projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Fix set_local_name and set_dev_class powered checks
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
56b7d137 267 return err;;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f0d4b78a 395 if (!test_bit(HCI_UP, &hdev->flags))
69ab39ea
JH		 396 return settings;
397
f0d4b78a
MH		 398 if (!test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
399 settings |= MGMT_SETTING_POWERED;
400
69ab39ea
JH		 401 if (test_bit(HCI_PSCAN, &hdev->flags))
402 settings |= MGMT_SETTING_CONNECTABLE;
403
404 if (test_bit(HCI_ISCAN, &hdev->flags))
405 settings |= MGMT_SETTING_DISCOVERABLE;
406
a8b2d5c2 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_PAIRABLE;
409
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
412
59e29406 413 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 414 settings |= MGMT_SETTING_LE;
415
416 if (test_bit(HCI_AUTH, &hdev->flags))
417 settings |= MGMT_SETTING_LINK_SECURITY;
418
84bde9d6 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_SSP;
421
6d80dfd0
JH		 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
69ab39ea
JH		 425 return settings;
426}
427
ef580372
JH		 428#define PNP_INFO_SVCLASS_ID 0x1200
429
430static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433};
434
435static u16 get_uuid16(u8 *uuid128)
436{
437 u32 val;
438 int i;
439
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
442 return 0;
443 }
444
445 memcpy(&val, &uuid128[12], 4);
446
447 val = le32_to_cpu(val);
448 if (val > 0xffff)
449 return 0;
450
451 return (u16) val;
452}
453
454static void create_eir(struct hci_dev *hdev, u8 *data)
455{
456 u8 *ptr = data;
457 u16 eir_len = 0;
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
461 size_t name_len;
462
463 name_len = strlen(hdev->dev_name);
464
465 if (name_len > 0) {
466 /* EIR Data type */
467 if (name_len > 48) {
468 name_len = 48;
469 ptr[1] = EIR_NAME_SHORT;
470 } else
471 ptr[1] = EIR_NAME_COMPLETE;
472
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
475
476 memcpy(ptr + 2, hdev->dev_name, name_len);
477
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
480 }
481
482 memset(uuid16_list, 0, sizeof(uuid16_list));
483
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 u16 uuid16;
487
488 uuid16 = get_uuid16(uuid->uuid);
489 if (uuid16 == 0)
490 return;
491
492 if (uuid16 < 0x1100)
493 continue;
494
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 continue;
497
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
500 truncated = 1;
501 break;
502 }
503
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
507 break;
508
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
512 }
513 }
514
515 if (uuid16_list[0] != 0) {
516 u8 *length = ptr;
517
518 /* EIR Data type */
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
520
521 ptr += 2;
522 eir_len += 2;
523
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
527 }
528
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
531 }
532}
533
534static int update_eir(struct hci_dev *hdev)
535{
536 struct hci_cp_write_eir cp;
537
538 if (!(hdev->features[6] & LMP_EXT_INQ))
539 return 0;
540
84bde9d6 541 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
a8b2d5c2 544 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 545 return 0;
546
547 memset(&cp, 0, sizeof(cp));
548
549 create_eir(hdev, cp.data);
550
551 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
552 return 0;
553
554 memcpy(hdev->eir, cp.data, sizeof(cp.data));
555
556 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
557}
558
559static u8 get_service_classes(struct hci_dev *hdev)
560{
561 struct bt_uuid *uuid;
562 u8 val = 0;
563
564 list_for_each_entry(uuid, &hdev->uuids, list)
565 val |= uuid->svc_hint;
566
567 return val;
568}
569
570static int update_class(struct hci_dev *hdev)
571{
572 u8 cod[3];
573
574 BT_DBG("%s", hdev->name);
575
a8b2d5c2 576 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 577 return 0;
578
579 cod[0] = hdev->minor_class;
580 cod[1] = hdev->major_class;
581 cod[2] = get_service_classes(hdev);
582
583 if (memcmp(cod, hdev->dev_class, 3) == 0)
584 return 0;
585
586 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
587}
588
7d78525d
JH		 589static void service_cache_off(struct work_struct *work)
590{
591 struct hci_dev *hdev = container_of(work, struct hci_dev,
592 service_cache.work);
593
a8b2d5c2 594 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 595 return;
596
597 hci_dev_lock(hdev);
598
599 update_eir(hdev);
600 update_class(hdev);
601
602 hci_dev_unlock(hdev);
603}
604
605static void mgmt_init_hdev(struct hci_dev *hdev)
606{
a8b2d5c2 607 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
7d78525d
JH		 608 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
609
a8b2d5c2 610 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 611 schedule_delayed_work(&hdev->service_cache,
612 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
613}
614
4e51eae9 615static int read_controller_info(struct sock *sk, u16 index)
0381101f 616{
a38528f1 617 struct mgmt_rp_read_info rp;
f7b64e69 618 struct hci_dev *hdev;
0381101f 619
4e51eae9 620 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 621
4e51eae9 622 hdev = hci_dev_get(index);
a38528f1 623 if (!hdev)
ca69b795
JH		 624 return cmd_status(sk, index, MGMT_OP_READ_INFO,
625 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 626
09fd0de5 627 hci_dev_lock(hdev);
f7b64e69 628
7d78525d
JH		 629 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
630 mgmt_init_hdev(hdev);
ebc99feb 631
dc4fe30b
JH		 632 memset(&rp, 0, sizeof(rp));
633
69ab39ea 634 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 635
69ab39ea 636 rp.version = hdev->hci_ver;
f7b64e69 637
69ab39ea
JH		 638 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
639
640 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
641 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 642
a38528f1 643 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 644
dc4fe30b
JH		 645 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
646
09fd0de5 647 hci_dev_unlock(hdev);
f7b64e69 648 hci_dev_put(hdev);
0381101f 649
aee9b218 650 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 651}
652
eec8d2bc
JH		 653static void mgmt_pending_free(struct pending_cmd *cmd)
654{
655 sock_put(cmd->sk);
c68fb7ff 656 kfree(cmd->param);
eec8d2bc
JH		 657 kfree(cmd);
658}
659
366a0336 660static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 661 struct hci_dev *hdev,
662 void *data, u16 len)
eec8d2bc
JH		 663{
664 struct pending_cmd *cmd;
665
666 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
667 if (!cmd)
366a0336 668 return NULL;
eec8d2bc
JH		 669
670 cmd->opcode = opcode;
2e58ef3e 671 cmd->index = hdev->id;
eec8d2bc 672
c68fb7ff
SJ		 673 cmd->param = kmalloc(len, GFP_ATOMIC);
674 if (!cmd->param) {
eec8d2bc 675 kfree(cmd);
366a0336 676 return NULL;
eec8d2bc
JH		 677 }
678
8fce6357
SJ		 679 if (data)
680 memcpy(cmd->param, data, len);
eec8d2bc
JH		 681
682 cmd->sk = sk;
683 sock_hold(sk);
684
2e58ef3e 685 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 686
366a0336 687 return cmd;
eec8d2bc
JH		 688}
689
744cf19e 690static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 691 void (*cb)(struct pending_cmd *cmd, void *data),
692 void *data)
693{
694 struct list_head *p, *n;
695
2e58ef3e 696 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 697 struct pending_cmd *cmd;
698
699 cmd = list_entry(p, struct pending_cmd, list);
700
b24752fe 701 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 702 continue;
703
eec8d2bc
JH		 704 cb(cmd, data);
705 }
706}
707
2e58ef3e 708static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 709{
8035ded4 710 struct pending_cmd *cmd;
eec8d2bc 711
2e58ef3e 712 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 713 if (cmd->opcode == opcode)
714 return cmd;
eec8d2bc
JH		 715 }
716
717 return NULL;
718}
719
a664b5bc 720static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 721{
73f22f62
JH		 722 list_del(&cmd->list);
723 mgmt_pending_free(cmd);
724}
725
69ab39ea 726static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 727{
69ab39ea 728 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 729
aee9b218
JH		 730 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
731 sizeof(settings));
8680570b
JH		 732}
733
650f726d 734static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 735{
650f726d 736 struct mgmt_mode *cp = data;
eec8d2bc 737 struct hci_dev *hdev;
366a0336 738 struct pending_cmd *cmd;
4b34ee78 739 int err;
eec8d2bc 740
4e51eae9 741 BT_DBG("request for hci%u", index);
eec8d2bc 742
bdce7baf 743 if (len != sizeof(*cp))
ca69b795
JH		 744 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
745 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 746
4e51eae9 747 hdev = hci_dev_get(index);
eec8d2bc 748 if (!hdev)
ca69b795
JH		 749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 751
09fd0de5 752 hci_dev_lock(hdev);
eec8d2bc 753
f0d4b78a
MH		 754 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
755 cancel_delayed_work(&hdev->power_off);
756
757 if (cp->val) {
758 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
759 mgmt_powered(hdev, 1);
760 goto failed;
761 }
762 }
763
4b34ee78 764 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 765 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 766 goto failed;
767 }
768
2e58ef3e 769 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 770 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
771 MGMT_STATUS_BUSY);
eec8d2bc
JH		 772 goto failed;
773 }
774
2e58ef3e 775 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 776 if (!cmd) {
777 err = -ENOMEM;
eec8d2bc 778 goto failed;
366a0336 779 }
eec8d2bc 780
72a734ec 781 if (cp->val)
7f971041 782 schedule_work(&hdev->power_on);
eec8d2bc 783 else
80b7ab33 784 schedule_work(&hdev->power_off.work);
eec8d2bc 785
366a0336 786 err = 0;
eec8d2bc
JH		 787
788failed:
09fd0de5 789 hci_dev_unlock(hdev);
eec8d2bc 790 hci_dev_put(hdev);
366a0336 791 return err;
eec8d2bc
JH		 792}
793
650f726d 794static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 795{
650f726d 796 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 797 struct hci_dev *hdev;
366a0336 798 struct pending_cmd *cmd;
73f22f62
JH		 799 u8 scan;
800 int err;
801
4e51eae9 802 BT_DBG("request for hci%u", index);
73f22f62 803
bdce7baf 804 if (len != sizeof(*cp))
ca69b795
JH		 805 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
806 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 807
4e51eae9 808 hdev = hci_dev_get(index);
73f22f62 809 if (!hdev)
ca69b795
JH		 810 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
811 MGMT_STATUS_INVALID_PARAMS);
73f22f62 812
09fd0de5 813 hci_dev_lock(hdev);
73f22f62 814
4b34ee78 815 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 816 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
817 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 818 goto failed;
819 }
820
2e58ef3e
JH		 821 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
822 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 823 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
824 MGMT_STATUS_BUSY);
73f22f62
JH		 825 goto failed;
826 }
827
72a734ec 828 if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
73f22f62 829 test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 830 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 831 goto failed;
832 }
833
2e58ef3e 834 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 835 if (!cmd) {
836 err = -ENOMEM;
73f22f62 837 goto failed;
366a0336 838 }
73f22f62
JH		 839
840 scan = SCAN_PAGE;
841
72a734ec 842 if (cp->val)
73f22f62 843 scan |= SCAN_INQUIRY;
16ab91ab 844 else
e0f9309f 845 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 846
847 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
848 if (err < 0)
a664b5bc 849 mgmt_pending_remove(cmd);
73f22f62 850
16ab91ab
JH		 851 if (cp->val)
852 hdev->discov_timeout = get_unaligned_le16(&cp->timeout);
853
73f22f62 854failed:
09fd0de5 855 hci_dev_unlock(hdev);
73f22f62
JH		 856 hci_dev_put(hdev);
857
858 return err;
859}
860
650f726d 861static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 862{
650f726d 863 struct mgmt_mode *cp = data;
9fbcbb45 864 struct hci_dev *hdev;
366a0336 865 struct pending_cmd *cmd;
9fbcbb45
JH		 866 u8 scan;
867 int err;
868
4e51eae9 869 BT_DBG("request for hci%u", index);
9fbcbb45 870
bdce7baf 871 if (len != sizeof(*cp))
ca69b795
JH		 872 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
873 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 874
4e51eae9 875 hdev = hci_dev_get(index);
9fbcbb45 876 if (!hdev)
ca69b795
JH		 877 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
878 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 879
09fd0de5 880 hci_dev_lock(hdev);
9fbcbb45 881
4b34ee78 882 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 883 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
884 MGMT_STATUS_NOT_POWERED);
9fbcbb45
JH		 885 goto failed;
886 }
887
2e58ef3e
JH		 888 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
889 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 890 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
891 MGMT_STATUS_BUSY);
9fbcbb45
JH		 892 goto failed;
893 }
894
72a734ec 895 if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 896 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 897 goto failed;
898 }
899
2e58ef3e 900 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 901 if (!cmd) {
902 err = -ENOMEM;
9fbcbb45 903 goto failed;
366a0336 904 }
9fbcbb45 905
72a734ec 906 if (cp->val)
9fbcbb45
JH		 907 scan = SCAN_PAGE;
908 else
909 scan = 0;
910
911 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
912 if (err < 0)
a664b5bc 913 mgmt_pending_remove(cmd);
9fbcbb45
JH		 914
915failed:
09fd0de5 916 hci_dev_unlock(hdev);
9fbcbb45
JH		 917 hci_dev_put(hdev);
918
919 return err;
920}
921
744cf19e
JH		 922static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
923 u16 data_len, struct sock *skip_sk)
c542a06c
JH		 924{
925 struct sk_buff *skb;
926 struct mgmt_hdr *hdr;
927
928 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
929 if (!skb)
930 return -ENOMEM;
931
c542a06c
JH		 932 hdr = (void *) skb_put(skb, sizeof(*hdr));
933 hdr->opcode = cpu_to_le16(event);
744cf19e
JH		 934 if (hdev)
935 hdr->index = cpu_to_le16(hdev->id);
936 else
937 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
c542a06c
JH		 938 hdr->len = cpu_to_le16(data_len);
939
4e51eae9
SJ		 940 if (data)
941 memcpy(skb_put(skb, data_len), data, data_len);
c542a06c 942
470fe1b5 943 hci_send_to_control(skb, skip_sk);
c542a06c
JH		 944 kfree_skb(skb);
945
946 return 0;
947}
948
650f726d 949static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 950{
650f726d 951 struct mgmt_mode *cp = data;
c542a06c 952 struct hci_dev *hdev;
69ab39ea 953 __le32 ev;
c542a06c
JH		 954 int err;
955
4e51eae9 956 BT_DBG("request for hci%u", index);
c542a06c 957
bdce7baf 958 if (len != sizeof(*cp))
ca69b795
JH		 959 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
960 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 961
4e51eae9 962 hdev = hci_dev_get(index);
c542a06c 963 if (!hdev)
ca69b795
JH		 964 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
965 MGMT_STATUS_INVALID_PARAMS);
c542a06c 966
09fd0de5 967 hci_dev_lock(hdev);
c542a06c
JH		 968
969 if (cp->val)
a8b2d5c2 970 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 971 else
a8b2d5c2 972 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 973
69ab39ea 974 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 975 if (err < 0)
976 goto failed;
977
69ab39ea 978 ev = cpu_to_le32(get_current_settings(hdev));
c542a06c 979
69ab39ea 980 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), sk);
c542a06c
JH		 981
982failed:
09fd0de5 983 hci_dev_unlock(hdev);
c542a06c
JH		 984 hci_dev_put(hdev);
985
986 return err;
987}
988
33ef95ed
JH		 989static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
990{
991 struct mgmt_mode *cp = data;
992 struct pending_cmd *cmd;
993 struct hci_dev *hdev;
994 uint8_t val;
995 int err;
996
997 BT_DBG("request for hci%u", index);
998
999 if (len != sizeof(*cp))
1000 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1001 MGMT_STATUS_INVALID_PARAMS);
1002
1003 hdev = hci_dev_get(index);
1004 if (!hdev)
1005 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1006 MGMT_STATUS_INVALID_PARAMS);
1007
1008 hci_dev_lock(hdev);
1009
4b34ee78 1010 if (!hdev_is_powered(hdev)) {
33ef95ed
JH		 1011 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1012 MGMT_STATUS_NOT_POWERED);
1013 goto failed;
1014 }
1015
1016 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1017 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1018 MGMT_STATUS_BUSY);
1019 goto failed;
1020 }
1021
1022 val = !!cp->val;
1023
1024 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1025 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1026 goto failed;
1027 }
1028
1029 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1030 if (!cmd) {
1031 err = -ENOMEM;
1032 goto failed;
1033 }
1034
1035 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1036 if (err < 0) {
1037 mgmt_pending_remove(cmd);
1038 goto failed;
1039 }
1040
1041failed:
1042 hci_dev_unlock(hdev);
1043 hci_dev_put(hdev);
1044
1045 return err;
1046}
1047
ed2c4ee3
JH		 1048static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1049{
1050 struct mgmt_mode *cp = data;
1051 struct pending_cmd *cmd;
1052 struct hci_dev *hdev;
1053 uint8_t val;
1054 int err;
1055
1056 BT_DBG("request for hci%u", index);
1057
1058 if (len != sizeof(*cp))
1059 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1060 MGMT_STATUS_INVALID_PARAMS);
1061
1062 hdev = hci_dev_get(index);
1063 if (!hdev)
1064 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1065 MGMT_STATUS_INVALID_PARAMS);
1066
1067 hci_dev_lock(hdev);
1068
4b34ee78 1069 if (!hdev_is_powered(hdev)) {
ed2c4ee3
JH		 1070 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1071 MGMT_STATUS_NOT_POWERED);
1072 goto failed;
1073 }
1074
1e163574
JH		 1075 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1076 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1077 MGMT_STATUS_NOT_SUPPORTED);
1078 goto failed;
1079 }
1080
ed2c4ee3
JH		 1081 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1082 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1083 goto failed;
1084 }
1085
1086 val = !!cp->val;
1087
1088 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1089 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1090 goto failed;
1091 }
1092
1093 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1094 if (!cmd) {
1095 err = -ENOMEM;
1096 goto failed;
1097 }
1098
1099 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1100 if (err < 0) {
1101 mgmt_pending_remove(cmd);
1102 goto failed;
1103 }
1104
1105failed:
1106 hci_dev_unlock(hdev);
1107 hci_dev_put(hdev);
1108
1109 return err;
1110}
1111
6d80dfd0
JH		 1112static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1113{
1114 struct mgmt_mode *cp = data;
1115 struct hci_dev *hdev;
1116 int err;
1117
1118 BT_DBG("request for hci%u", index);
1119
1120 if (len != sizeof(*cp))
1121 return cmd_status(sk, index, MGMT_OP_SET_HS,
1122 MGMT_STATUS_INVALID_PARAMS);
1123
1124 hdev = hci_dev_get(index);
1125 if (!hdev)
1126 return cmd_status(sk, index, MGMT_OP_SET_HS,
1127 MGMT_STATUS_INVALID_PARAMS);
1128
1129 if (!enable_hs) {
1130 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1131 MGMT_STATUS_NOT_SUPPORTED);
1132 goto failed;
1133 }
1134
1135 if (cp->val)
1136 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1137 else
1138 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1139
1140 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1141
1142failed:
1143 hci_dev_put(hdev);
1144 return err;
1145}
1146
650f726d 1147static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1148{
650f726d 1149 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1150 struct hci_dev *hdev;
1151 struct bt_uuid *uuid;
2aeb9a1a
JH		 1152 int err;
1153
4e51eae9 1154 BT_DBG("request for hci%u", index);
2aeb9a1a 1155
bdce7baf 1156 if (len != sizeof(*cp))
ca69b795
JH		 1157 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1158 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1159
4e51eae9 1160 hdev = hci_dev_get(index);
2aeb9a1a 1161 if (!hdev)
ca69b795
JH		 1162 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1163 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1164
09fd0de5 1165 hci_dev_lock(hdev);
2aeb9a1a
JH		 1166
1167 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1168 if (!uuid) {
1169 err = -ENOMEM;
1170 goto failed;
1171 }
1172
1173 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1174 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1175
1176 list_add(&uuid->list, &hdev->uuids);
1177
1aff6f09
JH		 1178 err = update_class(hdev);
1179 if (err < 0)
1180 goto failed;
1181
80a1e1db
JH		 1182 err = update_eir(hdev);
1183 if (err < 0)
1184 goto failed;
1185
aee9b218 1186 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1187
1188failed:
09fd0de5 1189 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1190 hci_dev_put(hdev);
1191
1192 return err;
1193}
1194
650f726d 1195static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1196{
650f726d 1197 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1198 struct list_head *p, *n;
2aeb9a1a
JH		 1199 struct hci_dev *hdev;
1200 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1201 int err, found;
1202
4e51eae9 1203 BT_DBG("request for hci%u", index);
2aeb9a1a 1204
bdce7baf 1205 if (len != sizeof(*cp))
ca69b795
JH		 1206 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1207 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1208
4e51eae9 1209 hdev = hci_dev_get(index);
2aeb9a1a 1210 if (!hdev)
ca69b795
JH		 1211 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1212 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1213
09fd0de5 1214 hci_dev_lock(hdev);
2aeb9a1a
JH		 1215
1216 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1217 err = hci_uuids_clear(hdev);
1218 goto unlock;
1219 }
1220
1221 found = 0;
1222
1223 list_for_each_safe(p, n, &hdev->uuids) {
1224 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1225
1226 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1227 continue;
1228
1229 list_del(&match->list);
1230 found++;
1231 }
1232
1233 if (found == 0) {
ca69b795
JH		 1234 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1235 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1236 goto unlock;
1237 }
1238
1aff6f09
JH		 1239 err = update_class(hdev);
1240 if (err < 0)
1241 goto unlock;
1242
80a1e1db
JH		 1243 err = update_eir(hdev);
1244 if (err < 0)
1245 goto unlock;
1246
aee9b218 1247 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1248
1249unlock:
09fd0de5 1250 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1251 hci_dev_put(hdev);
1252
1253 return err;
1254}
1255
650f726d 1256static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1257{
1258 struct hci_dev *hdev;
650f726d 1259 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1260 int err;
1261
4e51eae9 1262 BT_DBG("request for hci%u", index);
1aff6f09 1263
bdce7baf 1264 if (len != sizeof(*cp))
ca69b795
JH		 1265 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1266 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1267
4e51eae9 1268 hdev = hci_dev_get(index);
1aff6f09 1269 if (!hdev)
ca69b795
JH		 1270 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1271 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1272
09fd0de5 1273 hci_dev_lock(hdev);
1aff6f09 1274
b5235a65
JH		 1275 if (!hdev_is_powered(hdev)) {
1276 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1277 MGMT_STATUS_NOT_POWERED);
1278 goto unlock;
1279 }
1280
1aff6f09
JH		 1281 hdev->major_class = cp->major;
1282 hdev->minor_class = cp->minor;
1283
a8b2d5c2 1284 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1285 hci_dev_unlock(hdev);
1286 cancel_delayed_work_sync(&hdev->service_cache);
1287 hci_dev_lock(hdev);
14c0b608 1288 update_eir(hdev);
7d78525d 1289 }
14c0b608 1290
1aff6f09
JH		 1291 err = update_class(hdev);
1292
1293 if (err == 0)
aee9b218
JH		 1294 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1295 NULL, 0);
1aff6f09 1296
b5235a65 1297unlock:
09fd0de5 1298 hci_dev_unlock(hdev);
1aff6f09
JH		 1299 hci_dev_put(hdev);
1300
1301 return err;
1302}
1303
650f726d 1304static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1305{
1306 struct hci_dev *hdev;
650f726d 1307 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1308 u16 key_count, expected_len;
a492cd52 1309 int i;
55ed8ca1 1310
bdce7baf 1311 if (len < sizeof(*cp))
ca69b795
JH		 1312 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1313 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1314
55ed8ca1
JH		 1315 key_count = get_unaligned_le16(&cp->key_count);
1316
86742e1e
JH		 1317 expected_len = sizeof(*cp) + key_count *
1318 sizeof(struct mgmt_link_key_info);
a492cd52 1319 if (expected_len != len) {
86742e1e 1320 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1321 len, expected_len);
ca69b795
JH		 1322 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1323 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1324 }
1325
4e51eae9 1326 hdev = hci_dev_get(index);
55ed8ca1 1327 if (!hdev)
ca69b795
JH		 1328 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1329 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1330
4e51eae9 1331 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1332 key_count);
1333
09fd0de5 1334 hci_dev_lock(hdev);
55ed8ca1
JH		 1335
1336 hci_link_keys_clear(hdev);
1337
a8b2d5c2 1338 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1339
1340 if (cp->debug_keys)
a8b2d5c2 1341 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1342 else
a8b2d5c2 1343 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1344
a492cd52 1345 for (i = 0; i < key_count; i++) {
86742e1e 1346 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1347
d753fdc4
JH		 1348 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1349 key->type, key->pin_len);
55ed8ca1
JH		 1350 }
1351
aee9b218 1352 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1353
09fd0de5 1354 hci_dev_unlock(hdev);
55ed8ca1
JH		 1355 hci_dev_put(hdev);
1356
a492cd52 1357 return 0;
55ed8ca1
JH		 1358}
1359
b1078ad0
JH		 1360static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1361 u8 addr_type, struct sock *skip_sk)
1362{
1363 struct mgmt_ev_device_unpaired ev;
1364
1365 bacpy(&ev.addr.bdaddr, bdaddr);
1366 ev.addr.type = addr_type;
1367
1368 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1369 skip_sk);
1370}
1371
124f6e35 1372static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1373{
1374 struct hci_dev *hdev;
124f6e35
JH		 1375 struct mgmt_cp_unpair_device *cp = data;
1376 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1377 struct hci_cp_disconnect dc;
1378 struct pending_cmd *cmd;
55ed8ca1 1379 struct hci_conn *conn;
aee9b218 1380 u8 status = 0;
55ed8ca1
JH		 1381 int err;
1382
bdce7baf 1383 if (len != sizeof(*cp))
124f6e35 1384 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1385 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1386
4e51eae9 1387 hdev = hci_dev_get(index);
55ed8ca1 1388 if (!hdev)
124f6e35 1389 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1390 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1391
09fd0de5 1392 hci_dev_lock(hdev);
55ed8ca1 1393
a8a1d19e 1394 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1395 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1396 rp.addr.type = cp->addr.type;
a8a1d19e 1397
124f6e35
JH		 1398 if (cp->addr.type == MGMT_ADDR_BREDR)
1399 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1400 else
1401 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1402
55ed8ca1 1403 if (err < 0) {
aee9b218 1404 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1405 goto unlock;
1406 }
1407
a8a1d19e 1408 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1409 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1410 &rp, sizeof(rp));
b1078ad0 1411 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1412 goto unlock;
a8a1d19e 1413 }
55ed8ca1 1414
124f6e35
JH		 1415 if (cp->addr.type == MGMT_ADDR_BREDR)
1416 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1417 &cp->addr.bdaddr);
1418 else
1419 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1420 &cp->addr.bdaddr);
1421
a8a1d19e 1422 if (!conn) {
aee9b218
JH		 1423 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1424 &rp, sizeof(rp));
b1078ad0 1425 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1426 goto unlock;
1427 }
55ed8ca1 1428
124f6e35
JH		 1429 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1430 sizeof(*cp));
a8a1d19e
JH		 1431 if (!cmd) {
1432 err = -ENOMEM;
1433 goto unlock;
55ed8ca1
JH		 1434 }
1435
a8a1d19e
JH		 1436 put_unaligned_le16(conn->handle, &dc.handle);
1437 dc.reason = 0x13; /* Remote User Terminated Connection */
1438 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1439 if (err < 0)
1440 mgmt_pending_remove(cmd);
1441
55ed8ca1 1442unlock:
ca69b795 1443 if (err < 0)
aee9b218
JH		 1444 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1445 &rp, sizeof(rp));
09fd0de5 1446 hci_dev_unlock(hdev);
55ed8ca1
JH		 1447 hci_dev_put(hdev);
1448
1449 return err;
1450}
1451
650f726d 1452static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1453{
1454 struct hci_dev *hdev;
650f726d 1455 struct mgmt_cp_disconnect *cp = data;
8962ee74 1456 struct hci_cp_disconnect dc;
366a0336 1457 struct pending_cmd *cmd;
8962ee74 1458 struct hci_conn *conn;
8962ee74
JH		 1459 int err;
1460
1461 BT_DBG("");
1462
bdce7baf 1463 if (len != sizeof(*cp))
ca69b795
JH		 1464 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1465 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1466
4e51eae9 1467 hdev = hci_dev_get(index);
8962ee74 1468 if (!hdev)
ca69b795
JH		 1469 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1470 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1471
09fd0de5 1472 hci_dev_lock(hdev);
8962ee74
JH		 1473
1474 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1475 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1476 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1477 goto failed;
1478 }
1479
2e58ef3e 1480 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1481 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1482 MGMT_STATUS_BUSY);
8962ee74
JH		 1483 goto failed;
1484 }
1485
88c3df13
JH		 1486 if (cp->addr.type == MGMT_ADDR_BREDR)
1487 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1488 else
1489 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1490
8962ee74 1491 if (!conn) {
ca69b795
JH		 1492 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1493 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1494 goto failed;
1495 }
1496
2e58ef3e 1497 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1498 if (!cmd) {
1499 err = -ENOMEM;
8962ee74 1500 goto failed;
366a0336 1501 }
8962ee74
JH		 1502
1503 put_unaligned_le16(conn->handle, &dc.handle);
1504 dc.reason = 0x13; /* Remote User Terminated Connection */
1505
1506 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1507 if (err < 0)
a664b5bc 1508 mgmt_pending_remove(cmd);
8962ee74
JH		 1509
1510failed:
09fd0de5 1511 hci_dev_unlock(hdev);
8962ee74
JH		 1512 hci_dev_put(hdev);
1513
1514 return err;
1515}
1516
48264f06 1517static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1518{
1519 switch (link_type) {
1520 case LE_LINK:
48264f06
JH		 1521 switch (addr_type) {
1522 case ADDR_LE_DEV_PUBLIC:
1523 return MGMT_ADDR_LE_PUBLIC;
1524 case ADDR_LE_DEV_RANDOM:
1525 return MGMT_ADDR_LE_RANDOM;
1526 default:
1527 return MGMT_ADDR_INVALID;
1528 }
4c659c39
JH		 1529 case ACL_LINK:
1530 return MGMT_ADDR_BREDR;
1531 default:
1532 return MGMT_ADDR_INVALID;
1533 }
1534}
1535
8ce6284e 1536static int get_connections(struct sock *sk, u16 index)
2784eb41 1537{
2784eb41
JH		 1538 struct mgmt_rp_get_connections *rp;
1539 struct hci_dev *hdev;
8035ded4 1540 struct hci_conn *c;
a38528f1 1541 size_t rp_len;
4e51eae9 1542 u16 count;
2784eb41
JH		 1543 int i, err;
1544
1545 BT_DBG("");
1546
4e51eae9 1547 hdev = hci_dev_get(index);
2784eb41 1548 if (!hdev)
ca69b795
JH		 1549 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1550 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1551
09fd0de5 1552 hci_dev_lock(hdev);
2784eb41
JH		 1553
1554 count = 0;
b644ba33
JH		 1555 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1556 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1557 count++;
2784eb41
JH		 1558 }
1559
4c659c39 1560 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1561 rp = kmalloc(rp_len, GFP_ATOMIC);
1562 if (!rp) {
2784eb41
JH		 1563 err = -ENOMEM;
1564 goto unlock;
1565 }
1566
2784eb41
JH		 1567 put_unaligned_le16(count, &rp->conn_count);
1568
2784eb41 1569 i = 0;
4c659c39 1570 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1571 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1572 continue;
4c659c39 1573 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1574 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1575 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1576 continue;
1577 i++;
1578 }
1579
1580 /* Recalculate length in case of filtered SCO connections, etc */
1581 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1582
aee9b218 1583 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1584
1585unlock:
a38528f1 1586 kfree(rp);
09fd0de5 1587 hci_dev_unlock(hdev);
2784eb41
JH		 1588 hci_dev_put(hdev);
1589 return err;
1590}
1591
96d97a67
WR		 1592static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1593 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1594{
1595 struct pending_cmd *cmd;
1596 int err;
1597
2e58ef3e 1598 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1599 sizeof(*cp));
1600 if (!cmd)
1601 return -ENOMEM;
1602
d8457698
JH		 1603 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1604 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1605 if (err < 0)
1606 mgmt_pending_remove(cmd);
1607
1608 return err;
1609}
1610
650f726d 1611static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1612{
1613 struct hci_dev *hdev;
96d97a67 1614 struct hci_conn *conn;
650f726d 1615 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1616 struct hci_cp_pin_code_reply reply;
366a0336 1617 struct pending_cmd *cmd;
980e1a53
JH		 1618 int err;
1619
1620 BT_DBG("");
1621
bdce7baf 1622 if (len != sizeof(*cp))
ca69b795
JH		 1623 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1624 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1625
4e51eae9 1626 hdev = hci_dev_get(index);
980e1a53 1627 if (!hdev)
ca69b795
JH		 1628 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1629 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1630
09fd0de5 1631 hci_dev_lock(hdev);
980e1a53 1632
4b34ee78 1633 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1634 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1635 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1636 goto failed;
1637 }
1638
d8457698 1639 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1640 if (!conn) {
ca69b795
JH		 1641 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1642 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1643 goto failed;
1644 }
1645
1646 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1647 struct mgmt_cp_pin_code_neg_reply ncp;
1648
1649 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1650
1651 BT_ERR("PIN code is not 16 bytes long");
1652
1653 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1654 if (err >= 0)
1655 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1656 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1657
1658 goto failed;
1659 }
1660
650f726d
VCG		 1661 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1662 len);
366a0336
JH		 1663 if (!cmd) {
1664 err = -ENOMEM;
980e1a53 1665 goto failed;
366a0336 1666 }
980e1a53 1667
d8457698 1668 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1669 reply.pin_len = cp->pin_len;
24718ca5 1670 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1671
1672 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1673 if (err < 0)
a664b5bc 1674 mgmt_pending_remove(cmd);
980e1a53
JH		 1675
1676failed:
09fd0de5 1677 hci_dev_unlock(hdev);
980e1a53
JH		 1678 hci_dev_put(hdev);
1679
1680 return err;
1681}
1682
650f726d 1683static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1684{
1685 struct hci_dev *hdev;
650f726d 1686 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1687 int err;
1688
1689 BT_DBG("");
1690
bdce7baf
SJ		 1691 if (len != sizeof(*cp))
1692 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1693 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1694
4e51eae9 1695 hdev = hci_dev_get(index);
980e1a53 1696 if (!hdev)
4e51eae9 1697 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1698 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1699
09fd0de5 1700 hci_dev_lock(hdev);
980e1a53 1701
4b34ee78 1702 if (!hdev_is_powered(hdev)) {
4e51eae9 1703 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1704 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1705 goto failed;
1706 }
1707
96d97a67 1708 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1709
1710failed:
09fd0de5 1711 hci_dev_unlock(hdev);
980e1a53
JH		 1712 hci_dev_put(hdev);
1713
1714 return err;
1715}
1716
650f726d 1717static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1718{
1719 struct hci_dev *hdev;
650f726d 1720 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1721
1722 BT_DBG("");
1723
bdce7baf 1724 if (len != sizeof(*cp))
ca69b795
JH		 1725 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1726 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1727
4e51eae9 1728 hdev = hci_dev_get(index);
17fa4b9d 1729 if (!hdev)
ca69b795
JH		 1730 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1731 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1732
09fd0de5 1733 hci_dev_lock(hdev);
17fa4b9d
JH		 1734
1735 hdev->io_capability = cp->io_capability;
1736
1737 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1738 hdev->io_capability);
17fa4b9d 1739
09fd0de5 1740 hci_dev_unlock(hdev);
17fa4b9d
JH		 1741 hci_dev_put(hdev);
1742
aee9b218 1743 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1744}
1745
e9a416b5
JH		 1746static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1747{
1748 struct hci_dev *hdev = conn->hdev;
8035ded4 1749 struct pending_cmd *cmd;
e9a416b5 1750
2e58ef3e 1751 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1752 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1753 continue;
1754
e9a416b5
JH		 1755 if (cmd->user_data != conn)
1756 continue;
1757
1758 return cmd;
1759 }
1760
1761 return NULL;
1762}
1763
1764static void pairing_complete(struct pending_cmd *cmd, u8 status)
1765{
1766 struct mgmt_rp_pair_device rp;
1767 struct hci_conn *conn = cmd->user_data;
1768
ba4e564f
JH		 1769 bacpy(&rp.addr.bdaddr, &conn->dst);
1770 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1771
aee9b218
JH		 1772 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1773 &rp, sizeof(rp));
e9a416b5
JH		 1774
1775 /* So we don't get further callbacks for this connection */
1776 conn->connect_cfm_cb = NULL;
1777 conn->security_cfm_cb = NULL;
1778 conn->disconn_cfm_cb = NULL;
1779
1780 hci_conn_put(conn);
1781
a664b5bc 1782 mgmt_pending_remove(cmd);
e9a416b5
JH		 1783}
1784
1785static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1786{
1787 struct pending_cmd *cmd;
1788
1789 BT_DBG("status %u", status);
1790
1791 cmd = find_pairing(conn);
56e5cb86 1792 if (!cmd)
e9a416b5 1793 BT_DBG("Unable to find a pending command");
56e5cb86 1794 else
e211326c 1795 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1796}
1797
650f726d 1798static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1799{
1800 struct hci_dev *hdev;
650f726d 1801 struct mgmt_cp_pair_device *cp = data;
1425acb7 1802 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1803 struct pending_cmd *cmd;
1804 u8 sec_level, auth_type;
1805 struct hci_conn *conn;
e9a416b5
JH		 1806 int err;
1807
1808 BT_DBG("");
1809
bdce7baf 1810 if (len != sizeof(*cp))
ca69b795
JH		 1811 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1812 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1813
4e51eae9 1814 hdev = hci_dev_get(index);
e9a416b5 1815 if (!hdev)
ca69b795
JH		 1816 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1817 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1818
09fd0de5 1819 hci_dev_lock(hdev);
e9a416b5 1820
c908df36
VCG		 1821 sec_level = BT_SECURITY_MEDIUM;
1822 if (cp->io_cap == 0x03)
e9a416b5 1823 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1824 else
e9a416b5 1825 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1826
ba4e564f
JH		 1827 if (cp->addr.type == MGMT_ADDR_BREDR)
1828 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1829 auth_type);
1830 else
ba4e564f 1831 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1832 auth_type);
1833
1425acb7
JH		 1834 memset(&rp, 0, sizeof(rp));
1835 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1836 rp.addr.type = cp->addr.type;
1837
30e76272 1838 if (IS_ERR(conn)) {
e211326c
JH		 1839 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1840 MGMT_STATUS_CONNECT_FAILED,
1841 &rp, sizeof(rp));
e9a416b5
JH		 1842 goto unlock;
1843 }
1844
1845 if (conn->connect_cfm_cb) {
1846 hci_conn_put(conn);
e211326c
JH		 1847 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1848 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1849 goto unlock;
1850 }
1851
2e58ef3e 1852 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1853 if (!cmd) {
1854 err = -ENOMEM;
1855 hci_conn_put(conn);
1856 goto unlock;
1857 }
1858
7a512d01 1859 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1860 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1861 conn->connect_cfm_cb = pairing_complete_cb;
1862
e9a416b5
JH		 1863 conn->security_cfm_cb = pairing_complete_cb;
1864 conn->disconn_cfm_cb = pairing_complete_cb;
1865 conn->io_capability = cp->io_cap;
1866 cmd->user_data = conn;
1867
1868 if (conn->state == BT_CONNECTED &&
1869 hci_conn_security(conn, sec_level, auth_type))
1870 pairing_complete(cmd, 0);
1871
1872 err = 0;
1873
1874unlock:
09fd0de5 1875 hci_dev_unlock(hdev);
e9a416b5
JH		 1876 hci_dev_put(hdev);
1877
1878 return err;
1879}
1880
28424707
JH		 1881static int cancel_pair_device(struct sock *sk, u16 index,
1882 unsigned char *data, u16 len)
1883{
1884 struct mgmt_addr_info *addr = (void *) data;
1885 struct hci_dev *hdev;
1886 struct pending_cmd *cmd;
1887 struct hci_conn *conn;
1888 int err;
1889
1890 BT_DBG("");
1891
1892 if (len != sizeof(*addr))
1893 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1894 MGMT_STATUS_INVALID_PARAMS);
1895
1896 hdev = hci_dev_get(index);
1897 if (!hdev)
1898 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1899 MGMT_STATUS_INVALID_PARAMS);
1900
1901 hci_dev_lock(hdev);
1902
1903 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1904 if (!cmd) {
1905 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1906 MGMT_STATUS_INVALID_PARAMS);
1907 goto unlock;
1908 }
1909
1910 conn = cmd->user_data;
1911
1912 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1913 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1914 MGMT_STATUS_INVALID_PARAMS);
1915 goto unlock;
1916 }
1917
1918 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1919
aee9b218 1920 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 1921 sizeof(*addr));
1922unlock:
1923 hci_dev_unlock(hdev);
1924 hci_dev_put(hdev);
1925
1926 return err;
1927}
1928
0df4c185 1929static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 1930 u8 type, u16 mgmt_op, u16 hci_op,
1931 __le32 passkey)
a5c29683 1932{
a5c29683
JH		 1933 struct pending_cmd *cmd;
1934 struct hci_dev *hdev;
0df4c185 1935 struct hci_conn *conn;
a5c29683
JH		 1936 int err;
1937
4e51eae9 1938 hdev = hci_dev_get(index);
a5c29683 1939 if (!hdev)
ca69b795
JH		 1940 return cmd_status(sk, index, mgmt_op,
1941 MGMT_STATUS_INVALID_PARAMS);
a5c29683 1942
09fd0de5 1943 hci_dev_lock(hdev);
08ba5382 1944
4b34ee78 1945 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 1946 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
1947 goto done;
a5c29683
JH		 1948 }
1949
272d90df
JH		 1950 if (type == MGMT_ADDR_BREDR)
1951 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
1952 else
47c15e2b 1953 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 1954
1955 if (!conn) {
1956 err = cmd_status(sk, index, mgmt_op,
47c15e2b 1957 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 1958 goto done;
1959 }
47c15e2b 1960
272d90df 1961 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 1962 /* Continue with pairing via SMP */
5fe57d9e
BG		 1963 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
1964
1965 if (!err)
1966 err = cmd_status(sk, index, mgmt_op,
1967 MGMT_STATUS_SUCCESS);
1968 else
1969 err = cmd_status(sk, index, mgmt_op,
1970 MGMT_STATUS_FAILED);
47c15e2b 1971
47c15e2b
BG		 1972 goto done;
1973 }
1974
0df4c185 1975 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 1976 if (!cmd) {
1977 err = -ENOMEM;
0df4c185 1978 goto done;
a5c29683
JH		 1979 }
1980
0df4c185 1981 /* Continue with pairing via HCI */
604086b7
BG		 1982 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
1983 struct hci_cp_user_passkey_reply cp;
1984
1985 bacpy(&cp.bdaddr, bdaddr);
1986 cp.passkey = passkey;
1987 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
1988 } else
1989 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
1990
a664b5bc
JH		 1991 if (err < 0)
1992 mgmt_pending_remove(cmd);
a5c29683 1993
0df4c185 1994done:
09fd0de5 1995 hci_dev_unlock(hdev);
a5c29683
JH		 1996 hci_dev_put(hdev);
1997
1998 return err;
1999}
2000
0df4c185
BG		 2001static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2002{
650f726d 2003 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2004
2005 BT_DBG("");
2006
2007 if (len != sizeof(*cp))
2008 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2009 MGMT_STATUS_INVALID_PARAMS);
2010
272d90df
JH		 2011 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2012 MGMT_OP_USER_CONFIRM_REPLY,
2013 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2014}
2015
2016static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2017 u16 len)
2018{
c9c2659f 2019 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2020
2021 BT_DBG("");
2022
2023 if (len != sizeof(*cp))
2024 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2025 MGMT_STATUS_INVALID_PARAMS);
2026
272d90df
JH		 2027 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2028 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2029 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2030}
2031
604086b7
BG		 2032static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2033{
650f726d 2034 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2035
2036 BT_DBG("");
2037
2038 if (len != sizeof(*cp))
2039 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2040 EINVAL);
2041
272d90df
JH		 2042 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2043 MGMT_OP_USER_PASSKEY_REPLY,
2044 HCI_OP_USER_PASSKEY_REPLY,
2045 cp->passkey);
604086b7
BG		 2046}
2047
2048static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2049 u16 len)
2050{
650f726d 2051 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2052
2053 BT_DBG("");
2054
2055 if (len != sizeof(*cp))
2056 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2057 EINVAL);
2058
272d90df
JH		 2059 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2060 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2061 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2062}
2063
650f726d 2064static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2065 u16 len)
2066{
650f726d 2067 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2068 struct hci_cp_write_local_name hci_cp;
2069 struct hci_dev *hdev;
2070 struct pending_cmd *cmd;
2071 int err;
2072
2073 BT_DBG("");
2074
2075 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2076 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2077 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2078
2079 hdev = hci_dev_get(index);
2080 if (!hdev)
ca69b795
JH		 2081 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2082 MGMT_STATUS_INVALID_PARAMS);
b312b161 2083
09fd0de5 2084 hci_dev_lock(hdev);
b312b161 2085
b5235a65
JH		 2086 if (!hdev_is_powered(hdev)) {
2087 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2088 MGMT_STATUS_NOT_POWERED);
2089 goto failed;
2090 }
2091
650f726d
VCG		 2092 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2093 len);
b312b161
JH		 2094 if (!cmd) {
2095 err = -ENOMEM;
2096 goto failed;
2097 }
2098
2099 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2100 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2101 &hci_cp);
2102 if (err < 0)
2103 mgmt_pending_remove(cmd);
2104
2105failed:
09fd0de5 2106 hci_dev_unlock(hdev);
b312b161
JH		 2107 hci_dev_put(hdev);
2108
2109 return err;
2110}
2111
c35938b2
SJ		 2112static int read_local_oob_data(struct sock *sk, u16 index)
2113{
2114 struct hci_dev *hdev;
2115 struct pending_cmd *cmd;
2116 int err;
2117
2118 BT_DBG("hci%u", index);
2119
2120 hdev = hci_dev_get(index);
2121 if (!hdev)
2122 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2123 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2124
09fd0de5 2125 hci_dev_lock(hdev);
c35938b2 2126
4b34ee78 2127 if (!hdev_is_powered(hdev)) {
c35938b2 2128 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2129 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2130 goto unlock;
2131 }
2132
2133 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2134 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2135 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2136 goto unlock;
2137 }
2138
2e58ef3e 2139 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2140 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2141 MGMT_STATUS_BUSY);
c35938b2
SJ		 2142 goto unlock;
2143 }
2144
2e58ef3e 2145 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2146 if (!cmd) {
2147 err = -ENOMEM;
2148 goto unlock;
2149 }
2150
2151 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2152 if (err < 0)
2153 mgmt_pending_remove(cmd);
2154
2155unlock:
09fd0de5 2156 hci_dev_unlock(hdev);
c35938b2
SJ		 2157 hci_dev_put(hdev);
2158
2159 return err;
2160}
2161
650f726d
VCG		 2162static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2163 u16 len)
2763eda6
SJ		 2164{
2165 struct hci_dev *hdev;
650f726d 2166 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2167 u8 status;
2763eda6
SJ		 2168 int err;
2169
2170 BT_DBG("hci%u ", index);
2171
2172 if (len != sizeof(*cp))
2173 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2174 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2175
2176 hdev = hci_dev_get(index);
2177 if (!hdev)
bf1e3541
JH		 2178 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2179 MGMT_STATUS_INVALID_PARAMS,
2180 &cp->addr, sizeof(cp->addr));
2763eda6 2181
09fd0de5 2182 hci_dev_lock(hdev);
2763eda6 2183
664ce4cc 2184 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2185 cp->randomizer);
2186 if (err < 0)
bf1e3541 2187 status = MGMT_STATUS_FAILED;
2763eda6 2188 else
bf1e3541
JH		 2189 status = 0;
2190
2191 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2192 &cp->addr, sizeof(cp->addr));
2763eda6 2193
09fd0de5 2194 hci_dev_unlock(hdev);
2763eda6
SJ		 2195 hci_dev_put(hdev);
2196
2197 return err;
2198}
2199
2200static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2201 void *data, u16 len)
2763eda6
SJ		 2202{
2203 struct hci_dev *hdev;
650f726d 2204 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2205 u8 status;
2763eda6
SJ		 2206 int err;
2207
2208 BT_DBG("hci%u ", index);
2209
2210 if (len != sizeof(*cp))
2211 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2212 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2213
2214 hdev = hci_dev_get(index);
2215 if (!hdev)
bf1e3541
JH		 2216 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2217 MGMT_STATUS_INVALID_PARAMS,
2218 &cp->addr, sizeof(cp->addr));
2763eda6 2219
09fd0de5 2220 hci_dev_lock(hdev);
2763eda6 2221
664ce4cc 2222 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2223 if (err < 0)
bf1e3541 2224 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2225 else
bf1e3541
JH		 2226 status = 0;
2227
2228 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2229 &cp->addr, sizeof(cp->addr));
2763eda6 2230
09fd0de5 2231 hci_dev_unlock(hdev);
2763eda6
SJ		 2232 hci_dev_put(hdev);
2233
2234 return err;
2235}
2236
5e0452c0
AG		 2237static int discovery(struct hci_dev *hdev)
2238{
2239 int err;
2240
2241 if (lmp_host_le_capable(hdev)) {
2242 if (lmp_bredr_capable(hdev)) {
2243 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2244 LE_SCAN_INT, LE_SCAN_WIN,
2245 LE_SCAN_TIMEOUT_BREDR_LE);
2246 } else {
2247 hdev->discovery.type = DISCOV_TYPE_LE;
2248 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2249 LE_SCAN_INT, LE_SCAN_WIN,
2250 LE_SCAN_TIMEOUT_LE_ONLY);
2251 }
2252 } else {
2253 hdev->discovery.type = DISCOV_TYPE_BREDR;
2254 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2255 }
2256
2257 return err;
2258}
2259
2260int mgmt_interleaved_discovery(struct hci_dev *hdev)
2261{
2262 int err;
2263
2264 BT_DBG("%s", hdev->name);
2265
2266 hci_dev_lock(hdev);
2267
2268 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2269 if (err < 0)
2270 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2271
2272 hci_dev_unlock(hdev);
2273
2274 return err;
2275}
2276
450dfdaf 2277static int start_discovery(struct sock *sk, u16 index,
650f726d 2278 void *data, u16 len)
14a53664 2279{
650f726d 2280 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2281 struct pending_cmd *cmd;
2282 struct hci_dev *hdev;
2283 int err;
2284
2285 BT_DBG("hci%u", index);
2286
450dfdaf
JH		 2287 if (len != sizeof(*cp))
2288 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2289 MGMT_STATUS_INVALID_PARAMS);
2290
14a53664
JH		 2291 hdev = hci_dev_get(index);
2292 if (!hdev)
ca69b795
JH		 2293 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2294 MGMT_STATUS_INVALID_PARAMS);
14a53664 2295
09fd0de5 2296 hci_dev_lock(hdev);
14a53664 2297
4b34ee78 2298 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2299 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2300 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2301 goto failed;
2302 }
2303
ff9ef578
JH		 2304 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2305 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2306 MGMT_STATUS_BUSY);
2307 goto failed;
2308 }
2309
2e58ef3e 2310 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2311 if (!cmd) {
2312 err = -ENOMEM;
2313 goto failed;
2314 }
2315
4aab14e5
AG		 2316 hdev->discovery.type = cp->type;
2317
2318 switch (hdev->discovery.type) {
f39799f5 2319 case DISCOV_TYPE_BREDR:
3fd24153 2320 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2321 break;
2322
2323 case DISCOV_TYPE_LE:
3fd24153
AG		 2324 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2325 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2326 break;
2327
5e0452c0
AG		 2328 case DISCOV_TYPE_INTERLEAVED:
2329 err = discovery(hdev);
2330 break;
2331
f39799f5 2332 default:
3fd24153 2333 err = -EINVAL;
f39799f5 2334 }
3fd24153 2335
14a53664
JH		 2336 if (err < 0)
2337 mgmt_pending_remove(cmd);
ff9ef578
JH		 2338 else
2339 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2340
2341failed:
09fd0de5 2342 hci_dev_unlock(hdev);
14a53664
JH		 2343 hci_dev_put(hdev);
2344
2345 return err;
2346}
2347
d930650b 2348static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2349{
d930650b 2350 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2351 struct hci_dev *hdev;
2352 struct pending_cmd *cmd;
30dc78e1
JH		 2353 struct hci_cp_remote_name_req_cancel cp;
2354 struct inquiry_entry *e;
14a53664
JH		 2355 int err;
2356
2357 BT_DBG("hci%u", index);
2358
d930650b
JH		 2359 if (len != sizeof(*mgmt_cp))
2360 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2361 MGMT_STATUS_INVALID_PARAMS);
2362
14a53664
JH		 2363 hdev = hci_dev_get(index);
2364 if (!hdev)
ca69b795
JH		 2365 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2366 MGMT_STATUS_INVALID_PARAMS);
14a53664 2367
09fd0de5 2368 hci_dev_lock(hdev);
14a53664 2369
30dc78e1 2370 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2371 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2372 MGMT_STATUS_REJECTED,
2373 &mgmt_cp->type, sizeof(mgmt_cp->type));
2374 goto unlock;
2375 }
2376
2377 if (hdev->discovery.type != mgmt_cp->type) {
2378 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2379 MGMT_STATUS_INVALID_PARAMS,
2380 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2381 goto unlock;
ff9ef578
JH		 2382 }
2383
2e58ef3e 2384 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2385 if (!cmd) {
2386 err = -ENOMEM;
30dc78e1
JH		 2387 goto unlock;
2388 }
2389
343f935b 2390 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2391 err = hci_cancel_inquiry(hdev);
2392 if (err < 0)
2393 mgmt_pending_remove(cmd);
2394 else
2395 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2396 goto unlock;
2397 }
2398
2399 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2400 if (!e) {
2401 mgmt_pending_remove(cmd);
aee9b218 2402 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2403 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2404 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2405 goto unlock;
14a53664
JH		 2406 }
2407
30dc78e1
JH		 2408 bacpy(&cp.bdaddr, &e->data.bdaddr);
2409 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2410 sizeof(cp), &cp);
14a53664
JH		 2411 if (err < 0)
2412 mgmt_pending_remove(cmd);
ff9ef578
JH		 2413 else
2414 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2415
30dc78e1 2416unlock:
09fd0de5 2417 hci_dev_unlock(hdev);
14a53664
JH		 2418 hci_dev_put(hdev);
2419
2420 return err;
2421}
2422
650f726d 2423static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2424{
650f726d 2425 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2426 struct inquiry_entry *e;
2427 struct hci_dev *hdev;
2428 int err;
2429
2430 BT_DBG("hci%u", index);
2431
2432 if (len != sizeof(*cp))
2433 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2434 MGMT_STATUS_INVALID_PARAMS);
2435
2436 hdev = hci_dev_get(index);
2437 if (!hdev)
2438 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2439 MGMT_STATUS_INVALID_PARAMS);
2440
2441 hci_dev_lock(hdev);
2442
30dc78e1
JH		 2443 if (!hci_discovery_active(hdev)) {
2444 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2445 MGMT_STATUS_FAILED);
2446 goto failed;
2447 }
2448
a198e7b1 2449 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc
JH		 2450 if (!e) {
2451 err = cmd_status (sk, index, MGMT_OP_CONFIRM_NAME,
2452 MGMT_STATUS_INVALID_PARAMS);
2453 goto failed;
2454 }
2455
2456 if (cp->name_known) {
2457 e->name_state = NAME_KNOWN;
2458 list_del(&e->list);
2459 } else {
2460 e->name_state = NAME_NEEDED;
a3d4e20a 2461 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2462 }
2463
2464 err = 0;
2465
2466failed:
2467 hci_dev_unlock(hdev);
2468
2469 return err;
2470}
2471
650f726d 2472static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2473{
2474 struct hci_dev *hdev;
650f726d 2475 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2476 u8 status;
7fbec224
AJ		 2477 int err;
2478
2479 BT_DBG("hci%u", index);
2480
7fbec224
AJ		 2481 if (len != sizeof(*cp))
2482 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2483 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2484
2485 hdev = hci_dev_get(index);
2486 if (!hdev)
f0eeea8b
JH		 2487 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2488 MGMT_STATUS_INVALID_PARAMS,
2489 &cp->addr, sizeof(cp->addr));
7fbec224 2490
09fd0de5 2491 hci_dev_lock(hdev);
5e762444 2492
88c1fe4b 2493 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2494 if (err < 0)
f0eeea8b 2495 status = MGMT_STATUS_FAILED;
7fbec224 2496 else
f0eeea8b
JH		 2497 status = 0;
2498
2499 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2500 &cp->addr, sizeof(cp->addr));
5e762444 2501
09fd0de5 2502 hci_dev_unlock(hdev);
7fbec224
AJ		 2503 hci_dev_put(hdev);
2504
2505 return err;
2506}
2507
650f726d 2508static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2509{
2510 struct hci_dev *hdev;
650f726d 2511 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2512 u8 status;
7fbec224
AJ		 2513 int err;
2514
2515 BT_DBG("hci%u", index);
2516
7fbec224
AJ		 2517 if (len != sizeof(*cp))
2518 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2519 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2520
2521 hdev = hci_dev_get(index);
2522 if (!hdev)
f0eeea8b
JH		 2523 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2524 MGMT_STATUS_INVALID_PARAMS,
2525 &cp->addr, sizeof(cp->addr));
7fbec224 2526
09fd0de5 2527 hci_dev_lock(hdev);
5e762444 2528
88c1fe4b 2529 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2530 if (err < 0)
f0eeea8b 2531 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2532 else
f0eeea8b
JH		 2533 status = 0;
2534
2535 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2536 &cp->addr, sizeof(cp->addr));
5e762444 2537
09fd0de5 2538 hci_dev_unlock(hdev);
7fbec224
AJ		 2539 hci_dev_put(hdev);
2540
2541 return err;
2542}
2543
f6422ec6 2544static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2545 void *data, u16 len)
f6422ec6
AJ		 2546{
2547 struct hci_dev *hdev;
650f726d 2548 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2549 struct hci_cp_write_page_scan_activity acp;
2550 u8 type;
2551 int err;
2552
2553 BT_DBG("hci%u", index);
2554
2555 if (len != sizeof(*cp))
2556 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2557 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2558
2559 hdev = hci_dev_get(index);
2560 if (!hdev)
2561 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2562 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2563
2564 hci_dev_lock(hdev);
2565
f7c6869c 2566 if (cp->val) {
f6422ec6
AJ		 2567 type = PAGE_SCAN_TYPE_INTERLACED;
2568 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2569 } else {
2570 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2571 acp.interval = 0x0800; /* default 1.28 sec page scan */
2572 }
2573
2574 acp.window = 0x0012; /* default 11.25 msec page scan window */
2575
2576 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2577 sizeof(acp), &acp);
2578 if (err < 0) {
2579 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2580 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2581 goto done;
2582 }
2583
2584 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2585 if (err < 0) {
2586 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2587 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2588 goto done;
2589 }
2590
aee9b218
JH		 2591 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2592 NULL, 0);
f6422ec6
AJ		 2593done:
2594 hci_dev_unlock(hdev);
2595 hci_dev_put(hdev);
2596
2597 return err;
2598}
2599
346af67b
VCG		 2600static int load_long_term_keys(struct sock *sk, u16 index,
2601 void *cp_data, u16 len)
2602{
2603 struct hci_dev *hdev;
2604 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2605 u16 key_count, expected_len;
2606 int i;
2607
2608 if (len < sizeof(*cp))
2609 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2610 EINVAL);
2611
2612 key_count = get_unaligned_le16(&cp->key_count);
2613
2614 expected_len = sizeof(*cp) + key_count *
2615 sizeof(struct mgmt_ltk_info);
2616 if (expected_len != len) {
2617 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2618 len, expected_len);
2619 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2620 EINVAL);
2621 }
2622
2623 hdev = hci_dev_get(index);
2624 if (!hdev)
2625 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2626 ENODEV);
2627
2628 BT_DBG("hci%u key_count %u", index, key_count);
2629
2630 hci_dev_lock(hdev);
2631
2632 hci_smp_ltks_clear(hdev);
2633
2634 for (i = 0; i < key_count; i++) {
2635 struct mgmt_ltk_info *key = &cp->keys[i];
2636 u8 type;
2637
2638 if (key->master)
2639 type = HCI_SMP_LTK;
2640 else
2641 type = HCI_SMP_LTK_SLAVE;
2642
2643 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2644 type, 0, key->authenticated, key->val,
2645 key->enc_size, key->ediv, key->rand);
2646 }
2647
2648 hci_dev_unlock(hdev);
2649 hci_dev_put(hdev);
2650
2651 return 0;
2652}
2653
0381101f
JH		 2654int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2655{
650f726d
VCG		 2656 void *buf;
2657 u8 *cp;
0381101f 2658 struct mgmt_hdr *hdr;
4e51eae9 2659 u16 opcode, index, len;
0381101f
JH		 2660 int err;
2661
2662 BT_DBG("got %zu bytes", msglen);
2663
2664 if (msglen < sizeof(*hdr))
2665 return -EINVAL;
2666
e63a15ec 2667 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2668 if (!buf)
2669 return -ENOMEM;
2670
2671 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2672 err = -EFAULT;
2673 goto done;
2674 }
2675
650f726d 2676 hdr = buf;
0381101f 2677 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2678 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2679 len = get_unaligned_le16(&hdr->len);
2680
2681 if (len != msglen - sizeof(*hdr)) {
2682 err = -EINVAL;
2683 goto done;
2684 }
2685
650f726d
VCG		 2686 cp = buf + sizeof(*hdr);
2687
0381101f 2688 switch (opcode) {
02d98129
JH		 2689 case MGMT_OP_READ_VERSION:
2690 err = read_version(sk);
2691 break;
e70bb2e8
JH		 2692 case MGMT_OP_READ_COMMANDS:
2693 err = read_commands(sk);
2694 break;
faba42eb
JH		 2695 case MGMT_OP_READ_INDEX_LIST:
2696 err = read_index_list(sk);
2697 break;
f7b64e69 2698 case MGMT_OP_READ_INFO:
4e51eae9 2699 err = read_controller_info(sk, index);
f7b64e69 2700 break;
eec8d2bc 2701 case MGMT_OP_SET_POWERED:
650f726d 2702 err = set_powered(sk, index, cp, len);
eec8d2bc 2703 break;
73f22f62 2704 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2705 err = set_discoverable(sk, index, cp, len);
73f22f62 2706 break;
9fbcbb45 2707 case MGMT_OP_SET_CONNECTABLE:
650f726d 2708 err = set_connectable(sk, index, cp, len);
9fbcbb45 2709 break;
f7c6869c 2710 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2711 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2712 break;
c542a06c 2713 case MGMT_OP_SET_PAIRABLE:
650f726d 2714 err = set_pairable(sk, index, cp, len);
c542a06c 2715 break;
33ef95ed
JH		 2716 case MGMT_OP_SET_LINK_SECURITY:
2717 err = set_link_security(sk, index, cp, len);
2718 break;
ed2c4ee3
JH		 2719 case MGMT_OP_SET_SSP:
2720 err = set_ssp(sk, index, cp, len);
2721 break;
6d80dfd0
JH		 2722 case MGMT_OP_SET_HS:
2723 err = set_hs(sk, index, cp, len);
2724 break;
2aeb9a1a 2725 case MGMT_OP_ADD_UUID:
650f726d 2726 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2727 break;
2728 case MGMT_OP_REMOVE_UUID:
650f726d 2729 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2730 break;
1aff6f09 2731 case MGMT_OP_SET_DEV_CLASS:
650f726d 2732 err = set_dev_class(sk, index, cp, len);
1aff6f09 2733 break;
86742e1e 2734 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2735 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2736 break;
8962ee74 2737 case MGMT_OP_DISCONNECT:
650f726d 2738 err = disconnect(sk, index, cp, len);
8962ee74 2739 break;
2784eb41 2740 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2741 err = get_connections(sk, index);
2784eb41 2742 break;
980e1a53 2743 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2744 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2745 break;
2746 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2747 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2748 break;
17fa4b9d 2749 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2750 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2751 break;
e9a416b5 2752 case MGMT_OP_PAIR_DEVICE:
650f726d 2753 err = pair_device(sk, index, cp, len);
e9a416b5 2754 break;
28424707
JH		 2755 case MGMT_OP_CANCEL_PAIR_DEVICE:
2756 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2757 break;
124f6e35
JH		 2758 case MGMT_OP_UNPAIR_DEVICE:
2759 err = unpair_device(sk, index, cp, len);
2760 break;
a5c29683 2761 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2762 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2763 break;
2764 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2765 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2766 break;
604086b7 2767 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2768 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2769 break;
2770 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2771 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2772 break;
b312b161 2773 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2774 err = set_local_name(sk, index, cp, len);
b312b161 2775 break;
c35938b2
SJ		 2776 case MGMT_OP_READ_LOCAL_OOB_DATA:
2777 err = read_local_oob_data(sk, index);
2778 break;
2763eda6 2779 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2780 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2781 break;
2782 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2783 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2784 break;
14a53664 2785 case MGMT_OP_START_DISCOVERY:
650f726d 2786 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2787 break;
2788 case MGMT_OP_STOP_DISCOVERY:
d930650b 2789 err = stop_discovery(sk, index, cp, len);
14a53664 2790 break;
561aafbc 2791 case MGMT_OP_CONFIRM_NAME:
650f726d 2792 err = confirm_name(sk, index, cp, len);
561aafbc 2793 break;
7fbec224 2794 case MGMT_OP_BLOCK_DEVICE:
650f726d 2795 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2796 break;
2797 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2798 err = unblock_device(sk, index, cp, len);
7fbec224 2799 break;
346af67b
VCG		 2800 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2801 err = load_long_term_keys(sk, index, cp, len);
2802 break;
0381101f
JH		 2803 default:
2804 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2805 err = cmd_status(sk, index, opcode,
2806 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2807 break;
2808 }
2809
e41d8b4e
JH		 2810 if (err < 0)
2811 goto done;
2812
0381101f
JH		 2813 err = msglen;
2814
2815done:
2816 kfree(buf);
2817 return err;
2818}
c71e97bf 2819
b24752fe
JH		 2820static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2821{
2822 u8 *status = data;
2823
2824 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2825 mgmt_pending_remove(cmd);
2826}
2827
744cf19e 2828int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2829{
744cf19e 2830 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2831}
2832
744cf19e 2833int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2834{
b24752fe
JH		 2835 u8 status = ENODEV;
2836
744cf19e 2837 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2838
744cf19e 2839 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2840}
2841
73f22f62 2842struct cmd_lookup {
eec8d2bc 2843 struct sock *sk;
69ab39ea 2844 struct hci_dev *hdev;
eec8d2bc
JH		 2845};
2846
69ab39ea 2847static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2848{
73f22f62 2849 struct cmd_lookup *match = data;
eec8d2bc 2850
69ab39ea 2851 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2852
2853 list_del(&cmd->list);
2854
2855 if (match->sk == NULL) {
2856 match->sk = cmd->sk;
2857 sock_hold(match->sk);
2858 }
2859
2860 mgmt_pending_free(cmd);
c71e97bf 2861}
5add6af8 2862
744cf19e 2863int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2864{
76a7f3a4 2865 struct cmd_lookup match = { NULL, hdev };
69ab39ea 2866 __le32 ev;
7bb895d6 2867 int err;
5add6af8 2868
69ab39ea 2869 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2870
b24752fe
JH		 2871 if (!powered) {
2872 u8 status = ENETDOWN;
744cf19e 2873 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2874 }
2875
69ab39ea 2876 ev = cpu_to_le32(get_current_settings(hdev));
eec8d2bc 2877
7bb895d6 2878 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
69ab39ea 2879 match.sk);
eec8d2bc
JH		 2880
2881 if (match.sk)
2882 sock_put(match.sk);
2883
7bb895d6 2884 return err;
5add6af8 2885}
73f22f62 2886
744cf19e 2887int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2888{
76a7f3a4 2889 struct cmd_lookup match = { NULL, hdev };
69ab39ea 2890 __le32 ev;
7bb895d6 2891 int err;
73f22f62 2892
69ab39ea 2893 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp, &match);
72a734ec 2894
69ab39ea 2895 ev = cpu_to_le32(get_current_settings(hdev));
73f22f62 2896
7bb895d6 2897 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev),
4e51eae9 2898 match.sk);
73f22f62
JH		 2899 if (match.sk)
2900 sock_put(match.sk);
2901
7bb895d6 2902 return err;
73f22f62 2903}
9fbcbb45 2904
744cf19e 2905int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2906{
69ab39ea 2907 __le32 ev;
76a7f3a4 2908 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2909 int err;
9fbcbb45 2910
69ab39ea
JH		 2911 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2912 &match);
9fbcbb45 2913
69ab39ea 2914 ev = cpu_to_le32(get_current_settings(hdev));
9fbcbb45 2915
7bb895d6 2916 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
9fbcbb45
JH		 2917
2918 if (match.sk)
2919 sock_put(match.sk);
2920
7bb895d6 2921 return err;
9fbcbb45 2922}
55ed8ca1 2923
744cf19e 2924int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2925{
ca69b795
JH		 2926 u8 mgmt_err = mgmt_status(status);
2927
2d7cee58 2928 if (scan & SCAN_PAGE)
744cf19e 2929 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2930 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2931
2932 if (scan & SCAN_INQUIRY)
744cf19e 2933 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2934 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2935
2936 return 0;
2937}
2938
744cf19e
JH		 2939int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2940 u8 persistent)
55ed8ca1 2941{
86742e1e 2942 struct mgmt_ev_new_link_key ev;
55ed8ca1 2943
a492cd52 2944 memset(&ev, 0, sizeof(ev));
55ed8ca1 2945
a492cd52 2946 ev.store_hint = persistent;
d753fdc4
JH		 2947 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2948 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2949 ev.key.type = key->type;
2950 memcpy(ev.key.val, key->val, 16);
2951 ev.key.pin_len = key->pin_len;
55ed8ca1 2952
744cf19e 2953 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2954}
f7520543 2955
346af67b
VCG		 2956int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2957{
2958 struct mgmt_ev_new_long_term_key ev;
2959
2960 memset(&ev, 0, sizeof(ev));
2961
2962 ev.store_hint = persistent;
2963 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2964 ev.key.addr.type = key->bdaddr_type;
2965 ev.key.authenticated = key->authenticated;
2966 ev.key.enc_size = key->enc_size;
2967 ev.key.ediv = key->ediv;
2968
2969 if (key->type == HCI_SMP_LTK)
2970 ev.key.master = 1;
2971
2972 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2973 memcpy(ev.key.val, key->val, sizeof(key->val));
2974
2975 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2976 &ev, sizeof(ev), NULL);
2977}
2978
afc747a6 2979int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 2980 u8 addr_type, u8 *name, u8 name_len,
2981 u8 *dev_class)
f7520543 2982{
b644ba33
JH		 2983 char buf[512];
2984 struct mgmt_ev_device_connected *ev = (void *) buf;
2985 u16 eir_len = 0;
f7520543 2986
b644ba33
JH		 2987 bacpy(&ev->addr.bdaddr, bdaddr);
2988 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2989
b644ba33
JH		 2990 if (name_len > 0)
2991 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2992 name, name_len);
2993
2994 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2995 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2996 EIR_CLASS_OF_DEV, dev_class, 3);
2997
2998 put_unaligned_le16(eir_len, &ev->eir_len);
2999
3000 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3001 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3002}
3003
8962ee74
JH		 3004static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3005{
c68fb7ff 3006 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3007 struct sock **sk = data;
a38528f1 3008 struct mgmt_rp_disconnect rp;
8962ee74 3009
88c3df13
JH		 3010 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3011 rp.addr.type = cp->addr.type;
8962ee74 3012
aee9b218
JH		 3013 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3014 sizeof(rp));
8962ee74
JH		 3015
3016 *sk = cmd->sk;
3017 sock_hold(*sk);
3018
a664b5bc 3019 mgmt_pending_remove(cmd);
8962ee74
JH		 3020}
3021
124f6e35 3022static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3023{
b1078ad0 3024 struct hci_dev *hdev = data;
124f6e35
JH		 3025 struct mgmt_cp_unpair_device *cp = cmd->param;
3026 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3027
3028 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3029 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3030 rp.addr.type = cp->addr.type;
a8a1d19e 3031
b1078ad0
JH		 3032 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3033
aee9b218 3034 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3035
3036 mgmt_pending_remove(cmd);
3037}
3038
afc747a6
JH		 3039int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3040 u8 link_type, u8 addr_type)
f7520543 3041{
4c659c39 3042 struct mgmt_addr_info ev;
8962ee74
JH		 3043 struct sock *sk = NULL;
3044 int err;
3045
744cf19e 3046 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3047
f7520543 3048 bacpy(&ev.bdaddr, bdaddr);
48264f06 3049 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3050
afc747a6
JH		 3051 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3052 sk);
8962ee74
JH		 3053
3054 if (sk)
3055 sock_put(sk);
3056
124f6e35 3057 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3058 hdev);
a8a1d19e 3059
8962ee74
JH		 3060 return err;
3061}
3062
88c3df13
JH		 3063int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3064 u8 link_type, u8 addr_type, u8 status)
8962ee74 3065{
88c3df13 3066 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3067 struct pending_cmd *cmd;
3068 int err;
3069
2e58ef3e 3070 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3071 if (!cmd)
3072 return -ENOENT;
3073
88c3df13
JH		 3074 bacpy(&rp.addr.bdaddr, bdaddr);
3075 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3076
88c3df13 3077 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3078 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3079
a664b5bc 3080 mgmt_pending_remove(cmd);
8962ee74 3081
b1078ad0
JH		 3082 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3083 hdev);
8962ee74 3084 return err;
f7520543 3085}
17d5c04c 3086
48264f06
JH		 3087int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3088 u8 addr_type, u8 status)
17d5c04c
JH		 3089{
3090 struct mgmt_ev_connect_failed ev;
3091
4c659c39 3092 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3093 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3094 ev.status = mgmt_status(status);
17d5c04c 3095
744cf19e 3096 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3097}
980e1a53 3098
744cf19e 3099int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3100{
3101 struct mgmt_ev_pin_code_request ev;
3102
d8457698
JH		 3103 bacpy(&ev.addr.bdaddr, bdaddr);
3104 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3105 ev.secure = secure;
980e1a53 3106
744cf19e 3107 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3108 NULL);
980e1a53
JH		 3109}
3110
744cf19e
JH		 3111int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3112 u8 status)
980e1a53
JH		 3113{
3114 struct pending_cmd *cmd;
ac56fb13 3115 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3116 int err;
3117
2e58ef3e 3118 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3119 if (!cmd)
3120 return -ENOENT;
3121
d8457698
JH		 3122 bacpy(&rp.addr.bdaddr, bdaddr);
3123 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3124
aee9b218
JH		 3125 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3126 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3127
a664b5bc 3128 mgmt_pending_remove(cmd);
980e1a53
JH		 3129
3130 return err;
3131}
3132
744cf19e
JH		 3133int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3134 u8 status)
980e1a53
JH		 3135{
3136 struct pending_cmd *cmd;
ac56fb13 3137 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3138 int err;
3139
2e58ef3e 3140 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3141 if (!cmd)
3142 return -ENOENT;
3143
d8457698
JH		 3144 bacpy(&rp.addr.bdaddr, bdaddr);
3145 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3146
aee9b218
JH		 3147 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3148 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3149
a664b5bc 3150 mgmt_pending_remove(cmd);
980e1a53
JH		 3151
3152 return err;
3153}
a5c29683 3154
744cf19e 3155int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3156 u8 link_type, u8 addr_type, __le32 value,
3157 u8 confirm_hint)
a5c29683
JH		 3158{
3159 struct mgmt_ev_user_confirm_request ev;
3160
744cf19e 3161 BT_DBG("%s", hdev->name);
a5c29683 3162
272d90df
JH		 3163 bacpy(&ev.addr.bdaddr, bdaddr);
3164 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3165 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3166 put_unaligned_le32(value, &ev.value);
3167
744cf19e 3168 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3169 NULL);
a5c29683
JH		 3170}
3171
272d90df
JH		 3172int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3173 u8 link_type, u8 addr_type)
604086b7
BG		 3174{
3175 struct mgmt_ev_user_passkey_request ev;
3176
3177 BT_DBG("%s", hdev->name);
3178
272d90df
JH		 3179 bacpy(&ev.addr.bdaddr, bdaddr);
3180 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3181
3182 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3183 NULL);
3184}
3185
0df4c185 3186static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3187 u8 link_type, u8 addr_type, u8 status,
3188 u8 opcode)
a5c29683
JH		 3189{
3190 struct pending_cmd *cmd;
3191 struct mgmt_rp_user_confirm_reply rp;
3192 int err;
3193
2e58ef3e 3194 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3195 if (!cmd)
3196 return -ENOENT;
3197
272d90df
JH		 3198 bacpy(&rp.addr.bdaddr, bdaddr);
3199 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3200 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3201 &rp, sizeof(rp));
a5c29683 3202
a664b5bc 3203 mgmt_pending_remove(cmd);
a5c29683
JH		 3204
3205 return err;
3206}
3207
744cf19e 3208int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3209 u8 link_type, u8 addr_type, u8 status)
a5c29683 3210{
272d90df
JH		 3211 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3212 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3213}
3214
272d90df
JH		 3215int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3216 u8 link_type, u8 addr_type, u8 status)
a5c29683 3217{
272d90df
JH		 3218 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3219 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3220}
2a611692 3221
604086b7 3222int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3223 u8 link_type, u8 addr_type, u8 status)
604086b7 3224{
272d90df
JH		 3225 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3226 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3227}
3228
272d90df
JH		 3229int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3230 u8 link_type, u8 addr_type, u8 status)
604086b7 3231{
272d90df
JH		 3232 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3233 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3234}
3235
bab73cb6
JH		 3236int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3237 u8 addr_type, u8 status)
2a611692
JH		 3238{
3239 struct mgmt_ev_auth_failed ev;
3240
bab73cb6
JH		 3241 bacpy(&ev.addr.bdaddr, bdaddr);
3242 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3243 ev.status = mgmt_status(status);
2a611692 3244
744cf19e 3245 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3246}
b312b161 3247
33ef95ed
JH		 3248int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3249{
3250 struct cmd_lookup match = { NULL, hdev };
3251 __le32 ev;
3252 int err;
3253
3254 if (status) {
3255 u8 mgmt_err = mgmt_status(status);
3256 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3257 cmd_status_rsp, &mgmt_err);
3258 return 0;
3259 }
3260
3261 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3262 &match);
3263
3264 ev = cpu_to_le32(get_current_settings(hdev));
3265 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3266
3267 if (match.sk)
3268 sock_put(match.sk);
3269
3270 return err;
3271}
3272
cacaf52f
JH		 3273static int clear_eir(struct hci_dev *hdev)
3274{
3275 struct hci_cp_write_eir cp;
3276
3277 if (!(hdev->features[6] & LMP_EXT_INQ))
3278 return 0;
3279
3280 memset(&cp, 0, sizeof(cp));
3281
3282 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3283}
3284
ed2c4ee3
JH		 3285int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 status)
3286{
3287 struct cmd_lookup match = { NULL, hdev };
3288 __le32 ev;
3289 int err;
3290
3291 if (status) {
3292 u8 mgmt_err = mgmt_status(status);
3293 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3294 cmd_status_rsp, &mgmt_err);
3295 return 0;
3296 }
3297
3298 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3299
3300 ev = cpu_to_le32(get_current_settings(hdev));
3301 err = mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), match.sk);
3302
cacaf52f 3303 if (match.sk) {
ed2c4ee3
JH		 3304 sock_put(match.sk);
3305
cacaf52f
JH		 3306 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3307 update_eir(hdev);
3308 else
3309 clear_eir(hdev);
3310 }
3311
ed2c4ee3
JH		 3312 return err;
3313}
3314
744cf19e 3315int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3316{
3317 struct pending_cmd *cmd;
3318 struct mgmt_cp_set_local_name ev;
3319 int err;
3320
3321 memset(&ev, 0, sizeof(ev));
3322 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3323
2e58ef3e 3324 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3325 if (!cmd)
3326 goto send_event;
3327
3328 if (status) {
744cf19e 3329 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3330 mgmt_status(status));
b312b161
JH		 3331 goto failed;
3332 }
3333
744cf19e 3334 update_eir(hdev);
80a1e1db 3335
aee9b218 3336 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3337 sizeof(ev));
3338 if (err < 0)
3339 goto failed;
3340
3341send_event:
744cf19e 3342 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3343 cmd ? cmd->sk : NULL);
3344
3345failed:
3346 if (cmd)
3347 mgmt_pending_remove(cmd);
3348 return err;
3349}
c35938b2 3350
744cf19e
JH		 3351int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3352 u8 *randomizer, u8 status)
c35938b2
SJ		 3353{
3354 struct pending_cmd *cmd;
3355 int err;
3356
744cf19e 3357 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3358
2e58ef3e 3359 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3360 if (!cmd)
3361 return -ENOENT;
3362
3363 if (status) {
744cf19e 3364 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3365 MGMT_OP_READ_LOCAL_OOB_DATA,
3366 mgmt_status(status));
c35938b2
SJ		 3367 } else {
3368 struct mgmt_rp_read_local_oob_data rp;
3369
3370 memcpy(rp.hash, hash, sizeof(rp.hash));
3371 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3372
744cf19e
JH		 3373 err = cmd_complete(cmd->sk, hdev->id,
3374 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3375 0, &rp, sizeof(rp));
c35938b2
SJ		 3376 }
3377
3378 mgmt_pending_remove(cmd);
3379
3380 return err;
3381}
e17acd40 3382
48264f06 3383int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3384 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3385 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3386{
e319d2e7
JH		 3387 char buf[512];
3388 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3389 size_t ev_size;
e17acd40 3390
1dc06093
JH		 3391 /* Leave 5 bytes for a potential CoD field */
3392 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3393 return -EINVAL;
3394
1dc06093
JH		 3395 memset(buf, 0, sizeof(buf));
3396
e319d2e7
JH		 3397 bacpy(&ev->addr.bdaddr, bdaddr);
3398 ev->addr.type = link_to_mgmt(link_type, addr_type);
3399 ev->rssi = rssi;
3400 ev->confirm_name = cfm_name;
e17acd40 3401
1dc06093 3402 if (eir_len > 0)
e319d2e7 3403 memcpy(ev->eir, eir, eir_len);
e17acd40 3404
1dc06093
JH		 3405 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3406 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3407 dev_class, 3);
3408
3409 put_unaligned_le16(eir_len, &ev->eir_len);
3410
3411 ev_size = sizeof(*ev) + eir_len;
f8523598 3412
e319d2e7 3413 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3414}
a88a9652 3415
b644ba33
JH		 3416int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3417 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3418{
b644ba33
JH		 3419 struct mgmt_ev_device_found *ev;
3420 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3421 u16 eir_len;
a88a9652 3422
b644ba33 3423 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3424
b644ba33
JH		 3425 memset(buf, 0, sizeof(buf));
3426
3427 bacpy(&ev->addr.bdaddr, bdaddr);
3428 ev->addr.type = link_to_mgmt(link_type, addr_type);
3429 ev->rssi = rssi;
3430
3431 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3432 name_len);
3433
3434 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3435
053c7e0c
JH		 3436 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3437 sizeof(*ev) + eir_len, NULL);
a88a9652 3438}
314b2381 3439
7a135109 3440int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3441{
3442 struct pending_cmd *cmd;
f808e166 3443 u8 type;
164a6e78
JH		 3444 int err;
3445
203159d4
AG		 3446 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3447
2e58ef3e 3448 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3449 if (!cmd)
3450 return -ENOENT;
3451
f808e166
JH		 3452 type = hdev->discovery.type;
3453
3454 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3455 &type, sizeof(type));
164a6e78
JH		 3456 mgmt_pending_remove(cmd);
3457
3458 return err;
3459}
3460
e6d465cb
AG		 3461int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3462{
3463 struct pending_cmd *cmd;
3464 int err;
3465
3466 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3467 if (!cmd)
3468 return -ENOENT;
3469
d930650b
JH		 3470 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3471 &hdev->discovery.type,
3472 sizeof(hdev->discovery.type));
164a6e78
JH		 3473 mgmt_pending_remove(cmd);
3474
3475 return err;
3476}
3477
744cf19e 3478int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3479{
f963e8e9 3480 struct mgmt_ev_discovering ev;
164a6e78
JH		 3481 struct pending_cmd *cmd;
3482
343fb145
AG		 3483 BT_DBG("%s discovering %u", hdev->name, discovering);
3484
164a6e78 3485 if (discovering)
2e58ef3e 3486 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3487 else
2e58ef3e 3488 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3489
3490 if (cmd != NULL) {
f808e166
JH		 3491 u8 type = hdev->discovery.type;
3492
d930650b 3493 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3494 &type, sizeof(type));
164a6e78
JH		 3495 mgmt_pending_remove(cmd);
3496 }
3497
f963e8e9
JH		 3498 memset(&ev, 0, sizeof(ev));
3499 ev.type = hdev->discovery.type;
3500 ev.discovering = discovering;
3501
3502 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3503}
5e762444 3504
88c1fe4b 3505int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3506{
3507 struct pending_cmd *cmd;
3508 struct mgmt_ev_device_blocked ev;
3509
2e58ef3e 3510 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3511
88c1fe4b
JH		 3512 bacpy(&ev.addr.bdaddr, bdaddr);
3513 ev.addr.type = type;
5e762444 3514
744cf19e
JH		 3515 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3516 cmd ? cmd->sk : NULL);
5e762444
AJ		 3517}
3518
88c1fe4b 3519int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3520{
3521 struct pending_cmd *cmd;
3522 struct mgmt_ev_device_unblocked ev;
3523
2e58ef3e 3524 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3525
88c1fe4b
JH		 3526 bacpy(&ev.addr.bdaddr, bdaddr);
3527 ev.addr.type = type;
5e762444 3528
744cf19e
JH		 3529 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3530 cmd ? cmd->sk : NULL);
5e762444 3531}
d7b7e796
MH		 3532
3533module_param(enable_hs, bool, 0644);
3534MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3535
3536module_param(enable_le, bool, 0644);
3537MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux 6.x block layer and io_uring tree(s)