1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/smp.h>
34
35bool enable_hs;
36
37#define MGMT_VERSION 1
38#define MGMT_REVISION 2
39
40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
103};
104
105
106
107
108
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240
113#define LE_SCAN_TIMEOUT_BREDR_LE 5120
114
115#define INQUIRY_LEN_BREDR 0x08
116#define INQUIRY_LEN_BREDR_LE 0x04
117
118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119
120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
123struct pending_cmd {
124 struct list_head list;
125 u16 opcode;
126 int index;
127 void *param;
128 struct sock *sk;
129 void *user_data;
130};
131
132
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND,
136 MGMT_STATUS_NOT_CONNECTED,
137 MGMT_STATUS_FAILED,
138 MGMT_STATUS_CONNECT_FAILED,
139 MGMT_STATUS_AUTH_FAILED,
140 MGMT_STATUS_NOT_PAIRED,
141 MGMT_STATUS_NO_RESOURCES,
142 MGMT_STATUS_TIMEOUT,
143 MGMT_STATUS_NO_RESOURCES,
144 MGMT_STATUS_NO_RESOURCES,
145 MGMT_STATUS_ALREADY_CONNECTED,
146 MGMT_STATUS_BUSY,
147 MGMT_STATUS_NO_RESOURCES,
148 MGMT_STATUS_REJECTED,
149 MGMT_STATUS_REJECTED,
150 MGMT_STATUS_TIMEOUT,
151 MGMT_STATUS_NOT_SUPPORTED,
152 MGMT_STATUS_INVALID_PARAMS,
153 MGMT_STATUS_DISCONNECTED,
154 MGMT_STATUS_NO_RESOURCES,
155 MGMT_STATUS_DISCONNECTED,
156 MGMT_STATUS_DISCONNECTED,
157 MGMT_STATUS_BUSY,
158 MGMT_STATUS_REJECTED,
159 MGMT_STATUS_FAILED,
160 MGMT_STATUS_NOT_SUPPORTED,
161 MGMT_STATUS_REJECTED,
162 MGMT_STATUS_REJECTED,
163 MGMT_STATUS_REJECTED,
164 MGMT_STATUS_INVALID_PARAMS,
165 MGMT_STATUS_FAILED,
166 MGMT_STATUS_NOT_SUPPORTED,
167 MGMT_STATUS_FAILED,
168 MGMT_STATUS_TIMEOUT,
169 MGMT_STATUS_FAILED,
170 MGMT_STATUS_FAILED,
171 MGMT_STATUS_REJECTED,
172 MGMT_STATUS_FAILED,
173 MGMT_STATUS_NOT_SUPPORTED,
174 MGMT_STATUS_TIMEOUT,
175 MGMT_STATUS_NOT_SUPPORTED,
176 MGMT_STATUS_FAILED,
177 MGMT_STATUS_INVALID_PARAMS,
178 MGMT_STATUS_REJECTED,
179 MGMT_STATUS_NOT_SUPPORTED,
180 MGMT_STATUS_REJECTED,
181 MGMT_STATUS_INVALID_PARAMS,
182 MGMT_STATUS_BUSY,
183 MGMT_STATUS_FAILED,
184 MGMT_STATUS_FAILED,
185 MGMT_STATUS_INVALID_PARAMS,
186 MGMT_STATUS_NOT_SUPPORTED,
187 MGMT_STATUS_BUSY,
188 MGMT_STATUS_REJECTED,
189 MGMT_STATUS_BUSY,
190 MGMT_STATUS_INVALID_PARAMS,
191 MGMT_STATUS_TIMEOUT,
192 MGMT_STATUS_AUTH_FAILED,
193 MGMT_STATUS_CONNECT_FAILED,
194 MGMT_STATUS_CONNECT_FAILED,
195};
196
197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
215 int err;
216
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
218
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
225 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
231 ev->opcode = cpu_to_le16(cmd);
232
233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
235 kfree_skb(skb);
236
237 return err;
238}
239
240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
246 int err;
247
248 BT_DBG("sock %p", sk);
249
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
255
256 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
259
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
262 ev->status = status;
263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
266
267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
269 kfree_skb(skb);
270
271 return err;
272}
273
274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
283
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
285 sizeof(rp));
286}
287
288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
290{
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
294 __le16 *opcode;
295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 rp_size);
317 kfree(rp);
318
319 return err;
320}
321
322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
324{
325 struct mgmt_rp_read_index_list *rp;
326 struct hci_dev *d;
327 size_t rp_len;
328 u16 count;
329 int err;
330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
340 count++;
341 }
342
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
346 read_unlock(&hci_dev_list_lock);
347 return -ENOMEM;
348 }
349
350 count = 0;
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
353 continue;
354
355 if (!mgmt_valid_hdev(d))
356 continue;
357
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
360 }
361
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
365 read_unlock(&hci_dev_list_lock);
366
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
368 rp_len);
369
370 kfree(rp);
371
372 return err;
373}
374
375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_CONNECTABLE;
381 settings |= MGMT_SETTING_FAST_CONNECTABLE;
382 settings |= MGMT_SETTING_DISCOVERABLE;
383 settings |= MGMT_SETTING_PAIRABLE;
384
385 if (lmp_ssp_capable(hdev))
386 settings |= MGMT_SETTING_SSP;
387
388 if (lmp_bredr_capable(hdev)) {
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
408
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
411
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
414
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
417
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
420
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
423
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
426
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
429
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
433 return settings;
434}
435
436#define PNP_INFO_SVCLASS_ID 0x1200
437
438static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
441};
442
443static u16 get_uuid16(u8 *uuid128)
444{
445 u32 val;
446 int i;
447
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
450 return 0;
451 }
452
453 val = get_unaligned_le32(&uuid128[12]);
454 if (val > 0xffff)
455 return 0;
456
457 return (u16) val;
458}
459
460static void create_eir(struct hci_dev *hdev, u8 *data)
461{
462 u8 *ptr = data;
463 u16 eir_len = 0;
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
467 size_t name_len;
468
469 name_len = strlen(hdev->dev_name);
470
471 if (name_len > 0) {
472
473 if (name_len > 48) {
474 name_len = 48;
475 ptr[1] = EIR_NAME_SHORT;
476 } else
477 ptr[1] = EIR_NAME_COMPLETE;
478
479
480 ptr[0] = name_len + 1;
481
482 memcpy(ptr + 2, hdev->dev_name, name_len);
483
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
486 }
487
488 if (hdev->inq_tx_power) {
489 ptr[0] = 2;
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
492
493 eir_len += 3;
494 ptr += 3;
495 }
496
497 if (hdev->devid_source > 0) {
498 ptr[0] = 9;
499 ptr[1] = EIR_DEVICE_ID;
500
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
505
506 eir_len += 10;
507 ptr += 10;
508 }
509
510 memset(uuid16_list, 0, sizeof(uuid16_list));
511
512
513 list_for_each_entry(uuid, &hdev->uuids, list) {
514 u16 uuid16;
515
516 uuid16 = get_uuid16(uuid->uuid);
517 if (uuid16 == 0)
518 return;
519
520 if (uuid16 < 0x1100)
521 continue;
522
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
524 continue;
525
526
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
528 truncated = 1;
529 break;
530 }
531
532
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
535 break;
536
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
540 }
541 }
542
543 if (uuid16_list[0] != 0) {
544 u8 *length = ptr;
545
546
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
548
549 ptr += 2;
550 eir_len += 2;
551
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
555 }
556
557
558 *length = (i * sizeof(u16)) + 1;
559 }
560}
561
562static int update_eir(struct hci_dev *hdev)
563{
564 struct hci_cp_write_eir cp;
565
566 if (!hdev_is_powered(hdev))
567 return 0;
568
569 if (!(hdev->features[6] & LMP_EXT_INQ))
570 return 0;
571
572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
573 return 0;
574
575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
576 return 0;
577
578 memset(&cp, 0, sizeof(cp));
579
580 create_eir(hdev, cp.data);
581
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
583 return 0;
584
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
586
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
588}
589
590static u8 get_service_classes(struct hci_dev *hdev)
591{
592 struct bt_uuid *uuid;
593 u8 val = 0;
594
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
597
598 return val;
599}
600
601static int update_class(struct hci_dev *hdev)
602{
603 u8 cod[3];
604 int err;
605
606 BT_DBG("%s", hdev->name);
607
608 if (!hdev_is_powered(hdev))
609 return 0;
610
611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
612 return 0;
613
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
617
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
619 return 0;
620
621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
622 if (err == 0)
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
624
625 return err;
626}
627
628static void service_cache_off(struct work_struct *work)
629{
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
631 service_cache.work);
632
633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
634 return;
635
636 hci_dev_lock(hdev);
637
638 update_eir(hdev);
639 update_class(hdev);
640
641 hci_dev_unlock(hdev);
642}
643
644static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
645{
646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
647 return;
648
649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
650
651
652
653
654
655
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
657}
658
659static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
661{
662 struct mgmt_rp_read_info rp;
663
664 BT_DBG("sock %p %s", sk, hdev->name);
665
666 hci_dev_lock(hdev);
667
668 memset(&rp, 0, sizeof(rp));
669
670 bacpy(&rp.bdaddr, &hdev->bdaddr);
671
672 rp.version = hdev->hci_ver;
673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
674
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
677
678 memcpy(rp.dev_class, hdev->dev_class, 3);
679
680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
682
683 hci_dev_unlock(hdev);
684
685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
686 sizeof(rp));
687}
688
689static void mgmt_pending_free(struct pending_cmd *cmd)
690{
691 sock_put(cmd->sk);
692 kfree(cmd->param);
693 kfree(cmd);
694}
695
696static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
697 struct hci_dev *hdev, void *data,
698 u16 len)
699{
700 struct pending_cmd *cmd;
701
702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
703 if (!cmd)
704 return NULL;
705
706 cmd->opcode = opcode;
707 cmd->index = hdev->id;
708
709 cmd->param = kmalloc(len, GFP_KERNEL);
710 if (!cmd->param) {
711 kfree(cmd);
712 return NULL;
713 }
714
715 if (data)
716 memcpy(cmd->param, data, len);
717
718 cmd->sk = sk;
719 sock_hold(sk);
720
721 list_add(&cmd->list, &hdev->mgmt_pending);
722
723 return cmd;
724}
725
726static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
727 void (*cb)(struct pending_cmd *cmd,
728 void *data),
729 void *data)
730{
731 struct list_head *p, *n;
732
733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
734 struct pending_cmd *cmd;
735
736 cmd = list_entry(p, struct pending_cmd, list);
737
738 if (opcode > 0 && cmd->opcode != opcode)
739 continue;
740
741 cb(cmd, data);
742 }
743}
744
745static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
746{
747 struct pending_cmd *cmd;
748
749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
750 if (cmd->opcode == opcode)
751 return cmd;
752 }
753
754 return NULL;
755}
756
757static void mgmt_pending_remove(struct pending_cmd *cmd)
758{
759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
761}
762
763static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
764{
765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
766
767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
768 sizeof(settings));
769}
770
771static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
772 u16 len)
773{
774 struct mgmt_mode *cp = data;
775 struct pending_cmd *cmd;
776 int err;
777
778 BT_DBG("request for %s", hdev->name);
779
780 hci_dev_lock(hdev);
781
782 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
783 cancel_delayed_work(&hdev->power_off);
784
785 if (cp->val) {
786 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
787 mgmt_powered(hdev, 1);
788 goto failed;
789 }
790 }
791
792 if (!!cp->val == hdev_is_powered(hdev)) {
793 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
794 goto failed;
795 }
796
797 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
798 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
799 MGMT_STATUS_BUSY);
800 goto failed;
801 }
802
803 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
804 if (!cmd) {
805 err = -ENOMEM;
806 goto failed;
807 }
808
809 if (cp->val)
810 schedule_work(&hdev->power_on);
811 else
812 schedule_work(&hdev->power_off.work);
813
814 err = 0;
815
816failed:
817 hci_dev_unlock(hdev);
818 return err;
819}
820
821static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
822 struct sock *skip_sk)
823{
824 struct sk_buff *skb;
825 struct mgmt_hdr *hdr;
826
827 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
828 if (!skb)
829 return -ENOMEM;
830
831 hdr = (void *) skb_put(skb, sizeof(*hdr));
832 hdr->opcode = cpu_to_le16(event);
833 if (hdev)
834 hdr->index = cpu_to_le16(hdev->id);
835 else
836 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
837 hdr->len = cpu_to_le16(data_len);
838
839 if (data)
840 memcpy(skb_put(skb, data_len), data, data_len);
841
842
843 __net_timestamp(skb);
844
845 hci_send_to_control(skb, skip_sk);
846 kfree_skb(skb);
847
848 return 0;
849}
850
851static int new_settings(struct hci_dev *hdev, struct sock *skip)
852{
853 __le32 ev;
854
855 ev = cpu_to_le32(get_current_settings(hdev));
856
857 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
858}
859
860static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
861 u16 len)
862{
863 struct mgmt_cp_set_discoverable *cp = data;
864 struct pending_cmd *cmd;
865 u16 timeout;
866 u8 scan;
867 int err;
868
869 BT_DBG("request for %s", hdev->name);
870
871 timeout = __le16_to_cpu(cp->timeout);
872 if (!cp->val && timeout > 0)
873 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
874 MGMT_STATUS_INVALID_PARAMS);
875
876 hci_dev_lock(hdev);
877
878 if (!hdev_is_powered(hdev) && timeout > 0) {
879 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
880 MGMT_STATUS_NOT_POWERED);
881 goto failed;
882 }
883
884 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
885 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
886 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
887 MGMT_STATUS_BUSY);
888 goto failed;
889 }
890
891 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
893 MGMT_STATUS_REJECTED);
894 goto failed;
895 }
896
897 if (!hdev_is_powered(hdev)) {
898 bool changed = false;
899
900 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
901 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
902 changed = true;
903 }
904
905 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
906 if (err < 0)
907 goto failed;
908
909 if (changed)
910 err = new_settings(hdev, sk);
911
912 goto failed;
913 }
914
915 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
916 if (hdev->discov_timeout > 0) {
917 cancel_delayed_work(&hdev->discov_off);
918 hdev->discov_timeout = 0;
919 }
920
921 if (cp->val && timeout > 0) {
922 hdev->discov_timeout = timeout;
923 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
924 msecs_to_jiffies(hdev->discov_timeout * 1000));
925 }
926
927 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
928 goto failed;
929 }
930
931 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
932 if (!cmd) {
933 err = -ENOMEM;
934 goto failed;
935 }
936
937 scan = SCAN_PAGE;
938
939 if (cp->val)
940 scan |= SCAN_INQUIRY;
941 else
942 cancel_delayed_work(&hdev->discov_off);
943
944 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
945 if (err < 0)
946 mgmt_pending_remove(cmd);
947
948 if (cp->val)
949 hdev->discov_timeout = timeout;
950
951failed:
952 hci_dev_unlock(hdev);
953 return err;
954}
955
956static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
957 u16 len)
958{
959 struct mgmt_mode *cp = data;
960 struct pending_cmd *cmd;
961 u8 scan;
962 int err;
963
964 BT_DBG("request for %s", hdev->name);
965
966 hci_dev_lock(hdev);
967
968 if (!hdev_is_powered(hdev)) {
969 bool changed = false;
970
971 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
972 changed = true;
973
974 if (cp->val) {
975 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
976 } else {
977 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
978 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
979 }
980
981 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
982 if (err < 0)
983 goto failed;
984
985 if (changed)
986 err = new_settings(hdev, sk);
987
988 goto failed;
989 }
990
991 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
992 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
993 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
994 MGMT_STATUS_BUSY);
995 goto failed;
996 }
997
998 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
999 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1000 goto failed;
1001 }
1002
1003 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1004 if (!cmd) {
1005 err = -ENOMEM;
1006 goto failed;
1007 }
1008
1009 if (cp->val) {
1010 scan = SCAN_PAGE;
1011 } else {
1012 scan = 0;
1013
1014 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1015 hdev->discov_timeout > 0)
1016 cancel_delayed_work(&hdev->discov_off);
1017 }
1018
1019 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1020 if (err < 0)
1021 mgmt_pending_remove(cmd);
1022
1023failed:
1024 hci_dev_unlock(hdev);
1025 return err;
1026}
1027
1028static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1029 u16 len)
1030{
1031 struct mgmt_mode *cp = data;
1032 int err;
1033
1034 BT_DBG("request for %s", hdev->name);
1035
1036 hci_dev_lock(hdev);
1037
1038 if (cp->val)
1039 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1040 else
1041 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1042
1043 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1044 if (err < 0)
1045 goto failed;
1046
1047 err = new_settings(hdev, sk);
1048
1049failed:
1050 hci_dev_unlock(hdev);
1051 return err;
1052}
1053
1054static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1055 u16 len)
1056{
1057 struct mgmt_mode *cp = data;
1058 struct pending_cmd *cmd;
1059 u8 val;
1060 int err;
1061
1062 BT_DBG("request for %s", hdev->name);
1063
1064 hci_dev_lock(hdev);
1065
1066 if (!hdev_is_powered(hdev)) {
1067 bool changed = false;
1068
1069 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1070 &hdev->dev_flags)) {
1071 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1072 changed = true;
1073 }
1074
1075 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1076 if (err < 0)
1077 goto failed;
1078
1079 if (changed)
1080 err = new_settings(hdev, sk);
1081
1082 goto failed;
1083 }
1084
1085 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1086 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1087 MGMT_STATUS_BUSY);
1088 goto failed;
1089 }
1090
1091 val = !!cp->val;
1092
1093 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1094 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1095 goto failed;
1096 }
1097
1098 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1099 if (!cmd) {
1100 err = -ENOMEM;
1101 goto failed;
1102 }
1103
1104 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1105 if (err < 0) {
1106 mgmt_pending_remove(cmd);
1107 goto failed;
1108 }
1109
1110failed:
1111 hci_dev_unlock(hdev);
1112 return err;
1113}
1114
1115static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1116{
1117 struct mgmt_mode *cp = data;
1118 struct pending_cmd *cmd;
1119 u8 val;
1120 int err;
1121
1122 BT_DBG("request for %s", hdev->name);
1123
1124 hci_dev_lock(hdev);
1125
1126 if (!lmp_ssp_capable(hdev)) {
1127 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1128 MGMT_STATUS_NOT_SUPPORTED);
1129 goto failed;
1130 }
1131
1132 val = !!cp->val;
1133
1134 if (!hdev_is_powered(hdev)) {
1135 bool changed = false;
1136
1137 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1138 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1139 changed = true;
1140 }
1141
1142 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1143 if (err < 0)
1144 goto failed;
1145
1146 if (changed)
1147 err = new_settings(hdev, sk);
1148
1149 goto failed;
1150 }
1151
1152 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1153 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1154 MGMT_STATUS_BUSY);
1155 goto failed;
1156 }
1157
1158 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1159 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1160 goto failed;
1161 }
1162
1163 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1164 if (!cmd) {
1165 err = -ENOMEM;
1166 goto failed;
1167 }
1168
1169 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1170 if (err < 0) {
1171 mgmt_pending_remove(cmd);
1172 goto failed;
1173 }
1174
1175failed:
1176 hci_dev_unlock(hdev);
1177 return err;
1178}
1179
1180static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1181{
1182 struct mgmt_mode *cp = data;
1183
1184 BT_DBG("request for %s", hdev->name);
1185
1186 if (!enable_hs)
1187 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1188 MGMT_STATUS_NOT_SUPPORTED);
1189
1190 if (cp->val)
1191 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1192 else
1193 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1194
1195 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1196}
1197
1198static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1199{
1200 struct mgmt_mode *cp = data;
1201 struct hci_cp_write_le_host_supported hci_cp;
1202 struct pending_cmd *cmd;
1203 int err;
1204 u8 val, enabled;
1205
1206 BT_DBG("request for %s", hdev->name);
1207
1208 hci_dev_lock(hdev);
1209
1210 if (!lmp_le_capable(hdev)) {
1211 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1212 MGMT_STATUS_NOT_SUPPORTED);
1213 goto unlock;
1214 }
1215
1216 val = !!cp->val;
1217 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1218
1219 if (!hdev_is_powered(hdev) || val == enabled) {
1220 bool changed = false;
1221
1222 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1223 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1224 changed = true;
1225 }
1226
1227 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1228 if (err < 0)
1229 goto unlock;
1230
1231 if (changed)
1232 err = new_settings(hdev, sk);
1233
1234 goto unlock;
1235 }
1236
1237 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1238 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1239 MGMT_STATUS_BUSY);
1240 goto unlock;
1241 }
1242
1243 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1244 if (!cmd) {
1245 err = -ENOMEM;
1246 goto unlock;
1247 }
1248
1249 memset(&hci_cp, 0, sizeof(hci_cp));
1250
1251 if (val) {
1252 hci_cp.le = val;
1253 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1254 }
1255
1256 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1257 &hci_cp);
1258 if (err < 0)
1259 mgmt_pending_remove(cmd);
1260
1261unlock:
1262 hci_dev_unlock(hdev);
1263 return err;
1264}
1265
1266static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1267{
1268 struct mgmt_cp_add_uuid *cp = data;
1269 struct pending_cmd *cmd;
1270 struct bt_uuid *uuid;
1271 int err;
1272
1273 BT_DBG("request for %s", hdev->name);
1274
1275 hci_dev_lock(hdev);
1276
1277 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1278 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1279 MGMT_STATUS_BUSY);
1280 goto failed;
1281 }
1282
1283 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1284 if (!uuid) {
1285 err = -ENOMEM;
1286 goto failed;
1287 }
1288
1289 memcpy(uuid->uuid, cp->uuid, 16);
1290 uuid->svc_hint = cp->svc_hint;
1291
1292 list_add(&uuid->list, &hdev->uuids);
1293
1294 err = update_class(hdev);
1295 if (err < 0)
1296 goto failed;
1297
1298 err = update_eir(hdev);
1299 if (err < 0)
1300 goto failed;
1301
1302 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1303 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1304 hdev->dev_class, 3);
1305 goto failed;
1306 }
1307
1308 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1309 if (!cmd)
1310 err = -ENOMEM;
1311
1312failed:
1313 hci_dev_unlock(hdev);
1314 return err;
1315}
1316
1317static bool enable_service_cache(struct hci_dev *hdev)
1318{
1319 if (!hdev_is_powered(hdev))
1320 return false;
1321
1322 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1323 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1324 return true;
1325 }
1326
1327 return false;
1328}
1329
1330static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1331 u16 len)
1332{
1333 struct mgmt_cp_remove_uuid *cp = data;
1334 struct pending_cmd *cmd;
1335 struct list_head *p, *n;
1336 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1337 int err, found;
1338
1339 BT_DBG("request for %s", hdev->name);
1340
1341 hci_dev_lock(hdev);
1342
1343 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1344 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1345 MGMT_STATUS_BUSY);
1346 goto unlock;
1347 }
1348
1349 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1350 err = hci_uuids_clear(hdev);
1351
1352 if (enable_service_cache(hdev)) {
1353 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1354 0, hdev->dev_class, 3);
1355 goto unlock;
1356 }
1357
1358 goto update_class;
1359 }
1360
1361 found = 0;
1362
1363 list_for_each_safe(p, n, &hdev->uuids) {
1364 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1365
1366 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1367 continue;
1368
1369 list_del(&match->list);
1370 kfree(match);
1371 found++;
1372 }
1373
1374 if (found == 0) {
1375 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1376 MGMT_STATUS_INVALID_PARAMS);
1377 goto unlock;
1378 }
1379
1380update_class:
1381 err = update_class(hdev);
1382 if (err < 0)
1383 goto unlock;
1384
1385 err = update_eir(hdev);
1386 if (err < 0)
1387 goto unlock;
1388
1389 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1390 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1391 hdev->dev_class, 3);
1392 goto unlock;
1393 }
1394
1395 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1396 if (!cmd)
1397 err = -ENOMEM;
1398
1399unlock:
1400 hci_dev_unlock(hdev);
1401 return err;
1402}
1403
1404static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1405 u16 len)
1406{
1407 struct mgmt_cp_set_dev_class *cp = data;
1408 struct pending_cmd *cmd;
1409 int err;
1410
1411 BT_DBG("request for %s", hdev->name);
1412
1413 hci_dev_lock(hdev);
1414
1415 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1416 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1417 MGMT_STATUS_BUSY);
1418 goto unlock;
1419 }
1420
1421 hdev->major_class = cp->major;
1422 hdev->minor_class = cp->minor;
1423
1424 if (!hdev_is_powered(hdev)) {
1425 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1426 hdev->dev_class, 3);
1427 goto unlock;
1428 }
1429
1430 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1431 hci_dev_unlock(hdev);
1432 cancel_delayed_work_sync(&hdev->service_cache);
1433 hci_dev_lock(hdev);
1434 update_eir(hdev);
1435 }
1436
1437 err = update_class(hdev);
1438 if (err < 0)
1439 goto unlock;
1440
1441 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1442 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1443 hdev->dev_class, 3);
1444 goto unlock;
1445 }
1446
1447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1448 if (!cmd)
1449 err = -ENOMEM;
1450
1451unlock:
1452 hci_dev_unlock(hdev);
1453 return err;
1454}
1455
1456static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1457 u16 len)
1458{
1459 struct mgmt_cp_load_link_keys *cp = data;
1460 u16 key_count, expected_len;
1461 int i;
1462
1463 key_count = __le16_to_cpu(cp->key_count);
1464
1465 expected_len = sizeof(*cp) + key_count *
1466 sizeof(struct mgmt_link_key_info);
1467 if (expected_len != len) {
1468 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1469 len, expected_len);
1470 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1471 MGMT_STATUS_INVALID_PARAMS);
1472 }
1473
1474 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1475 key_count);
1476
1477 hci_dev_lock(hdev);
1478
1479 hci_link_keys_clear(hdev);
1480
1481 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1482
1483 if (cp->debug_keys)
1484 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1485 else
1486 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1487
1488 for (i = 0; i < key_count; i++) {
1489 struct mgmt_link_key_info *key = &cp->keys[i];
1490
1491 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1492 key->type, key->pin_len);
1493 }
1494
1495 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1496
1497 hci_dev_unlock(hdev);
1498
1499 return 0;
1500}
1501
1502static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1503 u8 addr_type, struct sock *skip_sk)
1504{
1505 struct mgmt_ev_device_unpaired ev;
1506
1507 bacpy(&ev.addr.bdaddr, bdaddr);
1508 ev.addr.type = addr_type;
1509
1510 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1511 skip_sk);
1512}
1513
1514static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1515 u16 len)
1516{
1517 struct mgmt_cp_unpair_device *cp = data;
1518 struct mgmt_rp_unpair_device rp;
1519 struct hci_cp_disconnect dc;
1520 struct pending_cmd *cmd;
1521 struct hci_conn *conn;
1522 int err;
1523
1524 hci_dev_lock(hdev);
1525
1526 memset(&rp, 0, sizeof(rp));
1527 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1528 rp.addr.type = cp->addr.type;
1529
1530 if (!hdev_is_powered(hdev)) {
1531 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1532 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1533 goto unlock;
1534 }
1535
1536 if (cp->addr.type == BDADDR_BREDR)
1537 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1538 else
1539 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1540
1541 if (err < 0) {
1542 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1543 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1544 goto unlock;
1545 }
1546
1547 if (cp->disconnect) {
1548 if (cp->addr.type == BDADDR_BREDR)
1549 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1550 &cp->addr.bdaddr);
1551 else
1552 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1553 &cp->addr.bdaddr);
1554 } else {
1555 conn = NULL;
1556 }
1557
1558 if (!conn) {
1559 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1560 &rp, sizeof(rp));
1561 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1562 goto unlock;
1563 }
1564
1565 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1566 sizeof(*cp));
1567 if (!cmd) {
1568 err = -ENOMEM;
1569 goto unlock;
1570 }
1571
1572 dc.handle = cpu_to_le16(conn->handle);
1573 dc.reason = 0x13;
1574 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1575 if (err < 0)
1576 mgmt_pending_remove(cmd);
1577
1578unlock:
1579 hci_dev_unlock(hdev);
1580 return err;
1581}
1582
1583static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1584 u16 len)
1585{
1586 struct mgmt_cp_disconnect *cp = data;
1587 struct hci_cp_disconnect dc;
1588 struct pending_cmd *cmd;
1589 struct hci_conn *conn;
1590 int err;
1591
1592 BT_DBG("");
1593
1594 hci_dev_lock(hdev);
1595
1596 if (!test_bit(HCI_UP, &hdev->flags)) {
1597 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1598 MGMT_STATUS_NOT_POWERED);
1599 goto failed;
1600 }
1601
1602 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1603 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1604 MGMT_STATUS_BUSY);
1605 goto failed;
1606 }
1607
1608 if (cp->addr.type == BDADDR_BREDR)
1609 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1610 &cp->addr.bdaddr);
1611 else
1612 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1613
1614 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1615 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1616 MGMT_STATUS_NOT_CONNECTED);
1617 goto failed;
1618 }
1619
1620 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1621 if (!cmd) {
1622 err = -ENOMEM;
1623 goto failed;
1624 }
1625
1626 dc.handle = cpu_to_le16(conn->handle);
1627 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1628
1629 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1630 if (err < 0)
1631 mgmt_pending_remove(cmd);
1632
1633failed:
1634 hci_dev_unlock(hdev);
1635 return err;
1636}
1637
1638static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1639{
1640 switch (link_type) {
1641 case LE_LINK:
1642 switch (addr_type) {
1643 case ADDR_LE_DEV_PUBLIC:
1644 return BDADDR_LE_PUBLIC;
1645
1646 default:
1647
1648 return BDADDR_LE_RANDOM;
1649 }
1650
1651 default:
1652
1653 return BDADDR_BREDR;
1654 }
1655}
1656
1657static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1658 u16 data_len)
1659{
1660 struct mgmt_rp_get_connections *rp;
1661 struct hci_conn *c;
1662 size_t rp_len;
1663 int err;
1664 u16 i;
1665
1666 BT_DBG("");
1667
1668 hci_dev_lock(hdev);
1669
1670 if (!hdev_is_powered(hdev)) {
1671 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1672 MGMT_STATUS_NOT_POWERED);
1673 goto unlock;
1674 }
1675
1676 i = 0;
1677 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1678 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1679 i++;
1680 }
1681
1682 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1683 rp = kmalloc(rp_len, GFP_KERNEL);
1684 if (!rp) {
1685 err = -ENOMEM;
1686 goto unlock;
1687 }
1688
1689 i = 0;
1690 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1691 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1692 continue;
1693 bacpy(&rp->addr[i].bdaddr, &c->dst);
1694 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1695 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1696 continue;
1697 i++;
1698 }
1699
1700 rp->conn_count = cpu_to_le16(i);
1701
1702
1703 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1704
1705 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1706 rp_len);
1707
1708 kfree(rp);
1709
1710unlock:
1711 hci_dev_unlock(hdev);
1712 return err;
1713}
1714
1715static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1716 struct mgmt_cp_pin_code_neg_reply *cp)
1717{
1718 struct pending_cmd *cmd;
1719 int err;
1720
1721 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1722 sizeof(*cp));
1723 if (!cmd)
1724 return -ENOMEM;
1725
1726 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1727 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1728 if (err < 0)
1729 mgmt_pending_remove(cmd);
1730
1731 return err;
1732}
1733
1734static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1735 u16 len)
1736{
1737 struct hci_conn *conn;
1738 struct mgmt_cp_pin_code_reply *cp = data;
1739 struct hci_cp_pin_code_reply reply;
1740 struct pending_cmd *cmd;
1741 int err;
1742
1743 BT_DBG("");
1744
1745 hci_dev_lock(hdev);
1746
1747 if (!hdev_is_powered(hdev)) {
1748 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1749 MGMT_STATUS_NOT_POWERED);
1750 goto failed;
1751 }
1752
1753 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1754 if (!conn) {
1755 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1756 MGMT_STATUS_NOT_CONNECTED);
1757 goto failed;
1758 }
1759
1760 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1761 struct mgmt_cp_pin_code_neg_reply ncp;
1762
1763 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1764
1765 BT_ERR("PIN code is not 16 bytes long");
1766
1767 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1768 if (err >= 0)
1769 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1770 MGMT_STATUS_INVALID_PARAMS);
1771
1772 goto failed;
1773 }
1774
1775 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1776 if (!cmd) {
1777 err = -ENOMEM;
1778 goto failed;
1779 }
1780
1781 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1782 reply.pin_len = cp->pin_len;
1783 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1784
1785 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1786 if (err < 0)
1787 mgmt_pending_remove(cmd);
1788
1789failed:
1790 hci_dev_unlock(hdev);
1791 return err;
1792}
1793
1794static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1795 u16 len)
1796{
1797 struct mgmt_cp_set_io_capability *cp = data;
1798
1799 BT_DBG("");
1800
1801 hci_dev_lock(hdev);
1802
1803 hdev->io_capability = cp->io_capability;
1804
1805 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1806 hdev->io_capability);
1807
1808 hci_dev_unlock(hdev);
1809
1810 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1811 0);
1812}
1813
1814static struct pending_cmd *find_pairing(struct hci_conn *conn)
1815{
1816 struct hci_dev *hdev = conn->hdev;
1817 struct pending_cmd *cmd;
1818
1819 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1820 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1821 continue;
1822
1823 if (cmd->user_data != conn)
1824 continue;
1825
1826 return cmd;
1827 }
1828
1829 return NULL;
1830}
1831
1832static void pairing_complete(struct pending_cmd *cmd, u8 status)
1833{
1834 struct mgmt_rp_pair_device rp;
1835 struct hci_conn *conn = cmd->user_data;
1836
1837 bacpy(&rp.addr.bdaddr, &conn->dst);
1838 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1839
1840 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1841 &rp, sizeof(rp));
1842
1843
1844 conn->connect_cfm_cb = NULL;
1845 conn->security_cfm_cb = NULL;
1846 conn->disconn_cfm_cb = NULL;
1847
1848 hci_conn_put(conn);
1849
1850 mgmt_pending_remove(cmd);
1851}
1852
1853static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1854{
1855 struct pending_cmd *cmd;
1856
1857 BT_DBG("status %u", status);
1858
1859 cmd = find_pairing(conn);
1860 if (!cmd)
1861 BT_DBG("Unable to find a pending command");
1862 else
1863 pairing_complete(cmd, mgmt_status(status));
1864}
1865
1866static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1867{
1868 struct pending_cmd *cmd;
1869
1870 BT_DBG("status %u", status);
1871
1872 if (!status)
1873 return;
1874
1875 cmd = find_pairing(conn);
1876 if (!cmd)
1877 BT_DBG("Unable to find a pending command");
1878 else
1879 pairing_complete(cmd, mgmt_status(status));
1880}
1881
1882static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1883 u16 len)
1884{
1885 struct mgmt_cp_pair_device *cp = data;
1886 struct mgmt_rp_pair_device rp;
1887 struct pending_cmd *cmd;
1888 u8 sec_level, auth_type;
1889 struct hci_conn *conn;
1890 int err;
1891
1892 BT_DBG("");
1893
1894 hci_dev_lock(hdev);
1895
1896 if (!hdev_is_powered(hdev)) {
1897 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1898 MGMT_STATUS_NOT_POWERED);
1899 goto unlock;
1900 }
1901
1902 sec_level = BT_SECURITY_MEDIUM;
1903 if (cp->io_cap == 0x03)
1904 auth_type = HCI_AT_DEDICATED_BONDING;
1905 else
1906 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1907
1908 if (cp->addr.type == BDADDR_BREDR)
1909 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1910 cp->addr.type, sec_level, auth_type);
1911 else
1912 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1913 cp->addr.type, sec_level, auth_type);
1914
1915 memset(&rp, 0, sizeof(rp));
1916 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1917 rp.addr.type = cp->addr.type;
1918
1919 if (IS_ERR(conn)) {
1920 int status;
1921
1922 if (PTR_ERR(conn) == -EBUSY)
1923 status = MGMT_STATUS_BUSY;
1924 else
1925 status = MGMT_STATUS_CONNECT_FAILED;
1926
1927 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1928 status, &rp,
1929 sizeof(rp));
1930 goto unlock;
1931 }
1932
1933 if (conn->connect_cfm_cb) {
1934 hci_conn_put(conn);
1935 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1936 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1937 goto unlock;
1938 }
1939
1940 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1941 if (!cmd) {
1942 err = -ENOMEM;
1943 hci_conn_put(conn);
1944 goto unlock;
1945 }
1946
1947
1948 if (cp->addr.type == BDADDR_BREDR)
1949 conn->connect_cfm_cb = pairing_complete_cb;
1950 else
1951 conn->connect_cfm_cb = le_connect_complete_cb;
1952
1953 conn->security_cfm_cb = pairing_complete_cb;
1954 conn->disconn_cfm_cb = pairing_complete_cb;
1955 conn->io_capability = cp->io_cap;
1956 cmd->user_data = conn;
1957
1958 if (conn->state == BT_CONNECTED &&
1959 hci_conn_security(conn, sec_level, auth_type))
1960 pairing_complete(cmd, 0);
1961
1962 err = 0;
1963
1964unlock:
1965 hci_dev_unlock(hdev);
1966 return err;
1967}
1968
1969static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1970 u16 len)
1971{
1972 struct mgmt_addr_info *addr = data;
1973 struct pending_cmd *cmd;
1974 struct hci_conn *conn;
1975 int err;
1976
1977 BT_DBG("");
1978
1979 hci_dev_lock(hdev);
1980
1981 if (!hdev_is_powered(hdev)) {
1982 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1983 MGMT_STATUS_NOT_POWERED);
1984 goto unlock;
1985 }
1986
1987 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1988 if (!cmd) {
1989 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1990 MGMT_STATUS_INVALID_PARAMS);
1991 goto unlock;
1992 }
1993
1994 conn = cmd->user_data;
1995
1996 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1997 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1998 MGMT_STATUS_INVALID_PARAMS);
1999 goto unlock;
2000 }
2001
2002 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2003
2004 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2005 addr, sizeof(*addr));
2006unlock:
2007 hci_dev_unlock(hdev);
2008 return err;
2009}
2010
2011static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2012 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2013 u16 hci_op, __le32 passkey)
2014{
2015 struct pending_cmd *cmd;
2016 struct hci_conn *conn;
2017 int err;
2018
2019 hci_dev_lock(hdev);
2020
2021 if (!hdev_is_powered(hdev)) {
2022 err = cmd_status(sk, hdev->id, mgmt_op,
2023 MGMT_STATUS_NOT_POWERED);
2024 goto done;
2025 }
2026
2027 if (type == BDADDR_BREDR)
2028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2029 else
2030 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2031
2032 if (!conn) {
2033 err = cmd_status(sk, hdev->id, mgmt_op,
2034 MGMT_STATUS_NOT_CONNECTED);
2035 goto done;
2036 }
2037
2038 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2039
2040 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2041
2042 if (!err)
2043 err = cmd_status(sk, hdev->id, mgmt_op,
2044 MGMT_STATUS_SUCCESS);
2045 else
2046 err = cmd_status(sk, hdev->id, mgmt_op,
2047 MGMT_STATUS_FAILED);
2048
2049 goto done;
2050 }
2051
2052 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2053 if (!cmd) {
2054 err = -ENOMEM;
2055 goto done;
2056 }
2057
2058
2059 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2060 struct hci_cp_user_passkey_reply cp;
2061
2062 bacpy(&cp.bdaddr, bdaddr);
2063 cp.passkey = passkey;
2064 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2065 } else
2066 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2067
2068 if (err < 0)
2069 mgmt_pending_remove(cmd);
2070
2071done:
2072 hci_dev_unlock(hdev);
2073 return err;
2074}
2075
2076static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2077 void *data, u16 len)
2078{
2079 struct mgmt_cp_pin_code_neg_reply *cp = data;
2080
2081 BT_DBG("");
2082
2083 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2084 MGMT_OP_PIN_CODE_NEG_REPLY,
2085 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2086}
2087
2088static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2089 u16 len)
2090{
2091 struct mgmt_cp_user_confirm_reply *cp = data;
2092
2093 BT_DBG("");
2094
2095 if (len != sizeof(*cp))
2096 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2097 MGMT_STATUS_INVALID_PARAMS);
2098
2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2100 MGMT_OP_USER_CONFIRM_REPLY,
2101 HCI_OP_USER_CONFIRM_REPLY, 0);
2102}
2103
2104static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2105 void *data, u16 len)
2106{
2107 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2108
2109 BT_DBG("");
2110
2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2112 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2113 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2114}
2115
2116static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2117 u16 len)
2118{
2119 struct mgmt_cp_user_passkey_reply *cp = data;
2120
2121 BT_DBG("");
2122
2123 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2124 MGMT_OP_USER_PASSKEY_REPLY,
2125 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2126}
2127
2128static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2129 void *data, u16 len)
2130{
2131 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2132
2133 BT_DBG("");
2134
2135 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2136 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2137 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2138}
2139
2140static int update_name(struct hci_dev *hdev, const char *name)
2141{
2142 struct hci_cp_write_local_name cp;
2143
2144 memcpy(cp.name, name, sizeof(cp.name));
2145
2146 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2147}
2148
2149static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2150 u16 len)
2151{
2152 struct mgmt_cp_set_local_name *cp = data;
2153 struct pending_cmd *cmd;
2154 int err;
2155
2156 BT_DBG("");
2157
2158 hci_dev_lock(hdev);
2159
2160 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2161
2162 if (!hdev_is_powered(hdev)) {
2163 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2164
2165 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2166 data, len);
2167 if (err < 0)
2168 goto failed;
2169
2170 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2171 sk);
2172
2173 goto failed;
2174 }
2175
2176 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2177 if (!cmd) {
2178 err = -ENOMEM;
2179 goto failed;
2180 }
2181
2182 err = update_name(hdev, cp->name);
2183 if (err < 0)
2184 mgmt_pending_remove(cmd);
2185
2186failed:
2187 hci_dev_unlock(hdev);
2188 return err;
2189}
2190
2191static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2192 void *data, u16 data_len)
2193{
2194 struct pending_cmd *cmd;
2195 int err;
2196
2197 BT_DBG("%s", hdev->name);
2198
2199 hci_dev_lock(hdev);
2200
2201 if (!hdev_is_powered(hdev)) {
2202 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2203 MGMT_STATUS_NOT_POWERED);
2204 goto unlock;
2205 }
2206
2207 if (!lmp_ssp_capable(hdev)) {
2208 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2209 MGMT_STATUS_NOT_SUPPORTED);
2210 goto unlock;
2211 }
2212
2213 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2214 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2215 MGMT_STATUS_BUSY);
2216 goto unlock;
2217 }
2218
2219 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2220 if (!cmd) {
2221 err = -ENOMEM;
2222 goto unlock;
2223 }
2224
2225 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2226 if (err < 0)
2227 mgmt_pending_remove(cmd);
2228
2229unlock:
2230 hci_dev_unlock(hdev);
2231 return err;
2232}
2233
2234static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2235 void *data, u16 len)
2236{
2237 struct mgmt_cp_add_remote_oob_data *cp = data;
2238 u8 status;
2239 int err;
2240
2241 BT_DBG("%s ", hdev->name);
2242
2243 hci_dev_lock(hdev);
2244
2245 if (!hdev_is_powered(hdev)) {
2246 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2247 MGMT_STATUS_NOT_POWERED, &cp->addr,
2248 sizeof(cp->addr));
2249 goto unlock;
2250 }
2251
2252 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2253 cp->randomizer);
2254 if (err < 0)
2255 status = MGMT_STATUS_FAILED;
2256 else
2257 status = 0;
2258
2259 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2260 &cp->addr, sizeof(cp->addr));
2261
2262unlock:
2263 hci_dev_unlock(hdev);
2264 return err;
2265}
2266
2267static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2268 void *data, u16 len)
2269{
2270 struct mgmt_cp_remove_remote_oob_data *cp = data;
2271 u8 status;
2272 int err;
2273
2274 BT_DBG("%s", hdev->name);
2275
2276 hci_dev_lock(hdev);
2277
2278 if (!hdev_is_powered(hdev)) {
2279 err = cmd_complete(sk, hdev->id,
2280 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2281 MGMT_STATUS_NOT_POWERED, &cp->addr,
2282 sizeof(cp->addr));
2283 goto unlock;
2284 }
2285
2286 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2287 if (err < 0)
2288 status = MGMT_STATUS_INVALID_PARAMS;
2289 else
2290 status = 0;
2291
2292 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2293 status, &cp->addr, sizeof(cp->addr));
2294
2295unlock:
2296 hci_dev_unlock(hdev);
2297 return err;
2298}
2299
2300int mgmt_interleaved_discovery(struct hci_dev *hdev)
2301{
2302 int err;
2303
2304 BT_DBG("%s", hdev->name);
2305
2306 hci_dev_lock(hdev);
2307
2308 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2309 if (err < 0)
2310 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2311
2312 hci_dev_unlock(hdev);
2313
2314 return err;
2315}
2316
2317static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2318 void *data, u16 len)
2319{
2320 struct mgmt_cp_start_discovery *cp = data;
2321 struct pending_cmd *cmd;
2322 int err;
2323
2324 BT_DBG("%s", hdev->name);
2325
2326 hci_dev_lock(hdev);
2327
2328 if (!hdev_is_powered(hdev)) {
2329 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2330 MGMT_STATUS_NOT_POWERED);
2331 goto failed;
2332 }
2333
2334 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2335 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2336 MGMT_STATUS_BUSY);
2337 goto failed;
2338 }
2339
2340 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2341 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2342 MGMT_STATUS_BUSY);
2343 goto failed;
2344 }
2345
2346 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2347 if (!cmd) {
2348 err = -ENOMEM;
2349 goto failed;
2350 }
2351
2352 hdev->discovery.type = cp->type;
2353
2354 switch (hdev->discovery.type) {
2355 case DISCOV_TYPE_BREDR:
2356 if (lmp_bredr_capable(hdev))
2357 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2358 else
2359 err = -ENOTSUPP;
2360 break;
2361
2362 case DISCOV_TYPE_LE:
2363 if (lmp_host_le_capable(hdev))
2364 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2365 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2366 else
2367 err = -ENOTSUPP;
2368 break;
2369
2370 case DISCOV_TYPE_INTERLEAVED:
2371 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2372 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2373 LE_SCAN_WIN,
2374 LE_SCAN_TIMEOUT_BREDR_LE);
2375 else
2376 err = -ENOTSUPP;
2377 break;
2378
2379 default:
2380 err = -EINVAL;
2381 }
2382
2383 if (err < 0)
2384 mgmt_pending_remove(cmd);
2385 else
2386 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2387
2388failed:
2389 hci_dev_unlock(hdev);
2390 return err;
2391}
2392
2393static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2394 u16 len)
2395{
2396 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2397 struct pending_cmd *cmd;
2398 struct hci_cp_remote_name_req_cancel cp;
2399 struct inquiry_entry *e;
2400 int err;
2401
2402 BT_DBG("%s", hdev->name);
2403
2404 hci_dev_lock(hdev);
2405
2406 if (!hci_discovery_active(hdev)) {
2407 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2408 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2409 sizeof(mgmt_cp->type));
2410 goto unlock;
2411 }
2412
2413 if (hdev->discovery.type != mgmt_cp->type) {
2414 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2415 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2416 sizeof(mgmt_cp->type));
2417 goto unlock;
2418 }
2419
2420 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2421 if (!cmd) {
2422 err = -ENOMEM;
2423 goto unlock;
2424 }
2425
2426 switch (hdev->discovery.state) {
2427 case DISCOVERY_FINDING:
2428 if (test_bit(HCI_INQUIRY, &hdev->flags))
2429 err = hci_cancel_inquiry(hdev);
2430 else
2431 err = hci_cancel_le_scan(hdev);
2432
2433 break;
2434
2435 case DISCOVERY_RESOLVING:
2436 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2437 NAME_PENDING);
2438 if (!e) {
2439 mgmt_pending_remove(cmd);
2440 err = cmd_complete(sk, hdev->id,
2441 MGMT_OP_STOP_DISCOVERY, 0,
2442 &mgmt_cp->type,
2443 sizeof(mgmt_cp->type));
2444 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2445 goto unlock;
2446 }
2447
2448 bacpy(&cp.bdaddr, &e->data.bdaddr);
2449 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2450 sizeof(cp), &cp);
2451
2452 break;
2453
2454 default:
2455 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2456 err = -EFAULT;
2457 }
2458
2459 if (err < 0)
2460 mgmt_pending_remove(cmd);
2461 else
2462 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2463
2464unlock:
2465 hci_dev_unlock(hdev);
2466 return err;
2467}
2468
2469static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2470 u16 len)
2471{
2472 struct mgmt_cp_confirm_name *cp = data;
2473 struct inquiry_entry *e;
2474 int err;
2475
2476 BT_DBG("%s", hdev->name);
2477
2478 hci_dev_lock(hdev);
2479
2480 if (!hci_discovery_active(hdev)) {
2481 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2482 MGMT_STATUS_FAILED);
2483 goto failed;
2484 }
2485
2486 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2487 if (!e) {
2488 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2489 MGMT_STATUS_INVALID_PARAMS);
2490 goto failed;
2491 }
2492
2493 if (cp->name_known) {
2494 e->name_state = NAME_KNOWN;
2495 list_del(&e->list);
2496 } else {
2497 e->name_state = NAME_NEEDED;
2498 hci_inquiry_cache_update_resolve(hdev, e);
2499 }
2500
2501 err = 0;
2502
2503failed:
2504 hci_dev_unlock(hdev);
2505 return err;
2506}
2507
2508static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2509 u16 len)
2510{
2511 struct mgmt_cp_block_device *cp = data;
2512 u8 status;
2513 int err;
2514
2515 BT_DBG("%s", hdev->name);
2516
2517 hci_dev_lock(hdev);
2518
2519 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2520 if (err < 0)
2521 status = MGMT_STATUS_FAILED;
2522 else
2523 status = 0;
2524
2525 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2526 &cp->addr, sizeof(cp->addr));
2527
2528 hci_dev_unlock(hdev);
2529
2530 return err;
2531}
2532
2533static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2534 u16 len)
2535{
2536 struct mgmt_cp_unblock_device *cp = data;
2537 u8 status;
2538 int err;
2539
2540 BT_DBG("%s", hdev->name);
2541
2542 hci_dev_lock(hdev);
2543
2544 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2545 if (err < 0)
2546 status = MGMT_STATUS_INVALID_PARAMS;
2547 else
2548 status = 0;
2549
2550 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2551 &cp->addr, sizeof(cp->addr));
2552
2553 hci_dev_unlock(hdev);
2554
2555 return err;
2556}
2557
2558static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2559 u16 len)
2560{
2561 struct mgmt_cp_set_device_id *cp = data;
2562 int err;
2563 __u16 source;
2564
2565 BT_DBG("%s", hdev->name);
2566
2567 source = __le16_to_cpu(cp->source);
2568
2569 if (source > 0x0002)
2570 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2571 MGMT_STATUS_INVALID_PARAMS);
2572
2573 hci_dev_lock(hdev);
2574
2575 hdev->devid_source = source;
2576 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2577 hdev->devid_product = __le16_to_cpu(cp->product);
2578 hdev->devid_version = __le16_to_cpu(cp->version);
2579
2580 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2581
2582 update_eir(hdev);
2583
2584 hci_dev_unlock(hdev);
2585
2586 return err;
2587}
2588
2589static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2590 void *data, u16 len)
2591{
2592 struct mgmt_mode *cp = data;
2593 struct hci_cp_write_page_scan_activity acp;
2594 u8 type;
2595 int err;
2596
2597 BT_DBG("%s", hdev->name);
2598
2599 if (!hdev_is_powered(hdev))
2600 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2601 MGMT_STATUS_NOT_POWERED);
2602
2603 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2604 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2605 MGMT_STATUS_REJECTED);
2606
2607 hci_dev_lock(hdev);
2608
2609 if (cp->val) {
2610 type = PAGE_SCAN_TYPE_INTERLACED;
2611
2612
2613 acp.interval = __constant_cpu_to_le16(0x0100);
2614 } else {
2615 type = PAGE_SCAN_TYPE_STANDARD;
2616
2617
2618 acp.interval = __constant_cpu_to_le16(0x0800);
2619 }
2620
2621
2622 acp.window = __constant_cpu_to_le16(0x0012);
2623
2624 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2625 &acp);
2626 if (err < 0) {
2627 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2628 MGMT_STATUS_FAILED);
2629 goto done;
2630 }
2631
2632 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2633 if (err < 0) {
2634 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2635 MGMT_STATUS_FAILED);
2636 goto done;
2637 }
2638
2639 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2640 NULL, 0);
2641done:
2642 hci_dev_unlock(hdev);
2643 return err;
2644}
2645
2646static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2647 void *cp_data, u16 len)
2648{
2649 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2650 u16 key_count, expected_len;
2651 int i;
2652
2653 key_count = __le16_to_cpu(cp->key_count);
2654
2655 expected_len = sizeof(*cp) + key_count *
2656 sizeof(struct mgmt_ltk_info);
2657 if (expected_len != len) {
2658 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2659 len, expected_len);
2660 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2661 EINVAL);
2662 }
2663
2664 BT_DBG("%s key_count %u", hdev->name, key_count);
2665
2666 hci_dev_lock(hdev);
2667
2668 hci_smp_ltks_clear(hdev);
2669
2670 for (i = 0; i < key_count; i++) {
2671 struct mgmt_ltk_info *key = &cp->keys[i];
2672 u8 type;
2673
2674 if (key->master)
2675 type = HCI_SMP_LTK;
2676 else
2677 type = HCI_SMP_LTK_SLAVE;
2678
2679 hci_add_ltk(hdev, &key->addr.bdaddr,
2680 bdaddr_to_le(key->addr.type),
2681 type, 0, key->authenticated, key->val,
2682 key->enc_size, key->ediv, key->rand);
2683 }
2684
2685 hci_dev_unlock(hdev);
2686
2687 return 0;
2688}
2689
2690static const struct mgmt_handler {
2691 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2692 u16 data_len);
2693 bool var_len;
2694 size_t data_len;
2695} mgmt_handlers[] = {
2696 { NULL },
2697 { read_version, false, MGMT_READ_VERSION_SIZE },
2698 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2699 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2700 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2701 { set_powered, false, MGMT_SETTING_SIZE },
2702 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2703 { set_connectable, false, MGMT_SETTING_SIZE },
2704 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2705 { set_pairable, false, MGMT_SETTING_SIZE },
2706 { set_link_security, false, MGMT_SETTING_SIZE },
2707 { set_ssp, false, MGMT_SETTING_SIZE },
2708 { set_hs, false, MGMT_SETTING_SIZE },
2709 { set_le, false, MGMT_SETTING_SIZE },
2710 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2711 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2712 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2713 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2714 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2715 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2716 { disconnect, false, MGMT_DISCONNECT_SIZE },
2717 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2718 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2719 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2720 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2721 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2722 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2723 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2724 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2725 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2726 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2727 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2728 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2729 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2730 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2731 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2732 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2733 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2734 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2735 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2736 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2737};
2738
2739
2740int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2741{
2742 void *buf;
2743 u8 *cp;
2744 struct mgmt_hdr *hdr;
2745 u16 opcode, index, len;
2746 struct hci_dev *hdev = NULL;
2747 const struct mgmt_handler *handler;
2748 int err;
2749
2750 BT_DBG("got %zu bytes", msglen);
2751
2752 if (msglen < sizeof(*hdr))
2753 return -EINVAL;
2754
2755 buf = kmalloc(msglen, GFP_KERNEL);
2756 if (!buf)
2757 return -ENOMEM;
2758
2759 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2760 err = -EFAULT;
2761 goto done;
2762 }
2763
2764 hdr = buf;
2765 opcode = __le16_to_cpu(hdr->opcode);
2766 index = __le16_to_cpu(hdr->index);
2767 len = __le16_to_cpu(hdr->len);
2768
2769 if (len != msglen - sizeof(*hdr)) {
2770 err = -EINVAL;
2771 goto done;
2772 }
2773
2774 if (index != MGMT_INDEX_NONE) {
2775 hdev = hci_dev_get(index);
2776 if (!hdev) {
2777 err = cmd_status(sk, index, opcode,
2778 MGMT_STATUS_INVALID_INDEX);
2779 goto done;
2780 }
2781 }
2782
2783 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2784 mgmt_handlers[opcode].func == NULL) {
2785 BT_DBG("Unknown op %u", opcode);
2786 err = cmd_status(sk, index, opcode,
2787 MGMT_STATUS_UNKNOWN_COMMAND);
2788 goto done;
2789 }
2790
2791 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2792 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2793 err = cmd_status(sk, index, opcode,
2794 MGMT_STATUS_INVALID_INDEX);
2795 goto done;
2796 }
2797
2798 handler = &mgmt_handlers[opcode];
2799
2800 if ((handler->var_len && len < handler->data_len) ||
2801 (!handler->var_len && len != handler->data_len)) {
2802 err = cmd_status(sk, index, opcode,
2803 MGMT_STATUS_INVALID_PARAMS);
2804 goto done;
2805 }
2806
2807 if (hdev)
2808 mgmt_init_hdev(sk, hdev);
2809
2810 cp = buf + sizeof(*hdr);
2811
2812 err = handler->func(sk, hdev, cp, len);
2813 if (err < 0)
2814 goto done;
2815
2816 err = msglen;
2817
2818done:
2819 if (hdev)
2820 hci_dev_put(hdev);
2821
2822 kfree(buf);
2823 return err;
2824}
2825
2826static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2827{
2828 u8 *status = data;
2829
2830 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2831 mgmt_pending_remove(cmd);
2832}
2833
2834int mgmt_index_added(struct hci_dev *hdev)
2835{
2836 if (!mgmt_valid_hdev(hdev))
2837 return -ENOTSUPP;
2838
2839 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2840}
2841
2842int mgmt_index_removed(struct hci_dev *hdev)
2843{
2844 u8 status = MGMT_STATUS_INVALID_INDEX;
2845
2846 if (!mgmt_valid_hdev(hdev))
2847 return -ENOTSUPP;
2848
2849 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2850
2851 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2852}
2853
2854struct cmd_lookup {
2855 struct sock *sk;
2856 struct hci_dev *hdev;
2857 u8 mgmt_status;
2858};
2859
2860static void settings_rsp(struct pending_cmd *cmd, void *data)
2861{
2862 struct cmd_lookup *match = data;
2863
2864 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2865
2866 list_del(&cmd->list);
2867
2868 if (match->sk == NULL) {
2869 match->sk = cmd->sk;
2870 sock_hold(match->sk);
2871 }
2872
2873 mgmt_pending_free(cmd);
2874}
2875
2876int mgmt_powered(struct hci_dev *hdev, u8 powered)
2877{
2878 struct cmd_lookup match = { NULL, hdev };
2879 int err;
2880
2881 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2882 return 0;
2883
2884 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2885
2886 if (powered) {
2887 u8 scan = 0;
2888
2889 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2890 scan |= SCAN_PAGE;
2891 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2892 scan |= SCAN_INQUIRY;
2893
2894 if (scan)
2895 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2896
2897 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2898 u8 ssp = 1;
2899
2900 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2901 }
2902
2903 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2904 struct hci_cp_write_le_host_supported cp;
2905
2906 cp.le = 1;
2907 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2908
2909 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2910 sizeof(cp), &cp);
2911 }
2912
2913 update_class(hdev);
2914 update_name(hdev, hdev->dev_name);
2915 update_eir(hdev);
2916 } else {
2917 u8 status = MGMT_STATUS_NOT_POWERED;
2918 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2919 }
2920
2921 err = new_settings(hdev, match.sk);
2922
2923 if (match.sk)
2924 sock_put(match.sk);
2925
2926 return err;
2927}
2928
2929int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2930{
2931 struct cmd_lookup match = { NULL, hdev };
2932 bool changed = false;
2933 int err = 0;
2934
2935 if (discoverable) {
2936 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2937 changed = true;
2938 } else {
2939 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2940 changed = true;
2941 }
2942
2943 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2944 &match);
2945
2946 if (changed)
2947 err = new_settings(hdev, match.sk);
2948
2949 if (match.sk)
2950 sock_put(match.sk);
2951
2952 return err;
2953}
2954
2955int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2956{
2957 struct cmd_lookup match = { NULL, hdev };
2958 bool changed = false;
2959 int err = 0;
2960
2961 if (connectable) {
2962 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2963 changed = true;
2964 } else {
2965 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2966 changed = true;
2967 }
2968
2969 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2970 &match);
2971
2972 if (changed)
2973 err = new_settings(hdev, match.sk);
2974
2975 if (match.sk)
2976 sock_put(match.sk);
2977
2978 return err;
2979}
2980
2981int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2982{
2983 u8 mgmt_err = mgmt_status(status);
2984
2985 if (scan & SCAN_PAGE)
2986 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2987 cmd_status_rsp, &mgmt_err);
2988
2989 if (scan & SCAN_INQUIRY)
2990 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2991 cmd_status_rsp, &mgmt_err);
2992
2993 return 0;
2994}
2995
2996int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2997 bool persistent)
2998{
2999 struct mgmt_ev_new_link_key ev;
3000
3001 memset(&ev, 0, sizeof(ev));
3002
3003 ev.store_hint = persistent;
3004 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3005 ev.key.addr.type = BDADDR_BREDR;
3006 ev.key.type = key->type;
3007 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3008 ev.key.pin_len = key->pin_len;
3009
3010 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3011}
3012
3013int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3014{
3015 struct mgmt_ev_new_long_term_key ev;
3016
3017 memset(&ev, 0, sizeof(ev));
3018
3019 ev.store_hint = persistent;
3020 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3021 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3022 ev.key.authenticated = key->authenticated;
3023 ev.key.enc_size = key->enc_size;
3024 ev.key.ediv = key->ediv;
3025
3026 if (key->type == HCI_SMP_LTK)
3027 ev.key.master = 1;
3028
3029 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3030 memcpy(ev.key.val, key->val, sizeof(key->val));
3031
3032 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3033 NULL);
3034}
3035
3036int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3037 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3038 u8 *dev_class)
3039{
3040 char buf[512];
3041 struct mgmt_ev_device_connected *ev = (void *) buf;
3042 u16 eir_len = 0;
3043
3044 bacpy(&ev->addr.bdaddr, bdaddr);
3045 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3046
3047 ev->flags = __cpu_to_le32(flags);
3048
3049 if (name_len > 0)
3050 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3051 name, name_len);
3052
3053 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3054 eir_len = eir_append_data(ev->eir, eir_len,
3055 EIR_CLASS_OF_DEV, dev_class, 3);
3056
3057 ev->eir_len = cpu_to_le16(eir_len);
3058
3059 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3060 sizeof(*ev) + eir_len, NULL);
3061}
3062
3063static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3064{
3065 struct mgmt_cp_disconnect *cp = cmd->param;
3066 struct sock **sk = data;
3067 struct mgmt_rp_disconnect rp;
3068
3069 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3070 rp.addr.type = cp->addr.type;
3071
3072 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3073 sizeof(rp));
3074
3075 *sk = cmd->sk;
3076 sock_hold(*sk);
3077
3078 mgmt_pending_remove(cmd);
3079}
3080
3081static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3082{
3083 struct hci_dev *hdev = data;
3084 struct mgmt_cp_unpair_device *cp = cmd->param;
3085 struct mgmt_rp_unpair_device rp;
3086
3087 memset(&rp, 0, sizeof(rp));
3088 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3089 rp.addr.type = cp->addr.type;
3090
3091 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3092
3093 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3094
3095 mgmt_pending_remove(cmd);
3096}
3097
3098int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3099 u8 link_type, u8 addr_type, u8 reason)
3100{
3101 struct mgmt_ev_device_disconnected ev;
3102 struct sock *sk = NULL;
3103 int err;
3104
3105 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3106
3107 bacpy(&ev.addr.bdaddr, bdaddr);
3108 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3109 ev.reason = reason;
3110
3111 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3112 sk);
3113
3114 if (sk)
3115 sock_put(sk);
3116
3117 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3118 hdev);
3119
3120 return err;
3121}
3122
3123int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3124 u8 link_type, u8 addr_type, u8 status)
3125{
3126 struct mgmt_rp_disconnect rp;
3127 struct pending_cmd *cmd;
3128 int err;
3129
3130 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3131 if (!cmd)
3132 return -ENOENT;
3133
3134 bacpy(&rp.addr.bdaddr, bdaddr);
3135 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3136
3137 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3138 mgmt_status(status), &rp, sizeof(rp));
3139
3140 mgmt_pending_remove(cmd);
3141
3142 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3143 hdev);
3144 return err;
3145}
3146
3147int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3148 u8 addr_type, u8 status)
3149{
3150 struct mgmt_ev_connect_failed ev;
3151
3152 bacpy(&ev.addr.bdaddr, bdaddr);
3153 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3154 ev.status = mgmt_status(status);
3155
3156 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3157}
3158
3159int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3160{
3161 struct mgmt_ev_pin_code_request ev;
3162
3163 bacpy(&ev.addr.bdaddr, bdaddr);
3164 ev.addr.type = BDADDR_BREDR;
3165 ev.secure = secure;
3166
3167 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3168 NULL);
3169}
3170
3171int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3172 u8 status)
3173{
3174 struct pending_cmd *cmd;
3175 struct mgmt_rp_pin_code_reply rp;
3176 int err;
3177
3178 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3179 if (!cmd)
3180 return -ENOENT;
3181
3182 bacpy(&rp.addr.bdaddr, bdaddr);
3183 rp.addr.type = BDADDR_BREDR;
3184
3185 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3186 mgmt_status(status), &rp, sizeof(rp));
3187
3188 mgmt_pending_remove(cmd);
3189
3190 return err;
3191}
3192
3193int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3194 u8 status)
3195{
3196 struct pending_cmd *cmd;
3197 struct mgmt_rp_pin_code_reply rp;
3198 int err;
3199
3200 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3201 if (!cmd)
3202 return -ENOENT;
3203
3204 bacpy(&rp.addr.bdaddr, bdaddr);
3205 rp.addr.type = BDADDR_BREDR;
3206
3207 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3208 mgmt_status(status), &rp, sizeof(rp));
3209
3210 mgmt_pending_remove(cmd);
3211
3212 return err;
3213}
3214
3215int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3216 u8 link_type, u8 addr_type, __le32 value,
3217 u8 confirm_hint)
3218{
3219 struct mgmt_ev_user_confirm_request ev;
3220
3221 BT_DBG("%s", hdev->name);
3222
3223 bacpy(&ev.addr.bdaddr, bdaddr);
3224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3225 ev.confirm_hint = confirm_hint;
3226 ev.value = value;
3227
3228 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3229 NULL);
3230}
3231
3232int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3233 u8 link_type, u8 addr_type)
3234{
3235 struct mgmt_ev_user_passkey_request ev;
3236
3237 BT_DBG("%s", hdev->name);
3238
3239 bacpy(&ev.addr.bdaddr, bdaddr);
3240 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3241
3242 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3243 NULL);
3244}
3245
3246static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3247 u8 link_type, u8 addr_type, u8 status,
3248 u8 opcode)
3249{
3250 struct pending_cmd *cmd;
3251 struct mgmt_rp_user_confirm_reply rp;
3252 int err;
3253
3254 cmd = mgmt_pending_find(opcode, hdev);
3255 if (!cmd)
3256 return -ENOENT;
3257
3258 bacpy(&rp.addr.bdaddr, bdaddr);
3259 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3260 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3261 &rp, sizeof(rp));
3262
3263 mgmt_pending_remove(cmd);
3264
3265 return err;
3266}
3267
3268int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3269 u8 link_type, u8 addr_type, u8 status)
3270{
3271 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3272 status, MGMT_OP_USER_CONFIRM_REPLY);
3273}
3274
3275int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3276 u8 link_type, u8 addr_type, u8 status)
3277{
3278 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3279 status,
3280 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3281}
3282
3283int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3284 u8 link_type, u8 addr_type, u8 status)
3285{
3286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3287 status, MGMT_OP_USER_PASSKEY_REPLY);
3288}
3289
3290int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3291 u8 link_type, u8 addr_type, u8 status)
3292{
3293 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3294 status,
3295 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3296}
3297
3298int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3299 u8 link_type, u8 addr_type, u32 passkey,
3300 u8 entered)
3301{
3302 struct mgmt_ev_passkey_notify ev;
3303
3304 BT_DBG("%s", hdev->name);
3305
3306 bacpy(&ev.addr.bdaddr, bdaddr);
3307 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3308 ev.passkey = __cpu_to_le32(passkey);
3309 ev.entered = entered;
3310
3311 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3312}
3313
3314int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3315 u8 addr_type, u8 status)
3316{
3317 struct mgmt_ev_auth_failed ev;
3318
3319 bacpy(&ev.addr.bdaddr, bdaddr);
3320 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3321 ev.status = mgmt_status(status);
3322
3323 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3324}
3325
3326int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3327{
3328 struct cmd_lookup match = { NULL, hdev };
3329 bool changed = false;
3330 int err = 0;
3331
3332 if (status) {
3333 u8 mgmt_err = mgmt_status(status);
3334 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3335 cmd_status_rsp, &mgmt_err);
3336 return 0;
3337 }
3338
3339 if (test_bit(HCI_AUTH, &hdev->flags)) {
3340 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3341 changed = true;
3342 } else {
3343 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3344 changed = true;
3345 }
3346
3347 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3348 &match);
3349
3350 if (changed)
3351 err = new_settings(hdev, match.sk);
3352
3353 if (match.sk)
3354 sock_put(match.sk);
3355
3356 return err;
3357}
3358
3359static int clear_eir(struct hci_dev *hdev)
3360{
3361 struct hci_cp_write_eir cp;
3362
3363 if (!(hdev->features[6] & LMP_EXT_INQ))
3364 return 0;
3365
3366 memset(hdev->eir, 0, sizeof(hdev->eir));
3367
3368 memset(&cp, 0, sizeof(cp));
3369
3370 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3371}
3372
3373int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3374{
3375 struct cmd_lookup match = { NULL, hdev };
3376 bool changed = false;
3377 int err = 0;
3378
3379 if (status) {
3380 u8 mgmt_err = mgmt_status(status);
3381
3382 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3383 &hdev->dev_flags))
3384 err = new_settings(hdev, NULL);
3385
3386 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3387 &mgmt_err);
3388
3389 return err;
3390 }
3391
3392 if (enable) {
3393 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3394 changed = true;
3395 } else {
3396 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3397 changed = true;
3398 }
3399
3400 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3401
3402 if (changed)
3403 err = new_settings(hdev, match.sk);
3404
3405 if (match.sk)
3406 sock_put(match.sk);
3407
3408 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3409 update_eir(hdev);
3410 else
3411 clear_eir(hdev);
3412
3413 return err;
3414}
3415
3416static void class_rsp(struct pending_cmd *cmd, void *data)
3417{
3418 struct cmd_lookup *match = data;
3419
3420 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3421 match->hdev->dev_class, 3);
3422
3423 list_del(&cmd->list);
3424
3425 if (match->sk == NULL) {
3426 match->sk = cmd->sk;
3427 sock_hold(match->sk);
3428 }
3429
3430 mgmt_pending_free(cmd);
3431}
3432
3433int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3434 u8 status)
3435{
3436 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3437 int err = 0;
3438
3439 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3440
3441 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3442 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3443 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3444
3445 if (!status)
3446 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3447 3, NULL);
3448
3449 if (match.sk)
3450 sock_put(match.sk);
3451
3452 return err;
3453}
3454
3455int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3456{
3457 struct pending_cmd *cmd;
3458 struct mgmt_cp_set_local_name ev;
3459 bool changed = false;
3460 int err = 0;
3461
3462 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3463 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3464 changed = true;
3465 }
3466
3467 memset(&ev, 0, sizeof(ev));
3468 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3469 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3470
3471 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3472 if (!cmd)
3473 goto send_event;
3474
3475
3476
3477 changed = true;
3478
3479 if (status) {
3480 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3481 mgmt_status(status));
3482 goto failed;
3483 }
3484
3485 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3486 sizeof(ev));
3487 if (err < 0)
3488 goto failed;
3489
3490send_event:
3491 if (changed)
3492 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3493 sizeof(ev), cmd ? cmd->sk : NULL);
3494
3495 update_eir(hdev);
3496
3497failed:
3498 if (cmd)
3499 mgmt_pending_remove(cmd);
3500 return err;
3501}
3502
3503int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3504 u8 *randomizer, u8 status)
3505{
3506 struct pending_cmd *cmd;
3507 int err;
3508
3509 BT_DBG("%s status %u", hdev->name, status);
3510
3511 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3512 if (!cmd)
3513 return -ENOENT;
3514
3515 if (status) {
3516 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3517 mgmt_status(status));
3518 } else {
3519 struct mgmt_rp_read_local_oob_data rp;
3520
3521 memcpy(rp.hash, hash, sizeof(rp.hash));
3522 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3523
3524 err = cmd_complete(cmd->sk, hdev->id,
3525 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3526 sizeof(rp));
3527 }
3528
3529 mgmt_pending_remove(cmd);
3530
3531 return err;
3532}
3533
3534int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3535{
3536 struct cmd_lookup match = { NULL, hdev };
3537 bool changed = false;
3538 int err = 0;
3539
3540 if (status) {
3541 u8 mgmt_err = mgmt_status(status);
3542
3543 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3544 &hdev->dev_flags))
3545 err = new_settings(hdev, NULL);
3546
3547 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3548 &mgmt_err);
3549
3550 return err;
3551 }
3552
3553 if (enable) {
3554 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3555 changed = true;
3556 } else {
3557 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3558 changed = true;
3559 }
3560
3561 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3562
3563 if (changed)
3564 err = new_settings(hdev, match.sk);
3565
3566 if (match.sk)
3567 sock_put(match.sk);
3568
3569 return err;
3570}
3571
3572int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3573 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3574 ssp, u8 *eir, u16 eir_len)
3575{
3576 char buf[512];
3577 struct mgmt_ev_device_found *ev = (void *) buf;
3578 size_t ev_size;
3579
3580
3581 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3582 return -EINVAL;
3583
3584 memset(buf, 0, sizeof(buf));
3585
3586 bacpy(&ev->addr.bdaddr, bdaddr);
3587 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3588 ev->rssi = rssi;
3589 if (cfm_name)
3590 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3591 if (!ssp)
3592 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3593
3594 if (eir_len > 0)
3595 memcpy(ev->eir, eir, eir_len);
3596
3597 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3598 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3599 dev_class, 3);
3600
3601 ev->eir_len = cpu_to_le16(eir_len);
3602 ev_size = sizeof(*ev) + eir_len;
3603
3604 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3605}
3606
3607int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3608 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3609{
3610 struct mgmt_ev_device_found *ev;
3611 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3612 u16 eir_len;
3613
3614 ev = (struct mgmt_ev_device_found *) buf;
3615
3616 memset(buf, 0, sizeof(buf));
3617
3618 bacpy(&ev->addr.bdaddr, bdaddr);
3619 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3620 ev->rssi = rssi;
3621
3622 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3623 name_len);
3624
3625 ev->eir_len = cpu_to_le16(eir_len);
3626
3627 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3628 sizeof(*ev) + eir_len, NULL);
3629}
3630
3631int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3632{
3633 struct pending_cmd *cmd;
3634 u8 type;
3635 int err;
3636
3637 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3638
3639 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3640 if (!cmd)
3641 return -ENOENT;
3642
3643 type = hdev->discovery.type;
3644
3645 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3646 &type, sizeof(type));
3647 mgmt_pending_remove(cmd);
3648
3649 return err;
3650}
3651
3652int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3653{
3654 struct pending_cmd *cmd;
3655 int err;
3656
3657 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3658 if (!cmd)
3659 return -ENOENT;
3660
3661 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3662 &hdev->discovery.type, sizeof(hdev->discovery.type));
3663 mgmt_pending_remove(cmd);
3664
3665 return err;
3666}
3667
3668int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3669{
3670 struct mgmt_ev_discovering ev;
3671 struct pending_cmd *cmd;
3672
3673 BT_DBG("%s discovering %u", hdev->name, discovering);
3674
3675 if (discovering)
3676 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3677 else
3678 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3679
3680 if (cmd != NULL) {
3681 u8 type = hdev->discovery.type;
3682
3683 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3684 sizeof(type));
3685 mgmt_pending_remove(cmd);
3686 }
3687
3688 memset(&ev, 0, sizeof(ev));
3689 ev.type = hdev->discovery.type;
3690 ev.discovering = discovering;
3691
3692 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3693}
3694
3695int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3696{
3697 struct pending_cmd *cmd;
3698 struct mgmt_ev_device_blocked ev;
3699
3700 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3701
3702 bacpy(&ev.addr.bdaddr, bdaddr);
3703 ev.addr.type = type;
3704
3705 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3706 cmd ? cmd->sk : NULL);
3707}
3708
3709int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3710{
3711 struct pending_cmd *cmd;
3712 struct mgmt_ev_device_unblocked ev;
3713
3714 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3715
3716 bacpy(&ev.addr.bdaddr, bdaddr);
3717 ev.addr.type = type;
3718
3719 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3720 cmd ? cmd->sk : NULL);
3721}
3722
3723module_param(enable_hs, bool, 0644);
3724MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3725
