1218
48264f06 1219static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1220{
1221 switch (link_type) {
1222 case LE_LINK:
48264f06
JH		 1223 switch (addr_type) {
1224 case ADDR_LE_DEV_PUBLIC:
1225 return MGMT_ADDR_LE_PUBLIC;
1226 case ADDR_LE_DEV_RANDOM:
1227 return MGMT_ADDR_LE_RANDOM;
1228 default:
1229 return MGMT_ADDR_INVALID;
1230 }
4c659c39
JH		 1231 case ACL_LINK:
1232 return MGMT_ADDR_BREDR;
1233 default:
1234 return MGMT_ADDR_INVALID;
1235 }
1236}
1237
8ce6284e 1238static int get_connections(struct sock *sk, u16 index)
2784eb41 1239{
2784eb41
JH		 1240 struct mgmt_rp_get_connections *rp;
1241 struct hci_dev *hdev;
8035ded4 1242 struct hci_conn *c;
a38528f1 1243 size_t rp_len;
4e51eae9 1244 u16 count;
2784eb41
JH		 1245 int i, err;
1246
1247 BT_DBG("");
1248
4e51eae9 1249 hdev = hci_dev_get(index);
2784eb41 1250 if (!hdev)
ca69b795
JH		 1251 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1252 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1253
09fd0de5 1254 hci_dev_lock(hdev);
2784eb41
JH		 1255
1256 count = 0;
b644ba33
JH		 1257 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1258 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1259 count++;
2784eb41
JH		 1260 }
1261
4c659c39 1262 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1263 rp = kmalloc(rp_len, GFP_ATOMIC);
1264 if (!rp) {
2784eb41
JH		 1265 err = -ENOMEM;
1266 goto unlock;
1267 }
1268
2784eb41
JH		 1269 put_unaligned_le16(count, &rp->conn_count);
1270
2784eb41 1271 i = 0;
4c659c39 1272 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1273 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1274 continue;
4c659c39 1275 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1276 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1277 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1278 continue;
1279 i++;
1280 }
1281
1282 /* Recalculate length in case of filtered SCO connections, etc */
1283 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1284
4e51eae9 1285 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1286
1287unlock:
a38528f1 1288 kfree(rp);
09fd0de5 1289 hci_dev_unlock(hdev);
2784eb41
JH		 1290 hci_dev_put(hdev);
1291 return err;
1292}
1293
96d97a67
WR		 1294static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1295 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1296{
1297 struct pending_cmd *cmd;
1298 int err;
1299
2e58ef3e 1300 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1301 sizeof(*cp));
1302 if (!cmd)
1303 return -ENOMEM;
1304
1305 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1306 &cp->bdaddr);
1307 if (err < 0)
1308 mgmt_pending_remove(cmd);
1309
1310 return err;
1311}
1312
650f726d 1313static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1314{
1315 struct hci_dev *hdev;
96d97a67 1316 struct hci_conn *conn;
650f726d 1317 struct mgmt_cp_pin_code_reply *cp = data;
96d97a67 1318 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1319 struct hci_cp_pin_code_reply reply;
366a0336 1320 struct pending_cmd *cmd;
980e1a53
JH		 1321 int err;
1322
1323 BT_DBG("");
1324
bdce7baf 1325 if (len != sizeof(*cp))
ca69b795
JH		 1326 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1327 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1328
4e51eae9 1329 hdev = hci_dev_get(index);
980e1a53 1330 if (!hdev)
ca69b795
JH		 1331 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1332 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1333
09fd0de5 1334 hci_dev_lock(hdev);
980e1a53
JH		 1335
1336 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1337 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1338 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1339 goto failed;
1340 }
1341
96d97a67
WR		 1342 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1343 if (!conn) {
ca69b795
JH		 1344 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1345 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1346 goto failed;
1347 }
1348
1349 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1350 bacpy(&ncp.bdaddr, &cp->bdaddr);
1351
1352 BT_ERR("PIN code is not 16 bytes long");
1353
1354 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1355 if (err >= 0)
1356 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1357 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1358
1359 goto failed;
1360 }
1361
650f726d
VCG		 1362 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1363 len);
366a0336
JH		 1364 if (!cmd) {
1365 err = -ENOMEM;
980e1a53 1366 goto failed;
366a0336 1367 }
980e1a53
JH		 1368
1369 bacpy(&reply.bdaddr, &cp->bdaddr);
1370 reply.pin_len = cp->pin_len;
24718ca5 1371 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1372
1373 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1374 if (err < 0)
a664b5bc 1375 mgmt_pending_remove(cmd);
980e1a53
JH		 1376
1377failed:
09fd0de5 1378 hci_dev_unlock(hdev);
980e1a53
JH		 1379 hci_dev_put(hdev);
1380
1381 return err;
1382}
1383
650f726d 1384static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1385{
1386 struct hci_dev *hdev;
650f726d 1387 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1388 int err;
1389
1390 BT_DBG("");
1391
bdce7baf
SJ		 1392 if (len != sizeof(*cp))
1393 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1394 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1395
4e51eae9 1396 hdev = hci_dev_get(index);
980e1a53 1397 if (!hdev)
4e51eae9 1398 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1399 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1400
09fd0de5 1401 hci_dev_lock(hdev);
980e1a53
JH		 1402
1403 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1404 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1405 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1406 goto failed;
1407 }
1408
96d97a67 1409 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1410
1411failed:
09fd0de5 1412 hci_dev_unlock(hdev);
980e1a53
JH		 1413 hci_dev_put(hdev);
1414
1415 return err;
1416}
1417
650f726d 1418static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1419{
1420 struct hci_dev *hdev;
650f726d 1421 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1422
1423 BT_DBG("");
1424
bdce7baf 1425 if (len != sizeof(*cp))
ca69b795
JH		 1426 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1427 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1428
4e51eae9 1429 hdev = hci_dev_get(index);
17fa4b9d 1430 if (!hdev)
ca69b795
JH		 1431 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1432 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1433
09fd0de5 1434 hci_dev_lock(hdev);
17fa4b9d
JH		 1435
1436 hdev->io_capability = cp->io_capability;
1437
1438 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1439 hdev->io_capability);
17fa4b9d 1440
09fd0de5 1441 hci_dev_unlock(hdev);
17fa4b9d
JH		 1442 hci_dev_put(hdev);
1443
4e51eae9 1444 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1445}
1446
e9a416b5
JH		 1447static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1448{
1449 struct hci_dev *hdev = conn->hdev;
8035ded4 1450 struct pending_cmd *cmd;
e9a416b5 1451
2e58ef3e 1452 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1453 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1454 continue;
1455
e9a416b5
JH		 1456 if (cmd->user_data != conn)
1457 continue;
1458
1459 return cmd;
1460 }
1461
1462 return NULL;
1463}
1464
1465static void pairing_complete(struct pending_cmd *cmd, u8 status)
1466{
1467 struct mgmt_rp_pair_device rp;
1468 struct hci_conn *conn = cmd->user_data;
1469
ba4e564f
JH		 1470 bacpy(&rp.addr.bdaddr, &conn->dst);
1471 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5
JH		 1472 rp.status = status;
1473
4e51eae9 1474 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1475
1476 /* So we don't get further callbacks for this connection */
1477 conn->connect_cfm_cb = NULL;
1478 conn->security_cfm_cb = NULL;
1479 conn->disconn_cfm_cb = NULL;
1480
1481 hci_conn_put(conn);
1482
a664b5bc 1483 mgmt_pending_remove(cmd);
e9a416b5
JH		 1484}
1485
1486static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1487{
1488 struct pending_cmd *cmd;
1489
1490 BT_DBG("status %u", status);
1491
1492 cmd = find_pairing(conn);
56e5cb86 1493 if (!cmd)
e9a416b5 1494 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1495 else
1496 pairing_complete(cmd, status);
e9a416b5
JH		 1497}
1498
650f726d 1499static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1500{
1501 struct hci_dev *hdev;
650f726d 1502 struct mgmt_cp_pair_device *cp = data;
1425acb7 1503 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1504 struct pending_cmd *cmd;
1505 u8 sec_level, auth_type;
1506 struct hci_conn *conn;
e9a416b5
JH		 1507 int err;
1508
1509 BT_DBG("");
1510
bdce7baf 1511 if (len != sizeof(*cp))
ca69b795
JH		 1512 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1513 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1514
4e51eae9 1515 hdev = hci_dev_get(index);
e9a416b5 1516 if (!hdev)
ca69b795
JH		 1517 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1518 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1519
09fd0de5 1520 hci_dev_lock(hdev);
e9a416b5 1521
c908df36
VCG		 1522 sec_level = BT_SECURITY_MEDIUM;
1523 if (cp->io_cap == 0x03)
e9a416b5 1524 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1525 else
e9a416b5 1526 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1527
ba4e564f
JH		 1528 if (cp->addr.type == MGMT_ADDR_BREDR)
1529 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1530 auth_type);
1531 else
ba4e564f 1532 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1533 auth_type);
1534
1425acb7
JH		 1535 memset(&rp, 0, sizeof(rp));
1536 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1537 rp.addr.type = cp->addr.type;
1538
30e76272 1539 if (IS_ERR(conn)) {
1425acb7
JH		 1540 rp.status = -PTR_ERR(conn);
1541 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1542 &rp, sizeof(rp));
e9a416b5
JH		 1543 goto unlock;
1544 }
1545
1546 if (conn->connect_cfm_cb) {
1547 hci_conn_put(conn);
1425acb7
JH		 1548 rp.status = EBUSY;
1549 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1550 &rp, sizeof(rp));
e9a416b5
JH		 1551 goto unlock;
1552 }
1553
2e58ef3e 1554 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1555 if (!cmd) {
1556 err = -ENOMEM;
1557 hci_conn_put(conn);
1558 goto unlock;
1559 }
1560
7a512d01 1561 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1562 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1563 conn->connect_cfm_cb = pairing_complete_cb;
1564
e9a416b5
JH		 1565 conn->security_cfm_cb = pairing_complete_cb;
1566 conn->disconn_cfm_cb = pairing_complete_cb;
1567 conn->io_capability = cp->io_cap;
1568 cmd->user_data = conn;
1569
1570 if (conn->state == BT_CONNECTED &&
1571 hci_conn_security(conn, sec_level, auth_type))
1572 pairing_complete(cmd, 0);
1573
1574 err = 0;
1575
1576unlock:
09fd0de5 1577 hci_dev_unlock(hdev);
e9a416b5
JH		 1578 hci_dev_put(hdev);
1579
1580 return err;
1581}
1582
28424707
JH		 1583static int cancel_pair_device(struct sock *sk, u16 index,
1584 unsigned char *data, u16 len)
1585{
1586 struct mgmt_addr_info *addr = (void *) data;
1587 struct hci_dev *hdev;
1588 struct pending_cmd *cmd;
1589 struct hci_conn *conn;
1590 int err;
1591
1592 BT_DBG("");
1593
1594 if (len != sizeof(*addr))
1595 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1596 MGMT_STATUS_INVALID_PARAMS);
1597
1598 hdev = hci_dev_get(index);
1599 if (!hdev)
1600 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1601 MGMT_STATUS_INVALID_PARAMS);
1602
1603 hci_dev_lock(hdev);
1604
1605 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1606 if (!cmd) {
1607 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1608 MGMT_STATUS_INVALID_PARAMS);
1609 goto unlock;
1610 }
1611
1612 conn = cmd->user_data;
1613
1614 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1615 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1616 MGMT_STATUS_INVALID_PARAMS);
1617 goto unlock;
1618 }
1619
1620 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1621
1622 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1623 sizeof(*addr));
1624unlock:
1625 hci_dev_unlock(hdev);
1626 hci_dev_put(hdev);
1627
1628 return err;
1629}
1630
0df4c185 1631static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1632 u8 type, u16 mgmt_op, u16 hci_op,
1633 __le32 passkey)
a5c29683 1634{
a5c29683
JH		 1635 struct pending_cmd *cmd;
1636 struct hci_dev *hdev;
0df4c185 1637 struct hci_conn *conn;
a5c29683
JH		 1638 int err;
1639
4e51eae9 1640 hdev = hci_dev_get(index);
a5c29683 1641 if (!hdev)
ca69b795
JH		 1642 return cmd_status(sk, index, mgmt_op,
1643 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1644
09fd0de5 1645 hci_dev_lock(hdev);
08ba5382 1646
a5c29683 1647 if (!test_bit(HCI_UP, &hdev->flags)) {
0df4c185
BG		 1648 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1649 goto done;
a5c29683
JH		 1650 }
1651
272d90df
JH		 1652 if (type == MGMT_ADDR_BREDR)
1653 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1654 else
47c15e2b 1655 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 1656
1657 if (!conn) {
1658 err = cmd_status(sk, index, mgmt_op,
47c15e2b 1659 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 1660 goto done;
1661 }
47c15e2b 1662
272d90df 1663 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 1664 /* Continue with pairing via SMP */
5fe57d9e
BG		 1665 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1666
1667 if (!err)
1668 err = cmd_status(sk, index, mgmt_op,
1669 MGMT_STATUS_SUCCESS);
1670 else
1671 err = cmd_status(sk, index, mgmt_op,
1672 MGMT_STATUS_FAILED);
47c15e2b 1673
47c15e2b
BG		 1674 goto done;
1675 }
1676
0df4c185 1677 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 1678 if (!cmd) {
1679 err = -ENOMEM;
0df4c185 1680 goto done;
a5c29683
JH		 1681 }
1682
0df4c185 1683 /* Continue with pairing via HCI */
604086b7
BG		 1684 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1685 struct hci_cp_user_passkey_reply cp;
1686
1687 bacpy(&cp.bdaddr, bdaddr);
1688 cp.passkey = passkey;
1689 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1690 } else
1691 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1692
a664b5bc
JH		 1693 if (err < 0)
1694 mgmt_pending_remove(cmd);
a5c29683 1695
0df4c185 1696done:
09fd0de5 1697 hci_dev_unlock(hdev);
a5c29683
JH		 1698 hci_dev_put(hdev);
1699
1700 return err;
1701}
1702
0df4c185
BG		 1703static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1704{
650f726d 1705 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 1706
1707 BT_DBG("");
1708
1709 if (len != sizeof(*cp))
1710 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1711 MGMT_STATUS_INVALID_PARAMS);
1712
272d90df
JH		 1713 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1714 MGMT_OP_USER_CONFIRM_REPLY,
1715 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 1716}
1717
1718static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1719 u16 len)
1720{
c9c2659f 1721 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 1722
1723 BT_DBG("");
1724
1725 if (len != sizeof(*cp))
1726 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1727 MGMT_STATUS_INVALID_PARAMS);
1728
272d90df
JH		 1729 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1730 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1731 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 1732}
1733
604086b7
BG		 1734static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1735{
650f726d 1736 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 1737
1738 BT_DBG("");
1739
1740 if (len != sizeof(*cp))
1741 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1742 EINVAL);
1743
272d90df
JH		 1744 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1745 MGMT_OP_USER_PASSKEY_REPLY,
1746 HCI_OP_USER_PASSKEY_REPLY,
1747 cp->passkey);
604086b7
BG		 1748}
1749
1750static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1751 u16 len)
1752{
650f726d 1753 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 1754
1755 BT_DBG("");
1756
1757 if (len != sizeof(*cp))
1758 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1759 EINVAL);
1760
272d90df
JH		 1761 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1762 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1763 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 1764}
1765
650f726d 1766static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 1767 u16 len)
1768{
650f726d 1769 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 1770 struct hci_cp_write_local_name hci_cp;
1771 struct hci_dev *hdev;
1772 struct pending_cmd *cmd;
1773 int err;
1774
1775 BT_DBG("");
1776
1777 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 1778 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1779 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 1780
1781 hdev = hci_dev_get(index);
1782 if (!hdev)
ca69b795
JH		 1783 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1784 MGMT_STATUS_INVALID_PARAMS);
b312b161 1785
09fd0de5 1786 hci_dev_lock(hdev);
b312b161 1787
650f726d
VCG		 1788 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
1789 len);
b312b161
JH		 1790 if (!cmd) {
1791 err = -ENOMEM;
1792 goto failed;
1793 }
1794
1795 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1796 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1797 &hci_cp);
1798 if (err < 0)
1799 mgmt_pending_remove(cmd);
1800
1801failed:
09fd0de5 1802 hci_dev_unlock(hdev);
b312b161
JH		 1803 hci_dev_put(hdev);
1804
1805 return err;
1806}
1807
c35938b2
SJ		 1808static int read_local_oob_data(struct sock *sk, u16 index)
1809{
1810 struct hci_dev *hdev;
1811 struct pending_cmd *cmd;
1812 int err;
1813
1814 BT_DBG("hci%u", index);
1815
1816 hdev = hci_dev_get(index);
1817 if (!hdev)
1818 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1819 MGMT_STATUS_INVALID_PARAMS);
c35938b2 1820
09fd0de5 1821 hci_dev_lock(hdev);
c35938b2
SJ		 1822
1823 if (!test_bit(HCI_UP, &hdev->flags)) {
1824 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1825 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 1826 goto unlock;
1827 }
1828
1829 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1830 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1831 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 1832 goto unlock;
1833 }
1834
2e58ef3e 1835 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 1836 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1837 MGMT_STATUS_BUSY);
c35938b2
SJ		 1838 goto unlock;
1839 }
1840
2e58ef3e 1841 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1842 if (!cmd) {
1843 err = -ENOMEM;
1844 goto unlock;
1845 }
1846
1847 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1848 if (err < 0)
1849 mgmt_pending_remove(cmd);
1850
1851unlock:
09fd0de5 1852 hci_dev_unlock(hdev);
c35938b2
SJ		 1853 hci_dev_put(hdev);
1854
1855 return err;
1856}
1857
650f726d
VCG		 1858static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
1859 u16 len)
2763eda6
SJ		 1860{
1861 struct hci_dev *hdev;
650f726d 1862 struct mgmt_cp_add_remote_oob_data *cp = data;
2763eda6
SJ		 1863 int err;
1864
1865 BT_DBG("hci%u ", index);
1866
1867 if (len != sizeof(*cp))
1868 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1869 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1870
1871 hdev = hci_dev_get(index);
1872 if (!hdev)
1873 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1874 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1875
09fd0de5 1876 hci_dev_lock(hdev);
2763eda6 1877
664ce4cc 1878 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 1879 cp->randomizer);
1880 if (err < 0)
ca69b795
JH		 1881 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1882 MGMT_STATUS_FAILED);
2763eda6
SJ		 1883 else
1884 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1885 0);
1886
09fd0de5 1887 hci_dev_unlock(hdev);
2763eda6
SJ		 1888 hci_dev_put(hdev);
1889
1890 return err;
1891}
1892
1893static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 1894 void *data, u16 len)
2763eda6
SJ		 1895{
1896 struct hci_dev *hdev;
650f726d 1897 struct mgmt_cp_remove_remote_oob_data *cp = data;
2763eda6
SJ		 1898 int err;
1899
1900 BT_DBG("hci%u ", index);
1901
1902 if (len != sizeof(*cp))
1903 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1904 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1905
1906 hdev = hci_dev_get(index);
1907 if (!hdev)
1908 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1909 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1910
09fd0de5 1911 hci_dev_lock(hdev);
2763eda6 1912
664ce4cc 1913 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6
SJ		 1914 if (err < 0)
1915 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1916 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1917 else
1918 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1919 NULL, 0);
1920
09fd0de5 1921 hci_dev_unlock(hdev);
2763eda6
SJ		 1922 hci_dev_put(hdev);
1923
1924 return err;
1925}
1926
450dfdaf 1927static int start_discovery(struct sock *sk, u16 index,
650f726d 1928 void *data, u16 len)
14a53664 1929{
650f726d 1930 struct mgmt_cp_start_discovery *cp = data;
3fd24153 1931 unsigned long discov_type = cp->type;
14a53664
JH		 1932 struct pending_cmd *cmd;
1933 struct hci_dev *hdev;
1934 int err;
1935
1936 BT_DBG("hci%u", index);
1937
450dfdaf
JH		 1938 if (len != sizeof(*cp))
1939 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1940 MGMT_STATUS_INVALID_PARAMS);
1941
14a53664
JH		 1942 hdev = hci_dev_get(index);
1943 if (!hdev)
ca69b795
JH		 1944 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1945 MGMT_STATUS_INVALID_PARAMS);
14a53664 1946
09fd0de5 1947 hci_dev_lock(hdev);
14a53664 1948
bd2d1334 1949 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1950 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1951 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 1952 goto failed;
1953 }
1954
ff9ef578
JH		 1955 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1956 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1957 MGMT_STATUS_BUSY);
1958 goto failed;
1959 }
1960
2e58ef3e 1961 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1962 if (!cmd) {
1963 err = -ENOMEM;
1964 goto failed;
1965 }
1966
3fd24153
AG		 1967 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
1968 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1969 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
1970 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
1971 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
1972 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
1973 else
1974 err = -EINVAL;
1975
14a53664
JH		 1976 if (err < 0)
1977 mgmt_pending_remove(cmd);
ff9ef578
JH		 1978 else
1979 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 1980
1981failed:
09fd0de5 1982 hci_dev_unlock(hdev);
14a53664
JH		 1983 hci_dev_put(hdev);
1984
1985 return err;
1986}
1987
1988static int stop_discovery(struct sock *sk, u16 index)
1989{
1990 struct hci_dev *hdev;
1991 struct pending_cmd *cmd;
30dc78e1
JH		 1992 struct hci_cp_remote_name_req_cancel cp;
1993 struct inquiry_entry *e;
14a53664
JH		 1994 int err;
1995
1996 BT_DBG("hci%u", index);
1997
1998 hdev = hci_dev_get(index);
1999 if (!hdev)
ca69b795
JH		 2000 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2001 MGMT_STATUS_INVALID_PARAMS);
14a53664 2002
09fd0de5 2003 hci_dev_lock(hdev);
14a53664 2004
30dc78e1 2005 if (!hci_discovery_active(hdev)) {
ff9ef578
JH		 2006 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2007 MGMT_STATUS_REJECTED);
30dc78e1 2008 goto unlock;
ff9ef578
JH		 2009 }
2010
2e58ef3e 2011 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2012 if (!cmd) {
2013 err = -ENOMEM;
30dc78e1
JH		 2014 goto unlock;
2015 }
2016
2017 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2018 err = hci_cancel_inquiry(hdev);
2019 if (err < 0)
2020 mgmt_pending_remove(cmd);
2021 else
2022 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2023 goto unlock;
2024 }
2025
2026 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2027 if (!e) {
2028 mgmt_pending_remove(cmd);
2029 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2030 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2031 goto unlock;
14a53664
JH		 2032 }
2033
30dc78e1
JH		 2034 bacpy(&cp.bdaddr, &e->data.bdaddr);
2035 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2036 sizeof(cp), &cp);
14a53664
JH		 2037 if (err < 0)
2038 mgmt_pending_remove(cmd);
ff9ef578
JH		 2039 else
2040 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2041
30dc78e1 2042unlock:
09fd0de5 2043 hci_dev_unlock(hdev);
14a53664
JH		 2044 hci_dev_put(hdev);
2045
2046 return err;
2047}
2048
650f726d 2049static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2050{
650f726d 2051 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2052 struct inquiry_entry *e;
2053 struct hci_dev *hdev;
2054 int err;
2055
2056 BT_DBG("hci%u", index);
2057
2058 if (len != sizeof(*cp))
2059 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2060 MGMT_STATUS_INVALID_PARAMS);
2061
2062 hdev = hci_dev_get(index);
2063 if (!hdev)
2064 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2065 MGMT_STATUS_INVALID_PARAMS);
2066
2067 hci_dev_lock(hdev);
2068
30dc78e1
JH		 2069 if (!hci_discovery_active(hdev)) {
2070 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2071 MGMT_STATUS_FAILED);
2072 goto failed;
2073 }
2074
561aafbc
JH		 2075 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2076 if (!e) {
2077 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2078 MGMT_STATUS_INVALID_PARAMS);
2079 goto failed;
2080 }
2081
2082 if (cp->name_known) {
2083 e->name_state = NAME_KNOWN;
2084 list_del(&e->list);
2085 } else {
2086 e->name_state = NAME_NEEDED;
a3d4e20a 2087 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2088 }
2089
2090 err = 0;
2091
2092failed:
2093 hci_dev_unlock(hdev);
2094
2095 return err;
2096}
2097
650f726d 2098static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2099{
2100 struct hci_dev *hdev;
650f726d 2101 struct mgmt_cp_block_device *cp = data;
7fbec224
AJ		 2102 int err;
2103
2104 BT_DBG("hci%u", index);
2105
7fbec224
AJ		 2106 if (len != sizeof(*cp))
2107 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2108 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2109
2110 hdev = hci_dev_get(index);
2111 if (!hdev)
2112 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2113 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2114
09fd0de5 2115 hci_dev_lock(hdev);
5e762444 2116
88c1fe4b 2117 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2118 if (err < 0)
ca69b795
JH		 2119 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2120 MGMT_STATUS_FAILED);
7fbec224
AJ		 2121 else
2122 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2123 NULL, 0);
5e762444 2124
09fd0de5 2125 hci_dev_unlock(hdev);
7fbec224
AJ		 2126 hci_dev_put(hdev);
2127
2128 return err;
2129}
2130
650f726d 2131static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2132{
2133 struct hci_dev *hdev;
650f726d 2134 struct mgmt_cp_unblock_device *cp = data;
7fbec224
AJ		 2135 int err;
2136
2137 BT_DBG("hci%u", index);
2138
7fbec224
AJ		 2139 if (len != sizeof(*cp))
2140 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2141 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2142
2143 hdev = hci_dev_get(index);
2144 if (!hdev)
2145 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2146 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2147
09fd0de5 2148 hci_dev_lock(hdev);
5e762444 2149
88c1fe4b 2150 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224
AJ		 2151
2152 if (err < 0)
ca69b795
JH		 2153 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2154 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2155 else
2156 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2157 NULL, 0);
5e762444 2158
09fd0de5 2159 hci_dev_unlock(hdev);
7fbec224
AJ		 2160 hci_dev_put(hdev);
2161
2162 return err;
2163}
2164
f6422ec6 2165static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2166 void *data, u16 len)
f6422ec6
AJ		 2167{
2168 struct hci_dev *hdev;
650f726d 2169 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2170 struct hci_cp_write_page_scan_activity acp;
2171 u8 type;
2172 int err;
2173
2174 BT_DBG("hci%u", index);
2175
2176 if (len != sizeof(*cp))
2177 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2178 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2179
2180 hdev = hci_dev_get(index);
2181 if (!hdev)
2182 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2183 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2184
2185 hci_dev_lock(hdev);
2186
f7c6869c 2187 if (cp->val) {
f6422ec6
AJ		 2188 type = PAGE_SCAN_TYPE_INTERLACED;
2189 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2190 } else {
2191 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2192 acp.interval = 0x0800; /* default 1.28 sec page scan */
2193 }
2194
2195 acp.window = 0x0012; /* default 11.25 msec page scan window */
2196
2197 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2198 sizeof(acp), &acp);
2199 if (err < 0) {
2200 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2201 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2202 goto done;
2203 }
2204
2205 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2206 if (err < 0) {
2207 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2208 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2209 goto done;
2210 }
2211
2212 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2213 NULL, 0);
2214done:
2215 hci_dev_unlock(hdev);
2216 hci_dev_put(hdev);
2217
2218 return err;
2219}
2220
346af67b
VCG		 2221static int load_long_term_keys(struct sock *sk, u16 index,
2222 void *cp_data, u16 len)
2223{
2224 struct hci_dev *hdev;
2225 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2226 u16 key_count, expected_len;
2227 int i;
2228
2229 if (len < sizeof(*cp))
2230 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2231 EINVAL);
2232
2233 key_count = get_unaligned_le16(&cp->key_count);
2234
2235 expected_len = sizeof(*cp) + key_count *
2236 sizeof(struct mgmt_ltk_info);
2237 if (expected_len != len) {
2238 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2239 len, expected_len);
2240 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2241 EINVAL);
2242 }
2243
2244 hdev = hci_dev_get(index);
2245 if (!hdev)
2246 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2247 ENODEV);
2248
2249 BT_DBG("hci%u key_count %u", index, key_count);
2250
2251 hci_dev_lock(hdev);
2252
2253 hci_smp_ltks_clear(hdev);
2254
2255 for (i = 0; i < key_count; i++) {
2256 struct mgmt_ltk_info *key = &cp->keys[i];
2257 u8 type;
2258
2259 if (key->master)
2260 type = HCI_SMP_LTK;
2261 else
2262 type = HCI_SMP_LTK_SLAVE;
2263
2264 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2265 type, 0, key->authenticated, key->val,
2266 key->enc_size, key->ediv, key->rand);
2267 }
2268
2269 hci_dev_unlock(hdev);
2270 hci_dev_put(hdev);
2271
2272 return 0;
2273}
2274
0381101f
JH		 2275int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2276{
650f726d
VCG		 2277 void *buf;
2278 u8 *cp;
0381101f 2279 struct mgmt_hdr *hdr;
4e51eae9 2280 u16 opcode, index, len;
0381101f
JH		 2281 int err;
2282
2283 BT_DBG("got %zu bytes", msglen);
2284
2285 if (msglen < sizeof(*hdr))
2286 return -EINVAL;
2287
e63a15ec 2288 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2289 if (!buf)
2290 return -ENOMEM;
2291
2292 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2293 err = -EFAULT;
2294 goto done;
2295 }
2296
650f726d 2297 hdr = buf;
0381101f 2298 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2299 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2300 len = get_unaligned_le16(&hdr->len);
2301
2302 if (len != msglen - sizeof(*hdr)) {
2303 err = -EINVAL;
2304 goto done;
2305 }
2306
650f726d
VCG		 2307 cp = buf + sizeof(*hdr);
2308
0381101f 2309 switch (opcode) {
02d98129
JH		 2310 case MGMT_OP_READ_VERSION:
2311 err = read_version(sk);
2312 break;
faba42eb
JH		 2313 case MGMT_OP_READ_INDEX_LIST:
2314 err = read_index_list(sk);
2315 break;
f7b64e69 2316 case MGMT_OP_READ_INFO:
4e51eae9 2317 err = read_controller_info(sk, index);
f7b64e69 2318 break;
eec8d2bc 2319 case MGMT_OP_SET_POWERED:
650f726d 2320 err = set_powered(sk, index, cp, len);
eec8d2bc 2321 break;
73f22f62 2322 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2323 err = set_discoverable(sk, index, cp, len);
73f22f62 2324 break;
9fbcbb45 2325 case MGMT_OP_SET_CONNECTABLE:
650f726d 2326 err = set_connectable(sk, index, cp, len);
9fbcbb45 2327 break;
f7c6869c 2328 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2329 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2330 break;
c542a06c 2331 case MGMT_OP_SET_PAIRABLE:
650f726d 2332 err = set_pairable(sk, index, cp, len);
c542a06c 2333 break;
2aeb9a1a 2334 case MGMT_OP_ADD_UUID:
650f726d 2335 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2336 break;
2337 case MGMT_OP_REMOVE_UUID:
650f726d 2338 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2339 break;
1aff6f09 2340 case MGMT_OP_SET_DEV_CLASS:
650f726d 2341 err = set_dev_class(sk, index, cp, len);
1aff6f09 2342 break;
86742e1e 2343 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2344 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2345 break;
8962ee74 2346 case MGMT_OP_DISCONNECT:
650f726d 2347 err = disconnect(sk, index, cp, len);
8962ee74 2348 break;
2784eb41 2349 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2350 err = get_connections(sk, index);
2784eb41 2351 break;
980e1a53 2352 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2353 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2354 break;
2355 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2356 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2357 break;
17fa4b9d 2358 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2359 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2360 break;
e9a416b5 2361 case MGMT_OP_PAIR_DEVICE:
650f726d 2362 err = pair_device(sk, index, cp, len);
e9a416b5 2363 break;
28424707
JH		 2364 case MGMT_OP_CANCEL_PAIR_DEVICE:
2365 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2366 break;
124f6e35
JH		 2367 case MGMT_OP_UNPAIR_DEVICE:
2368 err = unpair_device(sk, index, cp, len);
2369 break;
a5c29683 2370 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2371 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2372 break;
2373 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2374 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2375 break;
604086b7 2376 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2377 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2378 break;
2379 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2380 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2381 break;
b312b161 2382 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2383 err = set_local_name(sk, index, cp, len);
b312b161 2384 break;
c35938b2
SJ		 2385 case MGMT_OP_READ_LOCAL_OOB_DATA:
2386 err = read_local_oob_data(sk, index);
2387 break;
2763eda6 2388 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2389 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2390 break;
2391 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2392 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2393 break;
14a53664 2394 case MGMT_OP_START_DISCOVERY:
650f726d 2395 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2396 break;
2397 case MGMT_OP_STOP_DISCOVERY:
2398 err = stop_discovery(sk, index);
2399 break;
561aafbc 2400 case MGMT_OP_CONFIRM_NAME:
650f726d 2401 err = confirm_name(sk, index, cp, len);
561aafbc 2402 break;
7fbec224 2403 case MGMT_OP_BLOCK_DEVICE:
650f726d 2404 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2405 break;
2406 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2407 err = unblock_device(sk, index, cp, len);
7fbec224 2408 break;
346af67b
VCG		 2409 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2410 err = load_long_term_keys(sk, index, cp, len);
2411 break;
0381101f
JH		 2412 default:
2413 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2414 err = cmd_status(sk, index, opcode,
2415 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2416 break;
2417 }
2418
e41d8b4e
JH		 2419 if (err < 0)
2420 goto done;
2421
0381101f
JH		 2422 err = msglen;
2423
2424done:
2425 kfree(buf);
2426 return err;
2427}
c71e97bf 2428
b24752fe
JH		 2429static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2430{
2431 u8 *status = data;
2432
2433 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2434 mgmt_pending_remove(cmd);
2435}
2436
744cf19e 2437int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2438{
744cf19e 2439 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2440}
2441
744cf19e 2442int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2443{
b24752fe
JH		 2444 u8 status = ENODEV;
2445
744cf19e 2446 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2447
744cf19e 2448 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2449}
2450
73f22f62 2451struct cmd_lookup {
72a734ec 2452 u8 val;
eec8d2bc 2453 struct sock *sk;
69ab39ea 2454 struct hci_dev *hdev;
eec8d2bc
JH		 2455};
2456
69ab39ea 2457static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2458{
73f22f62 2459 struct cmd_lookup *match = data;
eec8d2bc 2460
69ab39ea 2461 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2462
2463 list_del(&cmd->list);
2464
2465 if (match->sk == NULL) {
2466 match->sk = cmd->sk;
2467 sock_hold(match->sk);
2468 }
2469
2470 mgmt_pending_free(cmd);
c71e97bf 2471}
5add6af8 2472
744cf19e 2473int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2474{
69ab39ea
JH		 2475 struct cmd_lookup match = { powered, NULL, hdev };
2476 __le32 ev;
eec8d2bc 2477 int ret;
5add6af8 2478
69ab39ea 2479 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2480
b24752fe
JH		 2481 if (!powered) {
2482 u8 status = ENETDOWN;
744cf19e 2483 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2484 }
2485
69ab39ea 2486 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2487
69ab39ea
JH		 2488 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2489 match.sk);
eec8d2bc
JH		 2490
2491 if (match.sk)
2492 sock_put(match.sk);
2493
2494 return ret;
5add6af8 2495}
73f22f62 2496
744cf19e 2497int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2498{
69ab39ea
JH		 2499 struct cmd_lookup match = { discoverable, NULL, hdev };
2500 __le32 ev;
73f22f62
JH		 2501 int ret;
2502
69ab39ea 2503 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2504
69ab39ea 2505 ev = cpu_to_le32(get_current_settings(hdev));
73f22f62 2506
69ab39ea 2507 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2508 match.sk);
73f22f62
JH		 2509 if (match.sk)
2510 sock_put(match.sk);
2511
2512 return ret;
2513}
9fbcbb45 2514
744cf19e 2515int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2516{
69ab39ea
JH		 2517 __le32 ev;
2518 struct cmd_lookup match = { connectable, NULL, hdev };
9fbcbb45
JH		 2519 int ret;
2520
69ab39ea
JH		 2521 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2522 &match);
9fbcbb45 2523
69ab39ea 2524 ev = cpu_to_le32(get_current_settings(hdev));
9fbcbb45 2525
69ab39ea 2526 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2527
2528 if (match.sk)
2529 sock_put(match.sk);
2530
2531 return ret;
2532}
55ed8ca1 2533
744cf19e 2534int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2535{
ca69b795
JH		 2536 u8 mgmt_err = mgmt_status(status);
2537
2d7cee58 2538 if (scan & SCAN_PAGE)
744cf19e 2539 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2540 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2541
2542 if (scan & SCAN_INQUIRY)
744cf19e 2543 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2544 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2545
2546 return 0;
2547}
2548
744cf19e
JH		 2549int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2550 u8 persistent)
55ed8ca1 2551{
86742e1e 2552 struct mgmt_ev_new_link_key ev;
55ed8ca1 2553
a492cd52 2554 memset(&ev, 0, sizeof(ev));
55ed8ca1 2555
a492cd52
VCG		 2556 ev.store_hint = persistent;
2557 bacpy(&ev.key.bdaddr, &key->bdaddr);
2558 ev.key.type = key->type;
2559 memcpy(ev.key.val, key->val, 16);
2560 ev.key.pin_len = key->pin_len;
55ed8ca1 2561
744cf19e 2562 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2563}
f7520543 2564
346af67b
VCG		 2565int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2566{
2567 struct mgmt_ev_new_long_term_key ev;
2568
2569 memset(&ev, 0, sizeof(ev));
2570
2571 ev.store_hint = persistent;
2572 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2573 ev.key.addr.type = key->bdaddr_type;
2574 ev.key.authenticated = key->authenticated;
2575 ev.key.enc_size = key->enc_size;
2576 ev.key.ediv = key->ediv;
2577
2578 if (key->type == HCI_SMP_LTK)
2579 ev.key.master = 1;
2580
2581 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2582 memcpy(ev.key.val, key->val, sizeof(key->val));
2583
2584 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2585 &ev, sizeof(ev), NULL);
2586}
2587
afc747a6 2588int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 2589 u8 addr_type, u8 *name, u8 name_len,
2590 u8 *dev_class)
f7520543 2591{
b644ba33
JH		 2592 char buf[512];
2593 struct mgmt_ev_device_connected *ev = (void *) buf;
2594 u16 eir_len = 0;
f7520543 2595
b644ba33
JH		 2596 bacpy(&ev->addr.bdaddr, bdaddr);
2597 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2598
b644ba33
JH		 2599 if (name_len > 0)
2600 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2601 name, name_len);
2602
2603 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2604 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2605 EIR_CLASS_OF_DEV, dev_class, 3);
2606
2607 put_unaligned_le16(eir_len, &ev->eir_len);
2608
2609 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2610 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2611}
2612
8962ee74
JH		 2613static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2614{
c68fb7ff 2615 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2616 struct sock **sk = data;
a38528f1 2617 struct mgmt_rp_disconnect rp;
8962ee74 2618
88c3df13
JH		 2619 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2620 rp.addr.type = cp->addr.type;
37d9ef76 2621 rp.status = 0;
8962ee74 2622
4e51eae9 2623 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2624
2625 *sk = cmd->sk;
2626 sock_hold(*sk);
2627
a664b5bc 2628 mgmt_pending_remove(cmd);
8962ee74
JH		 2629}
2630
124f6e35 2631static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e
JH		 2632{
2633 u8 *status = data;
124f6e35
JH		 2634 struct mgmt_cp_unpair_device *cp = cmd->param;
2635 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2636
2637 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2638 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2639 rp.addr.type = cp->addr.type;
a8a1d19e
JH		 2640 if (status != NULL)
2641 rp.status = *status;
2642
124f6e35 2643 cmd_complete(cmd->sk, cmd->index, MGMT_OP_UNPAIR_DEVICE, &rp,
a8a1d19e
JH		 2644 sizeof(rp));
2645
2646 mgmt_pending_remove(cmd);
2647}
2648
afc747a6
JH		 2649int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2650 u8 link_type, u8 addr_type)
f7520543 2651{
4c659c39 2652 struct mgmt_addr_info ev;
8962ee74
JH		 2653 struct sock *sk = NULL;
2654 int err;
2655
744cf19e 2656 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2657
f7520543 2658 bacpy(&ev.bdaddr, bdaddr);
48264f06 2659 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2660
afc747a6
JH		 2661 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2662 sk);
8962ee74
JH		 2663
2664 if (sk)
2665 sock_put(sk);
2666
124f6e35
JH		 2667 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2668 NULL);
a8a1d19e 2669
8962ee74
JH		 2670 return err;
2671}
2672
88c3df13
JH		 2673int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2674 u8 link_type, u8 addr_type, u8 status)
8962ee74 2675{
88c3df13 2676 struct mgmt_rp_disconnect rp;
8962ee74
JH		 2677 struct pending_cmd *cmd;
2678 int err;
2679
2e58ef3e 2680 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2681 if (!cmd)
2682 return -ENOENT;
2683
88c3df13
JH		 2684 bacpy(&rp.addr.bdaddr, bdaddr);
2685 rp.addr.type = link_to_mgmt(link_type, addr_type);
2686 rp.status = mgmt_status(status);
37d9ef76 2687
88c3df13 2688 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
37d9ef76 2689 &rp, sizeof(rp));
8962ee74 2690
a664b5bc 2691 mgmt_pending_remove(cmd);
8962ee74
JH		 2692
2693 return err;
f7520543 2694}
17d5c04c 2695
48264f06
JH		 2696int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2697 u8 addr_type, u8 status)
17d5c04c
JH		 2698{
2699 struct mgmt_ev_connect_failed ev;
2700
4c659c39 2701 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2702 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2703 ev.status = mgmt_status(status);
17d5c04c 2704
744cf19e 2705 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2706}
980e1a53 2707
744cf19e 2708int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2709{
2710 struct mgmt_ev_pin_code_request ev;
2711
980e1a53 2712 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2713 ev.secure = secure;
980e1a53 2714
744cf19e 2715 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2716 NULL);
980e1a53
JH		 2717}
2718
744cf19e
JH		 2719int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2720 u8 status)
980e1a53
JH		 2721{
2722 struct pending_cmd *cmd;
ac56fb13 2723 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2724 int err;
2725
2e58ef3e 2726 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2727 if (!cmd)
2728 return -ENOENT;
2729
ac56fb13 2730 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2731 rp.status = mgmt_status(status);
ac56fb13 2732
744cf19e 2733 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2734 sizeof(rp));
980e1a53 2735
a664b5bc 2736 mgmt_pending_remove(cmd);
980e1a53
JH		 2737
2738 return err;
2739}
2740
744cf19e
JH		 2741int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2742 u8 status)
980e1a53
JH		 2743{
2744 struct pending_cmd *cmd;
ac56fb13 2745 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2746 int err;
2747
2e58ef3e 2748 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2749 if (!cmd)
2750 return -ENOENT;
2751
ac56fb13 2752 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2753 rp.status = mgmt_status(status);
ac56fb13 2754
744cf19e 2755 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2756 sizeof(rp));
980e1a53 2757
a664b5bc 2758 mgmt_pending_remove(cmd);
980e1a53
JH		 2759
2760 return err;
2761}
a5c29683 2762
744cf19e 2763int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 2764 u8 link_type, u8 addr_type, __le32 value,
2765 u8 confirm_hint)
a5c29683
JH		 2766{
2767 struct mgmt_ev_user_confirm_request ev;
2768
744cf19e 2769 BT_DBG("%s", hdev->name);
a5c29683 2770
272d90df
JH		 2771 bacpy(&ev.addr.bdaddr, bdaddr);
2772 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 2773 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2774 put_unaligned_le32(value, &ev.value);
2775
744cf19e 2776 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2777 NULL);
a5c29683
JH		 2778}
2779
272d90df
JH		 2780int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2781 u8 link_type, u8 addr_type)
604086b7
BG		 2782{
2783 struct mgmt_ev_user_passkey_request ev;
2784
2785 BT_DBG("%s", hdev->name);
2786
272d90df
JH		 2787 bacpy(&ev.addr.bdaddr, bdaddr);
2788 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 2789
2790 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2791 NULL);
2792}
2793
0df4c185 2794static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 2795 u8 link_type, u8 addr_type, u8 status,
2796 u8 opcode)
a5c29683
JH		 2797{
2798 struct pending_cmd *cmd;
2799 struct mgmt_rp_user_confirm_reply rp;
2800 int err;
2801
2e58ef3e 2802 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2803 if (!cmd)
2804 return -ENOENT;
2805
272d90df
JH		 2806 bacpy(&rp.addr.bdaddr, bdaddr);
2807 rp.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2808 rp.status = mgmt_status(status);
744cf19e 2809 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2810
a664b5bc 2811 mgmt_pending_remove(cmd);
a5c29683
JH		 2812
2813 return err;
2814}
2815
744cf19e 2816int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 2817 u8 link_type, u8 addr_type, u8 status)
a5c29683 2818{
272d90df
JH		 2819 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2820 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 2821}
2822
272d90df
JH		 2823int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2824 u8 link_type, u8 addr_type, u8 status)
a5c29683 2825{
272d90df
JH		 2826 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2827 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 2828}
2a611692 2829
604086b7 2830int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 2831 u8 link_type, u8 addr_type, u8 status)
604086b7 2832{
272d90df
JH		 2833 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2834 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 2835}
2836
272d90df
JH		 2837int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2838 u8 link_type, u8 addr_type, u8 status)
604086b7 2839{
272d90df
JH		 2840 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2841 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 2842}
2843
744cf19e 2844int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2a611692
JH		 2845{
2846 struct mgmt_ev_auth_failed ev;
2847
2a611692 2848 bacpy(&ev.bdaddr, bdaddr);
ca69b795 2849 ev.status = mgmt_status(status);
2a611692 2850
744cf19e 2851 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2852}
b312b161 2853
744cf19e 2854int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2855{
2856 struct pending_cmd *cmd;
2857 struct mgmt_cp_set_local_name ev;
2858 int err;
2859
2860 memset(&ev, 0, sizeof(ev));
2861 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2862
2e58ef3e 2863 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2864 if (!cmd)
2865 goto send_event;
2866
2867 if (status) {
744cf19e 2868 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 2869 mgmt_status(status));
b312b161
JH		 2870 goto failed;
2871 }
2872
744cf19e 2873 update_eir(hdev);
80a1e1db 2874
744cf19e 2875 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2876 sizeof(ev));
2877 if (err < 0)
2878 goto failed;
2879
2880send_event:
744cf19e 2881 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2882 cmd ? cmd->sk : NULL);
2883
2884failed:
2885 if (cmd)
2886 mgmt_pending_remove(cmd);
2887 return err;
2888}
c35938b2 2889
744cf19e
JH		 2890int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2891 u8 *randomizer, u8 status)
c35938b2
SJ		 2892{
2893 struct pending_cmd *cmd;
2894 int err;
2895
744cf19e 2896 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2897
2e58ef3e 2898 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2899 if (!cmd)
2900 return -ENOENT;
2901
2902 if (status) {
744cf19e 2903 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 2904 MGMT_OP_READ_LOCAL_OOB_DATA,
2905 mgmt_status(status));
c35938b2
SJ		 2906 } else {
2907 struct mgmt_rp_read_local_oob_data rp;
2908
2909 memcpy(rp.hash, hash, sizeof(rp.hash));
2910 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2911
744cf19e
JH		 2912 err = cmd_complete(cmd->sk, hdev->id,
2913 MGMT_OP_READ_LOCAL_OOB_DATA,
2914 &rp, sizeof(rp));
c35938b2
SJ		 2915 }
2916
2917 mgmt_pending_remove(cmd);
2918
2919 return err;
2920}
e17acd40 2921
48264f06 2922int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 2923 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 2924 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 2925{
e319d2e7
JH		 2926 char buf[512];
2927 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 2928 size_t ev_size;
e17acd40 2929
1dc06093
JH		 2930 /* Leave 5 bytes for a potential CoD field */
2931 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 2932 return -EINVAL;
2933
1dc06093
JH		 2934 memset(buf, 0, sizeof(buf));
2935
e319d2e7
JH		 2936 bacpy(&ev->addr.bdaddr, bdaddr);
2937 ev->addr.type = link_to_mgmt(link_type, addr_type);
2938 ev->rssi = rssi;
2939 ev->confirm_name = cfm_name;
e17acd40 2940
1dc06093 2941 if (eir_len > 0)
e319d2e7 2942 memcpy(ev->eir, eir, eir_len);
e17acd40 2943
1dc06093
JH		 2944 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2945 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
2946 dev_class, 3);
2947
2948 put_unaligned_le16(eir_len, &ev->eir_len);
2949
2950 ev_size = sizeof(*ev) + eir_len;
f8523598 2951
e319d2e7 2952 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 2953}
a88a9652 2954
b644ba33
JH		 2955int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2956 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 2957{
b644ba33
JH		 2958 struct mgmt_ev_device_found *ev;
2959 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
2960 u16 eir_len;
a88a9652 2961
b644ba33 2962 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 2963
b644ba33
JH		 2964 memset(buf, 0, sizeof(buf));
2965
2966 bacpy(&ev->addr.bdaddr, bdaddr);
2967 ev->addr.type = link_to_mgmt(link_type, addr_type);
2968 ev->rssi = rssi;
2969
2970 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
2971 name_len);
2972
2973 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 2974
053c7e0c
JH		 2975 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
2976 sizeof(*ev) + eir_len, NULL);
a88a9652 2977}
314b2381 2978
7a135109 2979int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2980{
2981 struct pending_cmd *cmd;
2982 int err;
2983
2e58ef3e 2984 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 2985 if (!cmd)
2986 return -ENOENT;
2987
ca69b795 2988 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 2989 mgmt_pending_remove(cmd);
2990
2991 return err;
2992}
2993
e6d465cb
AG		 2994int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2995{
2996 struct pending_cmd *cmd;
2997 int err;
2998
2999 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3000 if (!cmd)
3001 return -ENOENT;
3002
e75a8b0c 3003 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 3004 mgmt_pending_remove(cmd);
3005
3006 return err;
3007}
3008
744cf19e 3009int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3010{
164a6e78
JH		 3011 struct pending_cmd *cmd;
3012
343fb145
AG		 3013 BT_DBG("%s discovering %u", hdev->name, discovering);
3014
164a6e78 3015 if (discovering)
2e58ef3e 3016 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3017 else
2e58ef3e 3018 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3019
3020 if (cmd != NULL) {
744cf19e 3021 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 3022 mgmt_pending_remove(cmd);
3023 }
3024
744cf19e 3025 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 3026 sizeof(discovering), NULL);
3027}
5e762444 3028
88c1fe4b 3029int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3030{
3031 struct pending_cmd *cmd;
3032 struct mgmt_ev_device_blocked ev;
3033
2e58ef3e 3034 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3035
88c1fe4b
JH		 3036 bacpy(&ev.addr.bdaddr, bdaddr);
3037 ev.addr.type = type;
5e762444 3038
744cf19e
JH		 3039 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3040 cmd ? cmd->sk : NULL);
5e762444
AJ		 3041}
3042
88c1fe4b 3043int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3044{
3045 struct pending_cmd *cmd;
3046 struct mgmt_ev_device_unblocked ev;
3047
2e58ef3e 3048 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3049
88c1fe4b
JH		 3050 bacpy(&ev.addr.bdaddr, bdaddr);
3051 ev.addr.type = type;
5e762444 3052
744cf19e
JH		 3053 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3054 cmd ? cmd->sk : NULL);
5e762444 3055}
kernel source for telekom puls (alcatel/mediatek)