LXR linux/net/bluetooth/mgmt.c

   1/*
   2   BlueZ - Bluetooth protocol stack for Linux
   3
   4   Copyright (C) 2010  Nokia Corporation
   5   Copyright (C) 2011-2012 Intel Corporation
   6
   7   This program is free software; you can redistribute it and/or modify
   8   it under the terms of the GNU General Public License version 2 as
   9   published by the Free Software Foundation;
  10
  11   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  12   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  13   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  14   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  15   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  16   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  17   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  18   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  19
  20   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  21   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  22   SOFTWARE IS DISCLAIMED.
  23*/
  24
  25/* Bluetooth HCI Management interface */
  26
  27#include <linux/kernel.h>
  28#include <linux/uaccess.h>
  29#include <linux/module.h>
  30#include <asm/unaligned.h>
  31
  32#include <net/bluetooth/bluetooth.h>
  33#include <net/bluetooth/hci_core.h>
  34#include <net/bluetooth/mgmt.h>
  35#include <net/bluetooth/smp.h>
  36
  37bool enable_hs;
  38bool enable_le;
  39
  40#define MGMT_VERSION    1
  41#define MGMT_REVISION   0
  42
  43static const u16 mgmt_commands[] = {
  44        MGMT_OP_READ_INDEX_LIST,
  45        MGMT_OP_READ_INFO,
  46        MGMT_OP_SET_POWERED,
  47        MGMT_OP_SET_DISCOVERABLE,
  48        MGMT_OP_SET_CONNECTABLE,
  49        MGMT_OP_SET_FAST_CONNECTABLE,
  50        MGMT_OP_SET_PAIRABLE,
  51        MGMT_OP_SET_LINK_SECURITY,
  52        MGMT_OP_SET_SSP,
  53        MGMT_OP_SET_HS,
  54        MGMT_OP_SET_LE,
  55        MGMT_OP_SET_DEV_CLASS,
  56        MGMT_OP_SET_LOCAL_NAME,
  57        MGMT_OP_ADD_UUID,
  58        MGMT_OP_REMOVE_UUID,
  59        MGMT_OP_LOAD_LINK_KEYS,
  60        MGMT_OP_LOAD_LONG_TERM_KEYS,
  61        MGMT_OP_DISCONNECT,
  62        MGMT_OP_GET_CONNECTIONS,
  63        MGMT_OP_PIN_CODE_REPLY,
  64        MGMT_OP_PIN_CODE_NEG_REPLY,
  65        MGMT_OP_SET_IO_CAPABILITY,
  66        MGMT_OP_PAIR_DEVICE,
  67        MGMT_OP_CANCEL_PAIR_DEVICE,
  68        MGMT_OP_UNPAIR_DEVICE,
  69        MGMT_OP_USER_CONFIRM_REPLY,
  70        MGMT_OP_USER_CONFIRM_NEG_REPLY,
  71        MGMT_OP_USER_PASSKEY_REPLY,
  72        MGMT_OP_USER_PASSKEY_NEG_REPLY,
  73        MGMT_OP_READ_LOCAL_OOB_DATA,
  74        MGMT_OP_ADD_REMOTE_OOB_DATA,
  75        MGMT_OP_REMOVE_REMOTE_OOB_DATA,
  76        MGMT_OP_START_DISCOVERY,
  77        MGMT_OP_STOP_DISCOVERY,
  78        MGMT_OP_CONFIRM_NAME,
  79        MGMT_OP_BLOCK_DEVICE,
  80        MGMT_OP_UNBLOCK_DEVICE,
  81};
  82
  83static const u16 mgmt_events[] = {
  84        MGMT_EV_CONTROLLER_ERROR,
  85        MGMT_EV_INDEX_ADDED,
  86        MGMT_EV_INDEX_REMOVED,
  87        MGMT_EV_NEW_SETTINGS,
  88        MGMT_EV_CLASS_OF_DEV_CHANGED,
  89        MGMT_EV_LOCAL_NAME_CHANGED,
  90        MGMT_EV_NEW_LINK_KEY,
  91        MGMT_EV_NEW_LONG_TERM_KEY,
  92        MGMT_EV_DEVICE_CONNECTED,
  93        MGMT_EV_DEVICE_DISCONNECTED,
  94        MGMT_EV_CONNECT_FAILED,
  95        MGMT_EV_PIN_CODE_REQUEST,
  96        MGMT_EV_USER_CONFIRM_REQUEST,
  97        MGMT_EV_USER_PASSKEY_REQUEST,
  98        MGMT_EV_AUTH_FAILED,
  99        MGMT_EV_DEVICE_FOUND,
 100        MGMT_EV_DISCOVERING,
 101        MGMT_EV_DEVICE_BLOCKED,
 102        MGMT_EV_DEVICE_UNBLOCKED,
 103        MGMT_EV_DEVICE_UNPAIRED,
 104};
 105
 106/*
 107 * These LE scan and inquiry parameters were chosen according to LE General
 108 * Discovery Procedure specification.
 109 */
 110#define LE_SCAN_TYPE                    0x01
 111#define LE_SCAN_WIN                     0x12
 112#define LE_SCAN_INT                     0x12
 113#define LE_SCAN_TIMEOUT_LE_ONLY         10240   /* TGAP(gen_disc_scan_min) */
 114#define LE_SCAN_TIMEOUT_BREDR_LE        5120    /* TGAP(100)/2 */
 115
 116#define INQUIRY_LEN_BREDR               0x08    /* TGAP(100) */
 117#define INQUIRY_LEN_BREDR_LE            0x04    /* TGAP(100)/2 */
 118
 119#define CACHE_TIMEOUT   msecs_to_jiffies(2 * 1000)
 120
 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
 122                                !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
 123
 124struct pending_cmd {
 125        struct list_head list;
 126        u16 opcode;
 127        int index;
 128        void *param;
 129        struct sock *sk;
 130        void *user_data;
 131};
 132
 133/* HCI to MGMT error code conversion table */
 134static u8 mgmt_status_table[] = {
 135        MGMT_STATUS_SUCCESS,
 136        MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
 137        MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
 138        MGMT_STATUS_FAILED,             /* Hardware Failure */
 139        MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
 140        MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
 141        MGMT_STATUS_NOT_PAIRED,         /* PIN or Key Missing */
 142        MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
 143        MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
 144        MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
 145        MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
 146        MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
 147        MGMT_STATUS_BUSY,               /* Command Disallowed */
 148        MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
 149        MGMT_STATUS_REJECTED,           /* Rejected Security */
 150        MGMT_STATUS_REJECTED,           /* Rejected Personal */
 151        MGMT_STATUS_TIMEOUT,            /* Host Timeout */
 152        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
 153        MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
 154        MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
 155        MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
 156        MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
 157        MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
 158        MGMT_STATUS_BUSY,               /* Repeated Attempts */
 159        MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
 160        MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
 161        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
 162        MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
 163        MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
 164        MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
 165        MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
 166        MGMT_STATUS_FAILED,             /* Unspecified Error */
 167        MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
 168        MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
 169        MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
 170        MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
 171        MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
 172        MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
 173        MGMT_STATUS_FAILED,             /* Unit Link Key Used */
 174        MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
 175        MGMT_STATUS_TIMEOUT,            /* Instant Passed */
 176        MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
 177        MGMT_STATUS_FAILED,             /* Transaction Collision */
 178        MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
 179        MGMT_STATUS_REJECTED,           /* QoS Rejected */
 180        MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
 181        MGMT_STATUS_REJECTED,           /* Insufficient Security */
 182        MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
 183        MGMT_STATUS_BUSY,               /* Role Switch Pending */
 184        MGMT_STATUS_FAILED,             /* Slot Violation */
 185        MGMT_STATUS_FAILED,             /* Role Switch Failed */
 186        MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
 187        MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
 188        MGMT_STATUS_BUSY,               /* Host Busy Pairing */
 189        MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
 190        MGMT_STATUS_BUSY,               /* Controller Busy */
 191        MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
 192        MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
 193        MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
 194        MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
 195        MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
 196};
 197
 198static u8 mgmt_status(u8 hci_status)
 199{
 200        if (hci_status < ARRAY_SIZE(mgmt_status_table))
 201                return mgmt_status_table[hci_status];
 202
 203        return MGMT_STATUS_FAILED;
 204}
 205
 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
 207{
 208        struct sk_buff *skb;
 209        struct mgmt_hdr *hdr;
 210        struct mgmt_ev_cmd_status *ev;
 211        int err;
 212
 213        BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
 214
 215        skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
 216        if (!skb)
 217                return -ENOMEM;
 218
 219        hdr = (void *) skb_put(skb, sizeof(*hdr));
 220
 221        hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
 222        hdr->index = cpu_to_le16(index);
 223        hdr->len = cpu_to_le16(sizeof(*ev));
 224
 225        ev = (void *) skb_put(skb, sizeof(*ev));
 226        ev->status = status;
 227        put_unaligned_le16(cmd, &ev->opcode);
 228
 229        err = sock_queue_rcv_skb(sk, skb);
 230        if (err < 0)
 231                kfree_skb(skb);
 232
 233        return err;
 234}
 235
 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
 237                        void *rp, size_t rp_len)
 238{
 239        struct sk_buff *skb;
 240        struct mgmt_hdr *hdr;
 241        struct mgmt_ev_cmd_complete *ev;
 242        int err;
 243
 244        BT_DBG("sock %p", sk);
 245
 246        skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
 247        if (!skb)
 248                return -ENOMEM;
 249
 250        hdr = (void *) skb_put(skb, sizeof(*hdr));
 251
 252        hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
 253        hdr->index = cpu_to_le16(index);
 254        hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
 255
 256        ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
 257        put_unaligned_le16(cmd, &ev->opcode);
 258        ev->status = status;
 259
 260        if (rp)
 261                memcpy(ev->data, rp, rp_len);
 262
 263        err = sock_queue_rcv_skb(sk, skb);
 264        if (err < 0)
 265                kfree_skb(skb);
 266
 267        return err;
 268}
 269
 270static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
 271                        u16 data_len)
 272{
 273        struct mgmt_rp_read_version rp;
 274
 275        BT_DBG("sock %p", sk);
 276
 277        rp.version = MGMT_VERSION;
 278        put_unaligned_le16(MGMT_REVISION, &rp.revision);
 279
 280        return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
 281                            sizeof(rp));
 282}
 283
 284static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
 285                         u16 data_len)
 286{
 287        struct mgmt_rp_read_commands *rp;
 288        u16 num_commands = ARRAY_SIZE(mgmt_commands);
 289        u16 num_events = ARRAY_SIZE(mgmt_events);
 290        u16 *opcode;
 291        size_t rp_size;
 292        int i, err;
 293
 294        BT_DBG("sock %p", sk);
 295
 296        rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
 297
 298        rp = kmalloc(rp_size, GFP_KERNEL);
 299        if (!rp)
 300                return -ENOMEM;
 301
 302        put_unaligned_le16(num_commands, &rp->num_commands);
 303        put_unaligned_le16(num_events, &rp->num_events);
 304
 305        for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
 306                put_unaligned_le16(mgmt_commands[i], opcode);
 307
 308        for (i = 0; i < num_events; i++, opcode++)
 309                put_unaligned_le16(mgmt_events[i], opcode);
 310
 311        err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
 312                           rp_size);
 313        kfree(rp);
 314
 315        return err;
 316}
 317
 318static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
 319                           u16 data_len)
 320{
 321        struct mgmt_rp_read_index_list *rp;
 322        struct list_head *p;
 323        struct hci_dev *d;
 324        size_t rp_len;
 325        u16 count;
 326        int i, err;
 327
 328        BT_DBG("sock %p", sk);
 329
 330        read_lock(&hci_dev_list_lock);
 331
 332        count = 0;
 333        list_for_each(p, &hci_dev_list) {
 334                count++;
 335        }
 336
 337        rp_len = sizeof(*rp) + (2 * count);
 338        rp = kmalloc(rp_len, GFP_ATOMIC);
 339        if (!rp) {
 340                read_unlock(&hci_dev_list_lock);
 341                return -ENOMEM;
 342        }
 343
 344        put_unaligned_le16(count, &rp->num_controllers);
 345
 346        i = 0;
 347        list_for_each_entry(d, &hci_dev_list, list) {
 348                if (test_bit(HCI_SETUP, &d->dev_flags))
 349                        continue;
 350
 351                put_unaligned_le16(d->id, &rp->index[i++]);
 352                BT_DBG("Added hci%u", d->id);
 353        }
 354
 355        read_unlock(&hci_dev_list_lock);
 356
 357        err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
 358                           rp_len);
 359
 360        kfree(rp);
 361
 362        return err;
 363}
 364
 365static u32 get_supported_settings(struct hci_dev *hdev)
 366{
 367        u32 settings = 0;
 368
 369        settings |= MGMT_SETTING_POWERED;
 370        settings |= MGMT_SETTING_CONNECTABLE;
 371        settings |= MGMT_SETTING_FAST_CONNECTABLE;
 372        settings |= MGMT_SETTING_DISCOVERABLE;
 373        settings |= MGMT_SETTING_PAIRABLE;
 374
 375        if (hdev->features[6] & LMP_SIMPLE_PAIR)
 376                settings |= MGMT_SETTING_SSP;
 377
 378        if (!(hdev->features[4] & LMP_NO_BREDR)) {
 379                settings |= MGMT_SETTING_BREDR;
 380                settings |= MGMT_SETTING_LINK_SECURITY;
 381        }
 382
 383        if (enable_hs)
 384                settings |= MGMT_SETTING_HS;
 385
 386        if (enable_le) {
 387                if (hdev->features[4] & LMP_LE)
 388                        settings |= MGMT_SETTING_LE;
 389        }
 390
 391        return settings;
 392}
 393
 394static u32 get_current_settings(struct hci_dev *hdev)
 395{
 396        u32 settings = 0;
 397
 398        if (hdev_is_powered(hdev))
 399                settings |= MGMT_SETTING_POWERED;
 400
 401        if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
 402                settings |= MGMT_SETTING_CONNECTABLE;
 403
 404        if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
 405                settings |= MGMT_SETTING_DISCOVERABLE;
 406
 407        if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
 408                settings |= MGMT_SETTING_PAIRABLE;
 409
 410        if (!(hdev->features[4] & LMP_NO_BREDR))
 411                settings |= MGMT_SETTING_BREDR;
 412
 413        if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
 414                settings |= MGMT_SETTING_LE;
 415
 416        if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
 417                settings |= MGMT_SETTING_LINK_SECURITY;
 418
 419        if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
 420                settings |= MGMT_SETTING_SSP;
 421
 422        if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
 423                settings |= MGMT_SETTING_HS;
 424
 425        return settings;
 426}
 427
 428#define PNP_INFO_SVCLASS_ID             0x1200
 429
 430static u8 bluetooth_base_uuid[] = {
 431                        0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
 432                        0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 433};
 434
 435static u16 get_uuid16(u8 *uuid128)
 436{
 437        u32 val;
 438        int i;
 439
 440        for (i = 0; i < 12; i++) {
 441                if (bluetooth_base_uuid[i] != uuid128[i])
 442                        return 0;
 443        }
 444
 445        memcpy(&val, &uuid128[12], 4);
 446
 447        val = le32_to_cpu(val);
 448        if (val > 0xffff)
 449                return 0;
 450
 451        return (u16) val;
 452}
 453
 454static void create_eir(struct hci_dev *hdev, u8 *data)
 455{
 456        u8 *ptr = data;
 457        u16 eir_len = 0;
 458        u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
 459        int i, truncated = 0;
 460        struct bt_uuid *uuid;
 461        size_t name_len;
 462
 463        name_len = strlen(hdev->dev_name);
 464
 465        if (name_len > 0) {
 466                /* EIR Data type */
 467                if (name_len > 48) {
 468                        name_len = 48;
 469                        ptr[1] = EIR_NAME_SHORT;
 470                } else
 471                        ptr[1] = EIR_NAME_COMPLETE;
 472
 473                /* EIR Data length */
 474                ptr[0] = name_len + 1;
 475
 476                memcpy(ptr + 2, hdev->dev_name, name_len);
 477
 478                eir_len += (name_len + 2);
 479                ptr += (name_len + 2);
 480        }
 481
 482        memset(uuid16_list, 0, sizeof(uuid16_list));
 483
 484        /* Group all UUID16 types */
 485        list_for_each_entry(uuid, &hdev->uuids, list) {
 486                u16 uuid16;
 487
 488                uuid16 = get_uuid16(uuid->uuid);
 489                if (uuid16 == 0)
 490                        return;
 491
 492                if (uuid16 < 0x1100)
 493                        continue;
 494
 495                if (uuid16 == PNP_INFO_SVCLASS_ID)
 496                        continue;
 497
 498                /* Stop if not enough space to put next UUID */
 499                if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
 500                        truncated = 1;
 501                        break;
 502                }
 503
 504                /* Check for duplicates */
 505                for (i = 0; uuid16_list[i] != 0; i++)
 506                        if (uuid16_list[i] == uuid16)
 507                                break;
 508
 509                if (uuid16_list[i] == 0) {
 510                        uuid16_list[i] = uuid16;
 511                        eir_len += sizeof(u16);
 512                }
 513        }
 514
 515        if (uuid16_list[0] != 0) {
 516                u8 *length = ptr;
 517
 518                /* EIR Data type */
 519                ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
 520
 521                ptr += 2;
 522                eir_len += 2;
 523
 524                for (i = 0; uuid16_list[i] != 0; i++) {
 525                        *ptr++ = (uuid16_list[i] & 0x00ff);
 526                        *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
 527                }
 528
 529                /* EIR Data length */
 530                *length = (i * sizeof(u16)) + 1;
 531        }
 532}
 533
 534static int update_eir(struct hci_dev *hdev)
 535{
 536        struct hci_cp_write_eir cp;
 537
 538        if (!hdev_is_powered(hdev))
 539                return 0;
 540
 541        if (!(hdev->features[6] & LMP_EXT_INQ))
 542                return 0;
 543
 544        if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
 545                return 0;
 546
 547        if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
 548                return 0;
 549
 550        memset(&cp, 0, sizeof(cp));
 551
 552        create_eir(hdev, cp.data);
 553
 554        if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
 555                return 0;
 556
 557        memcpy(hdev->eir, cp.data, sizeof(cp.data));
 558
 559        return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
 560}
 561
 562static u8 get_service_classes(struct hci_dev *hdev)
 563{
 564        struct bt_uuid *uuid;
 565        u8 val = 0;
 566
 567        list_for_each_entry(uuid, &hdev->uuids, list)
 568                val |= uuid->svc_hint;
 569
 570        return val;
 571}
 572
 573static int update_class(struct hci_dev *hdev)
 574{
 575        u8 cod[3];
 576        int err;
 577
 578        BT_DBG("%s", hdev->name);
 579
 580        if (!hdev_is_powered(hdev))
 581                return 0;
 582
 583        if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
 584                return 0;
 585
 586        cod[0] = hdev->minor_class;
 587        cod[1] = hdev->major_class;
 588        cod[2] = get_service_classes(hdev);
 589
 590        if (memcmp(cod, hdev->dev_class, 3) == 0)
 591                return 0;
 592
 593        err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
 594        if (err == 0)
 595                set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
 596
 597        return err;
 598}
 599
 600static void service_cache_off(struct work_struct *work)
 601{
 602        struct hci_dev *hdev = container_of(work, struct hci_dev,
 603                                            service_cache.work);
 604
 605        if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
 606                return;
 607
 608        hci_dev_lock(hdev);
 609
 610        update_eir(hdev);
 611        update_class(hdev);
 612
 613        hci_dev_unlock(hdev);
 614}
 615
 616static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
 617{
 618        if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
 619                return;
 620
 621        INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
 622
 623        /* Non-mgmt controlled devices get this bit set
 624         * implicitly so that pairing works for them, however
 625         * for mgmt we require user-space to explicitly enable
 626         * it
 627         */
 628        clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
 629}
 630
 631static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
 632                                void *data, u16 data_len)
 633{
 634        struct mgmt_rp_read_info rp;
 635
 636        BT_DBG("sock %p %s", sk, hdev->name);
 637
 638        hci_dev_lock(hdev);
 639
 640        memset(&rp, 0, sizeof(rp));
 641
 642        bacpy(&rp.bdaddr, &hdev->bdaddr);
 643
 644        rp.version = hdev->hci_ver;
 645
 646        put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
 647
 648        rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
 649        rp.current_settings = cpu_to_le32(get_current_settings(hdev));
 650
 651        memcpy(rp.dev_class, hdev->dev_class, 3);
 652
 653        memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
 654        memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
 655
 656        hci_dev_unlock(hdev);
 657
 658        return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
 659                            sizeof(rp));
 660}
 661
 662static void mgmt_pending_free(struct pending_cmd *cmd)
 663{
 664        sock_put(cmd->sk);
 665        kfree(cmd->param);
 666        kfree(cmd);
 667}
 668
 669static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
 670                                            struct hci_dev *hdev, void *data,
 671                                            u16 len)
 672{
 673        struct pending_cmd *cmd;
 674
 675        cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
 676        if (!cmd)
 677                return NULL;
 678
 679        cmd->opcode = opcode;
 680        cmd->index = hdev->id;
 681
 682        cmd->param = kmalloc(len, GFP_ATOMIC);
 683        if (!cmd->param) {
 684                kfree(cmd);
 685                return NULL;
 686        }
 687
 688        if (data)
 689                memcpy(cmd->param, data, len);
 690
 691        cmd->sk = sk;
 692        sock_hold(sk);
 693
 694        list_add(&cmd->list, &hdev->mgmt_pending);
 695
 696        return cmd;
 697}
 698
 699static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
 700                                 void (*cb)(struct pending_cmd *cmd, void *data),
 701                                 void *data)
 702{
 703        struct list_head *p, *n;
 704
 705        list_for_each_safe(p, n, &hdev->mgmt_pending) {
 706                struct pending_cmd *cmd;
 707
 708                cmd = list_entry(p, struct pending_cmd, list);
 709
 710                if (opcode > 0 && cmd->opcode != opcode)
 711                        continue;
 712
 713                cb(cmd, data);
 714        }
 715}
 716
 717static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
 718{
 719        struct pending_cmd *cmd;
 720
 721        list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
 722                if (cmd->opcode == opcode)
 723                        return cmd;
 724        }
 725
 726        return NULL;
 727}
 728
 729static void mgmt_pending_remove(struct pending_cmd *cmd)
 730{
 731        list_del(&cmd->list);
 732        mgmt_pending_free(cmd);
 733}
 734
 735static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
 736{
 737        __le32 settings = cpu_to_le32(get_current_settings(hdev));
 738
 739        return cmd_complete(sk, hdev->id, opcode, 0, &settings,
 740                            sizeof(settings));
 741}
 742
 743static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
 744                       u16 len)
 745{
 746        struct mgmt_mode *cp = data;
 747        struct pending_cmd *cmd;
 748        int err;
 749
 750        BT_DBG("request for %s", hdev->name);
 751
 752        hci_dev_lock(hdev);
 753
 754        if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
 755                cancel_delayed_work(&hdev->power_off);
 756
 757                if (cp->val) {
 758                        err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
 759                        mgmt_powered(hdev, 1);
 760                        goto failed;
 761                }
 762        }
 763
 764        if (!!cp->val == hdev_is_powered(hdev)) {
 765                err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
 766                goto failed;
 767        }
 768
 769        if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
 770                err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
 771                                 MGMT_STATUS_BUSY);
 772                goto failed;
 773        }
 774
 775        cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
 776        if (!cmd) {
 777                err = -ENOMEM;
 778                goto failed;
 779        }
 780
 781        if (cp->val)
 782                schedule_work(&hdev->power_on);
 783        else
 784                schedule_work(&hdev->power_off.work);
 785
 786        err = 0;
 787
 788failed:
 789        hci_dev_unlock(hdev);
 790        return err;
 791}
 792
 793static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
 794                      struct sock *skip_sk)
 795{
 796        struct sk_buff *skb;
 797        struct mgmt_hdr *hdr;
 798
 799        skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
 800        if (!skb)
 801                return -ENOMEM;
 802
 803        hdr = (void *) skb_put(skb, sizeof(*hdr));
 804        hdr->opcode = cpu_to_le16(event);
 805        if (hdev)
 806                hdr->index = cpu_to_le16(hdev->id);
 807        else
 808                hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
 809        hdr->len = cpu_to_le16(data_len);
 810
 811        if (data)
 812                memcpy(skb_put(skb, data_len), data, data_len);
 813
 814        /* Time stamp */
 815        __net_timestamp(skb);
 816
 817        hci_send_to_control(skb, skip_sk);
 818        kfree_skb(skb);
 819
 820        return 0;
 821}
 822
 823static int new_settings(struct hci_dev *hdev, struct sock *skip)
 824{
 825        __le32 ev;
 826
 827        ev = cpu_to_le32(get_current_settings(hdev));
 828
 829        return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
 830}
 831
 832static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
 833                            u16 len)
 834{
 835        struct mgmt_cp_set_discoverable *cp = data;
 836        struct pending_cmd *cmd;
 837        u16 timeout;
 838        u8 scan;
 839        int err;
 840
 841        BT_DBG("request for %s", hdev->name);
 842
 843        timeout = get_unaligned_le16(&cp->timeout);
 844        if (!cp->val && timeout > 0)
 845                return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 846                                  MGMT_STATUS_INVALID_PARAMS);
 847
 848        hci_dev_lock(hdev);
 849
 850        if (!hdev_is_powered(hdev) && timeout > 0) {
 851                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 852                                 MGMT_STATUS_NOT_POWERED);
 853                goto failed;
 854        }
 855
 856        if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
 857                        mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
 858                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 859                                 MGMT_STATUS_BUSY);
 860                goto failed;
 861        }
 862
 863        if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
 864                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
 865                                 MGMT_STATUS_REJECTED);
 866                goto failed;
 867        }
 868
 869        if (!hdev_is_powered(hdev)) {
 870                bool changed = false;
 871
 872                if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
 873                        change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
 874                        changed = true;
 875                }
 876
 877                err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
 878                if (err < 0)
 879                        goto failed;
 880
 881                if (changed)
 882                        err = new_settings(hdev, sk);
 883
 884                goto failed;
 885        }
 886
 887        if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
 888                if (hdev->discov_timeout > 0) {
 889                        cancel_delayed_work(&hdev->discov_off);
 890                        hdev->discov_timeout = 0;
 891                }
 892
 893                if (cp->val && timeout > 0) {
 894                        hdev->discov_timeout = timeout;
 895                        queue_delayed_work(hdev->workqueue, &hdev->discov_off,
 896                                msecs_to_jiffies(hdev->discov_timeout * 1000));
 897                }
 898
 899                err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
 900                goto failed;
 901        }
 902
 903        cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
 904        if (!cmd) {
 905                err = -ENOMEM;
 906                goto failed;
 907        }
 908
 909        scan = SCAN_PAGE;
 910
 911        if (cp->val)
 912                scan |= SCAN_INQUIRY;
 913        else
 914                cancel_delayed_work(&hdev->discov_off);
 915
 916        err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
 917        if (err < 0)
 918                mgmt_pending_remove(cmd);
 919
 920        if (cp->val)
 921                hdev->discov_timeout = timeout;
 922
 923failed:
 924        hci_dev_unlock(hdev);
 925        return err;
 926}
 927
 928static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
 929                           u16 len)
 930{
 931        struct mgmt_mode *cp = data;
 932        struct pending_cmd *cmd;
 933        u8 scan;
 934        int err;
 935
 936        BT_DBG("request for %s", hdev->name);
 937
 938        hci_dev_lock(hdev);
 939
 940        if (!hdev_is_powered(hdev)) {
 941                bool changed = false;
 942
 943                if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
 944                        changed = true;
 945
 946                if (cp->val) {
 947                        set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
 948                } else {
 949                        clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
 950                        clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
 951                }
 952
 953                err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
 954                if (err < 0)
 955                        goto failed;
 956
 957                if (changed)
 958                        err = new_settings(hdev, sk);
 959
 960                goto failed;
 961        }
 962
 963        if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
 964                        mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
 965                err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
 966                                 MGMT_STATUS_BUSY);
 967                goto failed;
 968        }
 969
 970        if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
 971                err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
 972                goto failed;
 973        }
 974
 975        cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
 976        if (!cmd) {
 977                err = -ENOMEM;
 978                goto failed;
 979        }
 980
 981        if (cp->val) {
 982                scan = SCAN_PAGE;
 983        } else {
 984                scan = 0;
 985
 986                if (test_bit(HCI_ISCAN, &hdev->flags) &&
 987                                                hdev->discov_timeout > 0)
 988                        cancel_delayed_work(&hdev->discov_off);
 989        }
 990
 991        err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
 992        if (err < 0)
 993                mgmt_pending_remove(cmd);
 994
 995failed:
 996        hci_dev_unlock(hdev);
 997        return err;
 998}
 999
1000static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,

1001                        u16 len)
1002{
1003        struct mgmt_mode *cp = data;
1004        int err;
1005
1006        BT_DBG("request for %s", hdev->name);
1007
1008        hci_dev_lock(hdev);
1009
1010        if (cp->val)
1011                set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1012        else
1013                clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1014
1015        err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1016        if (err < 0)
1017                goto failed;
1018
1019        err = new_settings(hdev, sk);
1020
1021failed:
1022        hci_dev_unlock(hdev);
1023        return err;
1024}
1025
1026static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1027                             u16 len)
1028{
1029        struct mgmt_mode *cp = data;
1030        struct pending_cmd *cmd;
1031        u8 val;
1032        int err;
1033
1034        BT_DBG("request for %s", hdev->name);
1035
1036        hci_dev_lock(hdev);
1037
1038        if (!hdev_is_powered(hdev)) {
1039                bool changed = false;
1040
1041                if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1042                                                        &hdev->dev_flags)) {
1043                        change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1044                        changed = true;
1045                }
1046
1047                err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1048                if (err < 0)
1049                        goto failed;
1050
1051                if (changed)
1052                        err = new_settings(hdev, sk);
1053
1054                goto failed;
1055        }
1056
1057        if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1058                err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1059                                 MGMT_STATUS_BUSY);
1060                goto failed;
1061        }
1062
1063        val = !!cp->val;
1064
1065        if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1066                err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1067                goto failed;
1068        }
1069
1070        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1071        if (!cmd) {
1072                err = -ENOMEM;
1073                goto failed;
1074        }
1075
1076        err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1077        if (err < 0) {
1078                mgmt_pending_remove(cmd);
1079                goto failed;
1080        }
1081
1082failed:
1083        hci_dev_unlock(hdev);
1084        return err;
1085}
1086
1087static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1088{
1089        struct mgmt_mode *cp = data;
1090        struct pending_cmd *cmd;
1091        u8 val;
1092        int err;
1093
1094        BT_DBG("request for %s", hdev->name);
1095
1096        hci_dev_lock(hdev);
1097
1098        if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1099                err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1100                                 MGMT_STATUS_NOT_SUPPORTED);
1101                goto failed;
1102        }
1103
1104        val = !!cp->val;
1105
1106        if (!hdev_is_powered(hdev)) {
1107                bool changed = false;
1108
1109                if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1110                        change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1111                        changed = true;
1112                }
1113
1114                err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1115                if (err < 0)
1116                        goto failed;
1117
1118                if (changed)
1119                        err = new_settings(hdev, sk);
1120
1121                goto failed;
1122        }
1123
1124        if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1125             err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1126                              MGMT_STATUS_BUSY);
1127                goto failed;
1128        }
1129
1130        if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1131                err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1132                goto failed;
1133        }
1134
1135        cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1136        if (!cmd) {
1137                err = -ENOMEM;
1138                goto failed;
1139        }
1140
1141        err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1142        if (err < 0) {
1143                mgmt_pending_remove(cmd);
1144                goto failed;
1145        }
1146
1147failed:
1148        hci_dev_unlock(hdev);
1149        return err;
1150}
1151
1152static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1153{
1154        struct mgmt_mode *cp = data;
1155
1156        BT_DBG("request for %s", hdev->name);
1157
1158        if (!enable_hs)
1159                return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1160                                  MGMT_STATUS_NOT_SUPPORTED);
1161
1162        if (cp->val)
1163                set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1164        else
1165                clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1166
1167        return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1168}
1169
1170static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1171{
1172        struct mgmt_mode *cp = data;
1173        struct hci_cp_write_le_host_supported hci_cp;
1174        struct pending_cmd *cmd;
1175        int err;
1176        u8 val, enabled;
1177
1178        BT_DBG("request for %s", hdev->name);
1179
1180        hci_dev_lock(hdev);
1181
1182        if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1183                err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1184                                 MGMT_STATUS_NOT_SUPPORTED);
1185                goto unlock;
1186        }
1187
1188        val = !!cp->val;
1189        enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1190
1191        if (!hdev_is_powered(hdev) || val == enabled) {
1192                bool changed = false;
1193
1194                if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1195                        change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1196                        changed = true;
1197                }
1198
1199                err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1200                if (err < 0)
1201                        goto unlock;
1202
1203                if (changed)
1204                        err = new_settings(hdev, sk);
1205
1206                goto unlock;
1207        }
1208
1209        if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1210                err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1211                                 MGMT_STATUS_BUSY);
1212                goto unlock;
1213        }
1214
1215        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1216        if (!cmd) {
1217                err = -ENOMEM;
1218                goto unlock;
1219        }
1220
1221        memset(&hci_cp, 0, sizeof(hci_cp));
1222
1223        if (val) {
1224                hci_cp.le = val;
1225                hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1226        }
1227
1228        err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1229                           &hci_cp);
1230        if (err < 0) {
1231                mgmt_pending_remove(cmd);
1232                goto unlock;
1233        }
1234
1235unlock:
1236        hci_dev_unlock(hdev);
1237        return err;
1238}
1239
1240static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1241{
1242        struct mgmt_cp_add_uuid *cp = data;
1243        struct pending_cmd *cmd;
1244        struct bt_uuid *uuid;
1245        int err;
1246
1247        BT_DBG("request for %s", hdev->name);
1248
1249        hci_dev_lock(hdev);
1250
1251        if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1252                err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1253                                 MGMT_STATUS_BUSY);
1254                goto failed;
1255        }
1256
1257        uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1258        if (!uuid) {
1259                err = -ENOMEM;
1260                goto failed;
1261        }
1262
1263        memcpy(uuid->uuid, cp->uuid, 16);
1264        uuid->svc_hint = cp->svc_hint;
1265
1266        list_add(&uuid->list, &hdev->uuids);
1267
1268        err = update_class(hdev);
1269        if (err < 0)
1270                goto failed;
1271
1272        err = update_eir(hdev);
1273        if (err < 0)
1274                goto failed;
1275
1276        if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1277                err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1278                                   hdev->dev_class, 3);
1279                goto failed;
1280        }
1281
1282        cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1283        if (!cmd) {
1284                err = -ENOMEM;
1285                goto failed;
1286        }
1287
1288failed:
1289        hci_dev_unlock(hdev);
1290        return err;
1291}
1292
1293static bool enable_service_cache(struct hci_dev *hdev)
1294{
1295        if (!hdev_is_powered(hdev))
1296                return false;
1297
1298        if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1299                schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1300                return true;
1301        }
1302
1303        return false;
1304}
1305
1306static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1307                                                                u16 len)
1308{
1309        struct mgmt_cp_remove_uuid *cp = data;
1310        struct pending_cmd *cmd;
1311        struct list_head *p, *n;
1312        u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1313        int err, found;
1314
1315        BT_DBG("request for %s", hdev->name);
1316
1317        hci_dev_lock(hdev);
1318
1319        if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1320                err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1321                                 MGMT_STATUS_BUSY);
1322                goto unlock;
1323        }
1324
1325        if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1326                err = hci_uuids_clear(hdev);
1327
1328                if (enable_service_cache(hdev)) {
1329                        err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1330                                           0, hdev->dev_class, 3);
1331                        goto unlock;
1332                }
1333
1334                goto update_class;
1335        }
1336
1337        found = 0;
1338
1339        list_for_each_safe(p, n, &hdev->uuids) {
1340                struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1341
1342                if (memcmp(match->uuid, cp->uuid, 16) != 0)
1343                        continue;
1344
1345                list_del(&match->list);
1346                found++;
1347        }
1348
1349        if (found == 0) {
1350                err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1351                                 MGMT_STATUS_INVALID_PARAMS);
1352                goto unlock;
1353        }
1354
1355update_class:
1356        err = update_class(hdev);
1357        if (err < 0)
1358                goto unlock;
1359
1360        err = update_eir(hdev);
1361        if (err < 0)
1362                goto unlock;
1363
1364        if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1365                err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1366                                   hdev->dev_class, 3);
1367                goto unlock;
1368        }
1369
1370        cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1371        if (!cmd) {
1372                err = -ENOMEM;
1373                goto unlock;
1374        }
1375
1376unlock:
1377        hci_dev_unlock(hdev);
1378        return err;
1379}
1380
1381static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1382                         u16 len)
1383{
1384        struct mgmt_cp_set_dev_class *cp = data;
1385        struct pending_cmd *cmd;
1386        int err;
1387
1388        BT_DBG("request for %s", hdev->name);
1389
1390        hci_dev_lock(hdev);
1391
1392        if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1393                err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1394                                 MGMT_STATUS_BUSY);
1395                goto unlock;
1396        }
1397
1398        hdev->major_class = cp->major;
1399        hdev->minor_class = cp->minor;
1400
1401        if (!hdev_is_powered(hdev)) {
1402                err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1403                                   hdev->dev_class, 3);
1404                goto unlock;
1405        }
1406
1407        if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1408                hci_dev_unlock(hdev);
1409                cancel_delayed_work_sync(&hdev->service_cache);
1410                hci_dev_lock(hdev);
1411                update_eir(hdev);
1412        }
1413
1414        err = update_class(hdev);
1415        if (err < 0)
1416                goto unlock;
1417
1418        if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1419                err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1420                                   hdev->dev_class, 3);
1421                goto unlock;
1422        }
1423
1424        cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1425        if (!cmd) {
1426                err = -ENOMEM;
1427                goto unlock;
1428        }
1429
1430unlock:
1431        hci_dev_unlock(hdev);
1432        return err;
1433}
1434
1435static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1436                                                                u16 len)
1437{
1438        struct mgmt_cp_load_link_keys *cp = data;
1439        u16 key_count, expected_len;
1440        int i;
1441
1442        key_count = get_unaligned_le16(&cp->key_count);
1443
1444        expected_len = sizeof(*cp) + key_count *
1445                                        sizeof(struct mgmt_link_key_info);
1446        if (expected_len != len) {
1447                BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1448                                                        len, expected_len);
1449                return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1450                                  MGMT_STATUS_INVALID_PARAMS);
1451        }
1452
1453        BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1454                                                                key_count);
1455
1456        hci_dev_lock(hdev);
1457
1458        hci_link_keys_clear(hdev);
1459
1460        set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1461
1462        if (cp->debug_keys)
1463                set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1464        else
1465                clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1466
1467        for (i = 0; i < key_count; i++) {
1468                struct mgmt_link_key_info *key = &cp->keys[i];
1469
1470                hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1471                                 key->type, key->pin_len);
1472        }
1473
1474        cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1475
1476        hci_dev_unlock(hdev);
1477
1478        return 0;
1479}
1480
1481static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1482                           u8 addr_type, struct sock *skip_sk)
1483{
1484        struct mgmt_ev_device_unpaired ev;
1485
1486        bacpy(&ev.addr.bdaddr, bdaddr);
1487        ev.addr.type = addr_type;
1488
1489        return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1490                          skip_sk);
1491}
1492
1493static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1494                         u16 len)
1495{
1496        struct mgmt_cp_unpair_device *cp = data;
1497        struct mgmt_rp_unpair_device rp;
1498        struct hci_cp_disconnect dc;
1499        struct pending_cmd *cmd;
1500        struct hci_conn *conn;
1501        int err;
1502
1503        hci_dev_lock(hdev);
1504
1505        memset(&rp, 0, sizeof(rp));
1506        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1507        rp.addr.type = cp->addr.type;
1508
1509        if (!hdev_is_powered(hdev)) {
1510                err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1511                                   MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1512                goto unlock;
1513        }
1514
1515        if (cp->addr.type == MGMT_ADDR_BREDR)
1516                err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1517        else
1518                err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1519
1520        if (err < 0) {
1521                err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1522                                   MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1523                goto unlock;
1524        }
1525
1526        if (cp->disconnect) {
1527                if (cp->addr.type == MGMT_ADDR_BREDR)
1528                        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1529                                                        &cp->addr.bdaddr);
1530                else
1531                        conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1532                                                        &cp->addr.bdaddr);
1533        } else {
1534                conn = NULL;
1535        }
1536
1537        if (!conn) {
1538                err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1539                                   &rp, sizeof(rp));
1540                device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1541                goto unlock;
1542        }
1543
1544        cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1545                               sizeof(*cp));
1546        if (!cmd) {
1547                err = -ENOMEM;
1548                goto unlock;
1549        }
1550
1551        put_unaligned_le16(conn->handle, &dc.handle);
1552        dc.reason = 0x13; /* Remote User Terminated Connection */
1553        err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1554        if (err < 0)
1555                mgmt_pending_remove(cmd);
1556
1557unlock:
1558        hci_dev_unlock(hdev);
1559        return err;
1560}
1561
1562static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1563                      u16 len)
1564{
1565        struct mgmt_cp_disconnect *cp = data;
1566        struct hci_cp_disconnect dc;
1567        struct pending_cmd *cmd;
1568        struct hci_conn *conn;
1569        int err;
1570
1571        BT_DBG("");
1572
1573        hci_dev_lock(hdev);
1574
1575        if (!test_bit(HCI_UP, &hdev->flags)) {
1576                err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1577                                 MGMT_STATUS_NOT_POWERED);
1578                goto failed;
1579        }
1580
1581        if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1582                err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1583                                 MGMT_STATUS_BUSY);
1584                goto failed;
1585        }
1586
1587        if (cp->addr.type == MGMT_ADDR_BREDR)
1588                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1589        else
1590                conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1591
1592        if (!conn) {
1593                err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1594                                 MGMT_STATUS_NOT_CONNECTED);
1595                goto failed;
1596        }
1597
1598        cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1599        if (!cmd) {
1600                err = -ENOMEM;
1601                goto failed;
1602        }
1603
1604        put_unaligned_le16(conn->handle, &dc.handle);
1605        dc.reason = 0x13; /* Remote User Terminated Connection */
1606
1607        err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1608        if (err < 0)
1609                mgmt_pending_remove(cmd);
1610
1611failed:
1612        hci_dev_unlock(hdev);
1613        return err;
1614}
1615
1616static u8 link_to_mgmt(u8 link_type, u8 addr_type)
1617{
1618        switch (link_type) {
1619        case LE_LINK:
1620                switch (addr_type) {
1621                case ADDR_LE_DEV_PUBLIC:
1622                        return MGMT_ADDR_LE_PUBLIC;
1623                case ADDR_LE_DEV_RANDOM:
1624                        return MGMT_ADDR_LE_RANDOM;
1625                default:
1626                        return MGMT_ADDR_INVALID;
1627                }
1628        case ACL_LINK:
1629                return MGMT_ADDR_BREDR;
1630        default:
1631                return MGMT_ADDR_INVALID;
1632        }
1633}
1634
1635static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1636                           u16 data_len)
1637{
1638        struct mgmt_rp_get_connections *rp;
1639        struct hci_conn *c;
1640        size_t rp_len;
1641        int err;
1642        u16 i;
1643
1644        BT_DBG("");
1645
1646        hci_dev_lock(hdev);
1647
1648        if (!hdev_is_powered(hdev)) {
1649                err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1650                                 MGMT_STATUS_NOT_POWERED);
1651                goto unlock;
1652        }
1653
1654        i = 0;
1655        list_for_each_entry(c, &hdev->conn_hash.list, list) {
1656                if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1657                        i++;
1658        }
1659
1660        rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1661        rp = kmalloc(rp_len, GFP_ATOMIC);
1662        if (!rp) {
1663                err = -ENOMEM;
1664                goto unlock;
1665        }
1666
1667        i = 0;
1668        list_for_each_entry(c, &hdev->conn_hash.list, list) {
1669                if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1670                        continue;
1671                bacpy(&rp->addr[i].bdaddr, &c->dst);
1672                rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
1673                if (rp->addr[i].type == MGMT_ADDR_INVALID)
1674                        continue;
1675                i++;
1676        }
1677
1678        put_unaligned_le16(i, &rp->conn_count);
1679
1680        /* Recalculate length in case of filtered SCO connections, etc */
1681        rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1682
1683        err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1684                           rp_len);
1685
1686        kfree(rp);
1687
1688unlock:
1689        hci_dev_unlock(hdev);
1690        return err;
1691}
1692
1693static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1694                                   struct mgmt_cp_pin_code_neg_reply *cp)
1695{
1696        struct pending_cmd *cmd;
1697        int err;
1698
1699        cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1700                               sizeof(*cp));
1701        if (!cmd)
1702                return -ENOMEM;
1703
1704        err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1705                           sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1706        if (err < 0)
1707                mgmt_pending_remove(cmd);
1708
1709        return err;
1710}
1711
1712static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1713                          u16 len)
1714{
1715        struct hci_conn *conn;
1716        struct mgmt_cp_pin_code_reply *cp = data;
1717        struct hci_cp_pin_code_reply reply;
1718        struct pending_cmd *cmd;
1719        int err;
1720
1721        BT_DBG("");
1722
1723        hci_dev_lock(hdev);
1724
1725        if (!hdev_is_powered(hdev)) {
1726                err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1727                                 MGMT_STATUS_NOT_POWERED);
1728                goto failed;
1729        }
1730
1731        conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1732        if (!conn) {
1733                err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1734                                 MGMT_STATUS_NOT_CONNECTED);
1735                goto failed;
1736        }
1737
1738        if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1739                struct mgmt_cp_pin_code_neg_reply ncp;
1740
1741                memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1742
1743                BT_ERR("PIN code is not 16 bytes long");
1744
1745                err = send_pin_code_neg_reply(sk, hdev, &ncp);
1746                if (err >= 0)
1747                        err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1748                                         MGMT_STATUS_INVALID_PARAMS);
1749
1750                goto failed;
1751        }
1752
1753        cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1754        if (!cmd) {
1755                err = -ENOMEM;
1756                goto failed;
1757        }
1758
1759        bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1760        reply.pin_len = cp->pin_len;
1761        memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1762
1763        err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1764        if (err < 0)
1765                mgmt_pending_remove(cmd);
1766
1767failed:
1768        hci_dev_unlock(hdev);
1769        return err;
1770}
1771
1772static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1773                              void *data, u16 len)
1774{
1775        struct mgmt_cp_pin_code_neg_reply *cp = data;
1776        int err;
1777
1778        BT_DBG("");
1779
1780        hci_dev_lock(hdev);
1781
1782        if (!hdev_is_powered(hdev)) {
1783                err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1784                                 MGMT_STATUS_NOT_POWERED);
1785                goto failed;
1786        }
1787
1788        err = send_pin_code_neg_reply(sk, hdev, cp);
1789
1790failed:
1791        hci_dev_unlock(hdev);
1792        return err;
1793}
1794
1795static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1796                             u16 len)
1797{
1798        struct mgmt_cp_set_io_capability *cp = data;
1799
1800        BT_DBG("");
1801
1802        hci_dev_lock(hdev);
1803
1804        hdev->io_capability = cp->io_capability;
1805
1806        BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1807                                                        hdev->io_capability);
1808
1809        hci_dev_unlock(hdev);
1810
1811        return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1812                            0);
1813}
1814
1815static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1816{
1817        struct hci_dev *hdev = conn->hdev;
1818        struct pending_cmd *cmd;
1819
1820        list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1821                if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1822                        continue;
1823
1824                if (cmd->user_data != conn)
1825                        continue;
1826
1827                return cmd;
1828        }
1829
1830        return NULL;
1831}
1832
1833static void pairing_complete(struct pending_cmd *cmd, u8 status)
1834{
1835        struct mgmt_rp_pair_device rp;
1836        struct hci_conn *conn = cmd->user_data;
1837
1838        bacpy(&rp.addr.bdaddr, &conn->dst);
1839        rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
1840
1841        cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1842                     &rp, sizeof(rp));
1843
1844        /* So we don't get further callbacks for this connection */
1845        conn->connect_cfm_cb = NULL;
1846        conn->security_cfm_cb = NULL;
1847        conn->disconn_cfm_cb = NULL;
1848
1849        hci_conn_put(conn);
1850
1851        mgmt_pending_remove(cmd);
1852}
1853
1854static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1855{
1856        struct pending_cmd *cmd;
1857
1858        BT_DBG("status %u", status);
1859
1860        cmd = find_pairing(conn);
1861        if (!cmd)
1862                BT_DBG("Unable to find a pending command");
1863        else
1864                pairing_complete(cmd, mgmt_status(status));
1865}
1866
1867static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1868                       u16 len)
1869{
1870        struct mgmt_cp_pair_device *cp = data;
1871        struct mgmt_rp_pair_device rp;
1872        struct pending_cmd *cmd;
1873        u8 sec_level, auth_type;
1874        struct hci_conn *conn;
1875        int err;
1876
1877        BT_DBG("");
1878
1879        hci_dev_lock(hdev);
1880
1881        if (!hdev_is_powered(hdev)) {
1882                err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1883                                 MGMT_STATUS_NOT_POWERED);
1884                goto unlock;
1885        }
1886
1887        sec_level = BT_SECURITY_MEDIUM;
1888        if (cp->io_cap == 0x03)
1889                auth_type = HCI_AT_DEDICATED_BONDING;
1890        else
1891                auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1892
1893        if (cp->addr.type == MGMT_ADDR_BREDR)
1894                conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
1895                                   auth_type);
1896        else
1897                conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
1898                                   auth_type);
1899
1900        memset(&rp, 0, sizeof(rp));
1901        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1902        rp.addr.type = cp->addr.type;
1903
1904        if (IS_ERR(conn)) {
1905                err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1906                                   MGMT_STATUS_CONNECT_FAILED, &rp,
1907                                   sizeof(rp));
1908                goto unlock;
1909        }
1910
1911        if (conn->connect_cfm_cb) {
1912                hci_conn_put(conn);
1913                err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1914                                   MGMT_STATUS_BUSY, &rp, sizeof(rp));
1915                goto unlock;
1916        }
1917
1918        cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1919        if (!cmd) {
1920                err = -ENOMEM;
1921                hci_conn_put(conn);
1922                goto unlock;
1923        }
1924
1925        /* For LE, just connecting isn't a proof that the pairing finished */
1926        if (cp->addr.type == MGMT_ADDR_BREDR)
1927                conn->connect_cfm_cb = pairing_complete_cb;
1928
1929        conn->security_cfm_cb = pairing_complete_cb;
1930        conn->disconn_cfm_cb = pairing_complete_cb;
1931        conn->io_capability = cp->io_cap;
1932        cmd->user_data = conn;
1933
1934        if (conn->state == BT_CONNECTED &&
1935                                hci_conn_security(conn, sec_level, auth_type))
1936                pairing_complete(cmd, 0);
1937
1938        err = 0;
1939
1940unlock:
1941        hci_dev_unlock(hdev);
1942        return err;
1943}
1944
1945static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1946                              u16 len)
1947{
1948        struct mgmt_addr_info *addr = data;
1949        struct pending_cmd *cmd;
1950        struct hci_conn *conn;
1951        int err;
1952
1953        BT_DBG("");
1954
1955        hci_dev_lock(hdev);
1956
1957        if (!hdev_is_powered(hdev)) {
1958                err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1959                                 MGMT_STATUS_NOT_POWERED);
1960                goto unlock;
1961        }
1962
1963        cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1964        if (!cmd) {
1965                err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1966                                 MGMT_STATUS_INVALID_PARAMS);
1967                goto unlock;
1968        }
1969
1970        conn = cmd->user_data;
1971
1972        if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
1973                err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1974                                 MGMT_STATUS_INVALID_PARAMS);
1975                goto unlock;
1976        }
1977
1978        pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1979
1980        err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1981                           addr, sizeof(*addr));
1982unlock:
1983        hci_dev_unlock(hdev);
1984        return err;
1985}
1986
1987static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1988                             bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
1989                             u16 hci_op, __le32 passkey)
1990{
1991        struct pending_cmd *cmd;
1992        struct hci_conn *conn;
1993        int err;
1994
1995        hci_dev_lock(hdev);
1996
1997        if (!hdev_is_powered(hdev)) {
1998                err = cmd_status(sk, hdev->id, mgmt_op,
1999                                 MGMT_STATUS_NOT_POWERED);
2000                goto done;

2001        }
2002
2003        if (type == MGMT_ADDR_BREDR)
2004                conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2005        else
2006                conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2007
2008        if (!conn) {
2009                err = cmd_status(sk, hdev->id, mgmt_op,
2010                                 MGMT_STATUS_NOT_CONNECTED);
2011                goto done;
2012        }
2013
2014        if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
2015                /* Continue with pairing via SMP */
2016                err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2017
2018                if (!err)
2019                        err = cmd_status(sk, hdev->id, mgmt_op,
2020                                         MGMT_STATUS_SUCCESS);
2021                else
2022                        err = cmd_status(sk, hdev->id, mgmt_op,
2023                                         MGMT_STATUS_FAILED);
2024
2025                goto done;
2026        }
2027
2028        cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2029        if (!cmd) {
2030                err = -ENOMEM;
2031                goto done;
2032        }
2033
2034        /* Continue with pairing via HCI */
2035        if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2036                struct hci_cp_user_passkey_reply cp;
2037
2038                bacpy(&cp.bdaddr, bdaddr);
2039                cp.passkey = passkey;
2040                err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2041        } else
2042                err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2043
2044        if (err < 0)
2045                mgmt_pending_remove(cmd);
2046
2047done:
2048        hci_dev_unlock(hdev);
2049        return err;
2050}
2051
2052static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2053                              u16 len)
2054{
2055        struct mgmt_cp_user_confirm_reply *cp = data;
2056
2057        BT_DBG("");
2058
2059        if (len != sizeof(*cp))
2060                return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2061                                  MGMT_STATUS_INVALID_PARAMS);
2062
2063        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2064                                 MGMT_OP_USER_CONFIRM_REPLY,
2065                                 HCI_OP_USER_CONFIRM_REPLY, 0);
2066}
2067
2068static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2069                                  void *data, u16 len)
2070{
2071        struct mgmt_cp_user_confirm_neg_reply *cp = data;
2072
2073        BT_DBG("");
2074
2075        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2076                                 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2077                                 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2078}
2079
2080static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2081                              u16 len)
2082{
2083        struct mgmt_cp_user_passkey_reply *cp = data;
2084
2085        BT_DBG("");
2086
2087        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2088                                 MGMT_OP_USER_PASSKEY_REPLY,
2089                                 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2090}
2091
2092static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2093                                  void *data, u16 len)
2094{
2095        struct mgmt_cp_user_passkey_neg_reply *cp = data;
2096
2097        BT_DBG("");
2098
2099        return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2100                                 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2101                                 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2102}
2103
2104static int update_name(struct hci_dev *hdev, const char *name)
2105{
2106        struct hci_cp_write_local_name cp;
2107
2108        memcpy(cp.name, name, sizeof(cp.name));
2109
2110        return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2111}
2112
2113static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2114                          u16 len)
2115{
2116        struct mgmt_cp_set_local_name *cp = data;
2117        struct pending_cmd *cmd;
2118        int err;
2119
2120        BT_DBG("");
2121
2122        hci_dev_lock(hdev);
2123
2124        memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2125
2126        if (!hdev_is_powered(hdev)) {
2127                memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2128
2129                err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2130                                   data, len);
2131                if (err < 0)
2132                        goto failed;
2133
2134                err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2135                                 sk);
2136
2137                goto failed;
2138        }
2139
2140        cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2141        if (!cmd) {
2142                err = -ENOMEM;
2143                goto failed;
2144        }
2145
2146        err = update_name(hdev, cp->name);
2147        if (err < 0)
2148                mgmt_pending_remove(cmd);
2149
2150failed:
2151        hci_dev_unlock(hdev);
2152        return err;
2153}
2154
2155static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2156                               void *data, u16 data_len)
2157{
2158        struct pending_cmd *cmd;
2159        int err;
2160
2161        BT_DBG("%s", hdev->name);
2162
2163        hci_dev_lock(hdev);
2164
2165        if (!hdev_is_powered(hdev)) {
2166                err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2167                                 MGMT_STATUS_NOT_POWERED);
2168                goto unlock;
2169        }
2170
2171        if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2172                err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2173                                 MGMT_STATUS_NOT_SUPPORTED);
2174                goto unlock;
2175        }
2176
2177        if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2178                err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2179                                 MGMT_STATUS_BUSY);
2180                goto unlock;
2181        }
2182
2183        cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2184        if (!cmd) {
2185                err = -ENOMEM;
2186                goto unlock;
2187        }
2188
2189        err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2190        if (err < 0)
2191                mgmt_pending_remove(cmd);
2192
2193unlock:
2194        hci_dev_unlock(hdev);
2195        return err;
2196}
2197
2198static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2199                               void *data, u16 len)
2200{
2201        struct mgmt_cp_add_remote_oob_data *cp = data;
2202        u8 status;
2203        int err;
2204
2205        BT_DBG("%s ", hdev->name);
2206
2207        hci_dev_lock(hdev);
2208
2209        if (!hdev_is_powered(hdev)) {
2210                err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2211                                   MGMT_STATUS_NOT_POWERED, &cp->addr,
2212                                   sizeof(cp->addr));
2213                goto unlock;
2214        }
2215
2216        err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2217                                      cp->randomizer);
2218        if (err < 0)
2219                status = MGMT_STATUS_FAILED;
2220        else
2221                status = 0;
2222
2223        err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2224                           &cp->addr, sizeof(cp->addr));
2225
2226unlock:
2227        hci_dev_unlock(hdev);
2228        return err;
2229}
2230
2231static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2232                                                void *data, u16 len)
2233{
2234        struct mgmt_cp_remove_remote_oob_data *cp = data;
2235        u8 status;
2236        int err;
2237
2238        BT_DBG("%s", hdev->name);
2239
2240        hci_dev_lock(hdev);
2241
2242        if (!hdev_is_powered(hdev)) {
2243                err = cmd_complete(sk, hdev->id,
2244                                   MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2245                                   MGMT_STATUS_NOT_POWERED, &cp->addr,
2246                                   sizeof(cp->addr));
2247                goto unlock;
2248        }
2249
2250        err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2251        if (err < 0)
2252                status = MGMT_STATUS_INVALID_PARAMS;
2253        else
2254                status = 0;
2255
2256        err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2257                           status, &cp->addr, sizeof(cp->addr));
2258
2259unlock:
2260        hci_dev_unlock(hdev);
2261        return err;
2262}
2263
2264int mgmt_interleaved_discovery(struct hci_dev *hdev)
2265{
2266        int err;
2267
2268        BT_DBG("%s", hdev->name);
2269
2270        hci_dev_lock(hdev);
2271
2272        err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2273        if (err < 0)
2274                hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2275
2276        hci_dev_unlock(hdev);
2277
2278        return err;
2279}
2280
2281static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2282                           void *data, u16 len)
2283{
2284        struct mgmt_cp_start_discovery *cp = data;
2285        struct pending_cmd *cmd;
2286        int err;
2287
2288        BT_DBG("%s", hdev->name);
2289
2290        hci_dev_lock(hdev);
2291
2292        if (!hdev_is_powered(hdev)) {
2293                err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2294                                 MGMT_STATUS_NOT_POWERED);
2295                goto failed;
2296        }
2297
2298        if (hdev->discovery.state != DISCOVERY_STOPPED) {
2299                err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2300                                 MGMT_STATUS_BUSY);
2301                goto failed;
2302        }
2303
2304        cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2305        if (!cmd) {
2306                err = -ENOMEM;
2307                goto failed;
2308        }
2309
2310        hdev->discovery.type = cp->type;
2311
2312        switch (hdev->discovery.type) {
2313        case DISCOV_TYPE_BREDR:
2314                if (lmp_bredr_capable(hdev))
2315                        err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2316                else
2317                        err = -ENOTSUPP;
2318                break;
2319
2320        case DISCOV_TYPE_LE:
2321                if (lmp_host_le_capable(hdev))
2322                        err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2323                                          LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2324                else
2325                        err = -ENOTSUPP;
2326                break;
2327
2328        case DISCOV_TYPE_INTERLEAVED:
2329                if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2330                        err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2331                                          LE_SCAN_WIN,
2332                                          LE_SCAN_TIMEOUT_BREDR_LE);
2333                else
2334                        err = -ENOTSUPP;
2335                break;
2336
2337        default:
2338                err = -EINVAL;
2339        }
2340
2341        if (err < 0)
2342                mgmt_pending_remove(cmd);
2343        else
2344                hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2345
2346failed:
2347        hci_dev_unlock(hdev);
2348        return err;
2349}
2350
2351static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2352                          u16 len)
2353{
2354        struct mgmt_cp_stop_discovery *mgmt_cp = data;
2355        struct pending_cmd *cmd;
2356        struct hci_cp_remote_name_req_cancel cp;
2357        struct inquiry_entry *e;
2358        int err;
2359
2360        BT_DBG("%s", hdev->name);
2361
2362        hci_dev_lock(hdev);
2363
2364        if (!hci_discovery_active(hdev)) {
2365                err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2366                                   MGMT_STATUS_REJECTED, &mgmt_cp->type,
2367                                   sizeof(mgmt_cp->type));
2368                goto unlock;
2369        }
2370
2371        if (hdev->discovery.type != mgmt_cp->type) {
2372                err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2373                                   MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2374                                   sizeof(mgmt_cp->type));
2375                goto unlock;
2376        }
2377
2378        cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2379        if (!cmd) {
2380                err = -ENOMEM;
2381                goto unlock;
2382        }
2383
2384        if (hdev->discovery.state == DISCOVERY_FINDING) {
2385                err = hci_cancel_inquiry(hdev);
2386                if (err < 0)
2387                        mgmt_pending_remove(cmd);
2388                else
2389                        hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2390                goto unlock;
2391        }
2392
2393        e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2394        if (!e) {
2395                mgmt_pending_remove(cmd);
2396                err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
2397                                   &mgmt_cp->type, sizeof(mgmt_cp->type));
2398                hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2399                goto unlock;
2400        }
2401
2402        bacpy(&cp.bdaddr, &e->data.bdaddr);
2403        err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2404                           &cp);
2405        if (err < 0)
2406                mgmt_pending_remove(cmd);
2407        else
2408                hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2409
2410unlock:
2411        hci_dev_unlock(hdev);
2412        return err;
2413}
2414
2415static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2416                        u16 len)
2417{
2418        struct mgmt_cp_confirm_name *cp = data;
2419        struct inquiry_entry *e;
2420        int err;
2421
2422        BT_DBG("%s", hdev->name);
2423
2424        hci_dev_lock(hdev);
2425
2426        if (!hci_discovery_active(hdev)) {
2427                err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2428                                 MGMT_STATUS_FAILED);
2429                goto failed;
2430        }
2431
2432        e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2433        if (!e) {
2434                err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2435                                 MGMT_STATUS_INVALID_PARAMS);
2436                goto failed;
2437        }
2438
2439        if (cp->name_known) {
2440                e->name_state = NAME_KNOWN;
2441                list_del(&e->list);
2442        } else {
2443                e->name_state = NAME_NEEDED;
2444                hci_inquiry_cache_update_resolve(hdev, e);
2445        }
2446
2447        err = 0;
2448
2449failed:
2450        hci_dev_unlock(hdev);
2451        return err;
2452}
2453
2454static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2455                        u16 len)
2456{
2457        struct mgmt_cp_block_device *cp = data;
2458        u8 status;
2459        int err;
2460
2461        BT_DBG("%s", hdev->name);
2462
2463        hci_dev_lock(hdev);
2464
2465        err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2466        if (err < 0)
2467                status = MGMT_STATUS_FAILED;
2468        else
2469                status = 0;
2470
2471        err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2472                           &cp->addr, sizeof(cp->addr));
2473
2474        hci_dev_unlock(hdev);
2475
2476        return err;
2477}
2478
2479static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2480                          u16 len)
2481{
2482        struct mgmt_cp_unblock_device *cp = data;
2483        u8 status;
2484        int err;
2485
2486        BT_DBG("%s", hdev->name);
2487
2488        hci_dev_lock(hdev);
2489
2490        err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2491        if (err < 0)
2492                status = MGMT_STATUS_INVALID_PARAMS;
2493        else
2494                status = 0;
2495
2496        err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2497                           &cp->addr, sizeof(cp->addr));
2498
2499        hci_dev_unlock(hdev);
2500
2501        return err;
2502}
2503
2504static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2505                                void *data, u16 len)
2506{
2507        struct mgmt_mode *cp = data;
2508        struct hci_cp_write_page_scan_activity acp;
2509        u8 type;
2510        int err;
2511
2512        BT_DBG("%s", hdev->name);
2513
2514        if (!hdev_is_powered(hdev))
2515                return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2516                                  MGMT_STATUS_NOT_POWERED);
2517
2518        if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2519                return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2520                                  MGMT_STATUS_REJECTED);
2521
2522        hci_dev_lock(hdev);
2523
2524        if (cp->val) {
2525                type = PAGE_SCAN_TYPE_INTERLACED;
2526
2527                /* 22.5 msec page scan interval */
2528                acp.interval = __constant_cpu_to_le16(0x0024);
2529        } else {
2530                type = PAGE_SCAN_TYPE_STANDARD; /* default */
2531
2532                /* default 1.28 sec page scan */
2533                acp.interval = __constant_cpu_to_le16(0x0800);
2534        }
2535
2536        /* default 11.25 msec page scan window */
2537        acp.window = __constant_cpu_to_le16(0x0012);
2538
2539        err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2540                           &acp);
2541        if (err < 0) {
2542                err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2543                                 MGMT_STATUS_FAILED);
2544                goto done;
2545        }
2546
2547        err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2548        if (err < 0) {
2549                err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2550                                 MGMT_STATUS_FAILED);
2551                goto done;
2552        }
2553
2554        err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2555                           NULL, 0);
2556done:
2557        hci_dev_unlock(hdev);
2558        return err;
2559}
2560
2561static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2562                               void *cp_data, u16 len)
2563{
2564        struct mgmt_cp_load_long_term_keys *cp = cp_data;
2565        u16 key_count, expected_len;
2566        int i;
2567
2568        key_count = get_unaligned_le16(&cp->key_count);
2569
2570        expected_len = sizeof(*cp) + key_count *
2571                                        sizeof(struct mgmt_ltk_info);
2572        if (expected_len != len) {
2573                BT_ERR("load_keys: expected %u bytes, got %u bytes",
2574                                                        len, expected_len);
2575                return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2576                                  EINVAL);
2577        }
2578
2579        BT_DBG("%s key_count %u", hdev->name, key_count);
2580
2581        hci_dev_lock(hdev);
2582
2583        hci_smp_ltks_clear(hdev);
2584
2585        for (i = 0; i < key_count; i++) {
2586                struct mgmt_ltk_info *key = &cp->keys[i];
2587                u8 type;
2588
2589                if (key->master)
2590                        type = HCI_SMP_LTK;
2591                else
2592                        type = HCI_SMP_LTK_SLAVE;
2593
2594                hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2595                            type, 0, key->authenticated, key->val,
2596                            key->enc_size, key->ediv, key->rand);
2597        }
2598
2599        hci_dev_unlock(hdev);
2600
2601        return 0;
2602}
2603
2604struct mgmt_handler {
2605        int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2606                     u16 data_len);
2607        bool var_len;
2608        size_t data_len;
2609} mgmt_handlers[] = {
2610        { NULL }, /* 0x0000 (no command) */
2611        { read_version,           false, MGMT_READ_VERSION_SIZE },
2612        { read_commands,          false, MGMT_READ_COMMANDS_SIZE },
2613        { read_index_list,        false, MGMT_READ_INDEX_LIST_SIZE },
2614        { read_controller_info,   false, MGMT_READ_INFO_SIZE },
2615        { set_powered,            false, MGMT_SETTING_SIZE },
2616        { set_discoverable,       false, MGMT_SET_DISCOVERABLE_SIZE },
2617        { set_connectable,        false, MGMT_SETTING_SIZE },
2618        { set_fast_connectable,   false, MGMT_SETTING_SIZE },
2619        { set_pairable,           false, MGMT_SETTING_SIZE },
2620        { set_link_security,      false, MGMT_SETTING_SIZE },
2621        { set_ssp,                false, MGMT_SETTING_SIZE },
2622        { set_hs,                 false, MGMT_SETTING_SIZE },
2623        { set_le,                 false, MGMT_SETTING_SIZE },
2624        { set_dev_class,          false, MGMT_SET_DEV_CLASS_SIZE },
2625        { set_local_name,         false, MGMT_SET_LOCAL_NAME_SIZE },
2626        { add_uuid,               false, MGMT_ADD_UUID_SIZE },
2627        { remove_uuid,            false, MGMT_REMOVE_UUID_SIZE },
2628        { load_link_keys,         true,  MGMT_LOAD_LINK_KEYS_SIZE },
2629        { load_long_term_keys,    true,  MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2630        { disconnect,             false, MGMT_DISCONNECT_SIZE },
2631        { get_connections,        false, MGMT_GET_CONNECTIONS_SIZE },
2632        { pin_code_reply,         false, MGMT_PIN_CODE_REPLY_SIZE },
2633        { pin_code_neg_reply,     false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2634        { set_io_capability,      false, MGMT_SET_IO_CAPABILITY_SIZE },
2635        { pair_device,            false, MGMT_PAIR_DEVICE_SIZE },
2636        { cancel_pair_device,     false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2637        { unpair_device,          false, MGMT_UNPAIR_DEVICE_SIZE },
2638        { user_confirm_reply,     false, MGMT_USER_CONFIRM_REPLY_SIZE },
2639        { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2640        { user_passkey_reply,     false, MGMT_USER_PASSKEY_REPLY_SIZE },
2641        { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2642        { read_local_oob_data,    false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2643        { add_remote_oob_data,    false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2644        { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2645        { start_discovery,        false, MGMT_START_DISCOVERY_SIZE },
2646        { stop_discovery,         false, MGMT_STOP_DISCOVERY_SIZE },
2647        { confirm_name,           false, MGMT_CONFIRM_NAME_SIZE },
2648        { block_device,           false, MGMT_BLOCK_DEVICE_SIZE },
2649        { unblock_device,         false, MGMT_UNBLOCK_DEVICE_SIZE },
2650};
2651
2652
2653int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2654{
2655        void *buf;
2656        u8 *cp;
2657        struct mgmt_hdr *hdr;
2658        u16 opcode, index, len;
2659        struct hci_dev *hdev = NULL;
2660        struct mgmt_handler *handler;
2661        int err;
2662
2663        BT_DBG("got %zu bytes", msglen);
2664
2665        if (msglen < sizeof(*hdr))
2666                return -EINVAL;
2667
2668        buf = kmalloc(msglen, GFP_KERNEL);
2669        if (!buf)
2670                return -ENOMEM;
2671
2672        if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2673                err = -EFAULT;
2674                goto done;
2675        }
2676
2677        hdr = buf;
2678        opcode = get_unaligned_le16(&hdr->opcode);
2679        index = get_unaligned_le16(&hdr->index);
2680        len = get_unaligned_le16(&hdr->len);
2681
2682        if (len != msglen - sizeof(*hdr)) {
2683                err = -EINVAL;
2684                goto done;
2685        }
2686
2687        if (index != MGMT_INDEX_NONE) {
2688                hdev = hci_dev_get(index);
2689                if (!hdev) {
2690                        err = cmd_status(sk, index, opcode,
2691                                         MGMT_STATUS_INVALID_INDEX);
2692                        goto done;
2693                }
2694        }
2695
2696        if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2697                                        mgmt_handlers[opcode].func == NULL) {
2698                BT_DBG("Unknown op %u", opcode);
2699                err = cmd_status(sk, index, opcode,
2700                                 MGMT_STATUS_UNKNOWN_COMMAND);
2701                goto done;
2702        }
2703
2704        if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2705                        (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2706                err = cmd_status(sk, index, opcode,
2707                                 MGMT_STATUS_INVALID_INDEX);
2708                goto done;
2709        }
2710
2711        handler = &mgmt_handlers[opcode];
2712
2713        if ((handler->var_len && len < handler->data_len) ||
2714                        (!handler->var_len && len != handler->data_len)) {
2715                err = cmd_status(sk, index, opcode,
2716                                 MGMT_STATUS_INVALID_PARAMS);
2717                goto done;
2718        }
2719
2720        if (hdev)
2721                mgmt_init_hdev(sk, hdev);
2722
2723        cp = buf + sizeof(*hdr);
2724
2725        err = handler->func(sk, hdev, cp, len);
2726        if (err < 0)
2727                goto done;
2728
2729        err = msglen;
2730
2731done:
2732        if (hdev)
2733                hci_dev_put(hdev);
2734
2735        kfree(buf);
2736        return err;
2737}
2738
2739static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2740{
2741        u8 *status = data;
2742
2743        cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2744        mgmt_pending_remove(cmd);
2745}
2746
2747int mgmt_index_added(struct hci_dev *hdev)
2748{
2749        return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2750}
2751
2752int mgmt_index_removed(struct hci_dev *hdev)
2753{
2754        u8 status = MGMT_STATUS_INVALID_INDEX;
2755
2756        mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2757
2758        return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2759}
2760
2761struct cmd_lookup {
2762        struct sock *sk;
2763        struct hci_dev *hdev;
2764        u8 mgmt_status;
2765};
2766
2767static void settings_rsp(struct pending_cmd *cmd, void *data)
2768{
2769        struct cmd_lookup *match = data;
2770
2771        send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2772
2773        list_del(&cmd->list);
2774
2775        if (match->sk == NULL) {
2776                match->sk = cmd->sk;
2777                sock_hold(match->sk);
2778        }
2779
2780        mgmt_pending_free(cmd);
2781}
2782
2783int mgmt_powered(struct hci_dev *hdev, u8 powered)
2784{
2785        struct cmd_lookup match = { NULL, hdev };
2786        int err;
2787
2788        if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2789                return 0;
2790
2791        mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2792
2793        if (powered) {
2794                u8 scan = 0;
2795
2796                if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2797                        scan |= SCAN_PAGE;
2798                if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2799                        scan |= SCAN_INQUIRY;
2800
2801                if (scan)
2802                        hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2803
2804                update_class(hdev);
2805                update_name(hdev, hdev->dev_name);
2806                update_eir(hdev);
2807        } else {
2808                u8 status = MGMT_STATUS_NOT_POWERED;
2809                mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2810        }
2811
2812        err = new_settings(hdev, match.sk);
2813
2814        if (match.sk)
2815                sock_put(match.sk);
2816
2817        return err;
2818}
2819
2820int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2821{
2822        struct cmd_lookup match = { NULL, hdev };
2823        bool changed = false;
2824        int err = 0;
2825
2826        if (discoverable) {
2827                if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2828                        changed = true;
2829        } else {
2830                if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2831                        changed = true;
2832        }
2833
2834        mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2835                             &match);
2836
2837        if (changed)
2838                err = new_settings(hdev, match.sk);
2839
2840        if (match.sk)
2841                sock_put(match.sk);
2842
2843        return err;
2844}
2845
2846int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2847{
2848        struct cmd_lookup match = { NULL, hdev };
2849        bool changed = false;
2850        int err = 0;
2851
2852        if (connectable) {
2853                if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2854                        changed = true;
2855        } else {
2856                if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2857                        changed = true;
2858        }
2859
2860        mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2861                             &match);
2862
2863        if (changed)
2864                err = new_settings(hdev, match.sk);
2865
2866        if (match.sk)
2867                sock_put(match.sk);
2868
2869        return err;
2870}
2871
2872int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2873{
2874        u8 mgmt_err = mgmt_status(status);
2875
2876        if (scan & SCAN_PAGE)
2877                mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2878                                     cmd_status_rsp, &mgmt_err);
2879
2880        if (scan & SCAN_INQUIRY)
2881                mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2882                                     cmd_status_rsp, &mgmt_err);
2883
2884        return 0;
2885}
2886
2887int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
2888{
2889        struct mgmt_ev_new_link_key ev;
2890
2891        memset(&ev, 0, sizeof(ev));
2892
2893        ev.store_hint = persistent;
2894        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2895        ev.key.addr.type = MGMT_ADDR_BREDR;
2896        ev.key.type = key->type;
2897        memcpy(ev.key.val, key->val, 16);
2898        ev.key.pin_len = key->pin_len;
2899
2900        return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2901}
2902
2903int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2904{
2905        struct mgmt_ev_new_long_term_key ev;
2906
2907        memset(&ev, 0, sizeof(ev));
2908
2909        ev.store_hint = persistent;
2910        bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2911        ev.key.addr.type = key->bdaddr_type;
2912        ev.key.authenticated = key->authenticated;
2913        ev.key.enc_size = key->enc_size;
2914        ev.key.ediv = key->ediv;
2915
2916        if (key->type == HCI_SMP_LTK)
2917                ev.key.master = 1;
2918
2919        memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2920        memcpy(ev.key.val, key->val, sizeof(key->val));
2921
2922        return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2923                          NULL);
2924}
2925
2926int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
2927                          u8 addr_type, u32 flags, u8 *name, u8 name_len,
2928                          u8 *dev_class)
2929{
2930        char buf[512];
2931        struct mgmt_ev_device_connected *ev = (void *) buf;
2932        u16 eir_len = 0;
2933
2934        bacpy(&ev->addr.bdaddr, bdaddr);
2935        ev->addr.type = link_to_mgmt(link_type, addr_type);
2936
2937        ev->flags = __cpu_to_le32(flags);
2938
2939        if (name_len > 0)
2940                eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2941                                          name, name_len);
2942
2943        if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2944                eir_len = eir_append_data(ev->eir, eir_len,
2945                                          EIR_CLASS_OF_DEV, dev_class, 3);
2946
2947        put_unaligned_le16(eir_len, &ev->eir_len);
2948
2949        return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2950                          sizeof(*ev) + eir_len, NULL);
2951}
2952
2953static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2954{
2955        struct mgmt_cp_disconnect *cp = cmd->param;
2956        struct sock **sk = data;
2957        struct mgmt_rp_disconnect rp;
2958
2959        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2960        rp.addr.type = cp->addr.type;
2961
2962        cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2963                     sizeof(rp));
2964
2965        *sk = cmd->sk;
2966        sock_hold(*sk);
2967
2968        mgmt_pending_remove(cmd);
2969}
2970
2971static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
2972{
2973        struct hci_dev *hdev = data;
2974        struct mgmt_cp_unpair_device *cp = cmd->param;
2975        struct mgmt_rp_unpair_device rp;
2976
2977        memset(&rp, 0, sizeof(rp));
2978        bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2979        rp.addr.type = cp->addr.type;
2980
2981        device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2982
2983        cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
2984
2985        mgmt_pending_remove(cmd);
2986}
2987
2988int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2989                             u8 link_type, u8 addr_type)
2990{
2991        struct mgmt_addr_info ev;
2992        struct sock *sk = NULL;
2993        int err;
2994
2995        mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
2996
2997        bacpy(&ev.bdaddr, bdaddr);
2998        ev.type = link_to_mgmt(link_type, addr_type);
2999
3000        err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),

3001                         sk);
3002
3003        if (sk)
3004          sock_put(sk);
3005
3006        mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3007                             hdev);
3008
3009        return err;
3010}
3011
3012int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3013                           u8 link_type, u8 addr_type, u8 status)
3014{
3015        struct mgmt_rp_disconnect rp;
3016        struct pending_cmd *cmd;
3017        int err;
3018
3019        cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3020        if (!cmd)
3021                return -ENOENT;
3022
3023        bacpy(&rp.addr.bdaddr, bdaddr);
3024        rp.addr.type = link_to_mgmt(link_type, addr_type);
3025
3026        err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3027                           mgmt_status(status), &rp, sizeof(rp));
3028
3029        mgmt_pending_remove(cmd);
3030
3031        mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3032                                                                        hdev);
3033        return err;
3034}
3035
3036int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3037                        u8 addr_type, u8 status)
3038{
3039        struct mgmt_ev_connect_failed ev;
3040
3041        bacpy(&ev.addr.bdaddr, bdaddr);
3042        ev.addr.type = link_to_mgmt(link_type, addr_type);
3043        ev.status = mgmt_status(status);
3044
3045        return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3046}
3047
3048int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3049{
3050        struct mgmt_ev_pin_code_request ev;
3051
3052        bacpy(&ev.addr.bdaddr, bdaddr);
3053        ev.addr.type = MGMT_ADDR_BREDR;
3054        ev.secure = secure;
3055
3056        return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3057                          NULL);
3058}
3059
3060int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3061                                 u8 status)
3062{
3063        struct pending_cmd *cmd;
3064        struct mgmt_rp_pin_code_reply rp;
3065        int err;
3066
3067        cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3068        if (!cmd)
3069                return -ENOENT;
3070
3071        bacpy(&rp.addr.bdaddr, bdaddr);
3072        rp.addr.type = MGMT_ADDR_BREDR;
3073
3074        err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3075                           mgmt_status(status), &rp, sizeof(rp));
3076
3077        mgmt_pending_remove(cmd);
3078
3079        return err;
3080}
3081
3082int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3083                                     u8 status)
3084{
3085        struct pending_cmd *cmd;
3086        struct mgmt_rp_pin_code_reply rp;
3087        int err;
3088
3089        cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3090        if (!cmd)
3091                return -ENOENT;
3092
3093        bacpy(&rp.addr.bdaddr, bdaddr);
3094        rp.addr.type = MGMT_ADDR_BREDR;
3095
3096        err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3097                           mgmt_status(status), &rp, sizeof(rp));
3098
3099        mgmt_pending_remove(cmd);
3100
3101        return err;
3102}
3103
3104int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3105                              u8 link_type, u8 addr_type, __le32 value,
3106                              u8 confirm_hint)
3107{
3108        struct mgmt_ev_user_confirm_request ev;
3109
3110        BT_DBG("%s", hdev->name);
3111
3112        bacpy(&ev.addr.bdaddr, bdaddr);
3113        ev.addr.type = link_to_mgmt(link_type, addr_type);
3114        ev.confirm_hint = confirm_hint;
3115        put_unaligned_le32(value, &ev.value);
3116
3117        return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3118                          NULL);
3119}
3120
3121int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3122                                                u8 link_type, u8 addr_type)
3123{
3124        struct mgmt_ev_user_passkey_request ev;
3125
3126        BT_DBG("%s", hdev->name);
3127
3128        bacpy(&ev.addr.bdaddr, bdaddr);
3129        ev.addr.type = link_to_mgmt(link_type, addr_type);
3130
3131        return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3132                          NULL);
3133}
3134
3135static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3136                                        u8 link_type, u8 addr_type, u8 status,
3137                                        u8 opcode)
3138{
3139        struct pending_cmd *cmd;
3140        struct mgmt_rp_user_confirm_reply rp;
3141        int err;
3142
3143        cmd = mgmt_pending_find(opcode, hdev);
3144        if (!cmd)
3145                return -ENOENT;
3146
3147        bacpy(&rp.addr.bdaddr, bdaddr);
3148        rp.addr.type = link_to_mgmt(link_type, addr_type);
3149        err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3150                           &rp, sizeof(rp));
3151
3152        mgmt_pending_remove(cmd);
3153
3154        return err;
3155}
3156
3157int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3158                                     u8 link_type, u8 addr_type, u8 status)
3159{
3160        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3161                                          status, MGMT_OP_USER_CONFIRM_REPLY);
3162}
3163
3164int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3165                                         u8 link_type, u8 addr_type, u8 status)
3166{
3167        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3168                                          status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3169}
3170
3171int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3172                                     u8 link_type, u8 addr_type, u8 status)
3173{
3174        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3175                                          status, MGMT_OP_USER_PASSKEY_REPLY);
3176}
3177
3178int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3179                                         u8 link_type, u8 addr_type, u8 status)
3180{
3181        return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3182                                          status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3183}
3184
3185int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3186                     u8 addr_type, u8 status)
3187{
3188        struct mgmt_ev_auth_failed ev;
3189
3190        bacpy(&ev.addr.bdaddr, bdaddr);
3191        ev.addr.type = link_to_mgmt(link_type, addr_type);
3192        ev.status = mgmt_status(status);
3193
3194        return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3195}
3196
3197int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3198{
3199        struct cmd_lookup match = { NULL, hdev };
3200        bool changed = false;
3201        int err = 0;
3202
3203        if (status) {
3204                u8 mgmt_err = mgmt_status(status);
3205                mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3206                                     cmd_status_rsp, &mgmt_err);
3207                return 0;
3208        }
3209
3210        if (test_bit(HCI_AUTH, &hdev->flags)) {
3211                if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3212                        changed = true;
3213        } else {
3214                if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3215                        changed = true;
3216        }
3217
3218        mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3219                             &match);
3220
3221        if (changed)
3222                err = new_settings(hdev, match.sk);
3223
3224        if (match.sk)
3225                sock_put(match.sk);
3226
3227        return err;
3228}
3229
3230static int clear_eir(struct hci_dev *hdev)
3231{
3232        struct hci_cp_write_eir cp;
3233
3234        if (!(hdev->features[6] & LMP_EXT_INQ))
3235                return 0;
3236
3237        memset(hdev->eir, 0, sizeof(hdev->eir));
3238
3239        memset(&cp, 0, sizeof(cp));
3240
3241        return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3242}
3243
3244int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3245{
3246        struct cmd_lookup match = { NULL, hdev };
3247        bool changed = false;
3248        int err = 0;
3249
3250        if (status) {
3251                u8 mgmt_err = mgmt_status(status);
3252
3253                if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3254                                                 &hdev->dev_flags))
3255                        err = new_settings(hdev, NULL);
3256
3257                mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3258                                     &mgmt_err);
3259
3260                return err;
3261        }
3262
3263        if (enable) {
3264                if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3265                        changed = true;
3266        } else {
3267                if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3268                        changed = true;
3269        }
3270
3271        mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3272
3273        if (changed)
3274                err = new_settings(hdev, match.sk);
3275
3276        if (match.sk)
3277                sock_put(match.sk);
3278
3279        if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3280                update_eir(hdev);
3281        else
3282                clear_eir(hdev);
3283
3284        return err;
3285}
3286
3287static void class_rsp(struct pending_cmd *cmd, void *data)
3288{
3289        struct cmd_lookup *match = data;
3290
3291        cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3292                     match->hdev->dev_class, 3);
3293
3294        list_del(&cmd->list);
3295
3296        if (match->sk == NULL) {
3297                match->sk = cmd->sk;
3298                sock_hold(match->sk);
3299        }
3300
3301        mgmt_pending_free(cmd);
3302}
3303
3304int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3305                                   u8 status)
3306{
3307        struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3308        int err = 0;
3309
3310        clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3311
3312        mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3313        mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3314        mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3315
3316        if (!status)
3317                err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3318                                 3, NULL);
3319
3320        if (match.sk)
3321                sock_put(match.sk);
3322
3323        return err;
3324}
3325
3326int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3327{
3328        struct pending_cmd *cmd;
3329        struct mgmt_cp_set_local_name ev;
3330        bool changed = false;
3331        int err = 0;
3332
3333        if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3334                memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3335                changed = true;
3336        }
3337
3338        memset(&ev, 0, sizeof(ev));
3339        memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3340        memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3341
3342        cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3343        if (!cmd)
3344                goto send_event;
3345
3346        /* Always assume that either the short or the complete name has
3347         * changed if there was a pending mgmt command */
3348        changed = true;
3349
3350        if (status) {
3351                err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3352                                 mgmt_status(status));
3353                goto failed;
3354        }
3355
3356        err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3357                           sizeof(ev));
3358        if (err < 0)
3359                goto failed;
3360
3361send_event:
3362        if (changed)
3363                err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3364                                 sizeof(ev), cmd ? cmd->sk : NULL);
3365
3366        update_eir(hdev);
3367
3368failed:
3369        if (cmd)
3370                mgmt_pending_remove(cmd);
3371        return err;
3372}
3373
3374int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3375                                            u8 *randomizer, u8 status)
3376{
3377        struct pending_cmd *cmd;
3378        int err;
3379
3380        BT_DBG("%s status %u", hdev->name, status);
3381
3382        cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3383        if (!cmd)
3384                return -ENOENT;
3385
3386        if (status) {
3387                err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3388                                 mgmt_status(status));
3389        } else {
3390                struct mgmt_rp_read_local_oob_data rp;
3391
3392                memcpy(rp.hash, hash, sizeof(rp.hash));
3393                memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3394
3395                err = cmd_complete(cmd->sk, hdev->id,
3396                                   MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3397                                   sizeof(rp));
3398        }
3399
3400        mgmt_pending_remove(cmd);
3401
3402        return err;
3403}
3404
3405int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3406{
3407        struct cmd_lookup match = { NULL, hdev };
3408        bool changed = false;
3409        int err = 0;
3410
3411        if (status) {
3412                u8 mgmt_err = mgmt_status(status);
3413
3414                if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3415                                                 &hdev->dev_flags))
3416                  err = new_settings(hdev, NULL);
3417
3418                mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3419                                     cmd_status_rsp, &mgmt_err);
3420
3421                return err;
3422        }
3423
3424        if (enable) {
3425                if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3426                        changed = true;
3427        } else {
3428                if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3429                        changed = true;
3430        }
3431
3432        mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3433
3434        if (changed)
3435                err = new_settings(hdev, match.sk);
3436
3437        if (match.sk)
3438                sock_put(match.sk);
3439
3440        return err;
3441}
3442
3443int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3444                      u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3445                      ssp, u8 *eir, u16 eir_len)
3446{
3447        char buf[512];
3448        struct mgmt_ev_device_found *ev = (void *) buf;
3449        size_t ev_size;
3450
3451        /* Leave 5 bytes for a potential CoD field */
3452        if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3453                return -EINVAL;
3454
3455        memset(buf, 0, sizeof(buf));
3456
3457        bacpy(&ev->addr.bdaddr, bdaddr);
3458        ev->addr.type = link_to_mgmt(link_type, addr_type);
3459        ev->rssi = rssi;
3460        if (cfm_name)
3461                ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3462        if (!ssp)
3463                ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3464
3465        if (eir_len > 0)
3466                memcpy(ev->eir, eir, eir_len);
3467
3468        if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3469                eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3470                                          dev_class, 3);
3471
3472        put_unaligned_le16(eir_len, &ev->eir_len);
3473
3474        ev_size = sizeof(*ev) + eir_len;
3475
3476        return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3477}
3478
3479int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3480                     u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3481{
3482        struct mgmt_ev_device_found *ev;
3483        char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3484        u16 eir_len;
3485
3486        ev = (struct mgmt_ev_device_found *) buf;
3487
3488        memset(buf, 0, sizeof(buf));
3489
3490        bacpy(&ev->addr.bdaddr, bdaddr);
3491        ev->addr.type = link_to_mgmt(link_type, addr_type);
3492        ev->rssi = rssi;
3493
3494        eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3495                                  name_len);
3496
3497        put_unaligned_le16(eir_len, &ev->eir_len);
3498
3499        return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3500                          sizeof(*ev) + eir_len, NULL);
3501}
3502
3503int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3504{
3505        struct pending_cmd *cmd;
3506        u8 type;
3507        int err;
3508
3509        hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3510
3511        cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3512        if (!cmd)
3513                return -ENOENT;
3514
3515        type = hdev->discovery.type;
3516
3517        err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3518                           &type, sizeof(type));
3519        mgmt_pending_remove(cmd);
3520
3521        return err;
3522}
3523
3524int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3525{
3526        struct pending_cmd *cmd;
3527        int err;
3528
3529        cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3530        if (!cmd)
3531                return -ENOENT;
3532
3533        err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3534                           &hdev->discovery.type, sizeof(hdev->discovery.type));
3535        mgmt_pending_remove(cmd);
3536
3537        return err;
3538}
3539
3540int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3541{
3542        struct mgmt_ev_discovering ev;
3543        struct pending_cmd *cmd;
3544
3545        BT_DBG("%s discovering %u", hdev->name, discovering);
3546
3547        if (discovering)
3548                cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3549        else
3550                cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3551
3552        if (cmd != NULL) {
3553                u8 type = hdev->discovery.type;
3554
3555                cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3556                             sizeof(type));
3557                mgmt_pending_remove(cmd);
3558        }
3559
3560        memset(&ev, 0, sizeof(ev));
3561        ev.type = hdev->discovery.type;
3562        ev.discovering = discovering;
3563
3564        return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3565}
3566
3567int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3568{
3569        struct pending_cmd *cmd;
3570        struct mgmt_ev_device_blocked ev;
3571
3572        cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3573
3574        bacpy(&ev.addr.bdaddr, bdaddr);
3575        ev.addr.type = type;
3576
3577        return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3578                          cmd ? cmd->sk : NULL);
3579}
3580
3581int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3582{
3583        struct pending_cmd *cmd;
3584        struct mgmt_ev_device_unblocked ev;
3585
3586        cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3587
3588        bacpy(&ev.addr.bdaddr, bdaddr);
3589        ev.addr.type = type;
3590
3591        return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3592                          cmd ? cmd->sk : NULL);
3593}
3594
3595module_param(enable_hs, bool, 0644);
3596MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3597
3598module_param(enable_le, bool, 0644);
3599MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
3600