projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Add address type to mgmt blacklist messages
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
37
38 /*
39 * These LE scan and inquiry parameters were chosen according to LE General
40 * Discovery Procedure specification.
41 */
42 #define LE_SCAN_TYPE 0x01
43 #define LE_SCAN_WIN 0x12
44 #define LE_SCAN_INT 0x12
45 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
46
47 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
48
49 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
50
51 struct pending_cmd {
52 struct list_head list;
53 u16 opcode;
54 int index;
55 void *param;
56 struct sock *sk;
57 void *user_data;
58 };
59
60 /* HCI to MGMT error code conversion table */
61 static u8 mgmt_status_table[] = {
62 MGMT_STATUS_SUCCESS,
63 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
64 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
65 MGMT_STATUS_FAILED, /* Hardware Failure */
66 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
67 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
68 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
69 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
70 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
71 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
72 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
73 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
74 MGMT_STATUS_BUSY, /* Command Disallowed */
75 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
76 MGMT_STATUS_REJECTED, /* Rejected Security */
77 MGMT_STATUS_REJECTED, /* Rejected Personal */
78 MGMT_STATUS_TIMEOUT, /* Host Timeout */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
80 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
81 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
82 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
83 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
84 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
85 MGMT_STATUS_BUSY, /* Repeated Attempts */
86 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
87 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
88 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
89 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
90 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
91 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
92 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
93 MGMT_STATUS_FAILED, /* Unspecified Error */
94 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
95 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
96 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
97 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
98 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
99 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
100 MGMT_STATUS_FAILED, /* Unit Link Key Used */
101 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
102 MGMT_STATUS_TIMEOUT, /* Instant Passed */
103 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
104 MGMT_STATUS_FAILED, /* Transaction Collision */
105 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
106 MGMT_STATUS_REJECTED, /* QoS Rejected */
107 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
108 MGMT_STATUS_REJECTED, /* Insufficient Security */
109 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
110 MGMT_STATUS_BUSY, /* Role Switch Pending */
111 MGMT_STATUS_FAILED, /* Slot Violation */
112 MGMT_STATUS_FAILED, /* Role Switch Failed */
113 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
114 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
115 MGMT_STATUS_BUSY, /* Host Busy Pairing */
116 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
117 MGMT_STATUS_BUSY, /* Controller Busy */
118 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
119 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
120 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
121 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
122 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
123 };
124
125 static u8 mgmt_status(u8 hci_status)
126 {
127 if (hci_status < ARRAY_SIZE(mgmt_status_table))
128 return mgmt_status_table[hci_status];
129
130 return MGMT_STATUS_FAILED;
131 }
132
133 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
134 {
135 struct sk_buff *skb;
136 struct mgmt_hdr *hdr;
137 struct mgmt_ev_cmd_status *ev;
138 int err;
139
140 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
141
142 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
143 if (!skb)
144 return -ENOMEM;
145
146 hdr = (void *) skb_put(skb, sizeof(*hdr));
147
148 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
149 hdr->index = cpu_to_le16(index);
150 hdr->len = cpu_to_le16(sizeof(*ev));
151
152 ev = (void *) skb_put(skb, sizeof(*ev));
153 ev->status = status;
154 put_unaligned_le16(cmd, &ev->opcode);
155
156 err = sock_queue_rcv_skb(sk, skb);
157 if (err < 0)
158 kfree_skb(skb);
159
160 return err;
161 }
162
163 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
164 size_t rp_len)
165 {
166 struct sk_buff *skb;
167 struct mgmt_hdr *hdr;
168 struct mgmt_ev_cmd_complete *ev;
169 int err;
170
171 BT_DBG("sock %p", sk);
172
173 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
174 if (!skb)
175 return -ENOMEM;
176
177 hdr = (void *) skb_put(skb, sizeof(*hdr));
178
179 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
180 hdr->index = cpu_to_le16(index);
181 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
182
183 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
184 put_unaligned_le16(cmd, &ev->opcode);
185
186 if (rp)
187 memcpy(ev->data, rp, rp_len);
188
189 err = sock_queue_rcv_skb(sk, skb);
190 if (err < 0)
191 kfree_skb(skb);
192
193 return err;;
194 }
195
196 static int read_version(struct sock *sk)
197 {
198 struct mgmt_rp_read_version rp;
199
200 BT_DBG("sock %p", sk);
201
202 rp.version = MGMT_VERSION;
203 put_unaligned_le16(MGMT_REVISION, &rp.revision);
204
205 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
206 sizeof(rp));
207 }
208
209 static int read_index_list(struct sock *sk)
210 {
211 struct mgmt_rp_read_index_list *rp;
212 struct list_head *p;
213 struct hci_dev *d;
214 size_t rp_len;
215 u16 count;
216 int i, err;
217
218 BT_DBG("sock %p", sk);
219
220 read_lock(&hci_dev_list_lock);
221
222 count = 0;
223 list_for_each(p, &hci_dev_list) {
224 count++;
225 }
226
227 rp_len = sizeof(*rp) + (2 * count);
228 rp = kmalloc(rp_len, GFP_ATOMIC);
229 if (!rp) {
230 read_unlock(&hci_dev_list_lock);
231 return -ENOMEM;
232 }
233
234 put_unaligned_le16(count, &rp->num_controllers);
235
236 i = 0;
237 list_for_each_entry(d, &hci_dev_list, list) {
238 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
239 cancel_delayed_work(&d->power_off);
240
241 if (test_bit(HCI_SETUP, &d->dev_flags))
242 continue;
243
244 put_unaligned_le16(d->id, &rp->index[i++]);
245 BT_DBG("Added hci%u", d->id);
246 }
247
248 read_unlock(&hci_dev_list_lock);
249
250 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
251 rp_len);
252
253 kfree(rp);
254
255 return err;
256 }
257
258 static u32 get_supported_settings(struct hci_dev *hdev)
259 {
260 u32 settings = 0;
261
262 settings |= MGMT_SETTING_POWERED;
263 settings |= MGMT_SETTING_CONNECTABLE;
264 settings |= MGMT_SETTING_FAST_CONNECTABLE;
265 settings |= MGMT_SETTING_DISCOVERABLE;
266 settings |= MGMT_SETTING_PAIRABLE;
267
268 if (hdev->features[6] & LMP_SIMPLE_PAIR)
269 settings |= MGMT_SETTING_SSP;
270
271 if (!(hdev->features[4] & LMP_NO_BREDR)) {
272 settings |= MGMT_SETTING_BREDR;
273 settings |= MGMT_SETTING_LINK_SECURITY;
274 }
275
276 if (hdev->features[4] & LMP_LE)
277 settings |= MGMT_SETTING_LE;
278
279 return settings;
280 }
281
282 static u32 get_current_settings(struct hci_dev *hdev)
283 {
284 u32 settings = 0;
285
286 if (test_bit(HCI_UP, &hdev->flags))
287 settings |= MGMT_SETTING_POWERED;
288 else
289 return settings;
290
291 if (test_bit(HCI_PSCAN, &hdev->flags))
292 settings |= MGMT_SETTING_CONNECTABLE;
293
294 if (test_bit(HCI_ISCAN, &hdev->flags))
295 settings |= MGMT_SETTING_DISCOVERABLE;
296
297 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
298 settings |= MGMT_SETTING_PAIRABLE;
299
300 if (!(hdev->features[4] & LMP_NO_BREDR))
301 settings |= MGMT_SETTING_BREDR;
302
303 if (hdev->host_features[0] & LMP_HOST_LE)
304 settings |= MGMT_SETTING_LE;
305
306 if (test_bit(HCI_AUTH, &hdev->flags))
307 settings |= MGMT_SETTING_LINK_SECURITY;
308
309 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
310 settings |= MGMT_SETTING_SSP;
311
312 return settings;
313 }
314
315 #define PNP_INFO_SVCLASS_ID 0x1200
316
317 static u8 bluetooth_base_uuid[] = {
318 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
319 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
320 };
321
322 static u16 get_uuid16(u8 *uuid128)
323 {
324 u32 val;
325 int i;
326
327 for (i = 0; i < 12; i++) {
328 if (bluetooth_base_uuid[i] != uuid128[i])
329 return 0;
330 }
331
332 memcpy(&val, &uuid128[12], 4);
333
334 val = le32_to_cpu(val);
335 if (val > 0xffff)
336 return 0;
337
338 return (u16) val;
339 }
340
341 static void create_eir(struct hci_dev *hdev, u8 *data)
342 {
343 u8 *ptr = data;
344 u16 eir_len = 0;
345 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
346 int i, truncated = 0;
347 struct bt_uuid *uuid;
348 size_t name_len;
349
350 name_len = strlen(hdev->dev_name);
351
352 if (name_len > 0) {
353 /* EIR Data type */
354 if (name_len > 48) {
355 name_len = 48;
356 ptr[1] = EIR_NAME_SHORT;
357 } else
358 ptr[1] = EIR_NAME_COMPLETE;
359
360 /* EIR Data length */
361 ptr[0] = name_len + 1;
362
363 memcpy(ptr + 2, hdev->dev_name, name_len);
364
365 eir_len += (name_len + 2);
366 ptr += (name_len + 2);
367 }
368
369 memset(uuid16_list, 0, sizeof(uuid16_list));
370
371 /* Group all UUID16 types */
372 list_for_each_entry(uuid, &hdev->uuids, list) {
373 u16 uuid16;
374
375 uuid16 = get_uuid16(uuid->uuid);
376 if (uuid16 == 0)
377 return;
378
379 if (uuid16 < 0x1100)
380 continue;
381
382 if (uuid16 == PNP_INFO_SVCLASS_ID)
383 continue;
384
385 /* Stop if not enough space to put next UUID */
386 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
387 truncated = 1;
388 break;
389 }
390
391 /* Check for duplicates */
392 for (i = 0; uuid16_list[i] != 0; i++)
393 if (uuid16_list[i] == uuid16)
394 break;
395
396 if (uuid16_list[i] == 0) {
397 uuid16_list[i] = uuid16;
398 eir_len += sizeof(u16);
399 }
400 }
401
402 if (uuid16_list[0] != 0) {
403 u8 *length = ptr;
404
405 /* EIR Data type */
406 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
407
408 ptr += 2;
409 eir_len += 2;
410
411 for (i = 0; uuid16_list[i] != 0; i++) {
412 *ptr++ = (uuid16_list[i] & 0x00ff);
413 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
414 }
415
416 /* EIR Data length */
417 *length = (i * sizeof(u16)) + 1;
418 }
419 }
420
421 static int update_eir(struct hci_dev *hdev)
422 {
423 struct hci_cp_write_eir cp;
424
425 if (!(hdev->features[6] & LMP_EXT_INQ))
426 return 0;
427
428 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
429 return 0;
430
431 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
432 return 0;
433
434 memset(&cp, 0, sizeof(cp));
435
436 create_eir(hdev, cp.data);
437
438 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
439 return 0;
440
441 memcpy(hdev->eir, cp.data, sizeof(cp.data));
442
443 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
444 }
445
446 static u8 get_service_classes(struct hci_dev *hdev)
447 {
448 struct bt_uuid *uuid;
449 u8 val = 0;
450
451 list_for_each_entry(uuid, &hdev->uuids, list)
452 val |= uuid->svc_hint;
453
454 return val;
455 }
456
457 static int update_class(struct hci_dev *hdev)
458 {
459 u8 cod[3];
460
461 BT_DBG("%s", hdev->name);
462
463 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
464 return 0;
465
466 cod[0] = hdev->minor_class;
467 cod[1] = hdev->major_class;
468 cod[2] = get_service_classes(hdev);
469
470 if (memcmp(cod, hdev->dev_class, 3) == 0)
471 return 0;
472
473 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
474 }
475
476 static void service_cache_off(struct work_struct *work)
477 {
478 struct hci_dev *hdev = container_of(work, struct hci_dev,
479 service_cache.work);
480
481 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
482 return;
483
484 hci_dev_lock(hdev);
485
486 update_eir(hdev);
487 update_class(hdev);
488
489 hci_dev_unlock(hdev);
490 }
491
492 static void mgmt_init_hdev(struct hci_dev *hdev)
493 {
494 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
495 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
496
497 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
498 schedule_delayed_work(&hdev->service_cache,
499 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
500 }
501
502 static int read_controller_info(struct sock *sk, u16 index)
503 {
504 struct mgmt_rp_read_info rp;
505 struct hci_dev *hdev;
506
507 BT_DBG("sock %p hci%u", sk, index);
508
509 hdev = hci_dev_get(index);
510 if (!hdev)
511 return cmd_status(sk, index, MGMT_OP_READ_INFO,
512 MGMT_STATUS_INVALID_PARAMS);
513
514 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
515 cancel_delayed_work_sync(&hdev->power_off);
516
517 hci_dev_lock(hdev);
518
519 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
520 mgmt_init_hdev(hdev);
521
522 memset(&rp, 0, sizeof(rp));
523
524 bacpy(&rp.bdaddr, &hdev->bdaddr);
525
526 rp.version = hdev->hci_ver;
527
528 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
529
530 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
531 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
532
533 memcpy(rp.dev_class, hdev->dev_class, 3);
534
535 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
536
537 hci_dev_unlock(hdev);
538 hci_dev_put(hdev);
539
540 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
541 }
542
543 static void mgmt_pending_free(struct pending_cmd *cmd)
544 {
545 sock_put(cmd->sk);
546 kfree(cmd->param);
547 kfree(cmd);
548 }
549
550 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
551 struct hci_dev *hdev,
552 void *data, u16 len)
553 {
554 struct pending_cmd *cmd;
555
556 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
557 if (!cmd)
558 return NULL;
559
560 cmd->opcode = opcode;
561 cmd->index = hdev->id;
562
563 cmd->param = kmalloc(len, GFP_ATOMIC);
564 if (!cmd->param) {
565 kfree(cmd);
566 return NULL;
567 }
568
569 if (data)
570 memcpy(cmd->param, data, len);
571
572 cmd->sk = sk;
573 sock_hold(sk);
574
575 list_add(&cmd->list, &hdev->mgmt_pending);
576
577 return cmd;
578 }
579
580 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
581 void (*cb)(struct pending_cmd *cmd, void *data),
582 void *data)
583 {
584 struct list_head *p, *n;
585
586 list_for_each_safe(p, n, &hdev->mgmt_pending) {
587 struct pending_cmd *cmd;
588
589 cmd = list_entry(p, struct pending_cmd, list);
590
591 if (opcode > 0 && cmd->opcode != opcode)
592 continue;
593
594 cb(cmd, data);
595 }
596 }
597
598 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
599 {
600 struct pending_cmd *cmd;
601
602 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
603 if (cmd->opcode == opcode)
604 return cmd;
605 }
606
607 return NULL;
608 }
609
610 static void mgmt_pending_remove(struct pending_cmd *cmd)
611 {
612 list_del(&cmd->list);
613 mgmt_pending_free(cmd);
614 }
615
616 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
617 {
618 __le32 settings = cpu_to_le32(get_current_settings(hdev));
619
620 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
621 }
622
623 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
624 {
625 struct mgmt_mode *cp = data;
626 struct hci_dev *hdev;
627 struct pending_cmd *cmd;
628 int err, up;
629
630 BT_DBG("request for hci%u", index);
631
632 if (len != sizeof(*cp))
633 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
634 MGMT_STATUS_INVALID_PARAMS);
635
636 hdev = hci_dev_get(index);
637 if (!hdev)
638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
640
641 hci_dev_lock(hdev);
642
643 up = test_bit(HCI_UP, &hdev->flags);
644 if ((cp->val && up) || (!cp->val && !up)) {
645 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
646 goto failed;
647 }
648
649 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
650 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
651 MGMT_STATUS_BUSY);
652 goto failed;
653 }
654
655 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
656 if (!cmd) {
657 err = -ENOMEM;
658 goto failed;
659 }
660
661 if (cp->val)
662 schedule_work(&hdev->power_on);
663 else
664 schedule_work(&hdev->power_off.work);
665
666 err = 0;
667
668 failed:
669 hci_dev_unlock(hdev);
670 hci_dev_put(hdev);
671 return err;
672 }
673
674 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
675 {
676 struct mgmt_cp_set_discoverable *cp = data;
677 struct hci_dev *hdev;
678 struct pending_cmd *cmd;
679 u8 scan;
680 int err;
681
682 BT_DBG("request for hci%u", index);
683
684 if (len != sizeof(*cp))
685 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
686 MGMT_STATUS_INVALID_PARAMS);
687
688 hdev = hci_dev_get(index);
689 if (!hdev)
690 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
691 MGMT_STATUS_INVALID_PARAMS);
692
693 hci_dev_lock(hdev);
694
695 if (!test_bit(HCI_UP, &hdev->flags)) {
696 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
697 MGMT_STATUS_NOT_POWERED);
698 goto failed;
699 }
700
701 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
702 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
703 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
704 MGMT_STATUS_BUSY);
705 goto failed;
706 }
707
708 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
709 test_bit(HCI_PSCAN, &hdev->flags)) {
710 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
711 goto failed;
712 }
713
714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
715 if (!cmd) {
716 err = -ENOMEM;
717 goto failed;
718 }
719
720 scan = SCAN_PAGE;
721
722 if (cp->val)
723 scan |= SCAN_INQUIRY;
724 else
725 cancel_delayed_work(&hdev->discov_off);
726
727 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
728 if (err < 0)
729 mgmt_pending_remove(cmd);
730
731 if (cp->val)
732 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
733
734 failed:
735 hci_dev_unlock(hdev);
736 hci_dev_put(hdev);
737
738 return err;
739 }
740
741 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
742 {
743 struct mgmt_mode *cp = data;
744 struct hci_dev *hdev;
745 struct pending_cmd *cmd;
746 u8 scan;
747 int err;
748
749 BT_DBG("request for hci%u", index);
750
751 if (len != sizeof(*cp))
752 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
753 MGMT_STATUS_INVALID_PARAMS);
754
755 hdev = hci_dev_get(index);
756 if (!hdev)
757 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
758 MGMT_STATUS_INVALID_PARAMS);
759
760 hci_dev_lock(hdev);
761
762 if (!test_bit(HCI_UP, &hdev->flags)) {
763 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764 MGMT_STATUS_NOT_POWERED);
765 goto failed;
766 }
767
768 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
769 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
770 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
771 MGMT_STATUS_BUSY);
772 goto failed;
773 }
774
775 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
776 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
777 goto failed;
778 }
779
780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
781 if (!cmd) {
782 err = -ENOMEM;
783 goto failed;
784 }
785
786 if (cp->val)
787 scan = SCAN_PAGE;
788 else
789 scan = 0;
790
791 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
792 if (err < 0)
793 mgmt_pending_remove(cmd);
794
795 failed:
796 hci_dev_unlock(hdev);
797 hci_dev_put(hdev);
798
799 return err;
800 }
801
802 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
803 u16 data_len, struct sock *skip_sk)
804 {
805 struct sk_buff *skb;
806 struct mgmt_hdr *hdr;
807
808 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
809 if (!skb)
810 return -ENOMEM;
811
812 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
813
814 hdr = (void *) skb_put(skb, sizeof(*hdr));
815 hdr->opcode = cpu_to_le16(event);
816 if (hdev)
817 hdr->index = cpu_to_le16(hdev->id);
818 else
819 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
820 hdr->len = cpu_to_le16(data_len);
821
822 if (data)
823 memcpy(skb_put(skb, data_len), data, data_len);
824
825 hci_send_to_sock(NULL, skb, skip_sk);
826 kfree_skb(skb);
827
828 return 0;
829 }
830
831 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
832 {
833 struct mgmt_mode *cp = data;
834 struct hci_dev *hdev;
835 __le32 ev;
836 int err;
837
838 BT_DBG("request for hci%u", index);
839
840 if (len != sizeof(*cp))
841 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
842 MGMT_STATUS_INVALID_PARAMS);
843
844 hdev = hci_dev_get(index);
845 if (!hdev)
846 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
847 MGMT_STATUS_INVALID_PARAMS);
848
849 hci_dev_lock(hdev);
850
851 if (cp->val)
852 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
853 else
854 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
855
856 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
857 if (err < 0)
858 goto failed;
859
860 ev = cpu_to_le32(get_current_settings(hdev));
861
862 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
863
864 failed:
865 hci_dev_unlock(hdev);
866 hci_dev_put(hdev);
867
868 return err;
869 }
870
871 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
872 {
873 struct mgmt_cp_add_uuid *cp = data;
874 struct hci_dev *hdev;
875 struct bt_uuid *uuid;
876 int err;
877
878 BT_DBG("request for hci%u", index);
879
880 if (len != sizeof(*cp))
881 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
882 MGMT_STATUS_INVALID_PARAMS);
883
884 hdev = hci_dev_get(index);
885 if (!hdev)
886 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
887 MGMT_STATUS_INVALID_PARAMS);
888
889 hci_dev_lock(hdev);
890
891 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
892 if (!uuid) {
893 err = -ENOMEM;
894 goto failed;
895 }
896
897 memcpy(uuid->uuid, cp->uuid, 16);
898 uuid->svc_hint = cp->svc_hint;
899
900 list_add(&uuid->list, &hdev->uuids);
901
902 err = update_class(hdev);
903 if (err < 0)
904 goto failed;
905
906 err = update_eir(hdev);
907 if (err < 0)
908 goto failed;
909
910 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
911
912 failed:
913 hci_dev_unlock(hdev);
914 hci_dev_put(hdev);
915
916 return err;
917 }
918
919 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
920 {
921 struct mgmt_cp_remove_uuid *cp = data;
922 struct list_head *p, *n;
923 struct hci_dev *hdev;
924 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
925 int err, found;
926
927 BT_DBG("request for hci%u", index);
928
929 if (len != sizeof(*cp))
930 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
931 MGMT_STATUS_INVALID_PARAMS);
932
933 hdev = hci_dev_get(index);
934 if (!hdev)
935 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
936 MGMT_STATUS_INVALID_PARAMS);
937
938 hci_dev_lock(hdev);
939
940 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
941 err = hci_uuids_clear(hdev);
942 goto unlock;
943 }
944
945 found = 0;
946
947 list_for_each_safe(p, n, &hdev->uuids) {
948 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
949
950 if (memcmp(match->uuid, cp->uuid, 16) != 0)
951 continue;
952
953 list_del(&match->list);
954 found++;
955 }
956
957 if (found == 0) {
958 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
959 MGMT_STATUS_INVALID_PARAMS);
960 goto unlock;
961 }
962
963 err = update_class(hdev);
964 if (err < 0)
965 goto unlock;
966
967 err = update_eir(hdev);
968 if (err < 0)
969 goto unlock;
970
971 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
972
973 unlock:
974 hci_dev_unlock(hdev);
975 hci_dev_put(hdev);
976
977 return err;
978 }
979
980 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
981 {
982 struct hci_dev *hdev;
983 struct mgmt_cp_set_dev_class *cp = data;
984 int err;
985
986 BT_DBG("request for hci%u", index);
987
988 if (len != sizeof(*cp))
989 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
990 MGMT_STATUS_INVALID_PARAMS);
991
992 hdev = hci_dev_get(index);
993 if (!hdev)
994 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
995 MGMT_STATUS_INVALID_PARAMS);
996
997 hci_dev_lock(hdev);
998
999 hdev->major_class = cp->major;
1000 hdev->minor_class = cp->minor;
1001
1002 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1003 hci_dev_unlock(hdev);
1004 cancel_delayed_work_sync(&hdev->service_cache);
1005 hci_dev_lock(hdev);
1006 update_eir(hdev);
1007 }
1008
1009 err = update_class(hdev);
1010
1011 if (err == 0)
1012 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1013
1014 hci_dev_unlock(hdev);
1015 hci_dev_put(hdev);
1016
1017 return err;
1018 }
1019
1020 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1021 {
1022 struct hci_dev *hdev;
1023 struct mgmt_cp_load_link_keys *cp = data;
1024 u16 key_count, expected_len;
1025 int i;
1026
1027 if (len < sizeof(*cp))
1028 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1029 MGMT_STATUS_INVALID_PARAMS);
1030
1031 key_count = get_unaligned_le16(&cp->key_count);
1032
1033 expected_len = sizeof(*cp) + key_count *
1034 sizeof(struct mgmt_link_key_info);
1035 if (expected_len != len) {
1036 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1037 len, expected_len);
1038 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1039 MGMT_STATUS_INVALID_PARAMS);
1040 }
1041
1042 hdev = hci_dev_get(index);
1043 if (!hdev)
1044 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1045 MGMT_STATUS_INVALID_PARAMS);
1046
1047 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1048 key_count);
1049
1050 hci_dev_lock(hdev);
1051
1052 hci_link_keys_clear(hdev);
1053
1054 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1055
1056 if (cp->debug_keys)
1057 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1058 else
1059 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1060
1061 for (i = 0; i < key_count; i++) {
1062 struct mgmt_link_key_info *key = &cp->keys[i];
1063
1064 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1065 key->pin_len);
1066 }
1067
1068 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1069
1070 hci_dev_unlock(hdev);
1071 hci_dev_put(hdev);
1072
1073 return 0;
1074 }
1075
1076 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1077 {
1078 struct hci_dev *hdev;
1079 struct mgmt_cp_unpair_device *cp = data;
1080 struct mgmt_rp_unpair_device rp;
1081 struct hci_cp_disconnect dc;
1082 struct pending_cmd *cmd;
1083 struct hci_conn *conn;
1084 int err;
1085
1086 if (len != sizeof(*cp))
1087 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1088 MGMT_STATUS_INVALID_PARAMS);
1089
1090 hdev = hci_dev_get(index);
1091 if (!hdev)
1092 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1093 MGMT_STATUS_INVALID_PARAMS);
1094
1095 hci_dev_lock(hdev);
1096
1097 memset(&rp, 0, sizeof(rp));
1098 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1099 rp.addr.type = cp->addr.type;
1100 rp.status = MGMT_STATUS_FAILED;
1101
1102 if (cp->addr.type == MGMT_ADDR_BREDR)
1103 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1104 else
1105 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1106
1107 if (err < 0) {
1108 rp.status = MGMT_STATUS_NOT_PAIRED;
1109 goto unlock;
1110 }
1111
1112 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1113 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1114 sizeof(rp));
1115 goto unlock;
1116 }
1117
1118 if (cp->addr.type == MGMT_ADDR_BREDR)
1119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1120 &cp->addr.bdaddr);
1121 else
1122 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1123 &cp->addr.bdaddr);
1124
1125 if (!conn) {
1126 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1127 sizeof(rp));
1128 goto unlock;
1129 }
1130
1131 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1132 sizeof(*cp));
1133 if (!cmd) {
1134 err = -ENOMEM;
1135 goto unlock;
1136 }
1137
1138 put_unaligned_le16(conn->handle, &dc.handle);
1139 dc.reason = 0x13; /* Remote User Terminated Connection */
1140 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1141 if (err < 0)
1142 mgmt_pending_remove(cmd);
1143
1144 unlock:
1145 if (err < 0)
1146 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1147 sizeof(rp));
1148 hci_dev_unlock(hdev);
1149 hci_dev_put(hdev);
1150
1151 return err;
1152 }
1153
1154 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1155 {
1156 struct hci_dev *hdev;
1157 struct mgmt_cp_disconnect *cp = data;
1158 struct hci_cp_disconnect dc;
1159 struct pending_cmd *cmd;
1160 struct hci_conn *conn;
1161 int err;
1162
1163 BT_DBG("");
1164
1165 if (len != sizeof(*cp))
1166 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1167 MGMT_STATUS_INVALID_PARAMS);
1168
1169 hdev = hci_dev_get(index);
1170 if (!hdev)
1171 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_INVALID_PARAMS);
1173
1174 hci_dev_lock(hdev);
1175
1176 if (!test_bit(HCI_UP, &hdev->flags)) {
1177 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1178 MGMT_STATUS_NOT_POWERED);
1179 goto failed;
1180 }
1181
1182 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1183 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1184 MGMT_STATUS_BUSY);
1185 goto failed;
1186 }
1187
1188 if (cp->addr.type == MGMT_ADDR_BREDR)
1189 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1190 else
1191 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1192
1193 if (!conn) {
1194 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1195 MGMT_STATUS_NOT_CONNECTED);
1196 goto failed;
1197 }
1198
1199 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1200 if (!cmd) {
1201 err = -ENOMEM;
1202 goto failed;
1203 }
1204
1205 put_unaligned_le16(conn->handle, &dc.handle);
1206 dc.reason = 0x13; /* Remote User Terminated Connection */
1207
1208 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1209 if (err < 0)
1210 mgmt_pending_remove(cmd);
1211
1212 failed:
1213 hci_dev_unlock(hdev);
1214 hci_dev_put(hdev);
1215
1216 return err;
1217 }
1218
1219 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1220 {
1221 switch (link_type) {
1222 case LE_LINK:
1223 switch (addr_type) {
1224 case ADDR_LE_DEV_PUBLIC:
1225 return MGMT_ADDR_LE_PUBLIC;
1226 case ADDR_LE_DEV_RANDOM:
1227 return MGMT_ADDR_LE_RANDOM;
1228 default:
1229 return MGMT_ADDR_INVALID;
1230 }
1231 case ACL_LINK:
1232 return MGMT_ADDR_BREDR;
1233 default:
1234 return MGMT_ADDR_INVALID;
1235 }
1236 }
1237
1238 static int get_connections(struct sock *sk, u16 index)
1239 {
1240 struct mgmt_rp_get_connections *rp;
1241 struct hci_dev *hdev;
1242 struct hci_conn *c;
1243 size_t rp_len;
1244 u16 count;
1245 int i, err;
1246
1247 BT_DBG("");
1248
1249 hdev = hci_dev_get(index);
1250 if (!hdev)
1251 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1252 MGMT_STATUS_INVALID_PARAMS);
1253
1254 hci_dev_lock(hdev);
1255
1256 count = 0;
1257 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1258 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1259 count++;
1260 }
1261
1262 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1263 rp = kmalloc(rp_len, GFP_ATOMIC);
1264 if (!rp) {
1265 err = -ENOMEM;
1266 goto unlock;
1267 }
1268
1269 put_unaligned_le16(count, &rp->conn_count);
1270
1271 i = 0;
1272 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1273 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1274 continue;
1275 bacpy(&rp->addr[i].bdaddr, &c->dst);
1276 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1277 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1278 continue;
1279 i++;
1280 }
1281
1282 /* Recalculate length in case of filtered SCO connections, etc */
1283 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1284
1285 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1286
1287 unlock:
1288 kfree(rp);
1289 hci_dev_unlock(hdev);
1290 hci_dev_put(hdev);
1291 return err;
1292 }
1293
1294 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1295 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1296 {
1297 struct pending_cmd *cmd;
1298 int err;
1299
1300 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1301 sizeof(*cp));
1302 if (!cmd)
1303 return -ENOMEM;
1304
1305 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1306 &cp->bdaddr);
1307 if (err < 0)
1308 mgmt_pending_remove(cmd);
1309
1310 return err;
1311 }
1312
1313 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1314 {
1315 struct hci_dev *hdev;
1316 struct hci_conn *conn;
1317 struct mgmt_cp_pin_code_reply *cp = data;
1318 struct mgmt_cp_pin_code_neg_reply ncp;
1319 struct hci_cp_pin_code_reply reply;
1320 struct pending_cmd *cmd;
1321 int err;
1322
1323 BT_DBG("");
1324
1325 if (len != sizeof(*cp))
1326 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1327 MGMT_STATUS_INVALID_PARAMS);
1328
1329 hdev = hci_dev_get(index);
1330 if (!hdev)
1331 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1332 MGMT_STATUS_INVALID_PARAMS);
1333
1334 hci_dev_lock(hdev);
1335
1336 if (!test_bit(HCI_UP, &hdev->flags)) {
1337 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1338 MGMT_STATUS_NOT_POWERED);
1339 goto failed;
1340 }
1341
1342 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1343 if (!conn) {
1344 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1345 MGMT_STATUS_NOT_CONNECTED);
1346 goto failed;
1347 }
1348
1349 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1350 bacpy(&ncp.bdaddr, &cp->bdaddr);
1351
1352 BT_ERR("PIN code is not 16 bytes long");
1353
1354 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1355 if (err >= 0)
1356 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1357 MGMT_STATUS_INVALID_PARAMS);
1358
1359 goto failed;
1360 }
1361
1362 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1363 len);
1364 if (!cmd) {
1365 err = -ENOMEM;
1366 goto failed;
1367 }
1368
1369 bacpy(&reply.bdaddr, &cp->bdaddr);
1370 reply.pin_len = cp->pin_len;
1371 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1372
1373 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1374 if (err < 0)
1375 mgmt_pending_remove(cmd);
1376
1377 failed:
1378 hci_dev_unlock(hdev);
1379 hci_dev_put(hdev);
1380
1381 return err;
1382 }
1383
1384 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1385 {
1386 struct hci_dev *hdev;
1387 struct mgmt_cp_pin_code_neg_reply *cp = data;
1388 int err;
1389
1390 BT_DBG("");
1391
1392 if (len != sizeof(*cp))
1393 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1394 MGMT_STATUS_INVALID_PARAMS);
1395
1396 hdev = hci_dev_get(index);
1397 if (!hdev)
1398 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1399 MGMT_STATUS_INVALID_PARAMS);
1400
1401 hci_dev_lock(hdev);
1402
1403 if (!test_bit(HCI_UP, &hdev->flags)) {
1404 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1405 MGMT_STATUS_NOT_POWERED);
1406 goto failed;
1407 }
1408
1409 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1410
1411 failed:
1412 hci_dev_unlock(hdev);
1413 hci_dev_put(hdev);
1414
1415 return err;
1416 }
1417
1418 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1419 {
1420 struct hci_dev *hdev;
1421 struct mgmt_cp_set_io_capability *cp = data;
1422
1423 BT_DBG("");
1424
1425 if (len != sizeof(*cp))
1426 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1427 MGMT_STATUS_INVALID_PARAMS);
1428
1429 hdev = hci_dev_get(index);
1430 if (!hdev)
1431 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1432 MGMT_STATUS_INVALID_PARAMS);
1433
1434 hci_dev_lock(hdev);
1435
1436 hdev->io_capability = cp->io_capability;
1437
1438 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1439 hdev->io_capability);
1440
1441 hci_dev_unlock(hdev);
1442 hci_dev_put(hdev);
1443
1444 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1445 }
1446
1447 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1448 {
1449 struct hci_dev *hdev = conn->hdev;
1450 struct pending_cmd *cmd;
1451
1452 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1453 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1454 continue;
1455
1456 if (cmd->user_data != conn)
1457 continue;
1458
1459 return cmd;
1460 }
1461
1462 return NULL;
1463 }
1464
1465 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1466 {
1467 struct mgmt_rp_pair_device rp;
1468 struct hci_conn *conn = cmd->user_data;
1469
1470 bacpy(&rp.addr.bdaddr, &conn->dst);
1471 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1472 rp.status = status;
1473
1474 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1475
1476 /* So we don't get further callbacks for this connection */
1477 conn->connect_cfm_cb = NULL;
1478 conn->security_cfm_cb = NULL;
1479 conn->disconn_cfm_cb = NULL;
1480
1481 hci_conn_put(conn);
1482
1483 mgmt_pending_remove(cmd);
1484 }
1485
1486 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1487 {
1488 struct pending_cmd *cmd;
1489
1490 BT_DBG("status %u", status);
1491
1492 cmd = find_pairing(conn);
1493 if (!cmd)
1494 BT_DBG("Unable to find a pending command");
1495 else
1496 pairing_complete(cmd, status);
1497 }
1498
1499 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1500 {
1501 struct hci_dev *hdev;
1502 struct mgmt_cp_pair_device *cp = data;
1503 struct mgmt_rp_pair_device rp;
1504 struct pending_cmd *cmd;
1505 u8 sec_level, auth_type;
1506 struct hci_conn *conn;
1507 int err;
1508
1509 BT_DBG("");
1510
1511 if (len != sizeof(*cp))
1512 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1513 MGMT_STATUS_INVALID_PARAMS);
1514
1515 hdev = hci_dev_get(index);
1516 if (!hdev)
1517 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1518 MGMT_STATUS_INVALID_PARAMS);
1519
1520 hci_dev_lock(hdev);
1521
1522 sec_level = BT_SECURITY_MEDIUM;
1523 if (cp->io_cap == 0x03)
1524 auth_type = HCI_AT_DEDICATED_BONDING;
1525 else
1526 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1527
1528 if (cp->addr.type == MGMT_ADDR_BREDR)
1529 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1530 auth_type);
1531 else
1532 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1533 auth_type);
1534
1535 memset(&rp, 0, sizeof(rp));
1536 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1537 rp.addr.type = cp->addr.type;
1538
1539 if (IS_ERR(conn)) {
1540 rp.status = -PTR_ERR(conn);
1541 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1542 &rp, sizeof(rp));
1543 goto unlock;
1544 }
1545
1546 if (conn->connect_cfm_cb) {
1547 hci_conn_put(conn);
1548 rp.status = EBUSY;
1549 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1550 &rp, sizeof(rp));
1551 goto unlock;
1552 }
1553
1554 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1555 if (!cmd) {
1556 err = -ENOMEM;
1557 hci_conn_put(conn);
1558 goto unlock;
1559 }
1560
1561 /* For LE, just connecting isn't a proof that the pairing finished */
1562 if (cp->addr.type == MGMT_ADDR_BREDR)
1563 conn->connect_cfm_cb = pairing_complete_cb;
1564
1565 conn->security_cfm_cb = pairing_complete_cb;
1566 conn->disconn_cfm_cb = pairing_complete_cb;
1567 conn->io_capability = cp->io_cap;
1568 cmd->user_data = conn;
1569
1570 if (conn->state == BT_CONNECTED &&
1571 hci_conn_security(conn, sec_level, auth_type))
1572 pairing_complete(cmd, 0);
1573
1574 err = 0;
1575
1576 unlock:
1577 hci_dev_unlock(hdev);
1578 hci_dev_put(hdev);
1579
1580 return err;
1581 }
1582
1583 static int cancel_pair_device(struct sock *sk, u16 index,
1584 unsigned char *data, u16 len)
1585 {
1586 struct mgmt_addr_info *addr = (void *) data;
1587 struct hci_dev *hdev;
1588 struct pending_cmd *cmd;
1589 struct hci_conn *conn;
1590 int err;
1591
1592 BT_DBG("");
1593
1594 if (len != sizeof(*addr))
1595 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1596 MGMT_STATUS_INVALID_PARAMS);
1597
1598 hdev = hci_dev_get(index);
1599 if (!hdev)
1600 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1601 MGMT_STATUS_INVALID_PARAMS);
1602
1603 hci_dev_lock(hdev);
1604
1605 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1606 if (!cmd) {
1607 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1608 MGMT_STATUS_INVALID_PARAMS);
1609 goto unlock;
1610 }
1611
1612 conn = cmd->user_data;
1613
1614 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1615 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1616 MGMT_STATUS_INVALID_PARAMS);
1617 goto unlock;
1618 }
1619
1620 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1621
1622 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1623 sizeof(*addr));
1624 unlock:
1625 hci_dev_unlock(hdev);
1626 hci_dev_put(hdev);
1627
1628 return err;
1629 }
1630
1631 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1632 u8 type, u16 mgmt_op, u16 hci_op,
1633 __le32 passkey)
1634 {
1635 struct pending_cmd *cmd;
1636 struct hci_dev *hdev;
1637 struct hci_conn *conn;
1638 int err;
1639
1640 hdev = hci_dev_get(index);
1641 if (!hdev)
1642 return cmd_status(sk, index, mgmt_op,
1643 MGMT_STATUS_INVALID_PARAMS);
1644
1645 hci_dev_lock(hdev);
1646
1647 if (!test_bit(HCI_UP, &hdev->flags)) {
1648 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1649 goto done;
1650 }
1651
1652 if (type == MGMT_ADDR_BREDR)
1653 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1654 else
1655 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1656
1657 if (!conn) {
1658 err = cmd_status(sk, index, mgmt_op,
1659 MGMT_STATUS_NOT_CONNECTED);
1660 goto done;
1661 }
1662
1663 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
1664 /* Continue with pairing via SMP */
1665 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1666
1667 if (!err)
1668 err = cmd_status(sk, index, mgmt_op,
1669 MGMT_STATUS_SUCCESS);
1670 else
1671 err = cmd_status(sk, index, mgmt_op,
1672 MGMT_STATUS_FAILED);
1673
1674 goto done;
1675 }
1676
1677 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1678 if (!cmd) {
1679 err = -ENOMEM;
1680 goto done;
1681 }
1682
1683 /* Continue with pairing via HCI */
1684 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1685 struct hci_cp_user_passkey_reply cp;
1686
1687 bacpy(&cp.bdaddr, bdaddr);
1688 cp.passkey = passkey;
1689 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1690 } else
1691 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1692
1693 if (err < 0)
1694 mgmt_pending_remove(cmd);
1695
1696 done:
1697 hci_dev_unlock(hdev);
1698 hci_dev_put(hdev);
1699
1700 return err;
1701 }
1702
1703 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1704 {
1705 struct mgmt_cp_user_confirm_reply *cp = data;
1706
1707 BT_DBG("");
1708
1709 if (len != sizeof(*cp))
1710 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1711 MGMT_STATUS_INVALID_PARAMS);
1712
1713 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1714 MGMT_OP_USER_CONFIRM_REPLY,
1715 HCI_OP_USER_CONFIRM_REPLY, 0);
1716 }
1717
1718 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1719 u16 len)
1720 {
1721 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1722
1723 BT_DBG("");
1724
1725 if (len != sizeof(*cp))
1726 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1727 MGMT_STATUS_INVALID_PARAMS);
1728
1729 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1730 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1731 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1732 }
1733
1734 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1735 {
1736 struct mgmt_cp_user_passkey_reply *cp = data;
1737
1738 BT_DBG("");
1739
1740 if (len != sizeof(*cp))
1741 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1742 EINVAL);
1743
1744 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1745 MGMT_OP_USER_PASSKEY_REPLY,
1746 HCI_OP_USER_PASSKEY_REPLY,
1747 cp->passkey);
1748 }
1749
1750 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1751 u16 len)
1752 {
1753 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1754
1755 BT_DBG("");
1756
1757 if (len != sizeof(*cp))
1758 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1759 EINVAL);
1760
1761 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1762 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1763 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1764 }
1765
1766 static int set_local_name(struct sock *sk, u16 index, void *data,
1767 u16 len)
1768 {
1769 struct mgmt_cp_set_local_name *mgmt_cp = data;
1770 struct hci_cp_write_local_name hci_cp;
1771 struct hci_dev *hdev;
1772 struct pending_cmd *cmd;
1773 int err;
1774
1775 BT_DBG("");
1776
1777 if (len != sizeof(*mgmt_cp))
1778 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1779 MGMT_STATUS_INVALID_PARAMS);
1780
1781 hdev = hci_dev_get(index);
1782 if (!hdev)
1783 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1784 MGMT_STATUS_INVALID_PARAMS);
1785
1786 hci_dev_lock(hdev);
1787
1788 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
1789 len);
1790 if (!cmd) {
1791 err = -ENOMEM;
1792 goto failed;
1793 }
1794
1795 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1796 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1797 &hci_cp);
1798 if (err < 0)
1799 mgmt_pending_remove(cmd);
1800
1801 failed:
1802 hci_dev_unlock(hdev);
1803 hci_dev_put(hdev);
1804
1805 return err;
1806 }
1807
1808 static int read_local_oob_data(struct sock *sk, u16 index)
1809 {
1810 struct hci_dev *hdev;
1811 struct pending_cmd *cmd;
1812 int err;
1813
1814 BT_DBG("hci%u", index);
1815
1816 hdev = hci_dev_get(index);
1817 if (!hdev)
1818 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1819 MGMT_STATUS_INVALID_PARAMS);
1820
1821 hci_dev_lock(hdev);
1822
1823 if (!test_bit(HCI_UP, &hdev->flags)) {
1824 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1825 MGMT_STATUS_NOT_POWERED);
1826 goto unlock;
1827 }
1828
1829 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1830 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1831 MGMT_STATUS_NOT_SUPPORTED);
1832 goto unlock;
1833 }
1834
1835 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1836 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1837 MGMT_STATUS_BUSY);
1838 goto unlock;
1839 }
1840
1841 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1842 if (!cmd) {
1843 err = -ENOMEM;
1844 goto unlock;
1845 }
1846
1847 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1848 if (err < 0)
1849 mgmt_pending_remove(cmd);
1850
1851 unlock:
1852 hci_dev_unlock(hdev);
1853 hci_dev_put(hdev);
1854
1855 return err;
1856 }
1857
1858 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
1859 u16 len)
1860 {
1861 struct hci_dev *hdev;
1862 struct mgmt_cp_add_remote_oob_data *cp = data;
1863 int err;
1864
1865 BT_DBG("hci%u ", index);
1866
1867 if (len != sizeof(*cp))
1868 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1869 MGMT_STATUS_INVALID_PARAMS);
1870
1871 hdev = hci_dev_get(index);
1872 if (!hdev)
1873 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1874 MGMT_STATUS_INVALID_PARAMS);
1875
1876 hci_dev_lock(hdev);
1877
1878 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
1879 cp->randomizer);
1880 if (err < 0)
1881 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1882 MGMT_STATUS_FAILED);
1883 else
1884 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1885 0);
1886
1887 hci_dev_unlock(hdev);
1888 hci_dev_put(hdev);
1889
1890 return err;
1891 }
1892
1893 static int remove_remote_oob_data(struct sock *sk, u16 index,
1894 void *data, u16 len)
1895 {
1896 struct hci_dev *hdev;
1897 struct mgmt_cp_remove_remote_oob_data *cp = data;
1898 int err;
1899
1900 BT_DBG("hci%u ", index);
1901
1902 if (len != sizeof(*cp))
1903 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1904 MGMT_STATUS_INVALID_PARAMS);
1905
1906 hdev = hci_dev_get(index);
1907 if (!hdev)
1908 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1909 MGMT_STATUS_INVALID_PARAMS);
1910
1911 hci_dev_lock(hdev);
1912
1913 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
1914 if (err < 0)
1915 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1916 MGMT_STATUS_INVALID_PARAMS);
1917 else
1918 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1919 NULL, 0);
1920
1921 hci_dev_unlock(hdev);
1922 hci_dev_put(hdev);
1923
1924 return err;
1925 }
1926
1927 static int start_discovery(struct sock *sk, u16 index,
1928 void *data, u16 len)
1929 {
1930 struct mgmt_cp_start_discovery *cp = data;
1931 unsigned long discov_type = cp->type;
1932 struct pending_cmd *cmd;
1933 struct hci_dev *hdev;
1934 int err;
1935
1936 BT_DBG("hci%u", index);
1937
1938 if (len != sizeof(*cp))
1939 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1940 MGMT_STATUS_INVALID_PARAMS);
1941
1942 hdev = hci_dev_get(index);
1943 if (!hdev)
1944 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1945 MGMT_STATUS_INVALID_PARAMS);
1946
1947 hci_dev_lock(hdev);
1948
1949 if (!test_bit(HCI_UP, &hdev->flags)) {
1950 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1951 MGMT_STATUS_NOT_POWERED);
1952 goto failed;
1953 }
1954
1955 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1956 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1957 MGMT_STATUS_BUSY);
1958 goto failed;
1959 }
1960
1961 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
1962 if (!cmd) {
1963 err = -ENOMEM;
1964 goto failed;
1965 }
1966
1967 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
1968 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1969 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
1970 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
1971 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
1972 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
1973 else
1974 err = -EINVAL;
1975
1976 if (err < 0)
1977 mgmt_pending_remove(cmd);
1978 else
1979 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
1980
1981 failed:
1982 hci_dev_unlock(hdev);
1983 hci_dev_put(hdev);
1984
1985 return err;
1986 }
1987
1988 static int stop_discovery(struct sock *sk, u16 index)
1989 {
1990 struct hci_dev *hdev;
1991 struct pending_cmd *cmd;
1992 struct hci_cp_remote_name_req_cancel cp;
1993 struct inquiry_entry *e;
1994 int err;
1995
1996 BT_DBG("hci%u", index);
1997
1998 hdev = hci_dev_get(index);
1999 if (!hdev)
2000 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2001 MGMT_STATUS_INVALID_PARAMS);
2002
2003 hci_dev_lock(hdev);
2004
2005 if (!hci_discovery_active(hdev)) {
2006 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2007 MGMT_STATUS_REJECTED);
2008 goto unlock;
2009 }
2010
2011 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2012 if (!cmd) {
2013 err = -ENOMEM;
2014 goto unlock;
2015 }
2016
2017 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2018 err = hci_cancel_inquiry(hdev);
2019 if (err < 0)
2020 mgmt_pending_remove(cmd);
2021 else
2022 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2023 goto unlock;
2024 }
2025
2026 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2027 if (!e) {
2028 mgmt_pending_remove(cmd);
2029 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2030 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2031 goto unlock;
2032 }
2033
2034 bacpy(&cp.bdaddr, &e->data.bdaddr);
2035 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2036 sizeof(cp), &cp);
2037 if (err < 0)
2038 mgmt_pending_remove(cmd);
2039 else
2040 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2041
2042 unlock:
2043 hci_dev_unlock(hdev);
2044 hci_dev_put(hdev);
2045
2046 return err;
2047 }
2048
2049 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2050 {
2051 struct mgmt_cp_confirm_name *cp = data;
2052 struct inquiry_entry *e;
2053 struct hci_dev *hdev;
2054 int err;
2055
2056 BT_DBG("hci%u", index);
2057
2058 if (len != sizeof(*cp))
2059 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2060 MGMT_STATUS_INVALID_PARAMS);
2061
2062 hdev = hci_dev_get(index);
2063 if (!hdev)
2064 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2065 MGMT_STATUS_INVALID_PARAMS);
2066
2067 hci_dev_lock(hdev);
2068
2069 if (!hci_discovery_active(hdev)) {
2070 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2071 MGMT_STATUS_FAILED);
2072 goto failed;
2073 }
2074
2075 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2076 if (!e) {
2077 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2078 MGMT_STATUS_INVALID_PARAMS);
2079 goto failed;
2080 }
2081
2082 if (cp->name_known) {
2083 e->name_state = NAME_KNOWN;
2084 list_del(&e->list);
2085 } else {
2086 e->name_state = NAME_NEEDED;
2087 hci_inquiry_cache_update_resolve(hdev, e);
2088 }
2089
2090 err = 0;
2091
2092 failed:
2093 hci_dev_unlock(hdev);
2094
2095 return err;
2096 }
2097
2098 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2099 {
2100 struct hci_dev *hdev;
2101 struct mgmt_cp_block_device *cp = data;
2102 int err;
2103
2104 BT_DBG("hci%u", index);
2105
2106 if (len != sizeof(*cp))
2107 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2108 MGMT_STATUS_INVALID_PARAMS);
2109
2110 hdev = hci_dev_get(index);
2111 if (!hdev)
2112 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2113 MGMT_STATUS_INVALID_PARAMS);
2114
2115 hci_dev_lock(hdev);
2116
2117 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2118 if (err < 0)
2119 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2120 MGMT_STATUS_FAILED);
2121 else
2122 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2123 NULL, 0);
2124
2125 hci_dev_unlock(hdev);
2126 hci_dev_put(hdev);
2127
2128 return err;
2129 }
2130
2131 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2132 {
2133 struct hci_dev *hdev;
2134 struct mgmt_cp_unblock_device *cp = data;
2135 int err;
2136
2137 BT_DBG("hci%u", index);
2138
2139 if (len != sizeof(*cp))
2140 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2141 MGMT_STATUS_INVALID_PARAMS);
2142
2143 hdev = hci_dev_get(index);
2144 if (!hdev)
2145 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2146 MGMT_STATUS_INVALID_PARAMS);
2147
2148 hci_dev_lock(hdev);
2149
2150 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2151
2152 if (err < 0)
2153 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2154 MGMT_STATUS_INVALID_PARAMS);
2155 else
2156 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2157 NULL, 0);
2158
2159 hci_dev_unlock(hdev);
2160 hci_dev_put(hdev);
2161
2162 return err;
2163 }
2164
2165 static int set_fast_connectable(struct sock *sk, u16 index,
2166 void *data, u16 len)
2167 {
2168 struct hci_dev *hdev;
2169 struct mgmt_mode *cp = data;
2170 struct hci_cp_write_page_scan_activity acp;
2171 u8 type;
2172 int err;
2173
2174 BT_DBG("hci%u", index);
2175
2176 if (len != sizeof(*cp))
2177 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2178 MGMT_STATUS_INVALID_PARAMS);
2179
2180 hdev = hci_dev_get(index);
2181 if (!hdev)
2182 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2183 MGMT_STATUS_INVALID_PARAMS);
2184
2185 hci_dev_lock(hdev);
2186
2187 if (cp->val) {
2188 type = PAGE_SCAN_TYPE_INTERLACED;
2189 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2190 } else {
2191 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2192 acp.interval = 0x0800; /* default 1.28 sec page scan */
2193 }
2194
2195 acp.window = 0x0012; /* default 11.25 msec page scan window */
2196
2197 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2198 sizeof(acp), &acp);
2199 if (err < 0) {
2200 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2201 MGMT_STATUS_FAILED);
2202 goto done;
2203 }
2204
2205 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2206 if (err < 0) {
2207 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2208 MGMT_STATUS_FAILED);
2209 goto done;
2210 }
2211
2212 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2213 NULL, 0);
2214 done:
2215 hci_dev_unlock(hdev);
2216 hci_dev_put(hdev);
2217
2218 return err;
2219 }
2220
2221 static int load_long_term_keys(struct sock *sk, u16 index,
2222 void *cp_data, u16 len)
2223 {
2224 struct hci_dev *hdev;
2225 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2226 u16 key_count, expected_len;
2227 int i;
2228
2229 if (len < sizeof(*cp))
2230 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2231 EINVAL);
2232
2233 key_count = get_unaligned_le16(&cp->key_count);
2234
2235 expected_len = sizeof(*cp) + key_count *
2236 sizeof(struct mgmt_ltk_info);
2237 if (expected_len != len) {
2238 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2239 len, expected_len);
2240 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2241 EINVAL);
2242 }
2243
2244 hdev = hci_dev_get(index);
2245 if (!hdev)
2246 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2247 ENODEV);
2248
2249 BT_DBG("hci%u key_count %u", index, key_count);
2250
2251 hci_dev_lock(hdev);
2252
2253 hci_smp_ltks_clear(hdev);
2254
2255 for (i = 0; i < key_count; i++) {
2256 struct mgmt_ltk_info *key = &cp->keys[i];
2257 u8 type;
2258
2259 if (key->master)
2260 type = HCI_SMP_LTK;
2261 else
2262 type = HCI_SMP_LTK_SLAVE;
2263
2264 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2265 type, 0, key->authenticated, key->val,
2266 key->enc_size, key->ediv, key->rand);
2267 }
2268
2269 hci_dev_unlock(hdev);
2270 hci_dev_put(hdev);
2271
2272 return 0;
2273 }
2274
2275 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2276 {
2277 void *buf;
2278 u8 *cp;
2279 struct mgmt_hdr *hdr;
2280 u16 opcode, index, len;
2281 int err;
2282
2283 BT_DBG("got %zu bytes", msglen);
2284
2285 if (msglen < sizeof(*hdr))
2286 return -EINVAL;
2287
2288 buf = kmalloc(msglen, GFP_KERNEL);
2289 if (!buf)
2290 return -ENOMEM;
2291
2292 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2293 err = -EFAULT;
2294 goto done;
2295 }
2296
2297 hdr = buf;
2298 opcode = get_unaligned_le16(&hdr->opcode);
2299 index = get_unaligned_le16(&hdr->index);
2300 len = get_unaligned_le16(&hdr->len);
2301
2302 if (len != msglen - sizeof(*hdr)) {
2303 err = -EINVAL;
2304 goto done;
2305 }
2306
2307 cp = buf + sizeof(*hdr);
2308
2309 switch (opcode) {
2310 case MGMT_OP_READ_VERSION:
2311 err = read_version(sk);
2312 break;
2313 case MGMT_OP_READ_INDEX_LIST:
2314 err = read_index_list(sk);
2315 break;
2316 case MGMT_OP_READ_INFO:
2317 err = read_controller_info(sk, index);
2318 break;
2319 case MGMT_OP_SET_POWERED:
2320 err = set_powered(sk, index, cp, len);
2321 break;
2322 case MGMT_OP_SET_DISCOVERABLE:
2323 err = set_discoverable(sk, index, cp, len);
2324 break;
2325 case MGMT_OP_SET_CONNECTABLE:
2326 err = set_connectable(sk, index, cp, len);
2327 break;
2328 case MGMT_OP_SET_FAST_CONNECTABLE:
2329 err = set_fast_connectable(sk, index, cp, len);
2330 break;
2331 case MGMT_OP_SET_PAIRABLE:
2332 err = set_pairable(sk, index, cp, len);
2333 break;
2334 case MGMT_OP_ADD_UUID:
2335 err = add_uuid(sk, index, cp, len);
2336 break;
2337 case MGMT_OP_REMOVE_UUID:
2338 err = remove_uuid(sk, index, cp, len);
2339 break;
2340 case MGMT_OP_SET_DEV_CLASS:
2341 err = set_dev_class(sk, index, cp, len);
2342 break;
2343 case MGMT_OP_LOAD_LINK_KEYS:
2344 err = load_link_keys(sk, index, cp, len);
2345 break;
2346 case MGMT_OP_DISCONNECT:
2347 err = disconnect(sk, index, cp, len);
2348 break;
2349 case MGMT_OP_GET_CONNECTIONS:
2350 err = get_connections(sk, index);
2351 break;
2352 case MGMT_OP_PIN_CODE_REPLY:
2353 err = pin_code_reply(sk, index, cp, len);
2354 break;
2355 case MGMT_OP_PIN_CODE_NEG_REPLY:
2356 err = pin_code_neg_reply(sk, index, cp, len);
2357 break;
2358 case MGMT_OP_SET_IO_CAPABILITY:
2359 err = set_io_capability(sk, index, cp, len);
2360 break;
2361 case MGMT_OP_PAIR_DEVICE:
2362 err = pair_device(sk, index, cp, len);
2363 break;
2364 case MGMT_OP_CANCEL_PAIR_DEVICE:
2365 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2366 break;
2367 case MGMT_OP_UNPAIR_DEVICE:
2368 err = unpair_device(sk, index, cp, len);
2369 break;
2370 case MGMT_OP_USER_CONFIRM_REPLY:
2371 err = user_confirm_reply(sk, index, cp, len);
2372 break;
2373 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2374 err = user_confirm_neg_reply(sk, index, cp, len);
2375 break;
2376 case MGMT_OP_USER_PASSKEY_REPLY:
2377 err = user_passkey_reply(sk, index, cp, len);
2378 break;
2379 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2380 err = user_passkey_neg_reply(sk, index, cp, len);
2381 break;
2382 case MGMT_OP_SET_LOCAL_NAME:
2383 err = set_local_name(sk, index, cp, len);
2384 break;
2385 case MGMT_OP_READ_LOCAL_OOB_DATA:
2386 err = read_local_oob_data(sk, index);
2387 break;
2388 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2389 err = add_remote_oob_data(sk, index, cp, len);
2390 break;
2391 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2392 err = remove_remote_oob_data(sk, index, cp, len);
2393 break;
2394 case MGMT_OP_START_DISCOVERY:
2395 err = start_discovery(sk, index, cp, len);
2396 break;
2397 case MGMT_OP_STOP_DISCOVERY:
2398 err = stop_discovery(sk, index);
2399 break;
2400 case MGMT_OP_CONFIRM_NAME:
2401 err = confirm_name(sk, index, cp, len);
2402 break;
2403 case MGMT_OP_BLOCK_DEVICE:
2404 err = block_device(sk, index, cp, len);
2405 break;
2406 case MGMT_OP_UNBLOCK_DEVICE:
2407 err = unblock_device(sk, index, cp, len);
2408 break;
2409 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2410 err = load_long_term_keys(sk, index, cp, len);
2411 break;
2412 default:
2413 BT_DBG("Unknown op %u", opcode);
2414 err = cmd_status(sk, index, opcode,
2415 MGMT_STATUS_UNKNOWN_COMMAND);
2416 break;
2417 }
2418
2419 if (err < 0)
2420 goto done;
2421
2422 err = msglen;
2423
2424 done:
2425 kfree(buf);
2426 return err;
2427 }
2428
2429 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2430 {
2431 u8 *status = data;
2432
2433 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2434 mgmt_pending_remove(cmd);
2435 }
2436
2437 int mgmt_index_added(struct hci_dev *hdev)
2438 {
2439 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2440 }
2441
2442 int mgmt_index_removed(struct hci_dev *hdev)
2443 {
2444 u8 status = ENODEV;
2445
2446 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2447
2448 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2449 }
2450
2451 struct cmd_lookup {
2452 u8 val;
2453 struct sock *sk;
2454 struct hci_dev *hdev;
2455 };
2456
2457 static void settings_rsp(struct pending_cmd *cmd, void *data)
2458 {
2459 struct cmd_lookup *match = data;
2460
2461 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2462
2463 list_del(&cmd->list);
2464
2465 if (match->sk == NULL) {
2466 match->sk = cmd->sk;
2467 sock_hold(match->sk);
2468 }
2469
2470 mgmt_pending_free(cmd);
2471 }
2472
2473 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2474 {
2475 struct cmd_lookup match = { powered, NULL, hdev };
2476 __le32 ev;
2477 int ret;
2478
2479 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2480
2481 if (!powered) {
2482 u8 status = ENETDOWN;
2483 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2484 }
2485
2486 ev = cpu_to_le32(get_current_settings(hdev));
2487
2488 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2489 match.sk);
2490
2491 if (match.sk)
2492 sock_put(match.sk);
2493
2494 return ret;
2495 }
2496
2497 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2498 {
2499 struct cmd_lookup match = { discoverable, NULL, hdev };
2500 __le32 ev;
2501 int ret;
2502
2503 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2504
2505 ev = cpu_to_le32(get_current_settings(hdev));
2506
2507 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2508 match.sk);
2509 if (match.sk)
2510 sock_put(match.sk);
2511
2512 return ret;
2513 }
2514
2515 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2516 {
2517 __le32 ev;
2518 struct cmd_lookup match = { connectable, NULL, hdev };
2519 int ret;
2520
2521 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2522 &match);
2523
2524 ev = cpu_to_le32(get_current_settings(hdev));
2525
2526 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2527
2528 if (match.sk)
2529 sock_put(match.sk);
2530
2531 return ret;
2532 }
2533
2534 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2535 {
2536 u8 mgmt_err = mgmt_status(status);
2537
2538 if (scan & SCAN_PAGE)
2539 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2540 cmd_status_rsp, &mgmt_err);
2541
2542 if (scan & SCAN_INQUIRY)
2543 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2544 cmd_status_rsp, &mgmt_err);
2545
2546 return 0;
2547 }
2548
2549 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2550 u8 persistent)
2551 {
2552 struct mgmt_ev_new_link_key ev;
2553
2554 memset(&ev, 0, sizeof(ev));
2555
2556 ev.store_hint = persistent;
2557 bacpy(&ev.key.bdaddr, &key->bdaddr);
2558 ev.key.type = key->type;
2559 memcpy(ev.key.val, key->val, 16);
2560 ev.key.pin_len = key->pin_len;
2561
2562 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2563 }
2564
2565 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2566 {
2567 struct mgmt_ev_new_long_term_key ev;
2568
2569 memset(&ev, 0, sizeof(ev));
2570
2571 ev.store_hint = persistent;
2572 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2573 ev.key.addr.type = key->bdaddr_type;
2574 ev.key.authenticated = key->authenticated;
2575 ev.key.enc_size = key->enc_size;
2576 ev.key.ediv = key->ediv;
2577
2578 if (key->type == HCI_SMP_LTK)
2579 ev.key.master = 1;
2580
2581 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2582 memcpy(ev.key.val, key->val, sizeof(key->val));
2583
2584 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2585 &ev, sizeof(ev), NULL);
2586 }
2587
2588 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2589 u8 addr_type, u8 *name, u8 name_len,
2590 u8 *dev_class)
2591 {
2592 char buf[512];
2593 struct mgmt_ev_device_connected *ev = (void *) buf;
2594 u16 eir_len = 0;
2595
2596 bacpy(&ev->addr.bdaddr, bdaddr);
2597 ev->addr.type = link_to_mgmt(link_type, addr_type);
2598
2599 if (name_len > 0)
2600 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2601 name, name_len);
2602
2603 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2604 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2605 EIR_CLASS_OF_DEV, dev_class, 3);
2606
2607 put_unaligned_le16(eir_len, &ev->eir_len);
2608
2609 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2610 sizeof(*ev) + eir_len, NULL);
2611 }
2612
2613 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2614 {
2615 struct mgmt_cp_disconnect *cp = cmd->param;
2616 struct sock **sk = data;
2617 struct mgmt_rp_disconnect rp;
2618
2619 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2620 rp.addr.type = cp->addr.type;
2621 rp.status = 0;
2622
2623 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2624
2625 *sk = cmd->sk;
2626 sock_hold(*sk);
2627
2628 mgmt_pending_remove(cmd);
2629 }
2630
2631 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2632 {
2633 u8 *status = data;
2634 struct mgmt_cp_unpair_device *cp = cmd->param;
2635 struct mgmt_rp_unpair_device rp;
2636
2637 memset(&rp, 0, sizeof(rp));
2638 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2639 rp.addr.type = cp->addr.type;
2640 if (status != NULL)
2641 rp.status = *status;
2642
2643 cmd_complete(cmd->sk, cmd->index, MGMT_OP_UNPAIR_DEVICE, &rp,
2644 sizeof(rp));
2645
2646 mgmt_pending_remove(cmd);
2647 }
2648
2649 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2650 u8 link_type, u8 addr_type)
2651 {
2652 struct mgmt_addr_info ev;
2653 struct sock *sk = NULL;
2654 int err;
2655
2656 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2657
2658 bacpy(&ev.bdaddr, bdaddr);
2659 ev.type = link_to_mgmt(link_type, addr_type);
2660
2661 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2662 sk);
2663
2664 if (sk)
2665 sock_put(sk);
2666
2667 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2668 NULL);
2669
2670 return err;
2671 }
2672
2673 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2674 u8 link_type, u8 addr_type, u8 status)
2675 {
2676 struct mgmt_rp_disconnect rp;
2677 struct pending_cmd *cmd;
2678 int err;
2679
2680 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2681 if (!cmd)
2682 return -ENOENT;
2683
2684 bacpy(&rp.addr.bdaddr, bdaddr);
2685 rp.addr.type = link_to_mgmt(link_type, addr_type);
2686 rp.status = mgmt_status(status);
2687
2688 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2689 &rp, sizeof(rp));
2690
2691 mgmt_pending_remove(cmd);
2692
2693 return err;
2694 }
2695
2696 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2697 u8 addr_type, u8 status)
2698 {
2699 struct mgmt_ev_connect_failed ev;
2700
2701 bacpy(&ev.addr.bdaddr, bdaddr);
2702 ev.addr.type = link_to_mgmt(link_type, addr_type);
2703 ev.status = mgmt_status(status);
2704
2705 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2706 }
2707
2708 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2709 {
2710 struct mgmt_ev_pin_code_request ev;
2711
2712 bacpy(&ev.bdaddr, bdaddr);
2713 ev.secure = secure;
2714
2715 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2716 NULL);
2717 }
2718
2719 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2720 u8 status)
2721 {
2722 struct pending_cmd *cmd;
2723 struct mgmt_rp_pin_code_reply rp;
2724 int err;
2725
2726 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2727 if (!cmd)
2728 return -ENOENT;
2729
2730 bacpy(&rp.bdaddr, bdaddr);
2731 rp.status = mgmt_status(status);
2732
2733 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2734 sizeof(rp));
2735
2736 mgmt_pending_remove(cmd);
2737
2738 return err;
2739 }
2740
2741 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2742 u8 status)
2743 {
2744 struct pending_cmd *cmd;
2745 struct mgmt_rp_pin_code_reply rp;
2746 int err;
2747
2748 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2749 if (!cmd)
2750 return -ENOENT;
2751
2752 bacpy(&rp.bdaddr, bdaddr);
2753 rp.status = mgmt_status(status);
2754
2755 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2756 sizeof(rp));
2757
2758 mgmt_pending_remove(cmd);
2759
2760 return err;
2761 }
2762
2763 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2764 u8 link_type, u8 addr_type, __le32 value,
2765 u8 confirm_hint)
2766 {
2767 struct mgmt_ev_user_confirm_request ev;
2768
2769 BT_DBG("%s", hdev->name);
2770
2771 bacpy(&ev.addr.bdaddr, bdaddr);
2772 ev.addr.type = link_to_mgmt(link_type, addr_type);
2773 ev.confirm_hint = confirm_hint;
2774 put_unaligned_le32(value, &ev.value);
2775
2776 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2777 NULL);
2778 }
2779
2780 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2781 u8 link_type, u8 addr_type)
2782 {
2783 struct mgmt_ev_user_passkey_request ev;
2784
2785 BT_DBG("%s", hdev->name);
2786
2787 bacpy(&ev.addr.bdaddr, bdaddr);
2788 ev.addr.type = link_to_mgmt(link_type, addr_type);
2789
2790 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2791 NULL);
2792 }
2793
2794 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2795 u8 link_type, u8 addr_type, u8 status,
2796 u8 opcode)
2797 {
2798 struct pending_cmd *cmd;
2799 struct mgmt_rp_user_confirm_reply rp;
2800 int err;
2801
2802 cmd = mgmt_pending_find(opcode, hdev);
2803 if (!cmd)
2804 return -ENOENT;
2805
2806 bacpy(&rp.addr.bdaddr, bdaddr);
2807 rp.addr.type = link_to_mgmt(link_type, addr_type);
2808 rp.status = mgmt_status(status);
2809 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2810
2811 mgmt_pending_remove(cmd);
2812
2813 return err;
2814 }
2815
2816 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2817 u8 link_type, u8 addr_type, u8 status)
2818 {
2819 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2820 status, MGMT_OP_USER_CONFIRM_REPLY);
2821 }
2822
2823 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2824 u8 link_type, u8 addr_type, u8 status)
2825 {
2826 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2827 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
2828 }
2829
2830 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2831 u8 link_type, u8 addr_type, u8 status)
2832 {
2833 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2834 status, MGMT_OP_USER_PASSKEY_REPLY);
2835 }
2836
2837 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2838 u8 link_type, u8 addr_type, u8 status)
2839 {
2840 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2841 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
2842 }
2843
2844 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2845 {
2846 struct mgmt_ev_auth_failed ev;
2847
2848 bacpy(&ev.bdaddr, bdaddr);
2849 ev.status = mgmt_status(status);
2850
2851 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2852 }
2853
2854 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2855 {
2856 struct pending_cmd *cmd;
2857 struct mgmt_cp_set_local_name ev;
2858 int err;
2859
2860 memset(&ev, 0, sizeof(ev));
2861 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2862
2863 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2864 if (!cmd)
2865 goto send_event;
2866
2867 if (status) {
2868 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2869 mgmt_status(status));
2870 goto failed;
2871 }
2872
2873 update_eir(hdev);
2874
2875 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2876 sizeof(ev));
2877 if (err < 0)
2878 goto failed;
2879
2880 send_event:
2881 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2882 cmd ? cmd->sk : NULL);
2883
2884 failed:
2885 if (cmd)
2886 mgmt_pending_remove(cmd);
2887 return err;
2888 }
2889
2890 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2891 u8 *randomizer, u8 status)
2892 {
2893 struct pending_cmd *cmd;
2894 int err;
2895
2896 BT_DBG("%s status %u", hdev->name, status);
2897
2898 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
2899 if (!cmd)
2900 return -ENOENT;
2901
2902 if (status) {
2903 err = cmd_status(cmd->sk, hdev->id,
2904 MGMT_OP_READ_LOCAL_OOB_DATA,
2905 mgmt_status(status));
2906 } else {
2907 struct mgmt_rp_read_local_oob_data rp;
2908
2909 memcpy(rp.hash, hash, sizeof(rp.hash));
2910 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2911
2912 err = cmd_complete(cmd->sk, hdev->id,
2913 MGMT_OP_READ_LOCAL_OOB_DATA,
2914 &rp, sizeof(rp));
2915 }
2916
2917 mgmt_pending_remove(cmd);
2918
2919 return err;
2920 }
2921
2922 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2923 u8 addr_type, u8 *dev_class, s8 rssi,
2924 u8 cfm_name, u8 *eir, u16 eir_len)
2925 {
2926 char buf[512];
2927 struct mgmt_ev_device_found *ev = (void *) buf;
2928 size_t ev_size;
2929
2930 /* Leave 5 bytes for a potential CoD field */
2931 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
2932 return -EINVAL;
2933
2934 memset(buf, 0, sizeof(buf));
2935
2936 bacpy(&ev->addr.bdaddr, bdaddr);
2937 ev->addr.type = link_to_mgmt(link_type, addr_type);
2938 ev->rssi = rssi;
2939 ev->confirm_name = cfm_name;
2940
2941 if (eir_len > 0)
2942 memcpy(ev->eir, eir, eir_len);
2943
2944 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2945 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
2946 dev_class, 3);
2947
2948 put_unaligned_le16(eir_len, &ev->eir_len);
2949
2950 ev_size = sizeof(*ev) + eir_len;
2951
2952 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
2953 }
2954
2955 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2956 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
2957 {
2958 struct mgmt_ev_device_found *ev;
2959 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
2960 u16 eir_len;
2961
2962 ev = (struct mgmt_ev_device_found *) buf;
2963
2964 memset(buf, 0, sizeof(buf));
2965
2966 bacpy(&ev->addr.bdaddr, bdaddr);
2967 ev->addr.type = link_to_mgmt(link_type, addr_type);
2968 ev->rssi = rssi;
2969
2970 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
2971 name_len);
2972
2973 put_unaligned_le16(eir_len, &ev->eir_len);
2974
2975 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
2976 sizeof(*ev) + eir_len, NULL);
2977 }
2978
2979 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2980 {
2981 struct pending_cmd *cmd;
2982 int err;
2983
2984 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2985 if (!cmd)
2986 return -ENOENT;
2987
2988 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
2989 mgmt_pending_remove(cmd);
2990
2991 return err;
2992 }
2993
2994 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2995 {
2996 struct pending_cmd *cmd;
2997 int err;
2998
2999 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3000 if (!cmd)
3001 return -ENOENT;
3002
3003 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3004 mgmt_pending_remove(cmd);
3005
3006 return err;
3007 }
3008
3009 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3010 {
3011 struct pending_cmd *cmd;
3012
3013 BT_DBG("%s discovering %u", hdev->name, discovering);
3014
3015 if (discovering)
3016 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3017 else
3018 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3019
3020 if (cmd != NULL) {
3021 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
3022 mgmt_pending_remove(cmd);
3023 }
3024
3025 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
3026 sizeof(discovering), NULL);
3027 }
3028
3029 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3030 {
3031 struct pending_cmd *cmd;
3032 struct mgmt_ev_device_blocked ev;
3033
3034 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3035
3036 bacpy(&ev.addr.bdaddr, bdaddr);
3037 ev.addr.type = type;
3038
3039 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3040 cmd ? cmd->sk : NULL);
3041 }
3042
3043 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3044 {
3045 struct pending_cmd *cmd;
3046 struct mgmt_ev_device_unblocked ev;
3047
3048 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3049
3050 bacpy(&ev.addr.bdaddr, bdaddr);
3051 ev.addr.type = type;
3052
3053 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3054 cmd ? cmd->sk : NULL);
3055 }
kernel source for telekom puls (alcatel/mediatek)