linux/net/bluetooth/mgmt.c
<<
>>
Prefs
   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3
   4   Copyright (C) 2010  Nokia Corporation
   5   Copyright (C) 2011-2012 Intel Corporation
   6
   7   This program is free software; you can redistribute it and/or modify
   8   it under the terms of the GNU General Public License version 2 as
   9   published by the Free Software Foundation;
  10
  11   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22   SOFTWARE IS DISCLAIMED.
  23*/
  24
  25/* Bluetooth HCI Management interface */
  26
  27#include <linux/module.h>
  28#include <asm/unaligned.h>
  29
  30#include <net/bluetooth/bluetooth.h>
  31#include <net/bluetooth/hci_core.h>
  32#include <net/bluetooth/mgmt.h>
  33#include <net/bluetooth/smp.h>
  34
  35bool enable_hs;
  36
  37#define MGMT_VERSION    1
  38#define MGMT_REVISION   1
  39
  40static const u16 mgmt_commands[] = {
  41        MGMT_OP_READ_INDEX_LIST,
  42        MGMT_OP_READ_INFO,
  43        MGMT_OP_SET_POWERED,
  44        MGMT_OP_SET_DISCOVERABLE,
  45        MGMT_OP_SET_CONNECTABLE,
  46        MGMT_OP_SET_FAST_CONNECTABLE,
  47        MGMT_OP_SET_PAIRABLE,
  48        MGMT_OP_SET_LINK_SECURITY,
  49        MGMT_OP_SET_SSP,
  50        MGMT_OP_SET_HS,
  51        MGMT_OP_SET_LE,
  52        MGMT_OP_SET_DEV_CLASS,
  53        MGMT_OP_SET_LOCAL_NAME,
  54        MGMT_OP_ADD_UUID,
  55        MGMT_OP_REMOVE_UUID,
  56        MGMT_OP_LOAD_LINK_KEYS,
  57        MGMT_OP_LOAD_LONG_TERM_KEYS,
  58        MGMT_OP_DISCONNECT,
  59        MGMT_OP_GET_CONNECTIONS,
  60        MGMT_OP_PIN_CODE_REPLY,
  61        MGMT_OP_PIN_CODE_NEG_REPLY,
  62        MGMT_OP_SET_IO_CAPABILITY,
  63        MGMT_OP_PAIR_DEVICE,
  64        MGMT_OP_CANCEL_PAIR_DEVICE,
  65        MGMT_OP_UNPAIR_DEVICE,
  66        MGMT_OP_USER_CONFIRM_REPLY,
  67        MGMT_OP_USER_CONFIRM_NEG_REPLY,
  68        MGMT_OP_USER_PASSKEY_REPLY,
  69        MGMT_OP_USER_PASSKEY_NEG_REPLY,
  70        MGMT_OP_READ_LOCAL_OOB_DATA,
  71        MGMT_OP_ADD_REMOTE_OOB_DATA,
  72        MGMT_OP_REMOVE_REMOTE_OOB_DATA,
  73        MGMT_OP_START_DISCOVERY,
  74        MGMT_OP_STOP_DISCOVERY,
  75        MGMT_OP_CONFIRM_NAME,
  76        MGMT_OP_BLOCK_DEVICE,
  77        MGMT_OP_UNBLOCK_DEVICE,
  78        MGMT_OP_SET_DEVICE_ID,
  79};
  80
  81static const u16 mgmt_events[] = {
  82        MGMT_EV_CONTROLLER_ERROR,
  83        MGMT_EV_INDEX_ADDED,
  84        MGMT_EV_INDEX_REMOVED,
  85        MGMT_EV_NEW_SETTINGS,
  86        MGMT_EV_CLASS_OF_DEV_CHANGED,
  87        MGMT_EV_LOCAL_NAME_CHANGED,
  88        MGMT_EV_NEW_LINK_KEY,
  89        MGMT_EV_NEW_LONG_TERM_KEY,
  90        MGMT_EV_DEVICE_CONNECTED,
  91        MGMT_EV_DEVICE_DISCONNECTED,
  92        MGMT_EV_CONNECT_FAILED,
  93        MGMT_EV_PIN_CODE_REQUEST,
  94        MGMT_EV_USER_CONFIRM_REQUEST,
  95        MGMT_EV_USER_PASSKEY_REQUEST,
  96        MGMT_EV_AUTH_FAILED,
  97        MGMT_EV_DEVICE_FOUND,
  98        MGMT_EV_DISCOVERING,
  99        MGMT_EV_DEVICE_BLOCKED,
 100        MGMT_EV_DEVICE_UNBLOCKED,
 101        MGMT_EV_DEVICE_UNPAIRED,
 102};
 103
 104/*
 105 * These LE scan and inquiry parameters were chosen according to LE General
 106 * Discovery Procedure specification.
 107 */
 108#define LE_SCAN_TYPE                    0x01
 109#define LE_SCAN_WIN                     0x12
 110#define LE_SCAN_INT                     0x12
 111#define LE_SCAN_TIMEOUT_LE_ONLY         10240   /* TGAP(gen_disc_scan_min) */
 112#define LE_SCAN_TIMEOUT_BREDR_LE        5120    /* TGAP(100)/2 */
 113
 114#define INQUIRY_LEN_BREDR               0x08    /* TGAP(100) */
 115#define INQUIRY_LEN_BREDR_LE            0x04    /* TGAP(100)/2 */
 116
 117#define CACHE_TIMEOUT   msecs_to_jiffies(2 * 1000)
 118
 119#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
 120                                !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
 121
 122struct pending_cmd {
 123        struct list_head list;
 124        u16 opcode;
 125        int index;
 126        void *param;
 127        struct sock *sk;
 128        void *user_data;
 129};
 130
 131/* HCI to MGMT error code conversion table */
 132static u8 mgmt_status_table[] = {
 133        MGMT_STATUS_SUCCESS,
 134        MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
 135        MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
 136        MGMT_STATUS_FAILED,             /* Hardware Failure */
 137        MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
 138        MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
 139        MGMT_STATUS_NOT_PAIRED,         /* PIN or Key Missing */
 140        MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
 141        MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
 142        MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
 143        MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
 144        MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
 145        MGMT_STATUS_BUSY,               /* Command Disallowed */
 146        MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
 147        MGMT_STATUS_REJECTED,           /* Rejected Security */
 148        MGMT_STATUS_REJECTED,           /* Rejected Personal */
 149        MGMT_STATUS_TIMEOUT,            /* Host Timeout */
 150        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
 151        MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
 152        MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
 153        MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
 154        MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
 155        MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
 156        MGMT_STATUS_BUSY,               /* Repeated Attempts */
 157        MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
 158        MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
 159        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
 160        MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
 161        MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
 162        MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
 163        MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
 164        MGMT_STATUS_FAILED,             /* Unspecified Error */
 165        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
 166        MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
 167        MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
 168        MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
 169        MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
 170        MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
 171        MGMT_STATUS_FAILED,             /* Unit Link Key Used */
 172        MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
 173        MGMT_STATUS_TIMEOUT,            /* Instant Passed */
 174        MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
 175        MGMT_STATUS_FAILED,             /* Transaction Collision */
 176        MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
 177        MGMT_STATUS_REJECTED,           /* QoS Rejected */
 178        MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
 179        MGMT_STATUS_REJECTED,           /* Insufficient Security */
 180        MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
 181        MGMT_STATUS_BUSY,               /* Role Switch Pending */
 182        MGMT_STATUS_FAILED,             /* Slot Violation */
 183        MGMT_STATUS_FAILED,             /* Role Switch Failed */
 184        MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
 185        MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
 186        MGMT_STATUS_BUSY,               /* Host Busy Pairing */
 187        MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
 188        MGMT_STATUS_BUSY,               /* Controller Busy */
 189        MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
 190        MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
 191        MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
 192        MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
 193        MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
 194};
 195
 196static u8 mgmt_status(u8 hci_status)
 197{
 198        if (hci_status < ARRAY_SIZE(mgmt_status_table))
 199                return mgmt_status_table[hci_status];
 200
 201        return MGMT_STATUS_FAILED;
 202}
 203
 204static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
 205{
 206        struct sk_buff *skb;
 207        struct mgmt_hdr *hdr;
 208        struct mgmt_ev_cmd_status *ev;
 209        int err;
 210
 211        BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
 212
 213        skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
 214        if (!skb)
 215                return -ENOMEM;
 216
 217        hdr = (void *) skb_put(skb, sizeof(*hdr));
 218
 219        hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
 220        hdr->index = cpu_to_le16(index);
 221        hdr->len = cpu_to_le16(sizeof(*ev));
 222
 223        ev = (void *) skb_put(skb, sizeof(*ev));
 224        ev->status = status;
 225        ev->opcode = cpu_to_le16(cmd);
 226
 227        err = sock_queue_rcv_skb(sk, skb);
 228        if (err < 0)
 229                kfree_skb(skb);
 230
 231        return err;
 232}
 233
 234static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
 235                        void *rp, size_t rp_len)
 236{
 237        struct sk_buff *skb;
 238        struct mgmt_hdr *hdr;
 239        struct mgmt_ev_cmd_complete *ev;
 240        int err;
 241
 242        BT_DBG("sock %p", sk);
 243
 244        skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
 245        if (!skb)
 246                return -ENOMEM;
 247
 248        hdr = (void *) skb_put(skb, sizeof(*hdr));
 249
 250        hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
 251        hdr->index = cpu_to_le16(index);
 252        hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
 253
 254        ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
 255        ev->opcode = cpu_to_le16(cmd);
 256        ev->status = status;
 257
 258        if (rp)
 259                memcpy(ev->data, rp, rp_len);
 260
 261        err = sock_queue_rcv_skb(sk, skb);
 262        if (err < 0)
 263                kfree_skb(skb);
 264
 265        return err;
 266}
 267
 268static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
 269                        u16 data_len)
 270{
 271        struct mgmt_rp_read_version rp;
 272
 273        BT_DBG("sock %p", sk);
 274
 275        rp.version = MGMT_VERSION;
 276        rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
 277
 278        return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
 279                            sizeof(rp));
 280}
 281
 282static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
 283                         u16 data_len)
 284{
 285        struct mgmt_rp_read_commands *rp;
 286        const u16 num_commands = ARRAY_SIZE(mgmt_commands);
 287        const u16 num_events = ARRAY_SIZE(mgmt_events);
 288        __le16 *opcode;
 289        size_t rp_size;
 290        int i, err;
 291
 292        BT_DBG("sock %p", sk);
 293
 294        rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
 295
 296        rp = kmalloc(rp_size, GFP_KERNEL);
 297        if (!rp)
 298                return -ENOMEM;
 299
 300        rp->num_commands = __constant_cpu_to_le16(num_commands);
 301        rp->num_events = __constant_cpu_to_le16(num_events);
 302
 303        for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
 304                put_unaligned_le16(mgmt_commands[i], opcode);
 305
 306        for (i = 0; i < num_events; i++, opcode++)
 307                put_unaligned_le16(mgmt_events[i], opcode);
 308
 309        err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
 310                           rp_size);
 311        kfree(rp);
 312
 313        return err;
 314}
 315
 316static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
 317                           u16 data_len)
 318{
 319        struct mgmt_rp_read_index_list *rp;
 320        struct list_head *p;
 321        struct hci_dev *d;
 322        size_t rp_len;
 323        u16 count;
 324        int i, err;
 325
 326        BT_DBG("sock %p", sk);
 327
 328        read_lock(&hci_dev_list_lock);
 329
 330        count = 0;
 331        list_for_each(p, &hci_dev_list) {
 332                count++;
 333        }
 334
 335        rp_len = sizeof(*rp) + (2 * count);
 336        rp = kmalloc(rp_len, GFP_ATOMIC);
 337        if (!rp) {
 338                read_unlock(&hci_dev_list_lock);
 339                return -ENOMEM;
 340        }
 341
 342        rp->num_controllers = cpu_to_le16(count);
 343
 344        i = 0;
 345        list_for_each_entry(d, &hci_dev_list, list) {
 346                if (test_bit(HCI_SETUP, &d->dev_flags))
 347                        continue;
 348
 349                rp->index[i++] = cpu_to_le16(d->id);
 350                BT_DBG("Added hci%u", d->id);
 351        }
 352
 353        read_unlock(&hci_dev_list_lock);
 354
 355        err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
 356                           rp_len);
 357
 358        kfree(rp);
 359
 360        return err;
 361}
 362
 363static u32 get_supported_settings(struct hci_dev *hdev)
 364{
 365        u32 settings = 0;
 366
 367        settings |= MGMT_SETTING_POWERED;
 368        settings |= MGMT_SETTING_CONNECTABLE;
 369        settings |= MGMT_SETTING_FAST_CONNECTABLE;
 370        settings |= MGMT_SETTING_DISCOVERABLE;
 371        settings |= MGMT_SETTING_PAIRABLE;
 372
 373        if (hdev->features[6] & LMP_SIMPLE_PAIR)
 374                settings |= MGMT_SETTING_SSP;
 375
 376        if (!(hdev->features[4] & LMP_NO_BREDR)) {
 377                settings |= MGMT_SETTING_BREDR;
 378                settings |= MGMT_SETTING_LINK_SECURITY;
 379        }
 380
 381        if (enable_hs)
 382                settings |= MGMT_SETTING_HS;
 383
 384        if (hdev->features[4] & LMP_LE)
 385                settings |= MGMT_SETTING_LE;
 386
 387        return settings;
 388}
 389
 390static u32 get_current_settings(struct hci_dev *hdev)
 391{
 392        u32 settings = 0;
 393
 394        if (hdev_is_powered(hdev))
 395                settings |= MGMT_SETTING_POWERED;
 396
 397        if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
 398                settings |= MGMT_SETTING_CONNECTABLE;
 399
 400        if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
 401                settings |= MGMT_SETTING_DISCOVERABLE;
 402
 403        if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
 404                settings |= MGMT_SETTING_PAIRABLE;
 405
 406        if (!(hdev->features[4] & LMP_NO_BREDR))
 407                settings |= MGMT_SETTING_BREDR;
 408
 409        if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
 410                settings |= MGMT_SETTING_LE;
 411
 412        if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
 413                settings |= MGMT_SETTING_LINK_SECURITY;
 414
 415        if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
 416                settings |= MGMT_SETTING_SSP;
 417
 418        if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
 419                settings |= MGMT_SETTING_HS;
 420
 421        return settings;
 422}
 423
 424#define PNP_INFO_SVCLASS_ID             0x1200
 425
 426static u8 bluetooth_base_uuid[] = {
 427                        0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
 428                        0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 429};
 430
 431static u16 get_uuid16(u8 *uuid128)
 432{
 433        u32 val;
 434        int i;
 435
 436        for (i = 0; i < 12; i++) {
 437                if (bluetooth_base_uuid[i] != uuid128[i])
 438                        return 0;
 439        }
 440
 441        val = get_unaligned_le32(&uuid128[12]);
 442        if (val > 0xffff)
 443                return 0;
 444
 445        return (u16) val;
 446}
 447
 448static void create_eir(struct hci_dev *hdev, u8 *data)
 449{
 450        u8 *ptr = data;
 451        u16 eir_len = 0;
 452        u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
 453        int i, truncated = 0;
 454        struct bt_uuid *uuid;
 455        size_t name_len;
 456
 457        name_len = strlen(hdev->dev_name);
 458
 459        if (name_len > 0) {
 460                /* EIR Data type */
 461                if (name_len > 48) {
 462                        name_len = 48;
 463                        ptr[1] = EIR_NAME_SHORT;
 464                } else
 465                        ptr[1] = EIR_NAME_COMPLETE;
 466
 467                /* EIR Data length */
 468                ptr[0] = name_len + 1;
 469
 470                memcpy(ptr + 2, hdev->dev_name, name_len);
 471
 472                eir_len += (name_len + 2);
 473                ptr += (name_len + 2);
 474        }
 475
 476        if (hdev->inq_tx_power) {
 477                ptr[0] = 2;
 478                ptr[1] = EIR_TX_POWER;
 479                ptr[2] = (u8) hdev->inq_tx_power;
 480
 481                eir_len += 3;
 482                ptr += 3;
 483        }
 484
 485        if (hdev->devid_source > 0) {
 486                ptr[0] = 9;
 487                ptr[1] = EIR_DEVICE_ID;
 488
 489                put_unaligned_le16(hdev->devid_source, ptr + 2);
 490                put_unaligned_le16(hdev->devid_vendor, ptr + 4);
 491                put_unaligned_le16(hdev->devid_product, ptr + 6);
 492                put_unaligned_le16(hdev->devid_version, ptr + 8);
 493
 494                eir_len += 10;
 495                ptr += 10;
 496        }
 497
 498        memset(uuid16_list, 0, sizeof(uuid16_list));
 499
 500        /* Group all UUID16 types */
 501        list_for_each_entry(uuid, &hdev->uuids, list) {
 502                u16 uuid16;
 503
 504                uuid16 = get_uuid16(uuid->uuid);
 505                if (uuid16 == 0)
 506                        return;
 507
 508                if (uuid16 < 0x1100)
 509                        continue;
 510
 511                if (uuid16 == PNP_INFO_SVCLASS_ID)
 512                        continue;
 513
 514                /* Stop if not enough space to put next UUID */
 515                if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
 516                        truncated = 1;
 517                        break;
 518                }
 519
 520                /* Check for duplicates */
 521                for (i = 0; uuid16_list[i] != 0; i++)
 522                        if (uuid16_list[i] == uuid16)
 523                                break;
 524
 525                if (uuid16_list[i] == 0) {
 526                        uuid16_list[i] = uuid16;
 527                        eir_len += sizeof(u16);
 528                }
 529        }
 530
 531        if (uuid16_list[0] != 0) {
 532                u8 *length = ptr;
 533
 534                /* EIR Data type */
 535                ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
 536
 537                ptr += 2;
 538                eir_len += 2;
 539
 540                for (i = 0; uuid16_list[i] != 0; i++) {
 541                        *ptr++ = (uuid16_list[i] & 0x00ff);
 542                        *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
 543                }
 544
 545                /* EIR Data length */
 546                *length = (i * sizeof(u16)) + 1;
 547        }
 548}
 549
 550static int update_eir(struct hci_dev *hdev)
 551{
 552        struct hci_cp_write_eir cp;
 553
 554        if (!hdev_is_powered(hdev))
 555                return 0;
 556
 557        if (!(hdev->features[6] & LMP_EXT_INQ))
 558                return 0;
 559
 560        if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
 561                return 0;
 562
 563        if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
 564                return 0;
 565
 566        memset(&cp, 0, sizeof(cp));
 567
 568        create_eir(hdev, cp.data);
 569
 570        if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
 571                return 0;
 572
 573        memcpy(hdev->eir, cp.data, sizeof(cp.data));
 574
 575        return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
 576}
 577
 578static u8 get_service_classes(struct hci_dev *hdev)
 579{
 580        struct bt_uuid *uuid;
 581        u8 val = 0;
 582
 583        list_for_each_entry(uuid, &hdev->uuids, list)
 584                val |= uuid->svc_hint;
 585
 586        return val;
 587}
 588
 589static int update_class(struct hci_dev *hdev)
 590{
 591        u8 cod[3];
 592        int err;
 593
 594        BT_DBG("%s", hdev->name);
 595
 596        if (!hdev_is_powered(hdev))
 597                return 0;
 598
 599        if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
 600                return 0;
 601
 602        cod[0] = hdev->minor_class;
 603        cod[1] = hdev->major_class;
 604        cod[2] = get_service_classes(hdev);
 605
 606        if (memcmp(cod, hdev->dev_class, 3) == 0)
 607                return 0;
 608
 609        err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
 610        if (err == 0)
 611                set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
 612
 613        return err;
 614}
 615
 616static void service_cache_off(struct work_struct *work)
 617{
 618        struct hci_dev *hdev = container_of(work, struct hci_dev,
 619                                            service_cache.work);
 620
 621        if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
 622                return;
 623
 624        hci_dev_lock(hdev);
 625
 626        update_eir(hdev);
 627        update_class(hdev);
 628
 629        hci_dev_unlock(hdev);
 630}
 631
 632static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
 633{
 634        if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
 635                return;
 636
 637        INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
 638
 639        /* Non-mgmt controlled devices get this bit set
 640         * implicitly so that pairing works for them, however
 641         * for mgmt we require user-space to explicitly enable
 642         * it
 643         */
 644        clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
 645}
 646
 647static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
 648                                void *data, u16 data_len)
 649{
 650        struct mgmt_rp_read_info rp;
 651
 652        BT_DBG("sock %p %s", sk, hdev->name);
 653
 654        hci_dev_lock(hdev);
 655
 656        memset(&rp, 0, sizeof(rp));
 657
 658        bacpy(&rp.bdaddr, &hdev->bdaddr);
 659
 660        rp.version = hdev->hci_ver;
 661        rp.manufacturer = cpu_to_le16(hdev->manufacturer);
 662
 663        rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
 664        rp.current_settings = cpu_to_le32(get_current_settings(hdev));
 665
 666        memcpy(rp.dev_class, hdev->dev_class, 3);
 667
 668        memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
 669        memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
 670
 671        hci_dev_unlock(hdev);
 672
 673        return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
 674                            sizeof(rp));
 675}
 676
 677static void mgmt_pending_free(struct pending_cmd *cmd)
 678{
 679        sock_put(cmd->sk);
 680        kfree(cmd->param);
 681        kfree(cmd);
 682}
 683
 684static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
 685                                            struct hci_dev *hdev, void *data,
 686                                            u16 len)
 687{
 688        struct pending_cmd *cmd;
 689
 690        cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
 691        if (!cmd)
 692                return NULL;
 693
 694        cmd->opcode = opcode;
 695        cmd->index = hdev->id;
 696
 697        cmd->param = kmalloc(len, GFP_KERNEL);
 698        if (!cmd->param) {
 699                kfree(cmd);
 700                return NULL;
 701        }
 702
 703        if (data)
 704                memcpy(cmd->param, data, len);
 705
 706        cmd->sk = sk;
 707        sock_hold(sk);
 708
 709        list_add(&cmd->list, &hdev->mgmt_pending);
 710
 711        return cmd;
 712}
 713
 714static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
 715                                 void (*cb)(struct pending_cmd *cmd,
 716                                            void *data),
 717                                 void *data)
 718{
 719        struct list_head *p, *n;
 720
 721        list_for_each_safe(p, n, &hdev->mgmt_pending) {
 722                struct pending_cmd *cmd;
 723
 724                cmd = list_entry(p, struct pending_cmd, list);
 725
 726                if (opcode > 0 && cmd->opcode != opcode)
 727                        continue;
 728
 729                cb(cmd, data);
 730        }
 731}
 732
 733static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
 734{
 735        struct pending_cmd *cmd;
 736
 737        list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
 738                if (cmd->opcode == opcode)
 739                        return cmd;
 740        }
 741
 742        return NULL;
 743}
 744
 745static void mgmt_pending_remove(struct pending_cmd *cmd)
 746{
 747        list_del(&cmd->list);
 748        mgmt_pending_free(cmd);
 749}
 750
 751static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
 752{
 753        __le32 settings = cpu_to_le32(get_current_settings(hdev));
 754
 755        return cmd_complete(sk, hdev->id, opcode, 0, &settings,
 756                            sizeof(settings));
 757}
 758
 759static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
 760                       u16 len)
 761{
 762        struct mgmt_mode *cp = data;
 763        struct pending_cmd *cmd;
 764        int err;
 765
 766        BT_DBG("request for %s", hdev->name);
 767
 768        hci_dev_lock(hdev);
 769
 770        if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
 771                cancel_delayed_work(&hdev->power_off);
 772
 773                if (cp->val) {
 774                        err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
 775                        mgmt_powered(hdev, 1);
 776                        goto failed;
 777                }
 778        }
 779
 780        if (!!cp->val == hdev_is_powered(hdev)) {
 781                err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
 782                goto failed;
 783        }
 784
 785        if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
 786                err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
 787                                 MGMT_STATUS_BUSY);
 788                goto failed;
 789        }
 790
 791        cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
 792        if (!cmd) {
 793                err = -ENOMEM;
 794                goto failed;
 795        }
 796
 797        if (cp->val)
 798                schedule_work(&hdev->power_on);
 799        else
 800                schedule_work(&hdev->power_off.work);
 801
 802        err = 0;
 803
 804failed:
 805        hci_dev_unlock(hdev);
 806        return err;
 807}
 808
 809static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
 810                      struct sock *skip_sk)
 811{
 812        struct sk_buff *skb;
 813        struct mgmt_hdr *hdr;
 814
 815        skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
 816        if (!skb)
 817                return -ENOMEM;
 818
 819        hdr = (void *) skb_put(skb, sizeof(*hdr));
 820        hdr->opcode = cpu_to_le16(event);
 821        if (hdev)
 822                hdr->index = cpu_to_le16(hdev->id);
 823        else
 824                hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
 825        hdr->len = cpu_to_le16(data_len);
 826
 827        if (data)
 828                memcpy(skb_put(skb, data_len), data, data_len);
 829
 830        /* Time stamp */
 831        __net_timestamp(skb);
 832
 833        hci_send_to_control(skb, skip_sk);
 834        kfree_skb(skb);
 835
 836        return 0;
 837}
 838
 839static int new_settings(struct hci_dev *hdev, struct sock *skip)
 840{
 841        __le32 ev;
 842
 843        ev = cpu_to_le32(get_current_settings(hdev));
 844
 845        return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
 846}
 847
 848static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
 849                            u16 len)
 850{
 851        struct mgmt_cp_set_discoverable *cp = data;
 852        struct pending_cmd *cmd;
 853        u16 timeout;
 854        u8 scan;
 855        int err;
 856
 857        BT_DBG("request for %s", hdev->name);
 858
 859        timeout = __le16_to_cpu(cp->timeout);
 860        if (!cp->val && timeout > 0)
 861                return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 862                                  MGMT_STATUS_INVALID_PARAMS);
 863
 864        hci_dev_lock(hdev);
 865
 866        if (!hdev_is_powered(hdev) && timeout > 0) {
 867                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 868                                 MGMT_STATUS_NOT_POWERED);
 869                goto failed;
 870        }
 871
 872        if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
 873            mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
 874                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 875                                 MGMT_STATUS_BUSY);
 876                goto failed;
 877        }
 878
 879        if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
 880                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 881                                 MGMT_STATUS_REJECTED);
 882                goto failed;
 883        }
 884
 885        if (!hdev_is_powered(hdev)) {
 886                bool changed = false;
 887
 888                if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
 889                        change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
 890                        changed = true;
 891                }
 892
 893                err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
 894                if (err < 0)
 895                        goto failed;
 896
 897                if (changed)
 898                        err = new_settings(hdev, sk);
 899
 900                goto failed;
 901        }
 902
 903        if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
 904                if (hdev->discov_timeout > 0) {
 905                        cancel_delayed_work(&hdev->discov_off);
 906                        hdev->discov_timeout = 0;
 907                }
 908
 909                if (cp->val && timeout > 0) {
 910                        hdev->discov_timeout = timeout;
 911                        queue_delayed_work(hdev->workqueue, &hdev->discov_off,
 912                                msecs_to_jiffies(hdev->discov_timeout * 1000));
 913                }
 914
 915                err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
 916                goto failed;
 917        }
 918
 919        cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
 920        if (!cmd) {
 921                err = -ENOMEM;
 922                goto failed;
 923        }
 924
 925        scan = SCAN_PAGE;
 926
 927        if (cp->val)
 928                scan |= SCAN_INQUIRY;
 929        else
 930                cancel_delayed_work(&hdev->discov_off);
 931
 932        err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
 933        if (err < 0)
 934                mgmt_pending_remove(cmd);
 935
 936        if (cp->val)
 937                hdev->discov_timeout = timeout;
 938
 939failed:
 940        hci_dev_unlock(hdev);
 941        return err;
 942}
 943
 944static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
 945                           u16 len)
 946{
 947        struct mgmt_mode *cp = data;
 948        struct pending_cmd *cmd;
 949        u8 scan;
 950        int err;
 951
 952        BT_DBG("request for %s", hdev->name);
 953
 954        hci_dev_lock(hdev);
 955
 956        if (!hdev_is_powered(hdev)) {
 957                bool changed = false;
 958
 959                if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
 960                        changed = true;
 961
 962                if (cp->val) {
 963                        set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
 964                } else {
 965                        clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
 966                        clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
 967                }
 968
 969                err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
 970                if (err < 0)
 971                        goto failed;
 972
 973                if (changed)
 974                        err = new_settings(hdev, sk);
 975
 976                goto failed;
 977        }
 978
 979        if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
 980            mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
 981                err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
 982                                 MGMT_STATUS_BUSY);
 983                goto failed;
 984        }
 985
 986        if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
 987                err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
 988                goto failed;
 989        }
 990
 991        cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
 992        if (!cmd) {
 993                err = -ENOMEM;
 994                goto failed;
 995        }
 996
 997        if (cp->val) {
 998                scan = SCAN_PAGE;
 999        } else {
1000                scan = 0;
1001
1002                if (test_bit(HCI_ISCAN, &hdev->flags) &&
1003                    hdev->discov_timeout > 0)
1004                        cancel_delayed_work(&hdev->discov_off);
1005        }
1006
1007        err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1008        if (err < 0)
1009                mgmt_pending_remove(cmd);
1010
1011failed:
1012        hci_dev_unlock(hdev);
1013        return err;
1014}
1015
1016static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1017                        u16 len)
1018{
1019        struct mgmt_mode *cp = data;
1020        int err;
1021
1022        BT_DBG("request for %s", hdev->name);
1023
1024        hci_dev_lock(hdev);
1025
1026        if (cp->val)
1027                set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1028        else
1029                clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1030
1031        err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1032        if (err < 0)
1033                goto failed;
1034
1035        err = new_settings(hdev, sk);
1036
1037failed:
1038        hci_dev_unlock(hdev);
1039        return err;
1040}
1041
1042static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1043                             u16 len)
1044{
1045        struct mgmt_mode *cp = data;
1046        struct pending_cmd *cmd;
1047        u8 val;
1048        int err;
1049
1050        BT_DBG("request for %s", hdev->name);
1051
1052        hci_dev_lock(hdev);
1053
1054        if (!hdev_is_powered(hdev)) {
1055                bool changed = false;
1056
1057                if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1058                                          &hdev->dev_flags)) {
1059                        change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1060                        changed = true;
1061                }
1062
1063                err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1064                if (err < 0)
1065                        goto failed;
1066
1067                if (changed)
1068                        err = new_settings(hdev, sk);
1069
1070                goto failed;
1071        }
1072
1073        if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1074                err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1075                                 MGMT_STATUS_BUSY);
1076                goto failed;
1077        }
1078
1079        val = !!cp->val;
1080
1081        if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1082                err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1083                goto failed;
1084        }
1085
1086        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1087        if (!cmd) {
1088                err = -ENOMEM;
1089                goto failed;
1090        }
1091
1092        err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1093        if (err < 0) {
1094                mgmt_pending_remove(cmd);
1095                goto failed;
1096        }
1097
1098failed:
1099        hci_dev_unlock(hdev);
1100        return err;
1101}
1102
1103static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1104{
1105        struct mgmt_mode *cp = data;
1106        struct pending_cmd *cmd;
1107        u8 val;
1108        int err;
1109
1110        BT_DBG("request for %s", hdev->name);
1111
1112        hci_dev_lock(hdev);
1113
1114        if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1115                err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1116                                 MGMT_STATUS_NOT_SUPPORTED);
1117                goto failed;
1118        }
1119
1120        val = !!cp->val;
1121
1122        if (!hdev_is_powered(hdev)) {
1123                bool changed = false;
1124
1125                if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1126                        change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1127                        changed = true;
1128                }
1129
1130                err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1131                if (err < 0)
1132                        goto failed;
1133
1134                if (changed)
1135                        err = new_settings(hdev, sk);
1136
1137                goto failed;
1138        }
1139
1140        if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1141                err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1142                                 MGMT_STATUS_BUSY);
1143                goto failed;
1144        }
1145
1146        if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1147                err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1148                goto failed;
1149        }
1150
1151        cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1152        if (!cmd) {
1153                err = -ENOMEM;
1154                goto failed;
1155        }
1156
1157        err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1158        if (err < 0) {
1159                mgmt_pending_remove(cmd);
1160                goto failed;
1161        }
1162
1163failed:
1164        hci_dev_unlock(hdev);
1165        return err;
1166}
1167
1168static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1169{
1170        struct mgmt_mode *cp = data;
1171
1172        BT_DBG("request for %s", hdev->name);
1173
1174        if (!enable_hs)
1175                return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1176                                  MGMT_STATUS_NOT_SUPPORTED);
1177
1178        if (cp->val)
1179                set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1180        else
1181                clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1182
1183        return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1184}
1185
1186static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1187{
1188        struct mgmt_mode *cp = data;
1189        struct hci_cp_write_le_host_supported hci_cp;
1190        struct pending_cmd *cmd;
1191        int err;
1192        u8 val, enabled;
1193
1194        BT_DBG("request for %s", hdev->name);
1195
1196        hci_dev_lock(hdev);
1197
1198        if (!(hdev->features[4] & LMP_LE)) {
1199                err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1200                                 MGMT_STATUS_NOT_SUPPORTED);
1201                goto unlock;
1202        }
1203
1204        val = !!cp->val;
1205        enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1206
1207        if (!hdev_is_powered(hdev) || val == enabled) {
1208                bool changed = false;
1209
1210                if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1211                        change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1212                        changed = true;
1213                }
1214
1215                err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1216                if (err < 0)
1217                        goto unlock;
1218
1219                if (changed)
1220                        err = new_settings(hdev, sk);
1221
1222                goto unlock;
1223        }
1224
1225        if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1226                err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1227                                 MGMT_STATUS_BUSY);
1228                goto unlock;
1229        }
1230
1231        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1232        if (!cmd) {
1233                err = -ENOMEM;
1234                goto unlock;
1235        }
1236
1237        memset(&hci_cp, 0, sizeof(hci_cp));
1238
1239        if (val) {
1240                hci_cp.le = val;
1241                hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1242        }
1243
1244        err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1245                           &hci_cp);
1246        if (err < 0)
1247                mgmt_pending_remove(cmd);
1248
1249unlock:
1250        hci_dev_unlock(hdev);
1251        return err;
1252}
1253
1254static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1255{
1256        struct mgmt_cp_add_uuid *cp = data;
1257        struct pending_cmd *cmd;
1258        struct bt_uuid *uuid;
1259        int err;
1260
1261        BT_DBG("request for %s", hdev->name);
1262
1263        hci_dev_lock(hdev);
1264
1265        if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1266                err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1267                                 MGMT_STATUS_BUSY);
1268                goto failed;
1269        }
1270
1271        uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1272        if (!uuid) {
1273                err = -ENOMEM;
1274                goto failed;
1275        }
1276
1277        memcpy(uuid->uuid, cp->uuid, 16);
1278        uuid->svc_hint = cp->svc_hint;
1279
1280        list_add(&uuid->list, &hdev->uuids);
1281
1282        err = update_class(hdev);
1283        if (err < 0)
1284                goto failed;
1285
1286        err = update_eir(hdev);
1287        if (err < 0)
1288                goto failed;
1289
1290        if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1291                err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1292                                   hdev->dev_class, 3);
1293                goto failed;
1294        }
1295
1296        cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1297        if (!cmd)
1298                err = -ENOMEM;
1299
1300failed:
1301        hci_dev_unlock(hdev);
1302        return err;
1303}
1304
1305static bool enable_service_cache(struct hci_dev *hdev)
1306{
1307        if (!hdev_is_powered(hdev))
1308                return false;
1309
1310        if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1311                schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1312                return true;
1313        }
1314
1315        return false;
1316}
1317
1318static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1319                       u16 len)
1320{
1321        struct mgmt_cp_remove_uuid *cp = data;
1322        struct pending_cmd *cmd;
1323        struct list_head *p, *n;
1324        u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1325        int err, found;
1326
1327        BT_DBG("request for %s", hdev->name);
1328
1329        hci_dev_lock(hdev);
1330
1331        if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1332                err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1333                                 MGMT_STATUS_BUSY);
1334                goto unlock;
1335        }
1336
1337        if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1338                err = hci_uuids_clear(hdev);
1339
1340                if (enable_service_cache(hdev)) {
1341                        err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1342                                           0, hdev->dev_class, 3);
1343                        goto unlock;
1344                }
1345
1346                goto update_class;
1347        }
1348
1349        found = 0;
1350
1351        list_for_each_safe(p, n, &hdev->uuids) {
1352                struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1353
1354                if (memcmp(match->uuid, cp->uuid, 16) != 0)
1355                        continue;
1356
1357                list_del(&match->list);
1358                found++;
1359        }
1360
1361        if (found == 0) {
1362                err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1363                                 MGMT_STATUS_INVALID_PARAMS);
1364                goto unlock;
1365        }
1366
1367update_class:
1368        err = update_class(hdev);
1369        if (err < 0)
1370                goto unlock;
1371
1372        err = update_eir(hdev);
1373        if (err < 0)
1374                goto unlock;
1375
1376        if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1377                err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1378                                   hdev->dev_class, 3);
1379                goto unlock;
1380        }
1381
1382        cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1383        if (!cmd)
1384                err = -ENOMEM;
1385
1386unlock:
1387        hci_dev_unlock(hdev);
1388        return err;
1389}
1390
1391static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1392                         u16 len)
1393{
1394        struct mgmt_cp_set_dev_class *cp = data;
1395        struct pending_cmd *cmd;
1396        int err;
1397
1398        BT_DBG("request for %s", hdev->name);
1399
1400        hci_dev_lock(hdev);
1401
1402        if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1403                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1404                                 MGMT_STATUS_BUSY);
1405                goto unlock;
1406        }
1407
1408        hdev->major_class = cp->major;
1409        hdev->minor_class = cp->minor;
1410
1411        if (!hdev_is_powered(hdev)) {
1412                err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1413                                   hdev->dev_class, 3);
1414                goto unlock;
1415        }
1416
1417        if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1418                hci_dev_unlock(hdev);
1419                cancel_delayed_work_sync(&hdev->service_cache);
1420                hci_dev_lock(hdev);
1421                update_eir(hdev);
1422        }
1423
1424        err = update_class(hdev);
1425        if (err < 0)
1426                goto unlock;
1427
1428        if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1429                err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1430                                   hdev->dev_class, 3);
1431                goto unlock;
1432        }
1433
1434        cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1435        if (!cmd)
1436                err = -ENOMEM;
1437
1438unlock:
1439        hci_dev_unlock(hdev);
1440        return err;
1441}
1442
1443static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1444                          u16 len)
1445{
1446        struct mgmt_cp_load_link_keys *cp = data;
1447        u16 key_count, expected_len;
1448        int i;
1449
1450        key_count = __le16_to_cpu(cp->key_count);
1451
1452        expected_len = sizeof(*cp) + key_count *
1453                                        sizeof(struct mgmt_link_key_info);
1454        if (expected_len != len) {
1455                BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1456                       len, expected_len);
1457                return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1458                                  MGMT_STATUS_INVALID_PARAMS);
1459        }
1460
1461        BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1462               key_count);
1463
1464        hci_dev_lock(hdev);
1465
1466        hci_link_keys_clear(hdev);
1467
1468        set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1469
1470        if (cp->debug_keys)
1471                set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1472        else
1473                clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1474
1475        for (i = 0; i < key_count; i++) {
1476                struct mgmt_link_key_info *key = &cp->keys[i];
1477
1478                hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1479                                 key->type, key->pin_len);
1480        }
1481
1482        cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1483
1484        hci_dev_unlock(hdev);
1485
1486        return 0;
1487}
1488
1489static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1490                           u8 addr_type, struct sock *skip_sk)
1491{
1492        struct mgmt_ev_device_unpaired ev;
1493
1494        bacpy(&ev.addr.bdaddr, bdaddr);
1495        ev.addr.type = addr_type;
1496
1497        return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1498                          skip_sk);
1499}
1500
1501static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1502                         u16 len)
1503{
1504        struct mgmt_cp_unpair_device *cp = data;
1505        struct mgmt_rp_unpair_device rp;
1506        struct hci_cp_disconnect dc;
1507        struct pending_cmd *cmd;
1508        struct hci_conn *conn;
1509        int err;
1510
1511        hci_dev_lock(hdev);
1512
1513        memset(&rp, 0, sizeof(rp));
1514        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1515        rp.addr.type = cp->addr.type;
1516
1517        if (!hdev_is_powered(hdev)) {
1518                err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1519                                   MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1520                goto unlock;
1521        }
1522
1523        if (cp->addr.type == BDADDR_BREDR)
1524                err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1525        else
1526                err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1527
1528        if (err < 0) {
1529                err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1530                                   MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1531                goto unlock;
1532        }
1533
1534        if (cp->disconnect) {
1535                if (cp->addr.type == BDADDR_BREDR)
1536                        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1537                                                       &cp->addr.bdaddr);
1538                else
1539                        conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1540                                                       &cp->addr.bdaddr);
1541        } else {
1542                conn = NULL;
1543        }
1544
1545        if (!conn) {
1546                err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1547                                   &rp, sizeof(rp));
1548                device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1549                goto unlock;
1550        }
1551
1552        cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1553                               sizeof(*cp));
1554        if (!cmd) {
1555                err = -ENOMEM;
1556                goto unlock;
1557        }
1558
1559        dc.handle = cpu_to_le16(conn->handle);
1560        dc.reason = 0x13; /* Remote User Terminated Connection */
1561        err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1562        if (err < 0)
1563                mgmt_pending_remove(cmd);
1564
1565unlock:
1566        hci_dev_unlock(hdev);
1567        return err;
1568}
1569
1570static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1571                      u16 len)
1572{
1573        struct mgmt_cp_disconnect *cp = data;
1574        struct hci_cp_disconnect dc;
1575        struct pending_cmd *cmd;
1576        struct hci_conn *conn;
1577        int err;
1578
1579        BT_DBG("");
1580
1581        hci_dev_lock(hdev);
1582
1583        if (!test_bit(HCI_UP, &hdev->flags)) {
1584                err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1585                                 MGMT_STATUS_NOT_POWERED);
1586                goto failed;
1587        }
1588
1589        if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1590                err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1591                                 MGMT_STATUS_BUSY);
1592                goto failed;
1593        }
1594
1595        if (cp->addr.type == BDADDR_BREDR)
1596                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1597                                               &cp->addr.bdaddr);
1598        else
1599                conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1600
1601        if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1602                err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1603                                 MGMT_STATUS_NOT_CONNECTED);
1604                goto failed;
1605        }
1606
1607        cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1608        if (!cmd) {
1609                err = -ENOMEM;
1610                goto failed;
1611        }
1612
1613        dc.handle = cpu_to_le16(conn->handle);
1614        dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1615
1616        err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1617        if (err < 0)
1618                mgmt_pending_remove(cmd);
1619
1620failed:
1621        hci_dev_unlock(hdev);
1622        return err;
1623}
1624
1625static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1626{
1627        switch (link_type) {
1628        case LE_LINK:
1629                switch (addr_type) {
1630                case ADDR_LE_DEV_PUBLIC:
1631                        return BDADDR_LE_PUBLIC;
1632
1633                default:
1634                        /* Fallback to LE Random address type */
1635                        return BDADDR_LE_RANDOM;
1636                }
1637
1638        default:
1639                /* Fallback to BR/EDR type */
1640                return BDADDR_BREDR;
1641        }
1642}
1643
1644static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1645                           u16 data_len)
1646{
1647        struct mgmt_rp_get_connections *rp;
1648        struct hci_conn *c;
1649        size_t rp_len;
1650        int err;
1651        u16 i;
1652
1653        BT_DBG("");
1654
1655        hci_dev_lock(hdev);
1656
1657        if (!hdev_is_powered(hdev)) {
1658                err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1659                                 MGMT_STATUS_NOT_POWERED);
1660                goto unlock;
1661        }
1662
1663        i = 0;
1664        list_for_each_entry(c, &hdev->conn_hash.list, list) {
1665                if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1666                        i++;
1667        }
1668
1669        rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1670        rp = kmalloc(rp_len, GFP_KERNEL);
1671        if (!rp) {
1672                err = -ENOMEM;
1673                goto unlock;
1674        }
1675
1676        i = 0;
1677        list_for_each_entry(c, &hdev->conn_hash.list, list) {
1678                if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1679                        continue;
1680                bacpy(&rp->addr[i].bdaddr, &c->dst);
1681                rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1682                if (c->type == SCO_LINK || c->type == ESCO_LINK)
1683                        continue;
1684                i++;
1685        }
1686
1687        rp->conn_count = cpu_to_le16(i);
1688
1689        /* Recalculate length in case of filtered SCO connections, etc */
1690        rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1691
1692        err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1693                           rp_len);
1694
1695        kfree(rp);
1696
1697unlock:
1698        hci_dev_unlock(hdev);
1699        return err;
1700}
1701
1702static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1703                                   struct mgmt_cp_pin_code_neg_reply *cp)
1704{
1705        struct pending_cmd *cmd;
1706        int err;
1707
1708        cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1709                               sizeof(*cp));
1710        if (!cmd)
1711                return -ENOMEM;
1712
1713        err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1714                           sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1715        if (err < 0)
1716                mgmt_pending_remove(cmd);
1717
1718        return err;
1719}
1720
1721static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1722                          u16 len)
1723{
1724        struct hci_conn *conn;
1725        struct mgmt_cp_pin_code_reply *cp = data;
1726        struct hci_cp_pin_code_reply reply;
1727        struct pending_cmd *cmd;
1728        int err;
1729
1730        BT_DBG("");
1731
1732        hci_dev_lock(hdev);
1733
1734        if (!hdev_is_powered(hdev)) {
1735                err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1736                                 MGMT_STATUS_NOT_POWERED);
1737                goto failed;
1738        }
1739
1740        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1741        if (!conn) {
1742                err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1743                                 MGMT_STATUS_NOT_CONNECTED);
1744                goto failed;
1745        }
1746
1747        if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1748                struct mgmt_cp_pin_code_neg_reply ncp;
1749
1750                memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1751
1752                BT_ERR("PIN code is not 16 bytes long");
1753
1754                err = send_pin_code_neg_reply(sk, hdev, &ncp);
1755                if (err >= 0)
1756                        err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1757                                         MGMT_STATUS_INVALID_PARAMS);
1758
1759                goto failed;
1760        }
1761
1762        cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1763        if (!cmd) {
1764                err = -ENOMEM;
1765                goto failed;
1766        }
1767
1768        bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1769        reply.pin_len = cp->pin_len;
1770        memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1771
1772        err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1773        if (err < 0)
1774                mgmt_pending_remove(cmd);
1775
1776failed:
1777        hci_dev_unlock(hdev);
1778        return err;
1779}
1780
1781static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1782                             u16 len)
1783{
1784        struct mgmt_cp_set_io_capability *cp = data;
1785
1786        BT_DBG("");
1787
1788        hci_dev_lock(hdev);
1789
1790        hdev->io_capability = cp->io_capability;
1791
1792        BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1793               hdev->io_capability);
1794
1795        hci_dev_unlock(hdev);
1796
1797        return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1798                            0);
1799}
1800
1801static struct pending_cmd *find_pairing(struct hci_conn *conn)
1802{
1803        struct hci_dev *hdev = conn->hdev;
1804        struct pending_cmd *cmd;
1805
1806        list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1807                if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1808                        continue;
1809
1810                if (cmd->user_data != conn)
1811                        continue;
1812
1813                return cmd;
1814        }
1815
1816        return NULL;
1817}
1818
1819static void pairing_complete(struct pending_cmd *cmd, u8 status)
1820{
1821        struct mgmt_rp_pair_device rp;
1822        struct hci_conn *conn = cmd->user_data;
1823
1824        bacpy(&rp.addr.bdaddr, &conn->dst);
1825        rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1826
1827        cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1828                     &rp, sizeof(rp));
1829
1830        /* So we don't get further callbacks for this connection */
1831        conn->connect_cfm_cb = NULL;
1832        conn->security_cfm_cb = NULL;
1833        conn->disconn_cfm_cb = NULL;
1834
1835        hci_conn_put(conn);
1836
1837        mgmt_pending_remove(cmd);
1838}
1839
1840static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1841{
1842        struct pending_cmd *cmd;
1843
1844        BT_DBG("status %u", status);
1845
1846        cmd = find_pairing(conn);
1847        if (!cmd)
1848                BT_DBG("Unable to find a pending command");
1849        else
1850                pairing_complete(cmd, mgmt_status(status));
1851}
1852
1853static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1854{
1855        struct pending_cmd *cmd;
1856
1857        BT_DBG("status %u", status);
1858
1859        if (!status)
1860                return;
1861
1862        cmd = find_pairing(conn);
1863        if (!cmd)
1864                BT_DBG("Unable to find a pending command");
1865        else
1866                pairing_complete(cmd, mgmt_status(status));
1867}
1868
1869static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1870                       u16 len)
1871{
1872        struct mgmt_cp_pair_device *cp = data;
1873        struct mgmt_rp_pair_device rp;
1874        struct pending_cmd *cmd;
1875        u8 sec_level, auth_type;
1876        struct hci_conn *conn;
1877        int err;
1878
1879        BT_DBG("");
1880
1881        hci_dev_lock(hdev);
1882
1883        if (!hdev_is_powered(hdev)) {
1884                err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1885                                 MGMT_STATUS_NOT_POWERED);
1886                goto unlock;
1887        }
1888
1889        sec_level = BT_SECURITY_MEDIUM;
1890        if (cp->io_cap == 0x03)
1891                auth_type = HCI_AT_DEDICATED_BONDING;
1892        else
1893                auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1894
1895        if (cp->addr.type == BDADDR_BREDR)
1896                conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1897                                   cp->addr.type, sec_level, auth_type);
1898        else
1899                conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1900                                   cp->addr.type, sec_level, auth_type);
1901
1902        memset(&rp, 0, sizeof(rp));
1903        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1904        rp.addr.type = cp->addr.type;
1905
1906        if (IS_ERR(conn)) {
1907                int status;
1908
1909                if (PTR_ERR(conn) == -EBUSY)
1910                        status = MGMT_STATUS_BUSY;
1911                else
1912                        status = MGMT_STATUS_CONNECT_FAILED;
1913
1914                err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1915                                   status, &rp,
1916                                   sizeof(rp));
1917                goto unlock;
1918        }
1919
1920        if (conn->connect_cfm_cb) {
1921                hci_conn_put(conn);
1922                err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1923                                   MGMT_STATUS_BUSY, &rp, sizeof(rp));
1924                goto unlock;
1925        }
1926
1927        cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1928        if (!cmd) {
1929                err = -ENOMEM;
1930                hci_conn_put(conn);
1931                goto unlock;
1932        }
1933
1934        /* For LE, just connecting isn't a proof that the pairing finished */
1935        if (cp->addr.type == BDADDR_BREDR)
1936                conn->connect_cfm_cb = pairing_complete_cb;
1937        else
1938                conn->connect_cfm_cb = le_connect_complete_cb;
1939
1940        conn->security_cfm_cb = pairing_complete_cb;
1941        conn->disconn_cfm_cb = pairing_complete_cb;
1942        conn->io_capability = cp->io_cap;
1943        cmd->user_data = conn;
1944
1945        if (conn->state == BT_CONNECTED &&
1946            hci_conn_security(conn, sec_level, auth_type))
1947                pairing_complete(cmd, 0);
1948
1949        err = 0;
1950
1951unlock:
1952        hci_dev_unlock(hdev);
1953        return err;
1954}
1955
1956static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1957                              u16 len)
1958{
1959        struct mgmt_addr_info *addr = data;
1960        struct pending_cmd *cmd;
1961        struct hci_conn *conn;
1962        int err;
1963
1964        BT_DBG("");
1965
1966        hci_dev_lock(hdev);
1967
1968        if (!hdev_is_powered(hdev)) {
1969                err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1970                                 MGMT_STATUS_NOT_POWERED);
1971                goto unlock;
1972        }
1973
1974        cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1975        if (!cmd) {
1976                err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1977                                 MGMT_STATUS_INVALID_PARAMS);
1978                goto unlock;
1979        }
1980
1981        conn = cmd->user_data;
1982
1983        if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1984                err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1985                                 MGMT_STATUS_INVALID_PARAMS);
1986                goto unlock;
1987        }
1988
1989        pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1990
1991        err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1992                           addr, sizeof(*addr));
1993unlock:
1994        hci_dev_unlock(hdev);
1995        return err;
1996}
1997
1998static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1999                             bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2000                             u16 hci_op, __le32 passkey)
2001{
2002        struct pending_cmd *cmd;
2003        struct hci_conn *conn;
2004        int err;
2005
2006        hci_dev_lock(hdev);
2007
2008        if (!hdev_is_powered(hdev)) {
2009                err = cmd_status(sk, hdev->id, mgmt_op,
2010                                 MGMT_STATUS_NOT_POWERED);
2011                goto done;
2012        }
2013
2014        if (type == BDADDR_BREDR)
2015                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2016        else
2017                conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2018
2019        if (!conn) {
2020                err = cmd_status(sk, hdev->id, mgmt_op,
2021                                 MGMT_STATUS_NOT_CONNECTED);
2022                goto done;
2023        }
2024
2025        if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2026                /* Continue with pairing via SMP */
2027                err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2028
2029                if (!err)
2030                        err = cmd_status(sk, hdev->id, mgmt_op,
2031                                         MGMT_STATUS_SUCCESS);
2032                else
2033                        err = cmd_status(sk, hdev->id, mgmt_op,
2034                                         MGMT_STATUS_FAILED);
2035
2036                goto done;
2037        }
2038
2039        cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2040        if (!cmd) {
2041                err = -ENOMEM;
2042                goto done;
2043        }
2044
2045        /* Continue with pairing via HCI */
2046        if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2047                struct hci_cp_user_passkey_reply cp;
2048
2049                bacpy(&cp.bdaddr, bdaddr);
2050                cp.passkey = passkey;
2051                err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2052        } else
2053                err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2054
2055        if (err < 0)
2056                mgmt_pending_remove(cmd);
2057
2058done:
2059        hci_dev_unlock(hdev);
2060        return err;
2061}
2062
2063static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2064                              void *data, u16 len)
2065{
2066        struct mgmt_cp_pin_code_neg_reply *cp = data;
2067
2068        BT_DBG("");
2069
2070        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2071                                MGMT_OP_PIN_CODE_NEG_REPLY,
2072                                HCI_OP_PIN_CODE_NEG_REPLY, 0);
2073}
2074
2075static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2076                              u16 len)
2077{
2078        struct mgmt_cp_user_confirm_reply *cp = data;
2079
2080        BT_DBG("");
2081
2082        if (len != sizeof(*cp))
2083                return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2084                                  MGMT_STATUS_INVALID_PARAMS);
2085
2086        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2087                                 MGMT_OP_USER_CONFIRM_REPLY,
2088                                 HCI_OP_USER_CONFIRM_REPLY, 0);
2089}
2090
2091static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2092                                  void *data, u16 len)
2093{
2094        struct mgmt_cp_user_confirm_neg_reply *cp = data;
2095
2096        BT_DBG("");
2097
2098        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2099                                 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2100                                 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2101}
2102
2103static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2104                              u16 len)
2105{
2106        struct mgmt_cp_user_passkey_reply *cp = data;
2107
2108        BT_DBG("");
2109
2110        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2111                                 MGMT_OP_USER_PASSKEY_REPLY,
2112                                 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2113}
2114
2115static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2116                                  void *data, u16 len)
2117{
2118        struct mgmt_cp_user_passkey_neg_reply *cp = data;
2119
2120        BT_DBG("");
2121
2122        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2123                                 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2124                                 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2125}
2126
2127static int update_name(struct hci_dev *hdev, const char *name)
2128{
2129        struct hci_cp_write_local_name cp;
2130
2131        memcpy(cp.name, name, sizeof(cp.name));
2132
2133        return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2134}
2135
2136static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2137                          u16 len)
2138{
2139        struct mgmt_cp_set_local_name *cp = data;
2140        struct pending_cmd *cmd;
2141        int err;
2142
2143        BT_DBG("");
2144
2145        hci_dev_lock(hdev);
2146
2147        memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2148
2149        if (!hdev_is_powered(hdev)) {
2150                memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2151
2152                err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2153                                   data, len);
2154                if (err < 0)
2155                        goto failed;
2156
2157                err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2158                                 sk);
2159
2160                goto failed;
2161        }
2162
2163        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2164        if (!cmd) {
2165                err = -ENOMEM;
2166                goto failed;
2167        }
2168
2169        err = update_name(hdev, cp->name);
2170        if (err < 0)
2171                mgmt_pending_remove(cmd);
2172
2173failed:
2174        hci_dev_unlock(hdev);
2175        return err;
2176}
2177
2178static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2179                               void *data, u16 data_len)
2180{
2181        struct pending_cmd *cmd;
2182        int err;
2183
2184        BT_DBG("%s", hdev->name);
2185
2186        hci_dev_lock(hdev);
2187
2188        if (!hdev_is_powered(hdev)) {
2189                err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2190                                 MGMT_STATUS_NOT_POWERED);
2191                goto unlock;
2192        }
2193
2194        if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2195                err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2196                                 MGMT_STATUS_NOT_SUPPORTED);
2197                goto unlock;
2198        }
2199
2200        if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2201                err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2202                                 MGMT_STATUS_BUSY);
2203                goto unlock;
2204        }
2205
2206        cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2207        if (!cmd) {
2208                err = -ENOMEM;
2209                goto unlock;
2210        }
2211
2212        err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2213        if (err < 0)
2214                mgmt_pending_remove(cmd);
2215
2216unlock:
2217        hci_dev_unlock(hdev);
2218        return err;
2219}
2220
2221static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2222                               void *data, u16 len)
2223{
2224        struct mgmt_cp_add_remote_oob_data *cp = data;
2225        u8 status;
2226        int err;
2227
2228        BT_DBG("%s ", hdev->name);
2229
2230        hci_dev_lock(hdev);
2231
2232        if (!hdev_is_powered(hdev)) {
2233                err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2234                                   MGMT_STATUS_NOT_POWERED, &cp->addr,
2235                                   sizeof(cp->addr));
2236                goto unlock;
2237        }
2238
2239        err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2240                                      cp->randomizer);
2241        if (err < 0)
2242                status = MGMT_STATUS_FAILED;
2243        else
2244                status = 0;
2245
2246        err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2247                           &cp->addr, sizeof(cp->addr));
2248
2249unlock:
2250        hci_dev_unlock(hdev);
2251        return err;
2252}
2253
2254static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2255                                  void *data, u16 len)
2256{
2257        struct mgmt_cp_remove_remote_oob_data *cp = data;
2258        u8 status;
2259        int err;
2260
2261        BT_DBG("%s", hdev->name);
2262
2263        hci_dev_lock(hdev);
2264
2265        if (!hdev_is_powered(hdev)) {
2266                err = cmd_complete(sk, hdev->id,
2267                                   MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2268                                   MGMT_STATUS_NOT_POWERED, &cp->addr,
2269                                   sizeof(cp->addr));
2270                goto unlock;
2271        }
2272
2273        err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2274        if (err < 0)
2275                status = MGMT_STATUS_INVALID_PARAMS;
2276        else
2277                status = 0;
2278
2279        err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2280                           status, &cp->addr, sizeof(cp->addr));
2281
2282unlock:
2283        hci_dev_unlock(hdev);
2284        return err;
2285}
2286
2287int mgmt_interleaved_discovery(struct hci_dev *hdev)
2288{
2289        int err;
2290
2291        BT_DBG("%s", hdev->name);
2292
2293        hci_dev_lock(hdev);
2294
2295        err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2296        if (err < 0)
2297                hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2298
2299        hci_dev_unlock(hdev);
2300
2301        return err;
2302}
2303
2304static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2305                           void *data, u16 len)
2306{
2307        struct mgmt_cp_start_discovery *cp = data;
2308        struct pending_cmd *cmd;
2309        int err;
2310
2311        BT_DBG("%s", hdev->name);
2312
2313        hci_dev_lock(hdev);
2314
2315        if (!hdev_is_powered(hdev)) {
2316                err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2317                                 MGMT_STATUS_NOT_POWERED);
2318                goto failed;
2319        }
2320
2321        if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2322                err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2323                                 MGMT_STATUS_BUSY);
2324                goto failed;
2325        }
2326
2327        if (hdev->discovery.state != DISCOVERY_STOPPED) {
2328                err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2329                                 MGMT_STATUS_BUSY);
2330                goto failed;
2331        }
2332
2333        cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2334        if (!cmd) {
2335                err = -ENOMEM;
2336                goto failed;
2337        }
2338
2339        hdev->discovery.type = cp->type;
2340
2341        switch (hdev->discovery.type) {
2342        case DISCOV_TYPE_BREDR:
2343                if (lmp_bredr_capable(hdev))
2344                        err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2345                else
2346                        err = -ENOTSUPP;
2347                break;
2348
2349        case DISCOV_TYPE_LE:
2350                if (lmp_host_le_capable(hdev))
2351                        err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2352                                          LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2353                else
2354                        err = -ENOTSUPP;
2355                break;
2356
2357        case DISCOV_TYPE_INTERLEAVED:
2358                if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2359                        err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2360                                          LE_SCAN_WIN,
2361                                          LE_SCAN_TIMEOUT_BREDR_LE);
2362                else
2363                        err = -ENOTSUPP;
2364                break;
2365
2366        default:
2367                err = -EINVAL;
2368        }
2369
2370        if (err < 0)
2371                mgmt_pending_remove(cmd);
2372        else
2373                hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2374
2375failed:
2376        hci_dev_unlock(hdev);
2377        return err;
2378}
2379
2380static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2381                          u16 len)
2382{
2383        struct mgmt_cp_stop_discovery *mgmt_cp = data;
2384        struct pending_cmd *cmd;
2385        struct hci_cp_remote_name_req_cancel cp;
2386        struct inquiry_entry *e;
2387        int err;
2388
2389        BT_DBG("%s", hdev->name);
2390
2391        hci_dev_lock(hdev);
2392
2393        if (!hci_discovery_active(hdev)) {
2394                err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2395                                   MGMT_STATUS_REJECTED, &mgmt_cp->type,
2396                                   sizeof(mgmt_cp->type));
2397                goto unlock;
2398        }
2399
2400        if (hdev->discovery.type != mgmt_cp->type) {
2401                err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2402                                   MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2403                                   sizeof(mgmt_cp->type));
2404                goto unlock;
2405        }
2406
2407        cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2408        if (!cmd) {
2409                err = -ENOMEM;
2410                goto unlock;
2411        }
2412
2413        switch (hdev->discovery.state) {
2414        case DISCOVERY_FINDING:
2415                if (test_bit(HCI_INQUIRY, &hdev->flags))
2416                        err = hci_cancel_inquiry(hdev);
2417                else
2418                        err = hci_cancel_le_scan(hdev);
2419
2420                break;
2421
2422        case DISCOVERY_RESOLVING:
2423                e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2424                                                     NAME_PENDING);
2425                if (!e) {
2426                        mgmt_pending_remove(cmd);
2427                        err = cmd_complete(sk, hdev->id,
2428                                           MGMT_OP_STOP_DISCOVERY, 0,
2429                                           &mgmt_cp->type,
2430                                           sizeof(mgmt_cp->type));
2431                        hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2432                        goto unlock;
2433                }
2434
2435                bacpy(&cp.bdaddr, &e->data.bdaddr);
2436                err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2437                                   sizeof(cp), &cp);
2438
2439                break;
2440
2441        default:
2442                BT_DBG("unknown discovery state %u", hdev->discovery.state);
2443                err = -EFAULT;
2444        }
2445
2446        if (err < 0)
2447                mgmt_pending_remove(cmd);
2448        else
2449                hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2450
2451unlock:
2452        hci_dev_unlock(hdev);
2453        return err;
2454}
2455
2456static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2457                        u16 len)
2458{
2459        struct mgmt_cp_confirm_name *cp = data;
2460        struct inquiry_entry *e;
2461        int err;
2462
2463        BT_DBG("%s", hdev->name);
2464
2465        hci_dev_lock(hdev);
2466
2467        if (!hci_discovery_active(hdev)) {
2468                err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2469                                 MGMT_STATUS_FAILED);
2470                goto failed;
2471        }
2472
2473        e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2474        if (!e) {
2475                err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2476                                 MGMT_STATUS_INVALID_PARAMS);
2477                goto failed;
2478        }
2479
2480        if (cp->name_known) {
2481                e->name_state = NAME_KNOWN;
2482                list_del(&e->list);
2483        } else {
2484                e->name_state = NAME_NEEDED;
2485                hci_inquiry_cache_update_resolve(hdev, e);
2486        }
2487
2488        err = 0;
2489
2490failed:
2491        hci_dev_unlock(hdev);
2492        return err;
2493}
2494
2495static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2496                        u16 len)
2497{
2498        struct mgmt_cp_block_device *cp = data;
2499        u8 status;
2500        int err;
2501
2502        BT_DBG("%s", hdev->name);
2503
2504        hci_dev_lock(hdev);
2505
2506        err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2507        if (err < 0)
2508                status = MGMT_STATUS_FAILED;
2509        else
2510                status = 0;
2511
2512        err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2513                           &cp->addr, sizeof(cp->addr));
2514
2515        hci_dev_unlock(hdev);
2516
2517        return err;
2518}
2519
2520static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2521                          u16 len)
2522{
2523        struct mgmt_cp_unblock_device *cp = data;
2524        u8 status;
2525        int err;
2526
2527        BT_DBG("%s", hdev->name);
2528
2529        hci_dev_lock(hdev);
2530
2531        err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2532        if (err < 0)
2533                status = MGMT_STATUS_INVALID_PARAMS;
2534        else
2535                status = 0;
2536
2537        err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2538                           &cp->addr, sizeof(cp->addr));
2539
2540        hci_dev_unlock(hdev);
2541
2542        return err;
2543}
2544
2545static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2546                         u16 len)
2547{
2548        struct mgmt_cp_set_device_id *cp = data;
2549        int err;
2550        __u16 source;
2551
2552        BT_DBG("%s", hdev->name);
2553
2554        source = __le16_to_cpu(cp->source);
2555
2556        if (source > 0x0002)
2557                return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2558                                  MGMT_STATUS_INVALID_PARAMS);
2559
2560        hci_dev_lock(hdev);
2561
2562        hdev->devid_source = source;
2563        hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2564        hdev->devid_product = __le16_to_cpu(cp->product);
2565        hdev->devid_version = __le16_to_cpu(cp->version);
2566
2567        err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2568
2569        update_eir(hdev);
2570
2571        hci_dev_unlock(hdev);
2572
2573        return err;
2574}
2575
2576static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2577                                void *data, u16 len)
2578{
2579        struct mgmt_mode *cp = data;
2580        struct hci_cp_write_page_scan_activity acp;
2581        u8 type;
2582        int err;
2583
2584        BT_DBG("%s", hdev->name);
2585
2586        if (!hdev_is_powered(hdev))
2587                return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2588                                  MGMT_STATUS_NOT_POWERED);
2589
2590        if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2591                return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2592                                  MGMT_STATUS_REJECTED);
2593
2594        hci_dev_lock(hdev);
2595
2596        if (cp->val) {
2597                type = PAGE_SCAN_TYPE_INTERLACED;
2598
2599                /* 160 msec page scan interval */
2600                acp.interval = __constant_cpu_to_le16(0x0100);
2601        } else {
2602                type = PAGE_SCAN_TYPE_STANDARD; /* default */
2603
2604                /* default 1.28 sec page scan */
2605                acp.interval = __constant_cpu_to_le16(0x0800);
2606        }
2607
2608        /* default 11.25 msec page scan window */
2609        acp.window = __constant_cpu_to_le16(0x0012);
2610
2611        err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2612                           &acp);
2613        if (err < 0) {
2614                err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2615                                 MGMT_STATUS_FAILED);
2616                goto done;
2617        }
2618
2619        err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2620        if (err < 0) {
2621                err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2622                                 MGMT_STATUS_FAILED);
2623                goto done;
2624        }
2625
2626        err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2627                           NULL, 0);
2628done:
2629        hci_dev_unlock(hdev);
2630        return err;
2631}
2632
2633static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2634                               void *cp_data, u16 len)
2635{
2636        struct mgmt_cp_load_long_term_keys *cp = cp_data;
2637        u16 key_count, expected_len;
2638        int i;
2639
2640        key_count = __le16_to_cpu(cp->key_count);
2641
2642        expected_len = sizeof(*cp) + key_count *
2643                                        sizeof(struct mgmt_ltk_info);
2644        if (expected_len != len) {
2645                BT_ERR("load_keys: expected %u bytes, got %u bytes",
2646                       len, expected_len);
2647                return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2648                                  EINVAL);
2649        }
2650
2651        BT_DBG("%s key_count %u", hdev->name, key_count);
2652
2653        hci_dev_lock(hdev);
2654
2655        hci_smp_ltks_clear(hdev);
2656
2657        for (i = 0; i < key_count; i++) {
2658                struct mgmt_ltk_info *key = &cp->keys[i];
2659                u8 type;
2660
2661                if (key->master)
2662                        type = HCI_SMP_LTK;
2663                else
2664                        type = HCI_SMP_LTK_SLAVE;
2665
2666                hci_add_ltk(hdev, &key->addr.bdaddr,
2667                            bdaddr_to_le(key->addr.type),
2668                            type, 0, key->authenticated, key->val,
2669                            key->enc_size, key->ediv, key->rand);
2670        }
2671
2672        hci_dev_unlock(hdev);
2673
2674        return 0;
2675}
2676
2677static const struct mgmt_handler {
2678        int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2679                     u16 data_len);
2680        bool var_len;
2681        size_t data_len;
2682} mgmt_handlers[] = {
2683        { NULL }, /* 0x0000 (no command) */
2684        { read_version,           false, MGMT_READ_VERSION_SIZE },
2685        { read_commands,          false, MGMT_READ_COMMANDS_SIZE },
2686        { read_index_list,        false, MGMT_READ_INDEX_LIST_SIZE },
2687        { read_controller_info,   false, MGMT_READ_INFO_SIZE },
2688        { set_powered,            false, MGMT_SETTING_SIZE },
2689        { set_discoverable,       false, MGMT_SET_DISCOVERABLE_SIZE },
2690        { set_connectable,        false, MGMT_SETTING_SIZE },
2691        { set_fast_connectable,   false, MGMT_SETTING_SIZE },
2692        { set_pairable,           false, MGMT_SETTING_SIZE },
2693        { set_link_security,      false, MGMT_SETTING_SIZE },
2694        { set_ssp,                false, MGMT_SETTING_SIZE },
2695        { set_hs,                 false, MGMT_SETTING_SIZE },
2696        { set_le,                 false, MGMT_SETTING_SIZE },
2697        { set_dev_class,          false, MGMT_SET_DEV_CLASS_SIZE },
2698        { set_local_name,         false, MGMT_SET_LOCAL_NAME_SIZE },
2699        { add_uuid,               false, MGMT_ADD_UUID_SIZE },
2700        { remove_uuid,            false, MGMT_REMOVE_UUID_SIZE },
2701        { load_link_keys,         true,  MGMT_LOAD_LINK_KEYS_SIZE },
2702        { load_long_term_keys,    true,  MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2703        { disconnect,             false, MGMT_DISCONNECT_SIZE },
2704        { get_connections,        false, MGMT_GET_CONNECTIONS_SIZE },
2705        { pin_code_reply,         false, MGMT_PIN_CODE_REPLY_SIZE },
2706        { pin_code_neg_reply,     false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2707        { set_io_capability,      false, MGMT_SET_IO_CAPABILITY_SIZE },
2708        { pair_device,            false, MGMT_PAIR_DEVICE_SIZE },
2709        { cancel_pair_device,     false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2710        { unpair_device,          false, MGMT_UNPAIR_DEVICE_SIZE },
2711        { user_confirm_reply,     false, MGMT_USER_CONFIRM_REPLY_SIZE },
2712        { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2713        { user_passkey_reply,     false, MGMT_USER_PASSKEY_REPLY_SIZE },
2714        { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2715        { read_local_oob_data,    false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2716        { add_remote_oob_data,    false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2717        { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2718        { start_discovery,        false, MGMT_START_DISCOVERY_SIZE },
2719        { stop_discovery,         false, MGMT_STOP_DISCOVERY_SIZE },
2720        { confirm_name,           false, MGMT_CONFIRM_NAME_SIZE },
2721        { block_device,           false, MGMT_BLOCK_DEVICE_SIZE },
2722        { unblock_device,         false, MGMT_UNBLOCK_DEVICE_SIZE },
2723        { set_device_id,          false, MGMT_SET_DEVICE_ID_SIZE },
2724};
2725
2726
2727int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2728{
2729        void *buf;
2730        u8 *cp;
2731        struct mgmt_hdr *hdr;
2732        u16 opcode, index, len;
2733        struct hci_dev *hdev = NULL;
2734        const struct mgmt_handler *handler;
2735        int err;
2736
2737        BT_DBG("got %zu bytes", msglen);
2738
2739        if (msglen < sizeof(*hdr))
2740                return -EINVAL;
2741
2742        buf = kmalloc(msglen, GFP_KERNEL);
2743        if (!buf)
2744                return -ENOMEM;
2745
2746        if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2747                err = -EFAULT;
2748                goto done;
2749        }
2750
2751        hdr = buf;
2752        opcode = __le16_to_cpu(hdr->opcode);
2753        index = __le16_to_cpu(hdr->index);
2754        len = __le16_to_cpu(hdr->len);
2755
2756        if (len != msglen - sizeof(*hdr)) {
2757                err = -EINVAL;
2758                goto done;
2759        }
2760
2761        if (index != MGMT_INDEX_NONE) {
2762                hdev = hci_dev_get(index);
2763                if (!hdev) {
2764                        err = cmd_status(sk, index, opcode,
2765                                         MGMT_STATUS_INVALID_INDEX);
2766                        goto done;
2767                }
2768        }
2769
2770        if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2771            mgmt_handlers[opcode].func == NULL) {
2772                BT_DBG("Unknown op %u", opcode);
2773                err = cmd_status(sk, index, opcode,
2774                                 MGMT_STATUS_UNKNOWN_COMMAND);
2775                goto done;
2776        }
2777
2778        if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2779            (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2780                err = cmd_status(sk, index, opcode,
2781                                 MGMT_STATUS_INVALID_INDEX);
2782                goto done;
2783        }
2784
2785        handler = &mgmt_handlers[opcode];
2786
2787        if ((handler->var_len && len < handler->data_len) ||
2788            (!handler->var_len && len != handler->data_len)) {
2789                err = cmd_status(sk, index, opcode,
2790                                 MGMT_STATUS_INVALID_PARAMS);
2791                goto done;
2792        }
2793
2794        if (hdev)
2795                mgmt_init_hdev(sk, hdev);
2796
2797        cp = buf + sizeof(*hdr);
2798
2799        err = handler->func(sk, hdev, cp, len);
2800        if (err < 0)
2801                goto done;
2802
2803        err = msglen;
2804
2805done:
2806        if (hdev)
2807                hci_dev_put(hdev);
2808
2809        kfree(buf);
2810        return err;
2811}
2812
2813static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2814{
2815        u8 *status = data;
2816
2817        cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2818        mgmt_pending_remove(cmd);
2819}
2820
2821int mgmt_index_added(struct hci_dev *hdev)
2822{
2823        return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2824}
2825
2826int mgmt_index_removed(struct hci_dev *hdev)
2827{
2828        u8 status = MGMT_STATUS_INVALID_INDEX;
2829
2830        mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2831
2832        return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2833}
2834
2835struct cmd_lookup {
2836        struct sock *sk;
2837        struct hci_dev *hdev;
2838        u8 mgmt_status;
2839};
2840
2841static void settings_rsp(struct pending_cmd *cmd, void *data)
2842{
2843        struct cmd_lookup *match = data;
2844
2845        send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2846
2847        list_del(&cmd->list);
2848
2849        if (match->sk == NULL) {
2850                match->sk = cmd->sk;
2851                sock_hold(match->sk);
2852        }
2853
2854        mgmt_pending_free(cmd);
2855}
2856
2857int mgmt_powered(struct hci_dev *hdev, u8 powered)
2858{
2859        struct cmd_lookup match = { NULL, hdev };
2860        int err;
2861
2862        if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2863                return 0;
2864
2865        mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2866
2867        if (powered) {
2868                u8 scan = 0;
2869
2870                if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2871                        scan |= SCAN_PAGE;
2872                if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2873                        scan |= SCAN_INQUIRY;
2874
2875                if (scan)
2876                        hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2877
2878                if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2879                        u8 ssp = 1;
2880
2881                        hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2882                }
2883
2884                if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2885                        struct hci_cp_write_le_host_supported cp;
2886
2887                        cp.le = 1;
2888                        cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2889
2890                        hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2891                                     sizeof(cp), &cp);
2892                }
2893
2894                update_class(hdev);
2895                update_name(hdev, hdev->dev_name);
2896                update_eir(hdev);
2897        } else {
2898                u8 status = MGMT_STATUS_NOT_POWERED;
2899                mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2900        }
2901
2902        err = new_settings(hdev, match.sk);
2903
2904        if (match.sk)
2905                sock_put(match.sk);
2906
2907        return err;
2908}
2909
2910int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2911{
2912        struct cmd_lookup match = { NULL, hdev };
2913        bool changed = false;
2914        int err = 0;
2915
2916        if (discoverable) {
2917                if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2918                        changed = true;
2919        } else {
2920                if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2921                        changed = true;
2922        }
2923
2924        mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2925                             &match);
2926
2927        if (changed)
2928                err = new_settings(hdev, match.sk);
2929
2930        if (match.sk)
2931                sock_put(match.sk);
2932
2933        return err;
2934}
2935
2936int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2937{
2938        struct cmd_lookup match = { NULL, hdev };
2939        bool changed = false;
2940        int err = 0;
2941
2942        if (connectable) {
2943                if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2944                        changed = true;
2945        } else {
2946                if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2947                        changed = true;
2948        }
2949
2950        mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2951                             &match);
2952
2953        if (changed)
2954                err = new_settings(hdev, match.sk);
2955
2956        if (match.sk)
2957                sock_put(match.sk);
2958
2959        return err;
2960}
2961
2962int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2963{
2964        u8 mgmt_err = mgmt_status(status);
2965
2966        if (scan & SCAN_PAGE)
2967                mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2968                                     cmd_status_rsp, &mgmt_err);
2969
2970        if (scan & SCAN_INQUIRY)
2971                mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2972                                     cmd_status_rsp, &mgmt_err);
2973
2974        return 0;
2975}
2976
2977int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2978                      bool persistent)
2979{
2980        struct mgmt_ev_new_link_key ev;
2981
2982        memset(&ev, 0, sizeof(ev));
2983
2984        ev.store_hint = persistent;
2985        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2986        ev.key.addr.type = BDADDR_BREDR;
2987        ev.key.type = key->type;
2988        memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
2989        ev.key.pin_len = key->pin_len;
2990
2991        return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2992}
2993
2994int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2995{
2996        struct mgmt_ev_new_long_term_key ev;
2997
2998        memset(&ev, 0, sizeof(ev));
2999
3000        ev.store_hint = persistent;
3001        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3002        ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3003        ev.key.authenticated = key->authenticated;
3004        ev.key.enc_size = key->enc_size;
3005        ev.key.ediv = key->ediv;
3006
3007        if (key->type == HCI_SMP_LTK)
3008                ev.key.master = 1;
3009
3010        memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3011        memcpy(ev.key.val, key->val, sizeof(key->val));
3012
3013        return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3014                          NULL);
3015}
3016
3017int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3018                          u8 addr_type, u32 flags, u8 *name, u8 name_len,
3019                          u8 *dev_class)
3020{
3021        char buf[512];
3022        struct mgmt_ev_device_connected *ev = (void *) buf;
3023        u16 eir_len = 0;
3024
3025        bacpy(&ev->addr.bdaddr, bdaddr);
3026        ev->addr.type = link_to_bdaddr(link_type, addr_type);
3027
3028        ev->flags = __cpu_to_le32(flags);
3029
3030        if (name_len > 0)
3031                eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3032                                          name, name_len);
3033
3034        if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3035                eir_len = eir_append_data(ev->eir, eir_len,
3036                                          EIR_CLASS_OF_DEV, dev_class, 3);
3037
3038        ev->eir_len = cpu_to_le16(eir_len);
3039
3040        return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3041                          sizeof(*ev) + eir_len, NULL);
3042}
3043
3044static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3045{
3046        struct mgmt_cp_disconnect *cp = cmd->param;
3047        struct sock **sk = data;
3048        struct mgmt_rp_disconnect rp;
3049
3050        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3051        rp.addr.type = cp->addr.type;
3052
3053        cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3054                     sizeof(rp));
3055
3056        *sk = cmd->sk;
3057        sock_hold(*sk);
3058
3059        mgmt_pending_remove(cmd);
3060}
3061
3062static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3063{
3064        struct hci_dev *hdev = data;
3065        struct mgmt_cp_unpair_device *cp = cmd->param;
3066        struct mgmt_rp_unpair_device rp;
3067
3068        memset(&rp, 0, sizeof(rp));
3069        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3070        rp.addr.type = cp->addr.type;
3071
3072        device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3073
3074        cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3075
3076        mgmt_pending_remove(cmd);
3077}
3078
3079int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3080                             u8 link_type, u8 addr_type)
3081{
3082        struct mgmt_addr_info ev;
3083        struct sock *sk = NULL;
3084        int err;
3085
3086        mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3087
3088        bacpy(&ev.bdaddr, bdaddr);
3089        ev.type = link_to_bdaddr(link_type, addr_type);
3090
3091        err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3092                         sk);
3093
3094        if (sk)
3095                sock_put(sk);
3096
3097        mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3098                             hdev);
3099
3100        return err;
3101}
3102
3103int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3104                           u8 link_type, u8 addr_type, u8 status)
3105{
3106        struct mgmt_rp_disconnect rp;
3107        struct pending_cmd *cmd;
3108        int err;
3109
3110        cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3111        if (!cmd)
3112                return -ENOENT;
3113
3114        bacpy(&rp.addr.bdaddr, bdaddr);
3115        rp.addr.type = link_to_bdaddr(link_type, addr_type);
3116
3117        err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3118                           mgmt_status(status), &rp, sizeof(rp));
3119
3120        mgmt_pending_remove(cmd);
3121
3122        mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3123                             hdev);
3124        return err;
3125}
3126
3127int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3128                        u8 addr_type, u8 status)
3129{
3130        struct mgmt_ev_connect_failed ev;
3131
3132        bacpy(&ev.addr.bdaddr, bdaddr);
3133        ev.addr.type = link_to_bdaddr(link_type, addr_type);
3134        ev.status = mgmt_status(status);
3135
3136        return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3137}
3138
3139int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3140{
3141        struct mgmt_ev_pin_code_request ev;
3142
3143        bacpy(&ev.addr.bdaddr, bdaddr);
3144        ev.addr.type = BDADDR_BREDR;
3145        ev.secure = secure;
3146
3147        return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3148                          NULL);
3149}
3150
3151int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3152                                 u8 status)
3153{
3154        struct pending_cmd *cmd;
3155        struct mgmt_rp_pin_code_reply rp;
3156        int err;
3157
3158        cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3159        if (!cmd)
3160                return -ENOENT;
3161
3162        bacpy(&rp.addr.bdaddr, bdaddr);
3163        rp.addr.type = BDADDR_BREDR;
3164
3165        err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3166                           mgmt_status(status), &rp, sizeof(rp));
3167
3168        mgmt_pending_remove(cmd);
3169
3170        return err;
3171}
3172
3173int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3174                                     u8 status)
3175{
3176        struct pending_cmd *cmd;
3177        struct mgmt_rp_pin_code_reply rp;
3178        int err;
3179
3180        cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3181        if (!cmd)
3182                return -ENOENT;
3183
3184        bacpy(&rp.addr.bdaddr, bdaddr);
3185        rp.addr.type = BDADDR_BREDR;
3186
3187        err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3188                           mgmt_status(status), &rp, sizeof(rp));
3189
3190        mgmt_pending_remove(cmd);
3191
3192        return err;
3193}
3194
3195int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3196                              u8 link_type, u8 addr_type, __le32 value,
3197                              u8 confirm_hint)
3198{
3199        struct mgmt_ev_user_confirm_request ev;
3200
3201        BT_DBG("%s", hdev->name);
3202
3203        bacpy(&ev.addr.bdaddr, bdaddr);
3204        ev.addr.type = link_to_bdaddr(link_type, addr_type);
3205        ev.confirm_hint = confirm_hint;
3206        ev.value = value;
3207
3208        return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3209                          NULL);
3210}
3211
3212int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3213                              u8 link_type, u8 addr_type)
3214{
3215        struct mgmt_ev_user_passkey_request ev;
3216
3217        BT_DBG("%s", hdev->name);
3218
3219        bacpy(&ev.addr.bdaddr, bdaddr);
3220        ev.addr.type = link_to_bdaddr(link_type, addr_type);
3221
3222        return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3223                          NULL);
3224}
3225
3226static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3227                                      u8 link_type, u8 addr_type, u8 status,
3228                                      u8 opcode)
3229{
3230        struct pending_cmd *cmd;
3231        struct mgmt_rp_user_confirm_reply rp;
3232        int err;
3233
3234        cmd = mgmt_pending_find(opcode, hdev);
3235        if (!cmd)
3236                return -ENOENT;
3237
3238        bacpy(&rp.addr.bdaddr, bdaddr);
3239        rp.addr.type = link_to_bdaddr(link_type, addr_type);
3240        err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3241                           &rp, sizeof(rp));
3242
3243        mgmt_pending_remove(cmd);
3244
3245        return err;
3246}
3247
3248int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3249                                     u8 link_type, u8 addr_type, u8 status)
3250{
3251        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3252                                          status, MGMT_OP_USER_CONFIRM_REPLY);
3253}
3254
3255int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3256                                         u8 link_type, u8 addr_type, u8 status)
3257{
3258        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3259                                          status,
3260                                          MGMT_OP_USER_CONFIRM_NEG_REPLY);
3261}
3262
3263int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3264                                     u8 link_type, u8 addr_type, u8 status)
3265{
3266        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3267                                          status, MGMT_OP_USER_PASSKEY_REPLY);
3268}
3269
3270int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3271                                         u8 link_type, u8 addr_type, u8 status)
3272{
3273        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3274                                          status,
3275                                          MGMT_OP_USER_PASSKEY_NEG_REPLY);
3276}
3277
3278int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3279                     u8 addr_type, u8 status)
3280{
3281        struct mgmt_ev_auth_failed ev;
3282
3283        bacpy(&ev.addr.bdaddr, bdaddr);
3284        ev.addr.type = link_to_bdaddr(link_type, addr_type);
3285        ev.status = mgmt_status(status);
3286
3287        return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3288}
3289
3290int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3291{
3292        struct cmd_lookup match = { NULL, hdev };
3293        bool changed = false;
3294        int err = 0;
3295
3296        if (status) {
3297                u8 mgmt_err = mgmt_status(status);
3298                mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3299                                     cmd_status_rsp, &mgmt_err);
3300                return 0;
3301        }
3302
3303        if (test_bit(HCI_AUTH, &hdev->flags)) {
3304                if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3305                        changed = true;
3306        } else {
3307                if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3308                        changed = true;
3309        }
3310
3311        mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3312                             &match);
3313
3314        if (changed)
3315                err = new_settings(hdev, match.sk);
3316
3317        if (match.sk)
3318                sock_put(match.sk);
3319
3320        return err;
3321}
3322
3323static int clear_eir(struct hci_dev *hdev)
3324{
3325        struct hci_cp_write_eir cp;
3326
3327        if (!(hdev->features[6] & LMP_EXT_INQ))
3328                return 0;
3329
3330        memset(hdev->eir, 0, sizeof(hdev->eir));
3331
3332        memset(&cp, 0, sizeof(cp));
3333
3334        return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3335}
3336
3337int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3338{
3339        struct cmd_lookup match = { NULL, hdev };
3340        bool changed = false;
3341        int err = 0;
3342
3343        if (status) {
3344                u8 mgmt_err = mgmt_status(status);
3345
3346                if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3347                                                 &hdev->dev_flags))
3348                        err = new_settings(hdev, NULL);
3349
3350                mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3351                                     &mgmt_err);
3352
3353                return err;
3354        }
3355
3356        if (enable) {
3357                if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3358                        changed = true;
3359        } else {
3360                if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3361                        changed = true;
3362        }
3363
3364        mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3365
3366        if (changed)
3367                err = new_settings(hdev, match.sk);
3368
3369        if (match.sk)
3370                sock_put(match.sk);
3371
3372        if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3373                update_eir(hdev);
3374        else
3375                clear_eir(hdev);
3376
3377        return err;
3378}
3379
3380static void class_rsp(struct pending_cmd *cmd, void *data)
3381{
3382        struct cmd_lookup *match = data;
3383
3384        cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3385                     match->hdev->dev_class, 3);
3386
3387        list_del(&cmd->list);
3388
3389        if (match->sk == NULL) {
3390                match->sk = cmd->sk;
3391                sock_hold(match->sk);
3392        }
3393
3394        mgmt_pending_free(cmd);
3395}
3396
3397int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3398                                   u8 status)
3399{
3400        struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3401        int err = 0;
3402
3403        clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3404
3405        mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3406        mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3407        mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3408
3409        if (!status)
3410                err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3411                                 3, NULL);
3412
3413        if (match.sk)
3414                sock_put(match.sk);
3415
3416        return err;
3417}
3418
3419int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3420{
3421        struct pending_cmd *cmd;
3422        struct mgmt_cp_set_local_name ev;
3423        bool changed = false;
3424        int err = 0;
3425
3426        if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3427                memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3428                changed = true;
3429        }
3430
3431        memset(&ev, 0, sizeof(ev));
3432        memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3433        memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3434
3435        cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3436        if (!cmd)
3437                goto send_event;
3438
3439        /* Always assume that either the short or the complete name has
3440         * changed if there was a pending mgmt command */
3441        changed = true;
3442
3443        if (status) {
3444                err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3445                                 mgmt_status(status));
3446                goto failed;
3447        }
3448
3449        err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3450                           sizeof(ev));
3451        if (err < 0)
3452                goto failed;
3453
3454send_event:
3455        if (changed)
3456                err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3457                                 sizeof(ev), cmd ? cmd->sk : NULL);
3458
3459        update_eir(hdev);
3460
3461failed:
3462        if (cmd)
3463                mgmt_pending_remove(cmd);
3464        return err;
3465}
3466
3467int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3468                                            u8 *randomizer, u8 status)
3469{
3470        struct pending_cmd *cmd;
3471        int err;
3472
3473        BT_DBG("%s status %u", hdev->name, status);
3474
3475        cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3476        if (!cmd)
3477                return -ENOENT;
3478
3479        if (status) {
3480                err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3481                                 mgmt_status(status));
3482        } else {
3483                struct mgmt_rp_read_local_oob_data rp;
3484
3485                memcpy(rp.hash, hash, sizeof(rp.hash));
3486                memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3487
3488                err = cmd_complete(cmd->sk, hdev->id,
3489                                   MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3490                                   sizeof(rp));
3491        }
3492
3493        mgmt_pending_remove(cmd);
3494
3495        return err;
3496}
3497
3498int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3499{
3500        struct cmd_lookup match = { NULL, hdev };
3501        bool changed = false;
3502        int err = 0;
3503
3504        if (status) {
3505                u8 mgmt_err = mgmt_status(status);
3506
3507                if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3508                                                 &hdev->dev_flags))
3509                        err = new_settings(hdev, NULL);
3510
3511                mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3512                                     &mgmt_err);
3513
3514                return err;
3515        }
3516
3517        if (enable) {
3518                if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3519                        changed = true;
3520        } else {
3521                if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3522                        changed = true;
3523        }
3524
3525        mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3526
3527        if (changed)
3528                err = new_settings(hdev, match.sk);
3529
3530        if (match.sk)
3531                sock_put(match.sk);
3532
3533        return err;
3534}
3535
3536int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3537                      u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3538                      ssp, u8 *eir, u16 eir_len)
3539{
3540        char buf[512];
3541        struct mgmt_ev_device_found *ev = (void *) buf;
3542        size_t ev_size;
3543
3544        /* Leave 5 bytes for a potential CoD field */
3545        if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3546                return -EINVAL;
3547
3548        memset(buf, 0, sizeof(buf));
3549
3550        bacpy(&ev->addr.bdaddr, bdaddr);
3551        ev->addr.type = link_to_bdaddr(link_type, addr_type);
3552        ev->rssi = rssi;
3553        if (cfm_name)
3554                ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3555        if (!ssp)
3556                ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3557
3558        if (eir_len > 0)
3559                memcpy(ev->eir, eir, eir_len);
3560
3561        if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3562                eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3563                                          dev_class, 3);
3564
3565        ev->eir_len = cpu_to_le16(eir_len);
3566        ev_size = sizeof(*ev) + eir_len;
3567
3568        return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3569}
3570
3571int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3572                     u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3573{
3574        struct mgmt_ev_device_found *ev;
3575        char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3576        u16 eir_len;
3577
3578        ev = (struct mgmt_ev_device_found *) buf;
3579
3580        memset(buf, 0, sizeof(buf));
3581
3582        bacpy(&ev->addr.bdaddr, bdaddr);
3583        ev->addr.type = link_to_bdaddr(link_type, addr_type);
3584        ev->rssi = rssi;
3585
3586        eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3587                                  name_len);
3588
3589        ev->eir_len = cpu_to_le16(eir_len);
3590
3591        return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3592                          sizeof(*ev) + eir_len, NULL);
3593}
3594
3595int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3596{
3597        struct pending_cmd *cmd;
3598        u8 type;
3599        int err;
3600
3601        hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3602
3603        cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3604        if (!cmd)
3605                return -ENOENT;
3606
3607        type = hdev->discovery.type;
3608
3609        err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3610                           &type, sizeof(type));
3611        mgmt_pending_remove(cmd);
3612
3613        return err;
3614}
3615
3616int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3617{
3618        struct pending_cmd *cmd;
3619        int err;
3620
3621        cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3622        if (!cmd)
3623                return -ENOENT;
3624
3625        err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3626                           &hdev->discovery.type, sizeof(hdev->discovery.type));
3627        mgmt_pending_remove(cmd);
3628
3629        return err;
3630}
3631
3632int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3633{
3634        struct mgmt_ev_discovering ev;
3635        struct pending_cmd *cmd;
3636
3637        BT_DBG("%s discovering %u", hdev->name, discovering);
3638
3639        if (discovering)
3640                cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3641        else
3642                cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3643
3644        if (cmd != NULL) {
3645                u8 type = hdev->discovery.type;
3646
3647                cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3648                             sizeof(type));
3649                mgmt_pending_remove(cmd);
3650        }
3651
3652        memset(&ev, 0, sizeof(ev));
3653        ev.type = hdev->discovery.type;
3654        ev.discovering = discovering;
3655
3656        return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3657}
3658
3659int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3660{
3661        struct pending_cmd *cmd;
3662        struct mgmt_ev_device_blocked ev;
3663
3664        cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3665
3666        bacpy(&ev.addr.bdaddr, bdaddr);
3667        ev.addr.type = type;
3668
3669        return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3670                          cmd ? cmd->sk : NULL);
3671}
3672
3673int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3674{
3675        struct pending_cmd *cmd;
3676        struct mgmt_ev_device_unblocked ev;
3677
3678        cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3679
3680        bacpy(&ev.addr.bdaddr, bdaddr);
3681        ev.addr.type = type;
3682
3683        return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3684                          cmd ? cmd->sk : NULL);
3685}
3686
3687module_param(enable_hs, bool, 0644);
3688MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3689
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.