projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: Remove unused member from cmd_lookup struct
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
37
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
76 };
77
78 static const u16 mgmt_events[] = {
79 MGMT_EV_CONTROLLER_ERROR,
80 MGMT_EV_INDEX_ADDED,
81 MGMT_EV_INDEX_REMOVED,
82 MGMT_EV_NEW_SETTINGS,
83 MGMT_EV_CLASS_OF_DEV_CHANGED,
84 MGMT_EV_LOCAL_NAME_CHANGED,
85 MGMT_EV_NEW_LINK_KEY,
86 MGMT_EV_NEW_LONG_TERM_KEY,
87 MGMT_EV_DEVICE_CONNECTED,
88 MGMT_EV_DEVICE_DISCONNECTED,
89 MGMT_EV_CONNECT_FAILED,
90 MGMT_EV_PIN_CODE_REQUEST,
91 MGMT_EV_USER_CONFIRM_REQUEST,
92 MGMT_EV_USER_PASSKEY_REQUEST,
93 MGMT_EV_AUTH_FAILED,
94 MGMT_EV_DEVICE_FOUND,
95 MGMT_EV_DISCOVERING,
96 MGMT_EV_DEVICE_BLOCKED,
97 MGMT_EV_DEVICE_UNBLOCKED,
98 MGMT_EV_DEVICE_UNPAIRED,
99 };
100
101 /*
102 * These LE scan and inquiry parameters were chosen according to LE General
103 * Discovery Procedure specification.
104 */
105 #define LE_SCAN_TYPE 0x01
106 #define LE_SCAN_WIN 0x12
107 #define LE_SCAN_INT 0x12
108 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
109
110 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
111
112 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
113
114 struct pending_cmd {
115 struct list_head list;
116 u16 opcode;
117 int index;
118 void *param;
119 struct sock *sk;
120 void *user_data;
121 };
122
123 /* HCI to MGMT error code conversion table */
124 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_SUCCESS,
126 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
127 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
128 MGMT_STATUS_FAILED, /* Hardware Failure */
129 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
130 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
131 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
132 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
133 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
135 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
136 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
137 MGMT_STATUS_BUSY, /* Command Disallowed */
138 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
139 MGMT_STATUS_REJECTED, /* Rejected Security */
140 MGMT_STATUS_REJECTED, /* Rejected Personal */
141 MGMT_STATUS_TIMEOUT, /* Host Timeout */
142 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
143 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
144 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
145 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
146 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
147 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
148 MGMT_STATUS_BUSY, /* Repeated Attempts */
149 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
150 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
152 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
153 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
154 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
155 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
156 MGMT_STATUS_FAILED, /* Unspecified Error */
157 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
158 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
159 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
160 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
161 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
162 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
163 MGMT_STATUS_FAILED, /* Unit Link Key Used */
164 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
165 MGMT_STATUS_TIMEOUT, /* Instant Passed */
166 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
167 MGMT_STATUS_FAILED, /* Transaction Collision */
168 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
169 MGMT_STATUS_REJECTED, /* QoS Rejected */
170 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
171 MGMT_STATUS_REJECTED, /* Insufficient Security */
172 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
173 MGMT_STATUS_BUSY, /* Role Switch Pending */
174 MGMT_STATUS_FAILED, /* Slot Violation */
175 MGMT_STATUS_FAILED, /* Role Switch Failed */
176 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
177 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
178 MGMT_STATUS_BUSY, /* Host Busy Pairing */
179 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
180 MGMT_STATUS_BUSY, /* Controller Busy */
181 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
182 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
183 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
184 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
185 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
186 };
187
188 static u8 mgmt_status(u8 hci_status)
189 {
190 if (hci_status < ARRAY_SIZE(mgmt_status_table))
191 return mgmt_status_table[hci_status];
192
193 return MGMT_STATUS_FAILED;
194 }
195
196 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
197 {
198 struct sk_buff *skb;
199 struct mgmt_hdr *hdr;
200 struct mgmt_ev_cmd_status *ev;
201 int err;
202
203 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204
205 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
206 if (!skb)
207 return -ENOMEM;
208
209 hdr = (void *) skb_put(skb, sizeof(*hdr));
210
211 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
212 hdr->index = cpu_to_le16(index);
213 hdr->len = cpu_to_le16(sizeof(*ev));
214
215 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->status = status;
217 put_unaligned_le16(cmd, &ev->opcode);
218
219 err = sock_queue_rcv_skb(sk, skb);
220 if (err < 0)
221 kfree_skb(skb);
222
223 return err;
224 }
225
226 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
227 size_t rp_len)
228 {
229 struct sk_buff *skb;
230 struct mgmt_hdr *hdr;
231 struct mgmt_ev_cmd_complete *ev;
232 int err;
233
234 BT_DBG("sock %p", sk);
235
236 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
237 if (!skb)
238 return -ENOMEM;
239
240 hdr = (void *) skb_put(skb, sizeof(*hdr));
241
242 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
243 hdr->index = cpu_to_le16(index);
244 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245
246 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
247 put_unaligned_le16(cmd, &ev->opcode);
248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
251
252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
254 kfree_skb(skb);
255
256 return err;;
257 }
258
259 static int read_version(struct sock *sk)
260 {
261 struct mgmt_rp_read_version rp;
262
263 BT_DBG("sock %p", sk);
264
265 rp.version = MGMT_VERSION;
266 put_unaligned_le16(MGMT_REVISION, &rp.revision);
267
268 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
269 sizeof(rp));
270 }
271
272 static int read_commands(struct sock *sk)
273 {
274 struct mgmt_rp_read_commands *rp;
275 u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 u16 num_events = ARRAY_SIZE(mgmt_events);
277 u16 *opcode;
278 size_t rp_size;
279 int i, err;
280
281 BT_DBG("sock %p", sk);
282
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
284
285 rp = kmalloc(rp_size, GFP_KERNEL);
286 if (!rp)
287 return -ENOMEM;
288
289 put_unaligned_le16(num_commands, &rp->num_commands);
290 put_unaligned_le16(num_events, &rp->num_events);
291
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
294
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
297
298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, rp,
299 rp_size);
300 kfree(rp);
301
302 return err;
303 }
304
305 static int read_index_list(struct sock *sk)
306 {
307 struct mgmt_rp_read_index_list *rp;
308 struct list_head *p;
309 struct hci_dev *d;
310 size_t rp_len;
311 u16 count;
312 int i, err;
313
314 BT_DBG("sock %p", sk);
315
316 read_lock(&hci_dev_list_lock);
317
318 count = 0;
319 list_for_each(p, &hci_dev_list) {
320 count++;
321 }
322
323 rp_len = sizeof(*rp) + (2 * count);
324 rp = kmalloc(rp_len, GFP_ATOMIC);
325 if (!rp) {
326 read_unlock(&hci_dev_list_lock);
327 return -ENOMEM;
328 }
329
330 put_unaligned_le16(count, &rp->num_controllers);
331
332 i = 0;
333 list_for_each_entry(d, &hci_dev_list, list) {
334 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
335 cancel_delayed_work(&d->power_off);
336
337 if (test_bit(HCI_SETUP, &d->dev_flags))
338 continue;
339
340 put_unaligned_le16(d->id, &rp->index[i++]);
341 BT_DBG("Added hci%u", d->id);
342 }
343
344 read_unlock(&hci_dev_list_lock);
345
346 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
347 rp_len);
348
349 kfree(rp);
350
351 return err;
352 }
353
354 static u32 get_supported_settings(struct hci_dev *hdev)
355 {
356 u32 settings = 0;
357
358 settings |= MGMT_SETTING_POWERED;
359 settings |= MGMT_SETTING_CONNECTABLE;
360 settings |= MGMT_SETTING_FAST_CONNECTABLE;
361 settings |= MGMT_SETTING_DISCOVERABLE;
362 settings |= MGMT_SETTING_PAIRABLE;
363
364 if (hdev->features[6] & LMP_SIMPLE_PAIR)
365 settings |= MGMT_SETTING_SSP;
366
367 if (!(hdev->features[4] & LMP_NO_BREDR)) {
368 settings |= MGMT_SETTING_BREDR;
369 settings |= MGMT_SETTING_LINK_SECURITY;
370 }
371
372 if (hdev->features[4] & LMP_LE)
373 settings |= MGMT_SETTING_LE;
374
375 return settings;
376 }
377
378 static u32 get_current_settings(struct hci_dev *hdev)
379 {
380 u32 settings = 0;
381
382 if (test_bit(HCI_UP, &hdev->flags))
383 settings |= MGMT_SETTING_POWERED;
384 else
385 return settings;
386
387 if (test_bit(HCI_PSCAN, &hdev->flags))
388 settings |= MGMT_SETTING_CONNECTABLE;
389
390 if (test_bit(HCI_ISCAN, &hdev->flags))
391 settings |= MGMT_SETTING_DISCOVERABLE;
392
393 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
394 settings |= MGMT_SETTING_PAIRABLE;
395
396 if (!(hdev->features[4] & LMP_NO_BREDR))
397 settings |= MGMT_SETTING_BREDR;
398
399 if (hdev->host_features[0] & LMP_HOST_LE)
400 settings |= MGMT_SETTING_LE;
401
402 if (test_bit(HCI_AUTH, &hdev->flags))
403 settings |= MGMT_SETTING_LINK_SECURITY;
404
405 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
406 settings |= MGMT_SETTING_SSP;
407
408 return settings;
409 }
410
411 #define PNP_INFO_SVCLASS_ID 0x1200
412
413 static u8 bluetooth_base_uuid[] = {
414 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
415 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
416 };
417
418 static u16 get_uuid16(u8 *uuid128)
419 {
420 u32 val;
421 int i;
422
423 for (i = 0; i < 12; i++) {
424 if (bluetooth_base_uuid[i] != uuid128[i])
425 return 0;
426 }
427
428 memcpy(&val, &uuid128[12], 4);
429
430 val = le32_to_cpu(val);
431 if (val > 0xffff)
432 return 0;
433
434 return (u16) val;
435 }
436
437 static void create_eir(struct hci_dev *hdev, u8 *data)
438 {
439 u8 *ptr = data;
440 u16 eir_len = 0;
441 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
442 int i, truncated = 0;
443 struct bt_uuid *uuid;
444 size_t name_len;
445
446 name_len = strlen(hdev->dev_name);
447
448 if (name_len > 0) {
449 /* EIR Data type */
450 if (name_len > 48) {
451 name_len = 48;
452 ptr[1] = EIR_NAME_SHORT;
453 } else
454 ptr[1] = EIR_NAME_COMPLETE;
455
456 /* EIR Data length */
457 ptr[0] = name_len + 1;
458
459 memcpy(ptr + 2, hdev->dev_name, name_len);
460
461 eir_len += (name_len + 2);
462 ptr += (name_len + 2);
463 }
464
465 memset(uuid16_list, 0, sizeof(uuid16_list));
466
467 /* Group all UUID16 types */
468 list_for_each_entry(uuid, &hdev->uuids, list) {
469 u16 uuid16;
470
471 uuid16 = get_uuid16(uuid->uuid);
472 if (uuid16 == 0)
473 return;
474
475 if (uuid16 < 0x1100)
476 continue;
477
478 if (uuid16 == PNP_INFO_SVCLASS_ID)
479 continue;
480
481 /* Stop if not enough space to put next UUID */
482 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
483 truncated = 1;
484 break;
485 }
486
487 /* Check for duplicates */
488 for (i = 0; uuid16_list[i] != 0; i++)
489 if (uuid16_list[i] == uuid16)
490 break;
491
492 if (uuid16_list[i] == 0) {
493 uuid16_list[i] = uuid16;
494 eir_len += sizeof(u16);
495 }
496 }
497
498 if (uuid16_list[0] != 0) {
499 u8 *length = ptr;
500
501 /* EIR Data type */
502 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
503
504 ptr += 2;
505 eir_len += 2;
506
507 for (i = 0; uuid16_list[i] != 0; i++) {
508 *ptr++ = (uuid16_list[i] & 0x00ff);
509 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
510 }
511
512 /* EIR Data length */
513 *length = (i * sizeof(u16)) + 1;
514 }
515 }
516
517 static int update_eir(struct hci_dev *hdev)
518 {
519 struct hci_cp_write_eir cp;
520
521 if (!(hdev->features[6] & LMP_EXT_INQ))
522 return 0;
523
524 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
525 return 0;
526
527 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
528 return 0;
529
530 memset(&cp, 0, sizeof(cp));
531
532 create_eir(hdev, cp.data);
533
534 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
535 return 0;
536
537 memcpy(hdev->eir, cp.data, sizeof(cp.data));
538
539 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
540 }
541
542 static u8 get_service_classes(struct hci_dev *hdev)
543 {
544 struct bt_uuid *uuid;
545 u8 val = 0;
546
547 list_for_each_entry(uuid, &hdev->uuids, list)
548 val |= uuid->svc_hint;
549
550 return val;
551 }
552
553 static int update_class(struct hci_dev *hdev)
554 {
555 u8 cod[3];
556
557 BT_DBG("%s", hdev->name);
558
559 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
560 return 0;
561
562 cod[0] = hdev->minor_class;
563 cod[1] = hdev->major_class;
564 cod[2] = get_service_classes(hdev);
565
566 if (memcmp(cod, hdev->dev_class, 3) == 0)
567 return 0;
568
569 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
570 }
571
572 static void service_cache_off(struct work_struct *work)
573 {
574 struct hci_dev *hdev = container_of(work, struct hci_dev,
575 service_cache.work);
576
577 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 return;
579
580 hci_dev_lock(hdev);
581
582 update_eir(hdev);
583 update_class(hdev);
584
585 hci_dev_unlock(hdev);
586 }
587
588 static void mgmt_init_hdev(struct hci_dev *hdev)
589 {
590 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
591 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
592
593 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
594 schedule_delayed_work(&hdev->service_cache,
595 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
596 }
597
598 static int read_controller_info(struct sock *sk, u16 index)
599 {
600 struct mgmt_rp_read_info rp;
601 struct hci_dev *hdev;
602
603 BT_DBG("sock %p hci%u", sk, index);
604
605 hdev = hci_dev_get(index);
606 if (!hdev)
607 return cmd_status(sk, index, MGMT_OP_READ_INFO,
608 MGMT_STATUS_INVALID_PARAMS);
609
610 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
611 cancel_delayed_work_sync(&hdev->power_off);
612
613 hci_dev_lock(hdev);
614
615 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
616 mgmt_init_hdev(hdev);
617
618 memset(&rp, 0, sizeof(rp));
619
620 bacpy(&rp.bdaddr, &hdev->bdaddr);
621
622 rp.version = hdev->hci_ver;
623
624 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
625
626 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
627 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
628
629 memcpy(rp.dev_class, hdev->dev_class, 3);
630
631 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
632
633 hci_dev_unlock(hdev);
634 hci_dev_put(hdev);
635
636 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
637 }
638
639 static void mgmt_pending_free(struct pending_cmd *cmd)
640 {
641 sock_put(cmd->sk);
642 kfree(cmd->param);
643 kfree(cmd);
644 }
645
646 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
647 struct hci_dev *hdev,
648 void *data, u16 len)
649 {
650 struct pending_cmd *cmd;
651
652 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
653 if (!cmd)
654 return NULL;
655
656 cmd->opcode = opcode;
657 cmd->index = hdev->id;
658
659 cmd->param = kmalloc(len, GFP_ATOMIC);
660 if (!cmd->param) {
661 kfree(cmd);
662 return NULL;
663 }
664
665 if (data)
666 memcpy(cmd->param, data, len);
667
668 cmd->sk = sk;
669 sock_hold(sk);
670
671 list_add(&cmd->list, &hdev->mgmt_pending);
672
673 return cmd;
674 }
675
676 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
677 void (*cb)(struct pending_cmd *cmd, void *data),
678 void *data)
679 {
680 struct list_head *p, *n;
681
682 list_for_each_safe(p, n, &hdev->mgmt_pending) {
683 struct pending_cmd *cmd;
684
685 cmd = list_entry(p, struct pending_cmd, list);
686
687 if (opcode > 0 && cmd->opcode != opcode)
688 continue;
689
690 cb(cmd, data);
691 }
692 }
693
694 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
695 {
696 struct pending_cmd *cmd;
697
698 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
699 if (cmd->opcode == opcode)
700 return cmd;
701 }
702
703 return NULL;
704 }
705
706 static void mgmt_pending_remove(struct pending_cmd *cmd)
707 {
708 list_del(&cmd->list);
709 mgmt_pending_free(cmd);
710 }
711
712 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
713 {
714 __le32 settings = cpu_to_le32(get_current_settings(hdev));
715
716 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
717 }
718
719 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
720 {
721 struct mgmt_mode *cp = data;
722 struct hci_dev *hdev;
723 struct pending_cmd *cmd;
724 int err, up;
725
726 BT_DBG("request for hci%u", index);
727
728 if (len != sizeof(*cp))
729 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
730 MGMT_STATUS_INVALID_PARAMS);
731
732 hdev = hci_dev_get(index);
733 if (!hdev)
734 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
735 MGMT_STATUS_INVALID_PARAMS);
736
737 hci_dev_lock(hdev);
738
739 up = test_bit(HCI_UP, &hdev->flags);
740 if ((cp->val && up) || (!cp->val && !up)) {
741 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
742 goto failed;
743 }
744
745 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
746 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
747 MGMT_STATUS_BUSY);
748 goto failed;
749 }
750
751 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
752 if (!cmd) {
753 err = -ENOMEM;
754 goto failed;
755 }
756
757 if (cp->val)
758 schedule_work(&hdev->power_on);
759 else
760 schedule_work(&hdev->power_off.work);
761
762 err = 0;
763
764 failed:
765 hci_dev_unlock(hdev);
766 hci_dev_put(hdev);
767 return err;
768 }
769
770 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
771 {
772 struct mgmt_cp_set_discoverable *cp = data;
773 struct hci_dev *hdev;
774 struct pending_cmd *cmd;
775 u8 scan;
776 int err;
777
778 BT_DBG("request for hci%u", index);
779
780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
782 MGMT_STATUS_INVALID_PARAMS);
783
784 hdev = hci_dev_get(index);
785 if (!hdev)
786 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
787 MGMT_STATUS_INVALID_PARAMS);
788
789 hci_dev_lock(hdev);
790
791 if (!test_bit(HCI_UP, &hdev->flags)) {
792 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
793 MGMT_STATUS_NOT_POWERED);
794 goto failed;
795 }
796
797 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
798 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
799 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
800 MGMT_STATUS_BUSY);
801 goto failed;
802 }
803
804 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
805 test_bit(HCI_PSCAN, &hdev->flags)) {
806 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
807 goto failed;
808 }
809
810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
811 if (!cmd) {
812 err = -ENOMEM;
813 goto failed;
814 }
815
816 scan = SCAN_PAGE;
817
818 if (cp->val)
819 scan |= SCAN_INQUIRY;
820 else
821 cancel_delayed_work(&hdev->discov_off);
822
823 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
824 if (err < 0)
825 mgmt_pending_remove(cmd);
826
827 if (cp->val)
828 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
829
830 failed:
831 hci_dev_unlock(hdev);
832 hci_dev_put(hdev);
833
834 return err;
835 }
836
837 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
838 {
839 struct mgmt_mode *cp = data;
840 struct hci_dev *hdev;
841 struct pending_cmd *cmd;
842 u8 scan;
843 int err;
844
845 BT_DBG("request for hci%u", index);
846
847 if (len != sizeof(*cp))
848 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
849 MGMT_STATUS_INVALID_PARAMS);
850
851 hdev = hci_dev_get(index);
852 if (!hdev)
853 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
854 MGMT_STATUS_INVALID_PARAMS);
855
856 hci_dev_lock(hdev);
857
858 if (!test_bit(HCI_UP, &hdev->flags)) {
859 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
860 MGMT_STATUS_NOT_POWERED);
861 goto failed;
862 }
863
864 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
865 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
866 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
867 MGMT_STATUS_BUSY);
868 goto failed;
869 }
870
871 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
872 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
873 goto failed;
874 }
875
876 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
877 if (!cmd) {
878 err = -ENOMEM;
879 goto failed;
880 }
881
882 if (cp->val)
883 scan = SCAN_PAGE;
884 else
885 scan = 0;
886
887 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
888 if (err < 0)
889 mgmt_pending_remove(cmd);
890
891 failed:
892 hci_dev_unlock(hdev);
893 hci_dev_put(hdev);
894
895 return err;
896 }
897
898 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
899 u16 data_len, struct sock *skip_sk)
900 {
901 struct sk_buff *skb;
902 struct mgmt_hdr *hdr;
903
904 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
905 if (!skb)
906 return -ENOMEM;
907
908 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
909
910 hdr = (void *) skb_put(skb, sizeof(*hdr));
911 hdr->opcode = cpu_to_le16(event);
912 if (hdev)
913 hdr->index = cpu_to_le16(hdev->id);
914 else
915 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
916 hdr->len = cpu_to_le16(data_len);
917
918 if (data)
919 memcpy(skb_put(skb, data_len), data, data_len);
920
921 hci_send_to_sock(NULL, skb, skip_sk);
922 kfree_skb(skb);
923
924 return 0;
925 }
926
927 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
928 {
929 struct mgmt_mode *cp = data;
930 struct hci_dev *hdev;
931 __le32 ev;
932 int err;
933
934 BT_DBG("request for hci%u", index);
935
936 if (len != sizeof(*cp))
937 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
938 MGMT_STATUS_INVALID_PARAMS);
939
940 hdev = hci_dev_get(index);
941 if (!hdev)
942 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
943 MGMT_STATUS_INVALID_PARAMS);
944
945 hci_dev_lock(hdev);
946
947 if (cp->val)
948 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
949 else
950 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
951
952 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
953 if (err < 0)
954 goto failed;
955
956 ev = cpu_to_le32(get_current_settings(hdev));
957
958 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
959
960 failed:
961 hci_dev_unlock(hdev);
962 hci_dev_put(hdev);
963
964 return err;
965 }
966
967 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
968 {
969 struct mgmt_cp_add_uuid *cp = data;
970 struct hci_dev *hdev;
971 struct bt_uuid *uuid;
972 int err;
973
974 BT_DBG("request for hci%u", index);
975
976 if (len != sizeof(*cp))
977 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
978 MGMT_STATUS_INVALID_PARAMS);
979
980 hdev = hci_dev_get(index);
981 if (!hdev)
982 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
983 MGMT_STATUS_INVALID_PARAMS);
984
985 hci_dev_lock(hdev);
986
987 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
988 if (!uuid) {
989 err = -ENOMEM;
990 goto failed;
991 }
992
993 memcpy(uuid->uuid, cp->uuid, 16);
994 uuid->svc_hint = cp->svc_hint;
995
996 list_add(&uuid->list, &hdev->uuids);
997
998 err = update_class(hdev);
999 if (err < 0)
1000 goto failed;
1001
1002 err = update_eir(hdev);
1003 if (err < 0)
1004 goto failed;
1005
1006 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
1007
1008 failed:
1009 hci_dev_unlock(hdev);
1010 hci_dev_put(hdev);
1011
1012 return err;
1013 }
1014
1015 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1016 {
1017 struct mgmt_cp_remove_uuid *cp = data;
1018 struct list_head *p, *n;
1019 struct hci_dev *hdev;
1020 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1021 int err, found;
1022
1023 BT_DBG("request for hci%u", index);
1024
1025 if (len != sizeof(*cp))
1026 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1027 MGMT_STATUS_INVALID_PARAMS);
1028
1029 hdev = hci_dev_get(index);
1030 if (!hdev)
1031 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1032 MGMT_STATUS_INVALID_PARAMS);
1033
1034 hci_dev_lock(hdev);
1035
1036 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1037 err = hci_uuids_clear(hdev);
1038 goto unlock;
1039 }
1040
1041 found = 0;
1042
1043 list_for_each_safe(p, n, &hdev->uuids) {
1044 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1045
1046 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1047 continue;
1048
1049 list_del(&match->list);
1050 found++;
1051 }
1052
1053 if (found == 0) {
1054 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1055 MGMT_STATUS_INVALID_PARAMS);
1056 goto unlock;
1057 }
1058
1059 err = update_class(hdev);
1060 if (err < 0)
1061 goto unlock;
1062
1063 err = update_eir(hdev);
1064 if (err < 0)
1065 goto unlock;
1066
1067 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
1068
1069 unlock:
1070 hci_dev_unlock(hdev);
1071 hci_dev_put(hdev);
1072
1073 return err;
1074 }
1075
1076 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1077 {
1078 struct hci_dev *hdev;
1079 struct mgmt_cp_set_dev_class *cp = data;
1080 int err;
1081
1082 BT_DBG("request for hci%u", index);
1083
1084 if (len != sizeof(*cp))
1085 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1086 MGMT_STATUS_INVALID_PARAMS);
1087
1088 hdev = hci_dev_get(index);
1089 if (!hdev)
1090 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1091 MGMT_STATUS_INVALID_PARAMS);
1092
1093 hci_dev_lock(hdev);
1094
1095 hdev->major_class = cp->major;
1096 hdev->minor_class = cp->minor;
1097
1098 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1099 hci_dev_unlock(hdev);
1100 cancel_delayed_work_sync(&hdev->service_cache);
1101 hci_dev_lock(hdev);
1102 update_eir(hdev);
1103 }
1104
1105 err = update_class(hdev);
1106
1107 if (err == 0)
1108 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1109
1110 hci_dev_unlock(hdev);
1111 hci_dev_put(hdev);
1112
1113 return err;
1114 }
1115
1116 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1117 {
1118 struct hci_dev *hdev;
1119 struct mgmt_cp_load_link_keys *cp = data;
1120 u16 key_count, expected_len;
1121 int i;
1122
1123 if (len < sizeof(*cp))
1124 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1125 MGMT_STATUS_INVALID_PARAMS);
1126
1127 key_count = get_unaligned_le16(&cp->key_count);
1128
1129 expected_len = sizeof(*cp) + key_count *
1130 sizeof(struct mgmt_link_key_info);
1131 if (expected_len != len) {
1132 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1133 len, expected_len);
1134 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1135 MGMT_STATUS_INVALID_PARAMS);
1136 }
1137
1138 hdev = hci_dev_get(index);
1139 if (!hdev)
1140 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1141 MGMT_STATUS_INVALID_PARAMS);
1142
1143 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1144 key_count);
1145
1146 hci_dev_lock(hdev);
1147
1148 hci_link_keys_clear(hdev);
1149
1150 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1151
1152 if (cp->debug_keys)
1153 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1154 else
1155 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1156
1157 for (i = 0; i < key_count; i++) {
1158 struct mgmt_link_key_info *key = &cp->keys[i];
1159
1160 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1161 key->pin_len);
1162 }
1163
1164 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1165
1166 hci_dev_unlock(hdev);
1167 hci_dev_put(hdev);
1168
1169 return 0;
1170 }
1171
1172 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1173 u8 addr_type, struct sock *skip_sk)
1174 {
1175 struct mgmt_ev_device_unpaired ev;
1176
1177 bacpy(&ev.addr.bdaddr, bdaddr);
1178 ev.addr.type = addr_type;
1179
1180 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1181 skip_sk);
1182 }
1183
1184 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1185 {
1186 struct hci_dev *hdev;
1187 struct mgmt_cp_unpair_device *cp = data;
1188 struct mgmt_rp_unpair_device rp;
1189 struct hci_cp_disconnect dc;
1190 struct pending_cmd *cmd;
1191 struct hci_conn *conn;
1192 int err;
1193
1194 if (len != sizeof(*cp))
1195 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1196 MGMT_STATUS_INVALID_PARAMS);
1197
1198 hdev = hci_dev_get(index);
1199 if (!hdev)
1200 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1201 MGMT_STATUS_INVALID_PARAMS);
1202
1203 hci_dev_lock(hdev);
1204
1205 memset(&rp, 0, sizeof(rp));
1206 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1207 rp.addr.type = cp->addr.type;
1208
1209 if (cp->addr.type == MGMT_ADDR_BREDR)
1210 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1211 else
1212 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1213
1214 if (err < 0) {
1215 rp.status = MGMT_STATUS_NOT_PAIRED;
1216 goto unlock;
1217 }
1218
1219 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1220 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1221 sizeof(rp));
1222 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1223 goto unlock;
1224 }
1225
1226 if (cp->addr.type == MGMT_ADDR_BREDR)
1227 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1228 &cp->addr.bdaddr);
1229 else
1230 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1231 &cp->addr.bdaddr);
1232
1233 if (!conn) {
1234 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1235 sizeof(rp));
1236 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1237 goto unlock;
1238 }
1239
1240 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1241 sizeof(*cp));
1242 if (!cmd) {
1243 err = -ENOMEM;
1244 goto unlock;
1245 }
1246
1247 put_unaligned_le16(conn->handle, &dc.handle);
1248 dc.reason = 0x13; /* Remote User Terminated Connection */
1249 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1250 if (err < 0)
1251 mgmt_pending_remove(cmd);
1252
1253 unlock:
1254 if (err < 0)
1255 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1256 sizeof(rp));
1257 hci_dev_unlock(hdev);
1258 hci_dev_put(hdev);
1259
1260 return err;
1261 }
1262
1263 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1264 {
1265 struct hci_dev *hdev;
1266 struct mgmt_cp_disconnect *cp = data;
1267 struct hci_cp_disconnect dc;
1268 struct pending_cmd *cmd;
1269 struct hci_conn *conn;
1270 int err;
1271
1272 BT_DBG("");
1273
1274 if (len != sizeof(*cp))
1275 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1276 MGMT_STATUS_INVALID_PARAMS);
1277
1278 hdev = hci_dev_get(index);
1279 if (!hdev)
1280 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1281 MGMT_STATUS_INVALID_PARAMS);
1282
1283 hci_dev_lock(hdev);
1284
1285 if (!test_bit(HCI_UP, &hdev->flags)) {
1286 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1287 MGMT_STATUS_NOT_POWERED);
1288 goto failed;
1289 }
1290
1291 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1292 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1293 MGMT_STATUS_BUSY);
1294 goto failed;
1295 }
1296
1297 if (cp->addr.type == MGMT_ADDR_BREDR)
1298 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1299 else
1300 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1301
1302 if (!conn) {
1303 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1304 MGMT_STATUS_NOT_CONNECTED);
1305 goto failed;
1306 }
1307
1308 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1309 if (!cmd) {
1310 err = -ENOMEM;
1311 goto failed;
1312 }
1313
1314 put_unaligned_le16(conn->handle, &dc.handle);
1315 dc.reason = 0x13; /* Remote User Terminated Connection */
1316
1317 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1318 if (err < 0)
1319 mgmt_pending_remove(cmd);
1320
1321 failed:
1322 hci_dev_unlock(hdev);
1323 hci_dev_put(hdev);
1324
1325 return err;
1326 }
1327
1328 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1329 {
1330 switch (link_type) {
1331 case LE_LINK:
1332 switch (addr_type) {
1333 case ADDR_LE_DEV_PUBLIC:
1334 return MGMT_ADDR_LE_PUBLIC;
1335 case ADDR_LE_DEV_RANDOM:
1336 return MGMT_ADDR_LE_RANDOM;
1337 default:
1338 return MGMT_ADDR_INVALID;
1339 }
1340 case ACL_LINK:
1341 return MGMT_ADDR_BREDR;
1342 default:
1343 return MGMT_ADDR_INVALID;
1344 }
1345 }
1346
1347 static int get_connections(struct sock *sk, u16 index)
1348 {
1349 struct mgmt_rp_get_connections *rp;
1350 struct hci_dev *hdev;
1351 struct hci_conn *c;
1352 size_t rp_len;
1353 u16 count;
1354 int i, err;
1355
1356 BT_DBG("");
1357
1358 hdev = hci_dev_get(index);
1359 if (!hdev)
1360 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1361 MGMT_STATUS_INVALID_PARAMS);
1362
1363 hci_dev_lock(hdev);
1364
1365 count = 0;
1366 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1367 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1368 count++;
1369 }
1370
1371 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1372 rp = kmalloc(rp_len, GFP_ATOMIC);
1373 if (!rp) {
1374 err = -ENOMEM;
1375 goto unlock;
1376 }
1377
1378 put_unaligned_le16(count, &rp->conn_count);
1379
1380 i = 0;
1381 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1382 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1383 continue;
1384 bacpy(&rp->addr[i].bdaddr, &c->dst);
1385 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1386 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1387 continue;
1388 i++;
1389 }
1390
1391 /* Recalculate length in case of filtered SCO connections, etc */
1392 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1393
1394 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1395
1396 unlock:
1397 kfree(rp);
1398 hci_dev_unlock(hdev);
1399 hci_dev_put(hdev);
1400 return err;
1401 }
1402
1403 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1404 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1405 {
1406 struct pending_cmd *cmd;
1407 int err;
1408
1409 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1410 sizeof(*cp));
1411 if (!cmd)
1412 return -ENOMEM;
1413
1414 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1415 &cp->bdaddr);
1416 if (err < 0)
1417 mgmt_pending_remove(cmd);
1418
1419 return err;
1420 }
1421
1422 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1423 {
1424 struct hci_dev *hdev;
1425 struct hci_conn *conn;
1426 struct mgmt_cp_pin_code_reply *cp = data;
1427 struct mgmt_cp_pin_code_neg_reply ncp;
1428 struct hci_cp_pin_code_reply reply;
1429 struct pending_cmd *cmd;
1430 int err;
1431
1432 BT_DBG("");
1433
1434 if (len != sizeof(*cp))
1435 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1436 MGMT_STATUS_INVALID_PARAMS);
1437
1438 hdev = hci_dev_get(index);
1439 if (!hdev)
1440 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1441 MGMT_STATUS_INVALID_PARAMS);
1442
1443 hci_dev_lock(hdev);
1444
1445 if (!test_bit(HCI_UP, &hdev->flags)) {
1446 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1447 MGMT_STATUS_NOT_POWERED);
1448 goto failed;
1449 }
1450
1451 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1452 if (!conn) {
1453 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1454 MGMT_STATUS_NOT_CONNECTED);
1455 goto failed;
1456 }
1457
1458 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1459 bacpy(&ncp.bdaddr, &cp->bdaddr);
1460
1461 BT_ERR("PIN code is not 16 bytes long");
1462
1463 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1464 if (err >= 0)
1465 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1466 MGMT_STATUS_INVALID_PARAMS);
1467
1468 goto failed;
1469 }
1470
1471 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1472 len);
1473 if (!cmd) {
1474 err = -ENOMEM;
1475 goto failed;
1476 }
1477
1478 bacpy(&reply.bdaddr, &cp->bdaddr);
1479 reply.pin_len = cp->pin_len;
1480 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1481
1482 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1483 if (err < 0)
1484 mgmt_pending_remove(cmd);
1485
1486 failed:
1487 hci_dev_unlock(hdev);
1488 hci_dev_put(hdev);
1489
1490 return err;
1491 }
1492
1493 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1494 {
1495 struct hci_dev *hdev;
1496 struct mgmt_cp_pin_code_neg_reply *cp = data;
1497 int err;
1498
1499 BT_DBG("");
1500
1501 if (len != sizeof(*cp))
1502 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1503 MGMT_STATUS_INVALID_PARAMS);
1504
1505 hdev = hci_dev_get(index);
1506 if (!hdev)
1507 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1508 MGMT_STATUS_INVALID_PARAMS);
1509
1510 hci_dev_lock(hdev);
1511
1512 if (!test_bit(HCI_UP, &hdev->flags)) {
1513 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1514 MGMT_STATUS_NOT_POWERED);
1515 goto failed;
1516 }
1517
1518 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1519
1520 failed:
1521 hci_dev_unlock(hdev);
1522 hci_dev_put(hdev);
1523
1524 return err;
1525 }
1526
1527 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1528 {
1529 struct hci_dev *hdev;
1530 struct mgmt_cp_set_io_capability *cp = data;
1531
1532 BT_DBG("");
1533
1534 if (len != sizeof(*cp))
1535 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1536 MGMT_STATUS_INVALID_PARAMS);
1537
1538 hdev = hci_dev_get(index);
1539 if (!hdev)
1540 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1541 MGMT_STATUS_INVALID_PARAMS);
1542
1543 hci_dev_lock(hdev);
1544
1545 hdev->io_capability = cp->io_capability;
1546
1547 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1548 hdev->io_capability);
1549
1550 hci_dev_unlock(hdev);
1551 hci_dev_put(hdev);
1552
1553 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1554 }
1555
1556 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1557 {
1558 struct hci_dev *hdev = conn->hdev;
1559 struct pending_cmd *cmd;
1560
1561 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1562 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1563 continue;
1564
1565 if (cmd->user_data != conn)
1566 continue;
1567
1568 return cmd;
1569 }
1570
1571 return NULL;
1572 }
1573
1574 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1575 {
1576 struct mgmt_rp_pair_device rp;
1577 struct hci_conn *conn = cmd->user_data;
1578
1579 bacpy(&rp.addr.bdaddr, &conn->dst);
1580 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1581 rp.status = status;
1582
1583 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1584
1585 /* So we don't get further callbacks for this connection */
1586 conn->connect_cfm_cb = NULL;
1587 conn->security_cfm_cb = NULL;
1588 conn->disconn_cfm_cb = NULL;
1589
1590 hci_conn_put(conn);
1591
1592 mgmt_pending_remove(cmd);
1593 }
1594
1595 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1596 {
1597 struct pending_cmd *cmd;
1598
1599 BT_DBG("status %u", status);
1600
1601 cmd = find_pairing(conn);
1602 if (!cmd)
1603 BT_DBG("Unable to find a pending command");
1604 else
1605 pairing_complete(cmd, status);
1606 }
1607
1608 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1609 {
1610 struct hci_dev *hdev;
1611 struct mgmt_cp_pair_device *cp = data;
1612 struct mgmt_rp_pair_device rp;
1613 struct pending_cmd *cmd;
1614 u8 sec_level, auth_type;
1615 struct hci_conn *conn;
1616 int err;
1617
1618 BT_DBG("");
1619
1620 if (len != sizeof(*cp))
1621 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1622 MGMT_STATUS_INVALID_PARAMS);
1623
1624 hdev = hci_dev_get(index);
1625 if (!hdev)
1626 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1627 MGMT_STATUS_INVALID_PARAMS);
1628
1629 hci_dev_lock(hdev);
1630
1631 sec_level = BT_SECURITY_MEDIUM;
1632 if (cp->io_cap == 0x03)
1633 auth_type = HCI_AT_DEDICATED_BONDING;
1634 else
1635 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1636
1637 if (cp->addr.type == MGMT_ADDR_BREDR)
1638 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1639 auth_type);
1640 else
1641 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1642 auth_type);
1643
1644 memset(&rp, 0, sizeof(rp));
1645 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1646 rp.addr.type = cp->addr.type;
1647
1648 if (IS_ERR(conn)) {
1649 rp.status = -PTR_ERR(conn);
1650 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1651 &rp, sizeof(rp));
1652 goto unlock;
1653 }
1654
1655 if (conn->connect_cfm_cb) {
1656 hci_conn_put(conn);
1657 rp.status = EBUSY;
1658 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1659 &rp, sizeof(rp));
1660 goto unlock;
1661 }
1662
1663 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1664 if (!cmd) {
1665 err = -ENOMEM;
1666 hci_conn_put(conn);
1667 goto unlock;
1668 }
1669
1670 /* For LE, just connecting isn't a proof that the pairing finished */
1671 if (cp->addr.type == MGMT_ADDR_BREDR)
1672 conn->connect_cfm_cb = pairing_complete_cb;
1673
1674 conn->security_cfm_cb = pairing_complete_cb;
1675 conn->disconn_cfm_cb = pairing_complete_cb;
1676 conn->io_capability = cp->io_cap;
1677 cmd->user_data = conn;
1678
1679 if (conn->state == BT_CONNECTED &&
1680 hci_conn_security(conn, sec_level, auth_type))
1681 pairing_complete(cmd, 0);
1682
1683 err = 0;
1684
1685 unlock:
1686 hci_dev_unlock(hdev);
1687 hci_dev_put(hdev);
1688
1689 return err;
1690 }
1691
1692 static int cancel_pair_device(struct sock *sk, u16 index,
1693 unsigned char *data, u16 len)
1694 {
1695 struct mgmt_addr_info *addr = (void *) data;
1696 struct hci_dev *hdev;
1697 struct pending_cmd *cmd;
1698 struct hci_conn *conn;
1699 int err;
1700
1701 BT_DBG("");
1702
1703 if (len != sizeof(*addr))
1704 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1705 MGMT_STATUS_INVALID_PARAMS);
1706
1707 hdev = hci_dev_get(index);
1708 if (!hdev)
1709 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1710 MGMT_STATUS_INVALID_PARAMS);
1711
1712 hci_dev_lock(hdev);
1713
1714 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1715 if (!cmd) {
1716 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1717 MGMT_STATUS_INVALID_PARAMS);
1718 goto unlock;
1719 }
1720
1721 conn = cmd->user_data;
1722
1723 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1724 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1725 MGMT_STATUS_INVALID_PARAMS);
1726 goto unlock;
1727 }
1728
1729 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1730
1731 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1732 sizeof(*addr));
1733 unlock:
1734 hci_dev_unlock(hdev);
1735 hci_dev_put(hdev);
1736
1737 return err;
1738 }
1739
1740 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1741 u8 type, u16 mgmt_op, u16 hci_op,
1742 __le32 passkey)
1743 {
1744 struct pending_cmd *cmd;
1745 struct hci_dev *hdev;
1746 struct hci_conn *conn;
1747 int err;
1748
1749 hdev = hci_dev_get(index);
1750 if (!hdev)
1751 return cmd_status(sk, index, mgmt_op,
1752 MGMT_STATUS_INVALID_PARAMS);
1753
1754 hci_dev_lock(hdev);
1755
1756 if (!test_bit(HCI_UP, &hdev->flags)) {
1757 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1758 goto done;
1759 }
1760
1761 if (type == MGMT_ADDR_BREDR)
1762 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1763 else
1764 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1765
1766 if (!conn) {
1767 err = cmd_status(sk, index, mgmt_op,
1768 MGMT_STATUS_NOT_CONNECTED);
1769 goto done;
1770 }
1771
1772 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
1773 /* Continue with pairing via SMP */
1774 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1775
1776 if (!err)
1777 err = cmd_status(sk, index, mgmt_op,
1778 MGMT_STATUS_SUCCESS);
1779 else
1780 err = cmd_status(sk, index, mgmt_op,
1781 MGMT_STATUS_FAILED);
1782
1783 goto done;
1784 }
1785
1786 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1787 if (!cmd) {
1788 err = -ENOMEM;
1789 goto done;
1790 }
1791
1792 /* Continue with pairing via HCI */
1793 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1794 struct hci_cp_user_passkey_reply cp;
1795
1796 bacpy(&cp.bdaddr, bdaddr);
1797 cp.passkey = passkey;
1798 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1799 } else
1800 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1801
1802 if (err < 0)
1803 mgmt_pending_remove(cmd);
1804
1805 done:
1806 hci_dev_unlock(hdev);
1807 hci_dev_put(hdev);
1808
1809 return err;
1810 }
1811
1812 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1813 {
1814 struct mgmt_cp_user_confirm_reply *cp = data;
1815
1816 BT_DBG("");
1817
1818 if (len != sizeof(*cp))
1819 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1820 MGMT_STATUS_INVALID_PARAMS);
1821
1822 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1823 MGMT_OP_USER_CONFIRM_REPLY,
1824 HCI_OP_USER_CONFIRM_REPLY, 0);
1825 }
1826
1827 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1828 u16 len)
1829 {
1830 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1831
1832 BT_DBG("");
1833
1834 if (len != sizeof(*cp))
1835 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1836 MGMT_STATUS_INVALID_PARAMS);
1837
1838 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1839 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1840 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1841 }
1842
1843 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1844 {
1845 struct mgmt_cp_user_passkey_reply *cp = data;
1846
1847 BT_DBG("");
1848
1849 if (len != sizeof(*cp))
1850 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1851 EINVAL);
1852
1853 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1854 MGMT_OP_USER_PASSKEY_REPLY,
1855 HCI_OP_USER_PASSKEY_REPLY,
1856 cp->passkey);
1857 }
1858
1859 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1860 u16 len)
1861 {
1862 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1863
1864 BT_DBG("");
1865
1866 if (len != sizeof(*cp))
1867 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1868 EINVAL);
1869
1870 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1871 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1872 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1873 }
1874
1875 static int set_local_name(struct sock *sk, u16 index, void *data,
1876 u16 len)
1877 {
1878 struct mgmt_cp_set_local_name *mgmt_cp = data;
1879 struct hci_cp_write_local_name hci_cp;
1880 struct hci_dev *hdev;
1881 struct pending_cmd *cmd;
1882 int err;
1883
1884 BT_DBG("");
1885
1886 if (len != sizeof(*mgmt_cp))
1887 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1888 MGMT_STATUS_INVALID_PARAMS);
1889
1890 hdev = hci_dev_get(index);
1891 if (!hdev)
1892 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1893 MGMT_STATUS_INVALID_PARAMS);
1894
1895 hci_dev_lock(hdev);
1896
1897 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
1898 len);
1899 if (!cmd) {
1900 err = -ENOMEM;
1901 goto failed;
1902 }
1903
1904 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1905 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1906 &hci_cp);
1907 if (err < 0)
1908 mgmt_pending_remove(cmd);
1909
1910 failed:
1911 hci_dev_unlock(hdev);
1912 hci_dev_put(hdev);
1913
1914 return err;
1915 }
1916
1917 static int read_local_oob_data(struct sock *sk, u16 index)
1918 {
1919 struct hci_dev *hdev;
1920 struct pending_cmd *cmd;
1921 int err;
1922
1923 BT_DBG("hci%u", index);
1924
1925 hdev = hci_dev_get(index);
1926 if (!hdev)
1927 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1928 MGMT_STATUS_INVALID_PARAMS);
1929
1930 hci_dev_lock(hdev);
1931
1932 if (!test_bit(HCI_UP, &hdev->flags)) {
1933 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1934 MGMT_STATUS_NOT_POWERED);
1935 goto unlock;
1936 }
1937
1938 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1939 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1940 MGMT_STATUS_NOT_SUPPORTED);
1941 goto unlock;
1942 }
1943
1944 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
1945 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1946 MGMT_STATUS_BUSY);
1947 goto unlock;
1948 }
1949
1950 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
1951 if (!cmd) {
1952 err = -ENOMEM;
1953 goto unlock;
1954 }
1955
1956 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1957 if (err < 0)
1958 mgmt_pending_remove(cmd);
1959
1960 unlock:
1961 hci_dev_unlock(hdev);
1962 hci_dev_put(hdev);
1963
1964 return err;
1965 }
1966
1967 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
1968 u16 len)
1969 {
1970 struct hci_dev *hdev;
1971 struct mgmt_cp_add_remote_oob_data *cp = data;
1972 int err;
1973
1974 BT_DBG("hci%u ", index);
1975
1976 if (len != sizeof(*cp))
1977 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1978 MGMT_STATUS_INVALID_PARAMS);
1979
1980 hdev = hci_dev_get(index);
1981 if (!hdev)
1982 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1983 MGMT_STATUS_INVALID_PARAMS);
1984
1985 hci_dev_lock(hdev);
1986
1987 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
1988 cp->randomizer);
1989 if (err < 0)
1990 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1991 MGMT_STATUS_FAILED);
1992 else
1993 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1994 0);
1995
1996 hci_dev_unlock(hdev);
1997 hci_dev_put(hdev);
1998
1999 return err;
2000 }
2001
2002 static int remove_remote_oob_data(struct sock *sk, u16 index,
2003 void *data, u16 len)
2004 {
2005 struct hci_dev *hdev;
2006 struct mgmt_cp_remove_remote_oob_data *cp = data;
2007 int err;
2008
2009 BT_DBG("hci%u ", index);
2010
2011 if (len != sizeof(*cp))
2012 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2013 MGMT_STATUS_INVALID_PARAMS);
2014
2015 hdev = hci_dev_get(index);
2016 if (!hdev)
2017 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2018 MGMT_STATUS_INVALID_PARAMS);
2019
2020 hci_dev_lock(hdev);
2021
2022 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2023 if (err < 0)
2024 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2025 MGMT_STATUS_INVALID_PARAMS);
2026 else
2027 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2028 NULL, 0);
2029
2030 hci_dev_unlock(hdev);
2031 hci_dev_put(hdev);
2032
2033 return err;
2034 }
2035
2036 static int start_discovery(struct sock *sk, u16 index,
2037 void *data, u16 len)
2038 {
2039 struct mgmt_cp_start_discovery *cp = data;
2040 unsigned long discov_type = cp->type;
2041 struct pending_cmd *cmd;
2042 struct hci_dev *hdev;
2043 int err;
2044
2045 BT_DBG("hci%u", index);
2046
2047 if (len != sizeof(*cp))
2048 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2049 MGMT_STATUS_INVALID_PARAMS);
2050
2051 hdev = hci_dev_get(index);
2052 if (!hdev)
2053 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2054 MGMT_STATUS_INVALID_PARAMS);
2055
2056 hci_dev_lock(hdev);
2057
2058 if (!test_bit(HCI_UP, &hdev->flags)) {
2059 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2060 MGMT_STATUS_NOT_POWERED);
2061 goto failed;
2062 }
2063
2064 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2065 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2066 MGMT_STATUS_BUSY);
2067 goto failed;
2068 }
2069
2070 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2071 if (!cmd) {
2072 err = -ENOMEM;
2073 goto failed;
2074 }
2075
2076 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
2077 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2078 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
2079 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
2080 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2081 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2082 else
2083 err = -EINVAL;
2084
2085 if (err < 0)
2086 mgmt_pending_remove(cmd);
2087 else
2088 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2089
2090 failed:
2091 hci_dev_unlock(hdev);
2092 hci_dev_put(hdev);
2093
2094 return err;
2095 }
2096
2097 static int stop_discovery(struct sock *sk, u16 index)
2098 {
2099 struct hci_dev *hdev;
2100 struct pending_cmd *cmd;
2101 struct hci_cp_remote_name_req_cancel cp;
2102 struct inquiry_entry *e;
2103 int err;
2104
2105 BT_DBG("hci%u", index);
2106
2107 hdev = hci_dev_get(index);
2108 if (!hdev)
2109 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2110 MGMT_STATUS_INVALID_PARAMS);
2111
2112 hci_dev_lock(hdev);
2113
2114 if (!hci_discovery_active(hdev)) {
2115 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2116 MGMT_STATUS_REJECTED);
2117 goto unlock;
2118 }
2119
2120 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2121 if (!cmd) {
2122 err = -ENOMEM;
2123 goto unlock;
2124 }
2125
2126 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2127 err = hci_cancel_inquiry(hdev);
2128 if (err < 0)
2129 mgmt_pending_remove(cmd);
2130 else
2131 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2132 goto unlock;
2133 }
2134
2135 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2136 if (!e) {
2137 mgmt_pending_remove(cmd);
2138 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2139 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2140 goto unlock;
2141 }
2142
2143 bacpy(&cp.bdaddr, &e->data.bdaddr);
2144 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2145 sizeof(cp), &cp);
2146 if (err < 0)
2147 mgmt_pending_remove(cmd);
2148 else
2149 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2150
2151 unlock:
2152 hci_dev_unlock(hdev);
2153 hci_dev_put(hdev);
2154
2155 return err;
2156 }
2157
2158 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2159 {
2160 struct mgmt_cp_confirm_name *cp = data;
2161 struct inquiry_entry *e;
2162 struct hci_dev *hdev;
2163 int err;
2164
2165 BT_DBG("hci%u", index);
2166
2167 if (len != sizeof(*cp))
2168 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2169 MGMT_STATUS_INVALID_PARAMS);
2170
2171 hdev = hci_dev_get(index);
2172 if (!hdev)
2173 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2174 MGMT_STATUS_INVALID_PARAMS);
2175
2176 hci_dev_lock(hdev);
2177
2178 if (!hci_discovery_active(hdev)) {
2179 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2180 MGMT_STATUS_FAILED);
2181 goto failed;
2182 }
2183
2184 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2185 if (!e) {
2186 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2187 MGMT_STATUS_INVALID_PARAMS);
2188 goto failed;
2189 }
2190
2191 if (cp->name_known) {
2192 e->name_state = NAME_KNOWN;
2193 list_del(&e->list);
2194 } else {
2195 e->name_state = NAME_NEEDED;
2196 hci_inquiry_cache_update_resolve(hdev, e);
2197 }
2198
2199 err = 0;
2200
2201 failed:
2202 hci_dev_unlock(hdev);
2203
2204 return err;
2205 }
2206
2207 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2208 {
2209 struct hci_dev *hdev;
2210 struct mgmt_cp_block_device *cp = data;
2211 int err;
2212
2213 BT_DBG("hci%u", index);
2214
2215 if (len != sizeof(*cp))
2216 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2217 MGMT_STATUS_INVALID_PARAMS);
2218
2219 hdev = hci_dev_get(index);
2220 if (!hdev)
2221 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2222 MGMT_STATUS_INVALID_PARAMS);
2223
2224 hci_dev_lock(hdev);
2225
2226 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2227 if (err < 0)
2228 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2229 MGMT_STATUS_FAILED);
2230 else
2231 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2232 NULL, 0);
2233
2234 hci_dev_unlock(hdev);
2235 hci_dev_put(hdev);
2236
2237 return err;
2238 }
2239
2240 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2241 {
2242 struct hci_dev *hdev;
2243 struct mgmt_cp_unblock_device *cp = data;
2244 int err;
2245
2246 BT_DBG("hci%u", index);
2247
2248 if (len != sizeof(*cp))
2249 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2250 MGMT_STATUS_INVALID_PARAMS);
2251
2252 hdev = hci_dev_get(index);
2253 if (!hdev)
2254 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2255 MGMT_STATUS_INVALID_PARAMS);
2256
2257 hci_dev_lock(hdev);
2258
2259 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2260
2261 if (err < 0)
2262 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2263 MGMT_STATUS_INVALID_PARAMS);
2264 else
2265 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2266 NULL, 0);
2267
2268 hci_dev_unlock(hdev);
2269 hci_dev_put(hdev);
2270
2271 return err;
2272 }
2273
2274 static int set_fast_connectable(struct sock *sk, u16 index,
2275 void *data, u16 len)
2276 {
2277 struct hci_dev *hdev;
2278 struct mgmt_mode *cp = data;
2279 struct hci_cp_write_page_scan_activity acp;
2280 u8 type;
2281 int err;
2282
2283 BT_DBG("hci%u", index);
2284
2285 if (len != sizeof(*cp))
2286 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2287 MGMT_STATUS_INVALID_PARAMS);
2288
2289 hdev = hci_dev_get(index);
2290 if (!hdev)
2291 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2292 MGMT_STATUS_INVALID_PARAMS);
2293
2294 hci_dev_lock(hdev);
2295
2296 if (cp->val) {
2297 type = PAGE_SCAN_TYPE_INTERLACED;
2298 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2299 } else {
2300 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2301 acp.interval = 0x0800; /* default 1.28 sec page scan */
2302 }
2303
2304 acp.window = 0x0012; /* default 11.25 msec page scan window */
2305
2306 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2307 sizeof(acp), &acp);
2308 if (err < 0) {
2309 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2310 MGMT_STATUS_FAILED);
2311 goto done;
2312 }
2313
2314 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2315 if (err < 0) {
2316 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2317 MGMT_STATUS_FAILED);
2318 goto done;
2319 }
2320
2321 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2322 NULL, 0);
2323 done:
2324 hci_dev_unlock(hdev);
2325 hci_dev_put(hdev);
2326
2327 return err;
2328 }
2329
2330 static int load_long_term_keys(struct sock *sk, u16 index,
2331 void *cp_data, u16 len)
2332 {
2333 struct hci_dev *hdev;
2334 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2335 u16 key_count, expected_len;
2336 int i;
2337
2338 if (len < sizeof(*cp))
2339 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2340 EINVAL);
2341
2342 key_count = get_unaligned_le16(&cp->key_count);
2343
2344 expected_len = sizeof(*cp) + key_count *
2345 sizeof(struct mgmt_ltk_info);
2346 if (expected_len != len) {
2347 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2348 len, expected_len);
2349 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2350 EINVAL);
2351 }
2352
2353 hdev = hci_dev_get(index);
2354 if (!hdev)
2355 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2356 ENODEV);
2357
2358 BT_DBG("hci%u key_count %u", index, key_count);
2359
2360 hci_dev_lock(hdev);
2361
2362 hci_smp_ltks_clear(hdev);
2363
2364 for (i = 0; i < key_count; i++) {
2365 struct mgmt_ltk_info *key = &cp->keys[i];
2366 u8 type;
2367
2368 if (key->master)
2369 type = HCI_SMP_LTK;
2370 else
2371 type = HCI_SMP_LTK_SLAVE;
2372
2373 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2374 type, 0, key->authenticated, key->val,
2375 key->enc_size, key->ediv, key->rand);
2376 }
2377
2378 hci_dev_unlock(hdev);
2379 hci_dev_put(hdev);
2380
2381 return 0;
2382 }
2383
2384 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2385 {
2386 void *buf;
2387 u8 *cp;
2388 struct mgmt_hdr *hdr;
2389 u16 opcode, index, len;
2390 int err;
2391
2392 BT_DBG("got %zu bytes", msglen);
2393
2394 if (msglen < sizeof(*hdr))
2395 return -EINVAL;
2396
2397 buf = kmalloc(msglen, GFP_KERNEL);
2398 if (!buf)
2399 return -ENOMEM;
2400
2401 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2402 err = -EFAULT;
2403 goto done;
2404 }
2405
2406 hdr = buf;
2407 opcode = get_unaligned_le16(&hdr->opcode);
2408 index = get_unaligned_le16(&hdr->index);
2409 len = get_unaligned_le16(&hdr->len);
2410
2411 if (len != msglen - sizeof(*hdr)) {
2412 err = -EINVAL;
2413 goto done;
2414 }
2415
2416 cp = buf + sizeof(*hdr);
2417
2418 switch (opcode) {
2419 case MGMT_OP_READ_VERSION:
2420 err = read_version(sk);
2421 break;
2422 case MGMT_OP_READ_COMMANDS:
2423 err = read_commands(sk);
2424 break;
2425 case MGMT_OP_READ_INDEX_LIST:
2426 err = read_index_list(sk);
2427 break;
2428 case MGMT_OP_READ_INFO:
2429 err = read_controller_info(sk, index);
2430 break;
2431 case MGMT_OP_SET_POWERED:
2432 err = set_powered(sk, index, cp, len);
2433 break;
2434 case MGMT_OP_SET_DISCOVERABLE:
2435 err = set_discoverable(sk, index, cp, len);
2436 break;
2437 case MGMT_OP_SET_CONNECTABLE:
2438 err = set_connectable(sk, index, cp, len);
2439 break;
2440 case MGMT_OP_SET_FAST_CONNECTABLE:
2441 err = set_fast_connectable(sk, index, cp, len);
2442 break;
2443 case MGMT_OP_SET_PAIRABLE:
2444 err = set_pairable(sk, index, cp, len);
2445 break;
2446 case MGMT_OP_ADD_UUID:
2447 err = add_uuid(sk, index, cp, len);
2448 break;
2449 case MGMT_OP_REMOVE_UUID:
2450 err = remove_uuid(sk, index, cp, len);
2451 break;
2452 case MGMT_OP_SET_DEV_CLASS:
2453 err = set_dev_class(sk, index, cp, len);
2454 break;
2455 case MGMT_OP_LOAD_LINK_KEYS:
2456 err = load_link_keys(sk, index, cp, len);
2457 break;
2458 case MGMT_OP_DISCONNECT:
2459 err = disconnect(sk, index, cp, len);
2460 break;
2461 case MGMT_OP_GET_CONNECTIONS:
2462 err = get_connections(sk, index);
2463 break;
2464 case MGMT_OP_PIN_CODE_REPLY:
2465 err = pin_code_reply(sk, index, cp, len);
2466 break;
2467 case MGMT_OP_PIN_CODE_NEG_REPLY:
2468 err = pin_code_neg_reply(sk, index, cp, len);
2469 break;
2470 case MGMT_OP_SET_IO_CAPABILITY:
2471 err = set_io_capability(sk, index, cp, len);
2472 break;
2473 case MGMT_OP_PAIR_DEVICE:
2474 err = pair_device(sk, index, cp, len);
2475 break;
2476 case MGMT_OP_CANCEL_PAIR_DEVICE:
2477 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2478 break;
2479 case MGMT_OP_UNPAIR_DEVICE:
2480 err = unpair_device(sk, index, cp, len);
2481 break;
2482 case MGMT_OP_USER_CONFIRM_REPLY:
2483 err = user_confirm_reply(sk, index, cp, len);
2484 break;
2485 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2486 err = user_confirm_neg_reply(sk, index, cp, len);
2487 break;
2488 case MGMT_OP_USER_PASSKEY_REPLY:
2489 err = user_passkey_reply(sk, index, cp, len);
2490 break;
2491 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2492 err = user_passkey_neg_reply(sk, index, cp, len);
2493 break;
2494 case MGMT_OP_SET_LOCAL_NAME:
2495 err = set_local_name(sk, index, cp, len);
2496 break;
2497 case MGMT_OP_READ_LOCAL_OOB_DATA:
2498 err = read_local_oob_data(sk, index);
2499 break;
2500 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2501 err = add_remote_oob_data(sk, index, cp, len);
2502 break;
2503 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2504 err = remove_remote_oob_data(sk, index, cp, len);
2505 break;
2506 case MGMT_OP_START_DISCOVERY:
2507 err = start_discovery(sk, index, cp, len);
2508 break;
2509 case MGMT_OP_STOP_DISCOVERY:
2510 err = stop_discovery(sk, index);
2511 break;
2512 case MGMT_OP_CONFIRM_NAME:
2513 err = confirm_name(sk, index, cp, len);
2514 break;
2515 case MGMT_OP_BLOCK_DEVICE:
2516 err = block_device(sk, index, cp, len);
2517 break;
2518 case MGMT_OP_UNBLOCK_DEVICE:
2519 err = unblock_device(sk, index, cp, len);
2520 break;
2521 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2522 err = load_long_term_keys(sk, index, cp, len);
2523 break;
2524 default:
2525 BT_DBG("Unknown op %u", opcode);
2526 err = cmd_status(sk, index, opcode,
2527 MGMT_STATUS_UNKNOWN_COMMAND);
2528 break;
2529 }
2530
2531 if (err < 0)
2532 goto done;
2533
2534 err = msglen;
2535
2536 done:
2537 kfree(buf);
2538 return err;
2539 }
2540
2541 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2542 {
2543 u8 *status = data;
2544
2545 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2546 mgmt_pending_remove(cmd);
2547 }
2548
2549 int mgmt_index_added(struct hci_dev *hdev)
2550 {
2551 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2552 }
2553
2554 int mgmt_index_removed(struct hci_dev *hdev)
2555 {
2556 u8 status = ENODEV;
2557
2558 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2559
2560 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2561 }
2562
2563 struct cmd_lookup {
2564 struct sock *sk;
2565 struct hci_dev *hdev;
2566 };
2567
2568 static void settings_rsp(struct pending_cmd *cmd, void *data)
2569 {
2570 struct cmd_lookup *match = data;
2571
2572 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2573
2574 list_del(&cmd->list);
2575
2576 if (match->sk == NULL) {
2577 match->sk = cmd->sk;
2578 sock_hold(match->sk);
2579 }
2580
2581 mgmt_pending_free(cmd);
2582 }
2583
2584 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2585 {
2586 struct cmd_lookup match = { NULL, hdev };
2587 __le32 ev;
2588 int ret;
2589
2590 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2591
2592 if (!powered) {
2593 u8 status = ENETDOWN;
2594 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2595 }
2596
2597 ev = cpu_to_le32(get_current_settings(hdev));
2598
2599 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2600 match.sk);
2601
2602 if (match.sk)
2603 sock_put(match.sk);
2604
2605 return ret;
2606 }
2607
2608 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2609 {
2610 struct cmd_lookup match = { NULL, hdev };
2611 __le32 ev;
2612 int ret;
2613
2614 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2615
2616 ev = cpu_to_le32(get_current_settings(hdev));
2617
2618 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2619 match.sk);
2620 if (match.sk)
2621 sock_put(match.sk);
2622
2623 return ret;
2624 }
2625
2626 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2627 {
2628 __le32 ev;
2629 struct cmd_lookup match = { NULL, hdev };
2630 int ret;
2631
2632 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2633 &match);
2634
2635 ev = cpu_to_le32(get_current_settings(hdev));
2636
2637 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2638
2639 if (match.sk)
2640 sock_put(match.sk);
2641
2642 return ret;
2643 }
2644
2645 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2646 {
2647 u8 mgmt_err = mgmt_status(status);
2648
2649 if (scan & SCAN_PAGE)
2650 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2651 cmd_status_rsp, &mgmt_err);
2652
2653 if (scan & SCAN_INQUIRY)
2654 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2655 cmd_status_rsp, &mgmt_err);
2656
2657 return 0;
2658 }
2659
2660 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2661 u8 persistent)
2662 {
2663 struct mgmt_ev_new_link_key ev;
2664
2665 memset(&ev, 0, sizeof(ev));
2666
2667 ev.store_hint = persistent;
2668 bacpy(&ev.key.bdaddr, &key->bdaddr);
2669 ev.key.type = key->type;
2670 memcpy(ev.key.val, key->val, 16);
2671 ev.key.pin_len = key->pin_len;
2672
2673 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2674 }
2675
2676 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2677 {
2678 struct mgmt_ev_new_long_term_key ev;
2679
2680 memset(&ev, 0, sizeof(ev));
2681
2682 ev.store_hint = persistent;
2683 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2684 ev.key.addr.type = key->bdaddr_type;
2685 ev.key.authenticated = key->authenticated;
2686 ev.key.enc_size = key->enc_size;
2687 ev.key.ediv = key->ediv;
2688
2689 if (key->type == HCI_SMP_LTK)
2690 ev.key.master = 1;
2691
2692 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2693 memcpy(ev.key.val, key->val, sizeof(key->val));
2694
2695 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2696 &ev, sizeof(ev), NULL);
2697 }
2698
2699 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2700 u8 addr_type, u8 *name, u8 name_len,
2701 u8 *dev_class)
2702 {
2703 char buf[512];
2704 struct mgmt_ev_device_connected *ev = (void *) buf;
2705 u16 eir_len = 0;
2706
2707 bacpy(&ev->addr.bdaddr, bdaddr);
2708 ev->addr.type = link_to_mgmt(link_type, addr_type);
2709
2710 if (name_len > 0)
2711 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2712 name, name_len);
2713
2714 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2715 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2716 EIR_CLASS_OF_DEV, dev_class, 3);
2717
2718 put_unaligned_le16(eir_len, &ev->eir_len);
2719
2720 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2721 sizeof(*ev) + eir_len, NULL);
2722 }
2723
2724 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2725 {
2726 struct mgmt_cp_disconnect *cp = cmd->param;
2727 struct sock **sk = data;
2728 struct mgmt_rp_disconnect rp;
2729
2730 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2731 rp.addr.type = cp->addr.type;
2732 rp.status = 0;
2733
2734 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2735
2736 *sk = cmd->sk;
2737 sock_hold(*sk);
2738
2739 mgmt_pending_remove(cmd);
2740 }
2741
2742 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2743 {
2744 struct hci_dev *hdev = data;
2745 struct mgmt_cp_unpair_device *cp = cmd->param;
2746 struct mgmt_rp_unpair_device rp;
2747
2748 memset(&rp, 0, sizeof(rp));
2749 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2750 rp.addr.type = cp->addr.type;
2751
2752 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2753
2754 cmd_complete(cmd->sk, cmd->index, cmd->opcode, &rp, sizeof(rp));
2755
2756 mgmt_pending_remove(cmd);
2757 }
2758
2759 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2760 u8 link_type, u8 addr_type)
2761 {
2762 struct mgmt_addr_info ev;
2763 struct sock *sk = NULL;
2764 int err;
2765
2766 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2767
2768 bacpy(&ev.bdaddr, bdaddr);
2769 ev.type = link_to_mgmt(link_type, addr_type);
2770
2771 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2772 sk);
2773
2774 if (sk)
2775 sock_put(sk);
2776
2777 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2778 hdev);
2779
2780 return err;
2781 }
2782
2783 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2784 u8 link_type, u8 addr_type, u8 status)
2785 {
2786 struct mgmt_rp_disconnect rp;
2787 struct pending_cmd *cmd;
2788 int err;
2789
2790 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2791 if (!cmd)
2792 return -ENOENT;
2793
2794 bacpy(&rp.addr.bdaddr, bdaddr);
2795 rp.addr.type = link_to_mgmt(link_type, addr_type);
2796 rp.status = mgmt_status(status);
2797
2798 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2799 &rp, sizeof(rp));
2800
2801 mgmt_pending_remove(cmd);
2802
2803 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2804 hdev);
2805 return err;
2806 }
2807
2808 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2809 u8 addr_type, u8 status)
2810 {
2811 struct mgmt_ev_connect_failed ev;
2812
2813 bacpy(&ev.addr.bdaddr, bdaddr);
2814 ev.addr.type = link_to_mgmt(link_type, addr_type);
2815 ev.status = mgmt_status(status);
2816
2817 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2818 }
2819
2820 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2821 {
2822 struct mgmt_ev_pin_code_request ev;
2823
2824 bacpy(&ev.bdaddr, bdaddr);
2825 ev.secure = secure;
2826
2827 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2828 NULL);
2829 }
2830
2831 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2832 u8 status)
2833 {
2834 struct pending_cmd *cmd;
2835 struct mgmt_rp_pin_code_reply rp;
2836 int err;
2837
2838 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2839 if (!cmd)
2840 return -ENOENT;
2841
2842 bacpy(&rp.bdaddr, bdaddr);
2843 rp.status = mgmt_status(status);
2844
2845 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2846 sizeof(rp));
2847
2848 mgmt_pending_remove(cmd);
2849
2850 return err;
2851 }
2852
2853 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2854 u8 status)
2855 {
2856 struct pending_cmd *cmd;
2857 struct mgmt_rp_pin_code_reply rp;
2858 int err;
2859
2860 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2861 if (!cmd)
2862 return -ENOENT;
2863
2864 bacpy(&rp.bdaddr, bdaddr);
2865 rp.status = mgmt_status(status);
2866
2867 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2868 sizeof(rp));
2869
2870 mgmt_pending_remove(cmd);
2871
2872 return err;
2873 }
2874
2875 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2876 u8 link_type, u8 addr_type, __le32 value,
2877 u8 confirm_hint)
2878 {
2879 struct mgmt_ev_user_confirm_request ev;
2880
2881 BT_DBG("%s", hdev->name);
2882
2883 bacpy(&ev.addr.bdaddr, bdaddr);
2884 ev.addr.type = link_to_mgmt(link_type, addr_type);
2885 ev.confirm_hint = confirm_hint;
2886 put_unaligned_le32(value, &ev.value);
2887
2888 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
2889 NULL);
2890 }
2891
2892 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2893 u8 link_type, u8 addr_type)
2894 {
2895 struct mgmt_ev_user_passkey_request ev;
2896
2897 BT_DBG("%s", hdev->name);
2898
2899 bacpy(&ev.addr.bdaddr, bdaddr);
2900 ev.addr.type = link_to_mgmt(link_type, addr_type);
2901
2902 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2903 NULL);
2904 }
2905
2906 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2907 u8 link_type, u8 addr_type, u8 status,
2908 u8 opcode)
2909 {
2910 struct pending_cmd *cmd;
2911 struct mgmt_rp_user_confirm_reply rp;
2912 int err;
2913
2914 cmd = mgmt_pending_find(opcode, hdev);
2915 if (!cmd)
2916 return -ENOENT;
2917
2918 bacpy(&rp.addr.bdaddr, bdaddr);
2919 rp.addr.type = link_to_mgmt(link_type, addr_type);
2920 rp.status = mgmt_status(status);
2921 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
2922
2923 mgmt_pending_remove(cmd);
2924
2925 return err;
2926 }
2927
2928 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2929 u8 link_type, u8 addr_type, u8 status)
2930 {
2931 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2932 status, MGMT_OP_USER_CONFIRM_REPLY);
2933 }
2934
2935 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2936 u8 link_type, u8 addr_type, u8 status)
2937 {
2938 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2939 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
2940 }
2941
2942 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2943 u8 link_type, u8 addr_type, u8 status)
2944 {
2945 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2946 status, MGMT_OP_USER_PASSKEY_REPLY);
2947 }
2948
2949 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2950 u8 link_type, u8 addr_type, u8 status)
2951 {
2952 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
2953 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
2954 }
2955
2956 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2957 u8 addr_type, u8 status)
2958 {
2959 struct mgmt_ev_auth_failed ev;
2960
2961 bacpy(&ev.addr.bdaddr, bdaddr);
2962 ev.addr.type = link_to_mgmt(link_type, addr_type);
2963 ev.status = mgmt_status(status);
2964
2965 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2966 }
2967
2968 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
2969 {
2970 struct pending_cmd *cmd;
2971 struct mgmt_cp_set_local_name ev;
2972 int err;
2973
2974 memset(&ev, 0, sizeof(ev));
2975 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2976
2977 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2978 if (!cmd)
2979 goto send_event;
2980
2981 if (status) {
2982 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2983 mgmt_status(status));
2984 goto failed;
2985 }
2986
2987 update_eir(hdev);
2988
2989 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
2990 sizeof(ev));
2991 if (err < 0)
2992 goto failed;
2993
2994 send_event:
2995 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
2996 cmd ? cmd->sk : NULL);
2997
2998 failed:
2999 if (cmd)
3000 mgmt_pending_remove(cmd);
3001 return err;
3002 }
3003
3004 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3005 u8 *randomizer, u8 status)
3006 {
3007 struct pending_cmd *cmd;
3008 int err;
3009
3010 BT_DBG("%s status %u", hdev->name, status);
3011
3012 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3013 if (!cmd)
3014 return -ENOENT;
3015
3016 if (status) {
3017 err = cmd_status(cmd->sk, hdev->id,
3018 MGMT_OP_READ_LOCAL_OOB_DATA,
3019 mgmt_status(status));
3020 } else {
3021 struct mgmt_rp_read_local_oob_data rp;
3022
3023 memcpy(rp.hash, hash, sizeof(rp.hash));
3024 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3025
3026 err = cmd_complete(cmd->sk, hdev->id,
3027 MGMT_OP_READ_LOCAL_OOB_DATA,
3028 &rp, sizeof(rp));
3029 }
3030
3031 mgmt_pending_remove(cmd);
3032
3033 return err;
3034 }
3035
3036 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3037 u8 addr_type, u8 *dev_class, s8 rssi,
3038 u8 cfm_name, u8 *eir, u16 eir_len)
3039 {
3040 char buf[512];
3041 struct mgmt_ev_device_found *ev = (void *) buf;
3042 size_t ev_size;
3043
3044 /* Leave 5 bytes for a potential CoD field */
3045 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3046 return -EINVAL;
3047
3048 memset(buf, 0, sizeof(buf));
3049
3050 bacpy(&ev->addr.bdaddr, bdaddr);
3051 ev->addr.type = link_to_mgmt(link_type, addr_type);
3052 ev->rssi = rssi;
3053 ev->confirm_name = cfm_name;
3054
3055 if (eir_len > 0)
3056 memcpy(ev->eir, eir, eir_len);
3057
3058 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3059 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3060 dev_class, 3);
3061
3062 put_unaligned_le16(eir_len, &ev->eir_len);
3063
3064 ev_size = sizeof(*ev) + eir_len;
3065
3066 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3067 }
3068
3069 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3070 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3071 {
3072 struct mgmt_ev_device_found *ev;
3073 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3074 u16 eir_len;
3075
3076 ev = (struct mgmt_ev_device_found *) buf;
3077
3078 memset(buf, 0, sizeof(buf));
3079
3080 bacpy(&ev->addr.bdaddr, bdaddr);
3081 ev->addr.type = link_to_mgmt(link_type, addr_type);
3082 ev->rssi = rssi;
3083
3084 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3085 name_len);
3086
3087 put_unaligned_le16(eir_len, &ev->eir_len);
3088
3089 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3090 sizeof(*ev) + eir_len, NULL);
3091 }
3092
3093 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3094 {
3095 struct pending_cmd *cmd;
3096 int err;
3097
3098 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3099
3100 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3101 if (!cmd)
3102 return -ENOENT;
3103
3104 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3105 mgmt_pending_remove(cmd);
3106
3107 return err;
3108 }
3109
3110 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3111 {
3112 struct pending_cmd *cmd;
3113 int err;
3114
3115 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3116 if (!cmd)
3117 return -ENOENT;
3118
3119 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3120 mgmt_pending_remove(cmd);
3121
3122 return err;
3123 }
3124
3125 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3126 {
3127 struct pending_cmd *cmd;
3128
3129 BT_DBG("%s discovering %u", hdev->name, discovering);
3130
3131 if (discovering)
3132 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3133 else
3134 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3135
3136 if (cmd != NULL) {
3137 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
3138 mgmt_pending_remove(cmd);
3139 }
3140
3141 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
3142 sizeof(discovering), NULL);
3143 }
3144
3145 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3146 {
3147 struct pending_cmd *cmd;
3148 struct mgmt_ev_device_blocked ev;
3149
3150 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3151
3152 bacpy(&ev.addr.bdaddr, bdaddr);
3153 ev.addr.type = type;
3154
3155 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3156 cmd ? cmd->sk : NULL);
3157 }
3158
3159 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3160 {
3161 struct pending_cmd *cmd;
3162 struct mgmt_ev_device_unblocked ev;
3163
3164 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3165
3166 bacpy(&ev.addr.bdaddr, bdaddr);
3167 ev.addr.type = type;
3168
3169 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3170 cmd ? cmd->sk : NULL);
3171 }
kernel source for telekom puls (alcatel/mediatek)