1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/smp.h>
34
35bool enable_hs;
36
37#define MGMT_VERSION 1
38#define MGMT_REVISION 1
39
40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102};
103
104
105
106
107
108#define LE_SCAN_TYPE 0x01
109#define LE_SCAN_WIN 0x12
110#define LE_SCAN_INT 0x12
111#define LE_SCAN_TIMEOUT_LE_ONLY 10240
112#define LE_SCAN_TIMEOUT_BREDR_LE 5120
113
114#define INQUIRY_LEN_BREDR 0x08
115#define INQUIRY_LEN_BREDR_LE 0x04
116
117#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
118
119#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
121
122struct pending_cmd {
123 struct list_head list;
124 u16 opcode;
125 int index;
126 void *param;
127 struct sock *sk;
128 void *user_data;
129};
130
131
132static u8 mgmt_status_table[] = {
133 MGMT_STATUS_SUCCESS,
134 MGMT_STATUS_UNKNOWN_COMMAND,
135 MGMT_STATUS_NOT_CONNECTED,
136 MGMT_STATUS_FAILED,
137 MGMT_STATUS_CONNECT_FAILED,
138 MGMT_STATUS_AUTH_FAILED,
139 MGMT_STATUS_NOT_PAIRED,
140 MGMT_STATUS_NO_RESOURCES,
141 MGMT_STATUS_TIMEOUT,
142 MGMT_STATUS_NO_RESOURCES,
143 MGMT_STATUS_NO_RESOURCES,
144 MGMT_STATUS_ALREADY_CONNECTED,
145 MGMT_STATUS_BUSY,
146 MGMT_STATUS_NO_RESOURCES,
147 MGMT_STATUS_REJECTED,
148 MGMT_STATUS_REJECTED,
149 MGMT_STATUS_TIMEOUT,
150 MGMT_STATUS_NOT_SUPPORTED,
151 MGMT_STATUS_INVALID_PARAMS,
152 MGMT_STATUS_DISCONNECTED,
153 MGMT_STATUS_NO_RESOURCES,
154 MGMT_STATUS_DISCONNECTED,
155 MGMT_STATUS_DISCONNECTED,
156 MGMT_STATUS_BUSY,
157 MGMT_STATUS_REJECTED,
158 MGMT_STATUS_FAILED,
159 MGMT_STATUS_NOT_SUPPORTED,
160 MGMT_STATUS_REJECTED,
161 MGMT_STATUS_REJECTED,
162 MGMT_STATUS_REJECTED,
163 MGMT_STATUS_INVALID_PARAMS,
164 MGMT_STATUS_FAILED,
165 MGMT_STATUS_NOT_SUPPORTED,
166 MGMT_STATUS_FAILED,
167 MGMT_STATUS_TIMEOUT,
168 MGMT_STATUS_FAILED,
169 MGMT_STATUS_FAILED,
170 MGMT_STATUS_REJECTED,
171 MGMT_STATUS_FAILED,
172 MGMT_STATUS_NOT_SUPPORTED,
173 MGMT_STATUS_TIMEOUT,
174 MGMT_STATUS_NOT_SUPPORTED,
175 MGMT_STATUS_FAILED,
176 MGMT_STATUS_INVALID_PARAMS,
177 MGMT_STATUS_REJECTED,
178 MGMT_STATUS_NOT_SUPPORTED,
179 MGMT_STATUS_REJECTED,
180 MGMT_STATUS_INVALID_PARAMS,
181 MGMT_STATUS_BUSY,
182 MGMT_STATUS_FAILED,
183 MGMT_STATUS_FAILED,
184 MGMT_STATUS_INVALID_PARAMS,
185 MGMT_STATUS_NOT_SUPPORTED,
186 MGMT_STATUS_BUSY,
187 MGMT_STATUS_REJECTED,
188 MGMT_STATUS_BUSY,
189 MGMT_STATUS_INVALID_PARAMS,
190 MGMT_STATUS_TIMEOUT,
191 MGMT_STATUS_AUTH_FAILED,
192 MGMT_STATUS_CONNECT_FAILED,
193 MGMT_STATUS_CONNECT_FAILED,
194};
195
196static u8 mgmt_status(u8 hci_status)
197{
198 if (hci_status < ARRAY_SIZE(mgmt_status_table))
199 return mgmt_status_table[hci_status];
200
201 return MGMT_STATUS_FAILED;
202}
203
204static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
205{
206 struct sk_buff *skb;
207 struct mgmt_hdr *hdr;
208 struct mgmt_ev_cmd_status *ev;
209 int err;
210
211 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
212
213 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
214 if (!skb)
215 return -ENOMEM;
216
217 hdr = (void *) skb_put(skb, sizeof(*hdr));
218
219 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
220 hdr->index = cpu_to_le16(index);
221 hdr->len = cpu_to_le16(sizeof(*ev));
222
223 ev = (void *) skb_put(skb, sizeof(*ev));
224 ev->status = status;
225 ev->opcode = cpu_to_le16(cmd);
226
227 err = sock_queue_rcv_skb(sk, skb);
228 if (err < 0)
229 kfree_skb(skb);
230
231 return err;
232}
233
234static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
235 void *rp, size_t rp_len)
236{
237 struct sk_buff *skb;
238 struct mgmt_hdr *hdr;
239 struct mgmt_ev_cmd_complete *ev;
240 int err;
241
242 BT_DBG("sock %p", sk);
243
244 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
245 if (!skb)
246 return -ENOMEM;
247
248 hdr = (void *) skb_put(skb, sizeof(*hdr));
249
250 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
251 hdr->index = cpu_to_le16(index);
252 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
253
254 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
255 ev->opcode = cpu_to_le16(cmd);
256 ev->status = status;
257
258 if (rp)
259 memcpy(ev->data, rp, rp_len);
260
261 err = sock_queue_rcv_skb(sk, skb);
262 if (err < 0)
263 kfree_skb(skb);
264
265 return err;
266}
267
268static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
269 u16 data_len)
270{
271 struct mgmt_rp_read_version rp;
272
273 BT_DBG("sock %p", sk);
274
275 rp.version = MGMT_VERSION;
276 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
277
278 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
279 sizeof(rp));
280}
281
282static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
283 u16 data_len)
284{
285 struct mgmt_rp_read_commands *rp;
286 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 const u16 num_events = ARRAY_SIZE(mgmt_events);
288 __le16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 rp->num_commands = __constant_cpu_to_le16(num_commands);
301 rp->num_events = __constant_cpu_to_le16(num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
316static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
317 u16 data_len)
318{
319 struct mgmt_rp_read_index_list *rp;
320 struct list_head *p;
321 struct hci_dev *d;
322 size_t rp_len;
323 u16 count;
324 int i, err;
325
326 BT_DBG("sock %p", sk);
327
328 read_lock(&hci_dev_list_lock);
329
330 count = 0;
331 list_for_each(p, &hci_dev_list) {
332 count++;
333 }
334
335 rp_len = sizeof(*rp) + (2 * count);
336 rp = kmalloc(rp_len, GFP_ATOMIC);
337 if (!rp) {
338 read_unlock(&hci_dev_list_lock);
339 return -ENOMEM;
340 }
341
342 rp->num_controllers = cpu_to_le16(count);
343
344 i = 0;
345 list_for_each_entry(d, &hci_dev_list, list) {
346 if (test_bit(HCI_SETUP, &d->dev_flags))
347 continue;
348
349 rp->index[i++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
351 }
352
353 read_unlock(&hci_dev_list_lock);
354
355 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
356 rp_len);
357
358 kfree(rp);
359
360 return err;
361}
362
363static u32 get_supported_settings(struct hci_dev *hdev)
364{
365 u32 settings = 0;
366
367 settings |= MGMT_SETTING_POWERED;
368 settings |= MGMT_SETTING_CONNECTABLE;
369 settings |= MGMT_SETTING_FAST_CONNECTABLE;
370 settings |= MGMT_SETTING_DISCOVERABLE;
371 settings |= MGMT_SETTING_PAIRABLE;
372
373 if (hdev->features[6] & LMP_SIMPLE_PAIR)
374 settings |= MGMT_SETTING_SSP;
375
376 if (!(hdev->features[4] & LMP_NO_BREDR)) {
377 settings |= MGMT_SETTING_BREDR;
378 settings |= MGMT_SETTING_LINK_SECURITY;
379 }
380
381 if (enable_hs)
382 settings |= MGMT_SETTING_HS;
383
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386
387 return settings;
388}
389
390static u32 get_current_settings(struct hci_dev *hdev)
391{
392 u32 settings = 0;
393
394 if (hdev_is_powered(hdev))
395 settings |= MGMT_SETTING_POWERED;
396
397 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
398 settings |= MGMT_SETTING_CONNECTABLE;
399
400 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
401 settings |= MGMT_SETTING_DISCOVERABLE;
402
403 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
404 settings |= MGMT_SETTING_PAIRABLE;
405
406 if (!(hdev->features[4] & LMP_NO_BREDR))
407 settings |= MGMT_SETTING_BREDR;
408
409 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
410 settings |= MGMT_SETTING_LE;
411
412 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
413 settings |= MGMT_SETTING_LINK_SECURITY;
414
415 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
416 settings |= MGMT_SETTING_SSP;
417
418 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
419 settings |= MGMT_SETTING_HS;
420
421 return settings;
422}
423
424#define PNP_INFO_SVCLASS_ID 0x1200
425
426static u8 bluetooth_base_uuid[] = {
427 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
428 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
429};
430
431static u16 get_uuid16(u8 *uuid128)
432{
433 u32 val;
434 int i;
435
436 for (i = 0; i < 12; i++) {
437 if (bluetooth_base_uuid[i] != uuid128[i])
438 return 0;
439 }
440
441 val = get_unaligned_le32(&uuid128[12]);
442 if (val > 0xffff)
443 return 0;
444
445 return (u16) val;
446}
447
448static void create_eir(struct hci_dev *hdev, u8 *data)
449{
450 u8 *ptr = data;
451 u16 eir_len = 0;
452 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
453 int i, truncated = 0;
454 struct bt_uuid *uuid;
455 size_t name_len;
456
457 name_len = strlen(hdev->dev_name);
458
459 if (name_len > 0) {
460
461 if (name_len > 48) {
462 name_len = 48;
463 ptr[1] = EIR_NAME_SHORT;
464 } else
465 ptr[1] = EIR_NAME_COMPLETE;
466
467
468 ptr[0] = name_len + 1;
469
470 memcpy(ptr + 2, hdev->dev_name, name_len);
471
472 eir_len += (name_len + 2);
473 ptr += (name_len + 2);
474 }
475
476 if (hdev->inq_tx_power) {
477 ptr[0] = 2;
478 ptr[1] = EIR_TX_POWER;
479 ptr[2] = (u8) hdev->inq_tx_power;
480
481 eir_len += 3;
482 ptr += 3;
483 }
484
485 if (hdev->devid_source > 0) {
486 ptr[0] = 9;
487 ptr[1] = EIR_DEVICE_ID;
488
489 put_unaligned_le16(hdev->devid_source, ptr + 2);
490 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
491 put_unaligned_le16(hdev->devid_product, ptr + 6);
492 put_unaligned_le16(hdev->devid_version, ptr + 8);
493
494 eir_len += 10;
495 ptr += 10;
496 }
497
498 memset(uuid16_list, 0, sizeof(uuid16_list));
499
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 u16 uuid16;
503
504 uuid16 = get_uuid16(uuid->uuid);
505 if (uuid16 == 0)
506 return;
507
508 if (uuid16 < 0x1100)
509 continue;
510
511 if (uuid16 == PNP_INFO_SVCLASS_ID)
512 continue;
513
514
515 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
516 truncated = 1;
517 break;
518 }
519
520
521 for (i = 0; uuid16_list[i] != 0; i++)
522 if (uuid16_list[i] == uuid16)
523 break;
524
525 if (uuid16_list[i] == 0) {
526 uuid16_list[i] = uuid16;
527 eir_len += sizeof(u16);
528 }
529 }
530
531 if (uuid16_list[0] != 0) {
532 u8 *length = ptr;
533
534
535 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
536
537 ptr += 2;
538 eir_len += 2;
539
540 for (i = 0; uuid16_list[i] != 0; i++) {
541 *ptr++ = (uuid16_list[i] & 0x00ff);
542 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
543 }
544
545
546 *length = (i * sizeof(u16)) + 1;
547 }
548}
549
550static int update_eir(struct hci_dev *hdev)
551{
552 struct hci_cp_write_eir cp;
553
554 if (!hdev_is_powered(hdev))
555 return 0;
556
557 if (!(hdev->features[6] & LMP_EXT_INQ))
558 return 0;
559
560 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
561 return 0;
562
563 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
564 return 0;
565
566 memset(&cp, 0, sizeof(cp));
567
568 create_eir(hdev, cp.data);
569
570 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
571 return 0;
572
573 memcpy(hdev->eir, cp.data, sizeof(cp.data));
574
575 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
576}
577
578static u8 get_service_classes(struct hci_dev *hdev)
579{
580 struct bt_uuid *uuid;
581 u8 val = 0;
582
583 list_for_each_entry(uuid, &hdev->uuids, list)
584 val |= uuid->svc_hint;
585
586 return val;
587}
588
589static int update_class(struct hci_dev *hdev)
590{
591 u8 cod[3];
592 int err;
593
594 BT_DBG("%s", hdev->name);
595
596 if (!hdev_is_powered(hdev))
597 return 0;
598
599 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
600 return 0;
601
602 cod[0] = hdev->minor_class;
603 cod[1] = hdev->major_class;
604 cod[2] = get_service_classes(hdev);
605
606 if (memcmp(cod, hdev->dev_class, 3) == 0)
607 return 0;
608
609 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
610 if (err == 0)
611 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
612
613 return err;
614}
615
616static void service_cache_off(struct work_struct *work)
617{
618 struct hci_dev *hdev = container_of(work, struct hci_dev,
619 service_cache.work);
620
621 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
622 return;
623
624 hci_dev_lock(hdev);
625
626 update_eir(hdev);
627 update_class(hdev);
628
629 hci_dev_unlock(hdev);
630}
631
632static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
633{
634 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
635 return;
636
637 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
638
639
640
641
642
643
644 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
645}
646
647static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
648 void *data, u16 data_len)
649{
650 struct mgmt_rp_read_info rp;
651
652 BT_DBG("sock %p %s", sk, hdev->name);
653
654 hci_dev_lock(hdev);
655
656 memset(&rp, 0, sizeof(rp));
657
658 bacpy(&rp.bdaddr, &hdev->bdaddr);
659
660 rp.version = hdev->hci_ver;
661 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
662
663 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
664 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
665
666 memcpy(rp.dev_class, hdev->dev_class, 3);
667
668 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
669 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
670
671 hci_dev_unlock(hdev);
672
673 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
674 sizeof(rp));
675}
676
677static void mgmt_pending_free(struct pending_cmd *cmd)
678{
679 sock_put(cmd->sk);
680 kfree(cmd->param);
681 kfree(cmd);
682}
683
684static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
685 struct hci_dev *hdev, void *data,
686 u16 len)
687{
688 struct pending_cmd *cmd;
689
690 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
691 if (!cmd)
692 return NULL;
693
694 cmd->opcode = opcode;
695 cmd->index = hdev->id;
696
697 cmd->param = kmalloc(len, GFP_KERNEL);
698 if (!cmd->param) {
699 kfree(cmd);
700 return NULL;
701 }
702
703 if (data)
704 memcpy(cmd->param, data, len);
705
706 cmd->sk = sk;
707 sock_hold(sk);
708
709 list_add(&cmd->list, &hdev->mgmt_pending);
710
711 return cmd;
712}
713
714static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
715 void (*cb)(struct pending_cmd *cmd,
716 void *data),
717 void *data)
718{
719 struct list_head *p, *n;
720
721 list_for_each_safe(p, n, &hdev->mgmt_pending) {
722 struct pending_cmd *cmd;
723
724 cmd = list_entry(p, struct pending_cmd, list);
725
726 if (opcode > 0 && cmd->opcode != opcode)
727 continue;
728
729 cb(cmd, data);
730 }
731}
732
733static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
734{
735 struct pending_cmd *cmd;
736
737 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
738 if (cmd->opcode == opcode)
739 return cmd;
740 }
741
742 return NULL;
743}
744
745static void mgmt_pending_remove(struct pending_cmd *cmd)
746{
747 list_del(&cmd->list);
748 mgmt_pending_free(cmd);
749}
750
751static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
752{
753 __le32 settings = cpu_to_le32(get_current_settings(hdev));
754
755 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
756 sizeof(settings));
757}
758
759static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
760 u16 len)
761{
762 struct mgmt_mode *cp = data;
763 struct pending_cmd *cmd;
764 int err;
765
766 BT_DBG("request for %s", hdev->name);
767
768 hci_dev_lock(hdev);
769
770 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
771 cancel_delayed_work(&hdev->power_off);
772
773 if (cp->val) {
774 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
775 mgmt_powered(hdev, 1);
776 goto failed;
777 }
778 }
779
780 if (!!cp->val == hdev_is_powered(hdev)) {
781 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
782 goto failed;
783 }
784
785 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
786 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
787 MGMT_STATUS_BUSY);
788 goto failed;
789 }
790
791 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
792 if (!cmd) {
793 err = -ENOMEM;
794 goto failed;
795 }
796
797 if (cp->val)
798 schedule_work(&hdev->power_on);
799 else
800 schedule_work(&hdev->power_off.work);
801
802 err = 0;
803
804failed:
805 hci_dev_unlock(hdev);
806 return err;
807}
808
809static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
810 struct sock *skip_sk)
811{
812 struct sk_buff *skb;
813 struct mgmt_hdr *hdr;
814
815 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
816 if (!skb)
817 return -ENOMEM;
818
819 hdr = (void *) skb_put(skb, sizeof(*hdr));
820 hdr->opcode = cpu_to_le16(event);
821 if (hdev)
822 hdr->index = cpu_to_le16(hdev->id);
823 else
824 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
825 hdr->len = cpu_to_le16(data_len);
826
827 if (data)
828 memcpy(skb_put(skb, data_len), data, data_len);
829
830
831 __net_timestamp(skb);
832
833 hci_send_to_control(skb, skip_sk);
834 kfree_skb(skb);
835
836 return 0;
837}
838
839static int new_settings(struct hci_dev *hdev, struct sock *skip)
840{
841 __le32 ev;
842
843 ev = cpu_to_le32(get_current_settings(hdev));
844
845 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
846}
847
848static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
849 u16 len)
850{
851 struct mgmt_cp_set_discoverable *cp = data;
852 struct pending_cmd *cmd;
853 u16 timeout;
854 u8 scan;
855 int err;
856
857 BT_DBG("request for %s", hdev->name);
858
859 timeout = __le16_to_cpu(cp->timeout);
860 if (!cp->val && timeout > 0)
861 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
862 MGMT_STATUS_INVALID_PARAMS);
863
864 hci_dev_lock(hdev);
865
866 if (!hdev_is_powered(hdev) && timeout > 0) {
867 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
868 MGMT_STATUS_NOT_POWERED);
869 goto failed;
870 }
871
872 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
873 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
874 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
875 MGMT_STATUS_BUSY);
876 goto failed;
877 }
878
879 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
880 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
881 MGMT_STATUS_REJECTED);
882 goto failed;
883 }
884
885 if (!hdev_is_powered(hdev)) {
886 bool changed = false;
887
888 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
889 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
890 changed = true;
891 }
892
893 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
894 if (err < 0)
895 goto failed;
896
897 if (changed)
898 err = new_settings(hdev, sk);
899
900 goto failed;
901 }
902
903 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
904 if (hdev->discov_timeout > 0) {
905 cancel_delayed_work(&hdev->discov_off);
906 hdev->discov_timeout = 0;
907 }
908
909 if (cp->val && timeout > 0) {
910 hdev->discov_timeout = timeout;
911 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
912 msecs_to_jiffies(hdev->discov_timeout * 1000));
913 }
914
915 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
916 goto failed;
917 }
918
919 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
920 if (!cmd) {
921 err = -ENOMEM;
922 goto failed;
923 }
924
925 scan = SCAN_PAGE;
926
927 if (cp->val)
928 scan |= SCAN_INQUIRY;
929 else
930 cancel_delayed_work(&hdev->discov_off);
931
932 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
933 if (err < 0)
934 mgmt_pending_remove(cmd);
935
936 if (cp->val)
937 hdev->discov_timeout = timeout;
938
939failed:
940 hci_dev_unlock(hdev);
941 return err;
942}
943
944static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
945 u16 len)
946{
947 struct mgmt_mode *cp = data;
948 struct pending_cmd *cmd;
949 u8 scan;
950 int err;
951
952 BT_DBG("request for %s", hdev->name);
953
954 hci_dev_lock(hdev);
955
956 if (!hdev_is_powered(hdev)) {
957 bool changed = false;
958
959 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
960 changed = true;
961
962 if (cp->val) {
963 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
964 } else {
965 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
966 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
967 }
968
969 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
970 if (err < 0)
971 goto failed;
972
973 if (changed)
974 err = new_settings(hdev, sk);
975
976 goto failed;
977 }
978
979 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
980 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
981 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
982 MGMT_STATUS_BUSY);
983 goto failed;
984 }
985
986 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
987 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
988 goto failed;
989 }
990
991 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
992 if (!cmd) {
993 err = -ENOMEM;
994 goto failed;
995 }
996
997 if (cp->val) {
998 scan = SCAN_PAGE;
999 } else {
1000 scan = 0;
1001
1002 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1003 hdev->discov_timeout > 0)
1004 cancel_delayed_work(&hdev->discov_off);
1005 }
1006
1007 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1008 if (err < 0)
1009 mgmt_pending_remove(cmd);
1010
1011failed:
1012 hci_dev_unlock(hdev);
1013 return err;
1014}
1015
1016static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1017 u16 len)
1018{
1019 struct mgmt_mode *cp = data;
1020 int err;
1021
1022 BT_DBG("request for %s", hdev->name);
1023
1024 hci_dev_lock(hdev);
1025
1026 if (cp->val)
1027 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1028 else
1029 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1030
1031 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1032 if (err < 0)
1033 goto failed;
1034
1035 err = new_settings(hdev, sk);
1036
1037failed:
1038 hci_dev_unlock(hdev);
1039 return err;
1040}
1041
1042static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1043 u16 len)
1044{
1045 struct mgmt_mode *cp = data;
1046 struct pending_cmd *cmd;
1047 u8 val;
1048 int err;
1049
1050 BT_DBG("request for %s", hdev->name);
1051
1052 hci_dev_lock(hdev);
1053
1054 if (!hdev_is_powered(hdev)) {
1055 bool changed = false;
1056
1057 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1058 &hdev->dev_flags)) {
1059 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1060 changed = true;
1061 }
1062
1063 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1064 if (err < 0)
1065 goto failed;
1066
1067 if (changed)
1068 err = new_settings(hdev, sk);
1069
1070 goto failed;
1071 }
1072
1073 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1074 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1075 MGMT_STATUS_BUSY);
1076 goto failed;
1077 }
1078
1079 val = !!cp->val;
1080
1081 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1082 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1083 goto failed;
1084 }
1085
1086 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1087 if (!cmd) {
1088 err = -ENOMEM;
1089 goto failed;
1090 }
1091
1092 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1093 if (err < 0) {
1094 mgmt_pending_remove(cmd);
1095 goto failed;
1096 }
1097
1098failed:
1099 hci_dev_unlock(hdev);
1100 return err;
1101}
1102
1103static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1104{
1105 struct mgmt_mode *cp = data;
1106 struct pending_cmd *cmd;
1107 u8 val;
1108 int err;
1109
1110 BT_DBG("request for %s", hdev->name);
1111
1112 hci_dev_lock(hdev);
1113
1114 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1115 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1116 MGMT_STATUS_NOT_SUPPORTED);
1117 goto failed;
1118 }
1119
1120 val = !!cp->val;
1121
1122 if (!hdev_is_powered(hdev)) {
1123 bool changed = false;
1124
1125 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1126 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1127 changed = true;
1128 }
1129
1130 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1131 if (err < 0)
1132 goto failed;
1133
1134 if (changed)
1135 err = new_settings(hdev, sk);
1136
1137 goto failed;
1138 }
1139
1140 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1141 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1142 MGMT_STATUS_BUSY);
1143 goto failed;
1144 }
1145
1146 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1147 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1148 goto failed;
1149 }
1150
1151 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1152 if (!cmd) {
1153 err = -ENOMEM;
1154 goto failed;
1155 }
1156
1157 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1158 if (err < 0) {
1159 mgmt_pending_remove(cmd);
1160 goto failed;
1161 }
1162
1163failed:
1164 hci_dev_unlock(hdev);
1165 return err;
1166}
1167
1168static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1169{
1170 struct mgmt_mode *cp = data;
1171
1172 BT_DBG("request for %s", hdev->name);
1173
1174 if (!enable_hs)
1175 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1176 MGMT_STATUS_NOT_SUPPORTED);
1177
1178 if (cp->val)
1179 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1180 else
1181 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1182
1183 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1184}
1185
1186static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1187{
1188 struct mgmt_mode *cp = data;
1189 struct hci_cp_write_le_host_supported hci_cp;
1190 struct pending_cmd *cmd;
1191 int err;
1192 u8 val, enabled;
1193
1194 BT_DBG("request for %s", hdev->name);
1195
1196 hci_dev_lock(hdev);
1197
1198 if (!(hdev->features[4] & LMP_LE)) {
1199 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1200 MGMT_STATUS_NOT_SUPPORTED);
1201 goto unlock;
1202 }
1203
1204 val = !!cp->val;
1205 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1206
1207 if (!hdev_is_powered(hdev) || val == enabled) {
1208 bool changed = false;
1209
1210 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1211 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1212 changed = true;
1213 }
1214
1215 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1216 if (err < 0)
1217 goto unlock;
1218
1219 if (changed)
1220 err = new_settings(hdev, sk);
1221
1222 goto unlock;
1223 }
1224
1225 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1226 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1227 MGMT_STATUS_BUSY);
1228 goto unlock;
1229 }
1230
1231 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1232 if (!cmd) {
1233 err = -ENOMEM;
1234 goto unlock;
1235 }
1236
1237 memset(&hci_cp, 0, sizeof(hci_cp));
1238
1239 if (val) {
1240 hci_cp.le = val;
1241 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1242 }
1243
1244 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1245 &hci_cp);
1246 if (err < 0)
1247 mgmt_pending_remove(cmd);
1248
1249unlock:
1250 hci_dev_unlock(hdev);
1251 return err;
1252}
1253
1254static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1255{
1256 struct mgmt_cp_add_uuid *cp = data;
1257 struct pending_cmd *cmd;
1258 struct bt_uuid *uuid;
1259 int err;
1260
1261 BT_DBG("request for %s", hdev->name);
1262
1263 hci_dev_lock(hdev);
1264
1265 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1266 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1267 MGMT_STATUS_BUSY);
1268 goto failed;
1269 }
1270
1271 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1272 if (!uuid) {
1273 err = -ENOMEM;
1274 goto failed;
1275 }
1276
1277 memcpy(uuid->uuid, cp->uuid, 16);
1278 uuid->svc_hint = cp->svc_hint;
1279
1280 list_add(&uuid->list, &hdev->uuids);
1281
1282 err = update_class(hdev);
1283 if (err < 0)
1284 goto failed;
1285
1286 err = update_eir(hdev);
1287 if (err < 0)
1288 goto failed;
1289
1290 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1291 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1292 hdev->dev_class, 3);
1293 goto failed;
1294 }
1295
1296 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1297 if (!cmd)
1298 err = -ENOMEM;
1299
1300failed:
1301 hci_dev_unlock(hdev);
1302 return err;
1303}
1304
1305static bool enable_service_cache(struct hci_dev *hdev)
1306{
1307 if (!hdev_is_powered(hdev))
1308 return false;
1309
1310 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1311 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1312 return true;
1313 }
1314
1315 return false;
1316}
1317
1318static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1319 u16 len)
1320{
1321 struct mgmt_cp_remove_uuid *cp = data;
1322 struct pending_cmd *cmd;
1323 struct list_head *p, *n;
1324 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1325 int err, found;
1326
1327 BT_DBG("request for %s", hdev->name);
1328
1329 hci_dev_lock(hdev);
1330
1331 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1332 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1333 MGMT_STATUS_BUSY);
1334 goto unlock;
1335 }
1336
1337 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1338 err = hci_uuids_clear(hdev);
1339
1340 if (enable_service_cache(hdev)) {
1341 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1342 0, hdev->dev_class, 3);
1343 goto unlock;
1344 }
1345
1346 goto update_class;
1347 }
1348
1349 found = 0;
1350
1351 list_for_each_safe(p, n, &hdev->uuids) {
1352 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1353
1354 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1355 continue;
1356
1357 list_del(&match->list);
1358 found++;
1359 }
1360
1361 if (found == 0) {
1362 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1363 MGMT_STATUS_INVALID_PARAMS);
1364 goto unlock;
1365 }
1366
1367update_class:
1368 err = update_class(hdev);
1369 if (err < 0)
1370 goto unlock;
1371
1372 err = update_eir(hdev);
1373 if (err < 0)
1374 goto unlock;
1375
1376 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1377 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1378 hdev->dev_class, 3);
1379 goto unlock;
1380 }
1381
1382 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1383 if (!cmd)
1384 err = -ENOMEM;
1385
1386unlock:
1387 hci_dev_unlock(hdev);
1388 return err;
1389}
1390
1391static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1392 u16 len)
1393{
1394 struct mgmt_cp_set_dev_class *cp = data;
1395 struct pending_cmd *cmd;
1396 int err;
1397
1398 BT_DBG("request for %s", hdev->name);
1399
1400 hci_dev_lock(hdev);
1401
1402 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1403 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1404 MGMT_STATUS_BUSY);
1405 goto unlock;
1406 }
1407
1408 hdev->major_class = cp->major;
1409 hdev->minor_class = cp->minor;
1410
1411 if (!hdev_is_powered(hdev)) {
1412 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1413 hdev->dev_class, 3);
1414 goto unlock;
1415 }
1416
1417 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1418 hci_dev_unlock(hdev);
1419 cancel_delayed_work_sync(&hdev->service_cache);
1420 hci_dev_lock(hdev);
1421 update_eir(hdev);
1422 }
1423
1424 err = update_class(hdev);
1425 if (err < 0)
1426 goto unlock;
1427
1428 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1429 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1430 hdev->dev_class, 3);
1431 goto unlock;
1432 }
1433
1434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1435 if (!cmd)
1436 err = -ENOMEM;
1437
1438unlock:
1439 hci_dev_unlock(hdev);
1440 return err;
1441}
1442
1443static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1444 u16 len)
1445{
1446 struct mgmt_cp_load_link_keys *cp = data;
1447 u16 key_count, expected_len;
1448 int i;
1449
1450 key_count = __le16_to_cpu(cp->key_count);
1451
1452 expected_len = sizeof(*cp) + key_count *
1453 sizeof(struct mgmt_link_key_info);
1454 if (expected_len != len) {
1455 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1456 len, expected_len);
1457 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1458 MGMT_STATUS_INVALID_PARAMS);
1459 }
1460
1461 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1462 key_count);
1463
1464 hci_dev_lock(hdev);
1465
1466 hci_link_keys_clear(hdev);
1467
1468 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1469
1470 if (cp->debug_keys)
1471 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1472 else
1473 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1474
1475 for (i = 0; i < key_count; i++) {
1476 struct mgmt_link_key_info *key = &cp->keys[i];
1477
1478 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1479 key->type, key->pin_len);
1480 }
1481
1482 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1483
1484 hci_dev_unlock(hdev);
1485
1486 return 0;
1487}
1488
1489static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1490 u8 addr_type, struct sock *skip_sk)
1491{
1492 struct mgmt_ev_device_unpaired ev;
1493
1494 bacpy(&ev.addr.bdaddr, bdaddr);
1495 ev.addr.type = addr_type;
1496
1497 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1498 skip_sk);
1499}
1500
1501static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1502 u16 len)
1503{
1504 struct mgmt_cp_unpair_device *cp = data;
1505 struct mgmt_rp_unpair_device rp;
1506 struct hci_cp_disconnect dc;
1507 struct pending_cmd *cmd;
1508 struct hci_conn *conn;
1509 int err;
1510
1511 hci_dev_lock(hdev);
1512
1513 memset(&rp, 0, sizeof(rp));
1514 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1515 rp.addr.type = cp->addr.type;
1516
1517 if (!hdev_is_powered(hdev)) {
1518 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1519 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1520 goto unlock;
1521 }
1522
1523 if (cp->addr.type == BDADDR_BREDR)
1524 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1525 else
1526 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1527
1528 if (err < 0) {
1529 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1530 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1531 goto unlock;
1532 }
1533
1534 if (cp->disconnect) {
1535 if (cp->addr.type == BDADDR_BREDR)
1536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1537 &cp->addr.bdaddr);
1538 else
1539 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1540 &cp->addr.bdaddr);
1541 } else {
1542 conn = NULL;
1543 }
1544
1545 if (!conn) {
1546 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1547 &rp, sizeof(rp));
1548 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1549 goto unlock;
1550 }
1551
1552 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1553 sizeof(*cp));
1554 if (!cmd) {
1555 err = -ENOMEM;
1556 goto unlock;
1557 }
1558
1559 dc.handle = cpu_to_le16(conn->handle);
1560 dc.reason = 0x13;
1561 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1562 if (err < 0)
1563 mgmt_pending_remove(cmd);
1564
1565unlock:
1566 hci_dev_unlock(hdev);
1567 return err;
1568}
1569
1570static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1571 u16 len)
1572{
1573 struct mgmt_cp_disconnect *cp = data;
1574 struct hci_cp_disconnect dc;
1575 struct pending_cmd *cmd;
1576 struct hci_conn *conn;
1577 int err;
1578
1579 BT_DBG("");
1580
1581 hci_dev_lock(hdev);
1582
1583 if (!test_bit(HCI_UP, &hdev->flags)) {
1584 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1585 MGMT_STATUS_NOT_POWERED);
1586 goto failed;
1587 }
1588
1589 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1590 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1591 MGMT_STATUS_BUSY);
1592 goto failed;
1593 }
1594
1595 if (cp->addr.type == BDADDR_BREDR)
1596 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1597 &cp->addr.bdaddr);
1598 else
1599 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1600
1601 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1602 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1603 MGMT_STATUS_NOT_CONNECTED);
1604 goto failed;
1605 }
1606
1607 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1608 if (!cmd) {
1609 err = -ENOMEM;
1610 goto failed;
1611 }
1612
1613 dc.handle = cpu_to_le16(conn->handle);
1614 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1615
1616 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1617 if (err < 0)
1618 mgmt_pending_remove(cmd);
1619
1620failed:
1621 hci_dev_unlock(hdev);
1622 return err;
1623}
1624
1625static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1626{
1627 switch (link_type) {
1628 case LE_LINK:
1629 switch (addr_type) {
1630 case ADDR_LE_DEV_PUBLIC:
1631 return BDADDR_LE_PUBLIC;
1632
1633 default:
1634
1635 return BDADDR_LE_RANDOM;
1636 }
1637
1638 default:
1639
1640 return BDADDR_BREDR;
1641 }
1642}
1643
1644static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1645 u16 data_len)
1646{
1647 struct mgmt_rp_get_connections *rp;
1648 struct hci_conn *c;
1649 size_t rp_len;
1650 int err;
1651 u16 i;
1652
1653 BT_DBG("");
1654
1655 hci_dev_lock(hdev);
1656
1657 if (!hdev_is_powered(hdev)) {
1658 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1659 MGMT_STATUS_NOT_POWERED);
1660 goto unlock;
1661 }
1662
1663 i = 0;
1664 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1665 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1666 i++;
1667 }
1668
1669 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1670 rp = kmalloc(rp_len, GFP_KERNEL);
1671 if (!rp) {
1672 err = -ENOMEM;
1673 goto unlock;
1674 }
1675
1676 i = 0;
1677 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1678 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1679 continue;
1680 bacpy(&rp->addr[i].bdaddr, &c->dst);
1681 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1682 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1683 continue;
1684 i++;
1685 }
1686
1687 rp->conn_count = cpu_to_le16(i);
1688
1689
1690 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1691
1692 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1693 rp_len);
1694
1695 kfree(rp);
1696
1697unlock:
1698 hci_dev_unlock(hdev);
1699 return err;
1700}
1701
1702static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1703 struct mgmt_cp_pin_code_neg_reply *cp)
1704{
1705 struct pending_cmd *cmd;
1706 int err;
1707
1708 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1709 sizeof(*cp));
1710 if (!cmd)
1711 return -ENOMEM;
1712
1713 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1714 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1715 if (err < 0)
1716 mgmt_pending_remove(cmd);
1717
1718 return err;
1719}
1720
1721static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1722 u16 len)
1723{
1724 struct hci_conn *conn;
1725 struct mgmt_cp_pin_code_reply *cp = data;
1726 struct hci_cp_pin_code_reply reply;
1727 struct pending_cmd *cmd;
1728 int err;
1729
1730 BT_DBG("");
1731
1732 hci_dev_lock(hdev);
1733
1734 if (!hdev_is_powered(hdev)) {
1735 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1736 MGMT_STATUS_NOT_POWERED);
1737 goto failed;
1738 }
1739
1740 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1741 if (!conn) {
1742 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1743 MGMT_STATUS_NOT_CONNECTED);
1744 goto failed;
1745 }
1746
1747 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1748 struct mgmt_cp_pin_code_neg_reply ncp;
1749
1750 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1751
1752 BT_ERR("PIN code is not 16 bytes long");
1753
1754 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1755 if (err >= 0)
1756 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1757 MGMT_STATUS_INVALID_PARAMS);
1758
1759 goto failed;
1760 }
1761
1762 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1763 if (!cmd) {
1764 err = -ENOMEM;
1765 goto failed;
1766 }
1767
1768 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1769 reply.pin_len = cp->pin_len;
1770 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1771
1772 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1773 if (err < 0)
1774 mgmt_pending_remove(cmd);
1775
1776failed:
1777 hci_dev_unlock(hdev);
1778 return err;
1779}
1780
1781static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1782 u16 len)
1783{
1784 struct mgmt_cp_set_io_capability *cp = data;
1785
1786 BT_DBG("");
1787
1788 hci_dev_lock(hdev);
1789
1790 hdev->io_capability = cp->io_capability;
1791
1792 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1793 hdev->io_capability);
1794
1795 hci_dev_unlock(hdev);
1796
1797 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1798 0);
1799}
1800
1801static struct pending_cmd *find_pairing(struct hci_conn *conn)
1802{
1803 struct hci_dev *hdev = conn->hdev;
1804 struct pending_cmd *cmd;
1805
1806 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1807 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1808 continue;
1809
1810 if (cmd->user_data != conn)
1811 continue;
1812
1813 return cmd;
1814 }
1815
1816 return NULL;
1817}
1818
1819static void pairing_complete(struct pending_cmd *cmd, u8 status)
1820{
1821 struct mgmt_rp_pair_device rp;
1822 struct hci_conn *conn = cmd->user_data;
1823
1824 bacpy(&rp.addr.bdaddr, &conn->dst);
1825 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1826
1827 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1828 &rp, sizeof(rp));
1829
1830
1831 conn->connect_cfm_cb = NULL;
1832 conn->security_cfm_cb = NULL;
1833 conn->disconn_cfm_cb = NULL;
1834
1835 hci_conn_put(conn);
1836
1837 mgmt_pending_remove(cmd);
1838}
1839
1840static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1841{
1842 struct pending_cmd *cmd;
1843
1844 BT_DBG("status %u", status);
1845
1846 cmd = find_pairing(conn);
1847 if (!cmd)
1848 BT_DBG("Unable to find a pending command");
1849 else
1850 pairing_complete(cmd, mgmt_status(status));
1851}
1852
1853static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1854{
1855 struct pending_cmd *cmd;
1856
1857 BT_DBG("status %u", status);
1858
1859 if (!status)
1860 return;
1861
1862 cmd = find_pairing(conn);
1863 if (!cmd)
1864 BT_DBG("Unable to find a pending command");
1865 else
1866 pairing_complete(cmd, mgmt_status(status));
1867}
1868
1869static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1870 u16 len)
1871{
1872 struct mgmt_cp_pair_device *cp = data;
1873 struct mgmt_rp_pair_device rp;
1874 struct pending_cmd *cmd;
1875 u8 sec_level, auth_type;
1876 struct hci_conn *conn;
1877 int err;
1878
1879 BT_DBG("");
1880
1881 hci_dev_lock(hdev);
1882
1883 if (!hdev_is_powered(hdev)) {
1884 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1885 MGMT_STATUS_NOT_POWERED);
1886 goto unlock;
1887 }
1888
1889 sec_level = BT_SECURITY_MEDIUM;
1890 if (cp->io_cap == 0x03)
1891 auth_type = HCI_AT_DEDICATED_BONDING;
1892 else
1893 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1894
1895 if (cp->addr.type == BDADDR_BREDR)
1896 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1897 cp->addr.type, sec_level, auth_type);
1898 else
1899 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1900 cp->addr.type, sec_level, auth_type);
1901
1902 memset(&rp, 0, sizeof(rp));
1903 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1904 rp.addr.type = cp->addr.type;
1905
1906 if (IS_ERR(conn)) {
1907 int status;
1908
1909 if (PTR_ERR(conn) == -EBUSY)
1910 status = MGMT_STATUS_BUSY;
1911 else
1912 status = MGMT_STATUS_CONNECT_FAILED;
1913
1914 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1915 status, &rp,
1916 sizeof(rp));
1917 goto unlock;
1918 }
1919
1920 if (conn->connect_cfm_cb) {
1921 hci_conn_put(conn);
1922 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1923 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1924 goto unlock;
1925 }
1926
1927 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1928 if (!cmd) {
1929 err = -ENOMEM;
1930 hci_conn_put(conn);
1931 goto unlock;
1932 }
1933
1934
1935 if (cp->addr.type == BDADDR_BREDR)
1936 conn->connect_cfm_cb = pairing_complete_cb;
1937 else
1938 conn->connect_cfm_cb = le_connect_complete_cb;
1939
1940 conn->security_cfm_cb = pairing_complete_cb;
1941 conn->disconn_cfm_cb = pairing_complete_cb;
1942 conn->io_capability = cp->io_cap;
1943 cmd->user_data = conn;
1944
1945 if (conn->state == BT_CONNECTED &&
1946 hci_conn_security(conn, sec_level, auth_type))
1947 pairing_complete(cmd, 0);
1948
1949 err = 0;
1950
1951unlock:
1952 hci_dev_unlock(hdev);
1953 return err;
1954}
1955
1956static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1957 u16 len)
1958{
1959 struct mgmt_addr_info *addr = data;
1960 struct pending_cmd *cmd;
1961 struct hci_conn *conn;
1962 int err;
1963
1964 BT_DBG("");
1965
1966 hci_dev_lock(hdev);
1967
1968 if (!hdev_is_powered(hdev)) {
1969 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1970 MGMT_STATUS_NOT_POWERED);
1971 goto unlock;
1972 }
1973
1974 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1975 if (!cmd) {
1976 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1977 MGMT_STATUS_INVALID_PARAMS);
1978 goto unlock;
1979 }
1980
1981 conn = cmd->user_data;
1982
1983 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1984 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1985 MGMT_STATUS_INVALID_PARAMS);
1986 goto unlock;
1987 }
1988
1989 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1990
1991 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1992 addr, sizeof(*addr));
1993unlock:
1994 hci_dev_unlock(hdev);
1995 return err;
1996}
1997
1998static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1999 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2000 u16 hci_op, __le32 passkey)
2001{
2002 struct pending_cmd *cmd;
2003 struct hci_conn *conn;
2004 int err;
2005
2006 hci_dev_lock(hdev);
2007
2008 if (!hdev_is_powered(hdev)) {
2009 err = cmd_status(sk, hdev->id, mgmt_op,
2010 MGMT_STATUS_NOT_POWERED);
2011 goto done;
2012 }
2013
2014 if (type == BDADDR_BREDR)
2015 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2016 else
2017 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2018
2019 if (!conn) {
2020 err = cmd_status(sk, hdev->id, mgmt_op,
2021 MGMT_STATUS_NOT_CONNECTED);
2022 goto done;
2023 }
2024
2025 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2026
2027 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2028
2029 if (!err)
2030 err = cmd_status(sk, hdev->id, mgmt_op,
2031 MGMT_STATUS_SUCCESS);
2032 else
2033 err = cmd_status(sk, hdev->id, mgmt_op,
2034 MGMT_STATUS_FAILED);
2035
2036 goto done;
2037 }
2038
2039 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2040 if (!cmd) {
2041 err = -ENOMEM;
2042 goto done;
2043 }
2044
2045
2046 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2047 struct hci_cp_user_passkey_reply cp;
2048
2049 bacpy(&cp.bdaddr, bdaddr);
2050 cp.passkey = passkey;
2051 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2052 } else
2053 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2054
2055 if (err < 0)
2056 mgmt_pending_remove(cmd);
2057
2058done:
2059 hci_dev_unlock(hdev);
2060 return err;
2061}
2062
2063static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2064 void *data, u16 len)
2065{
2066 struct mgmt_cp_pin_code_neg_reply *cp = data;
2067
2068 BT_DBG("");
2069
2070 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2071 MGMT_OP_PIN_CODE_NEG_REPLY,
2072 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2073}
2074
2075static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2076 u16 len)
2077{
2078 struct mgmt_cp_user_confirm_reply *cp = data;
2079
2080 BT_DBG("");
2081
2082 if (len != sizeof(*cp))
2083 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2084 MGMT_STATUS_INVALID_PARAMS);
2085
2086 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2087 MGMT_OP_USER_CONFIRM_REPLY,
2088 HCI_OP_USER_CONFIRM_REPLY, 0);
2089}
2090
2091static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2092 void *data, u16 len)
2093{
2094 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2095
2096 BT_DBG("");
2097
2098 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2099 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2100 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2101}
2102
2103static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2104 u16 len)
2105{
2106 struct mgmt_cp_user_passkey_reply *cp = data;
2107
2108 BT_DBG("");
2109
2110 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2111 MGMT_OP_USER_PASSKEY_REPLY,
2112 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2113}
2114
2115static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2116 void *data, u16 len)
2117{
2118 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2119
2120 BT_DBG("");
2121
2122 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2123 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2124 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2125}
2126
2127static int update_name(struct hci_dev *hdev, const char *name)
2128{
2129 struct hci_cp_write_local_name cp;
2130
2131 memcpy(cp.name, name, sizeof(cp.name));
2132
2133 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2134}
2135
2136static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2137 u16 len)
2138{
2139 struct mgmt_cp_set_local_name *cp = data;
2140 struct pending_cmd *cmd;
2141 int err;
2142
2143 BT_DBG("");
2144
2145 hci_dev_lock(hdev);
2146
2147 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2148
2149 if (!hdev_is_powered(hdev)) {
2150 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2151
2152 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2153 data, len);
2154 if (err < 0)
2155 goto failed;
2156
2157 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2158 sk);
2159
2160 goto failed;
2161 }
2162
2163 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2164 if (!cmd) {
2165 err = -ENOMEM;
2166 goto failed;
2167 }
2168
2169 err = update_name(hdev, cp->name);
2170 if (err < 0)
2171 mgmt_pending_remove(cmd);
2172
2173failed:
2174 hci_dev_unlock(hdev);
2175 return err;
2176}
2177
2178static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2179 void *data, u16 data_len)
2180{
2181 struct pending_cmd *cmd;
2182 int err;
2183
2184 BT_DBG("%s", hdev->name);
2185
2186 hci_dev_lock(hdev);
2187
2188 if (!hdev_is_powered(hdev)) {
2189 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2190 MGMT_STATUS_NOT_POWERED);
2191 goto unlock;
2192 }
2193
2194 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2195 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2196 MGMT_STATUS_NOT_SUPPORTED);
2197 goto unlock;
2198 }
2199
2200 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2201 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2202 MGMT_STATUS_BUSY);
2203 goto unlock;
2204 }
2205
2206 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2207 if (!cmd) {
2208 err = -ENOMEM;
2209 goto unlock;
2210 }
2211
2212 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2213 if (err < 0)
2214 mgmt_pending_remove(cmd);
2215
2216unlock:
2217 hci_dev_unlock(hdev);
2218 return err;
2219}
2220
2221static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2222 void *data, u16 len)
2223{
2224 struct mgmt_cp_add_remote_oob_data *cp = data;
2225 u8 status;
2226 int err;
2227
2228 BT_DBG("%s ", hdev->name);
2229
2230 hci_dev_lock(hdev);
2231
2232 if (!hdev_is_powered(hdev)) {
2233 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2234 MGMT_STATUS_NOT_POWERED, &cp->addr,
2235 sizeof(cp->addr));
2236 goto unlock;
2237 }
2238
2239 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2240 cp->randomizer);
2241 if (err < 0)
2242 status = MGMT_STATUS_FAILED;
2243 else
2244 status = 0;
2245
2246 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2247 &cp->addr, sizeof(cp->addr));
2248
2249unlock:
2250 hci_dev_unlock(hdev);
2251 return err;
2252}
2253
2254static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2255 void *data, u16 len)
2256{
2257 struct mgmt_cp_remove_remote_oob_data *cp = data;
2258 u8 status;
2259 int err;
2260
2261 BT_DBG("%s", hdev->name);
2262
2263 hci_dev_lock(hdev);
2264
2265 if (!hdev_is_powered(hdev)) {
2266 err = cmd_complete(sk, hdev->id,
2267 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2268 MGMT_STATUS_NOT_POWERED, &cp->addr,
2269 sizeof(cp->addr));
2270 goto unlock;
2271 }
2272
2273 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2274 if (err < 0)
2275 status = MGMT_STATUS_INVALID_PARAMS;
2276 else
2277 status = 0;
2278
2279 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2280 status, &cp->addr, sizeof(cp->addr));
2281
2282unlock:
2283 hci_dev_unlock(hdev);
2284 return err;
2285}
2286
2287int mgmt_interleaved_discovery(struct hci_dev *hdev)
2288{
2289 int err;
2290
2291 BT_DBG("%s", hdev->name);
2292
2293 hci_dev_lock(hdev);
2294
2295 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2296 if (err < 0)
2297 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2298
2299 hci_dev_unlock(hdev);
2300
2301 return err;
2302}
2303
2304static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2305 void *data, u16 len)
2306{
2307 struct mgmt_cp_start_discovery *cp = data;
2308 struct pending_cmd *cmd;
2309 int err;
2310
2311 BT_DBG("%s", hdev->name);
2312
2313 hci_dev_lock(hdev);
2314
2315 if (!hdev_is_powered(hdev)) {
2316 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2317 MGMT_STATUS_NOT_POWERED);
2318 goto failed;
2319 }
2320
2321 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2322 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2323 MGMT_STATUS_BUSY);
2324 goto failed;
2325 }
2326
2327 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2328 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2329 MGMT_STATUS_BUSY);
2330 goto failed;
2331 }
2332
2333 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2334 if (!cmd) {
2335 err = -ENOMEM;
2336 goto failed;
2337 }
2338
2339 hdev->discovery.type = cp->type;
2340
2341 switch (hdev->discovery.type) {
2342 case DISCOV_TYPE_BREDR:
2343 if (lmp_bredr_capable(hdev))
2344 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2345 else
2346 err = -ENOTSUPP;
2347 break;
2348
2349 case DISCOV_TYPE_LE:
2350 if (lmp_host_le_capable(hdev))
2351 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2352 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2353 else
2354 err = -ENOTSUPP;
2355 break;
2356
2357 case DISCOV_TYPE_INTERLEAVED:
2358 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2359 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2360 LE_SCAN_WIN,
2361 LE_SCAN_TIMEOUT_BREDR_LE);
2362 else
2363 err = -ENOTSUPP;
2364 break;
2365
2366 default:
2367 err = -EINVAL;
2368 }
2369
2370 if (err < 0)
2371 mgmt_pending_remove(cmd);
2372 else
2373 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2374
2375failed:
2376 hci_dev_unlock(hdev);
2377 return err;
2378}
2379
2380static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2381 u16 len)
2382{
2383 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2384 struct pending_cmd *cmd;
2385 struct hci_cp_remote_name_req_cancel cp;
2386 struct inquiry_entry *e;
2387 int err;
2388
2389 BT_DBG("%s", hdev->name);
2390
2391 hci_dev_lock(hdev);
2392
2393 if (!hci_discovery_active(hdev)) {
2394 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2395 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2396 sizeof(mgmt_cp->type));
2397 goto unlock;
2398 }
2399
2400 if (hdev->discovery.type != mgmt_cp->type) {
2401 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2402 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2403 sizeof(mgmt_cp->type));
2404 goto unlock;
2405 }
2406
2407 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2408 if (!cmd) {
2409 err = -ENOMEM;
2410 goto unlock;
2411 }
2412
2413 switch (hdev->discovery.state) {
2414 case DISCOVERY_FINDING:
2415 if (test_bit(HCI_INQUIRY, &hdev->flags))
2416 err = hci_cancel_inquiry(hdev);
2417 else
2418 err = hci_cancel_le_scan(hdev);
2419
2420 break;
2421
2422 case DISCOVERY_RESOLVING:
2423 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2424 NAME_PENDING);
2425 if (!e) {
2426 mgmt_pending_remove(cmd);
2427 err = cmd_complete(sk, hdev->id,
2428 MGMT_OP_STOP_DISCOVERY, 0,
2429 &mgmt_cp->type,
2430 sizeof(mgmt_cp->type));
2431 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2432 goto unlock;
2433 }
2434
2435 bacpy(&cp.bdaddr, &e->data.bdaddr);
2436 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2437 sizeof(cp), &cp);
2438
2439 break;
2440
2441 default:
2442 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2443 err = -EFAULT;
2444 }
2445
2446 if (err < 0)
2447 mgmt_pending_remove(cmd);
2448 else
2449 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2450
2451unlock:
2452 hci_dev_unlock(hdev);
2453 return err;
2454}
2455
2456static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2457 u16 len)
2458{
2459 struct mgmt_cp_confirm_name *cp = data;
2460 struct inquiry_entry *e;
2461 int err;
2462
2463 BT_DBG("%s", hdev->name);
2464
2465 hci_dev_lock(hdev);
2466
2467 if (!hci_discovery_active(hdev)) {
2468 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2469 MGMT_STATUS_FAILED);
2470 goto failed;
2471 }
2472
2473 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2474 if (!e) {
2475 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2476 MGMT_STATUS_INVALID_PARAMS);
2477 goto failed;
2478 }
2479
2480 if (cp->name_known) {
2481 e->name_state = NAME_KNOWN;
2482 list_del(&e->list);
2483 } else {
2484 e->name_state = NAME_NEEDED;
2485 hci_inquiry_cache_update_resolve(hdev, e);
2486 }
2487
2488 err = 0;
2489
2490failed:
2491 hci_dev_unlock(hdev);
2492 return err;
2493}
2494
2495static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2496 u16 len)
2497{
2498 struct mgmt_cp_block_device *cp = data;
2499 u8 status;
2500 int err;
2501
2502 BT_DBG("%s", hdev->name);
2503
2504 hci_dev_lock(hdev);
2505
2506 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2507 if (err < 0)
2508 status = MGMT_STATUS_FAILED;
2509 else
2510 status = 0;
2511
2512 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2513 &cp->addr, sizeof(cp->addr));
2514
2515 hci_dev_unlock(hdev);
2516
2517 return err;
2518}
2519
2520static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2521 u16 len)
2522{
2523 struct mgmt_cp_unblock_device *cp = data;
2524 u8 status;
2525 int err;
2526
2527 BT_DBG("%s", hdev->name);
2528
2529 hci_dev_lock(hdev);
2530
2531 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2532 if (err < 0)
2533 status = MGMT_STATUS_INVALID_PARAMS;
2534 else
2535 status = 0;
2536
2537 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2538 &cp->addr, sizeof(cp->addr));
2539
2540 hci_dev_unlock(hdev);
2541
2542 return err;
2543}
2544
2545static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2546 u16 len)
2547{
2548 struct mgmt_cp_set_device_id *cp = data;
2549 int err;
2550 __u16 source;
2551
2552 BT_DBG("%s", hdev->name);
2553
2554 source = __le16_to_cpu(cp->source);
2555
2556 if (source > 0x0002)
2557 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2558 MGMT_STATUS_INVALID_PARAMS);
2559
2560 hci_dev_lock(hdev);
2561
2562 hdev->devid_source = source;
2563 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2564 hdev->devid_product = __le16_to_cpu(cp->product);
2565 hdev->devid_version = __le16_to_cpu(cp->version);
2566
2567 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2568
2569 update_eir(hdev);
2570
2571 hci_dev_unlock(hdev);
2572
2573 return err;
2574}
2575
2576static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2577 void *data, u16 len)
2578{
2579 struct mgmt_mode *cp = data;
2580 struct hci_cp_write_page_scan_activity acp;
2581 u8 type;
2582 int err;
2583
2584 BT_DBG("%s", hdev->name);
2585
2586 if (!hdev_is_powered(hdev))
2587 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2588 MGMT_STATUS_NOT_POWERED);
2589
2590 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2591 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2592 MGMT_STATUS_REJECTED);
2593
2594 hci_dev_lock(hdev);
2595
2596 if (cp->val) {
2597 type = PAGE_SCAN_TYPE_INTERLACED;
2598
2599
2600 acp.interval = __constant_cpu_to_le16(0x0100);
2601 } else {
2602 type = PAGE_SCAN_TYPE_STANDARD;
2603
2604
2605 acp.interval = __constant_cpu_to_le16(0x0800);
2606 }
2607
2608
2609 acp.window = __constant_cpu_to_le16(0x0012);
2610
2611 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2612 &acp);
2613 if (err < 0) {
2614 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2615 MGMT_STATUS_FAILED);
2616 goto done;
2617 }
2618
2619 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2620 if (err < 0) {
2621 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2622 MGMT_STATUS_FAILED);
2623 goto done;
2624 }
2625
2626 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2627 NULL, 0);
2628done:
2629 hci_dev_unlock(hdev);
2630 return err;
2631}
2632
2633static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2634 void *cp_data, u16 len)
2635{
2636 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2637 u16 key_count, expected_len;
2638 int i;
2639
2640 key_count = __le16_to_cpu(cp->key_count);
2641
2642 expected_len = sizeof(*cp) + key_count *
2643 sizeof(struct mgmt_ltk_info);
2644 if (expected_len != len) {
2645 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2646 len, expected_len);
2647 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2648 EINVAL);
2649 }
2650
2651 BT_DBG("%s key_count %u", hdev->name, key_count);
2652
2653 hci_dev_lock(hdev);
2654
2655 hci_smp_ltks_clear(hdev);
2656
2657 for (i = 0; i < key_count; i++) {
2658 struct mgmt_ltk_info *key = &cp->keys[i];
2659 u8 type;
2660
2661 if (key->master)
2662 type = HCI_SMP_LTK;
2663 else
2664 type = HCI_SMP_LTK_SLAVE;
2665
2666 hci_add_ltk(hdev, &key->addr.bdaddr,
2667 bdaddr_to_le(key->addr.type),
2668 type, 0, key->authenticated, key->val,
2669 key->enc_size, key->ediv, key->rand);
2670 }
2671
2672 hci_dev_unlock(hdev);
2673
2674 return 0;
2675}
2676
2677static const struct mgmt_handler {
2678 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2679 u16 data_len);
2680 bool var_len;
2681 size_t data_len;
2682} mgmt_handlers[] = {
2683 { NULL },
2684 { read_version, false, MGMT_READ_VERSION_SIZE },
2685 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2686 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2687 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2688 { set_powered, false, MGMT_SETTING_SIZE },
2689 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2690 { set_connectable, false, MGMT_SETTING_SIZE },
2691 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2692 { set_pairable, false, MGMT_SETTING_SIZE },
2693 { set_link_security, false, MGMT_SETTING_SIZE },
2694 { set_ssp, false, MGMT_SETTING_SIZE },
2695 { set_hs, false, MGMT_SETTING_SIZE },
2696 { set_le, false, MGMT_SETTING_SIZE },
2697 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2698 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2699 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2700 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2701 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2702 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2703 { disconnect, false, MGMT_DISCONNECT_SIZE },
2704 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2705 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2706 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2707 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2708 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2709 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2710 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2711 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2712 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2713 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2714 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2715 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2716 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2717 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2718 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2719 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2720 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2721 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2722 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2723 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2724};
2725
2726
2727int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2728{
2729 void *buf;
2730 u8 *cp;
2731 struct mgmt_hdr *hdr;
2732 u16 opcode, index, len;
2733 struct hci_dev *hdev = NULL;
2734 const struct mgmt_handler *handler;
2735 int err;
2736
2737 BT_DBG("got %zu bytes", msglen);
2738
2739 if (msglen < sizeof(*hdr))
2740 return -EINVAL;
2741
2742 buf = kmalloc(msglen, GFP_KERNEL);
2743 if (!buf)
2744 return -ENOMEM;
2745
2746 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2747 err = -EFAULT;
2748 goto done;
2749 }
2750
2751 hdr = buf;
2752 opcode = __le16_to_cpu(hdr->opcode);
2753 index = __le16_to_cpu(hdr->index);
2754 len = __le16_to_cpu(hdr->len);
2755
2756 if (len != msglen - sizeof(*hdr)) {
2757 err = -EINVAL;
2758 goto done;
2759 }
2760
2761 if (index != MGMT_INDEX_NONE) {
2762 hdev = hci_dev_get(index);
2763 if (!hdev) {
2764 err = cmd_status(sk, index, opcode,
2765 MGMT_STATUS_INVALID_INDEX);
2766 goto done;
2767 }
2768 }
2769
2770 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2771 mgmt_handlers[opcode].func == NULL) {
2772 BT_DBG("Unknown op %u", opcode);
2773 err = cmd_status(sk, index, opcode,
2774 MGMT_STATUS_UNKNOWN_COMMAND);
2775 goto done;
2776 }
2777
2778 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2779 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2780 err = cmd_status(sk, index, opcode,
2781 MGMT_STATUS_INVALID_INDEX);
2782 goto done;
2783 }
2784
2785 handler = &mgmt_handlers[opcode];
2786
2787 if ((handler->var_len && len < handler->data_len) ||
2788 (!handler->var_len && len != handler->data_len)) {
2789 err = cmd_status(sk, index, opcode,
2790 MGMT_STATUS_INVALID_PARAMS);
2791 goto done;
2792 }
2793
2794 if (hdev)
2795 mgmt_init_hdev(sk, hdev);
2796
2797 cp = buf + sizeof(*hdr);
2798
2799 err = handler->func(sk, hdev, cp, len);
2800 if (err < 0)
2801 goto done;
2802
2803 err = msglen;
2804
2805done:
2806 if (hdev)
2807 hci_dev_put(hdev);
2808
2809 kfree(buf);
2810 return err;
2811}
2812
2813static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2814{
2815 u8 *status = data;
2816
2817 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2818 mgmt_pending_remove(cmd);
2819}
2820
2821int mgmt_index_added(struct hci_dev *hdev)
2822{
2823 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2824}
2825
2826int mgmt_index_removed(struct hci_dev *hdev)
2827{
2828 u8 status = MGMT_STATUS_INVALID_INDEX;
2829
2830 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2831
2832 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2833}
2834
2835struct cmd_lookup {
2836 struct sock *sk;
2837 struct hci_dev *hdev;
2838 u8 mgmt_status;
2839};
2840
2841static void settings_rsp(struct pending_cmd *cmd, void *data)
2842{
2843 struct cmd_lookup *match = data;
2844
2845 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2846
2847 list_del(&cmd->list);
2848
2849 if (match->sk == NULL) {
2850 match->sk = cmd->sk;
2851 sock_hold(match->sk);
2852 }
2853
2854 mgmt_pending_free(cmd);
2855}
2856
2857int mgmt_powered(struct hci_dev *hdev, u8 powered)
2858{
2859 struct cmd_lookup match = { NULL, hdev };
2860 int err;
2861
2862 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2863 return 0;
2864
2865 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2866
2867 if (powered) {
2868 u8 scan = 0;
2869
2870 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2871 scan |= SCAN_PAGE;
2872 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2873 scan |= SCAN_INQUIRY;
2874
2875 if (scan)
2876 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2877
2878 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2879 u8 ssp = 1;
2880
2881 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2882 }
2883
2884 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2885 struct hci_cp_write_le_host_supported cp;
2886
2887 cp.le = 1;
2888 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2889
2890 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2891 sizeof(cp), &cp);
2892 }
2893
2894 update_class(hdev);
2895 update_name(hdev, hdev->dev_name);
2896 update_eir(hdev);
2897 } else {
2898 u8 status = MGMT_STATUS_NOT_POWERED;
2899 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2900 }
2901
2902 err = new_settings(hdev, match.sk);
2903
2904 if (match.sk)
2905 sock_put(match.sk);
2906
2907 return err;
2908}
2909
2910int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2911{
2912 struct cmd_lookup match = { NULL, hdev };
2913 bool changed = false;
2914 int err = 0;
2915
2916 if (discoverable) {
2917 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2918 changed = true;
2919 } else {
2920 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2921 changed = true;
2922 }
2923
2924 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2925 &match);
2926
2927 if (changed)
2928 err = new_settings(hdev, match.sk);
2929
2930 if (match.sk)
2931 sock_put(match.sk);
2932
2933 return err;
2934}
2935
2936int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2937{
2938 struct cmd_lookup match = { NULL, hdev };
2939 bool changed = false;
2940 int err = 0;
2941
2942 if (connectable) {
2943 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2944 changed = true;
2945 } else {
2946 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2947 changed = true;
2948 }
2949
2950 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2951 &match);
2952
2953 if (changed)
2954 err = new_settings(hdev, match.sk);
2955
2956 if (match.sk)
2957 sock_put(match.sk);
2958
2959 return err;
2960}
2961
2962int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2963{
2964 u8 mgmt_err = mgmt_status(status);
2965
2966 if (scan & SCAN_PAGE)
2967 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2968 cmd_status_rsp, &mgmt_err);
2969
2970 if (scan & SCAN_INQUIRY)
2971 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2972 cmd_status_rsp, &mgmt_err);
2973
2974 return 0;
2975}
2976
2977int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2978 bool persistent)
2979{
2980 struct mgmt_ev_new_link_key ev;
2981
2982 memset(&ev, 0, sizeof(ev));
2983
2984 ev.store_hint = persistent;
2985 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2986 ev.key.addr.type = BDADDR_BREDR;
2987 ev.key.type = key->type;
2988 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
2989 ev.key.pin_len = key->pin_len;
2990
2991 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2992}
2993
2994int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2995{
2996 struct mgmt_ev_new_long_term_key ev;
2997
2998 memset(&ev, 0, sizeof(ev));
2999
3000 ev.store_hint = persistent;
3001 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3002 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3003 ev.key.authenticated = key->authenticated;
3004 ev.key.enc_size = key->enc_size;
3005 ev.key.ediv = key->ediv;
3006
3007 if (key->type == HCI_SMP_LTK)
3008 ev.key.master = 1;
3009
3010 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3011 memcpy(ev.key.val, key->val, sizeof(key->val));
3012
3013 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3014 NULL);
3015}
3016
3017int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3018 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3019 u8 *dev_class)
3020{
3021 char buf[512];
3022 struct mgmt_ev_device_connected *ev = (void *) buf;
3023 u16 eir_len = 0;
3024
3025 bacpy(&ev->addr.bdaddr, bdaddr);
3026 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3027
3028 ev->flags = __cpu_to_le32(flags);
3029
3030 if (name_len > 0)
3031 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3032 name, name_len);
3033
3034 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3035 eir_len = eir_append_data(ev->eir, eir_len,
3036 EIR_CLASS_OF_DEV, dev_class, 3);
3037
3038 ev->eir_len = cpu_to_le16(eir_len);
3039
3040 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3041 sizeof(*ev) + eir_len, NULL);
3042}
3043
3044static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3045{
3046 struct mgmt_cp_disconnect *cp = cmd->param;
3047 struct sock **sk = data;
3048 struct mgmt_rp_disconnect rp;
3049
3050 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3051 rp.addr.type = cp->addr.type;
3052
3053 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3054 sizeof(rp));
3055
3056 *sk = cmd->sk;
3057 sock_hold(*sk);
3058
3059 mgmt_pending_remove(cmd);
3060}
3061
3062static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3063{
3064 struct hci_dev *hdev = data;
3065 struct mgmt_cp_unpair_device *cp = cmd->param;
3066 struct mgmt_rp_unpair_device rp;
3067
3068 memset(&rp, 0, sizeof(rp));
3069 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3070 rp.addr.type = cp->addr.type;
3071
3072 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3073
3074 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3075
3076 mgmt_pending_remove(cmd);
3077}
3078
3079int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3080 u8 link_type, u8 addr_type)
3081{
3082 struct mgmt_addr_info ev;
3083 struct sock *sk = NULL;
3084 int err;
3085
3086 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3087
3088 bacpy(&ev.bdaddr, bdaddr);
3089 ev.type = link_to_bdaddr(link_type, addr_type);
3090
3091 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3092 sk);
3093
3094 if (sk)
3095 sock_put(sk);
3096
3097 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3098 hdev);
3099
3100 return err;
3101}
3102
3103int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3104 u8 link_type, u8 addr_type, u8 status)
3105{
3106 struct mgmt_rp_disconnect rp;
3107 struct pending_cmd *cmd;
3108 int err;
3109
3110 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3111 if (!cmd)
3112 return -ENOENT;
3113
3114 bacpy(&rp.addr.bdaddr, bdaddr);
3115 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3116
3117 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3118 mgmt_status(status), &rp, sizeof(rp));
3119
3120 mgmt_pending_remove(cmd);
3121
3122 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3123 hdev);
3124 return err;
3125}
3126
3127int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3128 u8 addr_type, u8 status)
3129{
3130 struct mgmt_ev_connect_failed ev;
3131
3132 bacpy(&ev.addr.bdaddr, bdaddr);
3133 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3134 ev.status = mgmt_status(status);
3135
3136 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3137}
3138
3139int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3140{
3141 struct mgmt_ev_pin_code_request ev;
3142
3143 bacpy(&ev.addr.bdaddr, bdaddr);
3144 ev.addr.type = BDADDR_BREDR;
3145 ev.secure = secure;
3146
3147 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3148 NULL);
3149}
3150
3151int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3152 u8 status)
3153{
3154 struct pending_cmd *cmd;
3155 struct mgmt_rp_pin_code_reply rp;
3156 int err;
3157
3158 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3159 if (!cmd)
3160 return -ENOENT;
3161
3162 bacpy(&rp.addr.bdaddr, bdaddr);
3163 rp.addr.type = BDADDR_BREDR;
3164
3165 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3166 mgmt_status(status), &rp, sizeof(rp));
3167
3168 mgmt_pending_remove(cmd);
3169
3170 return err;
3171}
3172
3173int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3174 u8 status)
3175{
3176 struct pending_cmd *cmd;
3177 struct mgmt_rp_pin_code_reply rp;
3178 int err;
3179
3180 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3181 if (!cmd)
3182 return -ENOENT;
3183
3184 bacpy(&rp.addr.bdaddr, bdaddr);
3185 rp.addr.type = BDADDR_BREDR;
3186
3187 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3188 mgmt_status(status), &rp, sizeof(rp));
3189
3190 mgmt_pending_remove(cmd);
3191
3192 return err;
3193}
3194
3195int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3196 u8 link_type, u8 addr_type, __le32 value,
3197 u8 confirm_hint)
3198{
3199 struct mgmt_ev_user_confirm_request ev;
3200
3201 BT_DBG("%s", hdev->name);
3202
3203 bacpy(&ev.addr.bdaddr, bdaddr);
3204 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3205 ev.confirm_hint = confirm_hint;
3206 ev.value = value;
3207
3208 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3209 NULL);
3210}
3211
3212int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3213 u8 link_type, u8 addr_type)
3214{
3215 struct mgmt_ev_user_passkey_request ev;
3216
3217 BT_DBG("%s", hdev->name);
3218
3219 bacpy(&ev.addr.bdaddr, bdaddr);
3220 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3221
3222 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3223 NULL);
3224}
3225
3226static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3227 u8 link_type, u8 addr_type, u8 status,
3228 u8 opcode)
3229{
3230 struct pending_cmd *cmd;
3231 struct mgmt_rp_user_confirm_reply rp;
3232 int err;
3233
3234 cmd = mgmt_pending_find(opcode, hdev);
3235 if (!cmd)
3236 return -ENOENT;
3237
3238 bacpy(&rp.addr.bdaddr, bdaddr);
3239 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3240 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3241 &rp, sizeof(rp));
3242
3243 mgmt_pending_remove(cmd);
3244
3245 return err;
3246}
3247
3248int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3249 u8 link_type, u8 addr_type, u8 status)
3250{
3251 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3252 status, MGMT_OP_USER_CONFIRM_REPLY);
3253}
3254
3255int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3256 u8 link_type, u8 addr_type, u8 status)
3257{
3258 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3259 status,
3260 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3261}
3262
3263int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3264 u8 link_type, u8 addr_type, u8 status)
3265{
3266 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3267 status, MGMT_OP_USER_PASSKEY_REPLY);
3268}
3269
3270int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3271 u8 link_type, u8 addr_type, u8 status)
3272{
3273 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3274 status,
3275 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3276}
3277
3278int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3279 u8 addr_type, u8 status)
3280{
3281 struct mgmt_ev_auth_failed ev;
3282
3283 bacpy(&ev.addr.bdaddr, bdaddr);
3284 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3285 ev.status = mgmt_status(status);
3286
3287 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3288}
3289
3290int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3291{
3292 struct cmd_lookup match = { NULL, hdev };
3293 bool changed = false;
3294 int err = 0;
3295
3296 if (status) {
3297 u8 mgmt_err = mgmt_status(status);
3298 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3299 cmd_status_rsp, &mgmt_err);
3300 return 0;
3301 }
3302
3303 if (test_bit(HCI_AUTH, &hdev->flags)) {
3304 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3305 changed = true;
3306 } else {
3307 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3308 changed = true;
3309 }
3310
3311 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3312 &match);
3313
3314 if (changed)
3315 err = new_settings(hdev, match.sk);
3316
3317 if (match.sk)
3318 sock_put(match.sk);
3319
3320 return err;
3321}
3322
3323static int clear_eir(struct hci_dev *hdev)
3324{
3325 struct hci_cp_write_eir cp;
3326
3327 if (!(hdev->features[6] & LMP_EXT_INQ))
3328 return 0;
3329
3330 memset(hdev->eir, 0, sizeof(hdev->eir));
3331
3332 memset(&cp, 0, sizeof(cp));
3333
3334 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3335}
3336
3337int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3338{
3339 struct cmd_lookup match = { NULL, hdev };
3340 bool changed = false;
3341 int err = 0;
3342
3343 if (status) {
3344 u8 mgmt_err = mgmt_status(status);
3345
3346 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3347 &hdev->dev_flags))
3348 err = new_settings(hdev, NULL);
3349
3350 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3351 &mgmt_err);
3352
3353 return err;
3354 }
3355
3356 if (enable) {
3357 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3358 changed = true;
3359 } else {
3360 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3361 changed = true;
3362 }
3363
3364 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3365
3366 if (changed)
3367 err = new_settings(hdev, match.sk);
3368
3369 if (match.sk)
3370 sock_put(match.sk);
3371
3372 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3373 update_eir(hdev);
3374 else
3375 clear_eir(hdev);
3376
3377 return err;
3378}
3379
3380static void class_rsp(struct pending_cmd *cmd, void *data)
3381{
3382 struct cmd_lookup *match = data;
3383
3384 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3385 match->hdev->dev_class, 3);
3386
3387 list_del(&cmd->list);
3388
3389 if (match->sk == NULL) {
3390 match->sk = cmd->sk;
3391 sock_hold(match->sk);
3392 }
3393
3394 mgmt_pending_free(cmd);
3395}
3396
3397int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3398 u8 status)
3399{
3400 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3401 int err = 0;
3402
3403 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3404
3405 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3406 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3407 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3408
3409 if (!status)
3410 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3411 3, NULL);
3412
3413 if (match.sk)
3414 sock_put(match.sk);
3415
3416 return err;
3417}
3418
3419int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3420{
3421 struct pending_cmd *cmd;
3422 struct mgmt_cp_set_local_name ev;
3423 bool changed = false;
3424 int err = 0;
3425
3426 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3427 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3428 changed = true;
3429 }
3430
3431 memset(&ev, 0, sizeof(ev));
3432 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3433 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3434
3435 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3436 if (!cmd)
3437 goto send_event;
3438
3439
3440
3441 changed = true;
3442
3443 if (status) {
3444 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3445 mgmt_status(status));
3446 goto failed;
3447 }
3448
3449 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3450 sizeof(ev));
3451 if (err < 0)
3452 goto failed;
3453
3454send_event:
3455 if (changed)
3456 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3457 sizeof(ev), cmd ? cmd->sk : NULL);
3458
3459 update_eir(hdev);
3460
3461failed:
3462 if (cmd)
3463 mgmt_pending_remove(cmd);
3464 return err;
3465}
3466
3467int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3468 u8 *randomizer, u8 status)
3469{
3470 struct pending_cmd *cmd;
3471 int err;
3472
3473 BT_DBG("%s status %u", hdev->name, status);
3474
3475 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3476 if (!cmd)
3477 return -ENOENT;
3478
3479 if (status) {
3480 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3481 mgmt_status(status));
3482 } else {
3483 struct mgmt_rp_read_local_oob_data rp;
3484
3485 memcpy(rp.hash, hash, sizeof(rp.hash));
3486 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3487
3488 err = cmd_complete(cmd->sk, hdev->id,
3489 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3490 sizeof(rp));
3491 }
3492
3493 mgmt_pending_remove(cmd);
3494
3495 return err;
3496}
3497
3498int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3499{
3500 struct cmd_lookup match = { NULL, hdev };
3501 bool changed = false;
3502 int err = 0;
3503
3504 if (status) {
3505 u8 mgmt_err = mgmt_status(status);
3506
3507 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3508 &hdev->dev_flags))
3509 err = new_settings(hdev, NULL);
3510
3511 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3512 &mgmt_err);
3513
3514 return err;
3515 }
3516
3517 if (enable) {
3518 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3519 changed = true;
3520 } else {
3521 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3522 changed = true;
3523 }
3524
3525 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3526
3527 if (changed)
3528 err = new_settings(hdev, match.sk);
3529
3530 if (match.sk)
3531 sock_put(match.sk);
3532
3533 return err;
3534}
3535
3536int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3537 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3538 ssp, u8 *eir, u16 eir_len)
3539{
3540 char buf[512];
3541 struct mgmt_ev_device_found *ev = (void *) buf;
3542 size_t ev_size;
3543
3544
3545 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3546 return -EINVAL;
3547
3548 memset(buf, 0, sizeof(buf));
3549
3550 bacpy(&ev->addr.bdaddr, bdaddr);
3551 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3552 ev->rssi = rssi;
3553 if (cfm_name)
3554 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3555 if (!ssp)
3556 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3557
3558 if (eir_len > 0)
3559 memcpy(ev->eir, eir, eir_len);
3560
3561 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3562 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3563 dev_class, 3);
3564
3565 ev->eir_len = cpu_to_le16(eir_len);
3566 ev_size = sizeof(*ev) + eir_len;
3567
3568 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3569}
3570
3571int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3572 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3573{
3574 struct mgmt_ev_device_found *ev;
3575 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3576 u16 eir_len;
3577
3578 ev = (struct mgmt_ev_device_found *) buf;
3579
3580 memset(buf, 0, sizeof(buf));
3581
3582 bacpy(&ev->addr.bdaddr, bdaddr);
3583 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3584 ev->rssi = rssi;
3585
3586 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3587 name_len);
3588
3589 ev->eir_len = cpu_to_le16(eir_len);
3590
3591 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3592 sizeof(*ev) + eir_len, NULL);
3593}
3594
3595int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3596{
3597 struct pending_cmd *cmd;
3598 u8 type;
3599 int err;
3600
3601 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3602
3603 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3604 if (!cmd)
3605 return -ENOENT;
3606
3607 type = hdev->discovery.type;
3608
3609 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3610 &type, sizeof(type));
3611 mgmt_pending_remove(cmd);
3612
3613 return err;
3614}
3615
3616int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3617{
3618 struct pending_cmd *cmd;
3619 int err;
3620
3621 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3622 if (!cmd)
3623 return -ENOENT;
3624
3625 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3626 &hdev->discovery.type, sizeof(hdev->discovery.type));
3627 mgmt_pending_remove(cmd);
3628
3629 return err;
3630}
3631
3632int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3633{
3634 struct mgmt_ev_discovering ev;
3635 struct pending_cmd *cmd;
3636
3637 BT_DBG("%s discovering %u", hdev->name, discovering);
3638
3639 if (discovering)
3640 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3641 else
3642 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3643
3644 if (cmd != NULL) {
3645 u8 type = hdev->discovery.type;
3646
3647 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3648 sizeof(type));
3649 mgmt_pending_remove(cmd);
3650 }
3651
3652 memset(&ev, 0, sizeof(ev));
3653 ev.type = hdev->discovery.type;
3654 ev.discovering = discovering;
3655
3656 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3657}
3658
3659int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3660{
3661 struct pending_cmd *cmd;
3662 struct mgmt_ev_device_blocked ev;
3663
3664 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3665
3666 bacpy(&ev.addr.bdaddr, bdaddr);
3667 ev.addr.type = type;
3668
3669 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3670 cmd ? cmd->sk : NULL);
3671}
3672
3673int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3674{
3675 struct pending_cmd *cmd;
3676 struct mgmt_ev_device_unblocked ev;
3677
3678 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3679
3680 bacpy(&ev.addr.bdaddr, bdaddr);
3681 ev.addr.type = type;
3682
3683 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3684 cmd ? cmd->sk : NULL);
3685}
3686
3687module_param(enable_hs, bool, 0644);
3688MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3689
