projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: mgmt: Add support for Set SSP command
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 /* Bluetooth HCI Management interface */
24
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/module.h>
28 #include <asm/unaligned.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/mgmt.h>
33 #include <net/bluetooth/smp.h>
34
35 #define MGMT_VERSION 0
36 #define MGMT_REVISION 1
37
38 static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
76 };
77
78 static const u16 mgmt_events[] = {
79 MGMT_EV_CONTROLLER_ERROR,
80 MGMT_EV_INDEX_ADDED,
81 MGMT_EV_INDEX_REMOVED,
82 MGMT_EV_NEW_SETTINGS,
83 MGMT_EV_CLASS_OF_DEV_CHANGED,
84 MGMT_EV_LOCAL_NAME_CHANGED,
85 MGMT_EV_NEW_LINK_KEY,
86 MGMT_EV_NEW_LONG_TERM_KEY,
87 MGMT_EV_DEVICE_CONNECTED,
88 MGMT_EV_DEVICE_DISCONNECTED,
89 MGMT_EV_CONNECT_FAILED,
90 MGMT_EV_PIN_CODE_REQUEST,
91 MGMT_EV_USER_CONFIRM_REQUEST,
92 MGMT_EV_USER_PASSKEY_REQUEST,
93 MGMT_EV_AUTH_FAILED,
94 MGMT_EV_DEVICE_FOUND,
95 MGMT_EV_DISCOVERING,
96 MGMT_EV_DEVICE_BLOCKED,
97 MGMT_EV_DEVICE_UNBLOCKED,
98 MGMT_EV_DEVICE_UNPAIRED,
99 };
100
101 /*
102 * These LE scan and inquiry parameters were chosen according to LE General
103 * Discovery Procedure specification.
104 */
105 #define LE_SCAN_TYPE 0x01
106 #define LE_SCAN_WIN 0x12
107 #define LE_SCAN_INT 0x12
108 #define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
109
110 #define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
111
112 #define SERVICE_CACHE_TIMEOUT (5 * 1000)
113
114 struct pending_cmd {
115 struct list_head list;
116 u16 opcode;
117 int index;
118 void *param;
119 struct sock *sk;
120 void *user_data;
121 };
122
123 /* HCI to MGMT error code conversion table */
124 static u8 mgmt_status_table[] = {
125 MGMT_STATUS_SUCCESS,
126 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
127 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
128 MGMT_STATUS_FAILED, /* Hardware Failure */
129 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
130 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
131 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
132 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
133 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
135 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
136 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
137 MGMT_STATUS_BUSY, /* Command Disallowed */
138 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
139 MGMT_STATUS_REJECTED, /* Rejected Security */
140 MGMT_STATUS_REJECTED, /* Rejected Personal */
141 MGMT_STATUS_TIMEOUT, /* Host Timeout */
142 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
143 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
144 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
145 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
146 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
147 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
148 MGMT_STATUS_BUSY, /* Repeated Attempts */
149 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
150 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
152 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
153 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
154 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
155 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
156 MGMT_STATUS_FAILED, /* Unspecified Error */
157 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
158 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
159 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
160 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
161 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
162 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
163 MGMT_STATUS_FAILED, /* Unit Link Key Used */
164 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
165 MGMT_STATUS_TIMEOUT, /* Instant Passed */
166 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
167 MGMT_STATUS_FAILED, /* Transaction Collision */
168 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
169 MGMT_STATUS_REJECTED, /* QoS Rejected */
170 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
171 MGMT_STATUS_REJECTED, /* Insufficient Security */
172 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
173 MGMT_STATUS_BUSY, /* Role Switch Pending */
174 MGMT_STATUS_FAILED, /* Slot Violation */
175 MGMT_STATUS_FAILED, /* Role Switch Failed */
176 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
177 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
178 MGMT_STATUS_BUSY, /* Host Busy Pairing */
179 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
180 MGMT_STATUS_BUSY, /* Controller Busy */
181 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
182 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
183 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
184 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
185 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
186 };
187
188 static u8 mgmt_status(u8 hci_status)
189 {
190 if (hci_status < ARRAY_SIZE(mgmt_status_table))
191 return mgmt_status_table[hci_status];
192
193 return MGMT_STATUS_FAILED;
194 }
195
196 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
197 {
198 struct sk_buff *skb;
199 struct mgmt_hdr *hdr;
200 struct mgmt_ev_cmd_status *ev;
201 int err;
202
203 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
204
205 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
206 if (!skb)
207 return -ENOMEM;
208
209 hdr = (void *) skb_put(skb, sizeof(*hdr));
210
211 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
212 hdr->index = cpu_to_le16(index);
213 hdr->len = cpu_to_le16(sizeof(*ev));
214
215 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->status = status;
217 put_unaligned_le16(cmd, &ev->opcode);
218
219 err = sock_queue_rcv_skb(sk, skb);
220 if (err < 0)
221 kfree_skb(skb);
222
223 return err;
224 }
225
226 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
227 size_t rp_len)
228 {
229 struct sk_buff *skb;
230 struct mgmt_hdr *hdr;
231 struct mgmt_ev_cmd_complete *ev;
232 int err;
233
234 BT_DBG("sock %p", sk);
235
236 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
237 if (!skb)
238 return -ENOMEM;
239
240 hdr = (void *) skb_put(skb, sizeof(*hdr));
241
242 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
243 hdr->index = cpu_to_le16(index);
244 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
245
246 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
247 put_unaligned_le16(cmd, &ev->opcode);
248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
251
252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
254 kfree_skb(skb);
255
256 return err;;
257 }
258
259 static int read_version(struct sock *sk)
260 {
261 struct mgmt_rp_read_version rp;
262
263 BT_DBG("sock %p", sk);
264
265 rp.version = MGMT_VERSION;
266 put_unaligned_le16(MGMT_REVISION, &rp.revision);
267
268 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
269 sizeof(rp));
270 }
271
272 static int read_commands(struct sock *sk)
273 {
274 struct mgmt_rp_read_commands *rp;
275 u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 u16 num_events = ARRAY_SIZE(mgmt_events);
277 u16 *opcode;
278 size_t rp_size;
279 int i, err;
280
281 BT_DBG("sock %p", sk);
282
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
284
285 rp = kmalloc(rp_size, GFP_KERNEL);
286 if (!rp)
287 return -ENOMEM;
288
289 put_unaligned_le16(num_commands, &rp->num_commands);
290 put_unaligned_le16(num_events, &rp->num_events);
291
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
294
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
297
298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, rp,
299 rp_size);
300 kfree(rp);
301
302 return err;
303 }
304
305 static int read_index_list(struct sock *sk)
306 {
307 struct mgmt_rp_read_index_list *rp;
308 struct list_head *p;
309 struct hci_dev *d;
310 size_t rp_len;
311 u16 count;
312 int i, err;
313
314 BT_DBG("sock %p", sk);
315
316 read_lock(&hci_dev_list_lock);
317
318 count = 0;
319 list_for_each(p, &hci_dev_list) {
320 count++;
321 }
322
323 rp_len = sizeof(*rp) + (2 * count);
324 rp = kmalloc(rp_len, GFP_ATOMIC);
325 if (!rp) {
326 read_unlock(&hci_dev_list_lock);
327 return -ENOMEM;
328 }
329
330 put_unaligned_le16(count, &rp->num_controllers);
331
332 i = 0;
333 list_for_each_entry(d, &hci_dev_list, list) {
334 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
335 cancel_delayed_work(&d->power_off);
336
337 if (test_bit(HCI_SETUP, &d->dev_flags))
338 continue;
339
340 put_unaligned_le16(d->id, &rp->index[i++]);
341 BT_DBG("Added hci%u", d->id);
342 }
343
344 read_unlock(&hci_dev_list_lock);
345
346 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
347 rp_len);
348
349 kfree(rp);
350
351 return err;
352 }
353
354 static u32 get_supported_settings(struct hci_dev *hdev)
355 {
356 u32 settings = 0;
357
358 settings |= MGMT_SETTING_POWERED;
359 settings |= MGMT_SETTING_CONNECTABLE;
360 settings |= MGMT_SETTING_FAST_CONNECTABLE;
361 settings |= MGMT_SETTING_DISCOVERABLE;
362 settings |= MGMT_SETTING_PAIRABLE;
363
364 if (hdev->features[6] & LMP_SIMPLE_PAIR)
365 settings |= MGMT_SETTING_SSP;
366
367 if (!(hdev->features[4] & LMP_NO_BREDR)) {
368 settings |= MGMT_SETTING_BREDR;
369 settings |= MGMT_SETTING_LINK_SECURITY;
370 }
371
372 if (hdev->features[4] & LMP_LE)
373 settings |= MGMT_SETTING_LE;
374
375 return settings;
376 }
377
378 static u32 get_current_settings(struct hci_dev *hdev)
379 {
380 u32 settings = 0;
381
382 if (test_bit(HCI_UP, &hdev->flags))
383 settings |= MGMT_SETTING_POWERED;
384 else
385 return settings;
386
387 if (test_bit(HCI_PSCAN, &hdev->flags))
388 settings |= MGMT_SETTING_CONNECTABLE;
389
390 if (test_bit(HCI_ISCAN, &hdev->flags))
391 settings |= MGMT_SETTING_DISCOVERABLE;
392
393 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
394 settings |= MGMT_SETTING_PAIRABLE;
395
396 if (!(hdev->features[4] & LMP_NO_BREDR))
397 settings |= MGMT_SETTING_BREDR;
398
399 if (hdev->host_features[0] & LMP_HOST_LE)
400 settings |= MGMT_SETTING_LE;
401
402 if (test_bit(HCI_AUTH, &hdev->flags))
403 settings |= MGMT_SETTING_LINK_SECURITY;
404
405 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
406 settings |= MGMT_SETTING_SSP;
407
408 return settings;
409 }
410
411 #define PNP_INFO_SVCLASS_ID 0x1200
412
413 static u8 bluetooth_base_uuid[] = {
414 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
415 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
416 };
417
418 static u16 get_uuid16(u8 *uuid128)
419 {
420 u32 val;
421 int i;
422
423 for (i = 0; i < 12; i++) {
424 if (bluetooth_base_uuid[i] != uuid128[i])
425 return 0;
426 }
427
428 memcpy(&val, &uuid128[12], 4);
429
430 val = le32_to_cpu(val);
431 if (val > 0xffff)
432 return 0;
433
434 return (u16) val;
435 }
436
437 static void create_eir(struct hci_dev *hdev, u8 *data)
438 {
439 u8 *ptr = data;
440 u16 eir_len = 0;
441 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
442 int i, truncated = 0;
443 struct bt_uuid *uuid;
444 size_t name_len;
445
446 name_len = strlen(hdev->dev_name);
447
448 if (name_len > 0) {
449 /* EIR Data type */
450 if (name_len > 48) {
451 name_len = 48;
452 ptr[1] = EIR_NAME_SHORT;
453 } else
454 ptr[1] = EIR_NAME_COMPLETE;
455
456 /* EIR Data length */
457 ptr[0] = name_len + 1;
458
459 memcpy(ptr + 2, hdev->dev_name, name_len);
460
461 eir_len += (name_len + 2);
462 ptr += (name_len + 2);
463 }
464
465 memset(uuid16_list, 0, sizeof(uuid16_list));
466
467 /* Group all UUID16 types */
468 list_for_each_entry(uuid, &hdev->uuids, list) {
469 u16 uuid16;
470
471 uuid16 = get_uuid16(uuid->uuid);
472 if (uuid16 == 0)
473 return;
474
475 if (uuid16 < 0x1100)
476 continue;
477
478 if (uuid16 == PNP_INFO_SVCLASS_ID)
479 continue;
480
481 /* Stop if not enough space to put next UUID */
482 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
483 truncated = 1;
484 break;
485 }
486
487 /* Check for duplicates */
488 for (i = 0; uuid16_list[i] != 0; i++)
489 if (uuid16_list[i] == uuid16)
490 break;
491
492 if (uuid16_list[i] == 0) {
493 uuid16_list[i] = uuid16;
494 eir_len += sizeof(u16);
495 }
496 }
497
498 if (uuid16_list[0] != 0) {
499 u8 *length = ptr;
500
501 /* EIR Data type */
502 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
503
504 ptr += 2;
505 eir_len += 2;
506
507 for (i = 0; uuid16_list[i] != 0; i++) {
508 *ptr++ = (uuid16_list[i] & 0x00ff);
509 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
510 }
511
512 /* EIR Data length */
513 *length = (i * sizeof(u16)) + 1;
514 }
515 }
516
517 static int update_eir(struct hci_dev *hdev)
518 {
519 struct hci_cp_write_eir cp;
520
521 if (!(hdev->features[6] & LMP_EXT_INQ))
522 return 0;
523
524 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
525 return 0;
526
527 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
528 return 0;
529
530 memset(&cp, 0, sizeof(cp));
531
532 create_eir(hdev, cp.data);
533
534 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
535 return 0;
536
537 memcpy(hdev->eir, cp.data, sizeof(cp.data));
538
539 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
540 }
541
542 static u8 get_service_classes(struct hci_dev *hdev)
543 {
544 struct bt_uuid *uuid;
545 u8 val = 0;
546
547 list_for_each_entry(uuid, &hdev->uuids, list)
548 val |= uuid->svc_hint;
549
550 return val;
551 }
552
553 static int update_class(struct hci_dev *hdev)
554 {
555 u8 cod[3];
556
557 BT_DBG("%s", hdev->name);
558
559 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
560 return 0;
561
562 cod[0] = hdev->minor_class;
563 cod[1] = hdev->major_class;
564 cod[2] = get_service_classes(hdev);
565
566 if (memcmp(cod, hdev->dev_class, 3) == 0)
567 return 0;
568
569 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
570 }
571
572 static void service_cache_off(struct work_struct *work)
573 {
574 struct hci_dev *hdev = container_of(work, struct hci_dev,
575 service_cache.work);
576
577 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
578 return;
579
580 hci_dev_lock(hdev);
581
582 update_eir(hdev);
583 update_class(hdev);
584
585 hci_dev_unlock(hdev);
586 }
587
588 static void mgmt_init_hdev(struct hci_dev *hdev)
589 {
590 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
591 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
592
593 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
594 schedule_delayed_work(&hdev->service_cache,
595 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
596 }
597
598 static int read_controller_info(struct sock *sk, u16 index)
599 {
600 struct mgmt_rp_read_info rp;
601 struct hci_dev *hdev;
602
603 BT_DBG("sock %p hci%u", sk, index);
604
605 hdev = hci_dev_get(index);
606 if (!hdev)
607 return cmd_status(sk, index, MGMT_OP_READ_INFO,
608 MGMT_STATUS_INVALID_PARAMS);
609
610 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
611 cancel_delayed_work_sync(&hdev->power_off);
612
613 hci_dev_lock(hdev);
614
615 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
616 mgmt_init_hdev(hdev);
617
618 memset(&rp, 0, sizeof(rp));
619
620 bacpy(&rp.bdaddr, &hdev->bdaddr);
621
622 rp.version = hdev->hci_ver;
623
624 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
625
626 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
627 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
628
629 memcpy(rp.dev_class, hdev->dev_class, 3);
630
631 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
632
633 hci_dev_unlock(hdev);
634 hci_dev_put(hdev);
635
636 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
637 }
638
639 static void mgmt_pending_free(struct pending_cmd *cmd)
640 {
641 sock_put(cmd->sk);
642 kfree(cmd->param);
643 kfree(cmd);
644 }
645
646 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
647 struct hci_dev *hdev,
648 void *data, u16 len)
649 {
650 struct pending_cmd *cmd;
651
652 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
653 if (!cmd)
654 return NULL;
655
656 cmd->opcode = opcode;
657 cmd->index = hdev->id;
658
659 cmd->param = kmalloc(len, GFP_ATOMIC);
660 if (!cmd->param) {
661 kfree(cmd);
662 return NULL;
663 }
664
665 if (data)
666 memcpy(cmd->param, data, len);
667
668 cmd->sk = sk;
669 sock_hold(sk);
670
671 list_add(&cmd->list, &hdev->mgmt_pending);
672
673 return cmd;
674 }
675
676 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
677 void (*cb)(struct pending_cmd *cmd, void *data),
678 void *data)
679 {
680 struct list_head *p, *n;
681
682 list_for_each_safe(p, n, &hdev->mgmt_pending) {
683 struct pending_cmd *cmd;
684
685 cmd = list_entry(p, struct pending_cmd, list);
686
687 if (opcode > 0 && cmd->opcode != opcode)
688 continue;
689
690 cb(cmd, data);
691 }
692 }
693
694 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
695 {
696 struct pending_cmd *cmd;
697
698 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
699 if (cmd->opcode == opcode)
700 return cmd;
701 }
702
703 return NULL;
704 }
705
706 static void mgmt_pending_remove(struct pending_cmd *cmd)
707 {
708 list_del(&cmd->list);
709 mgmt_pending_free(cmd);
710 }
711
712 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
713 {
714 __le32 settings = cpu_to_le32(get_current_settings(hdev));
715
716 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
717 }
718
719 static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
720 {
721 struct mgmt_mode *cp = data;
722 struct hci_dev *hdev;
723 struct pending_cmd *cmd;
724 int err, up;
725
726 BT_DBG("request for hci%u", index);
727
728 if (len != sizeof(*cp))
729 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
730 MGMT_STATUS_INVALID_PARAMS);
731
732 hdev = hci_dev_get(index);
733 if (!hdev)
734 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
735 MGMT_STATUS_INVALID_PARAMS);
736
737 hci_dev_lock(hdev);
738
739 up = test_bit(HCI_UP, &hdev->flags);
740 if ((cp->val && up) || (!cp->val && !up)) {
741 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
742 goto failed;
743 }
744
745 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
746 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
747 MGMT_STATUS_BUSY);
748 goto failed;
749 }
750
751 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
752 if (!cmd) {
753 err = -ENOMEM;
754 goto failed;
755 }
756
757 if (cp->val)
758 schedule_work(&hdev->power_on);
759 else
760 schedule_work(&hdev->power_off.work);
761
762 err = 0;
763
764 failed:
765 hci_dev_unlock(hdev);
766 hci_dev_put(hdev);
767 return err;
768 }
769
770 static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
771 {
772 struct mgmt_cp_set_discoverable *cp = data;
773 struct hci_dev *hdev;
774 struct pending_cmd *cmd;
775 u8 scan;
776 int err;
777
778 BT_DBG("request for hci%u", index);
779
780 if (len != sizeof(*cp))
781 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
782 MGMT_STATUS_INVALID_PARAMS);
783
784 hdev = hci_dev_get(index);
785 if (!hdev)
786 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
787 MGMT_STATUS_INVALID_PARAMS);
788
789 hci_dev_lock(hdev);
790
791 if (!test_bit(HCI_UP, &hdev->flags)) {
792 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
793 MGMT_STATUS_NOT_POWERED);
794 goto failed;
795 }
796
797 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
798 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
799 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
800 MGMT_STATUS_BUSY);
801 goto failed;
802 }
803
804 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
805 test_bit(HCI_PSCAN, &hdev->flags)) {
806 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
807 goto failed;
808 }
809
810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
811 if (!cmd) {
812 err = -ENOMEM;
813 goto failed;
814 }
815
816 scan = SCAN_PAGE;
817
818 if (cp->val)
819 scan |= SCAN_INQUIRY;
820 else
821 cancel_delayed_work(&hdev->discov_off);
822
823 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
824 if (err < 0)
825 mgmt_pending_remove(cmd);
826
827 if (cp->val)
828 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
829
830 failed:
831 hci_dev_unlock(hdev);
832 hci_dev_put(hdev);
833
834 return err;
835 }
836
837 static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
838 {
839 struct mgmt_mode *cp = data;
840 struct hci_dev *hdev;
841 struct pending_cmd *cmd;
842 u8 scan;
843 int err;
844
845 BT_DBG("request for hci%u", index);
846
847 if (len != sizeof(*cp))
848 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
849 MGMT_STATUS_INVALID_PARAMS);
850
851 hdev = hci_dev_get(index);
852 if (!hdev)
853 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
854 MGMT_STATUS_INVALID_PARAMS);
855
856 hci_dev_lock(hdev);
857
858 if (!test_bit(HCI_UP, &hdev->flags)) {
859 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
860 MGMT_STATUS_NOT_POWERED);
861 goto failed;
862 }
863
864 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
865 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
866 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
867 MGMT_STATUS_BUSY);
868 goto failed;
869 }
870
871 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
872 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
873 goto failed;
874 }
875
876 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
877 if (!cmd) {
878 err = -ENOMEM;
879 goto failed;
880 }
881
882 if (cp->val)
883 scan = SCAN_PAGE;
884 else
885 scan = 0;
886
887 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
888 if (err < 0)
889 mgmt_pending_remove(cmd);
890
891 failed:
892 hci_dev_unlock(hdev);
893 hci_dev_put(hdev);
894
895 return err;
896 }
897
898 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
899 u16 data_len, struct sock *skip_sk)
900 {
901 struct sk_buff *skb;
902 struct mgmt_hdr *hdr;
903
904 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
905 if (!skb)
906 return -ENOMEM;
907
908 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
909
910 hdr = (void *) skb_put(skb, sizeof(*hdr));
911 hdr->opcode = cpu_to_le16(event);
912 if (hdev)
913 hdr->index = cpu_to_le16(hdev->id);
914 else
915 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
916 hdr->len = cpu_to_le16(data_len);
917
918 if (data)
919 memcpy(skb_put(skb, data_len), data, data_len);
920
921 hci_send_to_sock(NULL, skb, skip_sk);
922 kfree_skb(skb);
923
924 return 0;
925 }
926
927 static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
928 {
929 struct mgmt_mode *cp = data;
930 struct hci_dev *hdev;
931 __le32 ev;
932 int err;
933
934 BT_DBG("request for hci%u", index);
935
936 if (len != sizeof(*cp))
937 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
938 MGMT_STATUS_INVALID_PARAMS);
939
940 hdev = hci_dev_get(index);
941 if (!hdev)
942 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
943 MGMT_STATUS_INVALID_PARAMS);
944
945 hci_dev_lock(hdev);
946
947 if (cp->val)
948 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
949 else
950 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
951
952 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
953 if (err < 0)
954 goto failed;
955
956 ev = cpu_to_le32(get_current_settings(hdev));
957
958 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
959
960 failed:
961 hci_dev_unlock(hdev);
962 hci_dev_put(hdev);
963
964 return err;
965 }
966
967 static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
968 {
969 struct mgmt_mode *cp = data;
970 struct pending_cmd *cmd;
971 struct hci_dev *hdev;
972 uint8_t val;
973 int err;
974
975 BT_DBG("request for hci%u", index);
976
977 if (len != sizeof(*cp))
978 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
979 MGMT_STATUS_INVALID_PARAMS);
980
981 hdev = hci_dev_get(index);
982 if (!hdev)
983 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
984 MGMT_STATUS_INVALID_PARAMS);
985
986 hci_dev_lock(hdev);
987
988 if (!test_bit(HCI_UP, &hdev->flags)) {
989 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
990 MGMT_STATUS_NOT_POWERED);
991 goto failed;
992 }
993
994 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
995 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
996 MGMT_STATUS_BUSY);
997 goto failed;
998 }
999
1000 val = !!cp->val;
1001
1002 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1003 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1004 goto failed;
1005 }
1006
1007 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1008 if (!cmd) {
1009 err = -ENOMEM;
1010 goto failed;
1011 }
1012
1013 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1014 if (err < 0) {
1015 mgmt_pending_remove(cmd);
1016 goto failed;
1017 }
1018
1019 failed:
1020 hci_dev_unlock(hdev);
1021 hci_dev_put(hdev);
1022
1023 return err;
1024 }
1025
1026 static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1027 {
1028 struct mgmt_mode *cp = data;
1029 struct pending_cmd *cmd;
1030 struct hci_dev *hdev;
1031 uint8_t val;
1032 int err;
1033
1034 BT_DBG("request for hci%u", index);
1035
1036 if (len != sizeof(*cp))
1037 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1038 MGMT_STATUS_INVALID_PARAMS);
1039
1040 hdev = hci_dev_get(index);
1041 if (!hdev)
1042 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1043 MGMT_STATUS_INVALID_PARAMS);
1044
1045 hci_dev_lock(hdev);
1046
1047 if (!test_bit(HCI_UP, &hdev->flags)) {
1048 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1049 MGMT_STATUS_NOT_POWERED);
1050 goto failed;
1051 }
1052
1053 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1054 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1055 goto failed;
1056 }
1057
1058 val = !!cp->val;
1059
1060 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1061 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1062 goto failed;
1063 }
1064
1065 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1066 if (!cmd) {
1067 err = -ENOMEM;
1068 goto failed;
1069 }
1070
1071 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1072 if (err < 0) {
1073 mgmt_pending_remove(cmd);
1074 goto failed;
1075 }
1076
1077 failed:
1078 hci_dev_unlock(hdev);
1079 hci_dev_put(hdev);
1080
1081 return err;
1082 }
1083
1084 static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
1085 {
1086 struct mgmt_cp_add_uuid *cp = data;
1087 struct hci_dev *hdev;
1088 struct bt_uuid *uuid;
1089 int err;
1090
1091 BT_DBG("request for hci%u", index);
1092
1093 if (len != sizeof(*cp))
1094 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1095 MGMT_STATUS_INVALID_PARAMS);
1096
1097 hdev = hci_dev_get(index);
1098 if (!hdev)
1099 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1100 MGMT_STATUS_INVALID_PARAMS);
1101
1102 hci_dev_lock(hdev);
1103
1104 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1105 if (!uuid) {
1106 err = -ENOMEM;
1107 goto failed;
1108 }
1109
1110 memcpy(uuid->uuid, cp->uuid, 16);
1111 uuid->svc_hint = cp->svc_hint;
1112
1113 list_add(&uuid->list, &hdev->uuids);
1114
1115 err = update_class(hdev);
1116 if (err < 0)
1117 goto failed;
1118
1119 err = update_eir(hdev);
1120 if (err < 0)
1121 goto failed;
1122
1123 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
1124
1125 failed:
1126 hci_dev_unlock(hdev);
1127 hci_dev_put(hdev);
1128
1129 return err;
1130 }
1131
1132 static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
1133 {
1134 struct mgmt_cp_remove_uuid *cp = data;
1135 struct list_head *p, *n;
1136 struct hci_dev *hdev;
1137 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1138 int err, found;
1139
1140 BT_DBG("request for hci%u", index);
1141
1142 if (len != sizeof(*cp))
1143 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1144 MGMT_STATUS_INVALID_PARAMS);
1145
1146 hdev = hci_dev_get(index);
1147 if (!hdev)
1148 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1149 MGMT_STATUS_INVALID_PARAMS);
1150
1151 hci_dev_lock(hdev);
1152
1153 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1154 err = hci_uuids_clear(hdev);
1155 goto unlock;
1156 }
1157
1158 found = 0;
1159
1160 list_for_each_safe(p, n, &hdev->uuids) {
1161 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1162
1163 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1164 continue;
1165
1166 list_del(&match->list);
1167 found++;
1168 }
1169
1170 if (found == 0) {
1171 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1172 MGMT_STATUS_INVALID_PARAMS);
1173 goto unlock;
1174 }
1175
1176 err = update_class(hdev);
1177 if (err < 0)
1178 goto unlock;
1179
1180 err = update_eir(hdev);
1181 if (err < 0)
1182 goto unlock;
1183
1184 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
1185
1186 unlock:
1187 hci_dev_unlock(hdev);
1188 hci_dev_put(hdev);
1189
1190 return err;
1191 }
1192
1193 static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1194 {
1195 struct hci_dev *hdev;
1196 struct mgmt_cp_set_dev_class *cp = data;
1197 int err;
1198
1199 BT_DBG("request for hci%u", index);
1200
1201 if (len != sizeof(*cp))
1202 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1203 MGMT_STATUS_INVALID_PARAMS);
1204
1205 hdev = hci_dev_get(index);
1206 if (!hdev)
1207 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1208 MGMT_STATUS_INVALID_PARAMS);
1209
1210 hci_dev_lock(hdev);
1211
1212 hdev->major_class = cp->major;
1213 hdev->minor_class = cp->minor;
1214
1215 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1216 hci_dev_unlock(hdev);
1217 cancel_delayed_work_sync(&hdev->service_cache);
1218 hci_dev_lock(hdev);
1219 update_eir(hdev);
1220 }
1221
1222 err = update_class(hdev);
1223
1224 if (err == 0)
1225 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1226
1227 hci_dev_unlock(hdev);
1228 hci_dev_put(hdev);
1229
1230 return err;
1231 }
1232
1233 static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
1234 {
1235 struct hci_dev *hdev;
1236 struct mgmt_cp_load_link_keys *cp = data;
1237 u16 key_count, expected_len;
1238 int i;
1239
1240 if (len < sizeof(*cp))
1241 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1242 MGMT_STATUS_INVALID_PARAMS);
1243
1244 key_count = get_unaligned_le16(&cp->key_count);
1245
1246 expected_len = sizeof(*cp) + key_count *
1247 sizeof(struct mgmt_link_key_info);
1248 if (expected_len != len) {
1249 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1250 len, expected_len);
1251 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1252 MGMT_STATUS_INVALID_PARAMS);
1253 }
1254
1255 hdev = hci_dev_get(index);
1256 if (!hdev)
1257 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1258 MGMT_STATUS_INVALID_PARAMS);
1259
1260 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
1261 key_count);
1262
1263 hci_dev_lock(hdev);
1264
1265 hci_link_keys_clear(hdev);
1266
1267 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1268
1269 if (cp->debug_keys)
1270 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1271 else
1272 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1273
1274 for (i = 0; i < key_count; i++) {
1275 struct mgmt_link_key_info *key = &cp->keys[i];
1276
1277 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
1278 key->pin_len);
1279 }
1280
1281 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1282
1283 hci_dev_unlock(hdev);
1284 hci_dev_put(hdev);
1285
1286 return 0;
1287 }
1288
1289 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1290 u8 addr_type, struct sock *skip_sk)
1291 {
1292 struct mgmt_ev_device_unpaired ev;
1293
1294 bacpy(&ev.addr.bdaddr, bdaddr);
1295 ev.addr.type = addr_type;
1296
1297 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1298 skip_sk);
1299 }
1300
1301 static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
1302 {
1303 struct hci_dev *hdev;
1304 struct mgmt_cp_unpair_device *cp = data;
1305 struct mgmt_rp_unpair_device rp;
1306 struct hci_cp_disconnect dc;
1307 struct pending_cmd *cmd;
1308 struct hci_conn *conn;
1309 int err;
1310
1311 if (len != sizeof(*cp))
1312 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1313 MGMT_STATUS_INVALID_PARAMS);
1314
1315 hdev = hci_dev_get(index);
1316 if (!hdev)
1317 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
1318 MGMT_STATUS_INVALID_PARAMS);
1319
1320 hci_dev_lock(hdev);
1321
1322 memset(&rp, 0, sizeof(rp));
1323 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1324 rp.addr.type = cp->addr.type;
1325
1326 if (cp->addr.type == MGMT_ADDR_BREDR)
1327 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1328 else
1329 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1330
1331 if (err < 0) {
1332 rp.status = MGMT_STATUS_NOT_PAIRED;
1333 goto unlock;
1334 }
1335
1336 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1337 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1338 sizeof(rp));
1339 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1340 goto unlock;
1341 }
1342
1343 if (cp->addr.type == MGMT_ADDR_BREDR)
1344 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1345 &cp->addr.bdaddr);
1346 else
1347 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1348 &cp->addr.bdaddr);
1349
1350 if (!conn) {
1351 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1352 sizeof(rp));
1353 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1354 goto unlock;
1355 }
1356
1357 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1358 sizeof(*cp));
1359 if (!cmd) {
1360 err = -ENOMEM;
1361 goto unlock;
1362 }
1363
1364 put_unaligned_le16(conn->handle, &dc.handle);
1365 dc.reason = 0x13; /* Remote User Terminated Connection */
1366 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1367 if (err < 0)
1368 mgmt_pending_remove(cmd);
1369
1370 unlock:
1371 if (err < 0)
1372 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, &rp,
1373 sizeof(rp));
1374 hci_dev_unlock(hdev);
1375 hci_dev_put(hdev);
1376
1377 return err;
1378 }
1379
1380 static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
1381 {
1382 struct hci_dev *hdev;
1383 struct mgmt_cp_disconnect *cp = data;
1384 struct hci_cp_disconnect dc;
1385 struct pending_cmd *cmd;
1386 struct hci_conn *conn;
1387 int err;
1388
1389 BT_DBG("");
1390
1391 if (len != sizeof(*cp))
1392 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1393 MGMT_STATUS_INVALID_PARAMS);
1394
1395 hdev = hci_dev_get(index);
1396 if (!hdev)
1397 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1398 MGMT_STATUS_INVALID_PARAMS);
1399
1400 hci_dev_lock(hdev);
1401
1402 if (!test_bit(HCI_UP, &hdev->flags)) {
1403 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1404 MGMT_STATUS_NOT_POWERED);
1405 goto failed;
1406 }
1407
1408 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1409 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1410 MGMT_STATUS_BUSY);
1411 goto failed;
1412 }
1413
1414 if (cp->addr.type == MGMT_ADDR_BREDR)
1415 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1416 else
1417 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1418
1419 if (!conn) {
1420 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1421 MGMT_STATUS_NOT_CONNECTED);
1422 goto failed;
1423 }
1424
1425 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1426 if (!cmd) {
1427 err = -ENOMEM;
1428 goto failed;
1429 }
1430
1431 put_unaligned_le16(conn->handle, &dc.handle);
1432 dc.reason = 0x13; /* Remote User Terminated Connection */
1433
1434 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1435 if (err < 0)
1436 mgmt_pending_remove(cmd);
1437
1438 failed:
1439 hci_dev_unlock(hdev);
1440 hci_dev_put(hdev);
1441
1442 return err;
1443 }
1444
1445 static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1446 {
1447 switch (link_type) {
1448 case LE_LINK:
1449 switch (addr_type) {
1450 case ADDR_LE_DEV_PUBLIC:
1451 return MGMT_ADDR_LE_PUBLIC;
1452 case ADDR_LE_DEV_RANDOM:
1453 return MGMT_ADDR_LE_RANDOM;
1454 default:
1455 return MGMT_ADDR_INVALID;
1456 }
1457 case ACL_LINK:
1458 return MGMT_ADDR_BREDR;
1459 default:
1460 return MGMT_ADDR_INVALID;
1461 }
1462 }
1463
1464 static int get_connections(struct sock *sk, u16 index)
1465 {
1466 struct mgmt_rp_get_connections *rp;
1467 struct hci_dev *hdev;
1468 struct hci_conn *c;
1469 size_t rp_len;
1470 u16 count;
1471 int i, err;
1472
1473 BT_DBG("");
1474
1475 hdev = hci_dev_get(index);
1476 if (!hdev)
1477 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1478 MGMT_STATUS_INVALID_PARAMS);
1479
1480 hci_dev_lock(hdev);
1481
1482 count = 0;
1483 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1484 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1485 count++;
1486 }
1487
1488 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
1489 rp = kmalloc(rp_len, GFP_ATOMIC);
1490 if (!rp) {
1491 err = -ENOMEM;
1492 goto unlock;
1493 }
1494
1495 put_unaligned_le16(count, &rp->conn_count);
1496
1497 i = 0;
1498 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1499 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1500 continue;
1501 bacpy(&rp->addr[i].bdaddr, &c->dst);
1502 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1503 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1504 continue;
1505 i++;
1506 }
1507
1508 /* Recalculate length in case of filtered SCO connections, etc */
1509 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1510
1511 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1512
1513 unlock:
1514 kfree(rp);
1515 hci_dev_unlock(hdev);
1516 hci_dev_put(hdev);
1517 return err;
1518 }
1519
1520 static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1521 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1522 {
1523 struct pending_cmd *cmd;
1524 int err;
1525
1526 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1527 sizeof(*cp));
1528 if (!cmd)
1529 return -ENOMEM;
1530
1531 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1532 &cp->bdaddr);
1533 if (err < 0)
1534 mgmt_pending_remove(cmd);
1535
1536 return err;
1537 }
1538
1539 static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
1540 {
1541 struct hci_dev *hdev;
1542 struct hci_conn *conn;
1543 struct mgmt_cp_pin_code_reply *cp = data;
1544 struct mgmt_cp_pin_code_neg_reply ncp;
1545 struct hci_cp_pin_code_reply reply;
1546 struct pending_cmd *cmd;
1547 int err;
1548
1549 BT_DBG("");
1550
1551 if (len != sizeof(*cp))
1552 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1553 MGMT_STATUS_INVALID_PARAMS);
1554
1555 hdev = hci_dev_get(index);
1556 if (!hdev)
1557 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1558 MGMT_STATUS_INVALID_PARAMS);
1559
1560 hci_dev_lock(hdev);
1561
1562 if (!test_bit(HCI_UP, &hdev->flags)) {
1563 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1564 MGMT_STATUS_NOT_POWERED);
1565 goto failed;
1566 }
1567
1568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1569 if (!conn) {
1570 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1571 MGMT_STATUS_NOT_CONNECTED);
1572 goto failed;
1573 }
1574
1575 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1576 bacpy(&ncp.bdaddr, &cp->bdaddr);
1577
1578 BT_ERR("PIN code is not 16 bytes long");
1579
1580 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1581 if (err >= 0)
1582 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1583 MGMT_STATUS_INVALID_PARAMS);
1584
1585 goto failed;
1586 }
1587
1588 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1589 len);
1590 if (!cmd) {
1591 err = -ENOMEM;
1592 goto failed;
1593 }
1594
1595 bacpy(&reply.bdaddr, &cp->bdaddr);
1596 reply.pin_len = cp->pin_len;
1597 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1598
1599 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1600 if (err < 0)
1601 mgmt_pending_remove(cmd);
1602
1603 failed:
1604 hci_dev_unlock(hdev);
1605 hci_dev_put(hdev);
1606
1607 return err;
1608 }
1609
1610 static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
1611 {
1612 struct hci_dev *hdev;
1613 struct mgmt_cp_pin_code_neg_reply *cp = data;
1614 int err;
1615
1616 BT_DBG("");
1617
1618 if (len != sizeof(*cp))
1619 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1620 MGMT_STATUS_INVALID_PARAMS);
1621
1622 hdev = hci_dev_get(index);
1623 if (!hdev)
1624 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1625 MGMT_STATUS_INVALID_PARAMS);
1626
1627 hci_dev_lock(hdev);
1628
1629 if (!test_bit(HCI_UP, &hdev->flags)) {
1630 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1631 MGMT_STATUS_NOT_POWERED);
1632 goto failed;
1633 }
1634
1635 err = send_pin_code_neg_reply(sk, index, hdev, cp);
1636
1637 failed:
1638 hci_dev_unlock(hdev);
1639 hci_dev_put(hdev);
1640
1641 return err;
1642 }
1643
1644 static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
1645 {
1646 struct hci_dev *hdev;
1647 struct mgmt_cp_set_io_capability *cp = data;
1648
1649 BT_DBG("");
1650
1651 if (len != sizeof(*cp))
1652 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1653 MGMT_STATUS_INVALID_PARAMS);
1654
1655 hdev = hci_dev_get(index);
1656 if (!hdev)
1657 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1658 MGMT_STATUS_INVALID_PARAMS);
1659
1660 hci_dev_lock(hdev);
1661
1662 hdev->io_capability = cp->io_capability;
1663
1664 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1665 hdev->io_capability);
1666
1667 hci_dev_unlock(hdev);
1668 hci_dev_put(hdev);
1669
1670 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1671 }
1672
1673 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1674 {
1675 struct hci_dev *hdev = conn->hdev;
1676 struct pending_cmd *cmd;
1677
1678 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1679 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1680 continue;
1681
1682 if (cmd->user_data != conn)
1683 continue;
1684
1685 return cmd;
1686 }
1687
1688 return NULL;
1689 }
1690
1691 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1692 {
1693 struct mgmt_rp_pair_device rp;
1694 struct hci_conn *conn = cmd->user_data;
1695
1696 bacpy(&rp.addr.bdaddr, &conn->dst);
1697 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1698 rp.status = status;
1699
1700 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1701
1702 /* So we don't get further callbacks for this connection */
1703 conn->connect_cfm_cb = NULL;
1704 conn->security_cfm_cb = NULL;
1705 conn->disconn_cfm_cb = NULL;
1706
1707 hci_conn_put(conn);
1708
1709 mgmt_pending_remove(cmd);
1710 }
1711
1712 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1713 {
1714 struct pending_cmd *cmd;
1715
1716 BT_DBG("status %u", status);
1717
1718 cmd = find_pairing(conn);
1719 if (!cmd)
1720 BT_DBG("Unable to find a pending command");
1721 else
1722 pairing_complete(cmd, status);
1723 }
1724
1725 static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
1726 {
1727 struct hci_dev *hdev;
1728 struct mgmt_cp_pair_device *cp = data;
1729 struct mgmt_rp_pair_device rp;
1730 struct pending_cmd *cmd;
1731 u8 sec_level, auth_type;
1732 struct hci_conn *conn;
1733 int err;
1734
1735 BT_DBG("");
1736
1737 if (len != sizeof(*cp))
1738 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1739 MGMT_STATUS_INVALID_PARAMS);
1740
1741 hdev = hci_dev_get(index);
1742 if (!hdev)
1743 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1744 MGMT_STATUS_INVALID_PARAMS);
1745
1746 hci_dev_lock(hdev);
1747
1748 sec_level = BT_SECURITY_MEDIUM;
1749 if (cp->io_cap == 0x03)
1750 auth_type = HCI_AT_DEDICATED_BONDING;
1751 else
1752 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1753
1754 if (cp->addr.type == MGMT_ADDR_BREDR)
1755 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1756 auth_type);
1757 else
1758 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1759 auth_type);
1760
1761 memset(&rp, 0, sizeof(rp));
1762 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1763 rp.addr.type = cp->addr.type;
1764
1765 if (IS_ERR(conn)) {
1766 rp.status = -PTR_ERR(conn);
1767 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1768 &rp, sizeof(rp));
1769 goto unlock;
1770 }
1771
1772 if (conn->connect_cfm_cb) {
1773 hci_conn_put(conn);
1774 rp.status = EBUSY;
1775 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1776 &rp, sizeof(rp));
1777 goto unlock;
1778 }
1779
1780 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1781 if (!cmd) {
1782 err = -ENOMEM;
1783 hci_conn_put(conn);
1784 goto unlock;
1785 }
1786
1787 /* For LE, just connecting isn't a proof that the pairing finished */
1788 if (cp->addr.type == MGMT_ADDR_BREDR)
1789 conn->connect_cfm_cb = pairing_complete_cb;
1790
1791 conn->security_cfm_cb = pairing_complete_cb;
1792 conn->disconn_cfm_cb = pairing_complete_cb;
1793 conn->io_capability = cp->io_cap;
1794 cmd->user_data = conn;
1795
1796 if (conn->state == BT_CONNECTED &&
1797 hci_conn_security(conn, sec_level, auth_type))
1798 pairing_complete(cmd, 0);
1799
1800 err = 0;
1801
1802 unlock:
1803 hci_dev_unlock(hdev);
1804 hci_dev_put(hdev);
1805
1806 return err;
1807 }
1808
1809 static int cancel_pair_device(struct sock *sk, u16 index,
1810 unsigned char *data, u16 len)
1811 {
1812 struct mgmt_addr_info *addr = (void *) data;
1813 struct hci_dev *hdev;
1814 struct pending_cmd *cmd;
1815 struct hci_conn *conn;
1816 int err;
1817
1818 BT_DBG("");
1819
1820 if (len != sizeof(*addr))
1821 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1822 MGMT_STATUS_INVALID_PARAMS);
1823
1824 hdev = hci_dev_get(index);
1825 if (!hdev)
1826 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1827 MGMT_STATUS_INVALID_PARAMS);
1828
1829 hci_dev_lock(hdev);
1830
1831 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1832 if (!cmd) {
1833 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1834 MGMT_STATUS_INVALID_PARAMS);
1835 goto unlock;
1836 }
1837
1838 conn = cmd->user_data;
1839
1840 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1841 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1842 MGMT_STATUS_INVALID_PARAMS);
1843 goto unlock;
1844 }
1845
1846 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1847
1848 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1849 sizeof(*addr));
1850 unlock:
1851 hci_dev_unlock(hdev);
1852 hci_dev_put(hdev);
1853
1854 return err;
1855 }
1856
1857 static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1858 u8 type, u16 mgmt_op, u16 hci_op,
1859 __le32 passkey)
1860 {
1861 struct pending_cmd *cmd;
1862 struct hci_dev *hdev;
1863 struct hci_conn *conn;
1864 int err;
1865
1866 hdev = hci_dev_get(index);
1867 if (!hdev)
1868 return cmd_status(sk, index, mgmt_op,
1869 MGMT_STATUS_INVALID_PARAMS);
1870
1871 hci_dev_lock(hdev);
1872
1873 if (!test_bit(HCI_UP, &hdev->flags)) {
1874 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1875 goto done;
1876 }
1877
1878 if (type == MGMT_ADDR_BREDR)
1879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1880 else
1881 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1882
1883 if (!conn) {
1884 err = cmd_status(sk, index, mgmt_op,
1885 MGMT_STATUS_NOT_CONNECTED);
1886 goto done;
1887 }
1888
1889 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
1890 /* Continue with pairing via SMP */
1891 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1892
1893 if (!err)
1894 err = cmd_status(sk, index, mgmt_op,
1895 MGMT_STATUS_SUCCESS);
1896 else
1897 err = cmd_status(sk, index, mgmt_op,
1898 MGMT_STATUS_FAILED);
1899
1900 goto done;
1901 }
1902
1903 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
1904 if (!cmd) {
1905 err = -ENOMEM;
1906 goto done;
1907 }
1908
1909 /* Continue with pairing via HCI */
1910 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1911 struct hci_cp_user_passkey_reply cp;
1912
1913 bacpy(&cp.bdaddr, bdaddr);
1914 cp.passkey = passkey;
1915 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1916 } else
1917 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1918
1919 if (err < 0)
1920 mgmt_pending_remove(cmd);
1921
1922 done:
1923 hci_dev_unlock(hdev);
1924 hci_dev_put(hdev);
1925
1926 return err;
1927 }
1928
1929 static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1930 {
1931 struct mgmt_cp_user_confirm_reply *cp = data;
1932
1933 BT_DBG("");
1934
1935 if (len != sizeof(*cp))
1936 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1937 MGMT_STATUS_INVALID_PARAMS);
1938
1939 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1940 MGMT_OP_USER_CONFIRM_REPLY,
1941 HCI_OP_USER_CONFIRM_REPLY, 0);
1942 }
1943
1944 static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1945 u16 len)
1946 {
1947 struct mgmt_cp_user_confirm_neg_reply *cp = data;
1948
1949 BT_DBG("");
1950
1951 if (len != sizeof(*cp))
1952 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1953 MGMT_STATUS_INVALID_PARAMS);
1954
1955 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1956 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1957 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1958 }
1959
1960 static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1961 {
1962 struct mgmt_cp_user_passkey_reply *cp = data;
1963
1964 BT_DBG("");
1965
1966 if (len != sizeof(*cp))
1967 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1968 EINVAL);
1969
1970 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1971 MGMT_OP_USER_PASSKEY_REPLY,
1972 HCI_OP_USER_PASSKEY_REPLY,
1973 cp->passkey);
1974 }
1975
1976 static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1977 u16 len)
1978 {
1979 struct mgmt_cp_user_passkey_neg_reply *cp = data;
1980
1981 BT_DBG("");
1982
1983 if (len != sizeof(*cp))
1984 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1985 EINVAL);
1986
1987 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
1988 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1989 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1990 }
1991
1992 static int set_local_name(struct sock *sk, u16 index, void *data,
1993 u16 len)
1994 {
1995 struct mgmt_cp_set_local_name *mgmt_cp = data;
1996 struct hci_cp_write_local_name hci_cp;
1997 struct hci_dev *hdev;
1998 struct pending_cmd *cmd;
1999 int err;
2000
2001 BT_DBG("");
2002
2003 if (len != sizeof(*mgmt_cp))
2004 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2005 MGMT_STATUS_INVALID_PARAMS);
2006
2007 hdev = hci_dev_get(index);
2008 if (!hdev)
2009 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2010 MGMT_STATUS_INVALID_PARAMS);
2011
2012 hci_dev_lock(hdev);
2013
2014 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2015 len);
2016 if (!cmd) {
2017 err = -ENOMEM;
2018 goto failed;
2019 }
2020
2021 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2022 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2023 &hci_cp);
2024 if (err < 0)
2025 mgmt_pending_remove(cmd);
2026
2027 failed:
2028 hci_dev_unlock(hdev);
2029 hci_dev_put(hdev);
2030
2031 return err;
2032 }
2033
2034 static int read_local_oob_data(struct sock *sk, u16 index)
2035 {
2036 struct hci_dev *hdev;
2037 struct pending_cmd *cmd;
2038 int err;
2039
2040 BT_DBG("hci%u", index);
2041
2042 hdev = hci_dev_get(index);
2043 if (!hdev)
2044 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2045 MGMT_STATUS_INVALID_PARAMS);
2046
2047 hci_dev_lock(hdev);
2048
2049 if (!test_bit(HCI_UP, &hdev->flags)) {
2050 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2051 MGMT_STATUS_NOT_POWERED);
2052 goto unlock;
2053 }
2054
2055 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2056 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2057 MGMT_STATUS_NOT_SUPPORTED);
2058 goto unlock;
2059 }
2060
2061 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2062 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2063 MGMT_STATUS_BUSY);
2064 goto unlock;
2065 }
2066
2067 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2068 if (!cmd) {
2069 err = -ENOMEM;
2070 goto unlock;
2071 }
2072
2073 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2074 if (err < 0)
2075 mgmt_pending_remove(cmd);
2076
2077 unlock:
2078 hci_dev_unlock(hdev);
2079 hci_dev_put(hdev);
2080
2081 return err;
2082 }
2083
2084 static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2085 u16 len)
2086 {
2087 struct hci_dev *hdev;
2088 struct mgmt_cp_add_remote_oob_data *cp = data;
2089 int err;
2090
2091 BT_DBG("hci%u ", index);
2092
2093 if (len != sizeof(*cp))
2094 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2095 MGMT_STATUS_INVALID_PARAMS);
2096
2097 hdev = hci_dev_get(index);
2098 if (!hdev)
2099 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2100 MGMT_STATUS_INVALID_PARAMS);
2101
2102 hci_dev_lock(hdev);
2103
2104 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2105 cp->randomizer);
2106 if (err < 0)
2107 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2108 MGMT_STATUS_FAILED);
2109 else
2110 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
2111 0);
2112
2113 hci_dev_unlock(hdev);
2114 hci_dev_put(hdev);
2115
2116 return err;
2117 }
2118
2119 static int remove_remote_oob_data(struct sock *sk, u16 index,
2120 void *data, u16 len)
2121 {
2122 struct hci_dev *hdev;
2123 struct mgmt_cp_remove_remote_oob_data *cp = data;
2124 int err;
2125
2126 BT_DBG("hci%u ", index);
2127
2128 if (len != sizeof(*cp))
2129 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2130 MGMT_STATUS_INVALID_PARAMS);
2131
2132 hdev = hci_dev_get(index);
2133 if (!hdev)
2134 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2135 MGMT_STATUS_INVALID_PARAMS);
2136
2137 hci_dev_lock(hdev);
2138
2139 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2140 if (err < 0)
2141 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2142 MGMT_STATUS_INVALID_PARAMS);
2143 else
2144 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2145 NULL, 0);
2146
2147 hci_dev_unlock(hdev);
2148 hci_dev_put(hdev);
2149
2150 return err;
2151 }
2152
2153 static int start_discovery(struct sock *sk, u16 index,
2154 void *data, u16 len)
2155 {
2156 struct mgmt_cp_start_discovery *cp = data;
2157 unsigned long discov_type = cp->type;
2158 struct pending_cmd *cmd;
2159 struct hci_dev *hdev;
2160 int err;
2161
2162 BT_DBG("hci%u", index);
2163
2164 if (len != sizeof(*cp))
2165 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2166 MGMT_STATUS_INVALID_PARAMS);
2167
2168 hdev = hci_dev_get(index);
2169 if (!hdev)
2170 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2171 MGMT_STATUS_INVALID_PARAMS);
2172
2173 hci_dev_lock(hdev);
2174
2175 if (!test_bit(HCI_UP, &hdev->flags)) {
2176 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2177 MGMT_STATUS_NOT_POWERED);
2178 goto failed;
2179 }
2180
2181 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2182 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2183 MGMT_STATUS_BUSY);
2184 goto failed;
2185 }
2186
2187 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2188 if (!cmd) {
2189 err = -ENOMEM;
2190 goto failed;
2191 }
2192
2193 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
2194 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2195 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
2196 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
2197 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2198 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2199 else
2200 err = -EINVAL;
2201
2202 if (err < 0)
2203 mgmt_pending_remove(cmd);
2204 else
2205 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2206
2207 failed:
2208 hci_dev_unlock(hdev);
2209 hci_dev_put(hdev);
2210
2211 return err;
2212 }
2213
2214 static int stop_discovery(struct sock *sk, u16 index)
2215 {
2216 struct hci_dev *hdev;
2217 struct pending_cmd *cmd;
2218 struct hci_cp_remote_name_req_cancel cp;
2219 struct inquiry_entry *e;
2220 int err;
2221
2222 BT_DBG("hci%u", index);
2223
2224 hdev = hci_dev_get(index);
2225 if (!hdev)
2226 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2227 MGMT_STATUS_INVALID_PARAMS);
2228
2229 hci_dev_lock(hdev);
2230
2231 if (!hci_discovery_active(hdev)) {
2232 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2233 MGMT_STATUS_REJECTED);
2234 goto unlock;
2235 }
2236
2237 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2238 if (!cmd) {
2239 err = -ENOMEM;
2240 goto unlock;
2241 }
2242
2243 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2244 err = hci_cancel_inquiry(hdev);
2245 if (err < 0)
2246 mgmt_pending_remove(cmd);
2247 else
2248 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2249 goto unlock;
2250 }
2251
2252 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2253 if (!e) {
2254 mgmt_pending_remove(cmd);
2255 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2256 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2257 goto unlock;
2258 }
2259
2260 bacpy(&cp.bdaddr, &e->data.bdaddr);
2261 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2262 sizeof(cp), &cp);
2263 if (err < 0)
2264 mgmt_pending_remove(cmd);
2265 else
2266 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2267
2268 unlock:
2269 hci_dev_unlock(hdev);
2270 hci_dev_put(hdev);
2271
2272 return err;
2273 }
2274
2275 static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
2276 {
2277 struct mgmt_cp_confirm_name *cp = data;
2278 struct inquiry_entry *e;
2279 struct hci_dev *hdev;
2280 int err;
2281
2282 BT_DBG("hci%u", index);
2283
2284 if (len != sizeof(*cp))
2285 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2286 MGMT_STATUS_INVALID_PARAMS);
2287
2288 hdev = hci_dev_get(index);
2289 if (!hdev)
2290 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2291 MGMT_STATUS_INVALID_PARAMS);
2292
2293 hci_dev_lock(hdev);
2294
2295 if (!hci_discovery_active(hdev)) {
2296 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2297 MGMT_STATUS_FAILED);
2298 goto failed;
2299 }
2300
2301 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2302 if (!e) {
2303 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2304 MGMT_STATUS_INVALID_PARAMS);
2305 goto failed;
2306 }
2307
2308 if (cp->name_known) {
2309 e->name_state = NAME_KNOWN;
2310 list_del(&e->list);
2311 } else {
2312 e->name_state = NAME_NEEDED;
2313 hci_inquiry_cache_update_resolve(hdev, e);
2314 }
2315
2316 err = 0;
2317
2318 failed:
2319 hci_dev_unlock(hdev);
2320
2321 return err;
2322 }
2323
2324 static int block_device(struct sock *sk, u16 index, void *data, u16 len)
2325 {
2326 struct hci_dev *hdev;
2327 struct mgmt_cp_block_device *cp = data;
2328 int err;
2329
2330 BT_DBG("hci%u", index);
2331
2332 if (len != sizeof(*cp))
2333 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2334 MGMT_STATUS_INVALID_PARAMS);
2335
2336 hdev = hci_dev_get(index);
2337 if (!hdev)
2338 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2339 MGMT_STATUS_INVALID_PARAMS);
2340
2341 hci_dev_lock(hdev);
2342
2343 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2344 if (err < 0)
2345 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2346 MGMT_STATUS_FAILED);
2347 else
2348 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2349 NULL, 0);
2350
2351 hci_dev_unlock(hdev);
2352 hci_dev_put(hdev);
2353
2354 return err;
2355 }
2356
2357 static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
2358 {
2359 struct hci_dev *hdev;
2360 struct mgmt_cp_unblock_device *cp = data;
2361 int err;
2362
2363 BT_DBG("hci%u", index);
2364
2365 if (len != sizeof(*cp))
2366 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2367 MGMT_STATUS_INVALID_PARAMS);
2368
2369 hdev = hci_dev_get(index);
2370 if (!hdev)
2371 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2372 MGMT_STATUS_INVALID_PARAMS);
2373
2374 hci_dev_lock(hdev);
2375
2376 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2377
2378 if (err < 0)
2379 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2380 MGMT_STATUS_INVALID_PARAMS);
2381 else
2382 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2383 NULL, 0);
2384
2385 hci_dev_unlock(hdev);
2386 hci_dev_put(hdev);
2387
2388 return err;
2389 }
2390
2391 static int set_fast_connectable(struct sock *sk, u16 index,
2392 void *data, u16 len)
2393 {
2394 struct hci_dev *hdev;
2395 struct mgmt_mode *cp = data;
2396 struct hci_cp_write_page_scan_activity acp;
2397 u8 type;
2398 int err;
2399
2400 BT_DBG("hci%u", index);
2401
2402 if (len != sizeof(*cp))
2403 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2404 MGMT_STATUS_INVALID_PARAMS);
2405
2406 hdev = hci_dev_get(index);
2407 if (!hdev)
2408 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2409 MGMT_STATUS_INVALID_PARAMS);
2410
2411 hci_dev_lock(hdev);
2412
2413 if (cp->val) {
2414 type = PAGE_SCAN_TYPE_INTERLACED;
2415 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2416 } else {
2417 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2418 acp.interval = 0x0800; /* default 1.28 sec page scan */
2419 }
2420
2421 acp.window = 0x0012; /* default 11.25 msec page scan window */
2422
2423 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2424 sizeof(acp), &acp);
2425 if (err < 0) {
2426 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2427 MGMT_STATUS_FAILED);
2428 goto done;
2429 }
2430
2431 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2432 if (err < 0) {
2433 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2434 MGMT_STATUS_FAILED);
2435 goto done;
2436 }
2437
2438 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2439 NULL, 0);
2440 done:
2441 hci_dev_unlock(hdev);
2442 hci_dev_put(hdev);
2443
2444 return err;
2445 }
2446
2447 static int load_long_term_keys(struct sock *sk, u16 index,
2448 void *cp_data, u16 len)
2449 {
2450 struct hci_dev *hdev;
2451 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2452 u16 key_count, expected_len;
2453 int i;
2454
2455 if (len < sizeof(*cp))
2456 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2457 EINVAL);
2458
2459 key_count = get_unaligned_le16(&cp->key_count);
2460
2461 expected_len = sizeof(*cp) + key_count *
2462 sizeof(struct mgmt_ltk_info);
2463 if (expected_len != len) {
2464 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2465 len, expected_len);
2466 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2467 EINVAL);
2468 }
2469
2470 hdev = hci_dev_get(index);
2471 if (!hdev)
2472 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2473 ENODEV);
2474
2475 BT_DBG("hci%u key_count %u", index, key_count);
2476
2477 hci_dev_lock(hdev);
2478
2479 hci_smp_ltks_clear(hdev);
2480
2481 for (i = 0; i < key_count; i++) {
2482 struct mgmt_ltk_info *key = &cp->keys[i];
2483 u8 type;
2484
2485 if (key->master)
2486 type = HCI_SMP_LTK;
2487 else
2488 type = HCI_SMP_LTK_SLAVE;
2489
2490 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2491 type, 0, key->authenticated, key->val,
2492 key->enc_size, key->ediv, key->rand);
2493 }
2494
2495 hci_dev_unlock(hdev);
2496 hci_dev_put(hdev);
2497
2498 return 0;
2499 }
2500
2501 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2502 {
2503 void *buf;
2504 u8 *cp;
2505 struct mgmt_hdr *hdr;
2506 u16 opcode, index, len;
2507 int err;
2508
2509 BT_DBG("got %zu bytes", msglen);
2510
2511 if (msglen < sizeof(*hdr))
2512 return -EINVAL;
2513
2514 buf = kmalloc(msglen, GFP_KERNEL);
2515 if (!buf)
2516 return -ENOMEM;
2517
2518 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2519 err = -EFAULT;
2520 goto done;
2521 }
2522
2523 hdr = buf;
2524 opcode = get_unaligned_le16(&hdr->opcode);
2525 index = get_unaligned_le16(&hdr->index);
2526 len = get_unaligned_le16(&hdr->len);
2527
2528 if (len != msglen - sizeof(*hdr)) {
2529 err = -EINVAL;
2530 goto done;
2531 }
2532
2533 cp = buf + sizeof(*hdr);
2534
2535 switch (opcode) {
2536 case MGMT_OP_READ_VERSION:
2537 err = read_version(sk);
2538 break;
2539 case MGMT_OP_READ_COMMANDS:
2540 err = read_commands(sk);
2541 break;
2542 case MGMT_OP_READ_INDEX_LIST:
2543 err = read_index_list(sk);
2544 break;
2545 case MGMT_OP_READ_INFO:
2546 err = read_controller_info(sk, index);
2547 break;
2548 case MGMT_OP_SET_POWERED:
2549 err = set_powered(sk, index, cp, len);
2550 break;
2551 case MGMT_OP_SET_DISCOVERABLE:
2552 err = set_discoverable(sk, index, cp, len);
2553 break;
2554 case MGMT_OP_SET_CONNECTABLE:
2555 err = set_connectable(sk, index, cp, len);
2556 break;
2557 case MGMT_OP_SET_FAST_CONNECTABLE:
2558 err = set_fast_connectable(sk, index, cp, len);
2559 break;
2560 case MGMT_OP_SET_PAIRABLE:
2561 err = set_pairable(sk, index, cp, len);
2562 break;
2563 case MGMT_OP_SET_LINK_SECURITY:
2564 err = set_link_security(sk, index, cp, len);
2565 break;
2566 case MGMT_OP_SET_SSP:
2567 err = set_ssp(sk, index, cp, len);
2568 break;
2569 case MGMT_OP_ADD_UUID:
2570 err = add_uuid(sk, index, cp, len);
2571 break;
2572 case MGMT_OP_REMOVE_UUID:
2573 err = remove_uuid(sk, index, cp, len);
2574 break;
2575 case MGMT_OP_SET_DEV_CLASS:
2576 err = set_dev_class(sk, index, cp, len);
2577 break;
2578 case MGMT_OP_LOAD_LINK_KEYS:
2579 err = load_link_keys(sk, index, cp, len);
2580 break;
2581 case MGMT_OP_DISCONNECT:
2582 err = disconnect(sk, index, cp, len);
2583 break;
2584 case MGMT_OP_GET_CONNECTIONS:
2585 err = get_connections(sk, index);
2586 break;
2587 case MGMT_OP_PIN_CODE_REPLY:
2588 err = pin_code_reply(sk, index, cp, len);
2589 break;
2590 case MGMT_OP_PIN_CODE_NEG_REPLY:
2591 err = pin_code_neg_reply(sk, index, cp, len);
2592 break;
2593 case MGMT_OP_SET_IO_CAPABILITY:
2594 err = set_io_capability(sk, index, cp, len);
2595 break;
2596 case MGMT_OP_PAIR_DEVICE:
2597 err = pair_device(sk, index, cp, len);
2598 break;
2599 case MGMT_OP_CANCEL_PAIR_DEVICE:
2600 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2601 break;
2602 case MGMT_OP_UNPAIR_DEVICE:
2603 err = unpair_device(sk, index, cp, len);
2604 break;
2605 case MGMT_OP_USER_CONFIRM_REPLY:
2606 err = user_confirm_reply(sk, index, cp, len);
2607 break;
2608 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
2609 err = user_confirm_neg_reply(sk, index, cp, len);
2610 break;
2611 case MGMT_OP_USER_PASSKEY_REPLY:
2612 err = user_passkey_reply(sk, index, cp, len);
2613 break;
2614 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2615 err = user_passkey_neg_reply(sk, index, cp, len);
2616 break;
2617 case MGMT_OP_SET_LOCAL_NAME:
2618 err = set_local_name(sk, index, cp, len);
2619 break;
2620 case MGMT_OP_READ_LOCAL_OOB_DATA:
2621 err = read_local_oob_data(sk, index);
2622 break;
2623 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2624 err = add_remote_oob_data(sk, index, cp, len);
2625 break;
2626 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2627 err = remove_remote_oob_data(sk, index, cp, len);
2628 break;
2629 case MGMT_OP_START_DISCOVERY:
2630 err = start_discovery(sk, index, cp, len);
2631 break;
2632 case MGMT_OP_STOP_DISCOVERY:
2633 err = stop_discovery(sk, index);
2634 break;
2635 case MGMT_OP_CONFIRM_NAME:
2636 err = confirm_name(sk, index, cp, len);
2637 break;
2638 case MGMT_OP_BLOCK_DEVICE:
2639 err = block_device(sk, index, cp, len);
2640 break;
2641 case MGMT_OP_UNBLOCK_DEVICE:
2642 err = unblock_device(sk, index, cp, len);
2643 break;
2644 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2645 err = load_long_term_keys(sk, index, cp, len);
2646 break;
2647 default:
2648 BT_DBG("Unknown op %u", opcode);
2649 err = cmd_status(sk, index, opcode,
2650 MGMT_STATUS_UNKNOWN_COMMAND);
2651 break;
2652 }
2653
2654 if (err < 0)
2655 goto done;
2656
2657 err = msglen;
2658
2659 done:
2660 kfree(buf);
2661 return err;
2662 }
2663
2664 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2665 {
2666 u8 *status = data;
2667
2668 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2669 mgmt_pending_remove(cmd);
2670 }
2671
2672 int mgmt_index_added(struct hci_dev *hdev)
2673 {
2674 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2675 }
2676
2677 int mgmt_index_removed(struct hci_dev *hdev)
2678 {
2679 u8 status = ENODEV;
2680
2681 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2682
2683 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2684 }
2685
2686 struct cmd_lookup {
2687 struct sock *sk;
2688 struct hci_dev *hdev;
2689 };
2690
2691 static void settings_rsp(struct pending_cmd *cmd, void *data)
2692 {
2693 struct cmd_lookup *match = data;
2694
2695 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2696
2697 list_del(&cmd->list);
2698
2699 if (match->sk == NULL) {
2700 match->sk = cmd->sk;
2701 sock_hold(match->sk);
2702 }
2703
2704 mgmt_pending_free(cmd);
2705 }
2706
2707 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2708 {
2709 struct cmd_lookup match = { NULL, hdev };
2710 __le32 ev;
2711 int err;
2712
2713 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2714
2715 if (!powered) {
2716 u8 status = ENETDOWN;
2717 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2718 }
2719
2720 ev = cpu_to_le32(get_current_settings(hdev));
2721
2722 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2723 match.sk);
2724
2725 if (match.sk)
2726 sock_put(match.sk);
2727
2728 return err;
2729 }
2730
2731 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2732 {
2733 struct cmd_lookup match = { NULL, hdev };
2734 __le32 ev;
2735 int err;
2736
2737 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
2738
2739 ev = cpu_to_le32(get_current_settings(hdev));
2740
2741 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2742 match.sk);
2743 if (match.sk)
2744 sock_put(match.sk);
2745
2746 return err;
2747 }
2748
2749 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2750 {
2751 __le32 ev;
2752 struct cmd_lookup match = { NULL, hdev };
2753 int err;
2754
2755 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2756 &match);
2757
2758 ev = cpu_to_le32(get_current_settings(hdev));
2759
2760 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
2761
2762 if (match.sk)
2763 sock_put(match.sk);
2764
2765 return err;
2766 }
2767
2768 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2769 {
2770 u8 mgmt_err = mgmt_status(status);
2771
2772 if (scan & SCAN_PAGE)
2773 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2774 cmd_status_rsp, &mgmt_err);
2775
2776 if (scan & SCAN_INQUIRY)
2777 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2778 cmd_status_rsp, &mgmt_err);
2779
2780 return 0;
2781 }
2782
2783 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2784 u8 persistent)
2785 {
2786 struct mgmt_ev_new_link_key ev;
2787
2788 memset(&ev, 0, sizeof(ev));
2789
2790 ev.store_hint = persistent;
2791 bacpy(&ev.key.bdaddr, &key->bdaddr);
2792 ev.key.type = key->type;
2793 memcpy(ev.key.val, key->val, 16);
2794 ev.key.pin_len = key->pin_len;
2795
2796 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2797 }
2798
2799 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2800 {
2801 struct mgmt_ev_new_long_term_key ev;
2802
2803 memset(&ev, 0, sizeof(ev));
2804
2805 ev.store_hint = persistent;
2806 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2807 ev.key.addr.type = key->bdaddr_type;
2808 ev.key.authenticated = key->authenticated;
2809 ev.key.enc_size = key->enc_size;
2810 ev.key.ediv = key->ediv;
2811
2812 if (key->type == HCI_SMP_LTK)
2813 ev.key.master = 1;
2814
2815 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2816 memcpy(ev.key.val, key->val, sizeof(key->val));
2817
2818 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2819 &ev, sizeof(ev), NULL);
2820 }
2821
2822 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2823 u8 addr_type, u8 *name, u8 name_len,
2824 u8 *dev_class)
2825 {
2826 char buf[512];
2827 struct mgmt_ev_device_connected *ev = (void *) buf;
2828 u16 eir_len = 0;
2829
2830 bacpy(&ev->addr.bdaddr, bdaddr);
2831 ev->addr.type = link_to_mgmt(link_type, addr_type);
2832
2833 if (name_len > 0)
2834 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2835 name, name_len);
2836
2837 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2838 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2839 EIR_CLASS_OF_DEV, dev_class, 3);
2840
2841 put_unaligned_le16(eir_len, &ev->eir_len);
2842
2843 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2844 sizeof(*ev) + eir_len, NULL);
2845 }
2846
2847 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2848 {
2849 struct mgmt_cp_disconnect *cp = cmd->param;
2850 struct sock **sk = data;
2851 struct mgmt_rp_disconnect rp;
2852
2853 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2854 rp.addr.type = cp->addr.type;
2855 rp.status = 0;
2856
2857 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
2858
2859 *sk = cmd->sk;
2860 sock_hold(*sk);
2861
2862 mgmt_pending_remove(cmd);
2863 }
2864
2865 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2866 {
2867 struct hci_dev *hdev = data;
2868 struct mgmt_cp_unpair_device *cp = cmd->param;
2869 struct mgmt_rp_unpair_device rp;
2870
2871 memset(&rp, 0, sizeof(rp));
2872 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2873 rp.addr.type = cp->addr.type;
2874
2875 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2876
2877 cmd_complete(cmd->sk, cmd->index, cmd->opcode, &rp, sizeof(rp));
2878
2879 mgmt_pending_remove(cmd);
2880 }
2881
2882 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2883 u8 link_type, u8 addr_type)
2884 {
2885 struct mgmt_addr_info ev;
2886 struct sock *sk = NULL;
2887 int err;
2888
2889 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2890
2891 bacpy(&ev.bdaddr, bdaddr);
2892 ev.type = link_to_mgmt(link_type, addr_type);
2893
2894 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2895 sk);
2896
2897 if (sk)
2898 sock_put(sk);
2899
2900 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2901 hdev);
2902
2903 return err;
2904 }
2905
2906 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
2907 u8 link_type, u8 addr_type, u8 status)
2908 {
2909 struct mgmt_rp_disconnect rp;
2910 struct pending_cmd *cmd;
2911 int err;
2912
2913 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
2914 if (!cmd)
2915 return -ENOENT;
2916
2917 bacpy(&rp.addr.bdaddr, bdaddr);
2918 rp.addr.type = link_to_mgmt(link_type, addr_type);
2919 rp.status = mgmt_status(status);
2920
2921 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2922 &rp, sizeof(rp));
2923
2924 mgmt_pending_remove(cmd);
2925
2926 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
2927 hdev);
2928 return err;
2929 }
2930
2931 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2932 u8 addr_type, u8 status)
2933 {
2934 struct mgmt_ev_connect_failed ev;
2935
2936 bacpy(&ev.addr.bdaddr, bdaddr);
2937 ev.addr.type = link_to_mgmt(link_type, addr_type);
2938 ev.status = mgmt_status(status);
2939
2940 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
2941 }
2942
2943 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
2944 {
2945 struct mgmt_ev_pin_code_request ev;
2946
2947 bacpy(&ev.bdaddr, bdaddr);
2948 ev.secure = secure;
2949
2950 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
2951 NULL);
2952 }
2953
2954 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2955 u8 status)
2956 {
2957 struct pending_cmd *cmd;
2958 struct mgmt_rp_pin_code_reply rp;
2959 int err;
2960
2961 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
2962 if (!cmd)
2963 return -ENOENT;
2964
2965 bacpy(&rp.bdaddr, bdaddr);
2966 rp.status = mgmt_status(status);
2967
2968 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
2969 sizeof(rp));
2970
2971 mgmt_pending_remove(cmd);
2972
2973 return err;
2974 }
2975
2976 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2977 u8 status)
2978 {
2979 struct pending_cmd *cmd;
2980 struct mgmt_rp_pin_code_reply rp;
2981 int err;
2982
2983 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
2984 if (!cmd)
2985 return -ENOENT;
2986
2987 bacpy(&rp.bdaddr, bdaddr);
2988 rp.status = mgmt_status(status);
2989
2990 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
2991 sizeof(rp));
2992
2993 mgmt_pending_remove(cmd);
2994
2995 return err;
2996 }
2997
2998 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2999 u8 link_type, u8 addr_type, __le32 value,
3000 u8 confirm_hint)
3001 {
3002 struct mgmt_ev_user_confirm_request ev;
3003
3004 BT_DBG("%s", hdev->name);
3005
3006 bacpy(&ev.addr.bdaddr, bdaddr);
3007 ev.addr.type = link_to_mgmt(link_type, addr_type);
3008 ev.confirm_hint = confirm_hint;
3009 put_unaligned_le32(value, &ev.value);
3010
3011 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3012 NULL);
3013 }
3014
3015 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3016 u8 link_type, u8 addr_type)
3017 {
3018 struct mgmt_ev_user_passkey_request ev;
3019
3020 BT_DBG("%s", hdev->name);
3021
3022 bacpy(&ev.addr.bdaddr, bdaddr);
3023 ev.addr.type = link_to_mgmt(link_type, addr_type);
3024
3025 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3026 NULL);
3027 }
3028
3029 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3030 u8 link_type, u8 addr_type, u8 status,
3031 u8 opcode)
3032 {
3033 struct pending_cmd *cmd;
3034 struct mgmt_rp_user_confirm_reply rp;
3035 int err;
3036
3037 cmd = mgmt_pending_find(opcode, hdev);
3038 if (!cmd)
3039 return -ENOENT;
3040
3041 bacpy(&rp.addr.bdaddr, bdaddr);
3042 rp.addr.type = link_to_mgmt(link_type, addr_type);
3043 rp.status = mgmt_status(status);
3044 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
3045
3046 mgmt_pending_remove(cmd);
3047
3048 return err;
3049 }
3050
3051 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3052 u8 link_type, u8 addr_type, u8 status)
3053 {
3054 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3055 status, MGMT_OP_USER_CONFIRM_REPLY);
3056 }
3057
3058 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3059 u8 link_type, u8 addr_type, u8 status)
3060 {
3061 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3062 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3063 }
3064
3065 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3066 u8 link_type, u8 addr_type, u8 status)
3067 {
3068 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3069 status, MGMT_OP_USER_PASSKEY_REPLY);
3070 }
3071
3072 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3073 u8 link_type, u8 addr_type, u8 status)
3074 {
3075 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3076 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3077 }
3078
3079 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3080 u8 addr_type, u8 status)
3081 {
3082 struct mgmt_ev_auth_failed ev;
3083
3084 bacpy(&ev.addr.bdaddr, bdaddr);
3085 ev.addr.type = link_to_mgmt(link_type, addr_type);
3086 ev.status = mgmt_status(status);
3087
3088 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3089 }
3090
3091 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3092 {
3093 struct cmd_lookup match = { NULL, hdev };
3094 __le32 ev;
3095 int err;
3096
3097 if (status) {
3098 u8 mgmt_err = mgmt_status(status);
3099 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3100 cmd_status_rsp, &mgmt_err);
3101 return 0;
3102 }
3103
3104 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3105 &match);
3106
3107 ev = cpu_to_le32(get_current_settings(hdev));
3108 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3109
3110 if (match.sk)
3111 sock_put(match.sk);
3112
3113 return err;
3114 }
3115
3116 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3117 {
3118 struct cmd_lookup match = { NULL, hdev };
3119 __le32 ev;
3120 int err;
3121
3122 if (status) {
3123 u8 mgmt_err = mgmt_status(status);
3124 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3125 cmd_status_rsp, &mgmt_err);
3126 return 0;
3127 }
3128
3129 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3130
3131 ev = cpu_to_le32(get_current_settings(hdev));
3132 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3133
3134 if (match.sk)
3135 sock_put(match.sk);
3136
3137 return err;
3138 }
3139
3140 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3141 {
3142 struct pending_cmd *cmd;
3143 struct mgmt_cp_set_local_name ev;
3144 int err;
3145
3146 memset(&ev, 0, sizeof(ev));
3147 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3148
3149 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3150 if (!cmd)
3151 goto send_event;
3152
3153 if (status) {
3154 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3155 mgmt_status(status));
3156 goto failed;
3157 }
3158
3159 update_eir(hdev);
3160
3161 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
3162 sizeof(ev));
3163 if (err < 0)
3164 goto failed;
3165
3166 send_event:
3167 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3168 cmd ? cmd->sk : NULL);
3169
3170 failed:
3171 if (cmd)
3172 mgmt_pending_remove(cmd);
3173 return err;
3174 }
3175
3176 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3177 u8 *randomizer, u8 status)
3178 {
3179 struct pending_cmd *cmd;
3180 int err;
3181
3182 BT_DBG("%s status %u", hdev->name, status);
3183
3184 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3185 if (!cmd)
3186 return -ENOENT;
3187
3188 if (status) {
3189 err = cmd_status(cmd->sk, hdev->id,
3190 MGMT_OP_READ_LOCAL_OOB_DATA,
3191 mgmt_status(status));
3192 } else {
3193 struct mgmt_rp_read_local_oob_data rp;
3194
3195 memcpy(rp.hash, hash, sizeof(rp.hash));
3196 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3197
3198 err = cmd_complete(cmd->sk, hdev->id,
3199 MGMT_OP_READ_LOCAL_OOB_DATA,
3200 &rp, sizeof(rp));
3201 }
3202
3203 mgmt_pending_remove(cmd);
3204
3205 return err;
3206 }
3207
3208 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3209 u8 addr_type, u8 *dev_class, s8 rssi,
3210 u8 cfm_name, u8 *eir, u16 eir_len)
3211 {
3212 char buf[512];
3213 struct mgmt_ev_device_found *ev = (void *) buf;
3214 size_t ev_size;
3215
3216 /* Leave 5 bytes for a potential CoD field */
3217 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3218 return -EINVAL;
3219
3220 memset(buf, 0, sizeof(buf));
3221
3222 bacpy(&ev->addr.bdaddr, bdaddr);
3223 ev->addr.type = link_to_mgmt(link_type, addr_type);
3224 ev->rssi = rssi;
3225 ev->confirm_name = cfm_name;
3226
3227 if (eir_len > 0)
3228 memcpy(ev->eir, eir, eir_len);
3229
3230 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3231 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3232 dev_class, 3);
3233
3234 put_unaligned_le16(eir_len, &ev->eir_len);
3235
3236 ev_size = sizeof(*ev) + eir_len;
3237
3238 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3239 }
3240
3241 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3242 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3243 {
3244 struct mgmt_ev_device_found *ev;
3245 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3246 u16 eir_len;
3247
3248 ev = (struct mgmt_ev_device_found *) buf;
3249
3250 memset(buf, 0, sizeof(buf));
3251
3252 bacpy(&ev->addr.bdaddr, bdaddr);
3253 ev->addr.type = link_to_mgmt(link_type, addr_type);
3254 ev->rssi = rssi;
3255
3256 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3257 name_len);
3258
3259 put_unaligned_le16(eir_len, &ev->eir_len);
3260
3261 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3262 sizeof(*ev) + eir_len, NULL);
3263 }
3264
3265 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3266 {
3267 struct pending_cmd *cmd;
3268 int err;
3269
3270 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3271
3272 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3273 if (!cmd)
3274 return -ENOENT;
3275
3276 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3277 mgmt_pending_remove(cmd);
3278
3279 return err;
3280 }
3281
3282 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3283 {
3284 struct pending_cmd *cmd;
3285 int err;
3286
3287 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3288 if (!cmd)
3289 return -ENOENT;
3290
3291 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
3292 mgmt_pending_remove(cmd);
3293
3294 return err;
3295 }
3296
3297 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3298 {
3299 struct pending_cmd *cmd;
3300
3301 BT_DBG("%s discovering %u", hdev->name, discovering);
3302
3303 if (discovering)
3304 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3305 else
3306 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3307
3308 if (cmd != NULL) {
3309 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
3310 mgmt_pending_remove(cmd);
3311 }
3312
3313 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
3314 sizeof(discovering), NULL);
3315 }
3316
3317 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3318 {
3319 struct pending_cmd *cmd;
3320 struct mgmt_ev_device_blocked ev;
3321
3322 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3323
3324 bacpy(&ev.addr.bdaddr, bdaddr);
3325 ev.addr.type = type;
3326
3327 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3328 cmd ? cmd->sk : NULL);
3329 }
3330
3331 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3332 {
3333 struct pending_cmd *cmd;
3334 struct mgmt_ev_device_unblocked ev;
3335
3336 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3337
3338 bacpy(&ev.addr.bdaddr, bdaddr);
3339 ev.addr.type = type;
3340
3341 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3342 cmd ? cmd->sk : NULL);
3343 }
kernel source for telekom puls (alcatel/mediatek)