1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/smp.h>
34
35bool enable_hs;
36
37#define MGMT_VERSION 1
38#define MGMT_REVISION 1
39
40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102};
103
104
105
106
107
108#define LE_SCAN_TYPE 0x01
109#define LE_SCAN_WIN 0x12
110#define LE_SCAN_INT 0x12
111#define LE_SCAN_TIMEOUT_LE_ONLY 10240
112#define LE_SCAN_TIMEOUT_BREDR_LE 5120
113
114#define INQUIRY_LEN_BREDR 0x08
115#define INQUIRY_LEN_BREDR_LE 0x04
116
117#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
118
119#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
121
122struct pending_cmd {
123 struct list_head list;
124 u16 opcode;
125 int index;
126 void *param;
127 struct sock *sk;
128 void *user_data;
129};
130
131
132static u8 mgmt_status_table[] = {
133 MGMT_STATUS_SUCCESS,
134 MGMT_STATUS_UNKNOWN_COMMAND,
135 MGMT_STATUS_NOT_CONNECTED,
136 MGMT_STATUS_FAILED,
137 MGMT_STATUS_CONNECT_FAILED,
138 MGMT_STATUS_AUTH_FAILED,
139 MGMT_STATUS_NOT_PAIRED,
140 MGMT_STATUS_NO_RESOURCES,
141 MGMT_STATUS_TIMEOUT,
142 MGMT_STATUS_NO_RESOURCES,
143 MGMT_STATUS_NO_RESOURCES,
144 MGMT_STATUS_ALREADY_CONNECTED,
145 MGMT_STATUS_BUSY,
146 MGMT_STATUS_NO_RESOURCES,
147 MGMT_STATUS_REJECTED,
148 MGMT_STATUS_REJECTED,
149 MGMT_STATUS_TIMEOUT,
150 MGMT_STATUS_NOT_SUPPORTED,
151 MGMT_STATUS_INVALID_PARAMS,
152 MGMT_STATUS_DISCONNECTED,
153 MGMT_STATUS_NO_RESOURCES,
154 MGMT_STATUS_DISCONNECTED,
155 MGMT_STATUS_DISCONNECTED,
156 MGMT_STATUS_BUSY,
157 MGMT_STATUS_REJECTED,
158 MGMT_STATUS_FAILED,
159 MGMT_STATUS_NOT_SUPPORTED,
160 MGMT_STATUS_REJECTED,
161 MGMT_STATUS_REJECTED,
162 MGMT_STATUS_REJECTED,
163 MGMT_STATUS_INVALID_PARAMS,
164 MGMT_STATUS_FAILED,
165 MGMT_STATUS_NOT_SUPPORTED,
166 MGMT_STATUS_FAILED,
167 MGMT_STATUS_TIMEOUT,
168 MGMT_STATUS_FAILED,
169 MGMT_STATUS_FAILED,
170 MGMT_STATUS_REJECTED,
171 MGMT_STATUS_FAILED,
172 MGMT_STATUS_NOT_SUPPORTED,
173 MGMT_STATUS_TIMEOUT,
174 MGMT_STATUS_NOT_SUPPORTED,
175 MGMT_STATUS_FAILED,
176 MGMT_STATUS_INVALID_PARAMS,
177 MGMT_STATUS_REJECTED,
178 MGMT_STATUS_NOT_SUPPORTED,
179 MGMT_STATUS_REJECTED,
180 MGMT_STATUS_INVALID_PARAMS,
181 MGMT_STATUS_BUSY,
182 MGMT_STATUS_FAILED,
183 MGMT_STATUS_FAILED,
184 MGMT_STATUS_INVALID_PARAMS,
185 MGMT_STATUS_NOT_SUPPORTED,
186 MGMT_STATUS_BUSY,
187 MGMT_STATUS_REJECTED,
188 MGMT_STATUS_BUSY,
189 MGMT_STATUS_INVALID_PARAMS,
190 MGMT_STATUS_TIMEOUT,
191 MGMT_STATUS_AUTH_FAILED,
192 MGMT_STATUS_CONNECT_FAILED,
193 MGMT_STATUS_CONNECT_FAILED,
194};
195
196static u8 mgmt_status(u8 hci_status)
197{
198 if (hci_status < ARRAY_SIZE(mgmt_status_table))
199 return mgmt_status_table[hci_status];
200
201 return MGMT_STATUS_FAILED;
202}
203
204static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
205{
206 struct sk_buff *skb;
207 struct mgmt_hdr *hdr;
208 struct mgmt_ev_cmd_status *ev;
209 int err;
210
211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
212
213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
214 if (!skb)
215 return -ENOMEM;
216
217 hdr = (void *) skb_put(skb, sizeof(*hdr));
218
219 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
220 hdr->index = cpu_to_le16(index);
221 hdr->len = cpu_to_le16(sizeof(*ev));
222
223 ev = (void *) skb_put(skb, sizeof(*ev));
224 ev->status = status;
225 ev->opcode = cpu_to_le16(cmd);
226
227 err = sock_queue_rcv_skb(sk, skb);
228 if (err < 0)
229 kfree_skb(skb);
230
231 return err;
232}
233
234static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
235 void *rp, size_t rp_len)
236{
237 struct sk_buff *skb;
238 struct mgmt_hdr *hdr;
239 struct mgmt_ev_cmd_complete *ev;
240 int err;
241
242 BT_DBG("sock %p", sk);
243
244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
245 if (!skb)
246 return -ENOMEM;
247
248 hdr = (void *) skb_put(skb, sizeof(*hdr));
249
250 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
251 hdr->index = cpu_to_le16(index);
252 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
253
254 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
255 ev->opcode = cpu_to_le16(cmd);
256 ev->status = status;
257
258 if (rp)
259 memcpy(ev->data, rp, rp_len);
260
261 err = sock_queue_rcv_skb(sk, skb);
262 if (err < 0)
263 kfree_skb(skb);
264
265 return err;
266}
267
268static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
269 u16 data_len)
270{
271 struct mgmt_rp_read_version rp;
272
273 BT_DBG("sock %p", sk);
274
275 rp.version = MGMT_VERSION;
276 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
277
278 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
279 sizeof(rp));
280}
281
282static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
283 u16 data_len)
284{
285 struct mgmt_rp_read_commands *rp;
286 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 const u16 num_events = ARRAY_SIZE(mgmt_events);
288 __le16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 rp->num_commands = __constant_cpu_to_le16(num_commands);
301 rp->num_events = __constant_cpu_to_le16(num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
316static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
317 u16 data_len)
318{
319 struct mgmt_rp_read_index_list *rp;
320 struct list_head *p;
321 struct hci_dev *d;
322 size_t rp_len;
323 u16 count;
324 int err;
325
326 BT_DBG("sock %p", sk);
327
328 read_lock(&hci_dev_list_lock);
329
330 count = 0;
331 list_for_each(p, &hci_dev_list) {
332 count++;
333 }
334
335 rp_len = sizeof(*rp) + (2 * count);
336 rp = kmalloc(rp_len, GFP_ATOMIC);
337 if (!rp) {
338 read_unlock(&hci_dev_list_lock);
339 return -ENOMEM;
340 }
341
342 count = 0;
343 list_for_each_entry(d, &hci_dev_list, list) {
344 if (test_bit(HCI_SETUP, &d->dev_flags))
345 continue;
346
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
350
351 rp->num_controllers = cpu_to_le16(count);
352 rp_len = sizeof(*rp) + (2 * count);
353
354 read_unlock(&hci_dev_list_lock);
355
356 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
357 rp_len);
358
359 kfree(rp);
360
361 return err;
362}
363
364static u32 get_supported_settings(struct hci_dev *hdev)
365{
366 u32 settings = 0;
367
368 settings |= MGMT_SETTING_POWERED;
369 settings |= MGMT_SETTING_CONNECTABLE;
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
371 settings |= MGMT_SETTING_DISCOVERABLE;
372 settings |= MGMT_SETTING_PAIRABLE;
373
374 if (hdev->features[6] & LMP_SIMPLE_PAIR)
375 settings |= MGMT_SETTING_SSP;
376
377 if (!(hdev->features[4] & LMP_NO_BREDR)) {
378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
380 }
381
382 if (enable_hs)
383 settings |= MGMT_SETTING_HS;
384
385 if (hdev->features[4] & LMP_LE)
386 settings |= MGMT_SETTING_LE;
387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
395 if (hdev_is_powered(hdev))
396 settings |= MGMT_SETTING_POWERED;
397
398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
399 settings |= MGMT_SETTING_CONNECTABLE;
400
401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
402 settings |= MGMT_SETTING_DISCOVERABLE;
403
404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
410 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
411 settings |= MGMT_SETTING_LE;
412
413 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
414 settings |= MGMT_SETTING_LINK_SECURITY;
415
416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
417 settings |= MGMT_SETTING_SSP;
418
419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
422 return settings;
423}
424
425#define PNP_INFO_SVCLASS_ID 0x1200
426
427static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430};
431
432static u16 get_uuid16(u8 *uuid128)
433{
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 val = get_unaligned_le32(&uuid128[12]);
443 if (val > 0xffff)
444 return 0;
445
446 return (u16) val;
447}
448
449static void create_eir(struct hci_dev *hdev, u8 *data)
450{
451 u8 *ptr = data;
452 u16 eir_len = 0;
453 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
454 int i, truncated = 0;
455 struct bt_uuid *uuid;
456 size_t name_len;
457
458 name_len = strlen(hdev->dev_name);
459
460 if (name_len > 0) {
461
462 if (name_len > 48) {
463 name_len = 48;
464 ptr[1] = EIR_NAME_SHORT;
465 } else
466 ptr[1] = EIR_NAME_COMPLETE;
467
468
469 ptr[0] = name_len + 1;
470
471 memcpy(ptr + 2, hdev->dev_name, name_len);
472
473 eir_len += (name_len + 2);
474 ptr += (name_len + 2);
475 }
476
477 if (hdev->inq_tx_power) {
478 ptr[0] = 2;
479 ptr[1] = EIR_TX_POWER;
480 ptr[2] = (u8) hdev->inq_tx_power;
481
482 eir_len += 3;
483 ptr += 3;
484 }
485
486 if (hdev->devid_source > 0) {
487 ptr[0] = 9;
488 ptr[1] = EIR_DEVICE_ID;
489
490 put_unaligned_le16(hdev->devid_source, ptr + 2);
491 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
492 put_unaligned_le16(hdev->devid_product, ptr + 6);
493 put_unaligned_le16(hdev->devid_version, ptr + 8);
494
495 eir_len += 10;
496 ptr += 10;
497 }
498
499 memset(uuid16_list, 0, sizeof(uuid16_list));
500
501
502 list_for_each_entry(uuid, &hdev->uuids, list) {
503 u16 uuid16;
504
505 uuid16 = get_uuid16(uuid->uuid);
506 if (uuid16 == 0)
507 return;
508
509 if (uuid16 < 0x1100)
510 continue;
511
512 if (uuid16 == PNP_INFO_SVCLASS_ID)
513 continue;
514
515
516 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
517 truncated = 1;
518 break;
519 }
520
521
522 for (i = 0; uuid16_list[i] != 0; i++)
523 if (uuid16_list[i] == uuid16)
524 break;
525
526 if (uuid16_list[i] == 0) {
527 uuid16_list[i] = uuid16;
528 eir_len += sizeof(u16);
529 }
530 }
531
532 if (uuid16_list[0] != 0) {
533 u8 *length = ptr;
534
535
536 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
537
538 ptr += 2;
539 eir_len += 2;
540
541 for (i = 0; uuid16_list[i] != 0; i++) {
542 *ptr++ = (uuid16_list[i] & 0x00ff);
543 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
544 }
545
546
547 *length = (i * sizeof(u16)) + 1;
548 }
549}
550
551static int update_eir(struct hci_dev *hdev)
552{
553 struct hci_cp_write_eir cp;
554
555 if (!hdev_is_powered(hdev))
556 return 0;
557
558 if (!(hdev->features[6] & LMP_EXT_INQ))
559 return 0;
560
561 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
562 return 0;
563
564 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
565 return 0;
566
567 memset(&cp, 0, sizeof(cp));
568
569 create_eir(hdev, cp.data);
570
571 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
572 return 0;
573
574 memcpy(hdev->eir, cp.data, sizeof(cp.data));
575
576 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
577}
578
579static u8 get_service_classes(struct hci_dev *hdev)
580{
581 struct bt_uuid *uuid;
582 u8 val = 0;
583
584 list_for_each_entry(uuid, &hdev->uuids, list)
585 val |= uuid->svc_hint;
586
587 return val;
588}
589
590static int update_class(struct hci_dev *hdev)
591{
592 u8 cod[3];
593 int err;
594
595 BT_DBG("%s", hdev->name);
596
597 if (!hdev_is_powered(hdev))
598 return 0;
599
600 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
601 return 0;
602
603 cod[0] = hdev->minor_class;
604 cod[1] = hdev->major_class;
605 cod[2] = get_service_classes(hdev);
606
607 if (memcmp(cod, hdev->dev_class, 3) == 0)
608 return 0;
609
610 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
611 if (err == 0)
612 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
613
614 return err;
615}
616
617static void service_cache_off(struct work_struct *work)
618{
619 struct hci_dev *hdev = container_of(work, struct hci_dev,
620 service_cache.work);
621
622 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
623 return;
624
625 hci_dev_lock(hdev);
626
627 update_eir(hdev);
628 update_class(hdev);
629
630 hci_dev_unlock(hdev);
631}
632
633static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
634{
635 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
636 return;
637
638 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
639
640
641
642
643
644
645 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
646}
647
648static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
649 void *data, u16 data_len)
650{
651 struct mgmt_rp_read_info rp;
652
653 BT_DBG("sock %p %s", sk, hdev->name);
654
655 hci_dev_lock(hdev);
656
657 memset(&rp, 0, sizeof(rp));
658
659 bacpy(&rp.bdaddr, &hdev->bdaddr);
660
661 rp.version = hdev->hci_ver;
662 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
663
664 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
665 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
666
667 memcpy(rp.dev_class, hdev->dev_class, 3);
668
669 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
670 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
671
672 hci_dev_unlock(hdev);
673
674 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
675 sizeof(rp));
676}
677
678static void mgmt_pending_free(struct pending_cmd *cmd)
679{
680 sock_put(cmd->sk);
681 kfree(cmd->param);
682 kfree(cmd);
683}
684
685static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
686 struct hci_dev *hdev, void *data,
687 u16 len)
688{
689 struct pending_cmd *cmd;
690
691 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
692 if (!cmd)
693 return NULL;
694
695 cmd->opcode = opcode;
696 cmd->index = hdev->id;
697
698 cmd->param = kmalloc(len, GFP_KERNEL);
699 if (!cmd->param) {
700 kfree(cmd);
701 return NULL;
702 }
703
704 if (data)
705 memcpy(cmd->param, data, len);
706
707 cmd->sk = sk;
708 sock_hold(sk);
709
710 list_add(&cmd->list, &hdev->mgmt_pending);
711
712 return cmd;
713}
714
715static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
716 void (*cb)(struct pending_cmd *cmd,
717 void *data),
718 void *data)
719{
720 struct list_head *p, *n;
721
722 list_for_each_safe(p, n, &hdev->mgmt_pending) {
723 struct pending_cmd *cmd;
724
725 cmd = list_entry(p, struct pending_cmd, list);
726
727 if (opcode > 0 && cmd->opcode != opcode)
728 continue;
729
730 cb(cmd, data);
731 }
732}
733
734static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
735{
736 struct pending_cmd *cmd;
737
738 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
739 if (cmd->opcode == opcode)
740 return cmd;
741 }
742
743 return NULL;
744}
745
746static void mgmt_pending_remove(struct pending_cmd *cmd)
747{
748 list_del(&cmd->list);
749 mgmt_pending_free(cmd);
750}
751
752static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
753{
754 __le32 settings = cpu_to_le32(get_current_settings(hdev));
755
756 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
757 sizeof(settings));
758}
759
760static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
761 u16 len)
762{
763 struct mgmt_mode *cp = data;
764 struct pending_cmd *cmd;
765 int err;
766
767 BT_DBG("request for %s", hdev->name);
768
769 hci_dev_lock(hdev);
770
771 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
772 cancel_delayed_work(&hdev->power_off);
773
774 if (cp->val) {
775 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
776 mgmt_powered(hdev, 1);
777 goto failed;
778 }
779 }
780
781 if (!!cp->val == hdev_is_powered(hdev)) {
782 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
783 goto failed;
784 }
785
786 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
787 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
788 MGMT_STATUS_BUSY);
789 goto failed;
790 }
791
792 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
793 if (!cmd) {
794 err = -ENOMEM;
795 goto failed;
796 }
797
798 if (cp->val)
799 schedule_work(&hdev->power_on);
800 else
801 schedule_work(&hdev->power_off.work);
802
803 err = 0;
804
805failed:
806 hci_dev_unlock(hdev);
807 return err;
808}
809
810static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
811 struct sock *skip_sk)
812{
813 struct sk_buff *skb;
814 struct mgmt_hdr *hdr;
815
816 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
817 if (!skb)
818 return -ENOMEM;
819
820 hdr = (void *) skb_put(skb, sizeof(*hdr));
821 hdr->opcode = cpu_to_le16(event);
822 if (hdev)
823 hdr->index = cpu_to_le16(hdev->id);
824 else
825 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
826 hdr->len = cpu_to_le16(data_len);
827
828 if (data)
829 memcpy(skb_put(skb, data_len), data, data_len);
830
831
832 __net_timestamp(skb);
833
834 hci_send_to_control(skb, skip_sk);
835 kfree_skb(skb);
836
837 return 0;
838}
839
840static int new_settings(struct hci_dev *hdev, struct sock *skip)
841{
842 __le32 ev;
843
844 ev = cpu_to_le32(get_current_settings(hdev));
845
846 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
847}
848
849static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
850 u16 len)
851{
852 struct mgmt_cp_set_discoverable *cp = data;
853 struct pending_cmd *cmd;
854 u16 timeout;
855 u8 scan;
856 int err;
857
858 BT_DBG("request for %s", hdev->name);
859
860 timeout = __le16_to_cpu(cp->timeout);
861 if (!cp->val && timeout > 0)
862 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
863 MGMT_STATUS_INVALID_PARAMS);
864
865 hci_dev_lock(hdev);
866
867 if (!hdev_is_powered(hdev) && timeout > 0) {
868 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
869 MGMT_STATUS_NOT_POWERED);
870 goto failed;
871 }
872
873 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
874 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
875 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
876 MGMT_STATUS_BUSY);
877 goto failed;
878 }
879
880 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
881 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
882 MGMT_STATUS_REJECTED);
883 goto failed;
884 }
885
886 if (!hdev_is_powered(hdev)) {
887 bool changed = false;
888
889 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
890 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
891 changed = true;
892 }
893
894 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
895 if (err < 0)
896 goto failed;
897
898 if (changed)
899 err = new_settings(hdev, sk);
900
901 goto failed;
902 }
903
904 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
905 if (hdev->discov_timeout > 0) {
906 cancel_delayed_work(&hdev->discov_off);
907 hdev->discov_timeout = 0;
908 }
909
910 if (cp->val && timeout > 0) {
911 hdev->discov_timeout = timeout;
912 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
913 msecs_to_jiffies(hdev->discov_timeout * 1000));
914 }
915
916 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
917 goto failed;
918 }
919
920 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
921 if (!cmd) {
922 err = -ENOMEM;
923 goto failed;
924 }
925
926 scan = SCAN_PAGE;
927
928 if (cp->val)
929 scan |= SCAN_INQUIRY;
930 else
931 cancel_delayed_work(&hdev->discov_off);
932
933 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
934 if (err < 0)
935 mgmt_pending_remove(cmd);
936
937 if (cp->val)
938 hdev->discov_timeout = timeout;
939
940failed:
941 hci_dev_unlock(hdev);
942 return err;
943}
944
945static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
946 u16 len)
947{
948 struct mgmt_mode *cp = data;
949 struct pending_cmd *cmd;
950 u8 scan;
951 int err;
952
953 BT_DBG("request for %s", hdev->name);
954
955 hci_dev_lock(hdev);
956
957 if (!hdev_is_powered(hdev)) {
958 bool changed = false;
959
960 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
961 changed = true;
962
963 if (cp->val) {
964 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
965 } else {
966 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
967 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
968 }
969
970 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
971 if (err < 0)
972 goto failed;
973
974 if (changed)
975 err = new_settings(hdev, sk);
976
977 goto failed;
978 }
979
980 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
981 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
982 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
983 MGMT_STATUS_BUSY);
984 goto failed;
985 }
986
987 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
988 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
989 goto failed;
990 }
991
992 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
993 if (!cmd) {
994 err = -ENOMEM;
995 goto failed;
996 }
997
998 if (cp->val) {
999 scan = SCAN_PAGE;
1000 } else {
1001 scan = 0;
1002
1003 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1004 hdev->discov_timeout > 0)
1005 cancel_delayed_work(&hdev->discov_off);
1006 }
1007
1008 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1009 if (err < 0)
1010 mgmt_pending_remove(cmd);
1011
1012failed:
1013 hci_dev_unlock(hdev);
1014 return err;
1015}
1016
1017static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1018 u16 len)
1019{
1020 struct mgmt_mode *cp = data;
1021 int err;
1022
1023 BT_DBG("request for %s", hdev->name);
1024
1025 hci_dev_lock(hdev);
1026
1027 if (cp->val)
1028 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1029 else
1030 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1031
1032 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1033 if (err < 0)
1034 goto failed;
1035
1036 err = new_settings(hdev, sk);
1037
1038failed:
1039 hci_dev_unlock(hdev);
1040 return err;
1041}
1042
1043static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1044 u16 len)
1045{
1046 struct mgmt_mode *cp = data;
1047 struct pending_cmd *cmd;
1048 u8 val;
1049 int err;
1050
1051 BT_DBG("request for %s", hdev->name);
1052
1053 hci_dev_lock(hdev);
1054
1055 if (!hdev_is_powered(hdev)) {
1056 bool changed = false;
1057
1058 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1059 &hdev->dev_flags)) {
1060 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1061 changed = true;
1062 }
1063
1064 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1065 if (err < 0)
1066 goto failed;
1067
1068 if (changed)
1069 err = new_settings(hdev, sk);
1070
1071 goto failed;
1072 }
1073
1074 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1075 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1076 MGMT_STATUS_BUSY);
1077 goto failed;
1078 }
1079
1080 val = !!cp->val;
1081
1082 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1083 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1084 goto failed;
1085 }
1086
1087 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1088 if (!cmd) {
1089 err = -ENOMEM;
1090 goto failed;
1091 }
1092
1093 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1094 if (err < 0) {
1095 mgmt_pending_remove(cmd);
1096 goto failed;
1097 }
1098
1099failed:
1100 hci_dev_unlock(hdev);
1101 return err;
1102}
1103
1104static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1105{
1106 struct mgmt_mode *cp = data;
1107 struct pending_cmd *cmd;
1108 u8 val;
1109 int err;
1110
1111 BT_DBG("request for %s", hdev->name);
1112
1113 hci_dev_lock(hdev);
1114
1115 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1116 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1117 MGMT_STATUS_NOT_SUPPORTED);
1118 goto failed;
1119 }
1120
1121 val = !!cp->val;
1122
1123 if (!hdev_is_powered(hdev)) {
1124 bool changed = false;
1125
1126 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1127 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1128 changed = true;
1129 }
1130
1131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1132 if (err < 0)
1133 goto failed;
1134
1135 if (changed)
1136 err = new_settings(hdev, sk);
1137
1138 goto failed;
1139 }
1140
1141 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1142 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1143 MGMT_STATUS_BUSY);
1144 goto failed;
1145 }
1146
1147 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1148 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1149 goto failed;
1150 }
1151
1152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1153 if (!cmd) {
1154 err = -ENOMEM;
1155 goto failed;
1156 }
1157
1158 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1159 if (err < 0) {
1160 mgmt_pending_remove(cmd);
1161 goto failed;
1162 }
1163
1164failed:
1165 hci_dev_unlock(hdev);
1166 return err;
1167}
1168
1169static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1170{
1171 struct mgmt_mode *cp = data;
1172
1173 BT_DBG("request for %s", hdev->name);
1174
1175 if (!enable_hs)
1176 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1177 MGMT_STATUS_NOT_SUPPORTED);
1178
1179 if (cp->val)
1180 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1181 else
1182 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1183
1184 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1185}
1186
1187static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1188{
1189 struct mgmt_mode *cp = data;
1190 struct hci_cp_write_le_host_supported hci_cp;
1191 struct pending_cmd *cmd;
1192 int err;
1193 u8 val, enabled;
1194
1195 BT_DBG("request for %s", hdev->name);
1196
1197 hci_dev_lock(hdev);
1198
1199 if (!(hdev->features[4] & LMP_LE)) {
1200 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1201 MGMT_STATUS_NOT_SUPPORTED);
1202 goto unlock;
1203 }
1204
1205 val = !!cp->val;
1206 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1207
1208 if (!hdev_is_powered(hdev) || val == enabled) {
1209 bool changed = false;
1210
1211 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1212 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1213 changed = true;
1214 }
1215
1216 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1217 if (err < 0)
1218 goto unlock;
1219
1220 if (changed)
1221 err = new_settings(hdev, sk);
1222
1223 goto unlock;
1224 }
1225
1226 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1227 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1228 MGMT_STATUS_BUSY);
1229 goto unlock;
1230 }
1231
1232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1233 if (!cmd) {
1234 err = -ENOMEM;
1235 goto unlock;
1236 }
1237
1238 memset(&hci_cp, 0, sizeof(hci_cp));
1239
1240 if (val) {
1241 hci_cp.le = val;
1242 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1243 }
1244
1245 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1246 &hci_cp);
1247 if (err < 0)
1248 mgmt_pending_remove(cmd);
1249
1250unlock:
1251 hci_dev_unlock(hdev);
1252 return err;
1253}
1254
1255static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1256{
1257 struct mgmt_cp_add_uuid *cp = data;
1258 struct pending_cmd *cmd;
1259 struct bt_uuid *uuid;
1260 int err;
1261
1262 BT_DBG("request for %s", hdev->name);
1263
1264 hci_dev_lock(hdev);
1265
1266 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1267 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1268 MGMT_STATUS_BUSY);
1269 goto failed;
1270 }
1271
1272 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1273 if (!uuid) {
1274 err = -ENOMEM;
1275 goto failed;
1276 }
1277
1278 memcpy(uuid->uuid, cp->uuid, 16);
1279 uuid->svc_hint = cp->svc_hint;
1280
1281 list_add(&uuid->list, &hdev->uuids);
1282
1283 err = update_class(hdev);
1284 if (err < 0)
1285 goto failed;
1286
1287 err = update_eir(hdev);
1288 if (err < 0)
1289 goto failed;
1290
1291 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1292 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1293 hdev->dev_class, 3);
1294 goto failed;
1295 }
1296
1297 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1298 if (!cmd)
1299 err = -ENOMEM;
1300
1301failed:
1302 hci_dev_unlock(hdev);
1303 return err;
1304}
1305
1306static bool enable_service_cache(struct hci_dev *hdev)
1307{
1308 if (!hdev_is_powered(hdev))
1309 return false;
1310
1311 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1312 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1313 return true;
1314 }
1315
1316 return false;
1317}
1318
1319static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1320 u16 len)
1321{
1322 struct mgmt_cp_remove_uuid *cp = data;
1323 struct pending_cmd *cmd;
1324 struct list_head *p, *n;
1325 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1326 int err, found;
1327
1328 BT_DBG("request for %s", hdev->name);
1329
1330 hci_dev_lock(hdev);
1331
1332 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1333 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1334 MGMT_STATUS_BUSY);
1335 goto unlock;
1336 }
1337
1338 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1339 err = hci_uuids_clear(hdev);
1340
1341 if (enable_service_cache(hdev)) {
1342 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1343 0, hdev->dev_class, 3);
1344 goto unlock;
1345 }
1346
1347 goto update_class;
1348 }
1349
1350 found = 0;
1351
1352 list_for_each_safe(p, n, &hdev->uuids) {
1353 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1354
1355 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1356 continue;
1357
1358 list_del(&match->list);
1359 found++;
1360 }
1361
1362 if (found == 0) {
1363 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1364 MGMT_STATUS_INVALID_PARAMS);
1365 goto unlock;
1366 }
1367
1368update_class:
1369 err = update_class(hdev);
1370 if (err < 0)
1371 goto unlock;
1372
1373 err = update_eir(hdev);
1374 if (err < 0)
1375 goto unlock;
1376
1377 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1378 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1379 hdev->dev_class, 3);
1380 goto unlock;
1381 }
1382
1383 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1384 if (!cmd)
1385 err = -ENOMEM;
1386
1387unlock:
1388 hci_dev_unlock(hdev);
1389 return err;
1390}
1391
1392static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1393 u16 len)
1394{
1395 struct mgmt_cp_set_dev_class *cp = data;
1396 struct pending_cmd *cmd;
1397 int err;
1398
1399 BT_DBG("request for %s", hdev->name);
1400
1401 hci_dev_lock(hdev);
1402
1403 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1404 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1405 MGMT_STATUS_BUSY);
1406 goto unlock;
1407 }
1408
1409 hdev->major_class = cp->major;
1410 hdev->minor_class = cp->minor;
1411
1412 if (!hdev_is_powered(hdev)) {
1413 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1414 hdev->dev_class, 3);
1415 goto unlock;
1416 }
1417
1418 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1419 hci_dev_unlock(hdev);
1420 cancel_delayed_work_sync(&hdev->service_cache);
1421 hci_dev_lock(hdev);
1422 update_eir(hdev);
1423 }
1424
1425 err = update_class(hdev);
1426 if (err < 0)
1427 goto unlock;
1428
1429 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1430 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1431 hdev->dev_class, 3);
1432 goto unlock;
1433 }
1434
1435 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1436 if (!cmd)
1437 err = -ENOMEM;
1438
1439unlock:
1440 hci_dev_unlock(hdev);
1441 return err;
1442}
1443
1444static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1445 u16 len)
1446{
1447 struct mgmt_cp_load_link_keys *cp = data;
1448 u16 key_count, expected_len;
1449 int i;
1450
1451 key_count = __le16_to_cpu(cp->key_count);
1452
1453 expected_len = sizeof(*cp) + key_count *
1454 sizeof(struct mgmt_link_key_info);
1455 if (expected_len != len) {
1456 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1457 len, expected_len);
1458 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1459 MGMT_STATUS_INVALID_PARAMS);
1460 }
1461
1462 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1463 key_count);
1464
1465 hci_dev_lock(hdev);
1466
1467 hci_link_keys_clear(hdev);
1468
1469 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1470
1471 if (cp->debug_keys)
1472 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1473 else
1474 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1475
1476 for (i = 0; i < key_count; i++) {
1477 struct mgmt_link_key_info *key = &cp->keys[i];
1478
1479 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1480 key->type, key->pin_len);
1481 }
1482
1483 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1484
1485 hci_dev_unlock(hdev);
1486
1487 return 0;
1488}
1489
1490static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1491 u8 addr_type, struct sock *skip_sk)
1492{
1493 struct mgmt_ev_device_unpaired ev;
1494
1495 bacpy(&ev.addr.bdaddr, bdaddr);
1496 ev.addr.type = addr_type;
1497
1498 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1499 skip_sk);
1500}
1501
1502static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1503 u16 len)
1504{
1505 struct mgmt_cp_unpair_device *cp = data;
1506 struct mgmt_rp_unpair_device rp;
1507 struct hci_cp_disconnect dc;
1508 struct pending_cmd *cmd;
1509 struct hci_conn *conn;
1510 int err;
1511
1512 hci_dev_lock(hdev);
1513
1514 memset(&rp, 0, sizeof(rp));
1515 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1516 rp.addr.type = cp->addr.type;
1517
1518 if (!hdev_is_powered(hdev)) {
1519 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1520 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1521 goto unlock;
1522 }
1523
1524 if (cp->addr.type == BDADDR_BREDR)
1525 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1526 else
1527 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1528
1529 if (err < 0) {
1530 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1531 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1532 goto unlock;
1533 }
1534
1535 if (cp->disconnect) {
1536 if (cp->addr.type == BDADDR_BREDR)
1537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1538 &cp->addr.bdaddr);
1539 else
1540 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1541 &cp->addr.bdaddr);
1542 } else {
1543 conn = NULL;
1544 }
1545
1546 if (!conn) {
1547 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1548 &rp, sizeof(rp));
1549 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1550 goto unlock;
1551 }
1552
1553 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1554 sizeof(*cp));
1555 if (!cmd) {
1556 err = -ENOMEM;
1557 goto unlock;
1558 }
1559
1560 dc.handle = cpu_to_le16(conn->handle);
1561 dc.reason = 0x13;
1562 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1563 if (err < 0)
1564 mgmt_pending_remove(cmd);
1565
1566unlock:
1567 hci_dev_unlock(hdev);
1568 return err;
1569}
1570
1571static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1572 u16 len)
1573{
1574 struct mgmt_cp_disconnect *cp = data;
1575 struct hci_cp_disconnect dc;
1576 struct pending_cmd *cmd;
1577 struct hci_conn *conn;
1578 int err;
1579
1580 BT_DBG("");
1581
1582 hci_dev_lock(hdev);
1583
1584 if (!test_bit(HCI_UP, &hdev->flags)) {
1585 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1586 MGMT_STATUS_NOT_POWERED);
1587 goto failed;
1588 }
1589
1590 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1591 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1592 MGMT_STATUS_BUSY);
1593 goto failed;
1594 }
1595
1596 if (cp->addr.type == BDADDR_BREDR)
1597 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1598 &cp->addr.bdaddr);
1599 else
1600 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1601
1602 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1603 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1604 MGMT_STATUS_NOT_CONNECTED);
1605 goto failed;
1606 }
1607
1608 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1609 if (!cmd) {
1610 err = -ENOMEM;
1611 goto failed;
1612 }
1613
1614 dc.handle = cpu_to_le16(conn->handle);
1615 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1616
1617 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1618 if (err < 0)
1619 mgmt_pending_remove(cmd);
1620
1621failed:
1622 hci_dev_unlock(hdev);
1623 return err;
1624}
1625
1626static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1627{
1628 switch (link_type) {
1629 case LE_LINK:
1630 switch (addr_type) {
1631 case ADDR_LE_DEV_PUBLIC:
1632 return BDADDR_LE_PUBLIC;
1633
1634 default:
1635
1636 return BDADDR_LE_RANDOM;
1637 }
1638
1639 default:
1640
1641 return BDADDR_BREDR;
1642 }
1643}
1644
1645static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1646 u16 data_len)
1647{
1648 struct mgmt_rp_get_connections *rp;
1649 struct hci_conn *c;
1650 size_t rp_len;
1651 int err;
1652 u16 i;
1653
1654 BT_DBG("");
1655
1656 hci_dev_lock(hdev);
1657
1658 if (!hdev_is_powered(hdev)) {
1659 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1660 MGMT_STATUS_NOT_POWERED);
1661 goto unlock;
1662 }
1663
1664 i = 0;
1665 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1666 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1667 i++;
1668 }
1669
1670 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1671 rp = kmalloc(rp_len, GFP_KERNEL);
1672 if (!rp) {
1673 err = -ENOMEM;
1674 goto unlock;
1675 }
1676
1677 i = 0;
1678 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1679 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1680 continue;
1681 bacpy(&rp->addr[i].bdaddr, &c->dst);
1682 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1683 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1684 continue;
1685 i++;
1686 }
1687
1688 rp->conn_count = cpu_to_le16(i);
1689
1690
1691 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1692
1693 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1694 rp_len);
1695
1696 kfree(rp);
1697
1698unlock:
1699 hci_dev_unlock(hdev);
1700 return err;
1701}
1702
1703static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1704 struct mgmt_cp_pin_code_neg_reply *cp)
1705{
1706 struct pending_cmd *cmd;
1707 int err;
1708
1709 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1710 sizeof(*cp));
1711 if (!cmd)
1712 return -ENOMEM;
1713
1714 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1715 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1716 if (err < 0)
1717 mgmt_pending_remove(cmd);
1718
1719 return err;
1720}
1721
1722static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1723 u16 len)
1724{
1725 struct hci_conn *conn;
1726 struct mgmt_cp_pin_code_reply *cp = data;
1727 struct hci_cp_pin_code_reply reply;
1728 struct pending_cmd *cmd;
1729 int err;
1730
1731 BT_DBG("");
1732
1733 hci_dev_lock(hdev);
1734
1735 if (!hdev_is_powered(hdev)) {
1736 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1737 MGMT_STATUS_NOT_POWERED);
1738 goto failed;
1739 }
1740
1741 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1742 if (!conn) {
1743 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1744 MGMT_STATUS_NOT_CONNECTED);
1745 goto failed;
1746 }
1747
1748 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1749 struct mgmt_cp_pin_code_neg_reply ncp;
1750
1751 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1752
1753 BT_ERR("PIN code is not 16 bytes long");
1754
1755 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1756 if (err >= 0)
1757 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1758 MGMT_STATUS_INVALID_PARAMS);
1759
1760 goto failed;
1761 }
1762
1763 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1764 if (!cmd) {
1765 err = -ENOMEM;
1766 goto failed;
1767 }
1768
1769 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1770 reply.pin_len = cp->pin_len;
1771 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1772
1773 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1774 if (err < 0)
1775 mgmt_pending_remove(cmd);
1776
1777failed:
1778 hci_dev_unlock(hdev);
1779 return err;
1780}
1781
1782static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1783 u16 len)
1784{
1785 struct mgmt_cp_set_io_capability *cp = data;
1786
1787 BT_DBG("");
1788
1789 hci_dev_lock(hdev);
1790
1791 hdev->io_capability = cp->io_capability;
1792
1793 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1794 hdev->io_capability);
1795
1796 hci_dev_unlock(hdev);
1797
1798 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1799 0);
1800}
1801
1802static struct pending_cmd *find_pairing(struct hci_conn *conn)
1803{
1804 struct hci_dev *hdev = conn->hdev;
1805 struct pending_cmd *cmd;
1806
1807 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1808 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1809 continue;
1810
1811 if (cmd->user_data != conn)
1812 continue;
1813
1814 return cmd;
1815 }
1816
1817 return NULL;
1818}
1819
1820static void pairing_complete(struct pending_cmd *cmd, u8 status)
1821{
1822 struct mgmt_rp_pair_device rp;
1823 struct hci_conn *conn = cmd->user_data;
1824
1825 bacpy(&rp.addr.bdaddr, &conn->dst);
1826 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1827
1828 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1829 &rp, sizeof(rp));
1830
1831
1832 conn->connect_cfm_cb = NULL;
1833 conn->security_cfm_cb = NULL;
1834 conn->disconn_cfm_cb = NULL;
1835
1836 hci_conn_put(conn);
1837
1838 mgmt_pending_remove(cmd);
1839}
1840
1841static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1842{
1843 struct pending_cmd *cmd;
1844
1845 BT_DBG("status %u", status);
1846
1847 cmd = find_pairing(conn);
1848 if (!cmd)
1849 BT_DBG("Unable to find a pending command");
1850 else
1851 pairing_complete(cmd, mgmt_status(status));
1852}
1853
1854static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1855{
1856 struct pending_cmd *cmd;
1857
1858 BT_DBG("status %u", status);
1859
1860 if (!status)
1861 return;
1862
1863 cmd = find_pairing(conn);
1864 if (!cmd)
1865 BT_DBG("Unable to find a pending command");
1866 else
1867 pairing_complete(cmd, mgmt_status(status));
1868}
1869
1870static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1871 u16 len)
1872{
1873 struct mgmt_cp_pair_device *cp = data;
1874 struct mgmt_rp_pair_device rp;
1875 struct pending_cmd *cmd;
1876 u8 sec_level, auth_type;
1877 struct hci_conn *conn;
1878 int err;
1879
1880 BT_DBG("");
1881
1882 hci_dev_lock(hdev);
1883
1884 if (!hdev_is_powered(hdev)) {
1885 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1886 MGMT_STATUS_NOT_POWERED);
1887 goto unlock;
1888 }
1889
1890 sec_level = BT_SECURITY_MEDIUM;
1891 if (cp->io_cap == 0x03)
1892 auth_type = HCI_AT_DEDICATED_BONDING;
1893 else
1894 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1895
1896 if (cp->addr.type == BDADDR_BREDR)
1897 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1898 cp->addr.type, sec_level, auth_type);
1899 else
1900 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1901 cp->addr.type, sec_level, auth_type);
1902
1903 memset(&rp, 0, sizeof(rp));
1904 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1905 rp.addr.type = cp->addr.type;
1906
1907 if (IS_ERR(conn)) {
1908 int status;
1909
1910 if (PTR_ERR(conn) == -EBUSY)
1911 status = MGMT_STATUS_BUSY;
1912 else
1913 status = MGMT_STATUS_CONNECT_FAILED;
1914
1915 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1916 status, &rp,
1917 sizeof(rp));
1918 goto unlock;
1919 }
1920
1921 if (conn->connect_cfm_cb) {
1922 hci_conn_put(conn);
1923 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1924 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1925 goto unlock;
1926 }
1927
1928 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1929 if (!cmd) {
1930 err = -ENOMEM;
1931 hci_conn_put(conn);
1932 goto unlock;
1933 }
1934
1935
1936 if (cp->addr.type == BDADDR_BREDR)
1937 conn->connect_cfm_cb = pairing_complete_cb;
1938 else
1939 conn->connect_cfm_cb = le_connect_complete_cb;
1940
1941 conn->security_cfm_cb = pairing_complete_cb;
1942 conn->disconn_cfm_cb = pairing_complete_cb;
1943 conn->io_capability = cp->io_cap;
1944 cmd->user_data = conn;
1945
1946 if (conn->state == BT_CONNECTED &&
1947 hci_conn_security(conn, sec_level, auth_type))
1948 pairing_complete(cmd, 0);
1949
1950 err = 0;
1951
1952unlock:
1953 hci_dev_unlock(hdev);
1954 return err;
1955}
1956
1957static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1958 u16 len)
1959{
1960 struct mgmt_addr_info *addr = data;
1961 struct pending_cmd *cmd;
1962 struct hci_conn *conn;
1963 int err;
1964
1965 BT_DBG("");
1966
1967 hci_dev_lock(hdev);
1968
1969 if (!hdev_is_powered(hdev)) {
1970 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1971 MGMT_STATUS_NOT_POWERED);
1972 goto unlock;
1973 }
1974
1975 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1976 if (!cmd) {
1977 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1978 MGMT_STATUS_INVALID_PARAMS);
1979 goto unlock;
1980 }
1981
1982 conn = cmd->user_data;
1983
1984 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1985 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1986 MGMT_STATUS_INVALID_PARAMS);
1987 goto unlock;
1988 }
1989
1990 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1991
1992 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1993 addr, sizeof(*addr));
1994unlock:
1995 hci_dev_unlock(hdev);
1996 return err;
1997}
1998
1999static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2000 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2001 u16 hci_op, __le32 passkey)
2002{
2003 struct pending_cmd *cmd;
2004 struct hci_conn *conn;
2005 int err;
2006
2007 hci_dev_lock(hdev);
2008
2009 if (!hdev_is_powered(hdev)) {
2010 err = cmd_status(sk, hdev->id, mgmt_op,
2011 MGMT_STATUS_NOT_POWERED);
2012 goto done;
2013 }
2014
2015 if (type == BDADDR_BREDR)
2016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2017 else
2018 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2019
2020 if (!conn) {
2021 err = cmd_status(sk, hdev->id, mgmt_op,
2022 MGMT_STATUS_NOT_CONNECTED);
2023 goto done;
2024 }
2025
2026 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2027
2028 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2029
2030 if (!err)
2031 err = cmd_status(sk, hdev->id, mgmt_op,
2032 MGMT_STATUS_SUCCESS);
2033 else
2034 err = cmd_status(sk, hdev->id, mgmt_op,
2035 MGMT_STATUS_FAILED);
2036
2037 goto done;
2038 }
2039
2040 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2041 if (!cmd) {
2042 err = -ENOMEM;
2043 goto done;
2044 }
2045
2046
2047 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2048 struct hci_cp_user_passkey_reply cp;
2049
2050 bacpy(&cp.bdaddr, bdaddr);
2051 cp.passkey = passkey;
2052 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2053 } else
2054 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2055
2056 if (err < 0)
2057 mgmt_pending_remove(cmd);
2058
2059done:
2060 hci_dev_unlock(hdev);
2061 return err;
2062}
2063
2064static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2065 void *data, u16 len)
2066{
2067 struct mgmt_cp_pin_code_neg_reply *cp = data;
2068
2069 BT_DBG("");
2070
2071 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2072 MGMT_OP_PIN_CODE_NEG_REPLY,
2073 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2074}
2075
2076static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2077 u16 len)
2078{
2079 struct mgmt_cp_user_confirm_reply *cp = data;
2080
2081 BT_DBG("");
2082
2083 if (len != sizeof(*cp))
2084 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2085 MGMT_STATUS_INVALID_PARAMS);
2086
2087 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2088 MGMT_OP_USER_CONFIRM_REPLY,
2089 HCI_OP_USER_CONFIRM_REPLY, 0);
2090}
2091
2092static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2093 void *data, u16 len)
2094{
2095 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2096
2097 BT_DBG("");
2098
2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2100 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2101 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2102}
2103
2104static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2105 u16 len)
2106{
2107 struct mgmt_cp_user_passkey_reply *cp = data;
2108
2109 BT_DBG("");
2110
2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2112 MGMT_OP_USER_PASSKEY_REPLY,
2113 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2114}
2115
2116static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2117 void *data, u16 len)
2118{
2119 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2120
2121 BT_DBG("");
2122
2123 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2124 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2125 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2126}
2127
2128static int update_name(struct hci_dev *hdev, const char *name)
2129{
2130 struct hci_cp_write_local_name cp;
2131
2132 memcpy(cp.name, name, sizeof(cp.name));
2133
2134 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2135}
2136
2137static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2138 u16 len)
2139{
2140 struct mgmt_cp_set_local_name *cp = data;
2141 struct pending_cmd *cmd;
2142 int err;
2143
2144 BT_DBG("");
2145
2146 hci_dev_lock(hdev);
2147
2148 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2149
2150 if (!hdev_is_powered(hdev)) {
2151 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2152
2153 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2154 data, len);
2155 if (err < 0)
2156 goto failed;
2157
2158 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2159 sk);
2160
2161 goto failed;
2162 }
2163
2164 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2165 if (!cmd) {
2166 err = -ENOMEM;
2167 goto failed;
2168 }
2169
2170 err = update_name(hdev, cp->name);
2171 if (err < 0)
2172 mgmt_pending_remove(cmd);
2173
2174failed:
2175 hci_dev_unlock(hdev);
2176 return err;
2177}
2178
2179static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2180 void *data, u16 data_len)
2181{
2182 struct pending_cmd *cmd;
2183 int err;
2184
2185 BT_DBG("%s", hdev->name);
2186
2187 hci_dev_lock(hdev);
2188
2189 if (!hdev_is_powered(hdev)) {
2190 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2191 MGMT_STATUS_NOT_POWERED);
2192 goto unlock;
2193 }
2194
2195 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2196 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2197 MGMT_STATUS_NOT_SUPPORTED);
2198 goto unlock;
2199 }
2200
2201 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2202 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2203 MGMT_STATUS_BUSY);
2204 goto unlock;
2205 }
2206
2207 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2208 if (!cmd) {
2209 err = -ENOMEM;
2210 goto unlock;
2211 }
2212
2213 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2214 if (err < 0)
2215 mgmt_pending_remove(cmd);
2216
2217unlock:
2218 hci_dev_unlock(hdev);
2219 return err;
2220}
2221
2222static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2223 void *data, u16 len)
2224{
2225 struct mgmt_cp_add_remote_oob_data *cp = data;
2226 u8 status;
2227 int err;
2228
2229 BT_DBG("%s ", hdev->name);
2230
2231 hci_dev_lock(hdev);
2232
2233 if (!hdev_is_powered(hdev)) {
2234 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2235 MGMT_STATUS_NOT_POWERED, &cp->addr,
2236 sizeof(cp->addr));
2237 goto unlock;
2238 }
2239
2240 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2241 cp->randomizer);
2242 if (err < 0)
2243 status = MGMT_STATUS_FAILED;
2244 else
2245 status = 0;
2246
2247 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2248 &cp->addr, sizeof(cp->addr));
2249
2250unlock:
2251 hci_dev_unlock(hdev);
2252 return err;
2253}
2254
2255static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2256 void *data, u16 len)
2257{
2258 struct mgmt_cp_remove_remote_oob_data *cp = data;
2259 u8 status;
2260 int err;
2261
2262 BT_DBG("%s", hdev->name);
2263
2264 hci_dev_lock(hdev);
2265
2266 if (!hdev_is_powered(hdev)) {
2267 err = cmd_complete(sk, hdev->id,
2268 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2269 MGMT_STATUS_NOT_POWERED, &cp->addr,
2270 sizeof(cp->addr));
2271 goto unlock;
2272 }
2273
2274 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2275 if (err < 0)
2276 status = MGMT_STATUS_INVALID_PARAMS;
2277 else
2278 status = 0;
2279
2280 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2281 status, &cp->addr, sizeof(cp->addr));
2282
2283unlock:
2284 hci_dev_unlock(hdev);
2285 return err;
2286}
2287
2288int mgmt_interleaved_discovery(struct hci_dev *hdev)
2289{
2290 int err;
2291
2292 BT_DBG("%s", hdev->name);
2293
2294 hci_dev_lock(hdev);
2295
2296 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2297 if (err < 0)
2298 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2299
2300 hci_dev_unlock(hdev);
2301
2302 return err;
2303}
2304
2305static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2306 void *data, u16 len)
2307{
2308 struct mgmt_cp_start_discovery *cp = data;
2309 struct pending_cmd *cmd;
2310 int err;
2311
2312 BT_DBG("%s", hdev->name);
2313
2314 hci_dev_lock(hdev);
2315
2316 if (!hdev_is_powered(hdev)) {
2317 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2318 MGMT_STATUS_NOT_POWERED);
2319 goto failed;
2320 }
2321
2322 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2323 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2324 MGMT_STATUS_BUSY);
2325 goto failed;
2326 }
2327
2328 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2329 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2330 MGMT_STATUS_BUSY);
2331 goto failed;
2332 }
2333
2334 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2335 if (!cmd) {
2336 err = -ENOMEM;
2337 goto failed;
2338 }
2339
2340 hdev->discovery.type = cp->type;
2341
2342 switch (hdev->discovery.type) {
2343 case DISCOV_TYPE_BREDR:
2344 if (lmp_bredr_capable(hdev))
2345 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2346 else
2347 err = -ENOTSUPP;
2348 break;
2349
2350 case DISCOV_TYPE_LE:
2351 if (lmp_host_le_capable(hdev))
2352 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2353 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2354 else
2355 err = -ENOTSUPP;
2356 break;
2357
2358 case DISCOV_TYPE_INTERLEAVED:
2359 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2360 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2361 LE_SCAN_WIN,
2362 LE_SCAN_TIMEOUT_BREDR_LE);
2363 else
2364 err = -ENOTSUPP;
2365 break;
2366
2367 default:
2368 err = -EINVAL;
2369 }
2370
2371 if (err < 0)
2372 mgmt_pending_remove(cmd);
2373 else
2374 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2375
2376failed:
2377 hci_dev_unlock(hdev);
2378 return err;
2379}
2380
2381static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2382 u16 len)
2383{
2384 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2385 struct pending_cmd *cmd;
2386 struct hci_cp_remote_name_req_cancel cp;
2387 struct inquiry_entry *e;
2388 int err;
2389
2390 BT_DBG("%s", hdev->name);
2391
2392 hci_dev_lock(hdev);
2393
2394 if (!hci_discovery_active(hdev)) {
2395 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2396 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2397 sizeof(mgmt_cp->type));
2398 goto unlock;
2399 }
2400
2401 if (hdev->discovery.type != mgmt_cp->type) {
2402 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2403 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2404 sizeof(mgmt_cp->type));
2405 goto unlock;
2406 }
2407
2408 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2409 if (!cmd) {
2410 err = -ENOMEM;
2411 goto unlock;
2412 }
2413
2414 switch (hdev->discovery.state) {
2415 case DISCOVERY_FINDING:
2416 if (test_bit(HCI_INQUIRY, &hdev->flags))
2417 err = hci_cancel_inquiry(hdev);
2418 else
2419 err = hci_cancel_le_scan(hdev);
2420
2421 break;
2422
2423 case DISCOVERY_RESOLVING:
2424 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2425 NAME_PENDING);
2426 if (!e) {
2427 mgmt_pending_remove(cmd);
2428 err = cmd_complete(sk, hdev->id,
2429 MGMT_OP_STOP_DISCOVERY, 0,
2430 &mgmt_cp->type,
2431 sizeof(mgmt_cp->type));
2432 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2433 goto unlock;
2434 }
2435
2436 bacpy(&cp.bdaddr, &e->data.bdaddr);
2437 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2438 sizeof(cp), &cp);
2439
2440 break;
2441
2442 default:
2443 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2444 err = -EFAULT;
2445 }
2446
2447 if (err < 0)
2448 mgmt_pending_remove(cmd);
2449 else
2450 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2451
2452unlock:
2453 hci_dev_unlock(hdev);
2454 return err;
2455}
2456
2457static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2458 u16 len)
2459{
2460 struct mgmt_cp_confirm_name *cp = data;
2461 struct inquiry_entry *e;
2462 int err;
2463
2464 BT_DBG("%s", hdev->name);
2465
2466 hci_dev_lock(hdev);
2467
2468 if (!hci_discovery_active(hdev)) {
2469 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2470 MGMT_STATUS_FAILED);
2471 goto failed;
2472 }
2473
2474 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2475 if (!e) {
2476 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2477 MGMT_STATUS_INVALID_PARAMS);
2478 goto failed;
2479 }
2480
2481 if (cp->name_known) {
2482 e->name_state = NAME_KNOWN;
2483 list_del(&e->list);
2484 } else {
2485 e->name_state = NAME_NEEDED;
2486 hci_inquiry_cache_update_resolve(hdev, e);
2487 }
2488
2489 err = 0;
2490
2491failed:
2492 hci_dev_unlock(hdev);
2493 return err;
2494}
2495
2496static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2497 u16 len)
2498{
2499 struct mgmt_cp_block_device *cp = data;
2500 u8 status;
2501 int err;
2502
2503 BT_DBG("%s", hdev->name);
2504
2505 hci_dev_lock(hdev);
2506
2507 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2508 if (err < 0)
2509 status = MGMT_STATUS_FAILED;
2510 else
2511 status = 0;
2512
2513 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2514 &cp->addr, sizeof(cp->addr));
2515
2516 hci_dev_unlock(hdev);
2517
2518 return err;
2519}
2520
2521static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2522 u16 len)
2523{
2524 struct mgmt_cp_unblock_device *cp = data;
2525 u8 status;
2526 int err;
2527
2528 BT_DBG("%s", hdev->name);
2529
2530 hci_dev_lock(hdev);
2531
2532 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2533 if (err < 0)
2534 status = MGMT_STATUS_INVALID_PARAMS;
2535 else
2536 status = 0;
2537
2538 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2539 &cp->addr, sizeof(cp->addr));
2540
2541 hci_dev_unlock(hdev);
2542
2543 return err;
2544}
2545
2546static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2547 u16 len)
2548{
2549 struct mgmt_cp_set_device_id *cp = data;
2550 int err;
2551 __u16 source;
2552
2553 BT_DBG("%s", hdev->name);
2554
2555 source = __le16_to_cpu(cp->source);
2556
2557 if (source > 0x0002)
2558 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2559 MGMT_STATUS_INVALID_PARAMS);
2560
2561 hci_dev_lock(hdev);
2562
2563 hdev->devid_source = source;
2564 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2565 hdev->devid_product = __le16_to_cpu(cp->product);
2566 hdev->devid_version = __le16_to_cpu(cp->version);
2567
2568 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2569
2570 update_eir(hdev);
2571
2572 hci_dev_unlock(hdev);
2573
2574 return err;
2575}
2576
2577static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2578 void *data, u16 len)
2579{
2580 struct mgmt_mode *cp = data;
2581 struct hci_cp_write_page_scan_activity acp;
2582 u8 type;
2583 int err;
2584
2585 BT_DBG("%s", hdev->name);
2586
2587 if (!hdev_is_powered(hdev))
2588 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2589 MGMT_STATUS_NOT_POWERED);
2590
2591 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2592 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2593 MGMT_STATUS_REJECTED);
2594
2595 hci_dev_lock(hdev);
2596
2597 if (cp->val) {
2598 type = PAGE_SCAN_TYPE_INTERLACED;
2599
2600
2601 acp.interval = __constant_cpu_to_le16(0x0100);
2602 } else {
2603 type = PAGE_SCAN_TYPE_STANDARD;
2604
2605
2606 acp.interval = __constant_cpu_to_le16(0x0800);
2607 }
2608
2609
2610 acp.window = __constant_cpu_to_le16(0x0012);
2611
2612 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2613 &acp);
2614 if (err < 0) {
2615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2616 MGMT_STATUS_FAILED);
2617 goto done;
2618 }
2619
2620 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2621 if (err < 0) {
2622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2623 MGMT_STATUS_FAILED);
2624 goto done;
2625 }
2626
2627 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2628 NULL, 0);
2629done:
2630 hci_dev_unlock(hdev);
2631 return err;
2632}
2633
2634static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2635 void *cp_data, u16 len)
2636{
2637 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2638 u16 key_count, expected_len;
2639 int i;
2640
2641 key_count = __le16_to_cpu(cp->key_count);
2642
2643 expected_len = sizeof(*cp) + key_count *
2644 sizeof(struct mgmt_ltk_info);
2645 if (expected_len != len) {
2646 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2647 len, expected_len);
2648 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2649 EINVAL);
2650 }
2651
2652 BT_DBG("%s key_count %u", hdev->name, key_count);
2653
2654 hci_dev_lock(hdev);
2655
2656 hci_smp_ltks_clear(hdev);
2657
2658 for (i = 0; i < key_count; i++) {
2659 struct mgmt_ltk_info *key = &cp->keys[i];
2660 u8 type;
2661
2662 if (key->master)
2663 type = HCI_SMP_LTK;
2664 else
2665 type = HCI_SMP_LTK_SLAVE;
2666
2667 hci_add_ltk(hdev, &key->addr.bdaddr,
2668 bdaddr_to_le(key->addr.type),
2669 type, 0, key->authenticated, key->val,
2670 key->enc_size, key->ediv, key->rand);
2671 }
2672
2673 hci_dev_unlock(hdev);
2674
2675 return 0;
2676}
2677
2678static const struct mgmt_handler {
2679 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2680 u16 data_len);
2681 bool var_len;
2682 size_t data_len;
2683} mgmt_handlers[] = {
2684 { NULL },
2685 { read_version, false, MGMT_READ_VERSION_SIZE },
2686 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2687 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2688 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2689 { set_powered, false, MGMT_SETTING_SIZE },
2690 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2691 { set_connectable, false, MGMT_SETTING_SIZE },
2692 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2693 { set_pairable, false, MGMT_SETTING_SIZE },
2694 { set_link_security, false, MGMT_SETTING_SIZE },
2695 { set_ssp, false, MGMT_SETTING_SIZE },
2696 { set_hs, false, MGMT_SETTING_SIZE },
2697 { set_le, false, MGMT_SETTING_SIZE },
2698 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2699 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2700 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2701 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2702 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2703 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2704 { disconnect, false, MGMT_DISCONNECT_SIZE },
2705 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2706 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2707 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2708 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2709 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2710 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2711 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2712 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2713 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2714 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2715 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2716 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2717 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2718 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2719 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2720 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2721 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2722 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2723 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2724 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2725};
2726
2727
2728int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2729{
2730 void *buf;
2731 u8 *cp;
2732 struct mgmt_hdr *hdr;
2733 u16 opcode, index, len;
2734 struct hci_dev *hdev = NULL;
2735 const struct mgmt_handler *handler;
2736 int err;
2737
2738 BT_DBG("got %zu bytes", msglen);
2739
2740 if (msglen < sizeof(*hdr))
2741 return -EINVAL;
2742
2743 buf = kmalloc(msglen, GFP_KERNEL);
2744 if (!buf)
2745 return -ENOMEM;
2746
2747 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2748 err = -EFAULT;
2749 goto done;
2750 }
2751
2752 hdr = buf;
2753 opcode = __le16_to_cpu(hdr->opcode);
2754 index = __le16_to_cpu(hdr->index);
2755 len = __le16_to_cpu(hdr->len);
2756
2757 if (len != msglen - sizeof(*hdr)) {
2758 err = -EINVAL;
2759 goto done;
2760 }
2761
2762 if (index != MGMT_INDEX_NONE) {
2763 hdev = hci_dev_get(index);
2764 if (!hdev) {
2765 err = cmd_status(sk, index, opcode,
2766 MGMT_STATUS_INVALID_INDEX);
2767 goto done;
2768 }
2769 }
2770
2771 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2772 mgmt_handlers[opcode].func == NULL) {
2773 BT_DBG("Unknown op %u", opcode);
2774 err = cmd_status(sk, index, opcode,
2775 MGMT_STATUS_UNKNOWN_COMMAND);
2776 goto done;
2777 }
2778
2779 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2780 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2781 err = cmd_status(sk, index, opcode,
2782 MGMT_STATUS_INVALID_INDEX);
2783 goto done;
2784 }
2785
2786 handler = &mgmt_handlers[opcode];
2787
2788 if ((handler->var_len && len < handler->data_len) ||
2789 (!handler->var_len && len != handler->data_len)) {
2790 err = cmd_status(sk, index, opcode,
2791 MGMT_STATUS_INVALID_PARAMS);
2792 goto done;
2793 }
2794
2795 if (hdev)
2796 mgmt_init_hdev(sk, hdev);
2797
2798 cp = buf + sizeof(*hdr);
2799
2800 err = handler->func(sk, hdev, cp, len);
2801 if (err < 0)
2802 goto done;
2803
2804 err = msglen;
2805
2806done:
2807 if (hdev)
2808 hci_dev_put(hdev);
2809
2810 kfree(buf);
2811 return err;
2812}
2813
2814static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2815{
2816 u8 *status = data;
2817
2818 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2819 mgmt_pending_remove(cmd);
2820}
2821
2822int mgmt_index_added(struct hci_dev *hdev)
2823{
2824 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2825}
2826
2827int mgmt_index_removed(struct hci_dev *hdev)
2828{
2829 u8 status = MGMT_STATUS_INVALID_INDEX;
2830
2831 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2832
2833 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2834}
2835
2836struct cmd_lookup {
2837 struct sock *sk;
2838 struct hci_dev *hdev;
2839 u8 mgmt_status;
2840};
2841
2842static void settings_rsp(struct pending_cmd *cmd, void *data)
2843{
2844 struct cmd_lookup *match = data;
2845
2846 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2847
2848 list_del(&cmd->list);
2849
2850 if (match->sk == NULL) {
2851 match->sk = cmd->sk;
2852 sock_hold(match->sk);
2853 }
2854
2855 mgmt_pending_free(cmd);
2856}
2857
2858int mgmt_powered(struct hci_dev *hdev, u8 powered)
2859{
2860 struct cmd_lookup match = { NULL, hdev };
2861 int err;
2862
2863 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2864 return 0;
2865
2866 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2867
2868 if (powered) {
2869 u8 scan = 0;
2870
2871 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2872 scan |= SCAN_PAGE;
2873 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2874 scan |= SCAN_INQUIRY;
2875
2876 if (scan)
2877 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2878
2879 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2880 u8 ssp = 1;
2881
2882 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2883 }
2884
2885 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2886 struct hci_cp_write_le_host_supported cp;
2887
2888 cp.le = 1;
2889 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2890
2891 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2892 sizeof(cp), &cp);
2893 }
2894
2895 update_class(hdev);
2896 update_name(hdev, hdev->dev_name);
2897 update_eir(hdev);
2898 } else {
2899 u8 status = MGMT_STATUS_NOT_POWERED;
2900 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2901 }
2902
2903 err = new_settings(hdev, match.sk);
2904
2905 if (match.sk)
2906 sock_put(match.sk);
2907
2908 return err;
2909}
2910
2911int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2912{
2913 struct cmd_lookup match = { NULL, hdev };
2914 bool changed = false;
2915 int err = 0;
2916
2917 if (discoverable) {
2918 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2919 changed = true;
2920 } else {
2921 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2922 changed = true;
2923 }
2924
2925 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2926 &match);
2927
2928 if (changed)
2929 err = new_settings(hdev, match.sk);
2930
2931 if (match.sk)
2932 sock_put(match.sk);
2933
2934 return err;
2935}
2936
2937int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2938{
2939 struct cmd_lookup match = { NULL, hdev };
2940 bool changed = false;
2941 int err = 0;
2942
2943 if (connectable) {
2944 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2945 changed = true;
2946 } else {
2947 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2948 changed = true;
2949 }
2950
2951 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2952 &match);
2953
2954 if (changed)
2955 err = new_settings(hdev, match.sk);
2956
2957 if (match.sk)
2958 sock_put(match.sk);
2959
2960 return err;
2961}
2962
2963int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2964{
2965 u8 mgmt_err = mgmt_status(status);
2966
2967 if (scan & SCAN_PAGE)
2968 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2969 cmd_status_rsp, &mgmt_err);
2970
2971 if (scan & SCAN_INQUIRY)
2972 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2973 cmd_status_rsp, &mgmt_err);
2974
2975 return 0;
2976}
2977
2978int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2979 bool persistent)
2980{
2981 struct mgmt_ev_new_link_key ev;
2982
2983 memset(&ev, 0, sizeof(ev));
2984
2985 ev.store_hint = persistent;
2986 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2987 ev.key.addr.type = BDADDR_BREDR;
2988 ev.key.type = key->type;
2989 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
2990 ev.key.pin_len = key->pin_len;
2991
2992 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2993}
2994
2995int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2996{
2997 struct mgmt_ev_new_long_term_key ev;
2998
2999 memset(&ev, 0, sizeof(ev));
3000
3001 ev.store_hint = persistent;
3002 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3003 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3004 ev.key.authenticated = key->authenticated;
3005 ev.key.enc_size = key->enc_size;
3006 ev.key.ediv = key->ediv;
3007
3008 if (key->type == HCI_SMP_LTK)
3009 ev.key.master = 1;
3010
3011 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3012 memcpy(ev.key.val, key->val, sizeof(key->val));
3013
3014 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3015 NULL);
3016}
3017
3018int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3019 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3020 u8 *dev_class)
3021{
3022 char buf[512];
3023 struct mgmt_ev_device_connected *ev = (void *) buf;
3024 u16 eir_len = 0;
3025
3026 bacpy(&ev->addr.bdaddr, bdaddr);
3027 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3028
3029 ev->flags = __cpu_to_le32(flags);
3030
3031 if (name_len > 0)
3032 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3033 name, name_len);
3034
3035 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3036 eir_len = eir_append_data(ev->eir, eir_len,
3037 EIR_CLASS_OF_DEV, dev_class, 3);
3038
3039 ev->eir_len = cpu_to_le16(eir_len);
3040
3041 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3042 sizeof(*ev) + eir_len, NULL);
3043}
3044
3045static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3046{
3047 struct mgmt_cp_disconnect *cp = cmd->param;
3048 struct sock **sk = data;
3049 struct mgmt_rp_disconnect rp;
3050
3051 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3052 rp.addr.type = cp->addr.type;
3053
3054 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3055 sizeof(rp));
3056
3057 *sk = cmd->sk;
3058 sock_hold(*sk);
3059
3060 mgmt_pending_remove(cmd);
3061}
3062
3063static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3064{
3065 struct hci_dev *hdev = data;
3066 struct mgmt_cp_unpair_device *cp = cmd->param;
3067 struct mgmt_rp_unpair_device rp;
3068
3069 memset(&rp, 0, sizeof(rp));
3070 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3071 rp.addr.type = cp->addr.type;
3072
3073 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3074
3075 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3076
3077 mgmt_pending_remove(cmd);
3078}
3079
3080int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3081 u8 link_type, u8 addr_type)
3082{
3083 struct mgmt_addr_info ev;
3084 struct sock *sk = NULL;
3085 int err;
3086
3087 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3088
3089 bacpy(&ev.bdaddr, bdaddr);
3090 ev.type = link_to_bdaddr(link_type, addr_type);
3091
3092 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3093 sk);
3094
3095 if (sk)
3096 sock_put(sk);
3097
3098 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3099 hdev);
3100
3101 return err;
3102}
3103
3104int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3105 u8 link_type, u8 addr_type, u8 status)
3106{
3107 struct mgmt_rp_disconnect rp;
3108 struct pending_cmd *cmd;
3109 int err;
3110
3111 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3112 if (!cmd)
3113 return -ENOENT;
3114
3115 bacpy(&rp.addr.bdaddr, bdaddr);
3116 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3117
3118 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3119 mgmt_status(status), &rp, sizeof(rp));
3120
3121 mgmt_pending_remove(cmd);
3122
3123 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3124 hdev);
3125 return err;
3126}
3127
3128int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3129 u8 addr_type, u8 status)
3130{
3131 struct mgmt_ev_connect_failed ev;
3132
3133 bacpy(&ev.addr.bdaddr, bdaddr);
3134 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3135 ev.status = mgmt_status(status);
3136
3137 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3138}
3139
3140int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3141{
3142 struct mgmt_ev_pin_code_request ev;
3143
3144 bacpy(&ev.addr.bdaddr, bdaddr);
3145 ev.addr.type = BDADDR_BREDR;
3146 ev.secure = secure;
3147
3148 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3149 NULL);
3150}
3151
3152int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3153 u8 status)
3154{
3155 struct pending_cmd *cmd;
3156 struct mgmt_rp_pin_code_reply rp;
3157 int err;
3158
3159 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3160 if (!cmd)
3161 return -ENOENT;
3162
3163 bacpy(&rp.addr.bdaddr, bdaddr);
3164 rp.addr.type = BDADDR_BREDR;
3165
3166 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3167 mgmt_status(status), &rp, sizeof(rp));
3168
3169 mgmt_pending_remove(cmd);
3170
3171 return err;
3172}
3173
3174int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3175 u8 status)
3176{
3177 struct pending_cmd *cmd;
3178 struct mgmt_rp_pin_code_reply rp;
3179 int err;
3180
3181 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3182 if (!cmd)
3183 return -ENOENT;
3184
3185 bacpy(&rp.addr.bdaddr, bdaddr);
3186 rp.addr.type = BDADDR_BREDR;
3187
3188 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3189 mgmt_status(status), &rp, sizeof(rp));
3190
3191 mgmt_pending_remove(cmd);
3192
3193 return err;
3194}
3195
3196int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3197 u8 link_type, u8 addr_type, __le32 value,
3198 u8 confirm_hint)
3199{
3200 struct mgmt_ev_user_confirm_request ev;
3201
3202 BT_DBG("%s", hdev->name);
3203
3204 bacpy(&ev.addr.bdaddr, bdaddr);
3205 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3206 ev.confirm_hint = confirm_hint;
3207 ev.value = value;
3208
3209 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3210 NULL);
3211}
3212
3213int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3214 u8 link_type, u8 addr_type)
3215{
3216 struct mgmt_ev_user_passkey_request ev;
3217
3218 BT_DBG("%s", hdev->name);
3219
3220 bacpy(&ev.addr.bdaddr, bdaddr);
3221 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3222
3223 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3224 NULL);
3225}
3226
3227static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3228 u8 link_type, u8 addr_type, u8 status,
3229 u8 opcode)
3230{
3231 struct pending_cmd *cmd;
3232 struct mgmt_rp_user_confirm_reply rp;
3233 int err;
3234
3235 cmd = mgmt_pending_find(opcode, hdev);
3236 if (!cmd)
3237 return -ENOENT;
3238
3239 bacpy(&rp.addr.bdaddr, bdaddr);
3240 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3241 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3242 &rp, sizeof(rp));
3243
3244 mgmt_pending_remove(cmd);
3245
3246 return err;
3247}
3248
3249int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3250 u8 link_type, u8 addr_type, u8 status)
3251{
3252 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3253 status, MGMT_OP_USER_CONFIRM_REPLY);
3254}
3255
3256int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3257 u8 link_type, u8 addr_type, u8 status)
3258{
3259 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3260 status,
3261 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3262}
3263
3264int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3265 u8 link_type, u8 addr_type, u8 status)
3266{
3267 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3268 status, MGMT_OP_USER_PASSKEY_REPLY);
3269}
3270
3271int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3272 u8 link_type, u8 addr_type, u8 status)
3273{
3274 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3275 status,
3276 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3277}
3278
3279int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3280 u8 addr_type, u8 status)
3281{
3282 struct mgmt_ev_auth_failed ev;
3283
3284 bacpy(&ev.addr.bdaddr, bdaddr);
3285 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3286 ev.status = mgmt_status(status);
3287
3288 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3289}
3290
3291int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3292{
3293 struct cmd_lookup match = { NULL, hdev };
3294 bool changed = false;
3295 int err = 0;
3296
3297 if (status) {
3298 u8 mgmt_err = mgmt_status(status);
3299 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3300 cmd_status_rsp, &mgmt_err);
3301 return 0;
3302 }
3303
3304 if (test_bit(HCI_AUTH, &hdev->flags)) {
3305 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3306 changed = true;
3307 } else {
3308 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3309 changed = true;
3310 }
3311
3312 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3313 &match);
3314
3315 if (changed)
3316 err = new_settings(hdev, match.sk);
3317
3318 if (match.sk)
3319 sock_put(match.sk);
3320
3321 return err;
3322}
3323
3324static int clear_eir(struct hci_dev *hdev)
3325{
3326 struct hci_cp_write_eir cp;
3327
3328 if (!(hdev->features[6] & LMP_EXT_INQ))
3329 return 0;
3330
3331 memset(hdev->eir, 0, sizeof(hdev->eir));
3332
3333 memset(&cp, 0, sizeof(cp));
3334
3335 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3336}
3337
3338int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3339{
3340 struct cmd_lookup match = { NULL, hdev };
3341 bool changed = false;
3342 int err = 0;
3343
3344 if (status) {
3345 u8 mgmt_err = mgmt_status(status);
3346
3347 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3348 &hdev->dev_flags))
3349 err = new_settings(hdev, NULL);
3350
3351 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3352 &mgmt_err);
3353
3354 return err;
3355 }
3356
3357 if (enable) {
3358 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3359 changed = true;
3360 } else {
3361 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3362 changed = true;
3363 }
3364
3365 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3366
3367 if (changed)
3368 err = new_settings(hdev, match.sk);
3369
3370 if (match.sk)
3371 sock_put(match.sk);
3372
3373 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3374 update_eir(hdev);
3375 else
3376 clear_eir(hdev);
3377
3378 return err;
3379}
3380
3381static void class_rsp(struct pending_cmd *cmd, void *data)
3382{
3383 struct cmd_lookup *match = data;
3384
3385 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3386 match->hdev->dev_class, 3);
3387
3388 list_del(&cmd->list);
3389
3390 if (match->sk == NULL) {
3391 match->sk = cmd->sk;
3392 sock_hold(match->sk);
3393 }
3394
3395 mgmt_pending_free(cmd);
3396}
3397
3398int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3399 u8 status)
3400{
3401 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3402 int err = 0;
3403
3404 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3405
3406 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3407 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3408 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3409
3410 if (!status)
3411 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3412 3, NULL);
3413
3414 if (match.sk)
3415 sock_put(match.sk);
3416
3417 return err;
3418}
3419
3420int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3421{
3422 struct pending_cmd *cmd;
3423 struct mgmt_cp_set_local_name ev;
3424 bool changed = false;
3425 int err = 0;
3426
3427 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3428 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3429 changed = true;
3430 }
3431
3432 memset(&ev, 0, sizeof(ev));
3433 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3434 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3435
3436 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3437 if (!cmd)
3438 goto send_event;
3439
3440
3441
3442 changed = true;
3443
3444 if (status) {
3445 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3446 mgmt_status(status));
3447 goto failed;
3448 }
3449
3450 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3451 sizeof(ev));
3452 if (err < 0)
3453 goto failed;
3454
3455send_event:
3456 if (changed)
3457 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3458 sizeof(ev), cmd ? cmd->sk : NULL);
3459
3460 update_eir(hdev);
3461
3462failed:
3463 if (cmd)
3464 mgmt_pending_remove(cmd);
3465 return err;
3466}
3467
3468int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3469 u8 *randomizer, u8 status)
3470{
3471 struct pending_cmd *cmd;
3472 int err;
3473
3474 BT_DBG("%s status %u", hdev->name, status);
3475
3476 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3477 if (!cmd)
3478 return -ENOENT;
3479
3480 if (status) {
3481 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3482 mgmt_status(status));
3483 } else {
3484 struct mgmt_rp_read_local_oob_data rp;
3485
3486 memcpy(rp.hash, hash, sizeof(rp.hash));
3487 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3488
3489 err = cmd_complete(cmd->sk, hdev->id,
3490 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3491 sizeof(rp));
3492 }
3493
3494 mgmt_pending_remove(cmd);
3495
3496 return err;
3497}
3498
3499int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3500{
3501 struct cmd_lookup match = { NULL, hdev };
3502 bool changed = false;
3503 int err = 0;
3504
3505 if (status) {
3506 u8 mgmt_err = mgmt_status(status);
3507
3508 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3509 &hdev->dev_flags))
3510 err = new_settings(hdev, NULL);
3511
3512 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3513 &mgmt_err);
3514
3515 return err;
3516 }
3517
3518 if (enable) {
3519 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3520 changed = true;
3521 } else {
3522 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3523 changed = true;
3524 }
3525
3526 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3527
3528 if (changed)
3529 err = new_settings(hdev, match.sk);
3530
3531 if (match.sk)
3532 sock_put(match.sk);
3533
3534 return err;
3535}
3536
3537int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3538 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3539 ssp, u8 *eir, u16 eir_len)
3540{
3541 char buf[512];
3542 struct mgmt_ev_device_found *ev = (void *) buf;
3543 size_t ev_size;
3544
3545
3546 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3547 return -EINVAL;
3548
3549 memset(buf, 0, sizeof(buf));
3550
3551 bacpy(&ev->addr.bdaddr, bdaddr);
3552 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3553 ev->rssi = rssi;
3554 if (cfm_name)
3555 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3556 if (!ssp)
3557 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3558
3559 if (eir_len > 0)
3560 memcpy(ev->eir, eir, eir_len);
3561
3562 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3563 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3564 dev_class, 3);
3565
3566 ev->eir_len = cpu_to_le16(eir_len);
3567 ev_size = sizeof(*ev) + eir_len;
3568
3569 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3570}
3571
3572int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3573 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3574{
3575 struct mgmt_ev_device_found *ev;
3576 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3577 u16 eir_len;
3578
3579 ev = (struct mgmt_ev_device_found *) buf;
3580
3581 memset(buf, 0, sizeof(buf));
3582
3583 bacpy(&ev->addr.bdaddr, bdaddr);
3584 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3585 ev->rssi = rssi;
3586
3587 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3588 name_len);
3589
3590 ev->eir_len = cpu_to_le16(eir_len);
3591
3592 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3593 sizeof(*ev) + eir_len, NULL);
3594}
3595
3596int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3597{
3598 struct pending_cmd *cmd;
3599 u8 type;
3600 int err;
3601
3602 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3603
3604 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3605 if (!cmd)
3606 return -ENOENT;
3607
3608 type = hdev->discovery.type;
3609
3610 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3611 &type, sizeof(type));
3612 mgmt_pending_remove(cmd);
3613
3614 return err;
3615}
3616
3617int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3618{
3619 struct pending_cmd *cmd;
3620 int err;
3621
3622 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3623 if (!cmd)
3624 return -ENOENT;
3625
3626 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3627 &hdev->discovery.type, sizeof(hdev->discovery.type));
3628 mgmt_pending_remove(cmd);
3629
3630 return err;
3631}
3632
3633int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3634{
3635 struct mgmt_ev_discovering ev;
3636 struct pending_cmd *cmd;
3637
3638 BT_DBG("%s discovering %u", hdev->name, discovering);
3639
3640 if (discovering)
3641 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3642 else
3643 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3644
3645 if (cmd != NULL) {
3646 u8 type = hdev->discovery.type;
3647
3648 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3649 sizeof(type));
3650 mgmt_pending_remove(cmd);
3651 }
3652
3653 memset(&ev, 0, sizeof(ev));
3654 ev.type = hdev->discovery.type;
3655 ev.discovering = discovering;
3656
3657 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3658}
3659
3660int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3661{
3662 struct pending_cmd *cmd;
3663 struct mgmt_ev_device_blocked ev;
3664
3665 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3666
3667 bacpy(&ev.addr.bdaddr, bdaddr);
3668 ev.addr.type = type;
3669
3670 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3671 cmd ? cmd->sk : NULL);
3672}
3673
3674int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3675{
3676 struct pending_cmd *cmd;
3677 struct mgmt_ev_device_unblocked ev;
3678
3679 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3680
3681 bacpy(&ev.addr.bdaddr, bdaddr);
3682 ev.addr.type = type;
3683
3684 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3685 cmd ? cmd->sk : NULL);
3686}
3687
3688module_param(enable_hs, bool, 0644);
3689MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3690
