projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: MGMT start discovery LE-Only support
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
ca69b795 25#include <linux/kernel.h>
72359753 26#include <linux/uaccess.h>
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
02d98129
JH		 35#define MGMT_VERSION 0
36#define MGMT_REVISION 1
37
3fd24153
AG		 38/*
39 * These LE scan and inquiry parameters were chosen according to LE General
40 * Discovery Procedure specification.
41 */
42#define LE_SCAN_TYPE 0x01
43#define LE_SCAN_WIN 0x12
44#define LE_SCAN_INT 0x12
45#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
46
2519a1fc
AG		 47#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
48
7d78525d
JH		 49#define SERVICE_CACHE_TIMEOUT (5 * 1000)
50
eec8d2bc
JH		 51struct pending_cmd {
52 struct list_head list;
fc2f4b13 53 u16 opcode;
eec8d2bc 54 int index;
c68fb7ff 55 void *param;
eec8d2bc 56 struct sock *sk;
e9a416b5 57 void *user_data;
eec8d2bc
JH		 58};
59
ca69b795
JH		 60/* HCI to MGMT error code conversion table */
61static u8 mgmt_status_table[] = {
62 MGMT_STATUS_SUCCESS,
63 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
64 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
65 MGMT_STATUS_FAILED, /* Hardware Failure */
66 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
67 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
68 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
69 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
70 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
71 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
72 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
73 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
74 MGMT_STATUS_BUSY, /* Command Disallowed */
75 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
76 MGMT_STATUS_REJECTED, /* Rejected Security */
77 MGMT_STATUS_REJECTED, /* Rejected Personal */
78 MGMT_STATUS_TIMEOUT, /* Host Timeout */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
80 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
81 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
82 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
83 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
84 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
85 MGMT_STATUS_BUSY, /* Repeated Attempts */
86 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
87 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
88 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
89 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
90 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
91 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
92 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
93 MGMT_STATUS_FAILED, /* Unspecified Error */
94 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
95 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
96 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
97 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
98 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
99 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
100 MGMT_STATUS_FAILED, /* Unit Link Key Used */
101 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
102 MGMT_STATUS_TIMEOUT, /* Instant Passed */
103 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
104 MGMT_STATUS_FAILED, /* Transaction Collision */
105 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
106 MGMT_STATUS_REJECTED, /* QoS Rejected */
107 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
108 MGMT_STATUS_REJECTED, /* Insufficient Security */
109 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
110 MGMT_STATUS_BUSY, /* Role Switch Pending */
111 MGMT_STATUS_FAILED, /* Slot Violation */
112 MGMT_STATUS_FAILED, /* Role Switch Failed */
113 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
114 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
115 MGMT_STATUS_BUSY, /* Host Busy Pairing */
116 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
117 MGMT_STATUS_BUSY, /* Controller Busy */
118 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
119 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
120 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
121 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
122 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
123};
124
125static u8 mgmt_status(u8 hci_status)
126{
127 if (hci_status < ARRAY_SIZE(mgmt_status_table))
128 return mgmt_status_table[hci_status];
129
130 return MGMT_STATUS_FAILED;
131}
132
4e51eae9 133static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 134{
135 struct sk_buff *skb;
136 struct mgmt_hdr *hdr;
137 struct mgmt_ev_cmd_status *ev;
56b7d137 138 int err;
f7b64e69 139
34eb525c 140 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 141
142 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
143 if (!skb)
144 return -ENOMEM;
145
146 hdr = (void *) skb_put(skb, sizeof(*hdr));
147
148 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 149 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 150 hdr->len = cpu_to_le16(sizeof(*ev));
151
152 ev = (void *) skb_put(skb, sizeof(*ev));
153 ev->status = status;
154 put_unaligned_le16(cmd, &ev->opcode);
155
56b7d137
GP		 156 err = sock_queue_rcv_skb(sk, skb);
157 if (err < 0)
f7b64e69
JH		 158 kfree_skb(skb);
159
56b7d137 160 return err;
f7b64e69
JH		 161}
162
4e51eae9
SJ		 163static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
164 size_t rp_len)
02d98129
JH		 165{
166 struct sk_buff *skb;
167 struct mgmt_hdr *hdr;
168 struct mgmt_ev_cmd_complete *ev;
56b7d137 169 int err;
02d98129
JH		 170
171 BT_DBG("sock %p", sk);
172
a38528f1 173 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 174 if (!skb)
175 return -ENOMEM;
176
177 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 178
a38528f1 179 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 180 hdr->index = cpu_to_le16(index);
a38528f1 181 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 182
a38528f1
JH		 183 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
184 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 185
186 if (rp)
187 memcpy(ev->data, rp, rp_len);
02d98129 188
56b7d137
GP		 189 err = sock_queue_rcv_skb(sk, skb);
190 if (err < 0)
02d98129
JH		 191 kfree_skb(skb);
192
56b7d137 193 return err;;
02d98129
JH		 194}
195
a38528f1
JH		 196static int read_version(struct sock *sk)
197{
198 struct mgmt_rp_read_version rp;
199
200 BT_DBG("sock %p", sk);
201
202 rp.version = MGMT_VERSION;
203 put_unaligned_le16(MGMT_REVISION, &rp.revision);
204
4e51eae9
SJ		 205 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
206 sizeof(rp));
a38528f1
JH		 207}
208
faba42eb
JH		 209static int read_index_list(struct sock *sk)
210{
faba42eb
JH		 211 struct mgmt_rp_read_index_list *rp;
212 struct list_head *p;
8035ded4 213 struct hci_dev *d;
a38528f1 214 size_t rp_len;
faba42eb 215 u16 count;
a38528f1 216 int i, err;
faba42eb
JH		 217
218 BT_DBG("sock %p", sk);
219
220 read_lock(&hci_dev_list_lock);
221
222 count = 0;
223 list_for_each(p, &hci_dev_list) {
224 count++;
225 }
226
a38528f1
JH		 227 rp_len = sizeof(*rp) + (2 * count);
228 rp = kmalloc(rp_len, GFP_ATOMIC);
229 if (!rp) {
b2c60d42 230 read_unlock(&hci_dev_list_lock);
faba42eb 231 return -ENOMEM;
b2c60d42 232 }
faba42eb 233
faba42eb
JH		 234 put_unaligned_le16(count, &rp->num_controllers);
235
236 i = 0;
8035ded4 237 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 238 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
e0f9309f 239 cancel_delayed_work(&d->power_off);
ab81cbf9 240
a8b2d5c2 241 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 242 continue;
243
faba42eb
JH		 244 put_unaligned_le16(d->id, &rp->index[i++]);
245 BT_DBG("Added hci%u", d->id);
246 }
247
248 read_unlock(&hci_dev_list_lock);
249
4e51eae9
SJ		 250 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
251 rp_len);
faba42eb 252
a38528f1
JH		 253 kfree(rp);
254
255 return err;
faba42eb
JH		 256}
257
69ab39ea
JH		 258static u32 get_supported_settings(struct hci_dev *hdev)
259{
260 u32 settings = 0;
261
262 settings |= MGMT_SETTING_POWERED;
263 settings |= MGMT_SETTING_CONNECTABLE;
264 settings |= MGMT_SETTING_FAST_CONNECTABLE;
265 settings |= MGMT_SETTING_DISCOVERABLE;
266 settings |= MGMT_SETTING_PAIRABLE;
267
268 if (hdev->features[6] & LMP_SIMPLE_PAIR)
269 settings |= MGMT_SETTING_SSP;
270
271 if (!(hdev->features[4] & LMP_NO_BREDR)) {
272 settings |= MGMT_SETTING_BREDR;
273 settings |= MGMT_SETTING_LINK_SECURITY;
274 }
275
276 if (hdev->features[4] & LMP_LE)
277 settings |= MGMT_SETTING_LE;
278
279 return settings;
280}
281
282static u32 get_current_settings(struct hci_dev *hdev)
283{
284 u32 settings = 0;
285
286 if (test_bit(HCI_UP, &hdev->flags))
287 settings |= MGMT_SETTING_POWERED;
288 else
289 return settings;
290
291 if (test_bit(HCI_PSCAN, &hdev->flags))
292 settings |= MGMT_SETTING_CONNECTABLE;
293
294 if (test_bit(HCI_ISCAN, &hdev->flags))
295 settings |= MGMT_SETTING_DISCOVERABLE;
296
a8b2d5c2 297 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 298 settings |= MGMT_SETTING_PAIRABLE;
299
300 if (!(hdev->features[4] & LMP_NO_BREDR))
301 settings |= MGMT_SETTING_BREDR;
302
59e29406 303 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 304 settings |= MGMT_SETTING_LE;
305
306 if (test_bit(HCI_AUTH, &hdev->flags))
307 settings |= MGMT_SETTING_LINK_SECURITY;
308
84bde9d6 309 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 310 settings |= MGMT_SETTING_SSP;
311
312 return settings;
313}
314
ef580372
JH		 315#define PNP_INFO_SVCLASS_ID 0x1200
316
317static u8 bluetooth_base_uuid[] = {
318 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
319 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
320};
321
322static u16 get_uuid16(u8 *uuid128)
323{
324 u32 val;
325 int i;
326
327 for (i = 0; i < 12; i++) {
328 if (bluetooth_base_uuid[i] != uuid128[i])
329 return 0;
330 }
331
332 memcpy(&val, &uuid128[12], 4);
333
334 val = le32_to_cpu(val);
335 if (val > 0xffff)
336 return 0;
337
338 return (u16) val;
339}
340
341static void create_eir(struct hci_dev *hdev, u8 *data)
342{
343 u8 *ptr = data;
344 u16 eir_len = 0;
345 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
346 int i, truncated = 0;
347 struct bt_uuid *uuid;
348 size_t name_len;
349
350 name_len = strlen(hdev->dev_name);
351
352 if (name_len > 0) {
353 /* EIR Data type */
354 if (name_len > 48) {
355 name_len = 48;
356 ptr[1] = EIR_NAME_SHORT;
357 } else
358 ptr[1] = EIR_NAME_COMPLETE;
359
360 /* EIR Data length */
361 ptr[0] = name_len + 1;
362
363 memcpy(ptr + 2, hdev->dev_name, name_len);
364
365 eir_len += (name_len + 2);
366 ptr += (name_len + 2);
367 }
368
369 memset(uuid16_list, 0, sizeof(uuid16_list));
370
371 /* Group all UUID16 types */
372 list_for_each_entry(uuid, &hdev->uuids, list) {
373 u16 uuid16;
374
375 uuid16 = get_uuid16(uuid->uuid);
376 if (uuid16 == 0)
377 return;
378
379 if (uuid16 < 0x1100)
380 continue;
381
382 if (uuid16 == PNP_INFO_SVCLASS_ID)
383 continue;
384
385 /* Stop if not enough space to put next UUID */
386 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
387 truncated = 1;
388 break;
389 }
390
391 /* Check for duplicates */
392 for (i = 0; uuid16_list[i] != 0; i++)
393 if (uuid16_list[i] == uuid16)
394 break;
395
396 if (uuid16_list[i] == 0) {
397 uuid16_list[i] = uuid16;
398 eir_len += sizeof(u16);
399 }
400 }
401
402 if (uuid16_list[0] != 0) {
403 u8 *length = ptr;
404
405 /* EIR Data type */
406 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
407
408 ptr += 2;
409 eir_len += 2;
410
411 for (i = 0; uuid16_list[i] != 0; i++) {
412 *ptr++ = (uuid16_list[i] & 0x00ff);
413 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
414 }
415
416 /* EIR Data length */
417 *length = (i * sizeof(u16)) + 1;
418 }
419}
420
421static int update_eir(struct hci_dev *hdev)
422{
423 struct hci_cp_write_eir cp;
424
425 if (!(hdev->features[6] & LMP_EXT_INQ))
426 return 0;
427
84bde9d6 428 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 429 return 0;
430
a8b2d5c2 431 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 432 return 0;
433
434 memset(&cp, 0, sizeof(cp));
435
436 create_eir(hdev, cp.data);
437
438 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
439 return 0;
440
441 memcpy(hdev->eir, cp.data, sizeof(cp.data));
442
443 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
444}
445
446static u8 get_service_classes(struct hci_dev *hdev)
447{
448 struct bt_uuid *uuid;
449 u8 val = 0;
450
451 list_for_each_entry(uuid, &hdev->uuids, list)
452 val |= uuid->svc_hint;
453
454 return val;
455}
456
457static int update_class(struct hci_dev *hdev)
458{
459 u8 cod[3];
460
461 BT_DBG("%s", hdev->name);
462
a8b2d5c2 463 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 464 return 0;
465
466 cod[0] = hdev->minor_class;
467 cod[1] = hdev->major_class;
468 cod[2] = get_service_classes(hdev);
469
470 if (memcmp(cod, hdev->dev_class, 3) == 0)
471 return 0;
472
473 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
474}
475
7d78525d
JH		 476static void service_cache_off(struct work_struct *work)
477{
478 struct hci_dev *hdev = container_of(work, struct hci_dev,
479 service_cache.work);
480
a8b2d5c2 481 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 482 return;
483
484 hci_dev_lock(hdev);
485
486 update_eir(hdev);
487 update_class(hdev);
488
489 hci_dev_unlock(hdev);
490}
491
492static void mgmt_init_hdev(struct hci_dev *hdev)
493{
a8b2d5c2 494 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
7d78525d
JH		 495 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
496
a8b2d5c2 497 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 498 schedule_delayed_work(&hdev->service_cache,
499 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
500}
501
4e51eae9 502static int read_controller_info(struct sock *sk, u16 index)
0381101f 503{
a38528f1 504 struct mgmt_rp_read_info rp;
f7b64e69 505 struct hci_dev *hdev;
0381101f 506
4e51eae9 507 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 508
4e51eae9 509 hdev = hci_dev_get(index);
a38528f1 510 if (!hdev)
ca69b795
JH		 511 return cmd_status(sk, index, MGMT_OP_READ_INFO,
512 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 513
a8b2d5c2 514 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3243553f 515 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 516
09fd0de5 517 hci_dev_lock(hdev);
f7b64e69 518
7d78525d
JH		 519 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
520 mgmt_init_hdev(hdev);
ebc99feb 521
dc4fe30b
JH		 522 memset(&rp, 0, sizeof(rp));
523
69ab39ea 524 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 525
69ab39ea 526 rp.version = hdev->hci_ver;
f7b64e69 527
69ab39ea
JH		 528 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
529
530 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
531 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 532
a38528f1 533 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 534
dc4fe30b
JH		 535 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
536
09fd0de5 537 hci_dev_unlock(hdev);
f7b64e69 538 hci_dev_put(hdev);
0381101f 539
4e51eae9 540 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 541}
542
eec8d2bc
JH		 543static void mgmt_pending_free(struct pending_cmd *cmd)
544{
545 sock_put(cmd->sk);
c68fb7ff 546 kfree(cmd->param);
eec8d2bc
JH		 547 kfree(cmd);
548}
549
366a0336 550static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 551 struct hci_dev *hdev,
552 void *data, u16 len)
eec8d2bc
JH		 553{
554 struct pending_cmd *cmd;
555
556 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
557 if (!cmd)
366a0336 558 return NULL;
eec8d2bc
JH		 559
560 cmd->opcode = opcode;
2e58ef3e 561 cmd->index = hdev->id;
eec8d2bc 562
c68fb7ff
SJ		 563 cmd->param = kmalloc(len, GFP_ATOMIC);
564 if (!cmd->param) {
eec8d2bc 565 kfree(cmd);
366a0336 566 return NULL;
eec8d2bc
JH		 567 }
568
8fce6357
SJ		 569 if (data)
570 memcpy(cmd->param, data, len);
eec8d2bc
JH		 571
572 cmd->sk = sk;
573 sock_hold(sk);
574
2e58ef3e 575 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 576
366a0336 577 return cmd;
eec8d2bc
JH		 578}
579
744cf19e 580static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 581 void (*cb)(struct pending_cmd *cmd, void *data),
582 void *data)
583{
584 struct list_head *p, *n;
585
2e58ef3e 586 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 587 struct pending_cmd *cmd;
588
589 cmd = list_entry(p, struct pending_cmd, list);
590
b24752fe 591 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 592 continue;
593
eec8d2bc
JH		 594 cb(cmd, data);
595 }
596}
597
2e58ef3e 598static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 599{
8035ded4 600 struct pending_cmd *cmd;
eec8d2bc 601
2e58ef3e 602 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 603 if (cmd->opcode == opcode)
604 return cmd;
eec8d2bc
JH		 605 }
606
607 return NULL;
608}
609
a664b5bc 610static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 611{
73f22f62
JH		 612 list_del(&cmd->list);
613 mgmt_pending_free(cmd);
614}
615
69ab39ea 616static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 617{
69ab39ea 618 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 619
69ab39ea 620 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
8680570b
JH		 621}
622
650f726d 623static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 624{
650f726d 625 struct mgmt_mode *cp = data;
eec8d2bc 626 struct hci_dev *hdev;
366a0336 627 struct pending_cmd *cmd;
366a0336 628 int err, up;
eec8d2bc 629
4e51eae9 630 BT_DBG("request for hci%u", index);
eec8d2bc 631
bdce7baf 632 if (len != sizeof(*cp))
ca69b795
JH		 633 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
634 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 635
4e51eae9 636 hdev = hci_dev_get(index);
eec8d2bc 637 if (!hdev)
ca69b795
JH		 638 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
639 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 640
09fd0de5 641 hci_dev_lock(hdev);
eec8d2bc
JH		 642
643 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 644 if ((cp->val && up) || (!cp->val && !up)) {
69ab39ea 645 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 646 goto failed;
647 }
648
2e58ef3e 649 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 650 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
651 MGMT_STATUS_BUSY);
eec8d2bc
JH		 652 goto failed;
653 }
654
2e58ef3e 655 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 656 if (!cmd) {
657 err = -ENOMEM;
eec8d2bc 658 goto failed;
366a0336 659 }
eec8d2bc 660
72a734ec 661 if (cp->val)
7f971041 662 schedule_work(&hdev->power_on);
eec8d2bc 663 else
80b7ab33 664 schedule_work(&hdev->power_off.work);
eec8d2bc 665
366a0336 666 err = 0;
eec8d2bc
JH		 667
668failed:
09fd0de5 669 hci_dev_unlock(hdev);
eec8d2bc 670 hci_dev_put(hdev);
366a0336 671 return err;
eec8d2bc
JH		 672}
673
650f726d 674static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 675{
650f726d 676 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 677 struct hci_dev *hdev;
366a0336 678 struct pending_cmd *cmd;
73f22f62
JH		 679 u8 scan;
680 int err;
681
4e51eae9 682 BT_DBG("request for hci%u", index);
73f22f62 683
bdce7baf 684 if (len != sizeof(*cp))
ca69b795
JH		 685 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
686 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 687
4e51eae9 688 hdev = hci_dev_get(index);
73f22f62 689 if (!hdev)
ca69b795
JH		 690 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
691 MGMT_STATUS_INVALID_PARAMS);
73f22f62 692
09fd0de5 693 hci_dev_lock(hdev);
73f22f62
JH		 694
695 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 696 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
697 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 698 goto failed;
699 }
700
2e58ef3e
JH		 701 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
702 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 703 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
704 MGMT_STATUS_BUSY);
73f22f62
JH		 705 goto failed;
706 }
707
72a734ec 708 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 709 test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 710 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 711 goto failed;
712 }
713
2e58ef3e 714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 715 if (!cmd) {
716 err = -ENOMEM;
73f22f62 717 goto failed;
366a0336 718 }
73f22f62
JH		 719
720 scan = SCAN_PAGE;
721
72a734ec 722 if (cp->val)
73f22f62 723 scan |= SCAN_INQUIRY;
16ab91ab 724 else
e0f9309f 725 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 726
727 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
728 if (err < 0)
a664b5bc 729 mgmt_pending_remove(cmd);
73f22f62 730
16ab91ab
JH		 731 if (cp->val)
732 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
733
73f22f62 734failed:
09fd0de5 735 hci_dev_unlock(hdev);
73f22f62
JH		 736 hci_dev_put(hdev);
737
738 return err;
739}
740
650f726d 741static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 742{
650f726d 743 struct mgmt_mode *cp = data;
9fbcbb45 744 struct hci_dev *hdev;
366a0336 745 struct pending_cmd *cmd;
9fbcbb45
JH		 746 u8 scan;
747 int err;
748
4e51eae9 749 BT_DBG("request for hci%u", index);
9fbcbb45 750
bdce7baf 751 if (len != sizeof(*cp))
ca69b795
JH		 752 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
753 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 754
4e51eae9 755 hdev = hci_dev_get(index);
9fbcbb45 756 if (!hdev)
ca69b795
JH		 757 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
758 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 759
09fd0de5 760 hci_dev_lock(hdev);
9fbcbb45
JH		 761
762 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 763 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
764 MGMT_STATUS_NOT_POWERED);
9fbcbb45
JH		 765 goto failed;
766 }
767
2e58ef3e
JH		 768 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
769 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 770 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
771 MGMT_STATUS_BUSY);
9fbcbb45
JH		 772 goto failed;
773 }
774
72a734ec 775 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 776 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
9fbcbb45 783 goto failed;
366a0336 784 }
9fbcbb45 785
72a734ec 786 if (cp->val)
9fbcbb45
JH		 787 scan = SCAN_PAGE;
788 else
789 scan = 0;
790
791 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
792 if (err < 0)
a664b5bc 793 mgmt_pending_remove(cmd);
9fbcbb45
JH		 794
795failed:
09fd0de5 796 hci_dev_unlock(hdev);
9fbcbb45
JH		 797 hci_dev_put(hdev);
798
799 return err;
800}
801
744cf19e
JH		 802static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
803 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 804{
805 struct sk_buff *skb;
806 struct mgmt_hdr *hdr;
807
808 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
809 if (!skb)
810 return -ENOMEM;
811
812 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
813
814 hdr = (void *) skb_put(skb, sizeof(*hdr));
815 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 816 if (hdev)
817 hdr->index = cpu_to_le16(hdev->id);
818 else
819 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 820 hdr->len = cpu_to_le16(data_len);
821
4e51eae9
SJ		 822 if (data)
823 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 824
825 hci_send_to_sock(NULL, skb, skip_sk);
826 kfree_skb(skb);
827
828 return 0;
829}
830
650f726d 831static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 832{
650f726d 833 struct mgmt_mode *cp = data;
c542a06c 834 struct hci_dev *hdev;
69ab39ea 835 __le32 ev;
c542a06c
JH		 836 int err;
837
4e51eae9 838 BT_DBG("request for hci%u", index);
c542a06c 839
bdce7baf 840 if (len != sizeof(*cp))
ca69b795
JH		 841 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
842 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 843
4e51eae9 844 hdev = hci_dev_get(index);
c542a06c 845 if (!hdev)
ca69b795
JH		 846 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
847 MGMT_STATUS_INVALID_PARAMS);
c542a06c 848
09fd0de5 849 hci_dev_lock(hdev);
c542a06c
JH		 850
851 if (cp->val)
a8b2d5c2 852 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 853 else
a8b2d5c2 854 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 855
69ab39ea 856 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 857 if (err < 0)
858 goto failed;
859
69ab39ea 860 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 861
69ab39ea 862 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 863
864failed:
09fd0de5 865 hci_dev_unlock(hdev);
c542a06c
JH		 866 hci_dev_put(hdev);
867
868 return err;
869}
870
650f726d 871static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 872{
650f726d 873 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 874 struct hci_dev *hdev;
875 struct bt_uuid *uuid;
2aeb9a1a
JH		 876 int err;
877
4e51eae9 878 BT_DBG("request for hci%u", index);
2aeb9a1a 879
bdce7baf 880 if (len != sizeof(*cp))
ca69b795
JH		 881 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
882 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 883
4e51eae9 884 hdev = hci_dev_get(index);
2aeb9a1a 885 if (!hdev)
ca69b795
JH		 886 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
887 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 888
09fd0de5 889 hci_dev_lock(hdev);
2aeb9a1a
JH		 890
891 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
892 if (!uuid) {
893 err = -ENOMEM;
894 goto failed;
895 }
896
897 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 898 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 899
900 list_add(&uuid->list, &hdev->uuids);
901
1aff6f09
JH		 902 err = update_class(hdev);
903 if (err < 0)
904 goto failed;
905
80a1e1db
JH		 906 err = update_eir(hdev);
907 if (err < 0)
908 goto failed;
909
4e51eae9 910 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 911
912failed:
09fd0de5 913 hci_dev_unlock(hdev);
2aeb9a1a
JH		 914 hci_dev_put(hdev);
915
916 return err;
917}
918
650f726d 919static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 920{
650f726d 921 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 922 struct list_head *p, *n;
2aeb9a1a
JH		 923 struct hci_dev *hdev;
924 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 925 int err, found;
926
4e51eae9 927 BT_DBG("request for hci%u", index);
2aeb9a1a 928
bdce7baf 929 if (len != sizeof(*cp))
ca69b795
JH		 930 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
931 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 932
4e51eae9 933 hdev = hci_dev_get(index);
2aeb9a1a 934 if (!hdev)
ca69b795
JH		 935 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
936 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 937
09fd0de5 938 hci_dev_lock(hdev);
2aeb9a1a
JH		 939
940 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
941 err = hci_uuids_clear(hdev);
942 goto unlock;
943 }
944
945 found = 0;
946
947 list_for_each_safe(p, n, &hdev->uuids) {
948 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
949
950 if (memcmp(match->uuid, cp->uuid, 16) != 0)
951 continue;
952
953 list_del(&match->list);
954 found++;
955 }
956
957 if (found == 0) {
ca69b795
JH		 958 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
959 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 960 goto unlock;
961 }
962
1aff6f09
JH		 963 err = update_class(hdev);
964 if (err < 0)
965 goto unlock;
966
80a1e1db
JH		 967 err = update_eir(hdev);
968 if (err < 0)
969 goto unlock;
970
4e51eae9 971 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 972
973unlock:
09fd0de5 974 hci_dev_unlock(hdev);
2aeb9a1a
JH		 975 hci_dev_put(hdev);
976
977 return err;
978}
979
650f726d 980static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 981{
982 struct hci_dev *hdev;
650f726d 983 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 984 int err;
985
4e51eae9 986 BT_DBG("request for hci%u", index);
1aff6f09 987
bdce7baf 988 if (len != sizeof(*cp))
ca69b795
JH		 989 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
990 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 991
4e51eae9 992 hdev = hci_dev_get(index);
1aff6f09 993 if (!hdev)
ca69b795
JH		 994 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
995 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 996
09fd0de5 997 hci_dev_lock(hdev);
1aff6f09
JH		 998
999 hdev->major_class = cp->major;
1000 hdev->minor_class = cp->minor;
1001
a8b2d5c2 1002 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1003 hci_dev_unlock(hdev);
1004 cancel_delayed_work_sync(&hdev->service_cache);
1005 hci_dev_lock(hdev);
14c0b608 1006 update_eir(hdev);
7d78525d 1007 }
14c0b608 1008
1aff6f09
JH		 1009 err = update_class(hdev);
1010
1011 if (err == 0)
4e51eae9 1012 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 1013
09fd0de5 1014 hci_dev_unlock(hdev);
1aff6f09
JH		 1015 hci_dev_put(hdev);
1016
1017 return err;
1018}
1019
650f726d 1020static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1021{
1022 struct hci_dev *hdev;
650f726d 1023 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1024 u16 key_count, expected_len;
a492cd52 1025 int i;
55ed8ca1 1026
bdce7baf 1027 if (len < sizeof(*cp))
ca69b795
JH		 1028 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1029 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1030
55ed8ca1
JH		 1031 key_count = get_unaligned_le16(&cp->key_count);
1032
86742e1e
JH		 1033 expected_len = sizeof(*cp) + key_count *
1034 sizeof(struct mgmt_link_key_info);
a492cd52 1035 if (expected_len != len) {
86742e1e 1036 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1037 len, expected_len);
ca69b795
JH		 1038 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1039 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1040 }
1041
4e51eae9 1042 hdev = hci_dev_get(index);
55ed8ca1 1043 if (!hdev)
ca69b795
JH		 1044 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1045 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1046
4e51eae9 1047 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1048 key_count);
1049
09fd0de5 1050 hci_dev_lock(hdev);
55ed8ca1
JH		 1051
1052 hci_link_keys_clear(hdev);
1053
a8b2d5c2 1054 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1055
1056 if (cp->debug_keys)
a8b2d5c2 1057 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1058 else
a8b2d5c2 1059 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1060
a492cd52 1061 for (i = 0; i < key_count; i++) {
86742e1e 1062 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1063
d25e28ab 1064 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 1065 key->pin_len);
1066 }
1067
0e5f875a
JH		 1068 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1069
09fd0de5 1070 hci_dev_unlock(hdev);
55ed8ca1
JH		 1071 hci_dev_put(hdev);
1072
a492cd52 1073 return 0;
55ed8ca1
JH		 1074}
1075
650f726d 1076static int remove_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1077{
1078 struct hci_dev *hdev;
650f726d 1079 struct mgmt_cp_remove_keys *cp = data;
a8a1d19e
JH		 1080 struct mgmt_rp_remove_keys rp;
1081 struct hci_cp_disconnect dc;
1082 struct pending_cmd *cmd;
55ed8ca1 1083 struct hci_conn *conn;
55ed8ca1
JH		 1084 int err;
1085
bdce7baf 1086 if (len != sizeof(*cp))
ca69b795
JH		 1087 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1088 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1089
4e51eae9 1090 hdev = hci_dev_get(index);
55ed8ca1 1091 if (!hdev)
ca69b795
JH		 1092 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1093 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1094
09fd0de5 1095 hci_dev_lock(hdev);
55ed8ca1 1096
a8a1d19e
JH		 1097 memset(&rp, 0, sizeof(rp));
1098 bacpy(&rp.bdaddr, &cp->bdaddr);
ca69b795 1099 rp.status = MGMT_STATUS_FAILED;
a8a1d19e 1100
b0dbfb46
VCG		 1101 err = hci_remove_ltk(hdev, &cp->bdaddr);
1102 if (err < 0) {
1103 err = cmd_status(sk, index, MGMT_OP_REMOVE_KEYS, -err);
1104 goto unlock;
1105 }
1106
55ed8ca1
JH		 1107 err = hci_remove_link_key(hdev, &cp->bdaddr);
1108 if (err < 0) {
ca69b795 1109 rp.status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1110 goto unlock;
1111 }
1112
a8a1d19e
JH		 1113 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1114 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1115 sizeof(rp));
55ed8ca1 1116 goto unlock;
a8a1d19e 1117 }
55ed8ca1
JH		 1118
1119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
a8a1d19e
JH		 1120 if (!conn) {
1121 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1122 sizeof(rp));
1123 goto unlock;
1124 }
55ed8ca1 1125
a8a1d19e
JH		 1126 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1127 if (!cmd) {
1128 err = -ENOMEM;
1129 goto unlock;
55ed8ca1
JH		 1130 }
1131
a8a1d19e
JH		 1132 put_unaligned_le16(conn->handle, &dc.handle);
1133 dc.reason = 0x13; /* Remote User Terminated Connection */
1134 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1135 if (err < 0)
1136 mgmt_pending_remove(cmd);
1137
55ed8ca1 1138unlock:
ca69b795 1139 if (err < 0)
a8a1d19e
JH		 1140 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1141 sizeof(rp));
09fd0de5 1142 hci_dev_unlock(hdev);
55ed8ca1
JH		 1143 hci_dev_put(hdev);
1144
1145 return err;
1146}
1147
650f726d 1148static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1149{
1150 struct hci_dev *hdev;
650f726d 1151 struct mgmt_cp_disconnect *cp = data;
8962ee74 1152 struct hci_cp_disconnect dc;
366a0336 1153 struct pending_cmd *cmd;
8962ee74 1154 struct hci_conn *conn;
8962ee74
JH		 1155 int err;
1156
1157 BT_DBG("");
1158
bdce7baf 1159 if (len != sizeof(*cp))
ca69b795
JH		 1160 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1161 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1162
4e51eae9 1163 hdev = hci_dev_get(index);
8962ee74 1164 if (!hdev)
ca69b795
JH		 1165 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1166 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1167
09fd0de5 1168 hci_dev_lock(hdev);
8962ee74
JH		 1169
1170 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1171 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1173 goto failed;
1174 }
1175
2e58ef3e 1176 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1177 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1178 MGMT_STATUS_BUSY);
8962ee74
JH		 1179 goto failed;
1180 }
1181
1182 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
365227e5
VCG		 1183 if (!conn)
1184 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1185
8962ee74 1186 if (!conn) {
ca69b795
JH		 1187 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1188 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1189 goto failed;
1190 }
1191
2e58ef3e 1192 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1193 if (!cmd) {
1194 err = -ENOMEM;
8962ee74 1195 goto failed;
366a0336 1196 }
8962ee74
JH		 1197
1198 put_unaligned_le16(conn->handle, &dc.handle);
1199 dc.reason = 0x13; /* Remote User Terminated Connection */
1200
1201 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1202 if (err < 0)
a664b5bc 1203 mgmt_pending_remove(cmd);
8962ee74
JH		 1204
1205failed:
09fd0de5 1206 hci_dev_unlock(hdev);
8962ee74
JH		 1207 hci_dev_put(hdev);
1208
1209 return err;
1210}
1211
48264f06 1212static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1213{
1214 switch (link_type) {
1215 case LE_LINK:
48264f06
JH		 1216 switch (addr_type) {
1217 case ADDR_LE_DEV_PUBLIC:
1218 return MGMT_ADDR_LE_PUBLIC;
1219 case ADDR_LE_DEV_RANDOM:
1220 return MGMT_ADDR_LE_RANDOM;
1221 default:
1222 return MGMT_ADDR_INVALID;
1223 }
4c659c39
JH		 1224 case ACL_LINK:
1225 return MGMT_ADDR_BREDR;
1226 default:
1227 return MGMT_ADDR_INVALID;
1228 }
1229}
1230
8ce6284e 1231static int get_connections(struct sock *sk, u16 index)
2784eb41 1232{
2784eb41
JH		 1233 struct mgmt_rp_get_connections *rp;
1234 struct hci_dev *hdev;
8035ded4 1235 struct hci_conn *c;
a38528f1 1236 size_t rp_len;
4e51eae9 1237 u16 count;
2784eb41
JH		 1238 int i, err;
1239
1240 BT_DBG("");
1241
4e51eae9 1242 hdev = hci_dev_get(index);
2784eb41 1243 if (!hdev)
ca69b795
JH		 1244 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1245 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1246
09fd0de5 1247 hci_dev_lock(hdev);
2784eb41
JH		 1248
1249 count = 0;
b644ba33
JH		 1250 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1251 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1252 count++;
2784eb41
JH		 1253 }
1254
4c659c39 1255 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1256 rp = kmalloc(rp_len, GFP_ATOMIC);
1257 if (!rp) {
2784eb41
JH		 1258 err = -ENOMEM;
1259 goto unlock;
1260 }
1261
2784eb41
JH		 1262 put_unaligned_le16(count, &rp->conn_count);
1263
2784eb41 1264 i = 0;
4c659c39 1265 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1266 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1267 continue;
4c659c39 1268 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1269 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1270 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1271 continue;
1272 i++;
1273 }
1274
1275 /* Recalculate length in case of filtered SCO connections, etc */
1276 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1277
4e51eae9 1278 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1279
1280unlock:
a38528f1 1281 kfree(rp);
09fd0de5 1282 hci_dev_unlock(hdev);
2784eb41
JH		 1283 hci_dev_put(hdev);
1284 return err;
1285}
1286
96d97a67
WR		 1287static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1288 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1289{
1290 struct pending_cmd *cmd;
1291 int err;
1292
2e58ef3e 1293 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1294 sizeof(*cp));
1295 if (!cmd)
1296 return -ENOMEM;
1297
1298 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1299 &cp->bdaddr);
1300 if (err < 0)
1301 mgmt_pending_remove(cmd);
1302
1303 return err;
1304}
1305
650f726d 1306static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1307{
1308 struct hci_dev *hdev;
96d97a67 1309 struct hci_conn *conn;
650f726d 1310 struct mgmt_cp_pin_code_reply *cp = data;
96d97a67 1311 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1312 struct hci_cp_pin_code_reply reply;
366a0336 1313 struct pending_cmd *cmd;
980e1a53
JH		 1314 int err;
1315
1316 BT_DBG("");
1317
bdce7baf 1318 if (len != sizeof(*cp))
ca69b795
JH		 1319 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1320 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1321
4e51eae9 1322 hdev = hci_dev_get(index);
980e1a53 1323 if (!hdev)
ca69b795
JH		 1324 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1325 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1326
09fd0de5 1327 hci_dev_lock(hdev);
980e1a53
JH		 1328
1329 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1330 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1331 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1332 goto failed;
1333 }
1334
96d97a67
WR		 1335 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1336 if (!conn) {
ca69b795
JH		 1337 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1338 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1339 goto failed;
1340 }
1341
1342 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1343 bacpy(&ncp.bdaddr, &cp->bdaddr);
1344
1345 BT_ERR("PIN code is not 16 bytes long");
1346
1347 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1348 if (err >= 0)
1349 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1350 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1351
1352 goto failed;
1353 }
1354
650f726d
VCG		 1355 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1356 len);
366a0336
JH		 1357 if (!cmd) {
1358 err = -ENOMEM;
980e1a53 1359 goto failed;
366a0336 1360 }
980e1a53
JH		 1361
1362 bacpy(&reply.bdaddr, &cp->bdaddr);
1363 reply.pin_len = cp->pin_len;
24718ca5 1364 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1365
1366 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1367 if (err < 0)
a664b5bc 1368 mgmt_pending_remove(cmd);
980e1a53
JH		 1369
1370failed:
09fd0de5 1371 hci_dev_unlock(hdev);
980e1a53
JH		 1372 hci_dev_put(hdev);
1373
1374 return err;
1375}
1376
650f726d 1377static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1378{
1379 struct hci_dev *hdev;
650f726d 1380 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1381 int err;
1382
1383 BT_DBG("");
1384
bdce7baf
SJ		 1385 if (len != sizeof(*cp))
1386 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1387 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1388
4e51eae9 1389 hdev = hci_dev_get(index);
980e1a53 1390 if (!hdev)
4e51eae9 1391 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1392 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1393
09fd0de5 1394 hci_dev_lock(hdev);
980e1a53
JH		 1395
1396 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1397 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1398 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1399 goto failed;
1400 }
1401
96d97a67 1402 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1403
1404failed:
09fd0de5 1405 hci_dev_unlock(hdev);
980e1a53
JH		 1406 hci_dev_put(hdev);
1407
1408 return err;
1409}
1410
650f726d 1411static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1412{
1413 struct hci_dev *hdev;
650f726d 1414 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1415
1416 BT_DBG("");
1417
bdce7baf 1418 if (len != sizeof(*cp))
ca69b795
JH		 1419 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1420 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1421
4e51eae9 1422 hdev = hci_dev_get(index);
17fa4b9d 1423 if (!hdev)
ca69b795
JH		 1424 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1425 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1426
09fd0de5 1427 hci_dev_lock(hdev);
17fa4b9d
JH		 1428
1429 hdev->io_capability = cp->io_capability;
1430
1431 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1432 hdev->io_capability);
17fa4b9d 1433
09fd0de5 1434 hci_dev_unlock(hdev);
17fa4b9d
JH		 1435 hci_dev_put(hdev);
1436
4e51eae9 1437 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1438}
1439
e9a416b5
JH		 1440static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1441{
1442 struct hci_dev *hdev = conn->hdev;
8035ded4 1443 struct pending_cmd *cmd;
e9a416b5 1444
2e58ef3e 1445 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1446 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1447 continue;
1448
e9a416b5
JH		 1449 if (cmd->user_data != conn)
1450 continue;
1451
1452 return cmd;
1453 }
1454
1455 return NULL;
1456}
1457
1458static void pairing_complete(struct pending_cmd *cmd, u8 status)
1459{
1460 struct mgmt_rp_pair_device rp;
1461 struct hci_conn *conn = cmd->user_data;
1462
ba4e564f
JH		 1463 bacpy(&rp.addr.bdaddr, &conn->dst);
1464 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5
JH		 1465 rp.status = status;
1466
4e51eae9 1467 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1468
1469 /* So we don't get further callbacks for this connection */
1470 conn->connect_cfm_cb = NULL;
1471 conn->security_cfm_cb = NULL;
1472 conn->disconn_cfm_cb = NULL;
1473
1474 hci_conn_put(conn);
1475
a664b5bc 1476 mgmt_pending_remove(cmd);
e9a416b5
JH		 1477}
1478
1479static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1480{
1481 struct pending_cmd *cmd;
1482
1483 BT_DBG("status %u", status);
1484
1485 cmd = find_pairing(conn);
56e5cb86 1486 if (!cmd)
e9a416b5 1487 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1488 else
1489 pairing_complete(cmd, status);
e9a416b5
JH		 1490}
1491
650f726d 1492static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1493{
1494 struct hci_dev *hdev;
650f726d 1495 struct mgmt_cp_pair_device *cp = data;
1425acb7 1496 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1497 struct pending_cmd *cmd;
1498 u8 sec_level, auth_type;
1499 struct hci_conn *conn;
e9a416b5
JH		 1500 int err;
1501
1502 BT_DBG("");
1503
bdce7baf 1504 if (len != sizeof(*cp))
ca69b795
JH		 1505 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1506 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1507
4e51eae9 1508 hdev = hci_dev_get(index);
e9a416b5 1509 if (!hdev)
ca69b795
JH		 1510 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1511 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1512
09fd0de5 1513 hci_dev_lock(hdev);
e9a416b5 1514
c908df36
VCG		 1515 sec_level = BT_SECURITY_MEDIUM;
1516 if (cp->io_cap == 0x03)
e9a416b5 1517 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1518 else
e9a416b5 1519 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1520
ba4e564f
JH		 1521 if (cp->addr.type == MGMT_ADDR_BREDR)
1522 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1523 auth_type);
1524 else
ba4e564f 1525 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1526 auth_type);
1527
1425acb7
JH		 1528 memset(&rp, 0, sizeof(rp));
1529 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1530 rp.addr.type = cp->addr.type;
1531
30e76272 1532 if (IS_ERR(conn)) {
1425acb7
JH		 1533 rp.status = -PTR_ERR(conn);
1534 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1535 &rp, sizeof(rp));
e9a416b5
JH		 1536 goto unlock;
1537 }
1538
1539 if (conn->connect_cfm_cb) {
1540 hci_conn_put(conn);
1425acb7
JH		 1541 rp.status = EBUSY;
1542 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1543 &rp, sizeof(rp));
e9a416b5
JH		 1544 goto unlock;
1545 }
1546
2e58ef3e 1547 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1548 if (!cmd) {
1549 err = -ENOMEM;
1550 hci_conn_put(conn);
1551 goto unlock;
1552 }
1553
7a512d01 1554 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1555 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1556 conn->connect_cfm_cb = pairing_complete_cb;
1557
e9a416b5
JH		 1558 conn->security_cfm_cb = pairing_complete_cb;
1559 conn->disconn_cfm_cb = pairing_complete_cb;
1560 conn->io_capability = cp->io_cap;
1561 cmd->user_data = conn;
1562
1563 if (conn->state == BT_CONNECTED &&
1564 hci_conn_security(conn, sec_level, auth_type))
1565 pairing_complete(cmd, 0);
1566
1567 err = 0;
1568
1569unlock:
09fd0de5 1570 hci_dev_unlock(hdev);
e9a416b5
JH		 1571 hci_dev_put(hdev);
1572
1573 return err;
1574}
1575
28424707
JH		 1576static int cancel_pair_device(struct sock *sk, u16 index,
1577 unsigned char *data, u16 len)
1578{
1579 struct mgmt_addr_info *addr = (void *) data;
1580 struct hci_dev *hdev;
1581 struct pending_cmd *cmd;
1582 struct hci_conn *conn;
1583 int err;
1584
1585 BT_DBG("");
1586
1587 if (len != sizeof(*addr))
1588 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1589 MGMT_STATUS_INVALID_PARAMS);
1590
1591 hdev = hci_dev_get(index);
1592 if (!hdev)
1593 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1594 MGMT_STATUS_INVALID_PARAMS);
1595
1596 hci_dev_lock(hdev);
1597
1598 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1599 if (!cmd) {
1600 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1601 MGMT_STATUS_INVALID_PARAMS);
1602 goto unlock;
1603 }
1604
1605 conn = cmd->user_data;
1606
1607 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1608 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1609 MGMT_STATUS_INVALID_PARAMS);
1610 goto unlock;
1611 }
1612
1613 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1614
1615 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, addr,
1616 sizeof(*addr));
1617unlock:
1618 hci_dev_unlock(hdev);
1619 hci_dev_put(hdev);
1620
1621 return err;
1622}
1623
0df4c185
BG		 1624static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1625 u16 mgmt_op, u16 hci_op, __le32 passkey)
a5c29683 1626{
a5c29683
JH		 1627 struct pending_cmd *cmd;
1628 struct hci_dev *hdev;
0df4c185 1629 struct hci_conn *conn;
a5c29683
JH		 1630 int err;
1631
4e51eae9 1632 hdev = hci_dev_get(index);
a5c29683 1633 if (!hdev)
ca69b795
JH		 1634 return cmd_status(sk, index, mgmt_op,
1635 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1636
09fd0de5 1637 hci_dev_lock(hdev);
08ba5382 1638
a5c29683 1639 if (!test_bit(HCI_UP, &hdev->flags)) {
0df4c185
BG		 1640 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1641 goto done;
a5c29683
JH		 1642 }
1643
47c15e2b
BG		 1644 /*
1645 * Check for an existing ACL link, if present pair via
1646 * HCI commands.
1647 *
1648 * If no ACL link is present, check for an LE link and if
1649 * present, pair via the SMP engine.
1650 *
1651 * If neither ACL nor LE links are present, fail with error.
1652 */
1653 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1654 if (!conn) {
1655 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1656 if (!conn) {
1657 err = cmd_status(sk, index, mgmt_op,
1658 MGMT_STATUS_NOT_CONNECTED);
1659 goto done;
1660 }
1661
1662 /* Continue with pairing via SMP */
5fe57d9e
BG		 1663 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1664
1665 if (!err)
1666 err = cmd_status(sk, index, mgmt_op,
1667 MGMT_STATUS_SUCCESS);
1668 else
1669 err = cmd_status(sk, index, mgmt_op,
1670 MGMT_STATUS_FAILED);
47c15e2b 1671
47c15e2b
BG		 1672 goto done;
1673 }
1674
0df4c185 1675 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 1676 if (!cmd) {
1677 err = -ENOMEM;
0df4c185 1678 goto done;
a5c29683
JH		 1679 }
1680
0df4c185 1681 /* Continue with pairing via HCI */
604086b7
BG		 1682 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1683 struct hci_cp_user_passkey_reply cp;
1684
1685 bacpy(&cp.bdaddr, bdaddr);
1686 cp.passkey = passkey;
1687 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1688 } else
1689 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1690
a664b5bc
JH		 1691 if (err < 0)
1692 mgmt_pending_remove(cmd);
a5c29683 1693
0df4c185 1694done:
09fd0de5 1695 hci_dev_unlock(hdev);
a5c29683
JH		 1696 hci_dev_put(hdev);
1697
1698 return err;
1699}
1700
0df4c185
BG		 1701static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1702{
650f726d 1703 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 1704
1705 BT_DBG("");
1706
1707 if (len != sizeof(*cp))
1708 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1709 MGMT_STATUS_INVALID_PARAMS);
1710
1711 return user_pairing_resp(sk, index, &cp->bdaddr,
1712 MGMT_OP_USER_CONFIRM_REPLY,
1713 HCI_OP_USER_CONFIRM_REPLY, 0);
1714}
1715
1716static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1717 u16 len)
1718{
c9c2659f 1719 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 1720
1721 BT_DBG("");
1722
1723 if (len != sizeof(*cp))
1724 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1725 MGMT_STATUS_INVALID_PARAMS);
1726
1727 return user_pairing_resp(sk, index, &cp->bdaddr,
1728 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1729 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1730}
1731
604086b7
BG		 1732static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1733{
650f726d 1734 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 1735
1736 BT_DBG("");
1737
1738 if (len != sizeof(*cp))
1739 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1740 EINVAL);
1741
1742 return user_pairing_resp(sk, index, &cp->bdaddr,
1743 MGMT_OP_USER_PASSKEY_REPLY,
1744 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1745}
1746
1747static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1748 u16 len)
1749{
650f726d 1750 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 1751
1752 BT_DBG("");
1753
1754 if (len != sizeof(*cp))
1755 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1756 EINVAL);
1757
1758 return user_pairing_resp(sk, index, &cp->bdaddr,
1759 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1760 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1761}
1762
650f726d 1763static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 1764 u16 len)
1765{
650f726d 1766 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 1767 struct hci_cp_write_local_name hci_cp;
1768 struct hci_dev *hdev;
1769 struct pending_cmd *cmd;
1770 int err;
1771
1772 BT_DBG("");
1773
1774 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 1775 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1776 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 1777
1778 hdev = hci_dev_get(index);
1779 if (!hdev)
ca69b795
JH		 1780 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1781 MGMT_STATUS_INVALID_PARAMS);
b312b161 1782
09fd0de5 1783 hci_dev_lock(hdev);
b312b161 1784
650f726d
VCG		 1785 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
1786 len);
b312b161
JH		 1787 if (!cmd) {
1788 err = -ENOMEM;
1789 goto failed;
1790 }
1791
1792 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1793 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1794 &hci_cp);
1795 if (err < 0)
1796 mgmt_pending_remove(cmd);
1797
1798failed:
09fd0de5 1799 hci_dev_unlock(hdev);
b312b161
JH		 1800 hci_dev_put(hdev);
1801
1802 return err;
1803}
1804
c35938b2
SJ		 1805static int read_local_oob_data(struct sock *sk, u16 index)
1806{
1807 struct hci_dev *hdev;
1808 struct pending_cmd *cmd;
1809 int err;
1810
1811 BT_DBG("hci%u", index);
1812
1813 hdev = hci_dev_get(index);
1814 if (!hdev)
1815 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1816 MGMT_STATUS_INVALID_PARAMS);
c35938b2 1817
09fd0de5 1818 hci_dev_lock(hdev);
c35938b2
SJ		 1819
1820 if (!test_bit(HCI_UP, &hdev->flags)) {
1821 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1822 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 1823 goto unlock;
1824 }
1825
1826 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1827 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1828 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 1829 goto unlock;
1830 }
1831
2e58ef3e 1832 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 1833 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1834 MGMT_STATUS_BUSY);
c35938b2
SJ		 1835 goto unlock;
1836 }
1837
2e58ef3e 1838 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1839 if (!cmd) {
1840 err = -ENOMEM;
1841 goto unlock;
1842 }
1843
1844 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1845 if (err < 0)
1846 mgmt_pending_remove(cmd);
1847
1848unlock:
09fd0de5 1849 hci_dev_unlock(hdev);
c35938b2
SJ		 1850 hci_dev_put(hdev);
1851
1852 return err;
1853}
1854
650f726d
VCG		 1855static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
1856 u16 len)
2763eda6
SJ		 1857{
1858 struct hci_dev *hdev;
650f726d 1859 struct mgmt_cp_add_remote_oob_data *cp = data;
2763eda6
SJ		 1860 int err;
1861
1862 BT_DBG("hci%u ", index);
1863
1864 if (len != sizeof(*cp))
1865 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1866 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1867
1868 hdev = hci_dev_get(index);
1869 if (!hdev)
1870 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1871 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1872
09fd0de5 1873 hci_dev_lock(hdev);
2763eda6
SJ		 1874
1875 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1876 cp->randomizer);
1877 if (err < 0)
ca69b795
JH		 1878 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1879 MGMT_STATUS_FAILED);
2763eda6
SJ		 1880 else
1881 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1882 0);
1883
09fd0de5 1884 hci_dev_unlock(hdev);
2763eda6
SJ		 1885 hci_dev_put(hdev);
1886
1887 return err;
1888}
1889
1890static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 1891 void *data, u16 len)
2763eda6
SJ		 1892{
1893 struct hci_dev *hdev;
650f726d 1894 struct mgmt_cp_remove_remote_oob_data *cp = data;
2763eda6
SJ		 1895 int err;
1896
1897 BT_DBG("hci%u ", index);
1898
1899 if (len != sizeof(*cp))
1900 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1901 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1902
1903 hdev = hci_dev_get(index);
1904 if (!hdev)
1905 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1906 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1907
09fd0de5 1908 hci_dev_lock(hdev);
2763eda6
SJ		 1909
1910 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1911 if (err < 0)
1912 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1913 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1914 else
1915 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1916 NULL, 0);
1917
09fd0de5 1918 hci_dev_unlock(hdev);
2763eda6
SJ		 1919 hci_dev_put(hdev);
1920
1921 return err;
1922}
1923
450dfdaf 1924static int start_discovery(struct sock *sk, u16 index,
650f726d 1925 void *data, u16 len)
14a53664 1926{
650f726d 1927 struct mgmt_cp_start_discovery *cp = data;
3fd24153 1928 unsigned long discov_type = cp->type;
14a53664
JH		 1929 struct pending_cmd *cmd;
1930 struct hci_dev *hdev;
1931 int err;
1932
1933 BT_DBG("hci%u", index);
1934
450dfdaf
JH		 1935 if (len != sizeof(*cp))
1936 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1937 MGMT_STATUS_INVALID_PARAMS);
1938
14a53664
JH		 1939 hdev = hci_dev_get(index);
1940 if (!hdev)
ca69b795
JH		 1941 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1942 MGMT_STATUS_INVALID_PARAMS);
14a53664 1943
09fd0de5 1944 hci_dev_lock(hdev);
14a53664 1945
bd2d1334 1946 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1947 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1948 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 1949 goto failed;
1950 }
1951
ff9ef578
JH		 1952 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1953 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1954 MGMT_STATUS_BUSY);
1955 goto failed;
1956 }
1957
2e58ef3e 1958 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1959 if (!cmd) {
1960 err = -ENOMEM;
1961 goto failed;
1962 }
1963
3fd24153
AG		 1964 if (test_bit(MGMT_ADDR_BREDR, &discov_type))
1965 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
1966 else if (test_bit(MGMT_ADDR_LE_PUBLIC, &discov_type) &&
1967 test_bit(MGMT_ADDR_LE_RANDOM, &discov_type))
1968 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
1969 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
1970 else
1971 err = -EINVAL;
1972
14a53664
JH		 1973 if (err < 0)
1974 mgmt_pending_remove(cmd);
ff9ef578
JH		 1975 else
1976 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 1977
1978failed:
09fd0de5 1979 hci_dev_unlock(hdev);
14a53664
JH		 1980 hci_dev_put(hdev);
1981
1982 return err;
1983}
1984
1985static int stop_discovery(struct sock *sk, u16 index)
1986{
1987 struct hci_dev *hdev;
1988 struct pending_cmd *cmd;
30dc78e1
JH		 1989 struct hci_cp_remote_name_req_cancel cp;
1990 struct inquiry_entry *e;
14a53664
JH		 1991 int err;
1992
1993 BT_DBG("hci%u", index);
1994
1995 hdev = hci_dev_get(index);
1996 if (!hdev)
ca69b795
JH		 1997 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1998 MGMT_STATUS_INVALID_PARAMS);
14a53664 1999
09fd0de5 2000 hci_dev_lock(hdev);
14a53664 2001
30dc78e1 2002 if (!hci_discovery_active(hdev)) {
ff9ef578
JH		 2003 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2004 MGMT_STATUS_REJECTED);
30dc78e1 2005 goto unlock;
ff9ef578
JH		 2006 }
2007
2e58ef3e 2008 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2009 if (!cmd) {
2010 err = -ENOMEM;
30dc78e1
JH		 2011 goto unlock;
2012 }
2013
2014 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
2015 err = hci_cancel_inquiry(hdev);
2016 if (err < 0)
2017 mgmt_pending_remove(cmd);
2018 else
2019 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2020 goto unlock;
2021 }
2022
2023 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2024 if (!e) {
2025 mgmt_pending_remove(cmd);
2026 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
2027 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2028 goto unlock;
14a53664
JH		 2029 }
2030
30dc78e1
JH		 2031 bacpy(&cp.bdaddr, &e->data.bdaddr);
2032 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2033 sizeof(cp), &cp);
14a53664
JH		 2034 if (err < 0)
2035 mgmt_pending_remove(cmd);
ff9ef578
JH		 2036 else
2037 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2038
30dc78e1 2039unlock:
09fd0de5 2040 hci_dev_unlock(hdev);
14a53664
JH		 2041 hci_dev_put(hdev);
2042
2043 return err;
2044}
2045
650f726d 2046static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2047{
650f726d 2048 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2049 struct inquiry_entry *e;
2050 struct hci_dev *hdev;
2051 int err;
2052
2053 BT_DBG("hci%u", index);
2054
2055 if (len != sizeof(*cp))
2056 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2057 MGMT_STATUS_INVALID_PARAMS);
2058
2059 hdev = hci_dev_get(index);
2060 if (!hdev)
2061 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2062 MGMT_STATUS_INVALID_PARAMS);
2063
2064 hci_dev_lock(hdev);
2065
30dc78e1
JH		 2066 if (!hci_discovery_active(hdev)) {
2067 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2068 MGMT_STATUS_FAILED);
2069 goto failed;
2070 }
2071
561aafbc
JH		 2072 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2073 if (!e) {
2074 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2075 MGMT_STATUS_INVALID_PARAMS);
2076 goto failed;
2077 }
2078
2079 if (cp->name_known) {
2080 e->name_state = NAME_KNOWN;
2081 list_del(&e->list);
2082 } else {
2083 e->name_state = NAME_NEEDED;
a3d4e20a 2084 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2085 }
2086
2087 err = 0;
2088
2089failed:
2090 hci_dev_unlock(hdev);
2091
2092 return err;
2093}
2094
650f726d 2095static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2096{
2097 struct hci_dev *hdev;
650f726d 2098 struct mgmt_cp_block_device *cp = data;
7fbec224
AJ		 2099 int err;
2100
2101 BT_DBG("hci%u", index);
2102
7fbec224
AJ		 2103 if (len != sizeof(*cp))
2104 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2105 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2106
2107 hdev = hci_dev_get(index);
2108 if (!hdev)
2109 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2110 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2111
09fd0de5 2112 hci_dev_lock(hdev);
5e762444 2113
7fbec224 2114 err = hci_blacklist_add(hdev, &cp->bdaddr);
7fbec224 2115 if (err < 0)
ca69b795
JH		 2116 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2117 MGMT_STATUS_FAILED);
7fbec224
AJ		 2118 else
2119 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2120 NULL, 0);
5e762444 2121
09fd0de5 2122 hci_dev_unlock(hdev);
7fbec224
AJ		 2123 hci_dev_put(hdev);
2124
2125 return err;
2126}
2127
650f726d 2128static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2129{
2130 struct hci_dev *hdev;
650f726d 2131 struct mgmt_cp_unblock_device *cp = data;
7fbec224
AJ		 2132 int err;
2133
2134 BT_DBG("hci%u", index);
2135
7fbec224
AJ		 2136 if (len != sizeof(*cp))
2137 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2138 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2139
2140 hdev = hci_dev_get(index);
2141 if (!hdev)
2142 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2143 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2144
09fd0de5 2145 hci_dev_lock(hdev);
5e762444 2146
7fbec224
AJ		 2147 err = hci_blacklist_del(hdev, &cp->bdaddr);
2148
2149 if (err < 0)
ca69b795
JH		 2150 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2151 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2152 else
2153 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2154 NULL, 0);
5e762444 2155
09fd0de5 2156 hci_dev_unlock(hdev);
7fbec224
AJ		 2157 hci_dev_put(hdev);
2158
2159 return err;
2160}
2161
f6422ec6 2162static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2163 void *data, u16 len)
f6422ec6
AJ		 2164{
2165 struct hci_dev *hdev;
650f726d 2166 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2167 struct hci_cp_write_page_scan_activity acp;
2168 u8 type;
2169 int err;
2170
2171 BT_DBG("hci%u", index);
2172
2173 if (len != sizeof(*cp))
2174 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2175 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2176
2177 hdev = hci_dev_get(index);
2178 if (!hdev)
2179 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2180 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2181
2182 hci_dev_lock(hdev);
2183
f7c6869c 2184 if (cp->val) {
f6422ec6
AJ		 2185 type = PAGE_SCAN_TYPE_INTERLACED;
2186 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2187 } else {
2188 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2189 acp.interval = 0x0800; /* default 1.28 sec page scan */
2190 }
2191
2192 acp.window = 0x0012; /* default 11.25 msec page scan window */
2193
2194 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2195 sizeof(acp), &acp);
2196 if (err < 0) {
2197 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2198 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2199 goto done;
2200 }
2201
2202 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2203 if (err < 0) {
2204 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2205 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2206 goto done;
2207 }
2208
2209 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2210 NULL, 0);
2211done:
2212 hci_dev_unlock(hdev);
2213 hci_dev_put(hdev);
2214
2215 return err;
2216}
2217
346af67b
VCG		 2218static int load_long_term_keys(struct sock *sk, u16 index,
2219 void *cp_data, u16 len)
2220{
2221 struct hci_dev *hdev;
2222 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2223 u16 key_count, expected_len;
2224 int i;
2225
2226 if (len < sizeof(*cp))
2227 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2228 EINVAL);
2229
2230 key_count = get_unaligned_le16(&cp->key_count);
2231
2232 expected_len = sizeof(*cp) + key_count *
2233 sizeof(struct mgmt_ltk_info);
2234 if (expected_len != len) {
2235 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2236 len, expected_len);
2237 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2238 EINVAL);
2239 }
2240
2241 hdev = hci_dev_get(index);
2242 if (!hdev)
2243 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2244 ENODEV);
2245
2246 BT_DBG("hci%u key_count %u", index, key_count);
2247
2248 hci_dev_lock(hdev);
2249
2250 hci_smp_ltks_clear(hdev);
2251
2252 for (i = 0; i < key_count; i++) {
2253 struct mgmt_ltk_info *key = &cp->keys[i];
2254 u8 type;
2255
2256 if (key->master)
2257 type = HCI_SMP_LTK;
2258 else
2259 type = HCI_SMP_LTK_SLAVE;
2260
2261 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2262 type, 0, key->authenticated, key->val,
2263 key->enc_size, key->ediv, key->rand);
2264 }
2265
2266 hci_dev_unlock(hdev);
2267 hci_dev_put(hdev);
2268
2269 return 0;
2270}
2271
0381101f
JH		 2272int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2273{
650f726d
VCG		 2274 void *buf;
2275 u8 *cp;
0381101f 2276 struct mgmt_hdr *hdr;
4e51eae9 2277 u16 opcode, index, len;
0381101f
JH		 2278 int err;
2279
2280 BT_DBG("got %zu bytes", msglen);
2281
2282 if (msglen < sizeof(*hdr))
2283 return -EINVAL;
2284
e63a15ec 2285 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2286 if (!buf)
2287 return -ENOMEM;
2288
2289 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2290 err = -EFAULT;
2291 goto done;
2292 }
2293
650f726d 2294 hdr = buf;
0381101f 2295 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2296 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2297 len = get_unaligned_le16(&hdr->len);
2298
2299 if (len != msglen - sizeof(*hdr)) {
2300 err = -EINVAL;
2301 goto done;
2302 }
2303
650f726d
VCG		 2304 cp = buf + sizeof(*hdr);
2305
0381101f 2306 switch (opcode) {
02d98129
JH		 2307 case MGMT_OP_READ_VERSION:
2308 err = read_version(sk);
2309 break;
faba42eb
JH		 2310 case MGMT_OP_READ_INDEX_LIST:
2311 err = read_index_list(sk);
2312 break;
f7b64e69 2313 case MGMT_OP_READ_INFO:
4e51eae9 2314 err = read_controller_info(sk, index);
f7b64e69 2315 break;
eec8d2bc 2316 case MGMT_OP_SET_POWERED:
650f726d 2317 err = set_powered(sk, index, cp, len);
eec8d2bc 2318 break;
73f22f62 2319 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2320 err = set_discoverable(sk, index, cp, len);
73f22f62 2321 break;
9fbcbb45 2322 case MGMT_OP_SET_CONNECTABLE:
650f726d 2323 err = set_connectable(sk, index, cp, len);
9fbcbb45 2324 break;
f7c6869c 2325 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2326 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2327 break;
c542a06c 2328 case MGMT_OP_SET_PAIRABLE:
650f726d 2329 err = set_pairable(sk, index, cp, len);
c542a06c 2330 break;
2aeb9a1a 2331 case MGMT_OP_ADD_UUID:
650f726d 2332 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2333 break;
2334 case MGMT_OP_REMOVE_UUID:
650f726d 2335 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2336 break;
1aff6f09 2337 case MGMT_OP_SET_DEV_CLASS:
650f726d 2338 err = set_dev_class(sk, index, cp, len);
1aff6f09 2339 break;
86742e1e 2340 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2341 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2342 break;
86742e1e 2343 case MGMT_OP_REMOVE_KEYS:
650f726d 2344 err = remove_keys(sk, index, cp, len);
55ed8ca1 2345 break;
8962ee74 2346 case MGMT_OP_DISCONNECT:
650f726d 2347 err = disconnect(sk, index, cp, len);
8962ee74 2348 break;
2784eb41 2349 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2350 err = get_connections(sk, index);
2784eb41 2351 break;
980e1a53 2352 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2353 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2354 break;
2355 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2356 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2357 break;
17fa4b9d 2358 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2359 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2360 break;
e9a416b5 2361 case MGMT_OP_PAIR_DEVICE:
650f726d 2362 err = pair_device(sk, index, cp, len);
e9a416b5 2363 break;
28424707
JH		 2364 case MGMT_OP_CANCEL_PAIR_DEVICE:
2365 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2366 break;
a5c29683 2367 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2368 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2369 break;
2370 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2371 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2372 break;
604086b7 2373 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2374 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2375 break;
2376 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2377 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2378 break;
b312b161 2379 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2380 err = set_local_name(sk, index, cp, len);
b312b161 2381 break;
c35938b2
SJ		 2382 case MGMT_OP_READ_LOCAL_OOB_DATA:
2383 err = read_local_oob_data(sk, index);
2384 break;
2763eda6 2385 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2386 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2387 break;
2388 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2389 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2390 break;
14a53664 2391 case MGMT_OP_START_DISCOVERY:
650f726d 2392 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2393 break;
2394 case MGMT_OP_STOP_DISCOVERY:
2395 err = stop_discovery(sk, index);
2396 break;
561aafbc 2397 case MGMT_OP_CONFIRM_NAME:
650f726d 2398 err = confirm_name(sk, index, cp, len);
561aafbc 2399 break;
7fbec224 2400 case MGMT_OP_BLOCK_DEVICE:
650f726d 2401 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2402 break;
2403 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2404 err = unblock_device(sk, index, cp, len);
7fbec224 2405 break;
346af67b
VCG		 2406 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2407 err = load_long_term_keys(sk, index, cp, len);
2408 break;
0381101f
JH		 2409 default:
2410 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2411 err = cmd_status(sk, index, opcode,
2412 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2413 break;
2414 }
2415
e41d8b4e
JH		 2416 if (err < 0)
2417 goto done;
2418
0381101f
JH		 2419 err = msglen;
2420
2421done:
2422 kfree(buf);
2423 return err;
2424}
c71e97bf 2425
b24752fe
JH		 2426static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2427{
2428 u8 *status = data;
2429
2430 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2431 mgmt_pending_remove(cmd);
2432}
2433
744cf19e 2434int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2435{
744cf19e 2436 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2437}
2438
744cf19e 2439int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2440{
b24752fe
JH		 2441 u8 status = ENODEV;
2442
744cf19e 2443 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2444
744cf19e 2445 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2446}
2447
73f22f62 2448struct cmd_lookup {
72a734ec 2449 u8 val;
eec8d2bc 2450 struct sock *sk;
69ab39ea 2451 struct hci_dev *hdev;
eec8d2bc
JH		 2452};
2453
69ab39ea 2454static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2455{
73f22f62 2456 struct cmd_lookup *match = data;
eec8d2bc 2457
69ab39ea 2458 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2459
2460 list_del(&cmd->list);
2461
2462 if (match->sk == NULL) {
2463 match->sk = cmd->sk;
2464 sock_hold(match->sk);
2465 }
2466
2467 mgmt_pending_free(cmd);
c71e97bf 2468}
5add6af8 2469
744cf19e 2470int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2471{
69ab39ea
JH		 2472 struct cmd_lookup match = { powered, NULL, hdev };
2473 __le32 ev;
eec8d2bc 2474 int ret;
5add6af8 2475
69ab39ea 2476 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2477
b24752fe
JH		 2478 if (!powered) {
2479 u8 status = ENETDOWN;
744cf19e 2480 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2481 }
2482
69ab39ea 2483 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2484
69ab39ea
JH		 2485 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2486 match.sk);
eec8d2bc
JH		 2487
2488 if (match.sk)
2489 sock_put(match.sk);
2490
2491 return ret;
5add6af8 2492}
73f22f62 2493
744cf19e 2494int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2495{
69ab39ea
JH		 2496 struct cmd_lookup match = { discoverable, NULL, hdev };
2497 __le32 ev;
73f22f62
JH		 2498 int ret;
2499
69ab39ea 2500 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2501
69ab39ea 2502 ev = cpu_to_le32(get_current_settings(hdev));
73f22f62 2503
69ab39ea 2504 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2505 match.sk);
73f22f62
JH		 2506 if (match.sk)
2507 sock_put(match.sk);
2508
2509 return ret;
2510}
9fbcbb45 2511
744cf19e 2512int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2513{
69ab39ea
JH		 2514 __le32 ev;
2515 struct cmd_lookup match = { connectable, NULL, hdev };
9fbcbb45
JH		 2516 int ret;
2517
69ab39ea
JH		 2518 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2519 &match);
9fbcbb45 2520
69ab39ea 2521 ev = cpu_to_le32(get_current_settings(hdev));
9fbcbb45 2522
69ab39ea 2523 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2524
2525 if (match.sk)
2526 sock_put(match.sk);
2527
2528 return ret;
2529}
55ed8ca1 2530
744cf19e 2531int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2532{
ca69b795
JH		 2533 u8 mgmt_err = mgmt_status(status);
2534
2d7cee58 2535 if (scan & SCAN_PAGE)
744cf19e 2536 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2537 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2538
2539 if (scan & SCAN_INQUIRY)
744cf19e 2540 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2541 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2542
2543 return 0;
2544}
2545
744cf19e
JH		 2546int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2547 u8 persistent)
55ed8ca1 2548{
86742e1e 2549 struct mgmt_ev_new_link_key ev;
55ed8ca1 2550
a492cd52 2551 memset(&ev, 0, sizeof(ev));
55ed8ca1 2552
a492cd52
VCG		 2553 ev.store_hint = persistent;
2554 bacpy(&ev.key.bdaddr, &key->bdaddr);
2555 ev.key.type = key->type;
2556 memcpy(ev.key.val, key->val, 16);
2557 ev.key.pin_len = key->pin_len;
55ed8ca1 2558
744cf19e 2559 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2560}
f7520543 2561
346af67b
VCG		 2562int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2563{
2564 struct mgmt_ev_new_long_term_key ev;
2565
2566 memset(&ev, 0, sizeof(ev));
2567
2568 ev.store_hint = persistent;
2569 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2570 ev.key.addr.type = key->bdaddr_type;
2571 ev.key.authenticated = key->authenticated;
2572 ev.key.enc_size = key->enc_size;
2573 ev.key.ediv = key->ediv;
2574
2575 if (key->type == HCI_SMP_LTK)
2576 ev.key.master = 1;
2577
2578 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2579 memcpy(ev.key.val, key->val, sizeof(key->val));
2580
2581 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2582 &ev, sizeof(ev), NULL);
2583}
2584
afc747a6 2585int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 2586 u8 addr_type, u8 *name, u8 name_len,
2587 u8 *dev_class)
f7520543 2588{
b644ba33
JH		 2589 char buf[512];
2590 struct mgmt_ev_device_connected *ev = (void *) buf;
2591 u16 eir_len = 0;
f7520543 2592
b644ba33
JH		 2593 bacpy(&ev->addr.bdaddr, bdaddr);
2594 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2595
b644ba33
JH		 2596 if (name_len > 0)
2597 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2598 name, name_len);
2599
2600 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2601 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2602 EIR_CLASS_OF_DEV, dev_class, 3);
2603
2604 put_unaligned_le16(eir_len, &ev->eir_len);
2605
2606 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2607 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2608}
2609
8962ee74
JH		 2610static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2611{
c68fb7ff 2612 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2613 struct sock **sk = data;
a38528f1 2614 struct mgmt_rp_disconnect rp;
8962ee74 2615
a38528f1 2616 bacpy(&rp.bdaddr, &cp->bdaddr);
37d9ef76 2617 rp.status = 0;
8962ee74 2618
4e51eae9 2619 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2620
2621 *sk = cmd->sk;
2622 sock_hold(*sk);
2623
a664b5bc 2624 mgmt_pending_remove(cmd);
8962ee74
JH		 2625}
2626
a8a1d19e
JH		 2627static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2628{
2629 u8 *status = data;
2630 struct mgmt_cp_remove_keys *cp = cmd->param;
2631 struct mgmt_rp_remove_keys rp;
2632
2633 memset(&rp, 0, sizeof(rp));
2634 bacpy(&rp.bdaddr, &cp->bdaddr);
2635 if (status != NULL)
2636 rp.status = *status;
2637
2638 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2639 sizeof(rp));
2640
2641 mgmt_pending_remove(cmd);
2642}
2643
afc747a6
JH		 2644int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2645 u8 link_type, u8 addr_type)
f7520543 2646{
4c659c39 2647 struct mgmt_addr_info ev;
8962ee74
JH		 2648 struct sock *sk = NULL;
2649 int err;
2650
744cf19e 2651 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2652
f7520543 2653 bacpy(&ev.bdaddr, bdaddr);
48264f06 2654 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2655
afc747a6
JH		 2656 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2657 sk);
8962ee74
JH		 2658
2659 if (sk)
2660 sock_put(sk);
2661
a8a1d19e
JH		 2662 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2663
8962ee74
JH		 2664 return err;
2665}
2666
37d9ef76 2667int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
8962ee74
JH		 2668{
2669 struct pending_cmd *cmd;
ca69b795 2670 u8 mgmt_err = mgmt_status(status);
8962ee74
JH		 2671 int err;
2672
2e58ef3e 2673 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2674 if (!cmd)
2675 return -ENOENT;
2676
37d9ef76
JH		 2677 if (bdaddr) {
2678 struct mgmt_rp_disconnect rp;
2679
2680 bacpy(&rp.bdaddr, bdaddr);
2681 rp.status = status;
2682
2683 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2684 &rp, sizeof(rp));
2685 } else
2686 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 2687 mgmt_err);
8962ee74 2688
a664b5bc 2689 mgmt_pending_remove(cmd);
8962ee74
JH		 2690
2691 return err;
f7520543 2692}
17d5c04c 2693
48264f06
JH		 2694int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2695 u8 addr_type, u8 status)
17d5c04c
JH		 2696{
2697 struct mgmt_ev_connect_failed ev;
2698
4c659c39 2699 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2700 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2701 ev.status = mgmt_status(status);
17d5c04c 2702
744cf19e 2703 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2704}
980e1a53 2705
744cf19e 2706int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2707{
2708 struct mgmt_ev_pin_code_request ev;
2709
980e1a53 2710 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2711 ev.secure = secure;
980e1a53 2712
744cf19e 2713 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2714 NULL);
980e1a53
JH		 2715}
2716
744cf19e
JH		 2717int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2718 u8 status)
980e1a53
JH		 2719{
2720 struct pending_cmd *cmd;
ac56fb13 2721 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2722 int err;
2723
2e58ef3e 2724 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2725 if (!cmd)
2726 return -ENOENT;
2727
ac56fb13 2728 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2729 rp.status = mgmt_status(status);
ac56fb13 2730
744cf19e 2731 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2732 sizeof(rp));
980e1a53 2733
a664b5bc 2734 mgmt_pending_remove(cmd);
980e1a53
JH		 2735
2736 return err;
2737}
2738
744cf19e
JH		 2739int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2740 u8 status)
980e1a53
JH		 2741{
2742 struct pending_cmd *cmd;
ac56fb13 2743 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2744 int err;
2745
2e58ef3e 2746 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2747 if (!cmd)
2748 return -ENOENT;
2749
ac56fb13 2750 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2751 rp.status = mgmt_status(status);
ac56fb13 2752
744cf19e 2753 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2754 sizeof(rp));
980e1a53 2755
a664b5bc 2756 mgmt_pending_remove(cmd);
980e1a53
JH		 2757
2758 return err;
2759}
a5c29683 2760
744cf19e
JH		 2761int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2762 __le32 value, u8 confirm_hint)
a5c29683
JH		 2763{
2764 struct mgmt_ev_user_confirm_request ev;
2765
744cf19e 2766 BT_DBG("%s", hdev->name);
a5c29683 2767
a5c29683 2768 bacpy(&ev.bdaddr, bdaddr);
55bc1a37 2769 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2770 put_unaligned_le32(value, &ev.value);
2771
744cf19e 2772 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2773 NULL);
a5c29683
JH		 2774}
2775
604086b7
BG		 2776int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2777{
2778 struct mgmt_ev_user_passkey_request ev;
2779
2780 BT_DBG("%s", hdev->name);
2781
2782 bacpy(&ev.bdaddr, bdaddr);
2783
2784 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2785 NULL);
2786}
2787
0df4c185 2788static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
744cf19e 2789 u8 status, u8 opcode)
a5c29683
JH		 2790{
2791 struct pending_cmd *cmd;
2792 struct mgmt_rp_user_confirm_reply rp;
2793 int err;
2794
2e58ef3e 2795 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2796 if (!cmd)
2797 return -ENOENT;
2798
a5c29683 2799 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2800 rp.status = mgmt_status(status);
744cf19e 2801 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2802
a664b5bc 2803 mgmt_pending_remove(cmd);
a5c29683
JH		 2804
2805 return err;
2806}
2807
744cf19e
JH		 2808int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2809 u8 status)
a5c29683 2810{
0df4c185 2811 return user_pairing_resp_complete(hdev, bdaddr, status,
a5c29683
JH		 2812 MGMT_OP_USER_CONFIRM_REPLY);
2813}
2814
744cf19e
JH		 2815int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2816 bdaddr_t *bdaddr, u8 status)
a5c29683 2817{
0df4c185 2818 return user_pairing_resp_complete(hdev, bdaddr, status,
a5c29683
JH		 2819 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2820}
2a611692 2821
604086b7
BG		 2822int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2823 u8 status)
2824{
2825 return user_pairing_resp_complete(hdev, bdaddr, status,
2826 MGMT_OP_USER_PASSKEY_REPLY);
2827}
2828
2829int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2830 bdaddr_t *bdaddr, u8 status)
2831{
2832 return user_pairing_resp_complete(hdev, bdaddr, status,
2833 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2834}
2835
744cf19e 2836int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2a611692
JH		 2837{
2838 struct mgmt_ev_auth_failed ev;
2839
2a611692 2840 bacpy(&ev.bdaddr, bdaddr);
ca69b795 2841 ev.status = mgmt_status(status);
2a611692 2842
744cf19e 2843 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2844}
b312b161 2845
744cf19e 2846int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2847{
2848 struct pending_cmd *cmd;
2849 struct mgmt_cp_set_local_name ev;
2850 int err;
2851
2852 memset(&ev, 0, sizeof(ev));
2853 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2854
2e58ef3e 2855 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2856 if (!cmd)
2857 goto send_event;
2858
2859 if (status) {
744cf19e 2860 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 2861 mgmt_status(status));
b312b161
JH		 2862 goto failed;
2863 }
2864
744cf19e 2865 update_eir(hdev);
80a1e1db 2866
744cf19e 2867 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2868 sizeof(ev));
2869 if (err < 0)
2870 goto failed;
2871
2872send_event:
744cf19e 2873 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2874 cmd ? cmd->sk : NULL);
2875
2876failed:
2877 if (cmd)
2878 mgmt_pending_remove(cmd);
2879 return err;
2880}
c35938b2 2881
744cf19e
JH		 2882int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2883 u8 *randomizer, u8 status)
c35938b2
SJ		 2884{
2885 struct pending_cmd *cmd;
2886 int err;
2887
744cf19e 2888 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2889
2e58ef3e 2890 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2891 if (!cmd)
2892 return -ENOENT;
2893
2894 if (status) {
744cf19e 2895 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 2896 MGMT_OP_READ_LOCAL_OOB_DATA,
2897 mgmt_status(status));
c35938b2
SJ		 2898 } else {
2899 struct mgmt_rp_read_local_oob_data rp;
2900
2901 memcpy(rp.hash, hash, sizeof(rp.hash));
2902 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2903
744cf19e
JH		 2904 err = cmd_complete(cmd->sk, hdev->id,
2905 MGMT_OP_READ_LOCAL_OOB_DATA,
2906 &rp, sizeof(rp));
c35938b2
SJ		 2907 }
2908
2909 mgmt_pending_remove(cmd);
2910
2911 return err;
2912}
e17acd40 2913
48264f06 2914int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 2915 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 2916 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 2917{
e319d2e7
JH		 2918 char buf[512];
2919 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 2920 size_t ev_size;
e17acd40 2921
1dc06093
JH		 2922 /* Leave 5 bytes for a potential CoD field */
2923 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 2924 return -EINVAL;
2925
1dc06093
JH		 2926 memset(buf, 0, sizeof(buf));
2927
e319d2e7
JH		 2928 bacpy(&ev->addr.bdaddr, bdaddr);
2929 ev->addr.type = link_to_mgmt(link_type, addr_type);
2930 ev->rssi = rssi;
2931 ev->confirm_name = cfm_name;
e17acd40 2932
1dc06093 2933 if (eir_len > 0)
e319d2e7 2934 memcpy(ev->eir, eir, eir_len);
e17acd40 2935
1dc06093
JH		 2936 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
2937 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
2938 dev_class, 3);
2939
2940 put_unaligned_le16(eir_len, &ev->eir_len);
2941
2942 ev_size = sizeof(*ev) + eir_len;
f8523598 2943
e319d2e7 2944 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 2945}
a88a9652 2946
b644ba33
JH		 2947int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2948 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 2949{
b644ba33
JH		 2950 struct mgmt_ev_device_found *ev;
2951 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
2952 u16 eir_len;
a88a9652 2953
b644ba33 2954 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 2955
b644ba33
JH		 2956 memset(buf, 0, sizeof(buf));
2957
2958 bacpy(&ev->addr.bdaddr, bdaddr);
2959 ev->addr.type = link_to_mgmt(link_type, addr_type);
2960 ev->rssi = rssi;
2961
2962 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
2963 name_len);
2964
2965 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 2966
b644ba33 2967 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
a88a9652 2968}
314b2381 2969
7a135109 2970int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2971{
2972 struct pending_cmd *cmd;
2973 int err;
2974
2e58ef3e 2975 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 2976 if (!cmd)
2977 return -ENOENT;
2978
ca69b795 2979 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 2980 mgmt_pending_remove(cmd);
2981
2982 return err;
2983}
2984
e6d465cb
AG		 2985int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2986{
2987 struct pending_cmd *cmd;
2988 int err;
2989
2990 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2991 if (!cmd)
2992 return -ENOENT;
2993
e75a8b0c 2994 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 2995 mgmt_pending_remove(cmd);
2996
2997 return err;
2998}
2999
744cf19e 3000int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3001{
164a6e78
JH		 3002 struct pending_cmd *cmd;
3003
3004 if (discovering)
2e58ef3e 3005 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3006 else
2e58ef3e 3007 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3008
3009 if (cmd != NULL) {
744cf19e 3010 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 3011 mgmt_pending_remove(cmd);
3012 }
3013
744cf19e 3014 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 3015 sizeof(discovering), NULL);
3016}
5e762444 3017
744cf19e 3018int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 3019{
3020 struct pending_cmd *cmd;
3021 struct mgmt_ev_device_blocked ev;
3022
2e58ef3e 3023 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444
AJ		 3024
3025 bacpy(&ev.bdaddr, bdaddr);
3026
744cf19e
JH		 3027 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3028 cmd ? cmd->sk : NULL);
5e762444
AJ		 3029}
3030
744cf19e 3031int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 3032{
3033 struct pending_cmd *cmd;
3034 struct mgmt_ev_device_unblocked ev;
3035
2e58ef3e 3036 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444
AJ		 3037
3038 bacpy(&ev.bdaddr, bdaddr);
3039
744cf19e
JH		 3040 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3041 cmd ? cmd->sk : NULL);
5e762444 3042}
Linux 6.x block layer and io_uring tree(s)