projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'next' into for-linus
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3
4 Copyright (C) 2010 Nokia Corporation
5 Copyright (C) 2011-2012 Intel Corporation
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /* Bluetooth HCI Management interface */
26
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 bool enable_hs;
36
37 #define MGMT_VERSION 1
38 #define MGMT_REVISION 3
39
40 static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79 };
80
81 static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
103 };
104
105 /*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109 #define LE_SCAN_TYPE 0x01
110 #define LE_SCAN_WIN 0x12
111 #define LE_SCAN_INT 0x12
112 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
113 #define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
114
115 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116 #define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
117
118 #define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119
120 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
123 struct pending_cmd {
124 struct list_head list;
125 u16 opcode;
126 int index;
127 void *param;
128 struct sock *sk;
129 void *user_data;
130 };
131
132 /* HCI to MGMT error code conversion table */
133 static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195 };
196
197 bool mgmt_valid_hdev(struct hci_dev *hdev)
198 {
199 return hdev->dev_type == HCI_BREDR;
200 }
201
202 static u8 mgmt_status(u8 hci_status)
203 {
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208 }
209
210 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
211 {
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
215 int err;
216
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
218
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
231 ev->opcode = cpu_to_le16(cmd);
232
233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
235 kfree_skb(skb);
236
237 return err;
238 }
239
240 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
242 {
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
246 int err;
247
248 BT_DBG("sock %p", sk);
249
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
255
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
259
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
262 ev->status = status;
263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
266
267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
269 kfree_skb(skb);
270
271 return err;
272 }
273
274 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
276 {
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
283
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
285 sizeof(rp));
286 }
287
288 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
290 {
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
294 __le16 *opcode;
295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 rp_size);
317 kfree(rp);
318
319 return err;
320 }
321
322 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
324 {
325 struct mgmt_rp_read_index_list *rp;
326 struct hci_dev *d;
327 size_t rp_len;
328 u16 count;
329 int err;
330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
340 count++;
341 }
342
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
346 read_unlock(&hci_dev_list_lock);
347 return -ENOMEM;
348 }
349
350 count = 0;
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
353 continue;
354
355 if (!mgmt_valid_hdev(d))
356 continue;
357
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
360 }
361
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
365 read_unlock(&hci_dev_list_lock);
366
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
368 rp_len);
369
370 kfree(rp);
371
372 return err;
373 }
374
375 static u32 get_supported_settings(struct hci_dev *hdev)
376 {
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
381
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
384
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
398
399 return settings;
400 }
401
402 static u32 get_current_settings(struct hci_dev *hdev)
403 {
404 u32 settings = 0;
405
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
408
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
411
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
414
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
417
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
420
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
423
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
426
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
429
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
433 return settings;
434 }
435
436 #define PNP_INFO_SVCLASS_ID 0x1200
437
438 static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439 {
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478 }
479
480 static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481 {
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511 }
512
513 static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514 {
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544 }
545
546 static void create_eir(struct hci_dev *hdev, u8 *data)
547 {
548 u8 *ptr = data;
549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
566 ptr += (name_len + 2);
567 }
568
569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
574 ptr += 3;
575 }
576
577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
586 ptr += 10;
587 }
588
589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592 }
593
594 static int update_eir(struct hci_dev *hdev)
595 {
596 struct hci_cp_write_eir cp;
597
598 if (!hdev_is_powered(hdev))
599 return 0;
600
601 if (!lmp_ext_inq_capable(hdev))
602 return 0;
603
604 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
605 return 0;
606
607 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
608 return 0;
609
610 memset(&cp, 0, sizeof(cp));
611
612 create_eir(hdev, cp.data);
613
614 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
615 return 0;
616
617 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618
619 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
620 }
621
622 static u8 get_service_classes(struct hci_dev *hdev)
623 {
624 struct bt_uuid *uuid;
625 u8 val = 0;
626
627 list_for_each_entry(uuid, &hdev->uuids, list)
628 val |= uuid->svc_hint;
629
630 return val;
631 }
632
633 static int update_class(struct hci_dev *hdev)
634 {
635 u8 cod[3];
636 int err;
637
638 BT_DBG("%s", hdev->name);
639
640 if (!hdev_is_powered(hdev))
641 return 0;
642
643 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
644 return 0;
645
646 cod[0] = hdev->minor_class;
647 cod[1] = hdev->major_class;
648 cod[2] = get_service_classes(hdev);
649
650 if (memcmp(cod, hdev->dev_class, 3) == 0)
651 return 0;
652
653 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
654 if (err == 0)
655 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
656
657 return err;
658 }
659
660 static void service_cache_off(struct work_struct *work)
661 {
662 struct hci_dev *hdev = container_of(work, struct hci_dev,
663 service_cache.work);
664
665 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
666 return;
667
668 hci_dev_lock(hdev);
669
670 update_eir(hdev);
671 update_class(hdev);
672
673 hci_dev_unlock(hdev);
674 }
675
676 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
677 {
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
679 return;
680
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
682
683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
686 * it
687 */
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
689 }
690
691 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
693 {
694 struct mgmt_rp_read_info rp;
695
696 BT_DBG("sock %p %s", sk, hdev->name);
697
698 hci_dev_lock(hdev);
699
700 memset(&rp, 0, sizeof(rp));
701
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
703
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
709
710 memcpy(rp.dev_class, hdev->dev_class, 3);
711
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
714
715 hci_dev_unlock(hdev);
716
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
718 sizeof(rp));
719 }
720
721 static void mgmt_pending_free(struct pending_cmd *cmd)
722 {
723 sock_put(cmd->sk);
724 kfree(cmd->param);
725 kfree(cmd);
726 }
727
728 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
730 u16 len)
731 {
732 struct pending_cmd *cmd;
733
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
735 if (!cmd)
736 return NULL;
737
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
740
741 cmd->param = kmalloc(len, GFP_KERNEL);
742 if (!cmd->param) {
743 kfree(cmd);
744 return NULL;
745 }
746
747 if (data)
748 memcpy(cmd->param, data, len);
749
750 cmd->sk = sk;
751 sock_hold(sk);
752
753 list_add(&cmd->list, &hdev->mgmt_pending);
754
755 return cmd;
756 }
757
758 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
761 void *data)
762 {
763 struct pending_cmd *cmd, *tmp;
764
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
767 continue;
768
769 cb(cmd, data);
770 }
771 }
772
773 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
774 {
775 struct pending_cmd *cmd;
776
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
779 return cmd;
780 }
781
782 return NULL;
783 }
784
785 static void mgmt_pending_remove(struct pending_cmd *cmd)
786 {
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789 }
790
791 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
792 {
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
794
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
796 sizeof(settings));
797 }
798
799 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
800 u16 len)
801 {
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
804 int err;
805
806 BT_DBG("request for %s", hdev->name);
807
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
812 hci_dev_lock(hdev);
813
814 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
815 cancel_delayed_work(&hdev->power_off);
816
817 if (cp->val) {
818 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
819 data, len);
820 err = mgmt_powered(hdev, 1);
821 goto failed;
822 }
823 }
824
825 if (!!cp->val == hdev_is_powered(hdev)) {
826 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
827 goto failed;
828 }
829
830 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
831 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
832 MGMT_STATUS_BUSY);
833 goto failed;
834 }
835
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
837 if (!cmd) {
838 err = -ENOMEM;
839 goto failed;
840 }
841
842 if (cp->val)
843 queue_work(hdev->req_workqueue, &hdev->power_on);
844 else
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
846
847 err = 0;
848
849 failed:
850 hci_dev_unlock(hdev);
851 return err;
852 }
853
854 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
856 {
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
875 /* Time stamp */
876 __net_timestamp(skb);
877
878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882 }
883
884 static int new_settings(struct hci_dev *hdev, struct sock *skip)
885 {
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891 }
892
893 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
894 u16 len)
895 {
896 struct mgmt_cp_set_discoverable *cp = data;
897 struct pending_cmd *cmd;
898 u16 timeout;
899 u8 scan;
900 int err;
901
902 BT_DBG("request for %s", hdev->name);
903
904 if (!lmp_bredr_capable(hdev))
905 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_NOT_SUPPORTED);
907
908 if (cp->val != 0x00 && cp->val != 0x01)
909 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
910 MGMT_STATUS_INVALID_PARAMS);
911
912 timeout = __le16_to_cpu(cp->timeout);
913 if (!cp->val && timeout > 0)
914 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
915 MGMT_STATUS_INVALID_PARAMS);
916
917 hci_dev_lock(hdev);
918
919 if (!hdev_is_powered(hdev) && timeout > 0) {
920 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
921 MGMT_STATUS_NOT_POWERED);
922 goto failed;
923 }
924
925 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
926 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
927 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
928 MGMT_STATUS_BUSY);
929 goto failed;
930 }
931
932 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
933 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
934 MGMT_STATUS_REJECTED);
935 goto failed;
936 }
937
938 if (!hdev_is_powered(hdev)) {
939 bool changed = false;
940
941 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
942 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
943 changed = true;
944 }
945
946 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
947 if (err < 0)
948 goto failed;
949
950 if (changed)
951 err = new_settings(hdev, sk);
952
953 goto failed;
954 }
955
956 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
957 if (hdev->discov_timeout > 0) {
958 cancel_delayed_work(&hdev->discov_off);
959 hdev->discov_timeout = 0;
960 }
961
962 if (cp->val && timeout > 0) {
963 hdev->discov_timeout = timeout;
964 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
965 msecs_to_jiffies(hdev->discov_timeout * 1000));
966 }
967
968 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
969 goto failed;
970 }
971
972 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
973 if (!cmd) {
974 err = -ENOMEM;
975 goto failed;
976 }
977
978 scan = SCAN_PAGE;
979
980 if (cp->val)
981 scan |= SCAN_INQUIRY;
982 else
983 cancel_delayed_work(&hdev->discov_off);
984
985 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
986 if (err < 0)
987 mgmt_pending_remove(cmd);
988
989 if (cp->val)
990 hdev->discov_timeout = timeout;
991
992 failed:
993 hci_dev_unlock(hdev);
994 return err;
995 }
996
997 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
998 u16 len)
999 {
1000 struct mgmt_mode *cp = data;
1001 struct pending_cmd *cmd;
1002 u8 scan;
1003 int err;
1004
1005 BT_DBG("request for %s", hdev->name);
1006
1007 if (!lmp_bredr_capable(hdev))
1008 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1009 MGMT_STATUS_NOT_SUPPORTED);
1010
1011 if (cp->val != 0x00 && cp->val != 0x01)
1012 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1013 MGMT_STATUS_INVALID_PARAMS);
1014
1015 hci_dev_lock(hdev);
1016
1017 if (!hdev_is_powered(hdev)) {
1018 bool changed = false;
1019
1020 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1021 changed = true;
1022
1023 if (cp->val) {
1024 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1025 } else {
1026 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1027 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1028 }
1029
1030 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1031 if (err < 0)
1032 goto failed;
1033
1034 if (changed)
1035 err = new_settings(hdev, sk);
1036
1037 goto failed;
1038 }
1039
1040 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1041 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1042 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1043 MGMT_STATUS_BUSY);
1044 goto failed;
1045 }
1046
1047 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1048 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1049 goto failed;
1050 }
1051
1052 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1053 if (!cmd) {
1054 err = -ENOMEM;
1055 goto failed;
1056 }
1057
1058 if (cp->val) {
1059 scan = SCAN_PAGE;
1060 } else {
1061 scan = 0;
1062
1063 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1064 hdev->discov_timeout > 0)
1065 cancel_delayed_work(&hdev->discov_off);
1066 }
1067
1068 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1069 if (err < 0)
1070 mgmt_pending_remove(cmd);
1071
1072 failed:
1073 hci_dev_unlock(hdev);
1074 return err;
1075 }
1076
1077 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1078 u16 len)
1079 {
1080 struct mgmt_mode *cp = data;
1081 int err;
1082
1083 BT_DBG("request for %s", hdev->name);
1084
1085 if (cp->val != 0x00 && cp->val != 0x01)
1086 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1087 MGMT_STATUS_INVALID_PARAMS);
1088
1089 hci_dev_lock(hdev);
1090
1091 if (cp->val)
1092 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1093 else
1094 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1095
1096 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1097 if (err < 0)
1098 goto failed;
1099
1100 err = new_settings(hdev, sk);
1101
1102 failed:
1103 hci_dev_unlock(hdev);
1104 return err;
1105 }
1106
1107 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1108 u16 len)
1109 {
1110 struct mgmt_mode *cp = data;
1111 struct pending_cmd *cmd;
1112 u8 val;
1113 int err;
1114
1115 BT_DBG("request for %s", hdev->name);
1116
1117 if (!lmp_bredr_capable(hdev))
1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1119 MGMT_STATUS_NOT_SUPPORTED);
1120
1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1123 MGMT_STATUS_INVALID_PARAMS);
1124
1125 hci_dev_lock(hdev);
1126
1127 if (!hdev_is_powered(hdev)) {
1128 bool changed = false;
1129
1130 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1131 &hdev->dev_flags)) {
1132 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1133 changed = true;
1134 }
1135
1136 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1137 if (err < 0)
1138 goto failed;
1139
1140 if (changed)
1141 err = new_settings(hdev, sk);
1142
1143 goto failed;
1144 }
1145
1146 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1148 MGMT_STATUS_BUSY);
1149 goto failed;
1150 }
1151
1152 val = !!cp->val;
1153
1154 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1155 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1156 goto failed;
1157 }
1158
1159 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1160 if (!cmd) {
1161 err = -ENOMEM;
1162 goto failed;
1163 }
1164
1165 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1166 if (err < 0) {
1167 mgmt_pending_remove(cmd);
1168 goto failed;
1169 }
1170
1171 failed:
1172 hci_dev_unlock(hdev);
1173 return err;
1174 }
1175
1176 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1177 {
1178 struct mgmt_mode *cp = data;
1179 struct pending_cmd *cmd;
1180 u8 val;
1181 int err;
1182
1183 BT_DBG("request for %s", hdev->name);
1184
1185 if (!lmp_ssp_capable(hdev))
1186 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1187 MGMT_STATUS_NOT_SUPPORTED);
1188
1189 if (cp->val != 0x00 && cp->val != 0x01)
1190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1191 MGMT_STATUS_INVALID_PARAMS);
1192
1193 hci_dev_lock(hdev);
1194
1195 val = !!cp->val;
1196
1197 if (!hdev_is_powered(hdev)) {
1198 bool changed = false;
1199
1200 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1201 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1202 changed = true;
1203 }
1204
1205 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1206 if (err < 0)
1207 goto failed;
1208
1209 if (changed)
1210 err = new_settings(hdev, sk);
1211
1212 goto failed;
1213 }
1214
1215 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1216 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1217 MGMT_STATUS_BUSY);
1218 goto failed;
1219 }
1220
1221 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1222 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1223 goto failed;
1224 }
1225
1226 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1227 if (!cmd) {
1228 err = -ENOMEM;
1229 goto failed;
1230 }
1231
1232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1233 if (err < 0) {
1234 mgmt_pending_remove(cmd);
1235 goto failed;
1236 }
1237
1238 failed:
1239 hci_dev_unlock(hdev);
1240 return err;
1241 }
1242
1243 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1244 {
1245 struct mgmt_mode *cp = data;
1246
1247 BT_DBG("request for %s", hdev->name);
1248
1249 if (!enable_hs)
1250 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1251 MGMT_STATUS_NOT_SUPPORTED);
1252
1253 if (cp->val != 0x00 && cp->val != 0x01)
1254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1255 MGMT_STATUS_INVALID_PARAMS);
1256
1257 if (cp->val)
1258 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1259 else
1260 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1261
1262 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1263 }
1264
1265 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1266 {
1267 struct mgmt_mode *cp = data;
1268 struct hci_cp_write_le_host_supported hci_cp;
1269 struct pending_cmd *cmd;
1270 int err;
1271 u8 val, enabled;
1272
1273 BT_DBG("request for %s", hdev->name);
1274
1275 if (!lmp_le_capable(hdev))
1276 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1277 MGMT_STATUS_NOT_SUPPORTED);
1278
1279 if (cp->val != 0x00 && cp->val != 0x01)
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1281 MGMT_STATUS_INVALID_PARAMS);
1282
1283 hci_dev_lock(hdev);
1284
1285 val = !!cp->val;
1286 enabled = lmp_host_le_capable(hdev);
1287
1288 if (!hdev_is_powered(hdev) || val == enabled) {
1289 bool changed = false;
1290
1291 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1292 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1293 changed = true;
1294 }
1295
1296 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1297 if (err < 0)
1298 goto unlock;
1299
1300 if (changed)
1301 err = new_settings(hdev, sk);
1302
1303 goto unlock;
1304 }
1305
1306 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1307 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1308 MGMT_STATUS_BUSY);
1309 goto unlock;
1310 }
1311
1312 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1313 if (!cmd) {
1314 err = -ENOMEM;
1315 goto unlock;
1316 }
1317
1318 memset(&hci_cp, 0, sizeof(hci_cp));
1319
1320 if (val) {
1321 hci_cp.le = val;
1322 hci_cp.simul = lmp_le_br_capable(hdev);
1323 }
1324
1325 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1326 &hci_cp);
1327 if (err < 0)
1328 mgmt_pending_remove(cmd);
1329
1330 unlock:
1331 hci_dev_unlock(hdev);
1332 return err;
1333 }
1334
1335 static const u8 bluetooth_base_uuid[] = {
1336 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1337 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1338 };
1339
1340 static u8 get_uuid_size(const u8 *uuid)
1341 {
1342 u32 val;
1343
1344 if (memcmp(uuid, bluetooth_base_uuid, 12))
1345 return 128;
1346
1347 val = get_unaligned_le32(&uuid[12]);
1348 if (val > 0xffff)
1349 return 32;
1350
1351 return 16;
1352 }
1353
1354 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1355 {
1356 struct mgmt_cp_add_uuid *cp = data;
1357 struct pending_cmd *cmd;
1358 struct bt_uuid *uuid;
1359 int err;
1360
1361 BT_DBG("request for %s", hdev->name);
1362
1363 hci_dev_lock(hdev);
1364
1365 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1366 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1367 MGMT_STATUS_BUSY);
1368 goto failed;
1369 }
1370
1371 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1372 if (!uuid) {
1373 err = -ENOMEM;
1374 goto failed;
1375 }
1376
1377 memcpy(uuid->uuid, cp->uuid, 16);
1378 uuid->svc_hint = cp->svc_hint;
1379 uuid->size = get_uuid_size(cp->uuid);
1380
1381 list_add_tail(&uuid->list, &hdev->uuids);
1382
1383 err = update_class(hdev);
1384 if (err < 0)
1385 goto failed;
1386
1387 err = update_eir(hdev);
1388 if (err < 0)
1389 goto failed;
1390
1391 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1392 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1393 hdev->dev_class, 3);
1394 goto failed;
1395 }
1396
1397 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1398 if (!cmd)
1399 err = -ENOMEM;
1400
1401 failed:
1402 hci_dev_unlock(hdev);
1403 return err;
1404 }
1405
1406 static bool enable_service_cache(struct hci_dev *hdev)
1407 {
1408 if (!hdev_is_powered(hdev))
1409 return false;
1410
1411 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1412 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1413 CACHE_TIMEOUT);
1414 return true;
1415 }
1416
1417 return false;
1418 }
1419
1420 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1421 u16 len)
1422 {
1423 struct mgmt_cp_remove_uuid *cp = data;
1424 struct pending_cmd *cmd;
1425 struct bt_uuid *match, *tmp;
1426 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1427 int err, found;
1428
1429 BT_DBG("request for %s", hdev->name);
1430
1431 hci_dev_lock(hdev);
1432
1433 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1434 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1435 MGMT_STATUS_BUSY);
1436 goto unlock;
1437 }
1438
1439 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1440 err = hci_uuids_clear(hdev);
1441
1442 if (enable_service_cache(hdev)) {
1443 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1444 0, hdev->dev_class, 3);
1445 goto unlock;
1446 }
1447
1448 goto update_class;
1449 }
1450
1451 found = 0;
1452
1453 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1454 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1455 continue;
1456
1457 list_del(&match->list);
1458 kfree(match);
1459 found++;
1460 }
1461
1462 if (found == 0) {
1463 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1464 MGMT_STATUS_INVALID_PARAMS);
1465 goto unlock;
1466 }
1467
1468 update_class:
1469 err = update_class(hdev);
1470 if (err < 0)
1471 goto unlock;
1472
1473 err = update_eir(hdev);
1474 if (err < 0)
1475 goto unlock;
1476
1477 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1478 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1479 hdev->dev_class, 3);
1480 goto unlock;
1481 }
1482
1483 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1484 if (!cmd)
1485 err = -ENOMEM;
1486
1487 unlock:
1488 hci_dev_unlock(hdev);
1489 return err;
1490 }
1491
1492 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1493 u16 len)
1494 {
1495 struct mgmt_cp_set_dev_class *cp = data;
1496 struct pending_cmd *cmd;
1497 int err;
1498
1499 BT_DBG("request for %s", hdev->name);
1500
1501 if (!lmp_bredr_capable(hdev))
1502 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1503 MGMT_STATUS_NOT_SUPPORTED);
1504
1505 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1506 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1507 MGMT_STATUS_BUSY);
1508
1509 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1510 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1511 MGMT_STATUS_INVALID_PARAMS);
1512
1513 hci_dev_lock(hdev);
1514
1515 hdev->major_class = cp->major;
1516 hdev->minor_class = cp->minor;
1517
1518 if (!hdev_is_powered(hdev)) {
1519 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1520 hdev->dev_class, 3);
1521 goto unlock;
1522 }
1523
1524 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1525 hci_dev_unlock(hdev);
1526 cancel_delayed_work_sync(&hdev->service_cache);
1527 hci_dev_lock(hdev);
1528 update_eir(hdev);
1529 }
1530
1531 err = update_class(hdev);
1532 if (err < 0)
1533 goto unlock;
1534
1535 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1536 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1537 hdev->dev_class, 3);
1538 goto unlock;
1539 }
1540
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1542 if (!cmd)
1543 err = -ENOMEM;
1544
1545 unlock:
1546 hci_dev_unlock(hdev);
1547 return err;
1548 }
1549
1550 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1551 u16 len)
1552 {
1553 struct mgmt_cp_load_link_keys *cp = data;
1554 u16 key_count, expected_len;
1555 int i;
1556
1557 key_count = __le16_to_cpu(cp->key_count);
1558
1559 expected_len = sizeof(*cp) + key_count *
1560 sizeof(struct mgmt_link_key_info);
1561 if (expected_len != len) {
1562 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1563 len, expected_len);
1564 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1565 MGMT_STATUS_INVALID_PARAMS);
1566 }
1567
1568 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1570 MGMT_STATUS_INVALID_PARAMS);
1571
1572 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1573 key_count);
1574
1575 for (i = 0; i < key_count; i++) {
1576 struct mgmt_link_key_info *key = &cp->keys[i];
1577
1578 if (key->addr.type != BDADDR_BREDR)
1579 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1580 MGMT_STATUS_INVALID_PARAMS);
1581 }
1582
1583 hci_dev_lock(hdev);
1584
1585 hci_link_keys_clear(hdev);
1586
1587 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1588
1589 if (cp->debug_keys)
1590 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1591 else
1592 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1593
1594 for (i = 0; i < key_count; i++) {
1595 struct mgmt_link_key_info *key = &cp->keys[i];
1596
1597 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1598 key->type, key->pin_len);
1599 }
1600
1601 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1602
1603 hci_dev_unlock(hdev);
1604
1605 return 0;
1606 }
1607
1608 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1609 u8 addr_type, struct sock *skip_sk)
1610 {
1611 struct mgmt_ev_device_unpaired ev;
1612
1613 bacpy(&ev.addr.bdaddr, bdaddr);
1614 ev.addr.type = addr_type;
1615
1616 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1617 skip_sk);
1618 }
1619
1620 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1621 u16 len)
1622 {
1623 struct mgmt_cp_unpair_device *cp = data;
1624 struct mgmt_rp_unpair_device rp;
1625 struct hci_cp_disconnect dc;
1626 struct pending_cmd *cmd;
1627 struct hci_conn *conn;
1628 int err;
1629
1630 memset(&rp, 0, sizeof(rp));
1631 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1632 rp.addr.type = cp->addr.type;
1633
1634 if (!bdaddr_type_is_valid(cp->addr.type))
1635 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1636 MGMT_STATUS_INVALID_PARAMS,
1637 &rp, sizeof(rp));
1638
1639 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1640 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1641 MGMT_STATUS_INVALID_PARAMS,
1642 &rp, sizeof(rp));
1643
1644 hci_dev_lock(hdev);
1645
1646 if (!hdev_is_powered(hdev)) {
1647 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1648 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1649 goto unlock;
1650 }
1651
1652 if (cp->addr.type == BDADDR_BREDR)
1653 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1654 else
1655 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1656
1657 if (err < 0) {
1658 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1659 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1660 goto unlock;
1661 }
1662
1663 if (cp->disconnect) {
1664 if (cp->addr.type == BDADDR_BREDR)
1665 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1666 &cp->addr.bdaddr);
1667 else
1668 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1669 &cp->addr.bdaddr);
1670 } else {
1671 conn = NULL;
1672 }
1673
1674 if (!conn) {
1675 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1676 &rp, sizeof(rp));
1677 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1678 goto unlock;
1679 }
1680
1681 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1682 sizeof(*cp));
1683 if (!cmd) {
1684 err = -ENOMEM;
1685 goto unlock;
1686 }
1687
1688 dc.handle = cpu_to_le16(conn->handle);
1689 dc.reason = 0x13; /* Remote User Terminated Connection */
1690 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1691 if (err < 0)
1692 mgmt_pending_remove(cmd);
1693
1694 unlock:
1695 hci_dev_unlock(hdev);
1696 return err;
1697 }
1698
1699 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1700 u16 len)
1701 {
1702 struct mgmt_cp_disconnect *cp = data;
1703 struct mgmt_rp_disconnect rp;
1704 struct hci_cp_disconnect dc;
1705 struct pending_cmd *cmd;
1706 struct hci_conn *conn;
1707 int err;
1708
1709 BT_DBG("");
1710
1711 memset(&rp, 0, sizeof(rp));
1712 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1713 rp.addr.type = cp->addr.type;
1714
1715 if (!bdaddr_type_is_valid(cp->addr.type))
1716 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1717 MGMT_STATUS_INVALID_PARAMS,
1718 &rp, sizeof(rp));
1719
1720 hci_dev_lock(hdev);
1721
1722 if (!test_bit(HCI_UP, &hdev->flags)) {
1723 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1724 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1725 goto failed;
1726 }
1727
1728 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1729 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1730 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1731 goto failed;
1732 }
1733
1734 if (cp->addr.type == BDADDR_BREDR)
1735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1736 &cp->addr.bdaddr);
1737 else
1738 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1739
1740 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1741 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1742 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
1743 goto failed;
1744 }
1745
1746 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1747 if (!cmd) {
1748 err = -ENOMEM;
1749 goto failed;
1750 }
1751
1752 dc.handle = cpu_to_le16(conn->handle);
1753 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1754
1755 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1756 if (err < 0)
1757 mgmt_pending_remove(cmd);
1758
1759 failed:
1760 hci_dev_unlock(hdev);
1761 return err;
1762 }
1763
1764 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1765 {
1766 switch (link_type) {
1767 case LE_LINK:
1768 switch (addr_type) {
1769 case ADDR_LE_DEV_PUBLIC:
1770 return BDADDR_LE_PUBLIC;
1771
1772 default:
1773 /* Fallback to LE Random address type */
1774 return BDADDR_LE_RANDOM;
1775 }
1776
1777 default:
1778 /* Fallback to BR/EDR type */
1779 return BDADDR_BREDR;
1780 }
1781 }
1782
1783 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1784 u16 data_len)
1785 {
1786 struct mgmt_rp_get_connections *rp;
1787 struct hci_conn *c;
1788 size_t rp_len;
1789 int err;
1790 u16 i;
1791
1792 BT_DBG("");
1793
1794 hci_dev_lock(hdev);
1795
1796 if (!hdev_is_powered(hdev)) {
1797 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1798 MGMT_STATUS_NOT_POWERED);
1799 goto unlock;
1800 }
1801
1802 i = 0;
1803 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1804 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1805 i++;
1806 }
1807
1808 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1809 rp = kmalloc(rp_len, GFP_KERNEL);
1810 if (!rp) {
1811 err = -ENOMEM;
1812 goto unlock;
1813 }
1814
1815 i = 0;
1816 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1817 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1818 continue;
1819 bacpy(&rp->addr[i].bdaddr, &c->dst);
1820 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1821 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1822 continue;
1823 i++;
1824 }
1825
1826 rp->conn_count = cpu_to_le16(i);
1827
1828 /* Recalculate length in case of filtered SCO connections, etc */
1829 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1830
1831 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1832 rp_len);
1833
1834 kfree(rp);
1835
1836 unlock:
1837 hci_dev_unlock(hdev);
1838 return err;
1839 }
1840
1841 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1842 struct mgmt_cp_pin_code_neg_reply *cp)
1843 {
1844 struct pending_cmd *cmd;
1845 int err;
1846
1847 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1848 sizeof(*cp));
1849 if (!cmd)
1850 return -ENOMEM;
1851
1852 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1853 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1854 if (err < 0)
1855 mgmt_pending_remove(cmd);
1856
1857 return err;
1858 }
1859
1860 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1861 u16 len)
1862 {
1863 struct hci_conn *conn;
1864 struct mgmt_cp_pin_code_reply *cp = data;
1865 struct hci_cp_pin_code_reply reply;
1866 struct pending_cmd *cmd;
1867 int err;
1868
1869 BT_DBG("");
1870
1871 hci_dev_lock(hdev);
1872
1873 if (!hdev_is_powered(hdev)) {
1874 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1875 MGMT_STATUS_NOT_POWERED);
1876 goto failed;
1877 }
1878
1879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1880 if (!conn) {
1881 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1882 MGMT_STATUS_NOT_CONNECTED);
1883 goto failed;
1884 }
1885
1886 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1887 struct mgmt_cp_pin_code_neg_reply ncp;
1888
1889 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1890
1891 BT_ERR("PIN code is not 16 bytes long");
1892
1893 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1894 if (err >= 0)
1895 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1896 MGMT_STATUS_INVALID_PARAMS);
1897
1898 goto failed;
1899 }
1900
1901 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1902 if (!cmd) {
1903 err = -ENOMEM;
1904 goto failed;
1905 }
1906
1907 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1908 reply.pin_len = cp->pin_len;
1909 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1910
1911 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1912 if (err < 0)
1913 mgmt_pending_remove(cmd);
1914
1915 failed:
1916 hci_dev_unlock(hdev);
1917 return err;
1918 }
1919
1920 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1921 u16 len)
1922 {
1923 struct mgmt_cp_set_io_capability *cp = data;
1924
1925 BT_DBG("");
1926
1927 hci_dev_lock(hdev);
1928
1929 hdev->io_capability = cp->io_capability;
1930
1931 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1932 hdev->io_capability);
1933
1934 hci_dev_unlock(hdev);
1935
1936 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1937 0);
1938 }
1939
1940 static struct pending_cmd *find_pairing(struct hci_conn *conn)
1941 {
1942 struct hci_dev *hdev = conn->hdev;
1943 struct pending_cmd *cmd;
1944
1945 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1946 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1947 continue;
1948
1949 if (cmd->user_data != conn)
1950 continue;
1951
1952 return cmd;
1953 }
1954
1955 return NULL;
1956 }
1957
1958 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1959 {
1960 struct mgmt_rp_pair_device rp;
1961 struct hci_conn *conn = cmd->user_data;
1962
1963 bacpy(&rp.addr.bdaddr, &conn->dst);
1964 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1965
1966 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1967 &rp, sizeof(rp));
1968
1969 /* So we don't get further callbacks for this connection */
1970 conn->connect_cfm_cb = NULL;
1971 conn->security_cfm_cb = NULL;
1972 conn->disconn_cfm_cb = NULL;
1973
1974 hci_conn_put(conn);
1975
1976 mgmt_pending_remove(cmd);
1977 }
1978
1979 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1980 {
1981 struct pending_cmd *cmd;
1982
1983 BT_DBG("status %u", status);
1984
1985 cmd = find_pairing(conn);
1986 if (!cmd)
1987 BT_DBG("Unable to find a pending command");
1988 else
1989 pairing_complete(cmd, mgmt_status(status));
1990 }
1991
1992 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1993 {
1994 struct pending_cmd *cmd;
1995
1996 BT_DBG("status %u", status);
1997
1998 if (!status)
1999 return;
2000
2001 cmd = find_pairing(conn);
2002 if (!cmd)
2003 BT_DBG("Unable to find a pending command");
2004 else
2005 pairing_complete(cmd, mgmt_status(status));
2006 }
2007
2008 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2009 u16 len)
2010 {
2011 struct mgmt_cp_pair_device *cp = data;
2012 struct mgmt_rp_pair_device rp;
2013 struct pending_cmd *cmd;
2014 u8 sec_level, auth_type;
2015 struct hci_conn *conn;
2016 int err;
2017
2018 BT_DBG("");
2019
2020 memset(&rp, 0, sizeof(rp));
2021 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2022 rp.addr.type = cp->addr.type;
2023
2024 if (!bdaddr_type_is_valid(cp->addr.type))
2025 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2026 MGMT_STATUS_INVALID_PARAMS,
2027 &rp, sizeof(rp));
2028
2029 hci_dev_lock(hdev);
2030
2031 if (!hdev_is_powered(hdev)) {
2032 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2033 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2034 goto unlock;
2035 }
2036
2037 sec_level = BT_SECURITY_MEDIUM;
2038 if (cp->io_cap == 0x03)
2039 auth_type = HCI_AT_DEDICATED_BONDING;
2040 else
2041 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2042
2043 if (cp->addr.type == BDADDR_BREDR)
2044 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2045 cp->addr.type, sec_level, auth_type);
2046 else
2047 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2048 cp->addr.type, sec_level, auth_type);
2049
2050 if (IS_ERR(conn)) {
2051 int status;
2052
2053 if (PTR_ERR(conn) == -EBUSY)
2054 status = MGMT_STATUS_BUSY;
2055 else
2056 status = MGMT_STATUS_CONNECT_FAILED;
2057
2058 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2059 status, &rp,
2060 sizeof(rp));
2061 goto unlock;
2062 }
2063
2064 if (conn->connect_cfm_cb) {
2065 hci_conn_put(conn);
2066 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2067 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2068 goto unlock;
2069 }
2070
2071 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2072 if (!cmd) {
2073 err = -ENOMEM;
2074 hci_conn_put(conn);
2075 goto unlock;
2076 }
2077
2078 /* For LE, just connecting isn't a proof that the pairing finished */
2079 if (cp->addr.type == BDADDR_BREDR)
2080 conn->connect_cfm_cb = pairing_complete_cb;
2081 else
2082 conn->connect_cfm_cb = le_connect_complete_cb;
2083
2084 conn->security_cfm_cb = pairing_complete_cb;
2085 conn->disconn_cfm_cb = pairing_complete_cb;
2086 conn->io_capability = cp->io_cap;
2087 cmd->user_data = conn;
2088
2089 if (conn->state == BT_CONNECTED &&
2090 hci_conn_security(conn, sec_level, auth_type))
2091 pairing_complete(cmd, 0);
2092
2093 err = 0;
2094
2095 unlock:
2096 hci_dev_unlock(hdev);
2097 return err;
2098 }
2099
2100 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2101 u16 len)
2102 {
2103 struct mgmt_addr_info *addr = data;
2104 struct pending_cmd *cmd;
2105 struct hci_conn *conn;
2106 int err;
2107
2108 BT_DBG("");
2109
2110 hci_dev_lock(hdev);
2111
2112 if (!hdev_is_powered(hdev)) {
2113 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2114 MGMT_STATUS_NOT_POWERED);
2115 goto unlock;
2116 }
2117
2118 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2119 if (!cmd) {
2120 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2121 MGMT_STATUS_INVALID_PARAMS);
2122 goto unlock;
2123 }
2124
2125 conn = cmd->user_data;
2126
2127 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2128 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2129 MGMT_STATUS_INVALID_PARAMS);
2130 goto unlock;
2131 }
2132
2133 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2134
2135 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2136 addr, sizeof(*addr));
2137 unlock:
2138 hci_dev_unlock(hdev);
2139 return err;
2140 }
2141
2142 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2143 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2144 u16 hci_op, __le32 passkey)
2145 {
2146 struct pending_cmd *cmd;
2147 struct hci_conn *conn;
2148 int err;
2149
2150 hci_dev_lock(hdev);
2151
2152 if (!hdev_is_powered(hdev)) {
2153 err = cmd_status(sk, hdev->id, mgmt_op,
2154 MGMT_STATUS_NOT_POWERED);
2155 goto done;
2156 }
2157
2158 if (type == BDADDR_BREDR)
2159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2160 else
2161 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2162
2163 if (!conn) {
2164 err = cmd_status(sk, hdev->id, mgmt_op,
2165 MGMT_STATUS_NOT_CONNECTED);
2166 goto done;
2167 }
2168
2169 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2170 /* Continue with pairing via SMP */
2171 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2172
2173 if (!err)
2174 err = cmd_status(sk, hdev->id, mgmt_op,
2175 MGMT_STATUS_SUCCESS);
2176 else
2177 err = cmd_status(sk, hdev->id, mgmt_op,
2178 MGMT_STATUS_FAILED);
2179
2180 goto done;
2181 }
2182
2183 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2184 if (!cmd) {
2185 err = -ENOMEM;
2186 goto done;
2187 }
2188
2189 /* Continue with pairing via HCI */
2190 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2191 struct hci_cp_user_passkey_reply cp;
2192
2193 bacpy(&cp.bdaddr, bdaddr);
2194 cp.passkey = passkey;
2195 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2196 } else
2197 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2198
2199 if (err < 0)
2200 mgmt_pending_remove(cmd);
2201
2202 done:
2203 hci_dev_unlock(hdev);
2204 return err;
2205 }
2206
2207 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2208 void *data, u16 len)
2209 {
2210 struct mgmt_cp_pin_code_neg_reply *cp = data;
2211
2212 BT_DBG("");
2213
2214 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2215 MGMT_OP_PIN_CODE_NEG_REPLY,
2216 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2217 }
2218
2219 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2220 u16 len)
2221 {
2222 struct mgmt_cp_user_confirm_reply *cp = data;
2223
2224 BT_DBG("");
2225
2226 if (len != sizeof(*cp))
2227 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2228 MGMT_STATUS_INVALID_PARAMS);
2229
2230 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2231 MGMT_OP_USER_CONFIRM_REPLY,
2232 HCI_OP_USER_CONFIRM_REPLY, 0);
2233 }
2234
2235 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2236 void *data, u16 len)
2237 {
2238 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2239
2240 BT_DBG("");
2241
2242 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2243 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2244 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2245 }
2246
2247 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2248 u16 len)
2249 {
2250 struct mgmt_cp_user_passkey_reply *cp = data;
2251
2252 BT_DBG("");
2253
2254 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2255 MGMT_OP_USER_PASSKEY_REPLY,
2256 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2257 }
2258
2259 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2260 void *data, u16 len)
2261 {
2262 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2263
2264 BT_DBG("");
2265
2266 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2267 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2268 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2269 }
2270
2271 static int update_name(struct hci_dev *hdev, const char *name)
2272 {
2273 struct hci_cp_write_local_name cp;
2274
2275 memcpy(cp.name, name, sizeof(cp.name));
2276
2277 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2278 }
2279
2280 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2281 u16 len)
2282 {
2283 struct mgmt_cp_set_local_name *cp = data;
2284 struct pending_cmd *cmd;
2285 int err;
2286
2287 BT_DBG("");
2288
2289 hci_dev_lock(hdev);
2290
2291 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2292
2293 if (!hdev_is_powered(hdev)) {
2294 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2295
2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2297 data, len);
2298 if (err < 0)
2299 goto failed;
2300
2301 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2302 sk);
2303
2304 goto failed;
2305 }
2306
2307 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2308 if (!cmd) {
2309 err = -ENOMEM;
2310 goto failed;
2311 }
2312
2313 err = update_name(hdev, cp->name);
2314 if (err < 0)
2315 mgmt_pending_remove(cmd);
2316
2317 failed:
2318 hci_dev_unlock(hdev);
2319 return err;
2320 }
2321
2322 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2323 void *data, u16 data_len)
2324 {
2325 struct pending_cmd *cmd;
2326 int err;
2327
2328 BT_DBG("%s", hdev->name);
2329
2330 hci_dev_lock(hdev);
2331
2332 if (!hdev_is_powered(hdev)) {
2333 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2334 MGMT_STATUS_NOT_POWERED);
2335 goto unlock;
2336 }
2337
2338 if (!lmp_ssp_capable(hdev)) {
2339 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2340 MGMT_STATUS_NOT_SUPPORTED);
2341 goto unlock;
2342 }
2343
2344 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2345 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2346 MGMT_STATUS_BUSY);
2347 goto unlock;
2348 }
2349
2350 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2351 if (!cmd) {
2352 err = -ENOMEM;
2353 goto unlock;
2354 }
2355
2356 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2357 if (err < 0)
2358 mgmt_pending_remove(cmd);
2359
2360 unlock:
2361 hci_dev_unlock(hdev);
2362 return err;
2363 }
2364
2365 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2366 void *data, u16 len)
2367 {
2368 struct mgmt_cp_add_remote_oob_data *cp = data;
2369 u8 status;
2370 int err;
2371
2372 BT_DBG("%s ", hdev->name);
2373
2374 hci_dev_lock(hdev);
2375
2376 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2377 cp->randomizer);
2378 if (err < 0)
2379 status = MGMT_STATUS_FAILED;
2380 else
2381 status = MGMT_STATUS_SUCCESS;
2382
2383 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2384 &cp->addr, sizeof(cp->addr));
2385
2386 hci_dev_unlock(hdev);
2387 return err;
2388 }
2389
2390 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2391 void *data, u16 len)
2392 {
2393 struct mgmt_cp_remove_remote_oob_data *cp = data;
2394 u8 status;
2395 int err;
2396
2397 BT_DBG("%s", hdev->name);
2398
2399 hci_dev_lock(hdev);
2400
2401 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2402 if (err < 0)
2403 status = MGMT_STATUS_INVALID_PARAMS;
2404 else
2405 status = MGMT_STATUS_SUCCESS;
2406
2407 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2408 status, &cp->addr, sizeof(cp->addr));
2409
2410 hci_dev_unlock(hdev);
2411 return err;
2412 }
2413
2414 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2415 {
2416 int err;
2417
2418 BT_DBG("%s", hdev->name);
2419
2420 hci_dev_lock(hdev);
2421
2422 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2423 if (err < 0)
2424 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2425
2426 hci_dev_unlock(hdev);
2427
2428 return err;
2429 }
2430
2431 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2432 void *data, u16 len)
2433 {
2434 struct mgmt_cp_start_discovery *cp = data;
2435 struct pending_cmd *cmd;
2436 int err;
2437
2438 BT_DBG("%s", hdev->name);
2439
2440 hci_dev_lock(hdev);
2441
2442 if (!hdev_is_powered(hdev)) {
2443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2444 MGMT_STATUS_NOT_POWERED);
2445 goto failed;
2446 }
2447
2448 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2449 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2450 MGMT_STATUS_BUSY);
2451 goto failed;
2452 }
2453
2454 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2456 MGMT_STATUS_BUSY);
2457 goto failed;
2458 }
2459
2460 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2461 if (!cmd) {
2462 err = -ENOMEM;
2463 goto failed;
2464 }
2465
2466 hdev->discovery.type = cp->type;
2467
2468 switch (hdev->discovery.type) {
2469 case DISCOV_TYPE_BREDR:
2470 if (!lmp_bredr_capable(hdev)) {
2471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2472 MGMT_STATUS_NOT_SUPPORTED);
2473 mgmt_pending_remove(cmd);
2474 goto failed;
2475 }
2476
2477 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2478 break;
2479
2480 case DISCOV_TYPE_LE:
2481 if (!lmp_host_le_capable(hdev)) {
2482 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2483 MGMT_STATUS_NOT_SUPPORTED);
2484 mgmt_pending_remove(cmd);
2485 goto failed;
2486 }
2487
2488 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2489 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2490 break;
2491
2492 case DISCOV_TYPE_INTERLEAVED:
2493 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2494 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2495 MGMT_STATUS_NOT_SUPPORTED);
2496 mgmt_pending_remove(cmd);
2497 goto failed;
2498 }
2499
2500 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2501 LE_SCAN_TIMEOUT_BREDR_LE);
2502 break;
2503
2504 default:
2505 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2506 MGMT_STATUS_INVALID_PARAMS);
2507 mgmt_pending_remove(cmd);
2508 goto failed;
2509 }
2510
2511 if (err < 0)
2512 mgmt_pending_remove(cmd);
2513 else
2514 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2515
2516 failed:
2517 hci_dev_unlock(hdev);
2518 return err;
2519 }
2520
2521 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2522 u16 len)
2523 {
2524 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2525 struct pending_cmd *cmd;
2526 struct hci_cp_remote_name_req_cancel cp;
2527 struct inquiry_entry *e;
2528 int err;
2529
2530 BT_DBG("%s", hdev->name);
2531
2532 hci_dev_lock(hdev);
2533
2534 if (!hci_discovery_active(hdev)) {
2535 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2536 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2537 sizeof(mgmt_cp->type));
2538 goto unlock;
2539 }
2540
2541 if (hdev->discovery.type != mgmt_cp->type) {
2542 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2543 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2544 sizeof(mgmt_cp->type));
2545 goto unlock;
2546 }
2547
2548 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2549 if (!cmd) {
2550 err = -ENOMEM;
2551 goto unlock;
2552 }
2553
2554 switch (hdev->discovery.state) {
2555 case DISCOVERY_FINDING:
2556 if (test_bit(HCI_INQUIRY, &hdev->flags))
2557 err = hci_cancel_inquiry(hdev);
2558 else
2559 err = hci_cancel_le_scan(hdev);
2560
2561 break;
2562
2563 case DISCOVERY_RESOLVING:
2564 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2565 NAME_PENDING);
2566 if (!e) {
2567 mgmt_pending_remove(cmd);
2568 err = cmd_complete(sk, hdev->id,
2569 MGMT_OP_STOP_DISCOVERY, 0,
2570 &mgmt_cp->type,
2571 sizeof(mgmt_cp->type));
2572 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2573 goto unlock;
2574 }
2575
2576 bacpy(&cp.bdaddr, &e->data.bdaddr);
2577 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2578 sizeof(cp), &cp);
2579
2580 break;
2581
2582 default:
2583 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2584 err = -EFAULT;
2585 }
2586
2587 if (err < 0)
2588 mgmt_pending_remove(cmd);
2589 else
2590 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2591
2592 unlock:
2593 hci_dev_unlock(hdev);
2594 return err;
2595 }
2596
2597 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2598 u16 len)
2599 {
2600 struct mgmt_cp_confirm_name *cp = data;
2601 struct inquiry_entry *e;
2602 int err;
2603
2604 BT_DBG("%s", hdev->name);
2605
2606 hci_dev_lock(hdev);
2607
2608 if (!hci_discovery_active(hdev)) {
2609 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2610 MGMT_STATUS_FAILED);
2611 goto failed;
2612 }
2613
2614 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2615 if (!e) {
2616 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2617 MGMT_STATUS_INVALID_PARAMS);
2618 goto failed;
2619 }
2620
2621 if (cp->name_known) {
2622 e->name_state = NAME_KNOWN;
2623 list_del(&e->list);
2624 } else {
2625 e->name_state = NAME_NEEDED;
2626 hci_inquiry_cache_update_resolve(hdev, e);
2627 }
2628
2629 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2630 sizeof(cp->addr));
2631
2632 failed:
2633 hci_dev_unlock(hdev);
2634 return err;
2635 }
2636
2637 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2638 u16 len)
2639 {
2640 struct mgmt_cp_block_device *cp = data;
2641 u8 status;
2642 int err;
2643
2644 BT_DBG("%s", hdev->name);
2645
2646 if (!bdaddr_type_is_valid(cp->addr.type))
2647 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2648 MGMT_STATUS_INVALID_PARAMS,
2649 &cp->addr, sizeof(cp->addr));
2650
2651 hci_dev_lock(hdev);
2652
2653 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2654 if (err < 0)
2655 status = MGMT_STATUS_FAILED;
2656 else
2657 status = MGMT_STATUS_SUCCESS;
2658
2659 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2660 &cp->addr, sizeof(cp->addr));
2661
2662 hci_dev_unlock(hdev);
2663
2664 return err;
2665 }
2666
2667 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2668 u16 len)
2669 {
2670 struct mgmt_cp_unblock_device *cp = data;
2671 u8 status;
2672 int err;
2673
2674 BT_DBG("%s", hdev->name);
2675
2676 if (!bdaddr_type_is_valid(cp->addr.type))
2677 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2678 MGMT_STATUS_INVALID_PARAMS,
2679 &cp->addr, sizeof(cp->addr));
2680
2681 hci_dev_lock(hdev);
2682
2683 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2684 if (err < 0)
2685 status = MGMT_STATUS_INVALID_PARAMS;
2686 else
2687 status = MGMT_STATUS_SUCCESS;
2688
2689 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2690 &cp->addr, sizeof(cp->addr));
2691
2692 hci_dev_unlock(hdev);
2693
2694 return err;
2695 }
2696
2697 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2698 u16 len)
2699 {
2700 struct mgmt_cp_set_device_id *cp = data;
2701 int err;
2702 __u16 source;
2703
2704 BT_DBG("%s", hdev->name);
2705
2706 source = __le16_to_cpu(cp->source);
2707
2708 if (source > 0x0002)
2709 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2710 MGMT_STATUS_INVALID_PARAMS);
2711
2712 hci_dev_lock(hdev);
2713
2714 hdev->devid_source = source;
2715 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2716 hdev->devid_product = __le16_to_cpu(cp->product);
2717 hdev->devid_version = __le16_to_cpu(cp->version);
2718
2719 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2720
2721 update_eir(hdev);
2722
2723 hci_dev_unlock(hdev);
2724
2725 return err;
2726 }
2727
2728 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2729 void *data, u16 len)
2730 {
2731 struct mgmt_mode *cp = data;
2732 struct hci_cp_write_page_scan_activity acp;
2733 u8 type;
2734 int err;
2735
2736 BT_DBG("%s", hdev->name);
2737
2738 if (!lmp_bredr_capable(hdev))
2739 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2740 MGMT_STATUS_NOT_SUPPORTED);
2741
2742 if (cp->val != 0x00 && cp->val != 0x01)
2743 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2744 MGMT_STATUS_INVALID_PARAMS);
2745
2746 if (!hdev_is_powered(hdev))
2747 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2748 MGMT_STATUS_NOT_POWERED);
2749
2750 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2751 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2752 MGMT_STATUS_REJECTED);
2753
2754 hci_dev_lock(hdev);
2755
2756 if (cp->val) {
2757 type = PAGE_SCAN_TYPE_INTERLACED;
2758
2759 /* 160 msec page scan interval */
2760 acp.interval = __constant_cpu_to_le16(0x0100);
2761 } else {
2762 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2763
2764 /* default 1.28 sec page scan */
2765 acp.interval = __constant_cpu_to_le16(0x0800);
2766 }
2767
2768 /* default 11.25 msec page scan window */
2769 acp.window = __constant_cpu_to_le16(0x0012);
2770
2771 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2772 &acp);
2773 if (err < 0) {
2774 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2775 MGMT_STATUS_FAILED);
2776 goto done;
2777 }
2778
2779 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2780 if (err < 0) {
2781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2782 MGMT_STATUS_FAILED);
2783 goto done;
2784 }
2785
2786 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2787 NULL, 0);
2788 done:
2789 hci_dev_unlock(hdev);
2790 return err;
2791 }
2792
2793 static bool ltk_is_valid(struct mgmt_ltk_info *key)
2794 {
2795 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2796 return false;
2797 if (key->master != 0x00 && key->master != 0x01)
2798 return false;
2799 if (!bdaddr_type_is_le(key->addr.type))
2800 return false;
2801 return true;
2802 }
2803
2804 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2805 void *cp_data, u16 len)
2806 {
2807 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2808 u16 key_count, expected_len;
2809 int i, err;
2810
2811 key_count = __le16_to_cpu(cp->key_count);
2812
2813 expected_len = sizeof(*cp) + key_count *
2814 sizeof(struct mgmt_ltk_info);
2815 if (expected_len != len) {
2816 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2817 len, expected_len);
2818 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2819 MGMT_STATUS_INVALID_PARAMS);
2820 }
2821
2822 BT_DBG("%s key_count %u", hdev->name, key_count);
2823
2824 for (i = 0; i < key_count; i++) {
2825 struct mgmt_ltk_info *key = &cp->keys[i];
2826
2827 if (!ltk_is_valid(key))
2828 return cmd_status(sk, hdev->id,
2829 MGMT_OP_LOAD_LONG_TERM_KEYS,
2830 MGMT_STATUS_INVALID_PARAMS);
2831 }
2832
2833 hci_dev_lock(hdev);
2834
2835 hci_smp_ltks_clear(hdev);
2836
2837 for (i = 0; i < key_count; i++) {
2838 struct mgmt_ltk_info *key = &cp->keys[i];
2839 u8 type;
2840
2841 if (key->master)
2842 type = HCI_SMP_LTK;
2843 else
2844 type = HCI_SMP_LTK_SLAVE;
2845
2846 hci_add_ltk(hdev, &key->addr.bdaddr,
2847 bdaddr_to_le(key->addr.type),
2848 type, 0, key->authenticated, key->val,
2849 key->enc_size, key->ediv, key->rand);
2850 }
2851
2852 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2853 NULL, 0);
2854
2855 hci_dev_unlock(hdev);
2856
2857 return err;
2858 }
2859
2860 static const struct mgmt_handler {
2861 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2862 u16 data_len);
2863 bool var_len;
2864 size_t data_len;
2865 } mgmt_handlers[] = {
2866 { NULL }, /* 0x0000 (no command) */
2867 { read_version, false, MGMT_READ_VERSION_SIZE },
2868 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2869 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2870 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2871 { set_powered, false, MGMT_SETTING_SIZE },
2872 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2873 { set_connectable, false, MGMT_SETTING_SIZE },
2874 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2875 { set_pairable, false, MGMT_SETTING_SIZE },
2876 { set_link_security, false, MGMT_SETTING_SIZE },
2877 { set_ssp, false, MGMT_SETTING_SIZE },
2878 { set_hs, false, MGMT_SETTING_SIZE },
2879 { set_le, false, MGMT_SETTING_SIZE },
2880 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2881 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2882 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2883 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2884 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2885 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2886 { disconnect, false, MGMT_DISCONNECT_SIZE },
2887 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2888 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2889 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2890 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2891 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2892 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2893 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2894 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2895 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2896 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2897 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2898 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2899 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2900 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2901 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2902 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2903 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2904 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2905 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2906 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2907 };
2908
2909
2910 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2911 {
2912 void *buf;
2913 u8 *cp;
2914 struct mgmt_hdr *hdr;
2915 u16 opcode, index, len;
2916 struct hci_dev *hdev = NULL;
2917 const struct mgmt_handler *handler;
2918 int err;
2919
2920 BT_DBG("got %zu bytes", msglen);
2921
2922 if (msglen < sizeof(*hdr))
2923 return -EINVAL;
2924
2925 buf = kmalloc(msglen, GFP_KERNEL);
2926 if (!buf)
2927 return -ENOMEM;
2928
2929 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2930 err = -EFAULT;
2931 goto done;
2932 }
2933
2934 hdr = buf;
2935 opcode = __le16_to_cpu(hdr->opcode);
2936 index = __le16_to_cpu(hdr->index);
2937 len = __le16_to_cpu(hdr->len);
2938
2939 if (len != msglen - sizeof(*hdr)) {
2940 err = -EINVAL;
2941 goto done;
2942 }
2943
2944 if (index != MGMT_INDEX_NONE) {
2945 hdev = hci_dev_get(index);
2946 if (!hdev) {
2947 err = cmd_status(sk, index, opcode,
2948 MGMT_STATUS_INVALID_INDEX);
2949 goto done;
2950 }
2951 }
2952
2953 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2954 mgmt_handlers[opcode].func == NULL) {
2955 BT_DBG("Unknown op %u", opcode);
2956 err = cmd_status(sk, index, opcode,
2957 MGMT_STATUS_UNKNOWN_COMMAND);
2958 goto done;
2959 }
2960
2961 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2962 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2963 err = cmd_status(sk, index, opcode,
2964 MGMT_STATUS_INVALID_INDEX);
2965 goto done;
2966 }
2967
2968 handler = &mgmt_handlers[opcode];
2969
2970 if ((handler->var_len && len < handler->data_len) ||
2971 (!handler->var_len && len != handler->data_len)) {
2972 err = cmd_status(sk, index, opcode,
2973 MGMT_STATUS_INVALID_PARAMS);
2974 goto done;
2975 }
2976
2977 if (hdev)
2978 mgmt_init_hdev(sk, hdev);
2979
2980 cp = buf + sizeof(*hdr);
2981
2982 err = handler->func(sk, hdev, cp, len);
2983 if (err < 0)
2984 goto done;
2985
2986 err = msglen;
2987
2988 done:
2989 if (hdev)
2990 hci_dev_put(hdev);
2991
2992 kfree(buf);
2993 return err;
2994 }
2995
2996 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2997 {
2998 u8 *status = data;
2999
3000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3001 mgmt_pending_remove(cmd);
3002 }
3003
3004 int mgmt_index_added(struct hci_dev *hdev)
3005 {
3006 if (!mgmt_valid_hdev(hdev))
3007 return -ENOTSUPP;
3008
3009 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3010 }
3011
3012 int mgmt_index_removed(struct hci_dev *hdev)
3013 {
3014 u8 status = MGMT_STATUS_INVALID_INDEX;
3015
3016 if (!mgmt_valid_hdev(hdev))
3017 return -ENOTSUPP;
3018
3019 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3020
3021 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3022 }
3023
3024 struct cmd_lookup {
3025 struct sock *sk;
3026 struct hci_dev *hdev;
3027 u8 mgmt_status;
3028 };
3029
3030 static void settings_rsp(struct pending_cmd *cmd, void *data)
3031 {
3032 struct cmd_lookup *match = data;
3033
3034 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
3035
3036 list_del(&cmd->list);
3037
3038 if (match->sk == NULL) {
3039 match->sk = cmd->sk;
3040 sock_hold(match->sk);
3041 }
3042
3043 mgmt_pending_free(cmd);
3044 }
3045
3046 static int set_bredr_scan(struct hci_dev *hdev)
3047 {
3048 u8 scan = 0;
3049
3050 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3051 scan |= SCAN_PAGE;
3052 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3053 scan |= SCAN_INQUIRY;
3054
3055 if (!scan)
3056 return 0;
3057
3058 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3059 }
3060
3061 int mgmt_powered(struct hci_dev *hdev, u8 powered)
3062 {
3063 struct cmd_lookup match = { NULL, hdev };
3064 int err;
3065
3066 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3067 return 0;
3068
3069 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3070
3071 if (powered) {
3072 u8 link_sec;
3073
3074 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3075 !lmp_host_ssp_capable(hdev)) {
3076 u8 ssp = 1;
3077
3078 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3079 }
3080
3081 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3082 struct hci_cp_write_le_host_supported cp;
3083
3084 cp.le = 1;
3085 cp.simul = lmp_le_br_capable(hdev);
3086
3087 /* Check first if we already have the right
3088 * host state (host features set)
3089 */
3090 if (cp.le != lmp_host_le_capable(hdev) ||
3091 cp.simul != lmp_host_le_br_capable(hdev))
3092 hci_send_cmd(hdev,
3093 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3094 sizeof(cp), &cp);
3095 }
3096
3097 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3098 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3099 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
3100 sizeof(link_sec), &link_sec);
3101
3102 if (lmp_bredr_capable(hdev)) {
3103 set_bredr_scan(hdev);
3104 update_class(hdev);
3105 update_name(hdev, hdev->dev_name);
3106 update_eir(hdev);
3107 }
3108 } else {
3109 u8 status = MGMT_STATUS_NOT_POWERED;
3110 u8 zero_cod[] = { 0, 0, 0 };
3111
3112 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3113
3114 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3115 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3116 zero_cod, sizeof(zero_cod), NULL);
3117 }
3118
3119 err = new_settings(hdev, match.sk);
3120
3121 if (match.sk)
3122 sock_put(match.sk);
3123
3124 return err;
3125 }
3126
3127 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3128 {
3129 struct cmd_lookup match = { NULL, hdev };
3130 bool changed = false;
3131 int err = 0;
3132
3133 if (discoverable) {
3134 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3135 changed = true;
3136 } else {
3137 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3138 changed = true;
3139 }
3140
3141 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3142 &match);
3143
3144 if (changed)
3145 err = new_settings(hdev, match.sk);
3146
3147 if (match.sk)
3148 sock_put(match.sk);
3149
3150 return err;
3151 }
3152
3153 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3154 {
3155 struct cmd_lookup match = { NULL, hdev };
3156 bool changed = false;
3157 int err = 0;
3158
3159 if (connectable) {
3160 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3161 changed = true;
3162 } else {
3163 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3164 changed = true;
3165 }
3166
3167 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3168 &match);
3169
3170 if (changed)
3171 err = new_settings(hdev, match.sk);
3172
3173 if (match.sk)
3174 sock_put(match.sk);
3175
3176 return err;
3177 }
3178
3179 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3180 {
3181 u8 mgmt_err = mgmt_status(status);
3182
3183 if (scan & SCAN_PAGE)
3184 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3185 cmd_status_rsp, &mgmt_err);
3186
3187 if (scan & SCAN_INQUIRY)
3188 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3189 cmd_status_rsp, &mgmt_err);
3190
3191 return 0;
3192 }
3193
3194 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3195 bool persistent)
3196 {
3197 struct mgmt_ev_new_link_key ev;
3198
3199 memset(&ev, 0, sizeof(ev));
3200
3201 ev.store_hint = persistent;
3202 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3203 ev.key.addr.type = BDADDR_BREDR;
3204 ev.key.type = key->type;
3205 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3206 ev.key.pin_len = key->pin_len;
3207
3208 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3209 }
3210
3211 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3212 {
3213 struct mgmt_ev_new_long_term_key ev;
3214
3215 memset(&ev, 0, sizeof(ev));
3216
3217 ev.store_hint = persistent;
3218 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3219 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3220 ev.key.authenticated = key->authenticated;
3221 ev.key.enc_size = key->enc_size;
3222 ev.key.ediv = key->ediv;
3223
3224 if (key->type == HCI_SMP_LTK)
3225 ev.key.master = 1;
3226
3227 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3228 memcpy(ev.key.val, key->val, sizeof(key->val));
3229
3230 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3231 NULL);
3232 }
3233
3234 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3235 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3236 u8 *dev_class)
3237 {
3238 char buf[512];
3239 struct mgmt_ev_device_connected *ev = (void *) buf;
3240 u16 eir_len = 0;
3241
3242 bacpy(&ev->addr.bdaddr, bdaddr);
3243 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3244
3245 ev->flags = __cpu_to_le32(flags);
3246
3247 if (name_len > 0)
3248 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3249 name, name_len);
3250
3251 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3252 eir_len = eir_append_data(ev->eir, eir_len,
3253 EIR_CLASS_OF_DEV, dev_class, 3);
3254
3255 ev->eir_len = cpu_to_le16(eir_len);
3256
3257 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3258 sizeof(*ev) + eir_len, NULL);
3259 }
3260
3261 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3262 {
3263 struct mgmt_cp_disconnect *cp = cmd->param;
3264 struct sock **sk = data;
3265 struct mgmt_rp_disconnect rp;
3266
3267 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3268 rp.addr.type = cp->addr.type;
3269
3270 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3271 sizeof(rp));
3272
3273 *sk = cmd->sk;
3274 sock_hold(*sk);
3275
3276 mgmt_pending_remove(cmd);
3277 }
3278
3279 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3280 {
3281 struct hci_dev *hdev = data;
3282 struct mgmt_cp_unpair_device *cp = cmd->param;
3283 struct mgmt_rp_unpair_device rp;
3284
3285 memset(&rp, 0, sizeof(rp));
3286 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3287 rp.addr.type = cp->addr.type;
3288
3289 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3290
3291 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3292
3293 mgmt_pending_remove(cmd);
3294 }
3295
3296 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3297 u8 link_type, u8 addr_type, u8 reason)
3298 {
3299 struct mgmt_ev_device_disconnected ev;
3300 struct sock *sk = NULL;
3301 int err;
3302
3303 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3304
3305 bacpy(&ev.addr.bdaddr, bdaddr);
3306 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3307 ev.reason = reason;
3308
3309 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3310 sk);
3311
3312 if (sk)
3313 sock_put(sk);
3314
3315 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3316 hdev);
3317
3318 return err;
3319 }
3320
3321 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3322 u8 link_type, u8 addr_type, u8 status)
3323 {
3324 struct mgmt_rp_disconnect rp;
3325 struct pending_cmd *cmd;
3326 int err;
3327
3328 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3329 hdev);
3330
3331 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3332 if (!cmd)
3333 return -ENOENT;
3334
3335 bacpy(&rp.addr.bdaddr, bdaddr);
3336 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3337
3338 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3339 mgmt_status(status), &rp, sizeof(rp));
3340
3341 mgmt_pending_remove(cmd);
3342
3343 return err;
3344 }
3345
3346 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3347 u8 addr_type, u8 status)
3348 {
3349 struct mgmt_ev_connect_failed ev;
3350
3351 bacpy(&ev.addr.bdaddr, bdaddr);
3352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3353 ev.status = mgmt_status(status);
3354
3355 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3356 }
3357
3358 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3359 {
3360 struct mgmt_ev_pin_code_request ev;
3361
3362 bacpy(&ev.addr.bdaddr, bdaddr);
3363 ev.addr.type = BDADDR_BREDR;
3364 ev.secure = secure;
3365
3366 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3367 NULL);
3368 }
3369
3370 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3371 u8 status)
3372 {
3373 struct pending_cmd *cmd;
3374 struct mgmt_rp_pin_code_reply rp;
3375 int err;
3376
3377 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3378 if (!cmd)
3379 return -ENOENT;
3380
3381 bacpy(&rp.addr.bdaddr, bdaddr);
3382 rp.addr.type = BDADDR_BREDR;
3383
3384 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3385 mgmt_status(status), &rp, sizeof(rp));
3386
3387 mgmt_pending_remove(cmd);
3388
3389 return err;
3390 }
3391
3392 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3393 u8 status)
3394 {
3395 struct pending_cmd *cmd;
3396 struct mgmt_rp_pin_code_reply rp;
3397 int err;
3398
3399 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3400 if (!cmd)
3401 return -ENOENT;
3402
3403 bacpy(&rp.addr.bdaddr, bdaddr);
3404 rp.addr.type = BDADDR_BREDR;
3405
3406 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3407 mgmt_status(status), &rp, sizeof(rp));
3408
3409 mgmt_pending_remove(cmd);
3410
3411 return err;
3412 }
3413
3414 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3415 u8 link_type, u8 addr_type, __le32 value,
3416 u8 confirm_hint)
3417 {
3418 struct mgmt_ev_user_confirm_request ev;
3419
3420 BT_DBG("%s", hdev->name);
3421
3422 bacpy(&ev.addr.bdaddr, bdaddr);
3423 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3424 ev.confirm_hint = confirm_hint;
3425 ev.value = value;
3426
3427 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3428 NULL);
3429 }
3430
3431 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3432 u8 link_type, u8 addr_type)
3433 {
3434 struct mgmt_ev_user_passkey_request ev;
3435
3436 BT_DBG("%s", hdev->name);
3437
3438 bacpy(&ev.addr.bdaddr, bdaddr);
3439 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3440
3441 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3442 NULL);
3443 }
3444
3445 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3446 u8 link_type, u8 addr_type, u8 status,
3447 u8 opcode)
3448 {
3449 struct pending_cmd *cmd;
3450 struct mgmt_rp_user_confirm_reply rp;
3451 int err;
3452
3453 cmd = mgmt_pending_find(opcode, hdev);
3454 if (!cmd)
3455 return -ENOENT;
3456
3457 bacpy(&rp.addr.bdaddr, bdaddr);
3458 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3459 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3460 &rp, sizeof(rp));
3461
3462 mgmt_pending_remove(cmd);
3463
3464 return err;
3465 }
3466
3467 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3468 u8 link_type, u8 addr_type, u8 status)
3469 {
3470 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3471 status, MGMT_OP_USER_CONFIRM_REPLY);
3472 }
3473
3474 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3475 u8 link_type, u8 addr_type, u8 status)
3476 {
3477 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3478 status,
3479 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3480 }
3481
3482 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3483 u8 link_type, u8 addr_type, u8 status)
3484 {
3485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3486 status, MGMT_OP_USER_PASSKEY_REPLY);
3487 }
3488
3489 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3490 u8 link_type, u8 addr_type, u8 status)
3491 {
3492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3493 status,
3494 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3495 }
3496
3497 int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3498 u8 link_type, u8 addr_type, u32 passkey,
3499 u8 entered)
3500 {
3501 struct mgmt_ev_passkey_notify ev;
3502
3503 BT_DBG("%s", hdev->name);
3504
3505 bacpy(&ev.addr.bdaddr, bdaddr);
3506 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3507 ev.passkey = __cpu_to_le32(passkey);
3508 ev.entered = entered;
3509
3510 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3511 }
3512
3513 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3514 u8 addr_type, u8 status)
3515 {
3516 struct mgmt_ev_auth_failed ev;
3517
3518 bacpy(&ev.addr.bdaddr, bdaddr);
3519 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3520 ev.status = mgmt_status(status);
3521
3522 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3523 }
3524
3525 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3526 {
3527 struct cmd_lookup match = { NULL, hdev };
3528 bool changed = false;
3529 int err = 0;
3530
3531 if (status) {
3532 u8 mgmt_err = mgmt_status(status);
3533 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3534 cmd_status_rsp, &mgmt_err);
3535 return 0;
3536 }
3537
3538 if (test_bit(HCI_AUTH, &hdev->flags)) {
3539 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3540 changed = true;
3541 } else {
3542 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3543 changed = true;
3544 }
3545
3546 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3547 &match);
3548
3549 if (changed)
3550 err = new_settings(hdev, match.sk);
3551
3552 if (match.sk)
3553 sock_put(match.sk);
3554
3555 return err;
3556 }
3557
3558 static int clear_eir(struct hci_dev *hdev)
3559 {
3560 struct hci_cp_write_eir cp;
3561
3562 if (!lmp_ext_inq_capable(hdev))
3563 return 0;
3564
3565 memset(hdev->eir, 0, sizeof(hdev->eir));
3566
3567 memset(&cp, 0, sizeof(cp));
3568
3569 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3570 }
3571
3572 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3573 {
3574 struct cmd_lookup match = { NULL, hdev };
3575 bool changed = false;
3576 int err = 0;
3577
3578 if (status) {
3579 u8 mgmt_err = mgmt_status(status);
3580
3581 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3582 &hdev->dev_flags))
3583 err = new_settings(hdev, NULL);
3584
3585 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3586 &mgmt_err);
3587
3588 return err;
3589 }
3590
3591 if (enable) {
3592 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3593 changed = true;
3594 } else {
3595 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3596 changed = true;
3597 }
3598
3599 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3600
3601 if (changed)
3602 err = new_settings(hdev, match.sk);
3603
3604 if (match.sk)
3605 sock_put(match.sk);
3606
3607 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3608 update_eir(hdev);
3609 else
3610 clear_eir(hdev);
3611
3612 return err;
3613 }
3614
3615 static void class_rsp(struct pending_cmd *cmd, void *data)
3616 {
3617 struct cmd_lookup *match = data;
3618
3619 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3620 match->hdev->dev_class, 3);
3621
3622 list_del(&cmd->list);
3623
3624 if (match->sk == NULL) {
3625 match->sk = cmd->sk;
3626 sock_hold(match->sk);
3627 }
3628
3629 mgmt_pending_free(cmd);
3630 }
3631
3632 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3633 u8 status)
3634 {
3635 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3636 int err = 0;
3637
3638 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3639
3640 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3641 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3642 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3643
3644 if (!status)
3645 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3646 3, NULL);
3647
3648 if (match.sk)
3649 sock_put(match.sk);
3650
3651 return err;
3652 }
3653
3654 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3655 {
3656 struct pending_cmd *cmd;
3657 struct mgmt_cp_set_local_name ev;
3658 bool changed = false;
3659 int err = 0;
3660
3661 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3662 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3663 changed = true;
3664 }
3665
3666 memset(&ev, 0, sizeof(ev));
3667 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3668 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3669
3670 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3671 if (!cmd)
3672 goto send_event;
3673
3674 /* Always assume that either the short or the complete name has
3675 * changed if there was a pending mgmt command */
3676 changed = true;
3677
3678 if (status) {
3679 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3680 mgmt_status(status));
3681 goto failed;
3682 }
3683
3684 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3685 sizeof(ev));
3686 if (err < 0)
3687 goto failed;
3688
3689 send_event:
3690 if (changed)
3691 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3692 sizeof(ev), cmd ? cmd->sk : NULL);
3693
3694 /* EIR is taken care of separately when powering on the
3695 * adapter so only update them here if this is a name change
3696 * unrelated to power on.
3697 */
3698 if (!test_bit(HCI_INIT, &hdev->flags))
3699 update_eir(hdev);
3700
3701 failed:
3702 if (cmd)
3703 mgmt_pending_remove(cmd);
3704 return err;
3705 }
3706
3707 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3708 u8 *randomizer, u8 status)
3709 {
3710 struct pending_cmd *cmd;
3711 int err;
3712
3713 BT_DBG("%s status %u", hdev->name, status);
3714
3715 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3716 if (!cmd)
3717 return -ENOENT;
3718
3719 if (status) {
3720 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3721 mgmt_status(status));
3722 } else {
3723 struct mgmt_rp_read_local_oob_data rp;
3724
3725 memcpy(rp.hash, hash, sizeof(rp.hash));
3726 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3727
3728 err = cmd_complete(cmd->sk, hdev->id,
3729 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3730 sizeof(rp));
3731 }
3732
3733 mgmt_pending_remove(cmd);
3734
3735 return err;
3736 }
3737
3738 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3739 {
3740 struct cmd_lookup match = { NULL, hdev };
3741 bool changed = false;
3742 int err = 0;
3743
3744 if (status) {
3745 u8 mgmt_err = mgmt_status(status);
3746
3747 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3748 &hdev->dev_flags))
3749 err = new_settings(hdev, NULL);
3750
3751 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3752 &mgmt_err);
3753
3754 return err;
3755 }
3756
3757 if (enable) {
3758 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3759 changed = true;
3760 } else {
3761 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3762 changed = true;
3763 }
3764
3765 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3766
3767 if (changed)
3768 err = new_settings(hdev, match.sk);
3769
3770 if (match.sk)
3771 sock_put(match.sk);
3772
3773 return err;
3774 }
3775
3776 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3777 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3778 ssp, u8 *eir, u16 eir_len)
3779 {
3780 char buf[512];
3781 struct mgmt_ev_device_found *ev = (void *) buf;
3782 size_t ev_size;
3783
3784 /* Leave 5 bytes for a potential CoD field */
3785 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3786 return -EINVAL;
3787
3788 memset(buf, 0, sizeof(buf));
3789
3790 bacpy(&ev->addr.bdaddr, bdaddr);
3791 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3792 ev->rssi = rssi;
3793 if (cfm_name)
3794 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3795 if (!ssp)
3796 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3797
3798 if (eir_len > 0)
3799 memcpy(ev->eir, eir, eir_len);
3800
3801 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3802 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3803 dev_class, 3);
3804
3805 ev->eir_len = cpu_to_le16(eir_len);
3806 ev_size = sizeof(*ev) + eir_len;
3807
3808 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3809 }
3810
3811 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3812 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3813 {
3814 struct mgmt_ev_device_found *ev;
3815 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3816 u16 eir_len;
3817
3818 ev = (struct mgmt_ev_device_found *) buf;
3819
3820 memset(buf, 0, sizeof(buf));
3821
3822 bacpy(&ev->addr.bdaddr, bdaddr);
3823 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3824 ev->rssi = rssi;
3825
3826 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3827 name_len);
3828
3829 ev->eir_len = cpu_to_le16(eir_len);
3830
3831 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3832 sizeof(*ev) + eir_len, NULL);
3833 }
3834
3835 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3836 {
3837 struct pending_cmd *cmd;
3838 u8 type;
3839 int err;
3840
3841 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3842
3843 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3844 if (!cmd)
3845 return -ENOENT;
3846
3847 type = hdev->discovery.type;
3848
3849 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3850 &type, sizeof(type));
3851 mgmt_pending_remove(cmd);
3852
3853 return err;
3854 }
3855
3856 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3857 {
3858 struct pending_cmd *cmd;
3859 int err;
3860
3861 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3862 if (!cmd)
3863 return -ENOENT;
3864
3865 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3866 &hdev->discovery.type, sizeof(hdev->discovery.type));
3867 mgmt_pending_remove(cmd);
3868
3869 return err;
3870 }
3871
3872 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3873 {
3874 struct mgmt_ev_discovering ev;
3875 struct pending_cmd *cmd;
3876
3877 BT_DBG("%s discovering %u", hdev->name, discovering);
3878
3879 if (discovering)
3880 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3881 else
3882 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3883
3884 if (cmd != NULL) {
3885 u8 type = hdev->discovery.type;
3886
3887 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3888 sizeof(type));
3889 mgmt_pending_remove(cmd);
3890 }
3891
3892 memset(&ev, 0, sizeof(ev));
3893 ev.type = hdev->discovery.type;
3894 ev.discovering = discovering;
3895
3896 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3897 }
3898
3899 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3900 {
3901 struct pending_cmd *cmd;
3902 struct mgmt_ev_device_blocked ev;
3903
3904 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3905
3906 bacpy(&ev.addr.bdaddr, bdaddr);
3907 ev.addr.type = type;
3908
3909 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3910 cmd ? cmd->sk : NULL);
3911 }
3912
3913 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3914 {
3915 struct pending_cmd *cmd;
3916 struct mgmt_ev_device_unblocked ev;
3917
3918 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3919
3920 bacpy(&ev.addr.bdaddr, bdaddr);
3921 ev.addr.type = type;
3922
3923 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3924 cmd ? cmd->sk : NULL);
3925 }
3926
3927 module_param(enable_hs, bool, 0644);
3928 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
kernel source for telekom puls (alcatel/mediatek)