projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove unneeded hci_cc_read_ssp_mode function
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
56b7d137 267 return err;;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f1f0eb02 395 if (hdev_is_powered(hdev))
f0d4b78a
MH		 396 settings |= MGMT_SETTING_POWERED;
397
5e5282bb 398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 399 settings |= MGMT_SETTING_CONNECTABLE;
400
5e5282bb 401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_DISCOVERABLE;
403
a8b2d5c2 404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
59e29406 410 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 411 settings |= MGMT_SETTING_LE;
412
47990ea0 413 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_LINK_SECURITY;
415
84bde9d6 416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_SSP;
418
6d80dfd0
JH		 419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
69ab39ea
JH		 422 return settings;
423}
424
ef580372
JH		 425#define PNP_INFO_SVCLASS_ID 0x1200
426
427static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430};
431
432static u16 get_uuid16(u8 *uuid128)
433{
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 memcpy(&val, &uuid128[12], 4);
443
444 val = le32_to_cpu(val);
445 if (val > 0xffff)
446 return 0;
447
448 return (u16) val;
449}
450
451static void create_eir(struct hci_dev *hdev, u8 *data)
452{
453 u8 *ptr = data;
454 u16 eir_len = 0;
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
458 size_t name_len;
459
460 name_len = strlen(hdev->dev_name);
461
462 if (name_len > 0) {
463 /* EIR Data type */
464 if (name_len > 48) {
465 name_len = 48;
466 ptr[1] = EIR_NAME_SHORT;
467 } else
468 ptr[1] = EIR_NAME_COMPLETE;
469
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
472
473 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
477 }
478
479 memset(uuid16_list, 0, sizeof(uuid16_list));
480
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 u16 uuid16;
484
485 uuid16 = get_uuid16(uuid->uuid);
486 if (uuid16 == 0)
487 return;
488
489 if (uuid16 < 0x1100)
490 continue;
491
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
493 continue;
494
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497 truncated = 1;
498 break;
499 }
500
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
504 break;
505
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
509 }
510 }
511
512 if (uuid16_list[0] != 0) {
513 u8 *length = ptr;
514
515 /* EIR Data type */
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518 ptr += 2;
519 eir_len += 2;
520
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524 }
525
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
528 }
529}
530
531static int update_eir(struct hci_dev *hdev)
532{
533 struct hci_cp_write_eir cp;
534
535 if (!(hdev->features[6] & LMP_EXT_INQ))
536 return 0;
537
84bde9d6 538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 539 return 0;
540
a8b2d5c2 541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
544 memset(&cp, 0, sizeof(cp));
545
546 create_eir(hdev, cp.data);
547
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
549 return 0;
550
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
552
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
554}
555
556static u8 get_service_classes(struct hci_dev *hdev)
557{
558 struct bt_uuid *uuid;
559 u8 val = 0;
560
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
563
564 return val;
565}
566
567static int update_class(struct hci_dev *hdev)
568{
569 u8 cod[3];
570
571 BT_DBG("%s", hdev->name);
572
a8b2d5c2 573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 574 return 0;
575
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
579
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
581 return 0;
582
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
584}
585
7d78525d
JH		 586static void service_cache_off(struct work_struct *work)
587{
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
589 service_cache.work);
590
a8b2d5c2 591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 592 return;
593
594 hci_dev_lock(hdev);
595
596 update_eir(hdev);
597 update_class(hdev);
598
599 hci_dev_unlock(hdev);
600}
601
602static void mgmt_init_hdev(struct hci_dev *hdev)
603{
0cbf4ed6 604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
606
0cbf4ed6
JH		 607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
610 * it
611 */
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
613 }
614
a8b2d5c2 615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
618}
619
4e51eae9 620static int read_controller_info(struct sock *sk, u16 index)
0381101f 621{
a38528f1 622 struct mgmt_rp_read_info rp;
f7b64e69 623 struct hci_dev *hdev;
0381101f 624
4e51eae9 625 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 626
4e51eae9 627 hdev = hci_dev_get(index);
a38528f1 628 if (!hdev)
ca69b795
JH		 629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 631
09fd0de5 632 hci_dev_lock(hdev);
f7b64e69 633
7d78525d
JH		 634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
ebc99feb 636
dc4fe30b
JH		 637 memset(&rp, 0, sizeof(rp));
638
69ab39ea 639 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 640
69ab39ea 641 rp.version = hdev->hci_ver;
f7b64e69 642
69ab39ea
JH		 643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
644
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 647
a38528f1 648 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 649
dc4fe30b
JH		 650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
651
09fd0de5 652 hci_dev_unlock(hdev);
f7b64e69 653 hci_dev_put(hdev);
0381101f 654
aee9b218 655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 656}
657
eec8d2bc
JH		 658static void mgmt_pending_free(struct pending_cmd *cmd)
659{
660 sock_put(cmd->sk);
c68fb7ff 661 kfree(cmd->param);
eec8d2bc
JH		 662 kfree(cmd);
663}
664
366a0336 665static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 666 struct hci_dev *hdev,
667 void *data, u16 len)
eec8d2bc
JH		 668{
669 struct pending_cmd *cmd;
670
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
672 if (!cmd)
366a0336 673 return NULL;
eec8d2bc
JH		 674
675 cmd->opcode = opcode;
2e58ef3e 676 cmd->index = hdev->id;
eec8d2bc 677
c68fb7ff
SJ		 678 cmd->param = kmalloc(len, GFP_ATOMIC);
679 if (!cmd->param) {
eec8d2bc 680 kfree(cmd);
366a0336 681 return NULL;
eec8d2bc
JH		 682 }
683
8fce6357
SJ		 684 if (data)
685 memcpy(cmd->param, data, len);
eec8d2bc
JH		 686
687 cmd->sk = sk;
688 sock_hold(sk);
689
2e58ef3e 690 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 691
366a0336 692 return cmd;
eec8d2bc
JH		 693}
694
744cf19e 695static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 696 void (*cb)(struct pending_cmd *cmd, void *data),
697 void *data)
698{
699 struct list_head *p, *n;
700
2e58ef3e 701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 702 struct pending_cmd *cmd;
703
704 cmd = list_entry(p, struct pending_cmd, list);
705
b24752fe 706 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 707 continue;
708
eec8d2bc
JH		 709 cb(cmd, data);
710 }
711}
712
2e58ef3e 713static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 714{
8035ded4 715 struct pending_cmd *cmd;
eec8d2bc 716
2e58ef3e 717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 718 if (cmd->opcode == opcode)
719 return cmd;
eec8d2bc
JH		 720 }
721
722 return NULL;
723}
724
a664b5bc 725static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 726{
73f22f62
JH		 727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
729}
730
69ab39ea 731static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 732{
69ab39ea 733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 734
aee9b218
JH		 735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
736 sizeof(settings));
8680570b
JH		 737}
738
650f726d 739static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 740{
650f726d 741 struct mgmt_mode *cp = data;
eec8d2bc 742 struct hci_dev *hdev;
366a0336 743 struct pending_cmd *cmd;
4b34ee78 744 int err;
eec8d2bc 745
4e51eae9 746 BT_DBG("request for hci%u", index);
eec8d2bc 747
bdce7baf 748 if (len != sizeof(*cp))
ca69b795
JH		 749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 751
4e51eae9 752 hdev = hci_dev_get(index);
eec8d2bc 753 if (!hdev)
ca69b795
JH		 754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 756
09fd0de5 757 hci_dev_lock(hdev);
eec8d2bc 758
f0d4b78a
MH		 759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
761
762 if (cp->val) {
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
765 goto failed;
766 }
767 }
768
4b34ee78 769 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 771 goto failed;
772 }
773
2e58ef3e 774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
776 MGMT_STATUS_BUSY);
eec8d2bc
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
eec8d2bc 783 goto failed;
366a0336 784 }
eec8d2bc 785
72a734ec 786 if (cp->val)
7f971041 787 schedule_work(&hdev->power_on);
eec8d2bc 788 else
80b7ab33 789 schedule_work(&hdev->power_off.work);
eec8d2bc 790
366a0336 791 err = 0;
eec8d2bc
JH		 792
793failed:
09fd0de5 794 hci_dev_unlock(hdev);
eec8d2bc 795 hci_dev_put(hdev);
366a0336 796 return err;
eec8d2bc
JH		 797}
798
beadb2bd
JH		 799static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
800 u16 data_len, struct sock *skip_sk)
801{
802 struct sk_buff *skb;
803 struct mgmt_hdr *hdr;
804
805 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
806 if (!skb)
807 return -ENOMEM;
808
809 hdr = (void *) skb_put(skb, sizeof(*hdr));
810 hdr->opcode = cpu_to_le16(event);
811 if (hdev)
812 hdr->index = cpu_to_le16(hdev->id);
813 else
814 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
815 hdr->len = cpu_to_le16(data_len);
816
817 if (data)
818 memcpy(skb_put(skb, data_len), data, data_len);
819
820 hci_send_to_control(skb, skip_sk);
821 kfree_skb(skb);
822
823 return 0;
824}
825
826static int new_settings(struct hci_dev *hdev, struct sock *skip)
827{
828 __le32 ev;
829
830 ev = cpu_to_le32(get_current_settings(hdev));
831
832 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
833}
834
650f726d 835static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 836{
650f726d 837 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 838 struct hci_dev *hdev;
366a0336 839 struct pending_cmd *cmd;
5e5282bb 840 u16 timeout;
73f22f62
JH		 841 u8 scan;
842 int err;
843
4e51eae9 844 BT_DBG("request for hci%u", index);
73f22f62 845
bdce7baf 846 if (len != sizeof(*cp))
ca69b795
JH		 847 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
848 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 849
4e51eae9 850 hdev = hci_dev_get(index);
73f22f62 851 if (!hdev)
ca69b795
JH		 852 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
853 MGMT_STATUS_INVALID_PARAMS);
73f22f62 854
5e5282bb
JH		 855 timeout = get_unaligned_le16(&cp->timeout);
856
09fd0de5 857 hci_dev_lock(hdev);
73f22f62 858
5e5282bb 859 if (!hdev_is_powered(hdev) && timeout > 0) {
ca69b795
JH		 860 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
861 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 862 goto failed;
863 }
864
2e58ef3e
JH		 865 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
866 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 867 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
868 MGMT_STATUS_BUSY);
73f22f62
JH		 869 goto failed;
870 }
871
5e5282bb
JH		 872 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
873 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_REJECTED);
875 goto failed;
876 }
877
878 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 879 bool changed = false;
880
881 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
882 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
883 changed = true;
884 }
885
5e5282bb 886 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 887 if (err < 0)
888 goto failed;
889
890 if (changed)
891 err = new_settings(hdev, sk);
892
5e5282bb
JH		 893 goto failed;
894 }
895
896 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
69ab39ea 897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 898 goto failed;
899 }
900
2e58ef3e 901 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 902 if (!cmd) {
903 err = -ENOMEM;
73f22f62 904 goto failed;
366a0336 905 }
73f22f62
JH		 906
907 scan = SCAN_PAGE;
908
72a734ec 909 if (cp->val)
73f22f62 910 scan |= SCAN_INQUIRY;
16ab91ab 911 else
e0f9309f 912 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 913
914 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
915 if (err < 0)
a664b5bc 916 mgmt_pending_remove(cmd);
73f22f62 917
16ab91ab 918 if (cp->val)
5e5282bb 919 hdev->discov_timeout = timeout;
16ab91ab 920
73f22f62 921failed:
09fd0de5 922 hci_dev_unlock(hdev);
73f22f62
JH		 923 hci_dev_put(hdev);
924
925 return err;
926}
927
650f726d 928static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 929{
650f726d 930 struct mgmt_mode *cp = data;
9fbcbb45 931 struct hci_dev *hdev;
366a0336 932 struct pending_cmd *cmd;
9fbcbb45
JH		 933 u8 scan;
934 int err;
935
4e51eae9 936 BT_DBG("request for hci%u", index);
9fbcbb45 937
bdce7baf 938 if (len != sizeof(*cp))
ca69b795
JH		 939 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
940 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 941
4e51eae9 942 hdev = hci_dev_get(index);
9fbcbb45 943 if (!hdev)
ca69b795
JH		 944 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
945 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 946
09fd0de5 947 hci_dev_lock(hdev);
9fbcbb45 948
4b34ee78 949 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 950 bool changed = false;
951
952 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
953 changed = true;
954
5e5282bb
JH		 955 if (cp->val)
956 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
957 else {
958 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
959 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
960 }
0224d2fa 961
5e5282bb 962 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 963 if (err < 0)
964 goto failed;
965
966 if (changed)
967 err = new_settings(hdev, sk);
968
9fbcbb45
JH		 969 goto failed;
970 }
971
2e58ef3e
JH		 972 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
973 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 974 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
975 MGMT_STATUS_BUSY);
9fbcbb45
JH		 976 goto failed;
977 }
978
5e5282bb 979 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 980 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 981 goto failed;
982 }
983
2e58ef3e 984 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 985 if (!cmd) {
986 err = -ENOMEM;
9fbcbb45 987 goto failed;
366a0336 988 }
9fbcbb45 989
72a734ec 990 if (cp->val)
9fbcbb45 991 scan = SCAN_PAGE;
df2c6c5e 992 else {
9fbcbb45
JH		 993 scan = 0;
994
df2c6c5e
JH		 995 if (test_bit(HCI_ISCAN, &hdev->flags) &&
996 hdev->discov_timeout > 0)
997 cancel_delayed_work(&hdev->discov_off);
998 }
999
9fbcbb45
JH		 1000 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1001 if (err < 0)
a664b5bc 1002 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1003
1004failed:
09fd0de5 1005 hci_dev_unlock(hdev);
9fbcbb45
JH		 1006 hci_dev_put(hdev);
1007
1008 return err;
1009}
1010
650f726d 1011static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 1012{
650f726d 1013 struct mgmt_mode *cp = data;
c542a06c 1014 struct hci_dev *hdev;
c542a06c
JH		 1015 int err;
1016
4e51eae9 1017 BT_DBG("request for hci%u", index);
c542a06c 1018
bdce7baf 1019 if (len != sizeof(*cp))
ca69b795
JH		 1020 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1021 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1022
4e51eae9 1023 hdev = hci_dev_get(index);
c542a06c 1024 if (!hdev)
ca69b795
JH		 1025 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1026 MGMT_STATUS_INVALID_PARAMS);
c542a06c 1027
09fd0de5 1028 hci_dev_lock(hdev);
c542a06c
JH		 1029
1030 if (cp->val)
a8b2d5c2 1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1032 else
a8b2d5c2 1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1034
69ab39ea 1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1036 if (err < 0)
1037 goto failed;
1038
beadb2bd 1039 err = new_settings(hdev, sk);
c542a06c
JH		 1040
1041failed:
09fd0de5 1042 hci_dev_unlock(hdev);
c542a06c
JH		 1043 hci_dev_put(hdev);
1044
1045 return err;
1046}
1047
33ef95ed
JH		 1048static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1049{
1050 struct mgmt_mode *cp = data;
1051 struct pending_cmd *cmd;
1052 struct hci_dev *hdev;
1053 uint8_t val;
1054 int err;
1055
1056 BT_DBG("request for hci%u", index);
1057
1058 if (len != sizeof(*cp))
1059 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1060 MGMT_STATUS_INVALID_PARAMS);
1061
1062 hdev = hci_dev_get(index);
1063 if (!hdev)
1064 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1065 MGMT_STATUS_INVALID_PARAMS);
1066
1067 hci_dev_lock(hdev);
1068
4b34ee78 1069 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1070 bool changed = false;
1071
1072 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1073 &hdev->dev_flags)) {
1074 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1075 changed = true;
1076 }
1077
1078 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1079 if (err < 0)
1080 goto failed;
1081
1082 if (changed)
1083 err = new_settings(hdev, sk);
1084
33ef95ed
JH		 1085 goto failed;
1086 }
1087
1088 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1089 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1090 MGMT_STATUS_BUSY);
1091 goto failed;
1092 }
1093
1094 val = !!cp->val;
1095
1096 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1097 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1098 goto failed;
1099 }
1100
1101 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1102 if (!cmd) {
1103 err = -ENOMEM;
1104 goto failed;
1105 }
1106
1107 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1108 if (err < 0) {
1109 mgmt_pending_remove(cmd);
1110 goto failed;
1111 }
1112
1113failed:
1114 hci_dev_unlock(hdev);
1115 hci_dev_put(hdev);
1116
1117 return err;
1118}
1119
ed2c4ee3
JH		 1120static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1121{
1122 struct mgmt_mode *cp = data;
1123 struct pending_cmd *cmd;
1124 struct hci_dev *hdev;
1125 uint8_t val;
1126 int err;
1127
1128 BT_DBG("request for hci%u", index);
1129
1130 if (len != sizeof(*cp))
1131 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1132 MGMT_STATUS_INVALID_PARAMS);
1133
1134 hdev = hci_dev_get(index);
1135 if (!hdev)
1136 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1137 MGMT_STATUS_INVALID_PARAMS);
1138
1139 hci_dev_lock(hdev);
1140
4b34ee78 1141 if (!hdev_is_powered(hdev)) {
ed2c4ee3
JH		 1142 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1143 MGMT_STATUS_NOT_POWERED);
1144 goto failed;
1145 }
1146
1e163574
JH		 1147 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1148 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1149 MGMT_STATUS_NOT_SUPPORTED);
1150 goto failed;
1151 }
1152
ed2c4ee3
JH		 1153 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1154 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1155 goto failed;
1156 }
1157
1158 val = !!cp->val;
1159
1160 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1161 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1162 goto failed;
1163 }
1164
1165 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1166 if (!cmd) {
1167 err = -ENOMEM;
1168 goto failed;
1169 }
1170
1171 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1172 if (err < 0) {
1173 mgmt_pending_remove(cmd);
1174 goto failed;
1175 }
1176
1177failed:
1178 hci_dev_unlock(hdev);
1179 hci_dev_put(hdev);
1180
1181 return err;
1182}
1183
6d80dfd0
JH		 1184static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1185{
1186 struct mgmt_mode *cp = data;
1187 struct hci_dev *hdev;
1188 int err;
1189
1190 BT_DBG("request for hci%u", index);
1191
1192 if (len != sizeof(*cp))
1193 return cmd_status(sk, index, MGMT_OP_SET_HS,
1194 MGMT_STATUS_INVALID_PARAMS);
1195
1196 hdev = hci_dev_get(index);
1197 if (!hdev)
1198 return cmd_status(sk, index, MGMT_OP_SET_HS,
1199 MGMT_STATUS_INVALID_PARAMS);
1200
1201 if (!enable_hs) {
1202 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1203 MGMT_STATUS_NOT_SUPPORTED);
1204 goto failed;
1205 }
1206
1207 if (cp->val)
1208 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1209 else
1210 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1211
1212 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1213
1214failed:
1215 hci_dev_put(hdev);
1216 return err;
1217}
1218
650f726d 1219static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1220{
650f726d 1221 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1222 struct hci_dev *hdev;
1223 struct bt_uuid *uuid;
2aeb9a1a
JH		 1224 int err;
1225
4e51eae9 1226 BT_DBG("request for hci%u", index);
2aeb9a1a 1227
bdce7baf 1228 if (len != sizeof(*cp))
ca69b795
JH		 1229 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1230 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1231
4e51eae9 1232 hdev = hci_dev_get(index);
2aeb9a1a 1233 if (!hdev)
ca69b795
JH		 1234 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1235 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1236
09fd0de5 1237 hci_dev_lock(hdev);
2aeb9a1a
JH		 1238
1239 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1240 if (!uuid) {
1241 err = -ENOMEM;
1242 goto failed;
1243 }
1244
1245 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1246 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1247
1248 list_add(&uuid->list, &hdev->uuids);
1249
1aff6f09
JH		 1250 err = update_class(hdev);
1251 if (err < 0)
1252 goto failed;
1253
80a1e1db
JH		 1254 err = update_eir(hdev);
1255 if (err < 0)
1256 goto failed;
1257
aee9b218 1258 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1259
1260failed:
09fd0de5 1261 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1262 hci_dev_put(hdev);
1263
1264 return err;
1265}
1266
650f726d 1267static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1268{
650f726d 1269 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1270 struct list_head *p, *n;
2aeb9a1a
JH		 1271 struct hci_dev *hdev;
1272 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1273 int err, found;
1274
4e51eae9 1275 BT_DBG("request for hci%u", index);
2aeb9a1a 1276
bdce7baf 1277 if (len != sizeof(*cp))
ca69b795
JH		 1278 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1279 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1280
4e51eae9 1281 hdev = hci_dev_get(index);
2aeb9a1a 1282 if (!hdev)
ca69b795
JH		 1283 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1284 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1285
09fd0de5 1286 hci_dev_lock(hdev);
2aeb9a1a
JH		 1287
1288 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1289 err = hci_uuids_clear(hdev);
1290 goto unlock;
1291 }
1292
1293 found = 0;
1294
1295 list_for_each_safe(p, n, &hdev->uuids) {
1296 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1297
1298 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1299 continue;
1300
1301 list_del(&match->list);
1302 found++;
1303 }
1304
1305 if (found == 0) {
ca69b795
JH		 1306 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1307 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1308 goto unlock;
1309 }
1310
1aff6f09
JH		 1311 err = update_class(hdev);
1312 if (err < 0)
1313 goto unlock;
1314
80a1e1db
JH		 1315 err = update_eir(hdev);
1316 if (err < 0)
1317 goto unlock;
1318
aee9b218 1319 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1320
1321unlock:
09fd0de5 1322 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1323 hci_dev_put(hdev);
1324
1325 return err;
1326}
1327
650f726d 1328static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1329{
1330 struct hci_dev *hdev;
650f726d 1331 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1332 int err;
1333
4e51eae9 1334 BT_DBG("request for hci%u", index);
1aff6f09 1335
bdce7baf 1336 if (len != sizeof(*cp))
ca69b795
JH		 1337 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1338 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1339
4e51eae9 1340 hdev = hci_dev_get(index);
1aff6f09 1341 if (!hdev)
ca69b795
JH		 1342 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1343 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1344
09fd0de5 1345 hci_dev_lock(hdev);
1aff6f09 1346
b5235a65
JH		 1347 if (!hdev_is_powered(hdev)) {
1348 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1349 MGMT_STATUS_NOT_POWERED);
1350 goto unlock;
1351 }
1352
1aff6f09
JH		 1353 hdev->major_class = cp->major;
1354 hdev->minor_class = cp->minor;
1355
a8b2d5c2 1356 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1357 hci_dev_unlock(hdev);
1358 cancel_delayed_work_sync(&hdev->service_cache);
1359 hci_dev_lock(hdev);
14c0b608 1360 update_eir(hdev);
7d78525d 1361 }
14c0b608 1362
1aff6f09
JH		 1363 err = update_class(hdev);
1364
1365 if (err == 0)
aee9b218
JH		 1366 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1367 NULL, 0);
1aff6f09 1368
b5235a65 1369unlock:
09fd0de5 1370 hci_dev_unlock(hdev);
1aff6f09
JH		 1371 hci_dev_put(hdev);
1372
1373 return err;
1374}
1375
650f726d 1376static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1377{
1378 struct hci_dev *hdev;
650f726d 1379 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1380 u16 key_count, expected_len;
a492cd52 1381 int i;
55ed8ca1 1382
bdce7baf 1383 if (len < sizeof(*cp))
ca69b795
JH		 1384 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1385 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1386
55ed8ca1
JH		 1387 key_count = get_unaligned_le16(&cp->key_count);
1388
86742e1e
JH		 1389 expected_len = sizeof(*cp) + key_count *
1390 sizeof(struct mgmt_link_key_info);
a492cd52 1391 if (expected_len != len) {
86742e1e 1392 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1393 len, expected_len);
ca69b795
JH		 1394 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1395 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1396 }
1397
4e51eae9 1398 hdev = hci_dev_get(index);
55ed8ca1 1399 if (!hdev)
ca69b795
JH		 1400 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1401 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1402
4e51eae9 1403 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1404 key_count);
1405
09fd0de5 1406 hci_dev_lock(hdev);
55ed8ca1
JH		 1407
1408 hci_link_keys_clear(hdev);
1409
a8b2d5c2 1410 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1411
1412 if (cp->debug_keys)
a8b2d5c2 1413 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1414 else
a8b2d5c2 1415 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1416
a492cd52 1417 for (i = 0; i < key_count; i++) {
86742e1e 1418 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1419
d753fdc4
JH		 1420 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1421 key->type, key->pin_len);
55ed8ca1
JH		 1422 }
1423
aee9b218 1424 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1425
09fd0de5 1426 hci_dev_unlock(hdev);
55ed8ca1
JH		 1427 hci_dev_put(hdev);
1428
a492cd52 1429 return 0;
55ed8ca1
JH		 1430}
1431
b1078ad0
JH		 1432static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1433 u8 addr_type, struct sock *skip_sk)
1434{
1435 struct mgmt_ev_device_unpaired ev;
1436
1437 bacpy(&ev.addr.bdaddr, bdaddr);
1438 ev.addr.type = addr_type;
1439
1440 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1441 skip_sk);
1442}
1443
124f6e35 1444static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1445{
1446 struct hci_dev *hdev;
124f6e35
JH		 1447 struct mgmt_cp_unpair_device *cp = data;
1448 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1449 struct hci_cp_disconnect dc;
1450 struct pending_cmd *cmd;
55ed8ca1 1451 struct hci_conn *conn;
aee9b218 1452 u8 status = 0;
55ed8ca1
JH		 1453 int err;
1454
bdce7baf 1455 if (len != sizeof(*cp))
124f6e35 1456 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1457 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1458
4e51eae9 1459 hdev = hci_dev_get(index);
55ed8ca1 1460 if (!hdev)
124f6e35 1461 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1462 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1463
09fd0de5 1464 hci_dev_lock(hdev);
55ed8ca1 1465
a8a1d19e 1466 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1467 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1468 rp.addr.type = cp->addr.type;
a8a1d19e 1469
124f6e35
JH		 1470 if (cp->addr.type == MGMT_ADDR_BREDR)
1471 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1472 else
1473 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1474
55ed8ca1 1475 if (err < 0) {
aee9b218 1476 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1477 goto unlock;
1478 }
1479
a8a1d19e 1480 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1481 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1482 &rp, sizeof(rp));
b1078ad0 1483 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1484 goto unlock;
a8a1d19e 1485 }
55ed8ca1 1486
124f6e35
JH		 1487 if (cp->addr.type == MGMT_ADDR_BREDR)
1488 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1489 &cp->addr.bdaddr);
1490 else
1491 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1492 &cp->addr.bdaddr);
1493
a8a1d19e 1494 if (!conn) {
aee9b218
JH		 1495 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1496 &rp, sizeof(rp));
b1078ad0 1497 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1498 goto unlock;
1499 }
55ed8ca1 1500
124f6e35
JH		 1501 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1502 sizeof(*cp));
a8a1d19e
JH		 1503 if (!cmd) {
1504 err = -ENOMEM;
1505 goto unlock;
55ed8ca1
JH		 1506 }
1507
a8a1d19e
JH		 1508 put_unaligned_le16(conn->handle, &dc.handle);
1509 dc.reason = 0x13; /* Remote User Terminated Connection */
1510 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1511 if (err < 0)
1512 mgmt_pending_remove(cmd);
1513
55ed8ca1 1514unlock:
ca69b795 1515 if (err < 0)
aee9b218
JH		 1516 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1517 &rp, sizeof(rp));
09fd0de5 1518 hci_dev_unlock(hdev);
55ed8ca1
JH		 1519 hci_dev_put(hdev);
1520
1521 return err;
1522}
1523
650f726d 1524static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1525{
1526 struct hci_dev *hdev;
650f726d 1527 struct mgmt_cp_disconnect *cp = data;
8962ee74 1528 struct hci_cp_disconnect dc;
366a0336 1529 struct pending_cmd *cmd;
8962ee74 1530 struct hci_conn *conn;
8962ee74
JH		 1531 int err;
1532
1533 BT_DBG("");
1534
bdce7baf 1535 if (len != sizeof(*cp))
ca69b795
JH		 1536 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1537 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1538
4e51eae9 1539 hdev = hci_dev_get(index);
8962ee74 1540 if (!hdev)
ca69b795
JH		 1541 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1542 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1543
09fd0de5 1544 hci_dev_lock(hdev);
8962ee74
JH		 1545
1546 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1547 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1548 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1549 goto failed;
1550 }
1551
2e58ef3e 1552 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1553 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1554 MGMT_STATUS_BUSY);
8962ee74
JH		 1555 goto failed;
1556 }
1557
88c3df13
JH		 1558 if (cp->addr.type == MGMT_ADDR_BREDR)
1559 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1560 else
1561 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1562
8962ee74 1563 if (!conn) {
ca69b795
JH		 1564 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1565 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1566 goto failed;
1567 }
1568
2e58ef3e 1569 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1570 if (!cmd) {
1571 err = -ENOMEM;
8962ee74 1572 goto failed;
366a0336 1573 }
8962ee74
JH		 1574
1575 put_unaligned_le16(conn->handle, &dc.handle);
1576 dc.reason = 0x13; /* Remote User Terminated Connection */
1577
1578 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1579 if (err < 0)
a664b5bc 1580 mgmt_pending_remove(cmd);
8962ee74
JH		 1581
1582failed:
09fd0de5 1583 hci_dev_unlock(hdev);
8962ee74
JH		 1584 hci_dev_put(hdev);
1585
1586 return err;
1587}
1588
48264f06 1589static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1590{
1591 switch (link_type) {
1592 case LE_LINK:
48264f06
JH		 1593 switch (addr_type) {
1594 case ADDR_LE_DEV_PUBLIC:
1595 return MGMT_ADDR_LE_PUBLIC;
1596 case ADDR_LE_DEV_RANDOM:
1597 return MGMT_ADDR_LE_RANDOM;
1598 default:
1599 return MGMT_ADDR_INVALID;
1600 }
4c659c39
JH		 1601 case ACL_LINK:
1602 return MGMT_ADDR_BREDR;
1603 default:
1604 return MGMT_ADDR_INVALID;
1605 }
1606}
1607
8ce6284e 1608static int get_connections(struct sock *sk, u16 index)
2784eb41 1609{
2784eb41
JH		 1610 struct mgmt_rp_get_connections *rp;
1611 struct hci_dev *hdev;
8035ded4 1612 struct hci_conn *c;
a38528f1 1613 size_t rp_len;
4e51eae9 1614 u16 count;
2784eb41
JH		 1615 int i, err;
1616
1617 BT_DBG("");
1618
4e51eae9 1619 hdev = hci_dev_get(index);
2784eb41 1620 if (!hdev)
ca69b795
JH		 1621 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1622 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1623
09fd0de5 1624 hci_dev_lock(hdev);
2784eb41
JH		 1625
1626 count = 0;
b644ba33
JH		 1627 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1628 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1629 count++;
2784eb41
JH		 1630 }
1631
4c659c39 1632 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1633 rp = kmalloc(rp_len, GFP_ATOMIC);
1634 if (!rp) {
2784eb41
JH		 1635 err = -ENOMEM;
1636 goto unlock;
1637 }
1638
2784eb41
JH		 1639 put_unaligned_le16(count, &rp->conn_count);
1640
2784eb41 1641 i = 0;
4c659c39 1642 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1643 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1644 continue;
4c659c39 1645 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1646 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1647 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1648 continue;
1649 i++;
1650 }
1651
1652 /* Recalculate length in case of filtered SCO connections, etc */
1653 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1654
aee9b218 1655 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1656
1657unlock:
a38528f1 1658 kfree(rp);
09fd0de5 1659 hci_dev_unlock(hdev);
2784eb41
JH		 1660 hci_dev_put(hdev);
1661 return err;
1662}
1663
96d97a67
WR		 1664static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1665 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1666{
1667 struct pending_cmd *cmd;
1668 int err;
1669
2e58ef3e 1670 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1671 sizeof(*cp));
1672 if (!cmd)
1673 return -ENOMEM;
1674
d8457698
JH		 1675 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1676 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1677 if (err < 0)
1678 mgmt_pending_remove(cmd);
1679
1680 return err;
1681}
1682
650f726d 1683static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1684{
1685 struct hci_dev *hdev;
96d97a67 1686 struct hci_conn *conn;
650f726d 1687 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1688 struct hci_cp_pin_code_reply reply;
366a0336 1689 struct pending_cmd *cmd;
980e1a53
JH		 1690 int err;
1691
1692 BT_DBG("");
1693
bdce7baf 1694 if (len != sizeof(*cp))
ca69b795
JH		 1695 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1696 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1697
4e51eae9 1698 hdev = hci_dev_get(index);
980e1a53 1699 if (!hdev)
ca69b795
JH		 1700 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1701 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1702
09fd0de5 1703 hci_dev_lock(hdev);
980e1a53 1704
4b34ee78 1705 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1706 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1707 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1708 goto failed;
1709 }
1710
d8457698 1711 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1712 if (!conn) {
ca69b795
JH		 1713 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1714 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1715 goto failed;
1716 }
1717
1718 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1719 struct mgmt_cp_pin_code_neg_reply ncp;
1720
1721 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1722
1723 BT_ERR("PIN code is not 16 bytes long");
1724
1725 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1726 if (err >= 0)
1727 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1728 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1729
1730 goto failed;
1731 }
1732
650f726d
VCG		 1733 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1734 len);
366a0336
JH		 1735 if (!cmd) {
1736 err = -ENOMEM;
980e1a53 1737 goto failed;
366a0336 1738 }
980e1a53 1739
d8457698 1740 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1741 reply.pin_len = cp->pin_len;
24718ca5 1742 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1743
1744 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1745 if (err < 0)
a664b5bc 1746 mgmt_pending_remove(cmd);
980e1a53
JH		 1747
1748failed:
09fd0de5 1749 hci_dev_unlock(hdev);
980e1a53
JH		 1750 hci_dev_put(hdev);
1751
1752 return err;
1753}
1754
650f726d 1755static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1756{
1757 struct hci_dev *hdev;
650f726d 1758 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1759 int err;
1760
1761 BT_DBG("");
1762
bdce7baf
SJ		 1763 if (len != sizeof(*cp))
1764 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1765 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1766
4e51eae9 1767 hdev = hci_dev_get(index);
980e1a53 1768 if (!hdev)
4e51eae9 1769 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1770 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1771
09fd0de5 1772 hci_dev_lock(hdev);
980e1a53 1773
4b34ee78 1774 if (!hdev_is_powered(hdev)) {
4e51eae9 1775 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1776 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1777 goto failed;
1778 }
1779
96d97a67 1780 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1781
1782failed:
09fd0de5 1783 hci_dev_unlock(hdev);
980e1a53
JH		 1784 hci_dev_put(hdev);
1785
1786 return err;
1787}
1788
650f726d 1789static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1790{
1791 struct hci_dev *hdev;
650f726d 1792 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1793
1794 BT_DBG("");
1795
bdce7baf 1796 if (len != sizeof(*cp))
ca69b795
JH		 1797 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1798 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1799
4e51eae9 1800 hdev = hci_dev_get(index);
17fa4b9d 1801 if (!hdev)
ca69b795
JH		 1802 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1803 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1804
09fd0de5 1805 hci_dev_lock(hdev);
17fa4b9d
JH		 1806
1807 hdev->io_capability = cp->io_capability;
1808
1809 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1810 hdev->io_capability);
17fa4b9d 1811
09fd0de5 1812 hci_dev_unlock(hdev);
17fa4b9d
JH		 1813 hci_dev_put(hdev);
1814
aee9b218 1815 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1816}
1817
e9a416b5
JH		 1818static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1819{
1820 struct hci_dev *hdev = conn->hdev;
8035ded4 1821 struct pending_cmd *cmd;
e9a416b5 1822
2e58ef3e 1823 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1824 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1825 continue;
1826
e9a416b5
JH		 1827 if (cmd->user_data != conn)
1828 continue;
1829
1830 return cmd;
1831 }
1832
1833 return NULL;
1834}
1835
1836static void pairing_complete(struct pending_cmd *cmd, u8 status)
1837{
1838 struct mgmt_rp_pair_device rp;
1839 struct hci_conn *conn = cmd->user_data;
1840
ba4e564f
JH		 1841 bacpy(&rp.addr.bdaddr, &conn->dst);
1842 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1843
aee9b218
JH		 1844 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1845 &rp, sizeof(rp));
e9a416b5
JH		 1846
1847 /* So we don't get further callbacks for this connection */
1848 conn->connect_cfm_cb = NULL;
1849 conn->security_cfm_cb = NULL;
1850 conn->disconn_cfm_cb = NULL;
1851
1852 hci_conn_put(conn);
1853
a664b5bc 1854 mgmt_pending_remove(cmd);
e9a416b5
JH		 1855}
1856
1857static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1858{
1859 struct pending_cmd *cmd;
1860
1861 BT_DBG("status %u", status);
1862
1863 cmd = find_pairing(conn);
56e5cb86 1864 if (!cmd)
e9a416b5 1865 BT_DBG("Unable to find a pending command");
56e5cb86 1866 else
e211326c 1867 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1868}
1869
650f726d 1870static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1871{
1872 struct hci_dev *hdev;
650f726d 1873 struct mgmt_cp_pair_device *cp = data;
1425acb7 1874 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1875 struct pending_cmd *cmd;
1876 u8 sec_level, auth_type;
1877 struct hci_conn *conn;
e9a416b5
JH		 1878 int err;
1879
1880 BT_DBG("");
1881
bdce7baf 1882 if (len != sizeof(*cp))
ca69b795
JH		 1883 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1884 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1885
4e51eae9 1886 hdev = hci_dev_get(index);
e9a416b5 1887 if (!hdev)
ca69b795
JH		 1888 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1889 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1890
09fd0de5 1891 hci_dev_lock(hdev);
e9a416b5 1892
c908df36
VCG		 1893 sec_level = BT_SECURITY_MEDIUM;
1894 if (cp->io_cap == 0x03)
e9a416b5 1895 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1896 else
e9a416b5 1897 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1898
ba4e564f
JH		 1899 if (cp->addr.type == MGMT_ADDR_BREDR)
1900 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1901 auth_type);
1902 else
ba4e564f 1903 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1904 auth_type);
1905
1425acb7
JH		 1906 memset(&rp, 0, sizeof(rp));
1907 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1908 rp.addr.type = cp->addr.type;
1909
30e76272 1910 if (IS_ERR(conn)) {
e211326c
JH		 1911 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1912 MGMT_STATUS_CONNECT_FAILED,
1913 &rp, sizeof(rp));
e9a416b5
JH		 1914 goto unlock;
1915 }
1916
1917 if (conn->connect_cfm_cb) {
1918 hci_conn_put(conn);
e211326c
JH		 1919 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1920 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1921 goto unlock;
1922 }
1923
2e58ef3e 1924 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1925 if (!cmd) {
1926 err = -ENOMEM;
1927 hci_conn_put(conn);
1928 goto unlock;
1929 }
1930
7a512d01 1931 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1932 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1933 conn->connect_cfm_cb = pairing_complete_cb;
1934
e9a416b5
JH		 1935 conn->security_cfm_cb = pairing_complete_cb;
1936 conn->disconn_cfm_cb = pairing_complete_cb;
1937 conn->io_capability = cp->io_cap;
1938 cmd->user_data = conn;
1939
1940 if (conn->state == BT_CONNECTED &&
1941 hci_conn_security(conn, sec_level, auth_type))
1942 pairing_complete(cmd, 0);
1943
1944 err = 0;
1945
1946unlock:
09fd0de5 1947 hci_dev_unlock(hdev);
e9a416b5
JH		 1948 hci_dev_put(hdev);
1949
1950 return err;
1951}
1952
28424707
JH		 1953static int cancel_pair_device(struct sock *sk, u16 index,
1954 unsigned char *data, u16 len)
1955{
1956 struct mgmt_addr_info *addr = (void *) data;
1957 struct hci_dev *hdev;
1958 struct pending_cmd *cmd;
1959 struct hci_conn *conn;
1960 int err;
1961
1962 BT_DBG("");
1963
1964 if (len != sizeof(*addr))
1965 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1966 MGMT_STATUS_INVALID_PARAMS);
1967
1968 hdev = hci_dev_get(index);
1969 if (!hdev)
1970 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1971 MGMT_STATUS_INVALID_PARAMS);
1972
1973 hci_dev_lock(hdev);
1974
1975 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1976 if (!cmd) {
1977 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1978 MGMT_STATUS_INVALID_PARAMS);
1979 goto unlock;
1980 }
1981
1982 conn = cmd->user_data;
1983
1984 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1985 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1986 MGMT_STATUS_INVALID_PARAMS);
1987 goto unlock;
1988 }
1989
1990 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1991
aee9b218 1992 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 1993 sizeof(*addr));
1994unlock:
1995 hci_dev_unlock(hdev);
1996 hci_dev_put(hdev);
1997
1998 return err;
1999}
2000
0df4c185 2001static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 2002 u8 type, u16 mgmt_op, u16 hci_op,
2003 __le32 passkey)
a5c29683 2004{
a5c29683
JH		 2005 struct pending_cmd *cmd;
2006 struct hci_dev *hdev;
0df4c185 2007 struct hci_conn *conn;
a5c29683
JH		 2008 int err;
2009
4e51eae9 2010 hdev = hci_dev_get(index);
a5c29683 2011 if (!hdev)
ca69b795
JH		 2012 return cmd_status(sk, index, mgmt_op,
2013 MGMT_STATUS_INVALID_PARAMS);
a5c29683 2014
09fd0de5 2015 hci_dev_lock(hdev);
08ba5382 2016
4b34ee78 2017 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 2018 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2019 goto done;
a5c29683
JH		 2020 }
2021
272d90df
JH		 2022 if (type == MGMT_ADDR_BREDR)
2023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2024 else
47c15e2b 2025 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2026
2027 if (!conn) {
2028 err = cmd_status(sk, index, mgmt_op,
47c15e2b 2029 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2030 goto done;
2031 }
47c15e2b 2032
272d90df 2033 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2034 /* Continue with pairing via SMP */
5fe57d9e
BG		 2035 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2036
2037 if (!err)
2038 err = cmd_status(sk, index, mgmt_op,
2039 MGMT_STATUS_SUCCESS);
2040 else
2041 err = cmd_status(sk, index, mgmt_op,
2042 MGMT_STATUS_FAILED);
47c15e2b 2043
47c15e2b
BG		 2044 goto done;
2045 }
2046
0df4c185 2047 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2048 if (!cmd) {
2049 err = -ENOMEM;
0df4c185 2050 goto done;
a5c29683
JH		 2051 }
2052
0df4c185 2053 /* Continue with pairing via HCI */
604086b7
BG		 2054 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2055 struct hci_cp_user_passkey_reply cp;
2056
2057 bacpy(&cp.bdaddr, bdaddr);
2058 cp.passkey = passkey;
2059 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2060 } else
2061 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2062
a664b5bc
JH		 2063 if (err < 0)
2064 mgmt_pending_remove(cmd);
a5c29683 2065
0df4c185 2066done:
09fd0de5 2067 hci_dev_unlock(hdev);
a5c29683
JH		 2068 hci_dev_put(hdev);
2069
2070 return err;
2071}
2072
0df4c185
BG		 2073static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2074{
650f726d 2075 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2076
2077 BT_DBG("");
2078
2079 if (len != sizeof(*cp))
2080 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2081 MGMT_STATUS_INVALID_PARAMS);
2082
272d90df
JH		 2083 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2084 MGMT_OP_USER_CONFIRM_REPLY,
2085 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2086}
2087
2088static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2089 u16 len)
2090{
c9c2659f 2091 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2092
2093 BT_DBG("");
2094
2095 if (len != sizeof(*cp))
2096 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2097 MGMT_STATUS_INVALID_PARAMS);
2098
272d90df
JH		 2099 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2100 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2101 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2102}
2103
604086b7
BG		 2104static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2105{
650f726d 2106 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2107
2108 BT_DBG("");
2109
2110 if (len != sizeof(*cp))
2111 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2112 EINVAL);
2113
272d90df
JH		 2114 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2115 MGMT_OP_USER_PASSKEY_REPLY,
2116 HCI_OP_USER_PASSKEY_REPLY,
2117 cp->passkey);
604086b7
BG		 2118}
2119
2120static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2121 u16 len)
2122{
650f726d 2123 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2124
2125 BT_DBG("");
2126
2127 if (len != sizeof(*cp))
2128 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2129 EINVAL);
2130
272d90df
JH		 2131 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2132 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2133 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2134}
2135
650f726d 2136static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2137 u16 len)
2138{
650f726d 2139 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2140 struct hci_cp_write_local_name hci_cp;
2141 struct hci_dev *hdev;
2142 struct pending_cmd *cmd;
2143 int err;
2144
2145 BT_DBG("");
2146
2147 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2148 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2149 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2150
2151 hdev = hci_dev_get(index);
2152 if (!hdev)
ca69b795
JH		 2153 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2154 MGMT_STATUS_INVALID_PARAMS);
b312b161 2155
09fd0de5 2156 hci_dev_lock(hdev);
b312b161 2157
b5235a65
JH		 2158 if (!hdev_is_powered(hdev)) {
2159 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2160 MGMT_STATUS_NOT_POWERED);
2161 goto failed;
2162 }
2163
650f726d
VCG		 2164 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2165 len);
b312b161
JH		 2166 if (!cmd) {
2167 err = -ENOMEM;
2168 goto failed;
2169 }
2170
2171 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2172 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2173 &hci_cp);
2174 if (err < 0)
2175 mgmt_pending_remove(cmd);
2176
2177failed:
09fd0de5 2178 hci_dev_unlock(hdev);
b312b161
JH		 2179 hci_dev_put(hdev);
2180
2181 return err;
2182}
2183
c35938b2
SJ		 2184static int read_local_oob_data(struct sock *sk, u16 index)
2185{
2186 struct hci_dev *hdev;
2187 struct pending_cmd *cmd;
2188 int err;
2189
2190 BT_DBG("hci%u", index);
2191
2192 hdev = hci_dev_get(index);
2193 if (!hdev)
2194 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2195 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2196
09fd0de5 2197 hci_dev_lock(hdev);
c35938b2 2198
4b34ee78 2199 if (!hdev_is_powered(hdev)) {
c35938b2 2200 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2201 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2202 goto unlock;
2203 }
2204
2205 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2206 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2207 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2208 goto unlock;
2209 }
2210
2e58ef3e 2211 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2212 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2213 MGMT_STATUS_BUSY);
c35938b2
SJ		 2214 goto unlock;
2215 }
2216
2e58ef3e 2217 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2218 if (!cmd) {
2219 err = -ENOMEM;
2220 goto unlock;
2221 }
2222
2223 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2224 if (err < 0)
2225 mgmt_pending_remove(cmd);
2226
2227unlock:
09fd0de5 2228 hci_dev_unlock(hdev);
c35938b2
SJ		 2229 hci_dev_put(hdev);
2230
2231 return err;
2232}
2233
650f726d
VCG		 2234static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2235 u16 len)
2763eda6
SJ		 2236{
2237 struct hci_dev *hdev;
650f726d 2238 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2239 u8 status;
2763eda6
SJ		 2240 int err;
2241
2242 BT_DBG("hci%u ", index);
2243
2244 if (len != sizeof(*cp))
2245 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2246 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2247
2248 hdev = hci_dev_get(index);
2249 if (!hdev)
bf1e3541
JH		 2250 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2251 MGMT_STATUS_INVALID_PARAMS,
2252 &cp->addr, sizeof(cp->addr));
2763eda6 2253
09fd0de5 2254 hci_dev_lock(hdev);
2763eda6 2255
664ce4cc 2256 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2257 cp->randomizer);
2258 if (err < 0)
bf1e3541 2259 status = MGMT_STATUS_FAILED;
2763eda6 2260 else
bf1e3541
JH		 2261 status = 0;
2262
2263 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2264 &cp->addr, sizeof(cp->addr));
2763eda6 2265
09fd0de5 2266 hci_dev_unlock(hdev);
2763eda6
SJ		 2267 hci_dev_put(hdev);
2268
2269 return err;
2270}
2271
2272static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2273 void *data, u16 len)
2763eda6
SJ		 2274{
2275 struct hci_dev *hdev;
650f726d 2276 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2277 u8 status;
2763eda6
SJ		 2278 int err;
2279
2280 BT_DBG("hci%u ", index);
2281
2282 if (len != sizeof(*cp))
2283 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2284 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2285
2286 hdev = hci_dev_get(index);
2287 if (!hdev)
bf1e3541
JH		 2288 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2289 MGMT_STATUS_INVALID_PARAMS,
2290 &cp->addr, sizeof(cp->addr));
2763eda6 2291
09fd0de5 2292 hci_dev_lock(hdev);
2763eda6 2293
664ce4cc 2294 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2295 if (err < 0)
bf1e3541 2296 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2297 else
bf1e3541
JH		 2298 status = 0;
2299
2300 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2301 &cp->addr, sizeof(cp->addr));
2763eda6 2302
09fd0de5 2303 hci_dev_unlock(hdev);
2763eda6
SJ		 2304 hci_dev_put(hdev);
2305
2306 return err;
2307}
2308
5e0452c0
AG		 2309static int discovery(struct hci_dev *hdev)
2310{
2311 int err;
2312
2313 if (lmp_host_le_capable(hdev)) {
2314 if (lmp_bredr_capable(hdev)) {
2315 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2316 LE_SCAN_INT, LE_SCAN_WIN,
2317 LE_SCAN_TIMEOUT_BREDR_LE);
2318 } else {
2319 hdev->discovery.type = DISCOV_TYPE_LE;
2320 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2321 LE_SCAN_INT, LE_SCAN_WIN,
2322 LE_SCAN_TIMEOUT_LE_ONLY);
2323 }
2324 } else {
2325 hdev->discovery.type = DISCOV_TYPE_BREDR;
2326 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2327 }
2328
2329 return err;
2330}
2331
2332int mgmt_interleaved_discovery(struct hci_dev *hdev)
2333{
2334 int err;
2335
2336 BT_DBG("%s", hdev->name);
2337
2338 hci_dev_lock(hdev);
2339
2340 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2341 if (err < 0)
2342 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2343
2344 hci_dev_unlock(hdev);
2345
2346 return err;
2347}
2348
450dfdaf 2349static int start_discovery(struct sock *sk, u16 index,
650f726d 2350 void *data, u16 len)
14a53664 2351{
650f726d 2352 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2353 struct pending_cmd *cmd;
2354 struct hci_dev *hdev;
2355 int err;
2356
2357 BT_DBG("hci%u", index);
2358
450dfdaf
JH		 2359 if (len != sizeof(*cp))
2360 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2361 MGMT_STATUS_INVALID_PARAMS);
2362
14a53664
JH		 2363 hdev = hci_dev_get(index);
2364 if (!hdev)
ca69b795
JH		 2365 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2366 MGMT_STATUS_INVALID_PARAMS);
14a53664 2367
09fd0de5 2368 hci_dev_lock(hdev);
14a53664 2369
4b34ee78 2370 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2371 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2372 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2373 goto failed;
2374 }
2375
ff9ef578
JH		 2376 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2377 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2378 MGMT_STATUS_BUSY);
2379 goto failed;
2380 }
2381
2e58ef3e 2382 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2383 if (!cmd) {
2384 err = -ENOMEM;
2385 goto failed;
2386 }
2387
4aab14e5
AG		 2388 hdev->discovery.type = cp->type;
2389
2390 switch (hdev->discovery.type) {
f39799f5 2391 case DISCOV_TYPE_BREDR:
3fd24153 2392 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2393 break;
2394
2395 case DISCOV_TYPE_LE:
3fd24153
AG		 2396 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2397 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2398 break;
2399
5e0452c0
AG		 2400 case DISCOV_TYPE_INTERLEAVED:
2401 err = discovery(hdev);
2402 break;
2403
f39799f5 2404 default:
3fd24153 2405 err = -EINVAL;
f39799f5 2406 }
3fd24153 2407
14a53664
JH		 2408 if (err < 0)
2409 mgmt_pending_remove(cmd);
ff9ef578
JH		 2410 else
2411 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2412
2413failed:
09fd0de5 2414 hci_dev_unlock(hdev);
14a53664
JH		 2415 hci_dev_put(hdev);
2416
2417 return err;
2418}
2419
d930650b 2420static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2421{
d930650b 2422 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2423 struct hci_dev *hdev;
2424 struct pending_cmd *cmd;
30dc78e1
JH		 2425 struct hci_cp_remote_name_req_cancel cp;
2426 struct inquiry_entry *e;
14a53664
JH		 2427 int err;
2428
2429 BT_DBG("hci%u", index);
2430
d930650b
JH		 2431 if (len != sizeof(*mgmt_cp))
2432 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2433 MGMT_STATUS_INVALID_PARAMS);
2434
14a53664
JH		 2435 hdev = hci_dev_get(index);
2436 if (!hdev)
ca69b795
JH		 2437 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2438 MGMT_STATUS_INVALID_PARAMS);
14a53664 2439
09fd0de5 2440 hci_dev_lock(hdev);
14a53664 2441
30dc78e1 2442 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2443 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2444 MGMT_STATUS_REJECTED,
2445 &mgmt_cp->type, sizeof(mgmt_cp->type));
2446 goto unlock;
2447 }
2448
2449 if (hdev->discovery.type != mgmt_cp->type) {
2450 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2451 MGMT_STATUS_INVALID_PARAMS,
2452 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2453 goto unlock;
ff9ef578
JH		 2454 }
2455
2e58ef3e 2456 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2457 if (!cmd) {
2458 err = -ENOMEM;
30dc78e1
JH		 2459 goto unlock;
2460 }
2461
343f935b 2462 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2463 err = hci_cancel_inquiry(hdev);
2464 if (err < 0)
2465 mgmt_pending_remove(cmd);
2466 else
2467 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2468 goto unlock;
2469 }
2470
2471 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2472 if (!e) {
2473 mgmt_pending_remove(cmd);
aee9b218 2474 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2475 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2476 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2477 goto unlock;
14a53664
JH		 2478 }
2479
30dc78e1
JH		 2480 bacpy(&cp.bdaddr, &e->data.bdaddr);
2481 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2482 sizeof(cp), &cp);
14a53664
JH		 2483 if (err < 0)
2484 mgmt_pending_remove(cmd);
ff9ef578
JH		 2485 else
2486 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2487
30dc78e1 2488unlock:
09fd0de5 2489 hci_dev_unlock(hdev);
14a53664
JH		 2490 hci_dev_put(hdev);
2491
2492 return err;
2493}
2494
650f726d 2495static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2496{
650f726d 2497 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2498 struct inquiry_entry *e;
2499 struct hci_dev *hdev;
2500 int err;
2501
2502 BT_DBG("hci%u", index);
2503
2504 if (len != sizeof(*cp))
2505 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2506 MGMT_STATUS_INVALID_PARAMS);
2507
2508 hdev = hci_dev_get(index);
2509 if (!hdev)
2510 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2511 MGMT_STATUS_INVALID_PARAMS);
2512
2513 hci_dev_lock(hdev);
2514
30dc78e1
JH		 2515 if (!hci_discovery_active(hdev)) {
2516 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2517 MGMT_STATUS_FAILED);
2518 goto failed;
2519 }
2520
a198e7b1 2521 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc
JH		 2522 if (!e) {
2523 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2524 MGMT_STATUS_INVALID_PARAMS);
2525 goto failed;
2526 }
2527
2528 if (cp->name_known) {
2529 e->name_state = NAME_KNOWN;
2530 list_del(&e->list);
2531 } else {
2532 e->name_state = NAME_NEEDED;
a3d4e20a 2533 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2534 }
2535
2536 err = 0;
2537
2538failed:
2539 hci_dev_unlock(hdev);
2540
2541 return err;
2542}
2543
650f726d 2544static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2545{
2546 struct hci_dev *hdev;
650f726d 2547 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2548 u8 status;
7fbec224
AJ		 2549 int err;
2550
2551 BT_DBG("hci%u", index);
2552
7fbec224
AJ		 2553 if (len != sizeof(*cp))
2554 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2555 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2556
2557 hdev = hci_dev_get(index);
2558 if (!hdev)
f0eeea8b
JH		 2559 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2560 MGMT_STATUS_INVALID_PARAMS,
2561 &cp->addr, sizeof(cp->addr));
7fbec224 2562
09fd0de5 2563 hci_dev_lock(hdev);
5e762444 2564
88c1fe4b 2565 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2566 if (err < 0)
f0eeea8b 2567 status = MGMT_STATUS_FAILED;
7fbec224 2568 else
f0eeea8b
JH		 2569 status = 0;
2570
2571 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2572 &cp->addr, sizeof(cp->addr));
5e762444 2573
09fd0de5 2574 hci_dev_unlock(hdev);
7fbec224
AJ		 2575 hci_dev_put(hdev);
2576
2577 return err;
2578}
2579
650f726d 2580static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2581{
2582 struct hci_dev *hdev;
650f726d 2583 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2584 u8 status;
7fbec224
AJ		 2585 int err;
2586
2587 BT_DBG("hci%u", index);
2588
7fbec224
AJ		 2589 if (len != sizeof(*cp))
2590 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2591 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2592
2593 hdev = hci_dev_get(index);
2594 if (!hdev)
f0eeea8b
JH		 2595 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2596 MGMT_STATUS_INVALID_PARAMS,
2597 &cp->addr, sizeof(cp->addr));
7fbec224 2598
09fd0de5 2599 hci_dev_lock(hdev);
5e762444 2600
88c1fe4b 2601 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2602 if (err < 0)
f0eeea8b 2603 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2604 else
f0eeea8b
JH		 2605 status = 0;
2606
2607 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2608 &cp->addr, sizeof(cp->addr));
5e762444 2609
09fd0de5 2610 hci_dev_unlock(hdev);
7fbec224
AJ		 2611 hci_dev_put(hdev);
2612
2613 return err;
2614}
2615
f6422ec6 2616static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2617 void *data, u16 len)
f6422ec6
AJ		 2618{
2619 struct hci_dev *hdev;
650f726d 2620 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2621 struct hci_cp_write_page_scan_activity acp;
2622 u8 type;
2623 int err;
2624
2625 BT_DBG("hci%u", index);
2626
2627 if (len != sizeof(*cp))
2628 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2629 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2630
2631 hdev = hci_dev_get(index);
2632 if (!hdev)
2633 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2634 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2635 if (!hdev_is_powered(hdev))
2636 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2637 MGMT_STATUS_NOT_POWERED);
2638
2639 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2640 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2641 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2642
2643 hci_dev_lock(hdev);
2644
f7c6869c 2645 if (cp->val) {
f6422ec6
AJ		 2646 type = PAGE_SCAN_TYPE_INTERLACED;
2647 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2648 } else {
2649 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2650 acp.interval = 0x0800; /* default 1.28 sec page scan */
2651 }
2652
2653 acp.window = 0x0012; /* default 11.25 msec page scan window */
2654
2655 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2656 sizeof(acp), &acp);
2657 if (err < 0) {
2658 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2659 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2660 goto done;
2661 }
2662
2663 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2664 if (err < 0) {
2665 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2666 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2667 goto done;
2668 }
2669
aee9b218
JH		 2670 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2671 NULL, 0);
f6422ec6
AJ		 2672done:
2673 hci_dev_unlock(hdev);
2674 hci_dev_put(hdev);
2675
2676 return err;
2677}
2678
346af67b
VCG		 2679static int load_long_term_keys(struct sock *sk, u16 index,
2680 void *cp_data, u16 len)
2681{
2682 struct hci_dev *hdev;
2683 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2684 u16 key_count, expected_len;
2685 int i;
2686
2687 if (len < sizeof(*cp))
2688 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2689 EINVAL);
2690
2691 key_count = get_unaligned_le16(&cp->key_count);
2692
2693 expected_len = sizeof(*cp) + key_count *
2694 sizeof(struct mgmt_ltk_info);
2695 if (expected_len != len) {
2696 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2697 len, expected_len);
2698 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2699 EINVAL);
2700 }
2701
2702 hdev = hci_dev_get(index);
2703 if (!hdev)
2704 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2705 ENODEV);
2706
2707 BT_DBG("hci%u key_count %u", index, key_count);
2708
2709 hci_dev_lock(hdev);
2710
2711 hci_smp_ltks_clear(hdev);
2712
2713 for (i = 0; i < key_count; i++) {
2714 struct mgmt_ltk_info *key = &cp->keys[i];
2715 u8 type;
2716
2717 if (key->master)
2718 type = HCI_SMP_LTK;
2719 else
2720 type = HCI_SMP_LTK_SLAVE;
2721
2722 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2723 type, 0, key->authenticated, key->val,
2724 key->enc_size, key->ediv, key->rand);
2725 }
2726
2727 hci_dev_unlock(hdev);
2728 hci_dev_put(hdev);
2729
2730 return 0;
2731}
2732
0381101f
JH		 2733int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2734{
650f726d
VCG		 2735 void *buf;
2736 u8 *cp;
0381101f 2737 struct mgmt_hdr *hdr;
4e51eae9 2738 u16 opcode, index, len;
0381101f
JH		 2739 int err;
2740
2741 BT_DBG("got %zu bytes", msglen);
2742
2743 if (msglen < sizeof(*hdr))
2744 return -EINVAL;
2745
e63a15ec 2746 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2747 if (!buf)
2748 return -ENOMEM;
2749
2750 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2751 err = -EFAULT;
2752 goto done;
2753 }
2754
650f726d 2755 hdr = buf;
0381101f 2756 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2757 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2758 len = get_unaligned_le16(&hdr->len);
2759
2760 if (len != msglen - sizeof(*hdr)) {
2761 err = -EINVAL;
2762 goto done;
2763 }
2764
650f726d
VCG		 2765 cp = buf + sizeof(*hdr);
2766
0381101f 2767 switch (opcode) {
02d98129
JH		 2768 case MGMT_OP_READ_VERSION:
2769 err = read_version(sk);
2770 break;
e70bb2e8
JH		 2771 case MGMT_OP_READ_COMMANDS:
2772 err = read_commands(sk);
2773 break;
faba42eb
JH		 2774 case MGMT_OP_READ_INDEX_LIST:
2775 err = read_index_list(sk);
2776 break;
f7b64e69 2777 case MGMT_OP_READ_INFO:
4e51eae9 2778 err = read_controller_info(sk, index);
f7b64e69 2779 break;
eec8d2bc 2780 case MGMT_OP_SET_POWERED:
650f726d 2781 err = set_powered(sk, index, cp, len);
eec8d2bc 2782 break;
73f22f62 2783 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2784 err = set_discoverable(sk, index, cp, len);
73f22f62 2785 break;
9fbcbb45 2786 case MGMT_OP_SET_CONNECTABLE:
650f726d 2787 err = set_connectable(sk, index, cp, len);
9fbcbb45 2788 break;
f7c6869c 2789 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2790 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2791 break;
c542a06c 2792 case MGMT_OP_SET_PAIRABLE:
650f726d 2793 err = set_pairable(sk, index, cp, len);
c542a06c 2794 break;
33ef95ed
JH		 2795 case MGMT_OP_SET_LINK_SECURITY:
2796 err = set_link_security(sk, index, cp, len);
2797 break;
ed2c4ee3
JH		 2798 case MGMT_OP_SET_SSP:
2799 err = set_ssp(sk, index, cp, len);
2800 break;
6d80dfd0
JH		 2801 case MGMT_OP_SET_HS:
2802 err = set_hs(sk, index, cp, len);
2803 break;
2aeb9a1a 2804 case MGMT_OP_ADD_UUID:
650f726d 2805 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2806 break;
2807 case MGMT_OP_REMOVE_UUID:
650f726d 2808 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2809 break;
1aff6f09 2810 case MGMT_OP_SET_DEV_CLASS:
650f726d 2811 err = set_dev_class(sk, index, cp, len);
1aff6f09 2812 break;
86742e1e 2813 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2814 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2815 break;
8962ee74 2816 case MGMT_OP_DISCONNECT:
650f726d 2817 err = disconnect(sk, index, cp, len);
8962ee74 2818 break;
2784eb41 2819 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2820 err = get_connections(sk, index);
2784eb41 2821 break;
980e1a53 2822 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2823 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2824 break;
2825 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2826 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2827 break;
17fa4b9d 2828 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2829 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2830 break;
e9a416b5 2831 case MGMT_OP_PAIR_DEVICE:
650f726d 2832 err = pair_device(sk, index, cp, len);
e9a416b5 2833 break;
28424707
JH		 2834 case MGMT_OP_CANCEL_PAIR_DEVICE:
2835 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2836 break;
124f6e35
JH		 2837 case MGMT_OP_UNPAIR_DEVICE:
2838 err = unpair_device(sk, index, cp, len);
2839 break;
a5c29683 2840 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2841 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2842 break;
2843 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2844 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2845 break;
604086b7 2846 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2847 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2848 break;
2849 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2850 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2851 break;
b312b161 2852 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2853 err = set_local_name(sk, index, cp, len);
b312b161 2854 break;
c35938b2
SJ		 2855 case MGMT_OP_READ_LOCAL_OOB_DATA:
2856 err = read_local_oob_data(sk, index);
2857 break;
2763eda6 2858 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2859 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2860 break;
2861 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2862 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2863 break;
14a53664 2864 case MGMT_OP_START_DISCOVERY:
650f726d 2865 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2866 break;
2867 case MGMT_OP_STOP_DISCOVERY:
d930650b 2868 err = stop_discovery(sk, index, cp, len);
14a53664 2869 break;
561aafbc 2870 case MGMT_OP_CONFIRM_NAME:
650f726d 2871 err = confirm_name(sk, index, cp, len);
561aafbc 2872 break;
7fbec224 2873 case MGMT_OP_BLOCK_DEVICE:
650f726d 2874 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2875 break;
2876 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2877 err = unblock_device(sk, index, cp, len);
7fbec224 2878 break;
346af67b
VCG		 2879 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2880 err = load_long_term_keys(sk, index, cp, len);
2881 break;
0381101f
JH		 2882 default:
2883 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2884 err = cmd_status(sk, index, opcode,
2885 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2886 break;
2887 }
2888
e41d8b4e
JH		 2889 if (err < 0)
2890 goto done;
2891
0381101f
JH		 2892 err = msglen;
2893
2894done:
2895 kfree(buf);
2896 return err;
2897}
c71e97bf 2898
b24752fe
JH		 2899static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2900{
2901 u8 *status = data;
2902
2903 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2904 mgmt_pending_remove(cmd);
2905}
2906
744cf19e 2907int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2908{
744cf19e 2909 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2910}
2911
744cf19e 2912int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2913{
b24752fe
JH		 2914 u8 status = ENODEV;
2915
744cf19e 2916 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2917
744cf19e 2918 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2919}
2920
73f22f62 2921struct cmd_lookup {
eec8d2bc 2922 struct sock *sk;
69ab39ea 2923 struct hci_dev *hdev;
eec8d2bc
JH		 2924};
2925
69ab39ea 2926static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2927{
73f22f62 2928 struct cmd_lookup *match = data;
eec8d2bc 2929
69ab39ea 2930 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2931
2932 list_del(&cmd->list);
2933
2934 if (match->sk == NULL) {
2935 match->sk = cmd->sk;
2936 sock_hold(match->sk);
2937 }
2938
2939 mgmt_pending_free(cmd);
c71e97bf 2940}
5add6af8 2941
744cf19e 2942int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2943{
76a7f3a4 2944 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2945 int err;
5add6af8 2946
5e5282bb
JH		 2947 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2948 return 0;
2949
69ab39ea 2950 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2951
5e5282bb
JH		 2952 if (powered) {
2953 u8 scan = 0;
2954
2955 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2956 scan |= SCAN_PAGE;
2957 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2958 scan |= SCAN_INQUIRY;
2959
2960 if (scan)
2961 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2962 } else {
b24752fe 2963 u8 status = ENETDOWN;
744cf19e 2964 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2965 }
2966
beadb2bd 2967 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2968
2969 if (match.sk)
2970 sock_put(match.sk);
2971
7bb895d6 2972 return err;
5add6af8 2973}
73f22f62 2974
744cf19e 2975int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2976{
76a7f3a4 2977 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2978 bool changed = false;
2979 int err = 0;
73f22f62 2980
5e5282bb
JH		 2981 if (discoverable) {
2982 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2983 changed = true;
2984 } else {
2985 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2986 changed = true;
2987 }
73f22f62 2988
ed9b5f2f
JH		 2989 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2990 &match);
2991
beadb2bd
JH		 2992 if (changed)
2993 err = new_settings(hdev, match.sk);
5e5282bb 2994
73f22f62
JH		 2995 if (match.sk)
2996 sock_put(match.sk);
2997
7bb895d6 2998 return err;
73f22f62 2999}
9fbcbb45 3000
744cf19e 3001int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3002{
76a7f3a4 3003 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3004 bool changed = false;
3005 int err = 0;
9fbcbb45 3006
5e5282bb
JH		 3007 if (connectable) {
3008 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3009 changed = true;
3010 } else {
3011 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3012 changed = true;
3013 }
9fbcbb45 3014
ed9b5f2f
JH		 3015 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3016 &match);
3017
beadb2bd
JH		 3018 if (changed)
3019 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3020
3021 if (match.sk)
3022 sock_put(match.sk);
3023
7bb895d6 3024 return err;
9fbcbb45 3025}
55ed8ca1 3026
744cf19e 3027int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3028{
ca69b795
JH		 3029 u8 mgmt_err = mgmt_status(status);
3030
2d7cee58 3031 if (scan & SCAN_PAGE)
744cf19e 3032 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 3033 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3034
3035 if (scan & SCAN_INQUIRY)
744cf19e 3036 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 3037 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3038
3039 return 0;
3040}
3041
744cf19e
JH		 3042int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3043 u8 persistent)
55ed8ca1 3044{
86742e1e 3045 struct mgmt_ev_new_link_key ev;
55ed8ca1 3046
a492cd52 3047 memset(&ev, 0, sizeof(ev));
55ed8ca1 3048
a492cd52 3049 ev.store_hint = persistent;
d753fdc4
JH		 3050 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3051 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 3052 ev.key.type = key->type;
3053 memcpy(ev.key.val, key->val, 16);
3054 ev.key.pin_len = key->pin_len;
55ed8ca1 3055
744cf19e 3056 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3057}
f7520543 3058
346af67b
VCG		 3059int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3060{
3061 struct mgmt_ev_new_long_term_key ev;
3062
3063 memset(&ev, 0, sizeof(ev));
3064
3065 ev.store_hint = persistent;
3066 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3067 ev.key.addr.type = key->bdaddr_type;
3068 ev.key.authenticated = key->authenticated;
3069 ev.key.enc_size = key->enc_size;
3070 ev.key.ediv = key->ediv;
3071
3072 if (key->type == HCI_SMP_LTK)
3073 ev.key.master = 1;
3074
3075 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3076 memcpy(ev.key.val, key->val, sizeof(key->val));
3077
3078 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3079 &ev, sizeof(ev), NULL);
3080}
3081
afc747a6 3082int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 3083 u8 addr_type, u8 *name, u8 name_len,
3084 u8 *dev_class)
f7520543 3085{
b644ba33
JH		 3086 char buf[512];
3087 struct mgmt_ev_device_connected *ev = (void *) buf;
3088 u16 eir_len = 0;
f7520543 3089
b644ba33
JH		 3090 bacpy(&ev->addr.bdaddr, bdaddr);
3091 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3092
b644ba33
JH		 3093 if (name_len > 0)
3094 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3095 name, name_len);
3096
3097 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3098 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3099 EIR_CLASS_OF_DEV, dev_class, 3);
3100
3101 put_unaligned_le16(eir_len, &ev->eir_len);
3102
3103 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3104 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3105}
3106
8962ee74
JH		 3107static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3108{
c68fb7ff 3109 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3110 struct sock **sk = data;
a38528f1 3111 struct mgmt_rp_disconnect rp;
8962ee74 3112
88c3df13
JH		 3113 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3114 rp.addr.type = cp->addr.type;
8962ee74 3115
aee9b218
JH		 3116 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3117 sizeof(rp));
8962ee74
JH		 3118
3119 *sk = cmd->sk;
3120 sock_hold(*sk);
3121
a664b5bc 3122 mgmt_pending_remove(cmd);
8962ee74
JH		 3123}
3124
124f6e35 3125static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3126{
b1078ad0 3127 struct hci_dev *hdev = data;
124f6e35
JH		 3128 struct mgmt_cp_unpair_device *cp = cmd->param;
3129 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3130
3131 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3132 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3133 rp.addr.type = cp->addr.type;
a8a1d19e 3134
b1078ad0
JH		 3135 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3136
aee9b218 3137 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3138
3139 mgmt_pending_remove(cmd);
3140}
3141
afc747a6
JH		 3142int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3143 u8 link_type, u8 addr_type)
f7520543 3144{
4c659c39 3145 struct mgmt_addr_info ev;
8962ee74
JH		 3146 struct sock *sk = NULL;
3147 int err;
3148
744cf19e 3149 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3150
f7520543 3151 bacpy(&ev.bdaddr, bdaddr);
48264f06 3152 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3153
afc747a6
JH		 3154 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3155 sk);
8962ee74
JH		 3156
3157 if (sk)
3158 sock_put(sk);
3159
124f6e35 3160 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3161 hdev);
a8a1d19e 3162
8962ee74
JH		 3163 return err;
3164}
3165
88c3df13
JH		 3166int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3167 u8 link_type, u8 addr_type, u8 status)
8962ee74 3168{
88c3df13 3169 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3170 struct pending_cmd *cmd;
3171 int err;
3172
2e58ef3e 3173 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3174 if (!cmd)
3175 return -ENOENT;
3176
88c3df13
JH		 3177 bacpy(&rp.addr.bdaddr, bdaddr);
3178 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3179
88c3df13 3180 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3181 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3182
a664b5bc 3183 mgmt_pending_remove(cmd);
8962ee74 3184
b1078ad0
JH		 3185 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3186 hdev);
8962ee74 3187 return err;
f7520543 3188}
17d5c04c 3189
48264f06
JH		 3190int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3191 u8 addr_type, u8 status)
17d5c04c
JH		 3192{
3193 struct mgmt_ev_connect_failed ev;
3194
4c659c39 3195 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3196 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3197 ev.status = mgmt_status(status);
17d5c04c 3198
744cf19e 3199 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3200}
980e1a53 3201
744cf19e 3202int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3203{
3204 struct mgmt_ev_pin_code_request ev;
3205
d8457698
JH		 3206 bacpy(&ev.addr.bdaddr, bdaddr);
3207 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3208 ev.secure = secure;
980e1a53 3209
744cf19e 3210 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3211 NULL);
980e1a53
JH		 3212}
3213
744cf19e
JH		 3214int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3215 u8 status)
980e1a53
JH		 3216{
3217 struct pending_cmd *cmd;
ac56fb13 3218 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3219 int err;
3220
2e58ef3e 3221 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3222 if (!cmd)
3223 return -ENOENT;
3224
d8457698
JH		 3225 bacpy(&rp.addr.bdaddr, bdaddr);
3226 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3227
aee9b218
JH		 3228 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3229 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3230
a664b5bc 3231 mgmt_pending_remove(cmd);
980e1a53
JH		 3232
3233 return err;
3234}
3235
744cf19e
JH		 3236int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3237 u8 status)
980e1a53
JH		 3238{
3239 struct pending_cmd *cmd;
ac56fb13 3240 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3241 int err;
3242
2e58ef3e 3243 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3244 if (!cmd)
3245 return -ENOENT;
3246
d8457698
JH		 3247 bacpy(&rp.addr.bdaddr, bdaddr);
3248 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3249
aee9b218
JH		 3250 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3251 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3252
a664b5bc 3253 mgmt_pending_remove(cmd);
980e1a53
JH		 3254
3255 return err;
3256}
a5c29683 3257
744cf19e 3258int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3259 u8 link_type, u8 addr_type, __le32 value,
3260 u8 confirm_hint)
a5c29683
JH		 3261{
3262 struct mgmt_ev_user_confirm_request ev;
3263
744cf19e 3264 BT_DBG("%s", hdev->name);
a5c29683 3265
272d90df
JH		 3266 bacpy(&ev.addr.bdaddr, bdaddr);
3267 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3268 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3269 put_unaligned_le32(value, &ev.value);
3270
744cf19e 3271 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3272 NULL);
a5c29683
JH		 3273}
3274
272d90df
JH		 3275int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3276 u8 link_type, u8 addr_type)
604086b7
BG		 3277{
3278 struct mgmt_ev_user_passkey_request ev;
3279
3280 BT_DBG("%s", hdev->name);
3281
272d90df
JH		 3282 bacpy(&ev.addr.bdaddr, bdaddr);
3283 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3284
3285 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3286 NULL);
3287}
3288
0df4c185 3289static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3290 u8 link_type, u8 addr_type, u8 status,
3291 u8 opcode)
a5c29683
JH		 3292{
3293 struct pending_cmd *cmd;
3294 struct mgmt_rp_user_confirm_reply rp;
3295 int err;
3296
2e58ef3e 3297 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3298 if (!cmd)
3299 return -ENOENT;
3300
272d90df
JH		 3301 bacpy(&rp.addr.bdaddr, bdaddr);
3302 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3303 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3304 &rp, sizeof(rp));
a5c29683 3305
a664b5bc 3306 mgmt_pending_remove(cmd);
a5c29683
JH		 3307
3308 return err;
3309}
3310
744cf19e 3311int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3312 u8 link_type, u8 addr_type, u8 status)
a5c29683 3313{
272d90df
JH		 3314 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3315 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3316}
3317
272d90df
JH		 3318int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3319 u8 link_type, u8 addr_type, u8 status)
a5c29683 3320{
272d90df
JH		 3321 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3322 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3323}
2a611692 3324
604086b7 3325int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3326 u8 link_type, u8 addr_type, u8 status)
604086b7 3327{
272d90df
JH		 3328 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3329 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3330}
3331
272d90df
JH		 3332int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3333 u8 link_type, u8 addr_type, u8 status)
604086b7 3334{
272d90df
JH		 3335 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3336 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3337}
3338
bab73cb6
JH		 3339int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3340 u8 addr_type, u8 status)
2a611692
JH		 3341{
3342 struct mgmt_ev_auth_failed ev;
3343
bab73cb6
JH		 3344 bacpy(&ev.addr.bdaddr, bdaddr);
3345 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3346 ev.status = mgmt_status(status);
2a611692 3347
744cf19e 3348 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3349}
b312b161 3350
33ef95ed
JH		 3351int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3352{
3353 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3354 bool changed = false;
3355 int err = 0;
33ef95ed
JH		 3356
3357 if (status) {
3358 u8 mgmt_err = mgmt_status(status);
3359 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3360 cmd_status_rsp, &mgmt_err);
3361 return 0;
3362 }
3363
47990ea0
JH		 3364 if (test_bit(HCI_AUTH, &hdev->flags)) {
3365 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3366 changed = true;
3367 } else {
3368 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3369 changed = true;
3370 }
3371
33ef95ed
JH		 3372 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3373 &match);
3374
47990ea0
JH		 3375 if (changed)
3376 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3377
3378 if (match.sk)
3379 sock_put(match.sk);
3380
3381 return err;
3382}
3383
cacaf52f
JH		 3384static int clear_eir(struct hci_dev *hdev)
3385{
3386 struct hci_cp_write_eir cp;
3387
3388 if (!(hdev->features[6] & LMP_EXT_INQ))
3389 return 0;
3390
3391 memset(&cp, 0, sizeof(cp));
3392
3393 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3394}
3395
ed2c4ee3
JH		 3396int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3397{
3398 struct cmd_lookup match = { NULL, hdev };
ed2c4ee3
JH		 3399 int err;
3400
3401 if (status) {
3402 u8 mgmt_err = mgmt_status(status);
3403 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3404 cmd_status_rsp, &mgmt_err);
3405 return 0;
3406 }
3407
3408 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3409
beadb2bd 3410 err = new_settings(hdev, match.sk);
ed2c4ee3 3411
cacaf52f 3412 if (match.sk) {
ed2c4ee3
JH		 3413 sock_put(match.sk);
3414
cacaf52f
JH		 3415 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3416 update_eir(hdev);
3417 else
3418 clear_eir(hdev);
3419 }
3420
ed2c4ee3
JH		 3421 return err;
3422}
3423
744cf19e 3424int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3425{
3426 struct pending_cmd *cmd;
3427 struct mgmt_cp_set_local_name ev;
3428 int err;
3429
3430 memset(&ev, 0, sizeof(ev));
3431 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3432
2e58ef3e 3433 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3434 if (!cmd)
3435 goto send_event;
3436
3437 if (status) {
744cf19e 3438 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3439 mgmt_status(status));
b312b161
JH		 3440 goto failed;
3441 }
3442
744cf19e 3443 update_eir(hdev);
80a1e1db 3444
aee9b218 3445 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3446 sizeof(ev));
3447 if (err < 0)
3448 goto failed;
3449
3450send_event:
744cf19e 3451 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3452 cmd ? cmd->sk : NULL);
3453
3454failed:
3455 if (cmd)
3456 mgmt_pending_remove(cmd);
3457 return err;
3458}
c35938b2 3459
744cf19e
JH		 3460int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3461 u8 *randomizer, u8 status)
c35938b2
SJ		 3462{
3463 struct pending_cmd *cmd;
3464 int err;
3465
744cf19e 3466 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3467
2e58ef3e 3468 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3469 if (!cmd)
3470 return -ENOENT;
3471
3472 if (status) {
744cf19e 3473 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3474 MGMT_OP_READ_LOCAL_OOB_DATA,
3475 mgmt_status(status));
c35938b2
SJ		 3476 } else {
3477 struct mgmt_rp_read_local_oob_data rp;
3478
3479 memcpy(rp.hash, hash, sizeof(rp.hash));
3480 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3481
744cf19e
JH		 3482 err = cmd_complete(cmd->sk, hdev->id,
3483 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3484 0, &rp, sizeof(rp));
c35938b2
SJ		 3485 }
3486
3487 mgmt_pending_remove(cmd);
3488
3489 return err;
3490}
e17acd40 3491
48264f06 3492int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3493 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3494 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3495{
e319d2e7
JH		 3496 char buf[512];
3497 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3498 size_t ev_size;
e17acd40 3499
1dc06093
JH		 3500 /* Leave 5 bytes for a potential CoD field */
3501 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3502 return -EINVAL;
3503
1dc06093
JH		 3504 memset(buf, 0, sizeof(buf));
3505
e319d2e7
JH		 3506 bacpy(&ev->addr.bdaddr, bdaddr);
3507 ev->addr.type = link_to_mgmt(link_type, addr_type);
3508 ev->rssi = rssi;
3509 ev->confirm_name = cfm_name;
e17acd40 3510
1dc06093 3511 if (eir_len > 0)
e319d2e7 3512 memcpy(ev->eir, eir, eir_len);
e17acd40 3513
1dc06093
JH		 3514 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3515 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3516 dev_class, 3);
3517
3518 put_unaligned_le16(eir_len, &ev->eir_len);
3519
3520 ev_size = sizeof(*ev) + eir_len;
f8523598 3521
e319d2e7 3522 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3523}
a88a9652 3524
b644ba33
JH		 3525int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3526 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3527{
b644ba33
JH		 3528 struct mgmt_ev_device_found *ev;
3529 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3530 u16 eir_len;
a88a9652 3531
b644ba33 3532 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3533
b644ba33
JH		 3534 memset(buf, 0, sizeof(buf));
3535
3536 bacpy(&ev->addr.bdaddr, bdaddr);
3537 ev->addr.type = link_to_mgmt(link_type, addr_type);
3538 ev->rssi = rssi;
3539
3540 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3541 name_len);
3542
3543 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3544
053c7e0c
JH		 3545 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3546 sizeof(*ev) + eir_len, NULL);
a88a9652 3547}
314b2381 3548
7a135109 3549int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3550{
3551 struct pending_cmd *cmd;
f808e166 3552 u8 type;
164a6e78
JH		 3553 int err;
3554
203159d4
AG		 3555 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3556
2e58ef3e 3557 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3558 if (!cmd)
3559 return -ENOENT;
3560
f808e166
JH		 3561 type = hdev->discovery.type;
3562
3563 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3564 &type, sizeof(type));
164a6e78
JH		 3565 mgmt_pending_remove(cmd);
3566
3567 return err;
3568}
3569
e6d465cb
AG		 3570int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3571{
3572 struct pending_cmd *cmd;
3573 int err;
3574
3575 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3576 if (!cmd)
3577 return -ENOENT;
3578
d930650b
JH		 3579 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3580 &hdev->discovery.type,
3581 sizeof(hdev->discovery.type));
164a6e78
JH		 3582 mgmt_pending_remove(cmd);
3583
3584 return err;
3585}
3586
744cf19e 3587int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3588{
f963e8e9 3589 struct mgmt_ev_discovering ev;
164a6e78
JH		 3590 struct pending_cmd *cmd;
3591
343fb145
AG		 3592 BT_DBG("%s discovering %u", hdev->name, discovering);
3593
164a6e78 3594 if (discovering)
2e58ef3e 3595 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3596 else
2e58ef3e 3597 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3598
3599 if (cmd != NULL) {
f808e166
JH		 3600 u8 type = hdev->discovery.type;
3601
d930650b 3602 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3603 &type, sizeof(type));
164a6e78
JH		 3604 mgmt_pending_remove(cmd);
3605 }
3606
f963e8e9
JH		 3607 memset(&ev, 0, sizeof(ev));
3608 ev.type = hdev->discovery.type;
3609 ev.discovering = discovering;
3610
3611 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3612}
5e762444 3613
88c1fe4b 3614int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3615{
3616 struct pending_cmd *cmd;
3617 struct mgmt_ev_device_blocked ev;
3618
2e58ef3e 3619 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3620
88c1fe4b
JH		 3621 bacpy(&ev.addr.bdaddr, bdaddr);
3622 ev.addr.type = type;
5e762444 3623
744cf19e
JH		 3624 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3625 cmd ? cmd->sk : NULL);
5e762444
AJ		 3626}
3627
88c1fe4b 3628int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3629{
3630 struct pending_cmd *cmd;
3631 struct mgmt_ev_device_unblocked ev;
3632
2e58ef3e 3633 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3634
88c1fe4b
JH		 3635 bacpy(&ev.addr.bdaddr, bdaddr);
3636 ev.addr.type = type;
5e762444 3637
744cf19e
JH		 3638 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3639 cmd ? cmd->sk : NULL);
5e762444 3640}
d7b7e796
MH		 3641
3642module_param(enable_hs, bool, 0644);
3643MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3644
3645module_param(enable_le, bool, 0644);
3646MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux 6.x block layer and io_uring tree(s)