projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add 'eir_len' param to mgmt_device_found()
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2010 Nokia Corporation
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23/* Bluetooth HCI Management interface */
24
ca69b795 25#include <linux/kernel.h>
72359753 26#include <linux/uaccess.h>
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
02d98129
JH		 35#define MGMT_VERSION 0
36#define MGMT_REVISION 1
37
2519a1fc
AG		 38#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
39
7d78525d
JH		 40#define SERVICE_CACHE_TIMEOUT (5 * 1000)
41
eec8d2bc
JH		 42struct pending_cmd {
43 struct list_head list;
fc2f4b13 44 u16 opcode;
eec8d2bc 45 int index;
c68fb7ff 46 void *param;
eec8d2bc 47 struct sock *sk;
e9a416b5 48 void *user_data;
eec8d2bc
JH		 49};
50
ca69b795
JH		 51/* HCI to MGMT error code conversion table */
52static u8 mgmt_status_table[] = {
53 MGMT_STATUS_SUCCESS,
54 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
55 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
56 MGMT_STATUS_FAILED, /* Hardware Failure */
57 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
58 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
59 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
60 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
61 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
62 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
63 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
64 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
65 MGMT_STATUS_BUSY, /* Command Disallowed */
66 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
67 MGMT_STATUS_REJECTED, /* Rejected Security */
68 MGMT_STATUS_REJECTED, /* Rejected Personal */
69 MGMT_STATUS_TIMEOUT, /* Host Timeout */
70 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
71 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
72 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
73 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
74 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
75 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
76 MGMT_STATUS_BUSY, /* Repeated Attempts */
77 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
78 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
79 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
80 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
81 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
82 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
83 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
84 MGMT_STATUS_FAILED, /* Unspecified Error */
85 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
86 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
87 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
88 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
89 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
90 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
91 MGMT_STATUS_FAILED, /* Unit Link Key Used */
92 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
93 MGMT_STATUS_TIMEOUT, /* Instant Passed */
94 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
95 MGMT_STATUS_FAILED, /* Transaction Collision */
96 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
97 MGMT_STATUS_REJECTED, /* QoS Rejected */
98 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
99 MGMT_STATUS_REJECTED, /* Insufficient Security */
100 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
101 MGMT_STATUS_BUSY, /* Role Switch Pending */
102 MGMT_STATUS_FAILED, /* Slot Violation */
103 MGMT_STATUS_FAILED, /* Role Switch Failed */
104 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
105 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
106 MGMT_STATUS_BUSY, /* Host Busy Pairing */
107 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
108 MGMT_STATUS_BUSY, /* Controller Busy */
109 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
110 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
111 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
112 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
113 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
114};
115
116static u8 mgmt_status(u8 hci_status)
117{
118 if (hci_status < ARRAY_SIZE(mgmt_status_table))
119 return mgmt_status_table[hci_status];
120
121 return MGMT_STATUS_FAILED;
122}
123
4e51eae9 124static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 125{
126 struct sk_buff *skb;
127 struct mgmt_hdr *hdr;
128 struct mgmt_ev_cmd_status *ev;
56b7d137 129 int err;
f7b64e69 130
34eb525c 131 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 132
133 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
134 if (!skb)
135 return -ENOMEM;
136
137 hdr = (void *) skb_put(skb, sizeof(*hdr));
138
139 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 140 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 141 hdr->len = cpu_to_le16(sizeof(*ev));
142
143 ev = (void *) skb_put(skb, sizeof(*ev));
144 ev->status = status;
145 put_unaligned_le16(cmd, &ev->opcode);
146
56b7d137
GP		 147 err = sock_queue_rcv_skb(sk, skb);
148 if (err < 0)
f7b64e69
JH		 149 kfree_skb(skb);
150
56b7d137 151 return err;
f7b64e69
JH		 152}
153
4e51eae9
SJ		 154static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
155 size_t rp_len)
02d98129
JH		 156{
157 struct sk_buff *skb;
158 struct mgmt_hdr *hdr;
159 struct mgmt_ev_cmd_complete *ev;
56b7d137 160 int err;
02d98129
JH		 161
162 BT_DBG("sock %p", sk);
163
a38528f1 164 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 165 if (!skb)
166 return -ENOMEM;
167
168 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 169
a38528f1 170 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 171 hdr->index = cpu_to_le16(index);
a38528f1 172 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 173
a38528f1
JH		 174 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
175 put_unaligned_le16(cmd, &ev->opcode);
8020c16a
SJ		 176
177 if (rp)
178 memcpy(ev->data, rp, rp_len);
02d98129 179
56b7d137
GP		 180 err = sock_queue_rcv_skb(sk, skb);
181 if (err < 0)
02d98129
JH		 182 kfree_skb(skb);
183
56b7d137 184 return err;;
02d98129
JH		 185}
186
a38528f1
JH		 187static int read_version(struct sock *sk)
188{
189 struct mgmt_rp_read_version rp;
190
191 BT_DBG("sock %p", sk);
192
193 rp.version = MGMT_VERSION;
194 put_unaligned_le16(MGMT_REVISION, &rp.revision);
195
4e51eae9
SJ		 196 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
197 sizeof(rp));
a38528f1
JH		 198}
199
faba42eb
JH		 200static int read_index_list(struct sock *sk)
201{
faba42eb
JH		 202 struct mgmt_rp_read_index_list *rp;
203 struct list_head *p;
8035ded4 204 struct hci_dev *d;
a38528f1 205 size_t rp_len;
faba42eb 206 u16 count;
a38528f1 207 int i, err;
faba42eb
JH		 208
209 BT_DBG("sock %p", sk);
210
211 read_lock(&hci_dev_list_lock);
212
213 count = 0;
214 list_for_each(p, &hci_dev_list) {
215 count++;
216 }
217
a38528f1
JH		 218 rp_len = sizeof(*rp) + (2 * count);
219 rp = kmalloc(rp_len, GFP_ATOMIC);
220 if (!rp) {
b2c60d42 221 read_unlock(&hci_dev_list_lock);
faba42eb 222 return -ENOMEM;
b2c60d42 223 }
faba42eb 224
faba42eb
JH		 225 put_unaligned_le16(count, &rp->num_controllers);
226
227 i = 0;
8035ded4 228 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 229 if (test_and_clear_bit(HCI_AUTO_OFF, &d->dev_flags))
e0f9309f 230 cancel_delayed_work(&d->power_off);
ab81cbf9 231
a8b2d5c2 232 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 233 continue;
234
faba42eb
JH		 235 put_unaligned_le16(d->id, &rp->index[i++]);
236 BT_DBG("Added hci%u", d->id);
237 }
238
239 read_unlock(&hci_dev_list_lock);
240
4e51eae9
SJ		 241 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
242 rp_len);
faba42eb 243
a38528f1
JH		 244 kfree(rp);
245
246 return err;
faba42eb
JH		 247}
248
69ab39ea
JH		 249static u32 get_supported_settings(struct hci_dev *hdev)
250{
251 u32 settings = 0;
252
253 settings |= MGMT_SETTING_POWERED;
254 settings |= MGMT_SETTING_CONNECTABLE;
255 settings |= MGMT_SETTING_FAST_CONNECTABLE;
256 settings |= MGMT_SETTING_DISCOVERABLE;
257 settings |= MGMT_SETTING_PAIRABLE;
258
259 if (hdev->features[6] & LMP_SIMPLE_PAIR)
260 settings |= MGMT_SETTING_SSP;
261
262 if (!(hdev->features[4] & LMP_NO_BREDR)) {
263 settings |= MGMT_SETTING_BREDR;
264 settings |= MGMT_SETTING_LINK_SECURITY;
265 }
266
267 if (hdev->features[4] & LMP_LE)
268 settings |= MGMT_SETTING_LE;
269
270 return settings;
271}
272
273static u32 get_current_settings(struct hci_dev *hdev)
274{
275 u32 settings = 0;
276
277 if (test_bit(HCI_UP, &hdev->flags))
278 settings |= MGMT_SETTING_POWERED;
279 else
280 return settings;
281
282 if (test_bit(HCI_PSCAN, &hdev->flags))
283 settings |= MGMT_SETTING_CONNECTABLE;
284
285 if (test_bit(HCI_ISCAN, &hdev->flags))
286 settings |= MGMT_SETTING_DISCOVERABLE;
287
a8b2d5c2 288 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 289 settings |= MGMT_SETTING_PAIRABLE;
290
291 if (!(hdev->features[4] & LMP_NO_BREDR))
292 settings |= MGMT_SETTING_BREDR;
293
59e29406 294 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 295 settings |= MGMT_SETTING_LE;
296
297 if (test_bit(HCI_AUTH, &hdev->flags))
298 settings |= MGMT_SETTING_LINK_SECURITY;
299
300 if (hdev->ssp_mode > 0)
301 settings |= MGMT_SETTING_SSP;
302
303 return settings;
304}
305
ef580372
JH		 306#define PNP_INFO_SVCLASS_ID 0x1200
307
308static u8 bluetooth_base_uuid[] = {
309 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
310 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
311};
312
313static u16 get_uuid16(u8 *uuid128)
314{
315 u32 val;
316 int i;
317
318 for (i = 0; i < 12; i++) {
319 if (bluetooth_base_uuid[i] != uuid128[i])
320 return 0;
321 }
322
323 memcpy(&val, &uuid128[12], 4);
324
325 val = le32_to_cpu(val);
326 if (val > 0xffff)
327 return 0;
328
329 return (u16) val;
330}
331
332static void create_eir(struct hci_dev *hdev, u8 *data)
333{
334 u8 *ptr = data;
335 u16 eir_len = 0;
336 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
337 int i, truncated = 0;
338 struct bt_uuid *uuid;
339 size_t name_len;
340
341 name_len = strlen(hdev->dev_name);
342
343 if (name_len > 0) {
344 /* EIR Data type */
345 if (name_len > 48) {
346 name_len = 48;
347 ptr[1] = EIR_NAME_SHORT;
348 } else
349 ptr[1] = EIR_NAME_COMPLETE;
350
351 /* EIR Data length */
352 ptr[0] = name_len + 1;
353
354 memcpy(ptr + 2, hdev->dev_name, name_len);
355
356 eir_len += (name_len + 2);
357 ptr += (name_len + 2);
358 }
359
360 memset(uuid16_list, 0, sizeof(uuid16_list));
361
362 /* Group all UUID16 types */
363 list_for_each_entry(uuid, &hdev->uuids, list) {
364 u16 uuid16;
365
366 uuid16 = get_uuid16(uuid->uuid);
367 if (uuid16 == 0)
368 return;
369
370 if (uuid16 < 0x1100)
371 continue;
372
373 if (uuid16 == PNP_INFO_SVCLASS_ID)
374 continue;
375
376 /* Stop if not enough space to put next UUID */
377 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
378 truncated = 1;
379 break;
380 }
381
382 /* Check for duplicates */
383 for (i = 0; uuid16_list[i] != 0; i++)
384 if (uuid16_list[i] == uuid16)
385 break;
386
387 if (uuid16_list[i] == 0) {
388 uuid16_list[i] = uuid16;
389 eir_len += sizeof(u16);
390 }
391 }
392
393 if (uuid16_list[0] != 0) {
394 u8 *length = ptr;
395
396 /* EIR Data type */
397 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
398
399 ptr += 2;
400 eir_len += 2;
401
402 for (i = 0; uuid16_list[i] != 0; i++) {
403 *ptr++ = (uuid16_list[i] & 0x00ff);
404 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
405 }
406
407 /* EIR Data length */
408 *length = (i * sizeof(u16)) + 1;
409 }
410}
411
412static int update_eir(struct hci_dev *hdev)
413{
414 struct hci_cp_write_eir cp;
415
416 if (!(hdev->features[6] & LMP_EXT_INQ))
417 return 0;
418
419 if (hdev->ssp_mode == 0)
420 return 0;
421
a8b2d5c2 422 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 423 return 0;
424
425 memset(&cp, 0, sizeof(cp));
426
427 create_eir(hdev, cp.data);
428
429 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
430 return 0;
431
432 memcpy(hdev->eir, cp.data, sizeof(cp.data));
433
434 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
435}
436
437static u8 get_service_classes(struct hci_dev *hdev)
438{
439 struct bt_uuid *uuid;
440 u8 val = 0;
441
442 list_for_each_entry(uuid, &hdev->uuids, list)
443 val |= uuid->svc_hint;
444
445 return val;
446}
447
448static int update_class(struct hci_dev *hdev)
449{
450 u8 cod[3];
451
452 BT_DBG("%s", hdev->name);
453
a8b2d5c2 454 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 455 return 0;
456
457 cod[0] = hdev->minor_class;
458 cod[1] = hdev->major_class;
459 cod[2] = get_service_classes(hdev);
460
461 if (memcmp(cod, hdev->dev_class, 3) == 0)
462 return 0;
463
464 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
465}
466
7d78525d
JH		 467static void service_cache_off(struct work_struct *work)
468{
469 struct hci_dev *hdev = container_of(work, struct hci_dev,
470 service_cache.work);
471
a8b2d5c2 472 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 473 return;
474
475 hci_dev_lock(hdev);
476
477 update_eir(hdev);
478 update_class(hdev);
479
480 hci_dev_unlock(hdev);
481}
482
483static void mgmt_init_hdev(struct hci_dev *hdev)
484{
a8b2d5c2 485 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
7d78525d
JH		 486 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
487
a8b2d5c2 488 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 489 schedule_delayed_work(&hdev->service_cache,
490 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
491}
492
4e51eae9 493static int read_controller_info(struct sock *sk, u16 index)
0381101f 494{
a38528f1 495 struct mgmt_rp_read_info rp;
f7b64e69 496 struct hci_dev *hdev;
0381101f 497
4e51eae9 498 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 499
4e51eae9 500 hdev = hci_dev_get(index);
a38528f1 501 if (!hdev)
ca69b795
JH		 502 return cmd_status(sk, index, MGMT_OP_READ_INFO,
503 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 504
a8b2d5c2 505 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags))
3243553f 506 cancel_delayed_work_sync(&hdev->power_off);
ab81cbf9 507
09fd0de5 508 hci_dev_lock(hdev);
f7b64e69 509
7d78525d
JH		 510 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
511 mgmt_init_hdev(hdev);
ebc99feb 512
dc4fe30b
JH		 513 memset(&rp, 0, sizeof(rp));
514
69ab39ea 515 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 516
69ab39ea 517 rp.version = hdev->hci_ver;
f7b64e69 518
69ab39ea
JH		 519 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
520
521 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
522 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 523
a38528f1 524 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 525
dc4fe30b
JH		 526 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
527
09fd0de5 528 hci_dev_unlock(hdev);
f7b64e69 529 hci_dev_put(hdev);
0381101f 530
4e51eae9 531 return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
0381101f
JH		 532}
533
eec8d2bc
JH		 534static void mgmt_pending_free(struct pending_cmd *cmd)
535{
536 sock_put(cmd->sk);
c68fb7ff 537 kfree(cmd->param);
eec8d2bc
JH		 538 kfree(cmd);
539}
540
366a0336 541static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 542 struct hci_dev *hdev,
543 void *data, u16 len)
eec8d2bc
JH		 544{
545 struct pending_cmd *cmd;
546
547 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
548 if (!cmd)
366a0336 549 return NULL;
eec8d2bc
JH		 550
551 cmd->opcode = opcode;
2e58ef3e 552 cmd->index = hdev->id;
eec8d2bc 553
c68fb7ff
SJ		 554 cmd->param = kmalloc(len, GFP_ATOMIC);
555 if (!cmd->param) {
eec8d2bc 556 kfree(cmd);
366a0336 557 return NULL;
eec8d2bc
JH		 558 }
559
8fce6357
SJ		 560 if (data)
561 memcpy(cmd->param, data, len);
eec8d2bc
JH		 562
563 cmd->sk = sk;
564 sock_hold(sk);
565
2e58ef3e 566 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 567
366a0336 568 return cmd;
eec8d2bc
JH		 569}
570
744cf19e 571static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 572 void (*cb)(struct pending_cmd *cmd, void *data),
573 void *data)
574{
575 struct list_head *p, *n;
576
2e58ef3e 577 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 578 struct pending_cmd *cmd;
579
580 cmd = list_entry(p, struct pending_cmd, list);
581
b24752fe 582 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 583 continue;
584
eec8d2bc
JH		 585 cb(cmd, data);
586 }
587}
588
2e58ef3e 589static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 590{
8035ded4 591 struct pending_cmd *cmd;
eec8d2bc 592
2e58ef3e 593 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 594 if (cmd->opcode == opcode)
595 return cmd;
eec8d2bc
JH		 596 }
597
598 return NULL;
599}
600
a664b5bc 601static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 602{
73f22f62
JH		 603 list_del(&cmd->list);
604 mgmt_pending_free(cmd);
605}
606
69ab39ea 607static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 608{
69ab39ea 609 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 610
69ab39ea 611 return cmd_complete(sk, hdev->id, opcode, &settings, sizeof(settings));
8680570b
JH		 612}
613
4e51eae9 614static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
eec8d2bc 615{
72a734ec 616 struct mgmt_mode *cp;
eec8d2bc 617 struct hci_dev *hdev;
366a0336 618 struct pending_cmd *cmd;
366a0336 619 int err, up;
eec8d2bc
JH		 620
621 cp = (void *) data;
eec8d2bc 622
4e51eae9 623 BT_DBG("request for hci%u", index);
eec8d2bc 624
bdce7baf 625 if (len != sizeof(*cp))
ca69b795
JH		 626 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
627 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 628
4e51eae9 629 hdev = hci_dev_get(index);
eec8d2bc 630 if (!hdev)
ca69b795
JH		 631 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
632 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 633
09fd0de5 634 hci_dev_lock(hdev);
eec8d2bc
JH		 635
636 up = test_bit(HCI_UP, &hdev->flags);
72a734ec 637 if ((cp->val && up) || (!cp->val && !up)) {
69ab39ea 638 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 639 goto failed;
640 }
641
2e58ef3e 642 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 643 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
644 MGMT_STATUS_BUSY);
eec8d2bc
JH		 645 goto failed;
646 }
647
2e58ef3e 648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 649 if (!cmd) {
650 err = -ENOMEM;
eec8d2bc 651 goto failed;
366a0336 652 }
eec8d2bc 653
72a734ec 654 if (cp->val)
7f971041 655 schedule_work(&hdev->power_on);
eec8d2bc 656 else
80b7ab33 657 schedule_work(&hdev->power_off.work);
eec8d2bc 658
366a0336 659 err = 0;
eec8d2bc
JH		 660
661failed:
09fd0de5 662 hci_dev_unlock(hdev);
eec8d2bc 663 hci_dev_put(hdev);
366a0336 664 return err;
eec8d2bc
JH		 665}
666
4e51eae9
SJ		 667static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
668 u16 len)
73f22f62 669{
16ab91ab 670 struct mgmt_cp_set_discoverable *cp;
73f22f62 671 struct hci_dev *hdev;
366a0336 672 struct pending_cmd *cmd;
73f22f62
JH		 673 u8 scan;
674 int err;
675
676 cp = (void *) data;
73f22f62 677
4e51eae9 678 BT_DBG("request for hci%u", index);
73f22f62 679
bdce7baf 680 if (len != sizeof(*cp))
ca69b795
JH		 681 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
682 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 683
4e51eae9 684 hdev = hci_dev_get(index);
73f22f62 685 if (!hdev)
ca69b795
JH		 686 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
687 MGMT_STATUS_INVALID_PARAMS);
73f22f62 688
09fd0de5 689 hci_dev_lock(hdev);
73f22f62
JH		 690
691 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 692 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
693 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 694 goto failed;
695 }
696
2e58ef3e
JH		 697 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
698 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 699 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
700 MGMT_STATUS_BUSY);
73f22f62
JH		 701 goto failed;
702 }
703
72a734ec 704 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 705 test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 706 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 707 goto failed;
708 }
709
2e58ef3e 710 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 711 if (!cmd) {
712 err = -ENOMEM;
73f22f62 713 goto failed;
366a0336 714 }
73f22f62
JH		 715
716 scan = SCAN_PAGE;
717
72a734ec 718 if (cp->val)
73f22f62 719 scan |= SCAN_INQUIRY;
16ab91ab 720 else
e0f9309f 721 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 722
723 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
724 if (err < 0)
a664b5bc 725 mgmt_pending_remove(cmd);
73f22f62 726
16ab91ab
JH		 727 if (cp->val)
728 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
729
73f22f62 730failed:
09fd0de5 731 hci_dev_unlock(hdev);
73f22f62
JH		 732 hci_dev_put(hdev);
733
734 return err;
735}
736
4e51eae9
SJ		 737static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
738 u16 len)
9fbcbb45 739{
72a734ec 740 struct mgmt_mode *cp;
9fbcbb45 741 struct hci_dev *hdev;
366a0336 742 struct pending_cmd *cmd;
9fbcbb45
JH		 743 u8 scan;
744 int err;
745
746 cp = (void *) data;
9fbcbb45 747
4e51eae9 748 BT_DBG("request for hci%u", index);
9fbcbb45 749
bdce7baf 750 if (len != sizeof(*cp))
ca69b795
JH		 751 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
752 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 753
4e51eae9 754 hdev = hci_dev_get(index);
9fbcbb45 755 if (!hdev)
ca69b795
JH		 756 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
757 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 758
09fd0de5 759 hci_dev_lock(hdev);
9fbcbb45
JH		 760
761 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 762 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
763 MGMT_STATUS_NOT_POWERED);
9fbcbb45
JH		 764 goto failed;
765 }
766
2e58ef3e
JH		 767 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
768 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 769 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
770 MGMT_STATUS_BUSY);
9fbcbb45
JH		 771 goto failed;
772 }
773
72a734ec 774 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 775 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 776 goto failed;
777 }
778
2e58ef3e 779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 780 if (!cmd) {
781 err = -ENOMEM;
9fbcbb45 782 goto failed;
366a0336 783 }
9fbcbb45 784
72a734ec 785 if (cp->val)
9fbcbb45
JH		 786 scan = SCAN_PAGE;
787 else
788 scan = 0;
789
790 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
791 if (err < 0)
a664b5bc 792 mgmt_pending_remove(cmd);
9fbcbb45
JH		 793
794failed:
09fd0de5 795 hci_dev_unlock(hdev);
9fbcbb45
JH		 796 hci_dev_put(hdev);
797
798 return err;
799}
800
744cf19e
JH		 801static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
802 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 803{
804 struct sk_buff *skb;
805 struct mgmt_hdr *hdr;
806
807 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
808 if (!skb)
809 return -ENOMEM;
810
811 bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
812
813 hdr = (void *) skb_put(skb, sizeof(*hdr));
814 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 815 if (hdev)
816 hdr->index = cpu_to_le16(hdev->id);
817 else
818 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 819 hdr->len = cpu_to_le16(data_len);
820
4e51eae9
SJ		 821 if (data)
822 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c
JH		 823
824 hci_send_to_sock(NULL, skb, skip_sk);
825 kfree_skb(skb);
826
827 return 0;
828}
829
4e51eae9
SJ		 830static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
831 u16 len)
c542a06c 832{
69ab39ea 833 struct mgmt_mode *cp;
c542a06c 834 struct hci_dev *hdev;
69ab39ea 835 __le32 ev;
c542a06c
JH		 836 int err;
837
838 cp = (void *) data;
c542a06c 839
4e51eae9 840 BT_DBG("request for hci%u", index);
c542a06c 841
bdce7baf 842 if (len != sizeof(*cp))
ca69b795
JH		 843 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
844 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 845
4e51eae9 846 hdev = hci_dev_get(index);
c542a06c 847 if (!hdev)
ca69b795
JH		 848 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
849 MGMT_STATUS_INVALID_PARAMS);
c542a06c 850
09fd0de5 851 hci_dev_lock(hdev);
c542a06c
JH		 852
853 if (cp->val)
a8b2d5c2 854 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 855 else
a8b2d5c2 856 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 857
69ab39ea 858 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 859 if (err < 0)
860 goto failed;
861
69ab39ea 862 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 863
69ab39ea 864 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 865
866failed:
09fd0de5 867 hci_dev_unlock(hdev);
c542a06c
JH		 868 hci_dev_put(hdev);
869
870 return err;
871}
872
4e51eae9 873static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 874{
875 struct mgmt_cp_add_uuid *cp;
876 struct hci_dev *hdev;
877 struct bt_uuid *uuid;
2aeb9a1a
JH		 878 int err;
879
880 cp = (void *) data;
2aeb9a1a 881
4e51eae9 882 BT_DBG("request for hci%u", index);
2aeb9a1a 883
bdce7baf 884 if (len != sizeof(*cp))
ca69b795
JH		 885 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
886 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 887
4e51eae9 888 hdev = hci_dev_get(index);
2aeb9a1a 889 if (!hdev)
ca69b795
JH		 890 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
891 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 892
09fd0de5 893 hci_dev_lock(hdev);
2aeb9a1a
JH		 894
895 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
896 if (!uuid) {
897 err = -ENOMEM;
898 goto failed;
899 }
900
901 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 902 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 903
904 list_add(&uuid->list, &hdev->uuids);
905
1aff6f09
JH		 906 err = update_class(hdev);
907 if (err < 0)
908 goto failed;
909
80a1e1db
JH		 910 err = update_eir(hdev);
911 if (err < 0)
912 goto failed;
913
4e51eae9 914 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
2aeb9a1a
JH		 915
916failed:
09fd0de5 917 hci_dev_unlock(hdev);
2aeb9a1a
JH		 918 hci_dev_put(hdev);
919
920 return err;
921}
922
4e51eae9 923static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
2aeb9a1a
JH		 924{
925 struct list_head *p, *n;
779cb850 926 struct mgmt_cp_remove_uuid *cp;
2aeb9a1a
JH		 927 struct hci_dev *hdev;
928 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 929 int err, found;
930
931 cp = (void *) data;
2aeb9a1a 932
4e51eae9 933 BT_DBG("request for hci%u", index);
2aeb9a1a 934
bdce7baf 935 if (len != sizeof(*cp))
ca69b795
JH		 936 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
937 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 938
4e51eae9 939 hdev = hci_dev_get(index);
2aeb9a1a 940 if (!hdev)
ca69b795
JH		 941 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
942 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 943
09fd0de5 944 hci_dev_lock(hdev);
2aeb9a1a
JH		 945
946 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
947 err = hci_uuids_clear(hdev);
948 goto unlock;
949 }
950
951 found = 0;
952
953 list_for_each_safe(p, n, &hdev->uuids) {
954 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
955
956 if (memcmp(match->uuid, cp->uuid, 16) != 0)
957 continue;
958
959 list_del(&match->list);
960 found++;
961 }
962
963 if (found == 0) {
ca69b795
JH		 964 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
965 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 966 goto unlock;
967 }
968
1aff6f09
JH		 969 err = update_class(hdev);
970 if (err < 0)
971 goto unlock;
972
80a1e1db
JH		 973 err = update_eir(hdev);
974 if (err < 0)
975 goto unlock;
976
4e51eae9 977 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
2aeb9a1a
JH		 978
979unlock:
09fd0de5 980 hci_dev_unlock(hdev);
2aeb9a1a
JH		 981 hci_dev_put(hdev);
982
983 return err;
984}
985
4e51eae9
SJ		 986static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
987 u16 len)
1aff6f09
JH		 988{
989 struct hci_dev *hdev;
990 struct mgmt_cp_set_dev_class *cp;
1aff6f09
JH		 991 int err;
992
993 cp = (void *) data;
1aff6f09 994
4e51eae9 995 BT_DBG("request for hci%u", index);
1aff6f09 996
bdce7baf 997 if (len != sizeof(*cp))
ca69b795
JH		 998 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
999 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1000
4e51eae9 1001 hdev = hci_dev_get(index);
1aff6f09 1002 if (!hdev)
ca69b795
JH		 1003 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1004 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1005
09fd0de5 1006 hci_dev_lock(hdev);
1aff6f09
JH		 1007
1008 hdev->major_class = cp->major;
1009 hdev->minor_class = cp->minor;
1010
a8b2d5c2 1011 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1012 hci_dev_unlock(hdev);
1013 cancel_delayed_work_sync(&hdev->service_cache);
1014 hci_dev_lock(hdev);
14c0b608 1015 update_eir(hdev);
7d78525d 1016 }
14c0b608 1017
1aff6f09
JH		 1018 err = update_class(hdev);
1019
1020 if (err == 0)
4e51eae9 1021 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
1aff6f09 1022
09fd0de5 1023 hci_dev_unlock(hdev);
1aff6f09
JH		 1024 hci_dev_put(hdev);
1025
1026 return err;
1027}
1028
86742e1e
JH		 1029static int load_link_keys(struct sock *sk, u16 index, unsigned char *data,
1030 u16 len)
55ed8ca1
JH		 1031{
1032 struct hci_dev *hdev;
86742e1e 1033 struct mgmt_cp_load_link_keys *cp;
4e51eae9 1034 u16 key_count, expected_len;
a492cd52 1035 int i;
55ed8ca1
JH		 1036
1037 cp = (void *) data;
bdce7baf
SJ		 1038
1039 if (len < sizeof(*cp))
ca69b795
JH		 1040 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1041 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1042
55ed8ca1
JH		 1043 key_count = get_unaligned_le16(&cp->key_count);
1044
86742e1e
JH		 1045 expected_len = sizeof(*cp) + key_count *
1046 sizeof(struct mgmt_link_key_info);
a492cd52 1047 if (expected_len != len) {
86742e1e 1048 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1049 len, expected_len);
ca69b795
JH		 1050 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1051 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1052 }
1053
4e51eae9 1054 hdev = hci_dev_get(index);
55ed8ca1 1055 if (!hdev)
ca69b795
JH		 1056 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1057 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1058
4e51eae9 1059 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1060 key_count);
1061
09fd0de5 1062 hci_dev_lock(hdev);
55ed8ca1
JH		 1063
1064 hci_link_keys_clear(hdev);
1065
a8b2d5c2 1066 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1067
1068 if (cp->debug_keys)
a8b2d5c2 1069 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1070 else
a8b2d5c2 1071 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1072
a492cd52 1073 for (i = 0; i < key_count; i++) {
86742e1e 1074 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1075
d25e28ab 1076 hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
55ed8ca1
JH		 1077 key->pin_len);
1078 }
1079
0e5f875a
JH		 1080 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, NULL, 0);
1081
09fd0de5 1082 hci_dev_unlock(hdev);
55ed8ca1
JH		 1083 hci_dev_put(hdev);
1084
a492cd52 1085 return 0;
55ed8ca1
JH		 1086}
1087
86742e1e
JH		 1088static int remove_keys(struct sock *sk, u16 index, unsigned char *data,
1089 u16 len)
55ed8ca1
JH		 1090{
1091 struct hci_dev *hdev;
86742e1e 1092 struct mgmt_cp_remove_keys *cp;
a8a1d19e
JH		 1093 struct mgmt_rp_remove_keys rp;
1094 struct hci_cp_disconnect dc;
1095 struct pending_cmd *cmd;
55ed8ca1 1096 struct hci_conn *conn;
55ed8ca1
JH		 1097 int err;
1098
1099 cp = (void *) data;
55ed8ca1 1100
bdce7baf 1101 if (len != sizeof(*cp))
ca69b795
JH		 1102 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1103 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1104
4e51eae9 1105 hdev = hci_dev_get(index);
55ed8ca1 1106 if (!hdev)
ca69b795
JH		 1107 return cmd_status(sk, index, MGMT_OP_REMOVE_KEYS,
1108 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1109
09fd0de5 1110 hci_dev_lock(hdev);
55ed8ca1 1111
a8a1d19e
JH		 1112 memset(&rp, 0, sizeof(rp));
1113 bacpy(&rp.bdaddr, &cp->bdaddr);
ca69b795 1114 rp.status = MGMT_STATUS_FAILED;
a8a1d19e 1115
55ed8ca1
JH		 1116 err = hci_remove_link_key(hdev, &cp->bdaddr);
1117 if (err < 0) {
ca69b795 1118 rp.status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1119 goto unlock;
1120 }
1121
a8a1d19e
JH		 1122 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
1123 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1124 sizeof(rp));
55ed8ca1 1125 goto unlock;
a8a1d19e 1126 }
55ed8ca1
JH		 1127
1128 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
a8a1d19e
JH		 1129 if (!conn) {
1130 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1131 sizeof(rp));
1132 goto unlock;
1133 }
55ed8ca1 1134
a8a1d19e
JH		 1135 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_KEYS, hdev, cp, sizeof(*cp));
1136 if (!cmd) {
1137 err = -ENOMEM;
1138 goto unlock;
55ed8ca1
JH		 1139 }
1140
a8a1d19e
JH		 1141 put_unaligned_le16(conn->handle, &dc.handle);
1142 dc.reason = 0x13; /* Remote User Terminated Connection */
1143 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1144 if (err < 0)
1145 mgmt_pending_remove(cmd);
1146
55ed8ca1 1147unlock:
ca69b795 1148 if (err < 0)
a8a1d19e
JH		 1149 err = cmd_complete(sk, index, MGMT_OP_REMOVE_KEYS, &rp,
1150 sizeof(rp));
09fd0de5 1151 hci_dev_unlock(hdev);
55ed8ca1
JH		 1152 hci_dev_put(hdev);
1153
1154 return err;
1155}
1156
4e51eae9 1157static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
8962ee74
JH		 1158{
1159 struct hci_dev *hdev;
1160 struct mgmt_cp_disconnect *cp;
1161 struct hci_cp_disconnect dc;
366a0336 1162 struct pending_cmd *cmd;
8962ee74 1163 struct hci_conn *conn;
8962ee74
JH		 1164 int err;
1165
1166 BT_DBG("");
1167
1168 cp = (void *) data;
8962ee74 1169
bdce7baf 1170 if (len != sizeof(*cp))
ca69b795
JH		 1171 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1172 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1173
4e51eae9 1174 hdev = hci_dev_get(index);
8962ee74 1175 if (!hdev)
ca69b795
JH		 1176 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1177 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1178
09fd0de5 1179 hci_dev_lock(hdev);
8962ee74
JH		 1180
1181 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1182 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1183 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1184 goto failed;
1185 }
1186
2e58ef3e 1187 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1188 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1189 MGMT_STATUS_BUSY);
8962ee74
JH		 1190 goto failed;
1191 }
1192
1193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
365227e5
VCG		 1194 if (!conn)
1195 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1196
8962ee74 1197 if (!conn) {
ca69b795
JH		 1198 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1199 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1200 goto failed;
1201 }
1202
2e58ef3e 1203 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1204 if (!cmd) {
1205 err = -ENOMEM;
8962ee74 1206 goto failed;
366a0336 1207 }
8962ee74
JH		 1208
1209 put_unaligned_le16(conn->handle, &dc.handle);
1210 dc.reason = 0x13; /* Remote User Terminated Connection */
1211
1212 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1213 if (err < 0)
a664b5bc 1214 mgmt_pending_remove(cmd);
8962ee74
JH		 1215
1216failed:
09fd0de5 1217 hci_dev_unlock(hdev);
8962ee74
JH		 1218 hci_dev_put(hdev);
1219
1220 return err;
1221}
1222
48264f06 1223static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1224{
1225 switch (link_type) {
1226 case LE_LINK:
48264f06
JH		 1227 switch (addr_type) {
1228 case ADDR_LE_DEV_PUBLIC:
1229 return MGMT_ADDR_LE_PUBLIC;
1230 case ADDR_LE_DEV_RANDOM:
1231 return MGMT_ADDR_LE_RANDOM;
1232 default:
1233 return MGMT_ADDR_INVALID;
1234 }
4c659c39
JH		 1235 case ACL_LINK:
1236 return MGMT_ADDR_BREDR;
1237 default:
1238 return MGMT_ADDR_INVALID;
1239 }
1240}
1241
8ce6284e 1242static int get_connections(struct sock *sk, u16 index)
2784eb41 1243{
2784eb41
JH		 1244 struct mgmt_rp_get_connections *rp;
1245 struct hci_dev *hdev;
8035ded4 1246 struct hci_conn *c;
2784eb41 1247 struct list_head *p;
a38528f1 1248 size_t rp_len;
4e51eae9 1249 u16 count;
2784eb41
JH		 1250 int i, err;
1251
1252 BT_DBG("");
1253
4e51eae9 1254 hdev = hci_dev_get(index);
2784eb41 1255 if (!hdev)
ca69b795
JH		 1256 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1257 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1258
09fd0de5 1259 hci_dev_lock(hdev);
2784eb41
JH		 1260
1261 count = 0;
1262 list_for_each(p, &hdev->conn_hash.list) {
1263 count++;
1264 }
1265
4c659c39 1266 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1267 rp = kmalloc(rp_len, GFP_ATOMIC);
1268 if (!rp) {
2784eb41
JH		 1269 err = -ENOMEM;
1270 goto unlock;
1271 }
1272
2784eb41
JH		 1273 put_unaligned_le16(count, &rp->conn_count);
1274
2784eb41 1275 i = 0;
4c659c39
JH		 1276 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1277 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1278 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1279 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1280 continue;
1281 i++;
1282 }
1283
1284 /* Recalculate length in case of filtered SCO connections, etc */
1285 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1286
4e51eae9 1287 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
2784eb41
JH		 1288
1289unlock:
a38528f1 1290 kfree(rp);
09fd0de5 1291 hci_dev_unlock(hdev);
2784eb41
JH		 1292 hci_dev_put(hdev);
1293 return err;
1294}
1295
96d97a67
WR		 1296static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1297 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1298{
1299 struct pending_cmd *cmd;
1300 int err;
1301
2e58ef3e 1302 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1303 sizeof(*cp));
1304 if (!cmd)
1305 return -ENOMEM;
1306
1307 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1308 &cp->bdaddr);
1309 if (err < 0)
1310 mgmt_pending_remove(cmd);
1311
1312 return err;
1313}
1314
4e51eae9
SJ		 1315static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1316 u16 len)
980e1a53
JH		 1317{
1318 struct hci_dev *hdev;
96d97a67 1319 struct hci_conn *conn;
980e1a53 1320 struct mgmt_cp_pin_code_reply *cp;
96d97a67 1321 struct mgmt_cp_pin_code_neg_reply ncp;
980e1a53 1322 struct hci_cp_pin_code_reply reply;
366a0336 1323 struct pending_cmd *cmd;
980e1a53
JH		 1324 int err;
1325
1326 BT_DBG("");
1327
1328 cp = (void *) data;
980e1a53 1329
bdce7baf 1330 if (len != sizeof(*cp))
ca69b795
JH		 1331 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1332 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1333
4e51eae9 1334 hdev = hci_dev_get(index);
980e1a53 1335 if (!hdev)
ca69b795
JH		 1336 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1337 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1338
09fd0de5 1339 hci_dev_lock(hdev);
980e1a53
JH		 1340
1341 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1342 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1343 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1344 goto failed;
1345 }
1346
96d97a67
WR		 1347 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1348 if (!conn) {
ca69b795
JH		 1349 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1350 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1351 goto failed;
1352 }
1353
1354 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1355 bacpy(&ncp.bdaddr, &cp->bdaddr);
1356
1357 BT_ERR("PIN code is not 16 bytes long");
1358
1359 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1360 if (err >= 0)
1361 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1362 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1363
1364 goto failed;
1365 }
1366
2e58ef3e 1367 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1368 if (!cmd) {
1369 err = -ENOMEM;
980e1a53 1370 goto failed;
366a0336 1371 }
980e1a53
JH		 1372
1373 bacpy(&reply.bdaddr, &cp->bdaddr);
1374 reply.pin_len = cp->pin_len;
24718ca5 1375 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1376
1377 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1378 if (err < 0)
a664b5bc 1379 mgmt_pending_remove(cmd);
980e1a53
JH		 1380
1381failed:
09fd0de5 1382 hci_dev_unlock(hdev);
980e1a53
JH		 1383 hci_dev_put(hdev);
1384
1385 return err;
1386}
1387
4e51eae9
SJ		 1388static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1389 u16 len)
980e1a53
JH		 1390{
1391 struct hci_dev *hdev;
1392 struct mgmt_cp_pin_code_neg_reply *cp;
980e1a53
JH		 1393 int err;
1394
1395 BT_DBG("");
1396
1397 cp = (void *) data;
980e1a53 1398
bdce7baf
SJ		 1399 if (len != sizeof(*cp))
1400 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1401 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1402
4e51eae9 1403 hdev = hci_dev_get(index);
980e1a53 1404 if (!hdev)
4e51eae9 1405 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1406 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1407
09fd0de5 1408 hci_dev_lock(hdev);
980e1a53
JH		 1409
1410 if (!test_bit(HCI_UP, &hdev->flags)) {
4e51eae9 1411 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1412 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1413 goto failed;
1414 }
1415
96d97a67 1416 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1417
1418failed:
09fd0de5 1419 hci_dev_unlock(hdev);
980e1a53
JH		 1420 hci_dev_put(hdev);
1421
1422 return err;
1423}
1424
4e51eae9
SJ		 1425static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1426 u16 len)
17fa4b9d
JH		 1427{
1428 struct hci_dev *hdev;
1429 struct mgmt_cp_set_io_capability *cp;
17fa4b9d
JH		 1430
1431 BT_DBG("");
1432
1433 cp = (void *) data;
17fa4b9d 1434
bdce7baf 1435 if (len != sizeof(*cp))
ca69b795
JH		 1436 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1437 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1438
4e51eae9 1439 hdev = hci_dev_get(index);
17fa4b9d 1440 if (!hdev)
ca69b795
JH		 1441 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1442 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1443
09fd0de5 1444 hci_dev_lock(hdev);
17fa4b9d
JH		 1445
1446 hdev->io_capability = cp->io_capability;
1447
1448 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1449 hdev->io_capability);
17fa4b9d 1450
09fd0de5 1451 hci_dev_unlock(hdev);
17fa4b9d
JH		 1452 hci_dev_put(hdev);
1453
4e51eae9 1454 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
17fa4b9d
JH		 1455}
1456
e9a416b5
JH		 1457static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1458{
1459 struct hci_dev *hdev = conn->hdev;
8035ded4 1460 struct pending_cmd *cmd;
e9a416b5 1461
2e58ef3e 1462 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1463 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1464 continue;
1465
e9a416b5
JH		 1466 if (cmd->user_data != conn)
1467 continue;
1468
1469 return cmd;
1470 }
1471
1472 return NULL;
1473}
1474
1475static void pairing_complete(struct pending_cmd *cmd, u8 status)
1476{
1477 struct mgmt_rp_pair_device rp;
1478 struct hci_conn *conn = cmd->user_data;
1479
ba4e564f
JH		 1480 bacpy(&rp.addr.bdaddr, &conn->dst);
1481 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5
JH		 1482 rp.status = status;
1483
4e51eae9 1484 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
e9a416b5
JH		 1485
1486 /* So we don't get further callbacks for this connection */
1487 conn->connect_cfm_cb = NULL;
1488 conn->security_cfm_cb = NULL;
1489 conn->disconn_cfm_cb = NULL;
1490
1491 hci_conn_put(conn);
1492
a664b5bc 1493 mgmt_pending_remove(cmd);
e9a416b5
JH		 1494}
1495
1496static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1497{
1498 struct pending_cmd *cmd;
1499
1500 BT_DBG("status %u", status);
1501
1502 cmd = find_pairing(conn);
56e5cb86 1503 if (!cmd)
e9a416b5 1504 BT_DBG("Unable to find a pending command");
56e5cb86
JH		 1505 else
1506 pairing_complete(cmd, status);
e9a416b5
JH		 1507}
1508
4e51eae9 1509static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
e9a416b5
JH		 1510{
1511 struct hci_dev *hdev;
1512 struct mgmt_cp_pair_device *cp;
1425acb7 1513 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1514 struct pending_cmd *cmd;
1515 u8 sec_level, auth_type;
1516 struct hci_conn *conn;
e9a416b5
JH		 1517 int err;
1518
1519 BT_DBG("");
1520
1521 cp = (void *) data;
e9a416b5 1522
bdce7baf 1523 if (len != sizeof(*cp))
ca69b795
JH		 1524 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1525 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1526
4e51eae9 1527 hdev = hci_dev_get(index);
e9a416b5 1528 if (!hdev)
ca69b795
JH		 1529 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1530 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1531
09fd0de5 1532 hci_dev_lock(hdev);
e9a416b5 1533
c908df36
VCG		 1534 sec_level = BT_SECURITY_MEDIUM;
1535 if (cp->io_cap == 0x03)
e9a416b5 1536 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1537 else
e9a416b5 1538 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1539
ba4e564f
JH		 1540 if (cp->addr.type == MGMT_ADDR_BREDR)
1541 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1542 auth_type);
1543 else
ba4e564f 1544 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1545 auth_type);
1546
1425acb7
JH		 1547 memset(&rp, 0, sizeof(rp));
1548 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1549 rp.addr.type = cp->addr.type;
1550
30e76272 1551 if (IS_ERR(conn)) {
1425acb7
JH		 1552 rp.status = -PTR_ERR(conn);
1553 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1554 &rp, sizeof(rp));
e9a416b5
JH		 1555 goto unlock;
1556 }
1557
1558 if (conn->connect_cfm_cb) {
1559 hci_conn_put(conn);
1425acb7
JH		 1560 rp.status = EBUSY;
1561 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1562 &rp, sizeof(rp));
e9a416b5
JH		 1563 goto unlock;
1564 }
1565
2e58ef3e 1566 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1567 if (!cmd) {
1568 err = -ENOMEM;
1569 hci_conn_put(conn);
1570 goto unlock;
1571 }
1572
7a512d01 1573 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1574 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1575 conn->connect_cfm_cb = pairing_complete_cb;
1576
e9a416b5
JH		 1577 conn->security_cfm_cb = pairing_complete_cb;
1578 conn->disconn_cfm_cb = pairing_complete_cb;
1579 conn->io_capability = cp->io_cap;
1580 cmd->user_data = conn;
1581
1582 if (conn->state == BT_CONNECTED &&
1583 hci_conn_security(conn, sec_level, auth_type))
1584 pairing_complete(cmd, 0);
1585
1586 err = 0;
1587
1588unlock:
09fd0de5 1589 hci_dev_unlock(hdev);
e9a416b5
JH		 1590 hci_dev_put(hdev);
1591
1592 return err;
1593}
1594
0df4c185
BG		 1595static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
1596 u16 mgmt_op, u16 hci_op, __le32 passkey)
a5c29683 1597{
a5c29683
JH		 1598 struct pending_cmd *cmd;
1599 struct hci_dev *hdev;
0df4c185 1600 struct hci_conn *conn;
a5c29683
JH		 1601 int err;
1602
4e51eae9 1603 hdev = hci_dev_get(index);
a5c29683 1604 if (!hdev)
ca69b795
JH		 1605 return cmd_status(sk, index, mgmt_op,
1606 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1607
09fd0de5 1608 hci_dev_lock(hdev);
08ba5382 1609
a5c29683 1610 if (!test_bit(HCI_UP, &hdev->flags)) {
0df4c185
BG		 1611 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1612 goto done;
a5c29683
JH		 1613 }
1614
47c15e2b
BG		 1615 /*
1616 * Check for an existing ACL link, if present pair via
1617 * HCI commands.
1618 *
1619 * If no ACL link is present, check for an LE link and if
1620 * present, pair via the SMP engine.
1621 *
1622 * If neither ACL nor LE links are present, fail with error.
1623 */
1624 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1625 if (!conn) {
1626 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
1627 if (!conn) {
1628 err = cmd_status(sk, index, mgmt_op,
1629 MGMT_STATUS_NOT_CONNECTED);
1630 goto done;
1631 }
1632
1633 /* Continue with pairing via SMP */
5fe57d9e
BG		 1634 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1635
1636 if (!err)
1637 err = cmd_status(sk, index, mgmt_op,
1638 MGMT_STATUS_SUCCESS);
1639 else
1640 err = cmd_status(sk, index, mgmt_op,
1641 MGMT_STATUS_FAILED);
47c15e2b 1642
47c15e2b
BG		 1643 goto done;
1644 }
1645
0df4c185 1646 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 1647 if (!cmd) {
1648 err = -ENOMEM;
0df4c185 1649 goto done;
a5c29683
JH		 1650 }
1651
0df4c185 1652 /* Continue with pairing via HCI */
604086b7
BG		 1653 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1654 struct hci_cp_user_passkey_reply cp;
1655
1656 bacpy(&cp.bdaddr, bdaddr);
1657 cp.passkey = passkey;
1658 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1659 } else
1660 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1661
a664b5bc
JH		 1662 if (err < 0)
1663 mgmt_pending_remove(cmd);
a5c29683 1664
0df4c185 1665done:
09fd0de5 1666 hci_dev_unlock(hdev);
a5c29683
JH		 1667 hci_dev_put(hdev);
1668
1669 return err;
1670}
1671
0df4c185
BG		 1672static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
1673{
1674 struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1675
1676 BT_DBG("");
1677
1678 if (len != sizeof(*cp))
1679 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
1680 MGMT_STATUS_INVALID_PARAMS);
1681
1682 return user_pairing_resp(sk, index, &cp->bdaddr,
1683 MGMT_OP_USER_CONFIRM_REPLY,
1684 HCI_OP_USER_CONFIRM_REPLY, 0);
1685}
1686
1687static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
1688 u16 len)
1689{
c9c2659f 1690 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 1691
1692 BT_DBG("");
1693
1694 if (len != sizeof(*cp))
1695 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
1696 MGMT_STATUS_INVALID_PARAMS);
1697
1698 return user_pairing_resp(sk, index, &cp->bdaddr,
1699 MGMT_OP_USER_CONFIRM_NEG_REPLY,
1700 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
1701}
1702
604086b7
BG		 1703static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
1704{
1705 struct mgmt_cp_user_passkey_reply *cp = (void *) data;
1706
1707 BT_DBG("");
1708
1709 if (len != sizeof(*cp))
1710 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
1711 EINVAL);
1712
1713 return user_pairing_resp(sk, index, &cp->bdaddr,
1714 MGMT_OP_USER_PASSKEY_REPLY,
1715 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
1716}
1717
1718static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
1719 u16 len)
1720{
1721 struct mgmt_cp_user_passkey_neg_reply *cp = (void *) data;
1722
1723 BT_DBG("");
1724
1725 if (len != sizeof(*cp))
1726 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
1727 EINVAL);
1728
1729 return user_pairing_resp(sk, index, &cp->bdaddr,
1730 MGMT_OP_USER_PASSKEY_NEG_REPLY,
1731 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
1732}
1733
b312b161
JH		 1734static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1735 u16 len)
1736{
1737 struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1738 struct hci_cp_write_local_name hci_cp;
1739 struct hci_dev *hdev;
1740 struct pending_cmd *cmd;
1741 int err;
1742
1743 BT_DBG("");
1744
1745 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 1746 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1747 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 1748
1749 hdev = hci_dev_get(index);
1750 if (!hdev)
ca69b795
JH		 1751 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
1752 MGMT_STATUS_INVALID_PARAMS);
b312b161 1753
09fd0de5 1754 hci_dev_lock(hdev);
b312b161 1755
2e58ef3e 1756 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 1757 if (!cmd) {
1758 err = -ENOMEM;
1759 goto failed;
1760 }
1761
1762 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1763 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1764 &hci_cp);
1765 if (err < 0)
1766 mgmt_pending_remove(cmd);
1767
1768failed:
09fd0de5 1769 hci_dev_unlock(hdev);
b312b161
JH		 1770 hci_dev_put(hdev);
1771
1772 return err;
1773}
1774
c35938b2
SJ		 1775static int read_local_oob_data(struct sock *sk, u16 index)
1776{
1777 struct hci_dev *hdev;
1778 struct pending_cmd *cmd;
1779 int err;
1780
1781 BT_DBG("hci%u", index);
1782
1783 hdev = hci_dev_get(index);
1784 if (!hdev)
1785 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1786 MGMT_STATUS_INVALID_PARAMS);
c35938b2 1787
09fd0de5 1788 hci_dev_lock(hdev);
c35938b2
SJ		 1789
1790 if (!test_bit(HCI_UP, &hdev->flags)) {
1791 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1792 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 1793 goto unlock;
1794 }
1795
1796 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1797 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 1798 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 1799 goto unlock;
1800 }
1801
2e58ef3e 1802 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 1803 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1804 MGMT_STATUS_BUSY);
c35938b2
SJ		 1805 goto unlock;
1806 }
1807
2e58ef3e 1808 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 1809 if (!cmd) {
1810 err = -ENOMEM;
1811 goto unlock;
1812 }
1813
1814 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1815 if (err < 0)
1816 mgmt_pending_remove(cmd);
1817
1818unlock:
09fd0de5 1819 hci_dev_unlock(hdev);
c35938b2
SJ		 1820 hci_dev_put(hdev);
1821
1822 return err;
1823}
1824
2763eda6
SJ		 1825static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1826 u16 len)
1827{
1828 struct hci_dev *hdev;
1829 struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1830 int err;
1831
1832 BT_DBG("hci%u ", index);
1833
1834 if (len != sizeof(*cp))
1835 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1836 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1837
1838 hdev = hci_dev_get(index);
1839 if (!hdev)
1840 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 1841 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1842
09fd0de5 1843 hci_dev_lock(hdev);
2763eda6
SJ		 1844
1845 err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1846 cp->randomizer);
1847 if (err < 0)
ca69b795
JH		 1848 err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1849 MGMT_STATUS_FAILED);
2763eda6
SJ		 1850 else
1851 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1852 0);
1853
09fd0de5 1854 hci_dev_unlock(hdev);
2763eda6
SJ		 1855 hci_dev_put(hdev);
1856
1857 return err;
1858}
1859
1860static int remove_remote_oob_data(struct sock *sk, u16 index,
1861 unsigned char *data, u16 len)
1862{
1863 struct hci_dev *hdev;
1864 struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1865 int err;
1866
1867 BT_DBG("hci%u ", index);
1868
1869 if (len != sizeof(*cp))
1870 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1871 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1872
1873 hdev = hci_dev_get(index);
1874 if (!hdev)
1875 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1876 MGMT_STATUS_INVALID_PARAMS);
2763eda6 1877
09fd0de5 1878 hci_dev_lock(hdev);
2763eda6
SJ		 1879
1880 err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1881 if (err < 0)
1882 err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 1883 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 1884 else
1885 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1886 NULL, 0);
1887
09fd0de5 1888 hci_dev_unlock(hdev);
2763eda6
SJ		 1889 hci_dev_put(hdev);
1890
1891 return err;
1892}
1893
450dfdaf
JH		 1894static int start_discovery(struct sock *sk, u16 index,
1895 unsigned char *data, u16 len)
14a53664 1896{
450dfdaf 1897 struct mgmt_cp_start_discovery *cp = (void *) data;
14a53664
JH		 1898 struct pending_cmd *cmd;
1899 struct hci_dev *hdev;
1900 int err;
1901
1902 BT_DBG("hci%u", index);
1903
450dfdaf
JH		 1904 if (len != sizeof(*cp))
1905 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1906 MGMT_STATUS_INVALID_PARAMS);
1907
14a53664
JH		 1908 hdev = hci_dev_get(index);
1909 if (!hdev)
ca69b795
JH		 1910 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1911 MGMT_STATUS_INVALID_PARAMS);
14a53664 1912
09fd0de5 1913 hci_dev_lock(hdev);
14a53664 1914
bd2d1334 1915 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1916 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1917 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 1918 goto failed;
1919 }
1920
ff9ef578
JH		 1921 if (hdev->discovery.state != DISCOVERY_STOPPED) {
1922 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
1923 MGMT_STATUS_BUSY);
1924 goto failed;
1925 }
1926
2e58ef3e 1927 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1928 if (!cmd) {
1929 err = -ENOMEM;
1930 goto failed;
1931 }
1932
2519a1fc 1933 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
14a53664
JH		 1934 if (err < 0)
1935 mgmt_pending_remove(cmd);
ff9ef578
JH		 1936 else
1937 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 1938
1939failed:
09fd0de5 1940 hci_dev_unlock(hdev);
14a53664
JH		 1941 hci_dev_put(hdev);
1942
1943 return err;
1944}
1945
1946static int stop_discovery(struct sock *sk, u16 index)
1947{
1948 struct hci_dev *hdev;
1949 struct pending_cmd *cmd;
30dc78e1
JH		 1950 struct hci_cp_remote_name_req_cancel cp;
1951 struct inquiry_entry *e;
14a53664
JH		 1952 int err;
1953
1954 BT_DBG("hci%u", index);
1955
1956 hdev = hci_dev_get(index);
1957 if (!hdev)
ca69b795
JH		 1958 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1959 MGMT_STATUS_INVALID_PARAMS);
14a53664 1960
09fd0de5 1961 hci_dev_lock(hdev);
14a53664 1962
30dc78e1 1963 if (!hci_discovery_active(hdev)) {
ff9ef578
JH		 1964 err = cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
1965 MGMT_STATUS_REJECTED);
30dc78e1 1966 goto unlock;
ff9ef578
JH		 1967 }
1968
2e58ef3e 1969 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 1970 if (!cmd) {
1971 err = -ENOMEM;
30dc78e1
JH		 1972 goto unlock;
1973 }
1974
1975 if (hdev->discovery.state == DISCOVERY_INQUIRY) {
1976 err = hci_cancel_inquiry(hdev);
1977 if (err < 0)
1978 mgmt_pending_remove(cmd);
1979 else
1980 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1981 goto unlock;
1982 }
1983
1984 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
1985 if (!e) {
1986 mgmt_pending_remove(cmd);
1987 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, NULL, 0);
1988 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1989 goto unlock;
14a53664
JH		 1990 }
1991
30dc78e1
JH		 1992 bacpy(&cp.bdaddr, &e->data.bdaddr);
1993 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
1994 sizeof(cp), &cp);
14a53664
JH		 1995 if (err < 0)
1996 mgmt_pending_remove(cmd);
ff9ef578
JH		 1997 else
1998 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 1999
30dc78e1 2000unlock:
09fd0de5 2001 hci_dev_unlock(hdev);
14a53664
JH		 2002 hci_dev_put(hdev);
2003
2004 return err;
2005}
2006
561aafbc
JH		 2007static int confirm_name(struct sock *sk, u16 index, unsigned char *data,
2008 u16 len)
2009{
2010 struct mgmt_cp_confirm_name *cp = (void *) data;
2011 struct inquiry_entry *e;
2012 struct hci_dev *hdev;
2013 int err;
2014
2015 BT_DBG("hci%u", index);
2016
2017 if (len != sizeof(*cp))
2018 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2019 MGMT_STATUS_INVALID_PARAMS);
2020
2021 hdev = hci_dev_get(index);
2022 if (!hdev)
2023 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2024 MGMT_STATUS_INVALID_PARAMS);
2025
2026 hci_dev_lock(hdev);
2027
30dc78e1
JH		 2028 if (!hci_discovery_active(hdev)) {
2029 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2030 MGMT_STATUS_FAILED);
2031 goto failed;
2032 }
2033
561aafbc
JH		 2034 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->bdaddr);
2035 if (!e) {
2036 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2037 MGMT_STATUS_INVALID_PARAMS);
2038 goto failed;
2039 }
2040
2041 if (cp->name_known) {
2042 e->name_state = NAME_KNOWN;
2043 list_del(&e->list);
2044 } else {
2045 e->name_state = NAME_NEEDED;
a3d4e20a 2046 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2047 }
2048
2049 err = 0;
2050
2051failed:
2052 hci_dev_unlock(hdev);
2053
2054 return err;
2055}
2056
7fbec224
AJ		 2057static int block_device(struct sock *sk, u16 index, unsigned char *data,
2058 u16 len)
2059{
2060 struct hci_dev *hdev;
5e762444 2061 struct mgmt_cp_block_device *cp = (void *) data;
7fbec224
AJ		 2062 int err;
2063
2064 BT_DBG("hci%u", index);
2065
7fbec224
AJ		 2066 if (len != sizeof(*cp))
2067 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2068 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2069
2070 hdev = hci_dev_get(index);
2071 if (!hdev)
2072 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2073 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2074
09fd0de5 2075 hci_dev_lock(hdev);
5e762444 2076
7fbec224 2077 err = hci_blacklist_add(hdev, &cp->bdaddr);
7fbec224 2078 if (err < 0)
ca69b795
JH		 2079 err = cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
2080 MGMT_STATUS_FAILED);
7fbec224
AJ		 2081 else
2082 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2083 NULL, 0);
5e762444 2084
09fd0de5 2085 hci_dev_unlock(hdev);
7fbec224
AJ		 2086 hci_dev_put(hdev);
2087
2088 return err;
2089}
2090
2091static int unblock_device(struct sock *sk, u16 index, unsigned char *data,
2092 u16 len)
2093{
2094 struct hci_dev *hdev;
5e762444 2095 struct mgmt_cp_unblock_device *cp = (void *) data;
7fbec224
AJ		 2096 int err;
2097
2098 BT_DBG("hci%u", index);
2099
7fbec224
AJ		 2100 if (len != sizeof(*cp))
2101 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2102 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2103
2104 hdev = hci_dev_get(index);
2105 if (!hdev)
2106 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2107 MGMT_STATUS_INVALID_PARAMS);
7fbec224 2108
09fd0de5 2109 hci_dev_lock(hdev);
5e762444 2110
7fbec224
AJ		 2111 err = hci_blacklist_del(hdev, &cp->bdaddr);
2112
2113 if (err < 0)
ca69b795
JH		 2114 err = cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2115 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2116 else
2117 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2118 NULL, 0);
5e762444 2119
09fd0de5 2120 hci_dev_unlock(hdev);
7fbec224
AJ		 2121 hci_dev_put(hdev);
2122
2123 return err;
2124}
2125
f6422ec6
AJ		 2126static int set_fast_connectable(struct sock *sk, u16 index,
2127 unsigned char *data, u16 len)
2128{
2129 struct hci_dev *hdev;
f7c6869c 2130 struct mgmt_mode *cp = (void *) data;
f6422ec6
AJ		 2131 struct hci_cp_write_page_scan_activity acp;
2132 u8 type;
2133 int err;
2134
2135 BT_DBG("hci%u", index);
2136
2137 if (len != sizeof(*cp))
2138 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2139 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2140
2141 hdev = hci_dev_get(index);
2142 if (!hdev)
2143 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2144 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2145
2146 hci_dev_lock(hdev);
2147
f7c6869c 2148 if (cp->val) {
f6422ec6
AJ		 2149 type = PAGE_SCAN_TYPE_INTERLACED;
2150 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2151 } else {
2152 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2153 acp.interval = 0x0800; /* default 1.28 sec page scan */
2154 }
2155
2156 acp.window = 0x0012; /* default 11.25 msec page scan window */
2157
2158 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2159 sizeof(acp), &acp);
2160 if (err < 0) {
2161 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2162 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2163 goto done;
2164 }
2165
2166 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2167 if (err < 0) {
2168 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2169 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2170 goto done;
2171 }
2172
2173 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2174 NULL, 0);
2175done:
2176 hci_dev_unlock(hdev);
2177 hci_dev_put(hdev);
2178
2179 return err;
2180}
2181
0381101f
JH		 2182int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2183{
2184 unsigned char *buf;
2185 struct mgmt_hdr *hdr;
4e51eae9 2186 u16 opcode, index, len;
0381101f
JH		 2187 int err;
2188
2189 BT_DBG("got %zu bytes", msglen);
2190
2191 if (msglen < sizeof(*hdr))
2192 return -EINVAL;
2193
e63a15ec 2194 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2195 if (!buf)
2196 return -ENOMEM;
2197
2198 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2199 err = -EFAULT;
2200 goto done;
2201 }
2202
2203 hdr = (struct mgmt_hdr *) buf;
2204 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2205 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2206 len = get_unaligned_le16(&hdr->len);
2207
2208 if (len != msglen - sizeof(*hdr)) {
2209 err = -EINVAL;
2210 goto done;
2211 }
2212
2213 switch (opcode) {
02d98129
JH		 2214 case MGMT_OP_READ_VERSION:
2215 err = read_version(sk);
2216 break;
faba42eb
JH		 2217 case MGMT_OP_READ_INDEX_LIST:
2218 err = read_index_list(sk);
2219 break;
f7b64e69 2220 case MGMT_OP_READ_INFO:
4e51eae9 2221 err = read_controller_info(sk, index);
f7b64e69 2222 break;
eec8d2bc 2223 case MGMT_OP_SET_POWERED:
4e51eae9 2224 err = set_powered(sk, index, buf + sizeof(*hdr), len);
eec8d2bc 2225 break;
73f22f62 2226 case MGMT_OP_SET_DISCOVERABLE:
4e51eae9 2227 err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
73f22f62 2228 break;
9fbcbb45 2229 case MGMT_OP_SET_CONNECTABLE:
4e51eae9 2230 err = set_connectable(sk, index, buf + sizeof(*hdr), len);
9fbcbb45 2231 break;
f7c6869c
JH		 2232 case MGMT_OP_SET_FAST_CONNECTABLE:
2233 err = set_fast_connectable(sk, index, buf + sizeof(*hdr),
2234 len);
2235 break;
c542a06c 2236 case MGMT_OP_SET_PAIRABLE:
4e51eae9 2237 err = set_pairable(sk, index, buf + sizeof(*hdr), len);
c542a06c 2238 break;
2aeb9a1a 2239 case MGMT_OP_ADD_UUID:
4e51eae9 2240 err = add_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a
JH		 2241 break;
2242 case MGMT_OP_REMOVE_UUID:
4e51eae9 2243 err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
2aeb9a1a 2244 break;
1aff6f09 2245 case MGMT_OP_SET_DEV_CLASS:
4e51eae9 2246 err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1aff6f09 2247 break;
86742e1e
JH		 2248 case MGMT_OP_LOAD_LINK_KEYS:
2249 err = load_link_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 2250 break;
86742e1e
JH		 2251 case MGMT_OP_REMOVE_KEYS:
2252 err = remove_keys(sk, index, buf + sizeof(*hdr), len);
55ed8ca1 2253 break;
8962ee74 2254 case MGMT_OP_DISCONNECT:
4e51eae9 2255 err = disconnect(sk, index, buf + sizeof(*hdr), len);
8962ee74 2256 break;
2784eb41 2257 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2258 err = get_connections(sk, index);
2784eb41 2259 break;
980e1a53 2260 case MGMT_OP_PIN_CODE_REPLY:
4e51eae9 2261 err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53
JH		 2262 break;
2263 case MGMT_OP_PIN_CODE_NEG_REPLY:
4e51eae9 2264 err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
980e1a53 2265 break;
17fa4b9d 2266 case MGMT_OP_SET_IO_CAPABILITY:
4e51eae9 2267 err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
17fa4b9d 2268 break;
e9a416b5 2269 case MGMT_OP_PAIR_DEVICE:
4e51eae9 2270 err = pair_device(sk, index, buf + sizeof(*hdr), len);
e9a416b5 2271 break;
a5c29683 2272 case MGMT_OP_USER_CONFIRM_REPLY:
0df4c185 2273 err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len);
a5c29683
JH		 2274 break;
2275 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
0df4c185
BG		 2276 err = user_confirm_neg_reply(sk, index, buf + sizeof(*hdr),
2277 len);
a5c29683 2278 break;
604086b7
BG		 2279 case MGMT_OP_USER_PASSKEY_REPLY:
2280 err = user_passkey_reply(sk, index, buf + sizeof(*hdr), len);
2281 break;
2282 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2283 err = user_passkey_neg_reply(sk, index, buf + sizeof(*hdr),
2284 len);
a5c29683 2285 break;
b312b161
JH		 2286 case MGMT_OP_SET_LOCAL_NAME:
2287 err = set_local_name(sk, index, buf + sizeof(*hdr), len);
2288 break;
c35938b2
SJ		 2289 case MGMT_OP_READ_LOCAL_OOB_DATA:
2290 err = read_local_oob_data(sk, index);
2291 break;
2763eda6
SJ		 2292 case MGMT_OP_ADD_REMOTE_OOB_DATA:
2293 err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
2294 break;
2295 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
2296 err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
2297 len);
2298 break;
14a53664 2299 case MGMT_OP_START_DISCOVERY:
450dfdaf 2300 err = start_discovery(sk, index, buf + sizeof(*hdr), len);
14a53664
JH		 2301 break;
2302 case MGMT_OP_STOP_DISCOVERY:
2303 err = stop_discovery(sk, index);
2304 break;
561aafbc
JH		 2305 case MGMT_OP_CONFIRM_NAME:
2306 err = confirm_name(sk, index, buf + sizeof(*hdr), len);
2307 break;
7fbec224
AJ		 2308 case MGMT_OP_BLOCK_DEVICE:
2309 err = block_device(sk, index, buf + sizeof(*hdr), len);
2310 break;
2311 case MGMT_OP_UNBLOCK_DEVICE:
2312 err = unblock_device(sk, index, buf + sizeof(*hdr), len);
2313 break;
0381101f
JH		 2314 default:
2315 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2316 err = cmd_status(sk, index, opcode,
2317 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2318 break;
2319 }
2320
e41d8b4e
JH		 2321 if (err < 0)
2322 goto done;
2323
0381101f
JH		 2324 err = msglen;
2325
2326done:
2327 kfree(buf);
2328 return err;
2329}
c71e97bf 2330
b24752fe
JH		 2331static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2332{
2333 u8 *status = data;
2334
2335 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2336 mgmt_pending_remove(cmd);
2337}
2338
744cf19e 2339int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2340{
744cf19e 2341 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2342}
2343
744cf19e 2344int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2345{
b24752fe
JH		 2346 u8 status = ENODEV;
2347
744cf19e 2348 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2349
744cf19e 2350 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2351}
2352
73f22f62 2353struct cmd_lookup {
72a734ec 2354 u8 val;
eec8d2bc 2355 struct sock *sk;
69ab39ea 2356 struct hci_dev *hdev;
eec8d2bc
JH		 2357};
2358
69ab39ea 2359static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2360{
73f22f62 2361 struct cmd_lookup *match = data;
eec8d2bc 2362
69ab39ea 2363 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2364
2365 list_del(&cmd->list);
2366
2367 if (match->sk == NULL) {
2368 match->sk = cmd->sk;
2369 sock_hold(match->sk);
2370 }
2371
2372 mgmt_pending_free(cmd);
c71e97bf 2373}
5add6af8 2374
744cf19e 2375int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2376{
69ab39ea
JH		 2377 struct cmd_lookup match = { powered, NULL, hdev };
2378 __le32 ev;
eec8d2bc 2379 int ret;
5add6af8 2380
69ab39ea 2381 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2382
b24752fe
JH		 2383 if (!powered) {
2384 u8 status = ENETDOWN;
744cf19e 2385 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2386 }
2387
69ab39ea 2388 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2389
69ab39ea
JH		 2390 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
2391 match.sk);
eec8d2bc
JH		 2392
2393 if (match.sk)
2394 sock_put(match.sk);
2395
2396 return ret;
5add6af8 2397}
73f22f62 2398
744cf19e 2399int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2400{
69ab39ea
JH		 2401 struct cmd_lookup match = { discoverable, NULL, hdev };
2402 __le32 ev;
73f22f62
JH		 2403 int ret;
2404
69ab39ea 2405 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2406
69ab39ea 2407 ev = cpu_to_le32(get_current_settings(hdev));
73f22f62 2408
69ab39ea 2409 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2410 match.sk);
73f22f62
JH		 2411 if (match.sk)
2412 sock_put(match.sk);
2413
2414 return ret;
2415}
9fbcbb45 2416
744cf19e 2417int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2418{
69ab39ea
JH		 2419 __le32 ev;
2420 struct cmd_lookup match = { connectable, NULL, hdev };
9fbcbb45
JH		 2421 int ret;
2422
69ab39ea
JH		 2423 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2424 &match);
9fbcbb45 2425
69ab39ea 2426 ev = cpu_to_le32(get_current_settings(hdev));
9fbcbb45 2427
69ab39ea 2428 ret = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2429
2430 if (match.sk)
2431 sock_put(match.sk);
2432
2433 return ret;
2434}
55ed8ca1 2435
744cf19e 2436int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2437{
ca69b795
JH		 2438 u8 mgmt_err = mgmt_status(status);
2439
2d7cee58 2440 if (scan & SCAN_PAGE)
744cf19e 2441 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2442 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2443
2444 if (scan & SCAN_INQUIRY)
744cf19e 2445 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2446 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2447
2448 return 0;
2449}
2450
744cf19e
JH		 2451int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2452 u8 persistent)
55ed8ca1 2453{
86742e1e 2454 struct mgmt_ev_new_link_key ev;
55ed8ca1 2455
a492cd52 2456 memset(&ev, 0, sizeof(ev));
55ed8ca1 2457
a492cd52
VCG		 2458 ev.store_hint = persistent;
2459 bacpy(&ev.key.bdaddr, &key->bdaddr);
2460 ev.key.type = key->type;
2461 memcpy(ev.key.val, key->val, 16);
2462 ev.key.pin_len = key->pin_len;
55ed8ca1 2463
744cf19e 2464 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2465}
f7520543 2466
48264f06
JH		 2467int mgmt_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2468 u8 addr_type)
f7520543 2469{
4c659c39 2470 struct mgmt_addr_info ev;
f7520543 2471
f7520543 2472 bacpy(&ev.bdaddr, bdaddr);
48264f06 2473 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2474
744cf19e 2475 return mgmt_event(MGMT_EV_CONNECTED, hdev, &ev, sizeof(ev), NULL);
f7520543
JH		 2476}
2477
8962ee74
JH		 2478static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2479{
c68fb7ff 2480 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2481 struct sock **sk = data;
a38528f1 2482 struct mgmt_rp_disconnect rp;
8962ee74 2483
a38528f1 2484 bacpy(&rp.bdaddr, &cp->bdaddr);
37d9ef76 2485 rp.status = 0;
8962ee74 2486
4e51eae9 2487 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
8962ee74
JH		 2488
2489 *sk = cmd->sk;
2490 sock_hold(*sk);
2491
a664b5bc 2492 mgmt_pending_remove(cmd);
8962ee74
JH		 2493}
2494
a8a1d19e
JH		 2495static void remove_keys_rsp(struct pending_cmd *cmd, void *data)
2496{
2497 u8 *status = data;
2498 struct mgmt_cp_remove_keys *cp = cmd->param;
2499 struct mgmt_rp_remove_keys rp;
2500
2501 memset(&rp, 0, sizeof(rp));
2502 bacpy(&rp.bdaddr, &cp->bdaddr);
2503 if (status != NULL)
2504 rp.status = *status;
2505
2506 cmd_complete(cmd->sk, cmd->index, MGMT_OP_REMOVE_KEYS, &rp,
2507 sizeof(rp));
2508
2509 mgmt_pending_remove(cmd);
2510}
2511
48264f06
JH		 2512int mgmt_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2513 u8 addr_type)
f7520543 2514{
4c659c39 2515 struct mgmt_addr_info ev;
8962ee74
JH		 2516 struct sock *sk = NULL;
2517 int err;
2518
744cf19e 2519 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2520
f7520543 2521 bacpy(&ev.bdaddr, bdaddr);
48264f06 2522 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2523
744cf19e 2524 err = mgmt_event(MGMT_EV_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 2525
2526 if (sk)
2527 sock_put(sk);
2528
a8a1d19e
JH		 2529 mgmt_pending_foreach(MGMT_OP_REMOVE_KEYS, hdev, remove_keys_rsp, NULL);
2530
8962ee74
JH		 2531 return err;
2532}
2533
37d9ef76 2534int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
8962ee74
JH		 2535{
2536 struct pending_cmd *cmd;
ca69b795 2537 u8 mgmt_err = mgmt_status(status);
8962ee74
JH		 2538 int err;
2539
2e58ef3e 2540 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 2541 if (!cmd)
2542 return -ENOENT;
2543
37d9ef76
JH		 2544 if (bdaddr) {
2545 struct mgmt_rp_disconnect rp;
2546
2547 bacpy(&rp.bdaddr, bdaddr);
2548 rp.status = status;
2549
2550 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
2551 &rp, sizeof(rp));
2552 } else
2553 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 2554 mgmt_err);
8962ee74 2555
a664b5bc 2556 mgmt_pending_remove(cmd);
8962ee74
JH		 2557
2558 return err;
f7520543 2559}
17d5c04c 2560
48264f06
JH		 2561int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2562 u8 addr_type, u8 status)
17d5c04c
JH		 2563{
2564 struct mgmt_ev_connect_failed ev;
2565
4c659c39 2566 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2567 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 2568 ev.status = mgmt_status(status);
17d5c04c 2569
744cf19e 2570 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 2571}
980e1a53 2572
744cf19e 2573int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 2574{
2575 struct mgmt_ev_pin_code_request ev;
2576
980e1a53 2577 bacpy(&ev.bdaddr, bdaddr);
a770bb5a 2578 ev.secure = secure;
980e1a53 2579
744cf19e 2580 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2581 NULL);
980e1a53
JH		 2582}
2583
744cf19e
JH		 2584int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2585 u8 status)
980e1a53
JH		 2586{
2587 struct pending_cmd *cmd;
ac56fb13 2588 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2589 int err;
2590
2e58ef3e 2591 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 2592 if (!cmd)
2593 return -ENOENT;
2594
ac56fb13 2595 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2596 rp.status = mgmt_status(status);
ac56fb13 2597
744cf19e 2598 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY, &rp,
4e51eae9 2599 sizeof(rp));
980e1a53 2600
a664b5bc 2601 mgmt_pending_remove(cmd);
980e1a53
JH		 2602
2603 return err;
2604}
2605
744cf19e
JH		 2606int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2607 u8 status)
980e1a53
JH		 2608{
2609 struct pending_cmd *cmd;
ac56fb13 2610 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 2611 int err;
2612
2e58ef3e 2613 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 2614 if (!cmd)
2615 return -ENOENT;
2616
ac56fb13 2617 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2618 rp.status = mgmt_status(status);
ac56fb13 2619
744cf19e 2620 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
4e51eae9 2621 sizeof(rp));
980e1a53 2622
a664b5bc 2623 mgmt_pending_remove(cmd);
980e1a53
JH		 2624
2625 return err;
2626}
a5c29683 2627
744cf19e
JH		 2628int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
2629 __le32 value, u8 confirm_hint)
a5c29683
JH		 2630{
2631 struct mgmt_ev_user_confirm_request ev;
2632
744cf19e 2633 BT_DBG("%s", hdev->name);
a5c29683 2634
a5c29683 2635 bacpy(&ev.bdaddr, bdaddr);
55bc1a37 2636 ev.confirm_hint = confirm_hint;
a5c29683
JH		 2637 put_unaligned_le32(value, &ev.value);
2638
744cf19e 2639 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 2640 NULL);
a5c29683
JH		 2641}
2642
604086b7
BG		 2643int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr)
2644{
2645 struct mgmt_ev_user_passkey_request ev;
2646
2647 BT_DBG("%s", hdev->name);
2648
2649 bacpy(&ev.bdaddr, bdaddr);
2650
2651 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
2652 NULL);
2653}
2654
0df4c185 2655static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
744cf19e 2656 u8 status, u8 opcode)
a5c29683
JH		 2657{
2658 struct pending_cmd *cmd;
2659 struct mgmt_rp_user_confirm_reply rp;
2660 int err;
2661
2e58ef3e 2662 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 2663 if (!cmd)
2664 return -ENOENT;
2665
a5c29683 2666 bacpy(&rp.bdaddr, bdaddr);
ca69b795 2667 rp.status = mgmt_status(status);
744cf19e 2668 err = cmd_complete(cmd->sk, hdev->id, opcode, &rp, sizeof(rp));
a5c29683 2669
a664b5bc 2670 mgmt_pending_remove(cmd);
a5c29683
JH		 2671
2672 return err;
2673}
2674
744cf19e
JH		 2675int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2676 u8 status)
a5c29683 2677{
0df4c185 2678 return user_pairing_resp_complete(hdev, bdaddr, status,
a5c29683
JH		 2679 MGMT_OP_USER_CONFIRM_REPLY);
2680}
2681
744cf19e
JH		 2682int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev,
2683 bdaddr_t *bdaddr, u8 status)
a5c29683 2684{
0df4c185 2685 return user_pairing_resp_complete(hdev, bdaddr, status,
a5c29683
JH		 2686 MGMT_OP_USER_CONFIRM_NEG_REPLY);
2687}
2a611692 2688
604086b7
BG		 2689int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
2690 u8 status)
2691{
2692 return user_pairing_resp_complete(hdev, bdaddr, status,
2693 MGMT_OP_USER_PASSKEY_REPLY);
2694}
2695
2696int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev,
2697 bdaddr_t *bdaddr, u8 status)
2698{
2699 return user_pairing_resp_complete(hdev, bdaddr, status,
2700 MGMT_OP_USER_PASSKEY_NEG_REPLY);
2701}
2702
744cf19e 2703int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 status)
2a611692
JH		 2704{
2705 struct mgmt_ev_auth_failed ev;
2706
2a611692 2707 bacpy(&ev.bdaddr, bdaddr);
ca69b795 2708 ev.status = mgmt_status(status);
2a611692 2709
744cf19e 2710 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 2711}
b312b161 2712
744cf19e 2713int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 2714{
2715 struct pending_cmd *cmd;
2716 struct mgmt_cp_set_local_name ev;
2717 int err;
2718
2719 memset(&ev, 0, sizeof(ev));
2720 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2721
2e58ef3e 2722 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 2723 if (!cmd)
2724 goto send_event;
2725
2726 if (status) {
744cf19e 2727 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 2728 mgmt_status(status));
b312b161
JH		 2729 goto failed;
2730 }
2731
744cf19e 2732 update_eir(hdev);
80a1e1db 2733
744cf19e 2734 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, &ev,
b312b161
JH		 2735 sizeof(ev));
2736 if (err < 0)
2737 goto failed;
2738
2739send_event:
744cf19e 2740 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 2741 cmd ? cmd->sk : NULL);
2742
2743failed:
2744 if (cmd)
2745 mgmt_pending_remove(cmd);
2746 return err;
2747}
c35938b2 2748
744cf19e
JH		 2749int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
2750 u8 *randomizer, u8 status)
c35938b2
SJ		 2751{
2752 struct pending_cmd *cmd;
2753 int err;
2754
744cf19e 2755 BT_DBG("%s status %u", hdev->name, status);
c35938b2 2756
2e58ef3e 2757 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 2758 if (!cmd)
2759 return -ENOENT;
2760
2761 if (status) {
744cf19e 2762 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 2763 MGMT_OP_READ_LOCAL_OOB_DATA,
2764 mgmt_status(status));
c35938b2
SJ		 2765 } else {
2766 struct mgmt_rp_read_local_oob_data rp;
2767
2768 memcpy(rp.hash, hash, sizeof(rp.hash));
2769 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2770
744cf19e
JH		 2771 err = cmd_complete(cmd->sk, hdev->id,
2772 MGMT_OP_READ_LOCAL_OOB_DATA,
2773 &rp, sizeof(rp));
c35938b2
SJ		 2774 }
2775
2776 mgmt_pending_remove(cmd);
2777
2778 return err;
2779}
e17acd40 2780
48264f06 2781int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 2782 u8 addr_type, u8 *dev_class, s8 rssi,
7d262f86 2783 u8 cfm_name, u8 *eir, u8 eir_len)
e17acd40
JH		 2784{
2785 struct mgmt_ev_device_found ev;
2786
7d262f86
AG		 2787 if (eir_len > sizeof(ev.eir))
2788 return -EINVAL;
2789
e17acd40
JH		 2790 memset(&ev, 0, sizeof(ev));
2791
4c659c39 2792 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 2793 ev.addr.type = link_to_mgmt(link_type, addr_type);
e17acd40 2794 ev.rssi = rssi;
561aafbc 2795 ev.confirm_name = cfm_name;
e17acd40
JH		 2796
2797 if (eir)
7d262f86 2798 memcpy(ev.eir, eir, eir_len);
e17acd40 2799
f8523598
AG		 2800 if (dev_class)
2801 memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2802
744cf19e 2803 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, &ev, sizeof(ev), NULL);
e17acd40 2804}
a88a9652 2805
744cf19e 2806int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 *name)
a88a9652
JH		 2807{
2808 struct mgmt_ev_remote_name ev;
2809
2810 memset(&ev, 0, sizeof(ev));
2811
2812 bacpy(&ev.bdaddr, bdaddr);
2813 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2814
744cf19e 2815 return mgmt_event(MGMT_EV_REMOTE_NAME, hdev, &ev, sizeof(ev), NULL);
a88a9652 2816}
314b2381 2817
7a135109 2818int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 2819{
2820 struct pending_cmd *cmd;
2821 int err;
2822
2e58ef3e 2823 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 2824 if (!cmd)
2825 return -ENOENT;
2826
ca69b795 2827 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 2828 mgmt_pending_remove(cmd);
2829
2830 return err;
2831}
2832
e6d465cb
AG		 2833int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2834{
2835 struct pending_cmd *cmd;
2836 int err;
2837
2838 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2839 if (!cmd)
2840 return -ENOENT;
2841
e75a8b0c 2842 err = cmd_status(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status));
164a6e78
JH		 2843 mgmt_pending_remove(cmd);
2844
2845 return err;
2846}
2847
744cf19e 2848int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 2849{
164a6e78
JH		 2850 struct pending_cmd *cmd;
2851
2852 if (discovering)
2e58ef3e 2853 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 2854 else
2e58ef3e 2855 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 2856
2857 if (cmd != NULL) {
744cf19e 2858 cmd_complete(cmd->sk, hdev->id, cmd->opcode, NULL, 0);
164a6e78
JH		 2859 mgmt_pending_remove(cmd);
2860 }
2861
744cf19e 2862 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &discovering,
314b2381
JH		 2863 sizeof(discovering), NULL);
2864}
5e762444 2865
744cf19e 2866int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2867{
2868 struct pending_cmd *cmd;
2869 struct mgmt_ev_device_blocked ev;
2870
2e58ef3e 2871 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444
AJ		 2872
2873 bacpy(&ev.bdaddr, bdaddr);
2874
744cf19e
JH		 2875 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
2876 cmd ? cmd->sk : NULL);
5e762444
AJ		 2877}
2878
744cf19e 2879int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr)
5e762444
AJ		 2880{
2881 struct pending_cmd *cmd;
2882 struct mgmt_ev_device_unblocked ev;
2883
2e58ef3e 2884 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444
AJ		 2885
2886 bacpy(&ev.bdaddr, bdaddr);
2887
744cf19e
JH		 2888 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
2889 cmd ? cmd->sk : NULL);
5e762444 2890}
Linux 6.x block layer and io_uring tree(s)