1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
33#include <net/bluetooth/smp.h>
34
35bool enable_hs;
36
37#define MGMT_VERSION 1
38#define MGMT_REVISION 3
39
40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
78 MGMT_OP_SET_DEVICE_ID,
79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102 MGMT_EV_PASSKEY_NOTIFY,
103};
104
105
106
107
108
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240
113#define LE_SCAN_TIMEOUT_BREDR_LE 5120
114
115#define INQUIRY_LEN_BREDR 0x08
116#define INQUIRY_LEN_BREDR_LE 0x04
117
118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
119
120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
123struct pending_cmd {
124 struct list_head list;
125 u16 opcode;
126 int index;
127 void *param;
128 struct sock *sk;
129 void *user_data;
130};
131
132
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND,
136 MGMT_STATUS_NOT_CONNECTED,
137 MGMT_STATUS_FAILED,
138 MGMT_STATUS_CONNECT_FAILED,
139 MGMT_STATUS_AUTH_FAILED,
140 MGMT_STATUS_NOT_PAIRED,
141 MGMT_STATUS_NO_RESOURCES,
142 MGMT_STATUS_TIMEOUT,
143 MGMT_STATUS_NO_RESOURCES,
144 MGMT_STATUS_NO_RESOURCES,
145 MGMT_STATUS_ALREADY_CONNECTED,
146 MGMT_STATUS_BUSY,
147 MGMT_STATUS_NO_RESOURCES,
148 MGMT_STATUS_REJECTED,
149 MGMT_STATUS_REJECTED,
150 MGMT_STATUS_TIMEOUT,
151 MGMT_STATUS_NOT_SUPPORTED,
152 MGMT_STATUS_INVALID_PARAMS,
153 MGMT_STATUS_DISCONNECTED,
154 MGMT_STATUS_NO_RESOURCES,
155 MGMT_STATUS_DISCONNECTED,
156 MGMT_STATUS_DISCONNECTED,
157 MGMT_STATUS_BUSY,
158 MGMT_STATUS_REJECTED,
159 MGMT_STATUS_FAILED,
160 MGMT_STATUS_NOT_SUPPORTED,
161 MGMT_STATUS_REJECTED,
162 MGMT_STATUS_REJECTED,
163 MGMT_STATUS_REJECTED,
164 MGMT_STATUS_INVALID_PARAMS,
165 MGMT_STATUS_FAILED,
166 MGMT_STATUS_NOT_SUPPORTED,
167 MGMT_STATUS_FAILED,
168 MGMT_STATUS_TIMEOUT,
169 MGMT_STATUS_FAILED,
170 MGMT_STATUS_FAILED,
171 MGMT_STATUS_REJECTED,
172 MGMT_STATUS_FAILED,
173 MGMT_STATUS_NOT_SUPPORTED,
174 MGMT_STATUS_TIMEOUT,
175 MGMT_STATUS_NOT_SUPPORTED,
176 MGMT_STATUS_FAILED,
177 MGMT_STATUS_INVALID_PARAMS,
178 MGMT_STATUS_REJECTED,
179 MGMT_STATUS_NOT_SUPPORTED,
180 MGMT_STATUS_REJECTED,
181 MGMT_STATUS_INVALID_PARAMS,
182 MGMT_STATUS_BUSY,
183 MGMT_STATUS_FAILED,
184 MGMT_STATUS_FAILED,
185 MGMT_STATUS_INVALID_PARAMS,
186 MGMT_STATUS_NOT_SUPPORTED,
187 MGMT_STATUS_BUSY,
188 MGMT_STATUS_REJECTED,
189 MGMT_STATUS_BUSY,
190 MGMT_STATUS_INVALID_PARAMS,
191 MGMT_STATUS_TIMEOUT,
192 MGMT_STATUS_AUTH_FAILED,
193 MGMT_STATUS_CONNECT_FAILED,
194 MGMT_STATUS_CONNECT_FAILED,
195};
196
197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
215 int err;
216
217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
218
219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
226 hdr->index = cpu_to_le16(index);
227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
231 ev->opcode = cpu_to_le16(cmd);
232
233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
235 kfree_skb(skb);
236
237 return err;
238}
239
240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
241 void *rp, size_t rp_len)
242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
246 int err;
247
248 BT_DBG("sock %p", sk);
249
250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
255
256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
257 hdr->index = cpu_to_le16(index);
258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
259
260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
261 ev->opcode = cpu_to_le16(cmd);
262 ev->status = status;
263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
266
267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
269 kfree_skb(skb);
270
271 return err;
272}
273
274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
283
284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
285 sizeof(rp));
286}
287
288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
290{
291 struct mgmt_rp_read_commands *rp;
292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
294 __le16 *opcode;
295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
316 rp_size);
317 kfree(rp);
318
319 return err;
320}
321
322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
324{
325 struct mgmt_rp_read_index_list *rp;
326 struct hci_dev *d;
327 size_t rp_len;
328 u16 count;
329 int err;
330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
340 count++;
341 }
342
343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
346 read_unlock(&hci_dev_list_lock);
347 return -ENOMEM;
348 }
349
350 count = 0;
351 list_for_each_entry(d, &hci_dev_list, list) {
352 if (test_bit(HCI_SETUP, &d->dev_flags))
353 continue;
354
355 if (!mgmt_valid_hdev(d))
356 continue;
357
358 rp->index[count++] = cpu_to_le16(d->id);
359 BT_DBG("Added hci%u", d->id);
360 }
361
362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
365 read_unlock(&hci_dev_list_lock);
366
367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
368 rp_len);
369
370 kfree(rp);
371
372 return err;
373}
374
375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
380 settings |= MGMT_SETTING_PAIRABLE;
381
382 if (lmp_ssp_capable(hdev))
383 settings |= MGMT_SETTING_SSP;
384
385 if (lmp_bredr_capable(hdev)) {
386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
396 if (lmp_le_capable(hdev))
397 settings |= MGMT_SETTING_LE;
398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
406 if (hdev_is_powered(hdev))
407 settings |= MGMT_SETTING_POWERED;
408
409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_CONNECTABLE;
411
412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_DISCOVERABLE;
414
415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
416 settings |= MGMT_SETTING_PAIRABLE;
417
418 if (lmp_bredr_capable(hdev))
419 settings |= MGMT_SETTING_BREDR;
420
421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_LE;
423
424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
425 settings |= MGMT_SETTING_LINK_SECURITY;
426
427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_SSP;
429
430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
433 return settings;
434}
435
436#define PNP_INFO_SVCLASS_ID 0x1200
437
438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
566 ptr += (name_len + 2);
567 }
568
569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
574 ptr += 3;
575 }
576
577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
586 ptr += 10;
587 }
588
589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
592}
593
594static int update_eir(struct hci_dev *hdev)
595{
596 struct hci_cp_write_eir cp;
597
598 if (!hdev_is_powered(hdev))
599 return 0;
600
601 if (!lmp_ext_inq_capable(hdev))
602 return 0;
603
604 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
605 return 0;
606
607 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
608 return 0;
609
610 memset(&cp, 0, sizeof(cp));
611
612 create_eir(hdev, cp.data);
613
614 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
615 return 0;
616
617 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618
619 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
620}
621
622static u8 get_service_classes(struct hci_dev *hdev)
623{
624 struct bt_uuid *uuid;
625 u8 val = 0;
626
627 list_for_each_entry(uuid, &hdev->uuids, list)
628 val |= uuid->svc_hint;
629
630 return val;
631}
632
633static int update_class(struct hci_dev *hdev)
634{
635 u8 cod[3];
636 int err;
637
638 BT_DBG("%s", hdev->name);
639
640 if (!hdev_is_powered(hdev))
641 return 0;
642
643 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
644 return 0;
645
646 cod[0] = hdev->minor_class;
647 cod[1] = hdev->major_class;
648 cod[2] = get_service_classes(hdev);
649
650 if (memcmp(cod, hdev->dev_class, 3) == 0)
651 return 0;
652
653 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
654 if (err == 0)
655 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
656
657 return err;
658}
659
660static void service_cache_off(struct work_struct *work)
661{
662 struct hci_dev *hdev = container_of(work, struct hci_dev,
663 service_cache.work);
664
665 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
666 return;
667
668 hci_dev_lock(hdev);
669
670 update_eir(hdev);
671 update_class(hdev);
672
673 hci_dev_unlock(hdev);
674}
675
676static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
677{
678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
679 return;
680
681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
682
683
684
685
686
687
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
689}
690
691static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
692 void *data, u16 data_len)
693{
694 struct mgmt_rp_read_info rp;
695
696 BT_DBG("sock %p %s", sk, hdev->name);
697
698 hci_dev_lock(hdev);
699
700 memset(&rp, 0, sizeof(rp));
701
702 bacpy(&rp.bdaddr, &hdev->bdaddr);
703
704 rp.version = hdev->hci_ver;
705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
709
710 memcpy(rp.dev_class, hdev->dev_class, 3);
711
712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
714
715 hci_dev_unlock(hdev);
716
717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
718 sizeof(rp));
719}
720
721static void mgmt_pending_free(struct pending_cmd *cmd)
722{
723 sock_put(cmd->sk);
724 kfree(cmd->param);
725 kfree(cmd);
726}
727
728static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
729 struct hci_dev *hdev, void *data,
730 u16 len)
731{
732 struct pending_cmd *cmd;
733
734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
735 if (!cmd)
736 return NULL;
737
738 cmd->opcode = opcode;
739 cmd->index = hdev->id;
740
741 cmd->param = kmalloc(len, GFP_KERNEL);
742 if (!cmd->param) {
743 kfree(cmd);
744 return NULL;
745 }
746
747 if (data)
748 memcpy(cmd->param, data, len);
749
750 cmd->sk = sk;
751 sock_hold(sk);
752
753 list_add(&cmd->list, &hdev->mgmt_pending);
754
755 return cmd;
756}
757
758static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
761 void *data)
762{
763 struct pending_cmd *cmd, *tmp;
764
765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
766 if (opcode > 0 && cmd->opcode != opcode)
767 continue;
768
769 cb(cmd, data);
770 }
771}
772
773static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
774{
775 struct pending_cmd *cmd;
776
777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
778 if (cmd->opcode == opcode)
779 return cmd;
780 }
781
782 return NULL;
783}
784
785static void mgmt_pending_remove(struct pending_cmd *cmd)
786{
787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789}
790
791static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
792{
793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
794
795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
796 sizeof(settings));
797}
798
799static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
800 u16 len)
801{
802 struct mgmt_mode *cp = data;
803 struct pending_cmd *cmd;
804 int err;
805
806 BT_DBG("request for %s", hdev->name);
807
808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
812 hci_dev_lock(hdev);
813
814 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
815 cancel_delayed_work(&hdev->power_off);
816
817 if (cp->val) {
818 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
819 data, len);
820 err = mgmt_powered(hdev, 1);
821 goto failed;
822 }
823 }
824
825 if (!!cp->val == hdev_is_powered(hdev)) {
826 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
827 goto failed;
828 }
829
830 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
831 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
832 MGMT_STATUS_BUSY);
833 goto failed;
834 }
835
836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
837 if (!cmd) {
838 err = -ENOMEM;
839 goto failed;
840 }
841
842 if (cp->val)
843 queue_work(hdev->req_workqueue, &hdev->power_on);
844 else
845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
846
847 err = 0;
848
849failed:
850 hci_dev_unlock(hdev);
851 return err;
852}
853
854static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
856{
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
875
876 __net_timestamp(skb);
877
878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882}
883
884static int new_settings(struct hci_dev *hdev, struct sock *skip)
885{
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891}
892
893static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
894 u16 len)
895{
896 struct mgmt_cp_set_discoverable *cp = data;
897 struct pending_cmd *cmd;
898 u16 timeout;
899 u8 scan;
900 int err;
901
902 BT_DBG("request for %s", hdev->name);
903
904 if (!lmp_bredr_capable(hdev))
905 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_NOT_SUPPORTED);
907
908 if (cp->val != 0x00 && cp->val != 0x01)
909 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
910 MGMT_STATUS_INVALID_PARAMS);
911
912 timeout = __le16_to_cpu(cp->timeout);
913 if (!cp->val && timeout > 0)
914 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
915 MGMT_STATUS_INVALID_PARAMS);
916
917 hci_dev_lock(hdev);
918
919 if (!hdev_is_powered(hdev) && timeout > 0) {
920 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
921 MGMT_STATUS_NOT_POWERED);
922 goto failed;
923 }
924
925 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
926 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
927 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
928 MGMT_STATUS_BUSY);
929 goto failed;
930 }
931
932 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
933 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
934 MGMT_STATUS_REJECTED);
935 goto failed;
936 }
937
938 if (!hdev_is_powered(hdev)) {
939 bool changed = false;
940
941 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
942 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
943 changed = true;
944 }
945
946 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
947 if (err < 0)
948 goto failed;
949
950 if (changed)
951 err = new_settings(hdev, sk);
952
953 goto failed;
954 }
955
956 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
957 if (hdev->discov_timeout > 0) {
958 cancel_delayed_work(&hdev->discov_off);
959 hdev->discov_timeout = 0;
960 }
961
962 if (cp->val && timeout > 0) {
963 hdev->discov_timeout = timeout;
964 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
965 msecs_to_jiffies(hdev->discov_timeout * 1000));
966 }
967
968 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
969 goto failed;
970 }
971
972 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
973 if (!cmd) {
974 err = -ENOMEM;
975 goto failed;
976 }
977
978 scan = SCAN_PAGE;
979
980 if (cp->val)
981 scan |= SCAN_INQUIRY;
982 else
983 cancel_delayed_work(&hdev->discov_off);
984
985 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
986 if (err < 0)
987 mgmt_pending_remove(cmd);
988
989 if (cp->val)
990 hdev->discov_timeout = timeout;
991
992failed:
993 hci_dev_unlock(hdev);
994 return err;
995}
996
997static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
998 u16 len)
999{
1000 struct mgmt_mode *cp = data;
1001 struct pending_cmd *cmd;
1002 u8 scan;
1003 int err;
1004
1005 BT_DBG("request for %s", hdev->name);
1006
1007 if (!lmp_bredr_capable(hdev))
1008 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1009 MGMT_STATUS_NOT_SUPPORTED);
1010
1011 if (cp->val != 0x00 && cp->val != 0x01)
1012 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1013 MGMT_STATUS_INVALID_PARAMS);
1014
1015 hci_dev_lock(hdev);
1016
1017 if (!hdev_is_powered(hdev)) {
1018 bool changed = false;
1019
1020 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1021 changed = true;
1022
1023 if (cp->val) {
1024 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1025 } else {
1026 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1027 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1028 }
1029
1030 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1031 if (err < 0)
1032 goto failed;
1033
1034 if (changed)
1035 err = new_settings(hdev, sk);
1036
1037 goto failed;
1038 }
1039
1040 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1041 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
1042 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1043 MGMT_STATUS_BUSY);
1044 goto failed;
1045 }
1046
1047 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
1048 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1049 goto failed;
1050 }
1051
1052 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
1053 if (!cmd) {
1054 err = -ENOMEM;
1055 goto failed;
1056 }
1057
1058 if (cp->val) {
1059 scan = SCAN_PAGE;
1060 } else {
1061 scan = 0;
1062
1063 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1064 hdev->discov_timeout > 0)
1065 cancel_delayed_work(&hdev->discov_off);
1066 }
1067
1068 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1069 if (err < 0)
1070 mgmt_pending_remove(cmd);
1071
1072failed:
1073 hci_dev_unlock(hdev);
1074 return err;
1075}
1076
1077static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1078 u16 len)
1079{
1080 struct mgmt_mode *cp = data;
1081 int err;
1082
1083 BT_DBG("request for %s", hdev->name);
1084
1085 if (cp->val != 0x00 && cp->val != 0x01)
1086 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1087 MGMT_STATUS_INVALID_PARAMS);
1088
1089 hci_dev_lock(hdev);
1090
1091 if (cp->val)
1092 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1093 else
1094 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1095
1096 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1097 if (err < 0)
1098 goto failed;
1099
1100 err = new_settings(hdev, sk);
1101
1102failed:
1103 hci_dev_unlock(hdev);
1104 return err;
1105}
1106
1107static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1108 u16 len)
1109{
1110 struct mgmt_mode *cp = data;
1111 struct pending_cmd *cmd;
1112 u8 val;
1113 int err;
1114
1115 BT_DBG("request for %s", hdev->name);
1116
1117 if (!lmp_bredr_capable(hdev))
1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1119 MGMT_STATUS_NOT_SUPPORTED);
1120
1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1123 MGMT_STATUS_INVALID_PARAMS);
1124
1125 hci_dev_lock(hdev);
1126
1127 if (!hdev_is_powered(hdev)) {
1128 bool changed = false;
1129
1130 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1131 &hdev->dev_flags)) {
1132 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1133 changed = true;
1134 }
1135
1136 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1137 if (err < 0)
1138 goto failed;
1139
1140 if (changed)
1141 err = new_settings(hdev, sk);
1142
1143 goto failed;
1144 }
1145
1146 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1148 MGMT_STATUS_BUSY);
1149 goto failed;
1150 }
1151
1152 val = !!cp->val;
1153
1154 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1155 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1156 goto failed;
1157 }
1158
1159 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1160 if (!cmd) {
1161 err = -ENOMEM;
1162 goto failed;
1163 }
1164
1165 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1166 if (err < 0) {
1167 mgmt_pending_remove(cmd);
1168 goto failed;
1169 }
1170
1171failed:
1172 hci_dev_unlock(hdev);
1173 return err;
1174}
1175
1176static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1177{
1178 struct mgmt_mode *cp = data;
1179 struct pending_cmd *cmd;
1180 u8 val;
1181 int err;
1182
1183 BT_DBG("request for %s", hdev->name);
1184
1185 if (!lmp_ssp_capable(hdev))
1186 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1187 MGMT_STATUS_NOT_SUPPORTED);
1188
1189 if (cp->val != 0x00 && cp->val != 0x01)
1190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1191 MGMT_STATUS_INVALID_PARAMS);
1192
1193 hci_dev_lock(hdev);
1194
1195 val = !!cp->val;
1196
1197 if (!hdev_is_powered(hdev)) {
1198 bool changed = false;
1199
1200 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1201 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1202 changed = true;
1203 }
1204
1205 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1206 if (err < 0)
1207 goto failed;
1208
1209 if (changed)
1210 err = new_settings(hdev, sk);
1211
1212 goto failed;
1213 }
1214
1215 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1216 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1217 MGMT_STATUS_BUSY);
1218 goto failed;
1219 }
1220
1221 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1222 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1223 goto failed;
1224 }
1225
1226 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1227 if (!cmd) {
1228 err = -ENOMEM;
1229 goto failed;
1230 }
1231
1232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1233 if (err < 0) {
1234 mgmt_pending_remove(cmd);
1235 goto failed;
1236 }
1237
1238failed:
1239 hci_dev_unlock(hdev);
1240 return err;
1241}
1242
1243static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1244{
1245 struct mgmt_mode *cp = data;
1246
1247 BT_DBG("request for %s", hdev->name);
1248
1249 if (!enable_hs)
1250 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1251 MGMT_STATUS_NOT_SUPPORTED);
1252
1253 if (cp->val != 0x00 && cp->val != 0x01)
1254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1255 MGMT_STATUS_INVALID_PARAMS);
1256
1257 if (cp->val)
1258 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1259 else
1260 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1261
1262 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1263}
1264
1265static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1266{
1267 struct mgmt_mode *cp = data;
1268 struct hci_cp_write_le_host_supported hci_cp;
1269 struct pending_cmd *cmd;
1270 int err;
1271 u8 val, enabled;
1272
1273 BT_DBG("request for %s", hdev->name);
1274
1275 if (!lmp_le_capable(hdev))
1276 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1277 MGMT_STATUS_NOT_SUPPORTED);
1278
1279 if (cp->val != 0x00 && cp->val != 0x01)
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1281 MGMT_STATUS_INVALID_PARAMS);
1282
1283 hci_dev_lock(hdev);
1284
1285 val = !!cp->val;
1286 enabled = lmp_host_le_capable(hdev);
1287
1288 if (!hdev_is_powered(hdev) || val == enabled) {
1289 bool changed = false;
1290
1291 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1292 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1293 changed = true;
1294 }
1295
1296 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1297 if (err < 0)
1298 goto unlock;
1299
1300 if (changed)
1301 err = new_settings(hdev, sk);
1302
1303 goto unlock;
1304 }
1305
1306 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1307 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1308 MGMT_STATUS_BUSY);
1309 goto unlock;
1310 }
1311
1312 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1313 if (!cmd) {
1314 err = -ENOMEM;
1315 goto unlock;
1316 }
1317
1318 memset(&hci_cp, 0, sizeof(hci_cp));
1319
1320 if (val) {
1321 hci_cp.le = val;
1322 hci_cp.simul = lmp_le_br_capable(hdev);
1323 }
1324
1325 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1326 &hci_cp);
1327 if (err < 0)
1328 mgmt_pending_remove(cmd);
1329
1330unlock:
1331 hci_dev_unlock(hdev);
1332 return err;
1333}
1334
1335static const u8 bluetooth_base_uuid[] = {
1336 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1337 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1338};
1339
1340static u8 get_uuid_size(const u8 *uuid)
1341{
1342 u32 val;
1343
1344 if (memcmp(uuid, bluetooth_base_uuid, 12))
1345 return 128;
1346
1347 val = get_unaligned_le32(&uuid[12]);
1348 if (val > 0xffff)
1349 return 32;
1350
1351 return 16;
1352}
1353
1354static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1355{
1356 struct mgmt_cp_add_uuid *cp = data;
1357 struct pending_cmd *cmd;
1358 struct bt_uuid *uuid;
1359 int err;
1360
1361 BT_DBG("request for %s", hdev->name);
1362
1363 hci_dev_lock(hdev);
1364
1365 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1366 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1367 MGMT_STATUS_BUSY);
1368 goto failed;
1369 }
1370
1371 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
1372 if (!uuid) {
1373 err = -ENOMEM;
1374 goto failed;
1375 }
1376
1377 memcpy(uuid->uuid, cp->uuid, 16);
1378 uuid->svc_hint = cp->svc_hint;
1379 uuid->size = get_uuid_size(cp->uuid);
1380
1381 list_add_tail(&uuid->list, &hdev->uuids);
1382
1383 err = update_class(hdev);
1384 if (err < 0)
1385 goto failed;
1386
1387 err = update_eir(hdev);
1388 if (err < 0)
1389 goto failed;
1390
1391 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1392 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1393 hdev->dev_class, 3);
1394 goto failed;
1395 }
1396
1397 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1398 if (!cmd)
1399 err = -ENOMEM;
1400
1401failed:
1402 hci_dev_unlock(hdev);
1403 return err;
1404}
1405
1406static bool enable_service_cache(struct hci_dev *hdev)
1407{
1408 if (!hdev_is_powered(hdev))
1409 return false;
1410
1411 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1412 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1413 CACHE_TIMEOUT);
1414 return true;
1415 }
1416
1417 return false;
1418}
1419
1420static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1421 u16 len)
1422{
1423 struct mgmt_cp_remove_uuid *cp = data;
1424 struct pending_cmd *cmd;
1425 struct bt_uuid *match, *tmp;
1426 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1427 int err, found;
1428
1429 BT_DBG("request for %s", hdev->name);
1430
1431 hci_dev_lock(hdev);
1432
1433 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1434 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1435 MGMT_STATUS_BUSY);
1436 goto unlock;
1437 }
1438
1439 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1440 err = hci_uuids_clear(hdev);
1441
1442 if (enable_service_cache(hdev)) {
1443 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1444 0, hdev->dev_class, 3);
1445 goto unlock;
1446 }
1447
1448 goto update_class;
1449 }
1450
1451 found = 0;
1452
1453 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
1454 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1455 continue;
1456
1457 list_del(&match->list);
1458 kfree(match);
1459 found++;
1460 }
1461
1462 if (found == 0) {
1463 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1464 MGMT_STATUS_INVALID_PARAMS);
1465 goto unlock;
1466 }
1467
1468update_class:
1469 err = update_class(hdev);
1470 if (err < 0)
1471 goto unlock;
1472
1473 err = update_eir(hdev);
1474 if (err < 0)
1475 goto unlock;
1476
1477 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1478 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1479 hdev->dev_class, 3);
1480 goto unlock;
1481 }
1482
1483 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1484 if (!cmd)
1485 err = -ENOMEM;
1486
1487unlock:
1488 hci_dev_unlock(hdev);
1489 return err;
1490}
1491
1492static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1493 u16 len)
1494{
1495 struct mgmt_cp_set_dev_class *cp = data;
1496 struct pending_cmd *cmd;
1497 int err;
1498
1499 BT_DBG("request for %s", hdev->name);
1500
1501 if (!lmp_bredr_capable(hdev))
1502 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1503 MGMT_STATUS_NOT_SUPPORTED);
1504
1505 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1506 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1507 MGMT_STATUS_BUSY);
1508
1509 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1510 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1511 MGMT_STATUS_INVALID_PARAMS);
1512
1513 hci_dev_lock(hdev);
1514
1515 hdev->major_class = cp->major;
1516 hdev->minor_class = cp->minor;
1517
1518 if (!hdev_is_powered(hdev)) {
1519 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1520 hdev->dev_class, 3);
1521 goto unlock;
1522 }
1523
1524 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1525 hci_dev_unlock(hdev);
1526 cancel_delayed_work_sync(&hdev->service_cache);
1527 hci_dev_lock(hdev);
1528 update_eir(hdev);
1529 }
1530
1531 err = update_class(hdev);
1532 if (err < 0)
1533 goto unlock;
1534
1535 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1536 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1537 hdev->dev_class, 3);
1538 goto unlock;
1539 }
1540
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1542 if (!cmd)
1543 err = -ENOMEM;
1544
1545unlock:
1546 hci_dev_unlock(hdev);
1547 return err;
1548}
1549
1550static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1551 u16 len)
1552{
1553 struct mgmt_cp_load_link_keys *cp = data;
1554 u16 key_count, expected_len;
1555 int i;
1556
1557 key_count = __le16_to_cpu(cp->key_count);
1558
1559 expected_len = sizeof(*cp) + key_count *
1560 sizeof(struct mgmt_link_key_info);
1561 if (expected_len != len) {
1562 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1563 len, expected_len);
1564 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1565 MGMT_STATUS_INVALID_PARAMS);
1566 }
1567
1568 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1570 MGMT_STATUS_INVALID_PARAMS);
1571
1572 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1573 key_count);
1574
1575 for (i = 0; i < key_count; i++) {
1576 struct mgmt_link_key_info *key = &cp->keys[i];
1577
1578 if (key->addr.type != BDADDR_BREDR)
1579 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1580 MGMT_STATUS_INVALID_PARAMS);
1581 }
1582
1583 hci_dev_lock(hdev);
1584
1585 hci_link_keys_clear(hdev);
1586
1587 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1588
1589 if (cp->debug_keys)
1590 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1591 else
1592 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1593
1594 for (i = 0; i < key_count; i++) {
1595 struct mgmt_link_key_info *key = &cp->keys[i];
1596
1597 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1598 key->type, key->pin_len);
1599 }
1600
1601 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1602
1603 hci_dev_unlock(hdev);
1604
1605 return 0;
1606}
1607
1608static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1609 u8 addr_type, struct sock *skip_sk)
1610{
1611 struct mgmt_ev_device_unpaired ev;
1612
1613 bacpy(&ev.addr.bdaddr, bdaddr);
1614 ev.addr.type = addr_type;
1615
1616 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1617 skip_sk);
1618}
1619
1620static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1621 u16 len)
1622{
1623 struct mgmt_cp_unpair_device *cp = data;
1624 struct mgmt_rp_unpair_device rp;
1625 struct hci_cp_disconnect dc;
1626 struct pending_cmd *cmd;
1627 struct hci_conn *conn;
1628 int err;
1629
1630 memset(&rp, 0, sizeof(rp));
1631 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1632 rp.addr.type = cp->addr.type;
1633
1634 if (!bdaddr_type_is_valid(cp->addr.type))
1635 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1636 MGMT_STATUS_INVALID_PARAMS,
1637 &rp, sizeof(rp));
1638
1639 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1640 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1641 MGMT_STATUS_INVALID_PARAMS,
1642 &rp, sizeof(rp));
1643
1644 hci_dev_lock(hdev);
1645
1646 if (!hdev_is_powered(hdev)) {
1647 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1648 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1649 goto unlock;
1650 }
1651
1652 if (cp->addr.type == BDADDR_BREDR)
1653 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1654 else
1655 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1656
1657 if (err < 0) {
1658 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1659 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1660 goto unlock;
1661 }
1662
1663 if (cp->disconnect) {
1664 if (cp->addr.type == BDADDR_BREDR)
1665 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1666 &cp->addr.bdaddr);
1667 else
1668 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1669 &cp->addr.bdaddr);
1670 } else {
1671 conn = NULL;
1672 }
1673
1674 if (!conn) {
1675 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1676 &rp, sizeof(rp));
1677 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1678 goto unlock;
1679 }
1680
1681 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1682 sizeof(*cp));
1683 if (!cmd) {
1684 err = -ENOMEM;
1685 goto unlock;
1686 }
1687
1688 dc.handle = cpu_to_le16(conn->handle);
1689 dc.reason = 0x13;
1690 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1691 if (err < 0)
1692 mgmt_pending_remove(cmd);
1693
1694unlock:
1695 hci_dev_unlock(hdev);
1696 return err;
1697}
1698
1699static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1700 u16 len)
1701{
1702 struct mgmt_cp_disconnect *cp = data;
1703 struct mgmt_rp_disconnect rp;
1704 struct hci_cp_disconnect dc;
1705 struct pending_cmd *cmd;
1706 struct hci_conn *conn;
1707 int err;
1708
1709 BT_DBG("");
1710
1711 memset(&rp, 0, sizeof(rp));
1712 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1713 rp.addr.type = cp->addr.type;
1714
1715 if (!bdaddr_type_is_valid(cp->addr.type))
1716 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1717 MGMT_STATUS_INVALID_PARAMS,
1718 &rp, sizeof(rp));
1719
1720 hci_dev_lock(hdev);
1721
1722 if (!test_bit(HCI_UP, &hdev->flags)) {
1723 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1724 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1725 goto failed;
1726 }
1727
1728 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1729 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1730 MGMT_STATUS_BUSY, &rp, sizeof(rp));
1731 goto failed;
1732 }
1733
1734 if (cp->addr.type == BDADDR_BREDR)
1735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1736 &cp->addr.bdaddr);
1737 else
1738 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1739
1740 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1741 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1742 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
1743 goto failed;
1744 }
1745
1746 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1747 if (!cmd) {
1748 err = -ENOMEM;
1749 goto failed;
1750 }
1751
1752 dc.handle = cpu_to_le16(conn->handle);
1753 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
1754
1755 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1756 if (err < 0)
1757 mgmt_pending_remove(cmd);
1758
1759failed:
1760 hci_dev_unlock(hdev);
1761 return err;
1762}
1763
1764static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1765{
1766 switch (link_type) {
1767 case LE_LINK:
1768 switch (addr_type) {
1769 case ADDR_LE_DEV_PUBLIC:
1770 return BDADDR_LE_PUBLIC;
1771
1772 default:
1773
1774 return BDADDR_LE_RANDOM;
1775 }
1776
1777 default:
1778
1779 return BDADDR_BREDR;
1780 }
1781}
1782
1783static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1784 u16 data_len)
1785{
1786 struct mgmt_rp_get_connections *rp;
1787 struct hci_conn *c;
1788 size_t rp_len;
1789 int err;
1790 u16 i;
1791
1792 BT_DBG("");
1793
1794 hci_dev_lock(hdev);
1795
1796 if (!hdev_is_powered(hdev)) {
1797 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1798 MGMT_STATUS_NOT_POWERED);
1799 goto unlock;
1800 }
1801
1802 i = 0;
1803 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1804 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1805 i++;
1806 }
1807
1808 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1809 rp = kmalloc(rp_len, GFP_KERNEL);
1810 if (!rp) {
1811 err = -ENOMEM;
1812 goto unlock;
1813 }
1814
1815 i = 0;
1816 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1817 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1818 continue;
1819 bacpy(&rp->addr[i].bdaddr, &c->dst);
1820 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1821 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1822 continue;
1823 i++;
1824 }
1825
1826 rp->conn_count = cpu_to_le16(i);
1827
1828
1829 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1830
1831 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1832 rp_len);
1833
1834 kfree(rp);
1835
1836unlock:
1837 hci_dev_unlock(hdev);
1838 return err;
1839}
1840
1841static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1842 struct mgmt_cp_pin_code_neg_reply *cp)
1843{
1844 struct pending_cmd *cmd;
1845 int err;
1846
1847 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1848 sizeof(*cp));
1849 if (!cmd)
1850 return -ENOMEM;
1851
1852 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1853 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1854 if (err < 0)
1855 mgmt_pending_remove(cmd);
1856
1857 return err;
1858}
1859
1860static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1861 u16 len)
1862{
1863 struct hci_conn *conn;
1864 struct mgmt_cp_pin_code_reply *cp = data;
1865 struct hci_cp_pin_code_reply reply;
1866 struct pending_cmd *cmd;
1867 int err;
1868
1869 BT_DBG("");
1870
1871 hci_dev_lock(hdev);
1872
1873 if (!hdev_is_powered(hdev)) {
1874 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1875 MGMT_STATUS_NOT_POWERED);
1876 goto failed;
1877 }
1878
1879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1880 if (!conn) {
1881 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1882 MGMT_STATUS_NOT_CONNECTED);
1883 goto failed;
1884 }
1885
1886 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1887 struct mgmt_cp_pin_code_neg_reply ncp;
1888
1889 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1890
1891 BT_ERR("PIN code is not 16 bytes long");
1892
1893 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1894 if (err >= 0)
1895 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1896 MGMT_STATUS_INVALID_PARAMS);
1897
1898 goto failed;
1899 }
1900
1901 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1902 if (!cmd) {
1903 err = -ENOMEM;
1904 goto failed;
1905 }
1906
1907 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1908 reply.pin_len = cp->pin_len;
1909 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1910
1911 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1912 if (err < 0)
1913 mgmt_pending_remove(cmd);
1914
1915failed:
1916 hci_dev_unlock(hdev);
1917 return err;
1918}
1919
1920static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1921 u16 len)
1922{
1923 struct mgmt_cp_set_io_capability *cp = data;
1924
1925 BT_DBG("");
1926
1927 hci_dev_lock(hdev);
1928
1929 hdev->io_capability = cp->io_capability;
1930
1931 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1932 hdev->io_capability);
1933
1934 hci_dev_unlock(hdev);
1935
1936 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1937 0);
1938}
1939
1940static struct pending_cmd *find_pairing(struct hci_conn *conn)
1941{
1942 struct hci_dev *hdev = conn->hdev;
1943 struct pending_cmd *cmd;
1944
1945 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1946 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1947 continue;
1948
1949 if (cmd->user_data != conn)
1950 continue;
1951
1952 return cmd;
1953 }
1954
1955 return NULL;
1956}
1957
1958static void pairing_complete(struct pending_cmd *cmd, u8 status)
1959{
1960 struct mgmt_rp_pair_device rp;
1961 struct hci_conn *conn = cmd->user_data;
1962
1963 bacpy(&rp.addr.bdaddr, &conn->dst);
1964 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1965
1966 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1967 &rp, sizeof(rp));
1968
1969
1970 conn->connect_cfm_cb = NULL;
1971 conn->security_cfm_cb = NULL;
1972 conn->disconn_cfm_cb = NULL;
1973
1974 hci_conn_put(conn);
1975
1976 mgmt_pending_remove(cmd);
1977}
1978
1979static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1980{
1981 struct pending_cmd *cmd;
1982
1983 BT_DBG("status %u", status);
1984
1985 cmd = find_pairing(conn);
1986 if (!cmd)
1987 BT_DBG("Unable to find a pending command");
1988 else
1989 pairing_complete(cmd, mgmt_status(status));
1990}
1991
1992static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1993{
1994 struct pending_cmd *cmd;
1995
1996 BT_DBG("status %u", status);
1997
1998 if (!status)
1999 return;
2000
2001 cmd = find_pairing(conn);
2002 if (!cmd)
2003 BT_DBG("Unable to find a pending command");
2004 else
2005 pairing_complete(cmd, mgmt_status(status));
2006}
2007
2008static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2009 u16 len)
2010{
2011 struct mgmt_cp_pair_device *cp = data;
2012 struct mgmt_rp_pair_device rp;
2013 struct pending_cmd *cmd;
2014 u8 sec_level, auth_type;
2015 struct hci_conn *conn;
2016 int err;
2017
2018 BT_DBG("");
2019
2020 memset(&rp, 0, sizeof(rp));
2021 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2022 rp.addr.type = cp->addr.type;
2023
2024 if (!bdaddr_type_is_valid(cp->addr.type))
2025 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2026 MGMT_STATUS_INVALID_PARAMS,
2027 &rp, sizeof(rp));
2028
2029 hci_dev_lock(hdev);
2030
2031 if (!hdev_is_powered(hdev)) {
2032 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2033 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
2034 goto unlock;
2035 }
2036
2037 sec_level = BT_SECURITY_MEDIUM;
2038 if (cp->io_cap == 0x03)
2039 auth_type = HCI_AT_DEDICATED_BONDING;
2040 else
2041 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
2042
2043 if (cp->addr.type == BDADDR_BREDR)
2044 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2045 cp->addr.type, sec_level, auth_type);
2046 else
2047 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2048 cp->addr.type, sec_level, auth_type);
2049
2050 if (IS_ERR(conn)) {
2051 int status;
2052
2053 if (PTR_ERR(conn) == -EBUSY)
2054 status = MGMT_STATUS_BUSY;
2055 else
2056 status = MGMT_STATUS_CONNECT_FAILED;
2057
2058 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2059 status, &rp,
2060 sizeof(rp));
2061 goto unlock;
2062 }
2063
2064 if (conn->connect_cfm_cb) {
2065 hci_conn_put(conn);
2066 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2067 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2068 goto unlock;
2069 }
2070
2071 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2072 if (!cmd) {
2073 err = -ENOMEM;
2074 hci_conn_put(conn);
2075 goto unlock;
2076 }
2077
2078
2079 if (cp->addr.type == BDADDR_BREDR)
2080 conn->connect_cfm_cb = pairing_complete_cb;
2081 else
2082 conn->connect_cfm_cb = le_connect_complete_cb;
2083
2084 conn->security_cfm_cb = pairing_complete_cb;
2085 conn->disconn_cfm_cb = pairing_complete_cb;
2086 conn->io_capability = cp->io_cap;
2087 cmd->user_data = conn;
2088
2089 if (conn->state == BT_CONNECTED &&
2090 hci_conn_security(conn, sec_level, auth_type))
2091 pairing_complete(cmd, 0);
2092
2093 err = 0;
2094
2095unlock:
2096 hci_dev_unlock(hdev);
2097 return err;
2098}
2099
2100static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2101 u16 len)
2102{
2103 struct mgmt_addr_info *addr = data;
2104 struct pending_cmd *cmd;
2105 struct hci_conn *conn;
2106 int err;
2107
2108 BT_DBG("");
2109
2110 hci_dev_lock(hdev);
2111
2112 if (!hdev_is_powered(hdev)) {
2113 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2114 MGMT_STATUS_NOT_POWERED);
2115 goto unlock;
2116 }
2117
2118 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2119 if (!cmd) {
2120 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2121 MGMT_STATUS_INVALID_PARAMS);
2122 goto unlock;
2123 }
2124
2125 conn = cmd->user_data;
2126
2127 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2128 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2129 MGMT_STATUS_INVALID_PARAMS);
2130 goto unlock;
2131 }
2132
2133 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2134
2135 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2136 addr, sizeof(*addr));
2137unlock:
2138 hci_dev_unlock(hdev);
2139 return err;
2140}
2141
2142static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2143 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2144 u16 hci_op, __le32 passkey)
2145{
2146 struct pending_cmd *cmd;
2147 struct hci_conn *conn;
2148 int err;
2149
2150 hci_dev_lock(hdev);
2151
2152 if (!hdev_is_powered(hdev)) {
2153 err = cmd_status(sk, hdev->id, mgmt_op,
2154 MGMT_STATUS_NOT_POWERED);
2155 goto done;
2156 }
2157
2158 if (type == BDADDR_BREDR)
2159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2160 else
2161 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2162
2163 if (!conn) {
2164 err = cmd_status(sk, hdev->id, mgmt_op,
2165 MGMT_STATUS_NOT_CONNECTED);
2166 goto done;
2167 }
2168
2169 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2170
2171 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2172
2173 if (!err)
2174 err = cmd_status(sk, hdev->id, mgmt_op,
2175 MGMT_STATUS_SUCCESS);
2176 else
2177 err = cmd_status(sk, hdev->id, mgmt_op,
2178 MGMT_STATUS_FAILED);
2179
2180 goto done;
2181 }
2182
2183 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2184 if (!cmd) {
2185 err = -ENOMEM;
2186 goto done;
2187 }
2188
2189
2190 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2191 struct hci_cp_user_passkey_reply cp;
2192
2193 bacpy(&cp.bdaddr, bdaddr);
2194 cp.passkey = passkey;
2195 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2196 } else
2197 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2198
2199 if (err < 0)
2200 mgmt_pending_remove(cmd);
2201
2202done:
2203 hci_dev_unlock(hdev);
2204 return err;
2205}
2206
2207static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2208 void *data, u16 len)
2209{
2210 struct mgmt_cp_pin_code_neg_reply *cp = data;
2211
2212 BT_DBG("");
2213
2214 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2215 MGMT_OP_PIN_CODE_NEG_REPLY,
2216 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2217}
2218
2219static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2220 u16 len)
2221{
2222 struct mgmt_cp_user_confirm_reply *cp = data;
2223
2224 BT_DBG("");
2225
2226 if (len != sizeof(*cp))
2227 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2228 MGMT_STATUS_INVALID_PARAMS);
2229
2230 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2231 MGMT_OP_USER_CONFIRM_REPLY,
2232 HCI_OP_USER_CONFIRM_REPLY, 0);
2233}
2234
2235static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2236 void *data, u16 len)
2237{
2238 struct mgmt_cp_user_confirm_neg_reply *cp = data;
2239
2240 BT_DBG("");
2241
2242 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2243 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2244 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2245}
2246
2247static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2248 u16 len)
2249{
2250 struct mgmt_cp_user_passkey_reply *cp = data;
2251
2252 BT_DBG("");
2253
2254 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2255 MGMT_OP_USER_PASSKEY_REPLY,
2256 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2257}
2258
2259static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2260 void *data, u16 len)
2261{
2262 struct mgmt_cp_user_passkey_neg_reply *cp = data;
2263
2264 BT_DBG("");
2265
2266 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2267 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2268 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2269}
2270
2271static int update_name(struct hci_dev *hdev, const char *name)
2272{
2273 struct hci_cp_write_local_name cp;
2274
2275 memcpy(cp.name, name, sizeof(cp.name));
2276
2277 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2278}
2279
2280static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2281 u16 len)
2282{
2283 struct mgmt_cp_set_local_name *cp = data;
2284 struct pending_cmd *cmd;
2285 int err;
2286
2287 BT_DBG("");
2288
2289 hci_dev_lock(hdev);
2290
2291 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2292
2293 if (!hdev_is_powered(hdev)) {
2294 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2295
2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2297 data, len);
2298 if (err < 0)
2299 goto failed;
2300
2301 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2302 sk);
2303
2304 goto failed;
2305 }
2306
2307 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2308 if (!cmd) {
2309 err = -ENOMEM;
2310 goto failed;
2311 }
2312
2313 err = update_name(hdev, cp->name);
2314 if (err < 0)
2315 mgmt_pending_remove(cmd);
2316
2317failed:
2318 hci_dev_unlock(hdev);
2319 return err;
2320}
2321
2322static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2323 void *data, u16 data_len)
2324{
2325 struct pending_cmd *cmd;
2326 int err;
2327
2328 BT_DBG("%s", hdev->name);
2329
2330 hci_dev_lock(hdev);
2331
2332 if (!hdev_is_powered(hdev)) {
2333 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2334 MGMT_STATUS_NOT_POWERED);
2335 goto unlock;
2336 }
2337
2338 if (!lmp_ssp_capable(hdev)) {
2339 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2340 MGMT_STATUS_NOT_SUPPORTED);
2341 goto unlock;
2342 }
2343
2344 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2345 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2346 MGMT_STATUS_BUSY);
2347 goto unlock;
2348 }
2349
2350 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2351 if (!cmd) {
2352 err = -ENOMEM;
2353 goto unlock;
2354 }
2355
2356 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2357 if (err < 0)
2358 mgmt_pending_remove(cmd);
2359
2360unlock:
2361 hci_dev_unlock(hdev);
2362 return err;
2363}
2364
2365static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2366 void *data, u16 len)
2367{
2368 struct mgmt_cp_add_remote_oob_data *cp = data;
2369 u8 status;
2370 int err;
2371
2372 BT_DBG("%s ", hdev->name);
2373
2374 hci_dev_lock(hdev);
2375
2376 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2377 cp->randomizer);
2378 if (err < 0)
2379 status = MGMT_STATUS_FAILED;
2380 else
2381 status = MGMT_STATUS_SUCCESS;
2382
2383 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2384 &cp->addr, sizeof(cp->addr));
2385
2386 hci_dev_unlock(hdev);
2387 return err;
2388}
2389
2390static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2391 void *data, u16 len)
2392{
2393 struct mgmt_cp_remove_remote_oob_data *cp = data;
2394 u8 status;
2395 int err;
2396
2397 BT_DBG("%s", hdev->name);
2398
2399 hci_dev_lock(hdev);
2400
2401 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2402 if (err < 0)
2403 status = MGMT_STATUS_INVALID_PARAMS;
2404 else
2405 status = MGMT_STATUS_SUCCESS;
2406
2407 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2408 status, &cp->addr, sizeof(cp->addr));
2409
2410 hci_dev_unlock(hdev);
2411 return err;
2412}
2413
2414int mgmt_interleaved_discovery(struct hci_dev *hdev)
2415{
2416 int err;
2417
2418 BT_DBG("%s", hdev->name);
2419
2420 hci_dev_lock(hdev);
2421
2422 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2423 if (err < 0)
2424 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2425
2426 hci_dev_unlock(hdev);
2427
2428 return err;
2429}
2430
2431static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2432 void *data, u16 len)
2433{
2434 struct mgmt_cp_start_discovery *cp = data;
2435 struct pending_cmd *cmd;
2436 int err;
2437
2438 BT_DBG("%s", hdev->name);
2439
2440 hci_dev_lock(hdev);
2441
2442 if (!hdev_is_powered(hdev)) {
2443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2444 MGMT_STATUS_NOT_POWERED);
2445 goto failed;
2446 }
2447
2448 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2449 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2450 MGMT_STATUS_BUSY);
2451 goto failed;
2452 }
2453
2454 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2456 MGMT_STATUS_BUSY);
2457 goto failed;
2458 }
2459
2460 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2461 if (!cmd) {
2462 err = -ENOMEM;
2463 goto failed;
2464 }
2465
2466 hdev->discovery.type = cp->type;
2467
2468 switch (hdev->discovery.type) {
2469 case DISCOV_TYPE_BREDR:
2470 if (!lmp_bredr_capable(hdev)) {
2471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2472 MGMT_STATUS_NOT_SUPPORTED);
2473 mgmt_pending_remove(cmd);
2474 goto failed;
2475 }
2476
2477 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2478 break;
2479
2480 case DISCOV_TYPE_LE:
2481 if (!lmp_host_le_capable(hdev)) {
2482 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2483 MGMT_STATUS_NOT_SUPPORTED);
2484 mgmt_pending_remove(cmd);
2485 goto failed;
2486 }
2487
2488 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2489 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2490 break;
2491
2492 case DISCOV_TYPE_INTERLEAVED:
2493 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2494 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2495 MGMT_STATUS_NOT_SUPPORTED);
2496 mgmt_pending_remove(cmd);
2497 goto failed;
2498 }
2499
2500 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2501 LE_SCAN_TIMEOUT_BREDR_LE);
2502 break;
2503
2504 default:
2505 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2506 MGMT_STATUS_INVALID_PARAMS);
2507 mgmt_pending_remove(cmd);
2508 goto failed;
2509 }
2510
2511 if (err < 0)
2512 mgmt_pending_remove(cmd);
2513 else
2514 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2515
2516failed:
2517 hci_dev_unlock(hdev);
2518 return err;
2519}
2520
2521static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2522 u16 len)
2523{
2524 struct mgmt_cp_stop_discovery *mgmt_cp = data;
2525 struct pending_cmd *cmd;
2526 struct hci_cp_remote_name_req_cancel cp;
2527 struct inquiry_entry *e;
2528 int err;
2529
2530 BT_DBG("%s", hdev->name);
2531
2532 hci_dev_lock(hdev);
2533
2534 if (!hci_discovery_active(hdev)) {
2535 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2536 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2537 sizeof(mgmt_cp->type));
2538 goto unlock;
2539 }
2540
2541 if (hdev->discovery.type != mgmt_cp->type) {
2542 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2543 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2544 sizeof(mgmt_cp->type));
2545 goto unlock;
2546 }
2547
2548 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2549 if (!cmd) {
2550 err = -ENOMEM;
2551 goto unlock;
2552 }
2553
2554 switch (hdev->discovery.state) {
2555 case DISCOVERY_FINDING:
2556 if (test_bit(HCI_INQUIRY, &hdev->flags))
2557 err = hci_cancel_inquiry(hdev);
2558 else
2559 err = hci_cancel_le_scan(hdev);
2560
2561 break;
2562
2563 case DISCOVERY_RESOLVING:
2564 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2565 NAME_PENDING);
2566 if (!e) {
2567 mgmt_pending_remove(cmd);
2568 err = cmd_complete(sk, hdev->id,
2569 MGMT_OP_STOP_DISCOVERY, 0,
2570 &mgmt_cp->type,
2571 sizeof(mgmt_cp->type));
2572 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2573 goto unlock;
2574 }
2575
2576 bacpy(&cp.bdaddr, &e->data.bdaddr);
2577 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2578 sizeof(cp), &cp);
2579
2580 break;
2581
2582 default:
2583 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2584 err = -EFAULT;
2585 }
2586
2587 if (err < 0)
2588 mgmt_pending_remove(cmd);
2589 else
2590 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2591
2592unlock:
2593 hci_dev_unlock(hdev);
2594 return err;
2595}
2596
2597static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2598 u16 len)
2599{
2600 struct mgmt_cp_confirm_name *cp = data;
2601 struct inquiry_entry *e;
2602 int err;
2603
2604 BT_DBG("%s", hdev->name);
2605
2606 hci_dev_lock(hdev);
2607
2608 if (!hci_discovery_active(hdev)) {
2609 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2610 MGMT_STATUS_FAILED);
2611 goto failed;
2612 }
2613
2614 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2615 if (!e) {
2616 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2617 MGMT_STATUS_INVALID_PARAMS);
2618 goto failed;
2619 }
2620
2621 if (cp->name_known) {
2622 e->name_state = NAME_KNOWN;
2623 list_del(&e->list);
2624 } else {
2625 e->name_state = NAME_NEEDED;
2626 hci_inquiry_cache_update_resolve(hdev, e);
2627 }
2628
2629 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2630 sizeof(cp->addr));
2631
2632failed:
2633 hci_dev_unlock(hdev);
2634 return err;
2635}
2636
2637static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2638 u16 len)
2639{
2640 struct mgmt_cp_block_device *cp = data;
2641 u8 status;
2642 int err;
2643
2644 BT_DBG("%s", hdev->name);
2645
2646 if (!bdaddr_type_is_valid(cp->addr.type))
2647 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2648 MGMT_STATUS_INVALID_PARAMS,
2649 &cp->addr, sizeof(cp->addr));
2650
2651 hci_dev_lock(hdev);
2652
2653 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2654 if (err < 0)
2655 status = MGMT_STATUS_FAILED;
2656 else
2657 status = MGMT_STATUS_SUCCESS;
2658
2659 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2660 &cp->addr, sizeof(cp->addr));
2661
2662 hci_dev_unlock(hdev);
2663
2664 return err;
2665}
2666
2667static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2668 u16 len)
2669{
2670 struct mgmt_cp_unblock_device *cp = data;
2671 u8 status;
2672 int err;
2673
2674 BT_DBG("%s", hdev->name);
2675
2676 if (!bdaddr_type_is_valid(cp->addr.type))
2677 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2678 MGMT_STATUS_INVALID_PARAMS,
2679 &cp->addr, sizeof(cp->addr));
2680
2681 hci_dev_lock(hdev);
2682
2683 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2684 if (err < 0)
2685 status = MGMT_STATUS_INVALID_PARAMS;
2686 else
2687 status = MGMT_STATUS_SUCCESS;
2688
2689 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2690 &cp->addr, sizeof(cp->addr));
2691
2692 hci_dev_unlock(hdev);
2693
2694 return err;
2695}
2696
2697static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2698 u16 len)
2699{
2700 struct mgmt_cp_set_device_id *cp = data;
2701 int err;
2702 __u16 source;
2703
2704 BT_DBG("%s", hdev->name);
2705
2706 source = __le16_to_cpu(cp->source);
2707
2708 if (source > 0x0002)
2709 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2710 MGMT_STATUS_INVALID_PARAMS);
2711
2712 hci_dev_lock(hdev);
2713
2714 hdev->devid_source = source;
2715 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2716 hdev->devid_product = __le16_to_cpu(cp->product);
2717 hdev->devid_version = __le16_to_cpu(cp->version);
2718
2719 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2720
2721 update_eir(hdev);
2722
2723 hci_dev_unlock(hdev);
2724
2725 return err;
2726}
2727
2728static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2729 void *data, u16 len)
2730{
2731 struct mgmt_mode *cp = data;
2732 struct hci_cp_write_page_scan_activity acp;
2733 u8 type;
2734 int err;
2735
2736 BT_DBG("%s", hdev->name);
2737
2738 if (!lmp_bredr_capable(hdev))
2739 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2740 MGMT_STATUS_NOT_SUPPORTED);
2741
2742 if (cp->val != 0x00 && cp->val != 0x01)
2743 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2744 MGMT_STATUS_INVALID_PARAMS);
2745
2746 if (!hdev_is_powered(hdev))
2747 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2748 MGMT_STATUS_NOT_POWERED);
2749
2750 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2751 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2752 MGMT_STATUS_REJECTED);
2753
2754 hci_dev_lock(hdev);
2755
2756 if (cp->val) {
2757 type = PAGE_SCAN_TYPE_INTERLACED;
2758
2759
2760 acp.interval = __constant_cpu_to_le16(0x0100);
2761 } else {
2762 type = PAGE_SCAN_TYPE_STANDARD;
2763
2764
2765 acp.interval = __constant_cpu_to_le16(0x0800);
2766 }
2767
2768
2769 acp.window = __constant_cpu_to_le16(0x0012);
2770
2771 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2772 &acp);
2773 if (err < 0) {
2774 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2775 MGMT_STATUS_FAILED);
2776 goto done;
2777 }
2778
2779 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2780 if (err < 0) {
2781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2782 MGMT_STATUS_FAILED);
2783 goto done;
2784 }
2785
2786 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2787 NULL, 0);
2788done:
2789 hci_dev_unlock(hdev);
2790 return err;
2791}
2792
2793static bool ltk_is_valid(struct mgmt_ltk_info *key)
2794{
2795 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2796 return false;
2797 if (key->master != 0x00 && key->master != 0x01)
2798 return false;
2799 if (!bdaddr_type_is_le(key->addr.type))
2800 return false;
2801 return true;
2802}
2803
2804static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2805 void *cp_data, u16 len)
2806{
2807 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2808 u16 key_count, expected_len;
2809 int i, err;
2810
2811 key_count = __le16_to_cpu(cp->key_count);
2812
2813 expected_len = sizeof(*cp) + key_count *
2814 sizeof(struct mgmt_ltk_info);
2815 if (expected_len != len) {
2816 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2817 len, expected_len);
2818 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2819 MGMT_STATUS_INVALID_PARAMS);
2820 }
2821
2822 BT_DBG("%s key_count %u", hdev->name, key_count);
2823
2824 for (i = 0; i < key_count; i++) {
2825 struct mgmt_ltk_info *key = &cp->keys[i];
2826
2827 if (!ltk_is_valid(key))
2828 return cmd_status(sk, hdev->id,
2829 MGMT_OP_LOAD_LONG_TERM_KEYS,
2830 MGMT_STATUS_INVALID_PARAMS);
2831 }
2832
2833 hci_dev_lock(hdev);
2834
2835 hci_smp_ltks_clear(hdev);
2836
2837 for (i = 0; i < key_count; i++) {
2838 struct mgmt_ltk_info *key = &cp->keys[i];
2839 u8 type;
2840
2841 if (key->master)
2842 type = HCI_SMP_LTK;
2843 else
2844 type = HCI_SMP_LTK_SLAVE;
2845
2846 hci_add_ltk(hdev, &key->addr.bdaddr,
2847 bdaddr_to_le(key->addr.type),
2848 type, 0, key->authenticated, key->val,
2849 key->enc_size, key->ediv, key->rand);
2850 }
2851
2852 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2853 NULL, 0);
2854
2855 hci_dev_unlock(hdev);
2856
2857 return err;
2858}
2859
2860static const struct mgmt_handler {
2861 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2862 u16 data_len);
2863 bool var_len;
2864 size_t data_len;
2865} mgmt_handlers[] = {
2866 { NULL },
2867 { read_version, false, MGMT_READ_VERSION_SIZE },
2868 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2869 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2870 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2871 { set_powered, false, MGMT_SETTING_SIZE },
2872 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2873 { set_connectable, false, MGMT_SETTING_SIZE },
2874 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2875 { set_pairable, false, MGMT_SETTING_SIZE },
2876 { set_link_security, false, MGMT_SETTING_SIZE },
2877 { set_ssp, false, MGMT_SETTING_SIZE },
2878 { set_hs, false, MGMT_SETTING_SIZE },
2879 { set_le, false, MGMT_SETTING_SIZE },
2880 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2881 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2882 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2883 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2884 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2885 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2886 { disconnect, false, MGMT_DISCONNECT_SIZE },
2887 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2888 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2889 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2890 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2891 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2892 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2893 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2894 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2895 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2896 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2897 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2898 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2899 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2900 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2901 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2902 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2903 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2904 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2905 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
2906 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
2907};
2908
2909
2910int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2911{
2912 void *buf;
2913 u8 *cp;
2914 struct mgmt_hdr *hdr;
2915 u16 opcode, index, len;
2916 struct hci_dev *hdev = NULL;
2917 const struct mgmt_handler *handler;
2918 int err;
2919
2920 BT_DBG("got %zu bytes", msglen);
2921
2922 if (msglen < sizeof(*hdr))
2923 return -EINVAL;
2924
2925 buf = kmalloc(msglen, GFP_KERNEL);
2926 if (!buf)
2927 return -ENOMEM;
2928
2929 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2930 err = -EFAULT;
2931 goto done;
2932 }
2933
2934 hdr = buf;
2935 opcode = __le16_to_cpu(hdr->opcode);
2936 index = __le16_to_cpu(hdr->index);
2937 len = __le16_to_cpu(hdr->len);
2938
2939 if (len != msglen - sizeof(*hdr)) {
2940 err = -EINVAL;
2941 goto done;
2942 }
2943
2944 if (index != MGMT_INDEX_NONE) {
2945 hdev = hci_dev_get(index);
2946 if (!hdev) {
2947 err = cmd_status(sk, index, opcode,
2948 MGMT_STATUS_INVALID_INDEX);
2949 goto done;
2950 }
2951 }
2952
2953 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2954 mgmt_handlers[opcode].func == NULL) {
2955 BT_DBG("Unknown op %u", opcode);
2956 err = cmd_status(sk, index, opcode,
2957 MGMT_STATUS_UNKNOWN_COMMAND);
2958 goto done;
2959 }
2960
2961 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2962 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2963 err = cmd_status(sk, index, opcode,
2964 MGMT_STATUS_INVALID_INDEX);
2965 goto done;
2966 }
2967
2968 handler = &mgmt_handlers[opcode];
2969
2970 if ((handler->var_len && len < handler->data_len) ||
2971 (!handler->var_len && len != handler->data_len)) {
2972 err = cmd_status(sk, index, opcode,
2973 MGMT_STATUS_INVALID_PARAMS);
2974 goto done;
2975 }
2976
2977 if (hdev)
2978 mgmt_init_hdev(sk, hdev);
2979
2980 cp = buf + sizeof(*hdr);
2981
2982 err = handler->func(sk, hdev, cp, len);
2983 if (err < 0)
2984 goto done;
2985
2986 err = msglen;
2987
2988done:
2989 if (hdev)
2990 hci_dev_put(hdev);
2991
2992 kfree(buf);
2993 return err;
2994}
2995
2996static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2997{
2998 u8 *status = data;
2999
3000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3001 mgmt_pending_remove(cmd);
3002}
3003
3004int mgmt_index_added(struct hci_dev *hdev)
3005{
3006 if (!mgmt_valid_hdev(hdev))
3007 return -ENOTSUPP;
3008
3009 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
3010}
3011
3012int mgmt_index_removed(struct hci_dev *hdev)
3013{
3014 u8 status = MGMT_STATUS_INVALID_INDEX;
3015
3016 if (!mgmt_valid_hdev(hdev))
3017 return -ENOTSUPP;
3018
3019 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3020
3021 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
3022}
3023
3024struct cmd_lookup {
3025 struct sock *sk;
3026 struct hci_dev *hdev;
3027 u8 mgmt_status;
3028};
3029
3030static void settings_rsp(struct pending_cmd *cmd, void *data)
3031{
3032 struct cmd_lookup *match = data;
3033
3034 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
3035
3036 list_del(&cmd->list);
3037
3038 if (match->sk == NULL) {
3039 match->sk = cmd->sk;
3040 sock_hold(match->sk);
3041 }
3042
3043 mgmt_pending_free(cmd);
3044}
3045
3046static int set_bredr_scan(struct hci_dev *hdev)
3047{
3048 u8 scan = 0;
3049
3050 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3051 scan |= SCAN_PAGE;
3052 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3053 scan |= SCAN_INQUIRY;
3054
3055 if (!scan)
3056 return 0;
3057
3058 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3059}
3060
3061int mgmt_powered(struct hci_dev *hdev, u8 powered)
3062{
3063 struct cmd_lookup match = { NULL, hdev };
3064 int err;
3065
3066 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3067 return 0;
3068
3069 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3070
3071 if (powered) {
3072 u8 link_sec;
3073
3074 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3075 !lmp_host_ssp_capable(hdev)) {
3076 u8 ssp = 1;
3077
3078 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3079 }
3080
3081 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3082 struct hci_cp_write_le_host_supported cp;
3083
3084 cp.le = 1;
3085 cp.simul = lmp_le_br_capable(hdev);
3086
3087
3088
3089
3090 if (cp.le != lmp_host_le_capable(hdev) ||
3091 cp.simul != lmp_host_le_br_capable(hdev))
3092 hci_send_cmd(hdev,
3093 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3094 sizeof(cp), &cp);
3095 }
3096
3097 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3098 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3099 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
3100 sizeof(link_sec), &link_sec);
3101
3102 if (lmp_bredr_capable(hdev)) {
3103 set_bredr_scan(hdev);
3104 update_class(hdev);
3105 update_name(hdev, hdev->dev_name);
3106 update_eir(hdev);
3107 }
3108 } else {
3109 u8 status = MGMT_STATUS_NOT_POWERED;
3110 u8 zero_cod[] = { 0, 0, 0 };
3111
3112 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
3113
3114 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3115 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3116 zero_cod, sizeof(zero_cod), NULL);
3117 }
3118
3119 err = new_settings(hdev, match.sk);
3120
3121 if (match.sk)
3122 sock_put(match.sk);
3123
3124 return err;
3125}
3126
3127int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
3128{
3129 struct cmd_lookup match = { NULL, hdev };
3130 bool changed = false;
3131 int err = 0;
3132
3133 if (discoverable) {
3134 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3135 changed = true;
3136 } else {
3137 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3138 changed = true;
3139 }
3140
3141 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3142 &match);
3143
3144 if (changed)
3145 err = new_settings(hdev, match.sk);
3146
3147 if (match.sk)
3148 sock_put(match.sk);
3149
3150 return err;
3151}
3152
3153int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
3154{
3155 struct cmd_lookup match = { NULL, hdev };
3156 bool changed = false;
3157 int err = 0;
3158
3159 if (connectable) {
3160 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3161 changed = true;
3162 } else {
3163 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3164 changed = true;
3165 }
3166
3167 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3168 &match);
3169
3170 if (changed)
3171 err = new_settings(hdev, match.sk);
3172
3173 if (match.sk)
3174 sock_put(match.sk);
3175
3176 return err;
3177}
3178
3179int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
3180{
3181 u8 mgmt_err = mgmt_status(status);
3182
3183 if (scan & SCAN_PAGE)
3184 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
3185 cmd_status_rsp, &mgmt_err);
3186
3187 if (scan & SCAN_INQUIRY)
3188 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
3189 cmd_status_rsp, &mgmt_err);
3190
3191 return 0;
3192}
3193
3194int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3195 bool persistent)
3196{
3197 struct mgmt_ev_new_link_key ev;
3198
3199 memset(&ev, 0, sizeof(ev));
3200
3201 ev.store_hint = persistent;
3202 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3203 ev.key.addr.type = BDADDR_BREDR;
3204 ev.key.type = key->type;
3205 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
3206 ev.key.pin_len = key->pin_len;
3207
3208 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
3209}
3210
3211int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3212{
3213 struct mgmt_ev_new_long_term_key ev;
3214
3215 memset(&ev, 0, sizeof(ev));
3216
3217 ev.store_hint = persistent;
3218 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3219 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3220 ev.key.authenticated = key->authenticated;
3221 ev.key.enc_size = key->enc_size;
3222 ev.key.ediv = key->ediv;
3223
3224 if (key->type == HCI_SMP_LTK)
3225 ev.key.master = 1;
3226
3227 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3228 memcpy(ev.key.val, key->val, sizeof(key->val));
3229
3230 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3231 NULL);
3232}
3233
3234int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3235 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3236 u8 *dev_class)
3237{
3238 char buf[512];
3239 struct mgmt_ev_device_connected *ev = (void *) buf;
3240 u16 eir_len = 0;
3241
3242 bacpy(&ev->addr.bdaddr, bdaddr);
3243 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3244
3245 ev->flags = __cpu_to_le32(flags);
3246
3247 if (name_len > 0)
3248 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3249 name, name_len);
3250
3251 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3252 eir_len = eir_append_data(ev->eir, eir_len,
3253 EIR_CLASS_OF_DEV, dev_class, 3);
3254
3255 ev->eir_len = cpu_to_le16(eir_len);
3256
3257 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3258 sizeof(*ev) + eir_len, NULL);
3259}
3260
3261static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3262{
3263 struct mgmt_cp_disconnect *cp = cmd->param;
3264 struct sock **sk = data;
3265 struct mgmt_rp_disconnect rp;
3266
3267 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3268 rp.addr.type = cp->addr.type;
3269
3270 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3271 sizeof(rp));
3272
3273 *sk = cmd->sk;
3274 sock_hold(*sk);
3275
3276 mgmt_pending_remove(cmd);
3277}
3278
3279static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3280{
3281 struct hci_dev *hdev = data;
3282 struct mgmt_cp_unpair_device *cp = cmd->param;
3283 struct mgmt_rp_unpair_device rp;
3284
3285 memset(&rp, 0, sizeof(rp));
3286 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3287 rp.addr.type = cp->addr.type;
3288
3289 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3290
3291 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3292
3293 mgmt_pending_remove(cmd);
3294}
3295
3296int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3297 u8 link_type, u8 addr_type, u8 reason)
3298{
3299 struct mgmt_ev_device_disconnected ev;
3300 struct sock *sk = NULL;
3301 int err;
3302
3303 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3304
3305 bacpy(&ev.addr.bdaddr, bdaddr);
3306 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3307 ev.reason = reason;
3308
3309 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3310 sk);
3311
3312 if (sk)
3313 sock_put(sk);
3314
3315 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3316 hdev);
3317
3318 return err;
3319}
3320
3321int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3322 u8 link_type, u8 addr_type, u8 status)
3323{
3324 struct mgmt_rp_disconnect rp;
3325 struct pending_cmd *cmd;
3326 int err;
3327
3328 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3329 hdev);
3330
3331 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3332 if (!cmd)
3333 return -ENOENT;
3334
3335 bacpy(&rp.addr.bdaddr, bdaddr);
3336 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3337
3338 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3339 mgmt_status(status), &rp, sizeof(rp));
3340
3341 mgmt_pending_remove(cmd);
3342
3343 return err;
3344}
3345
3346int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3347 u8 addr_type, u8 status)
3348{
3349 struct mgmt_ev_connect_failed ev;
3350
3351 bacpy(&ev.addr.bdaddr, bdaddr);
3352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3353 ev.status = mgmt_status(status);
3354
3355 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3356}
3357
3358int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3359{
3360 struct mgmt_ev_pin_code_request ev;
3361
3362 bacpy(&ev.addr.bdaddr, bdaddr);
3363 ev.addr.type = BDADDR_BREDR;
3364 ev.secure = secure;
3365
3366 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3367 NULL);
3368}
3369
3370int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3371 u8 status)
3372{
3373 struct pending_cmd *cmd;
3374 struct mgmt_rp_pin_code_reply rp;
3375 int err;
3376
3377 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3378 if (!cmd)
3379 return -ENOENT;
3380
3381 bacpy(&rp.addr.bdaddr, bdaddr);
3382 rp.addr.type = BDADDR_BREDR;
3383
3384 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3385 mgmt_status(status), &rp, sizeof(rp));
3386
3387 mgmt_pending_remove(cmd);
3388
3389 return err;
3390}
3391
3392int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3393 u8 status)
3394{
3395 struct pending_cmd *cmd;
3396 struct mgmt_rp_pin_code_reply rp;
3397 int err;
3398
3399 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3400 if (!cmd)
3401 return -ENOENT;
3402
3403 bacpy(&rp.addr.bdaddr, bdaddr);
3404 rp.addr.type = BDADDR_BREDR;
3405
3406 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3407 mgmt_status(status), &rp, sizeof(rp));
3408
3409 mgmt_pending_remove(cmd);
3410
3411 return err;
3412}
3413
3414int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3415 u8 link_type, u8 addr_type, __le32 value,
3416 u8 confirm_hint)
3417{
3418 struct mgmt_ev_user_confirm_request ev;
3419
3420 BT_DBG("%s", hdev->name);
3421
3422 bacpy(&ev.addr.bdaddr, bdaddr);
3423 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3424 ev.confirm_hint = confirm_hint;
3425 ev.value = value;
3426
3427 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3428 NULL);
3429}
3430
3431int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3432 u8 link_type, u8 addr_type)
3433{
3434 struct mgmt_ev_user_passkey_request ev;
3435
3436 BT_DBG("%s", hdev->name);
3437
3438 bacpy(&ev.addr.bdaddr, bdaddr);
3439 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3440
3441 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3442 NULL);
3443}
3444
3445static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3446 u8 link_type, u8 addr_type, u8 status,
3447 u8 opcode)
3448{
3449 struct pending_cmd *cmd;
3450 struct mgmt_rp_user_confirm_reply rp;
3451 int err;
3452
3453 cmd = mgmt_pending_find(opcode, hdev);
3454 if (!cmd)
3455 return -ENOENT;
3456
3457 bacpy(&rp.addr.bdaddr, bdaddr);
3458 rp.addr.type = link_to_bdaddr(link_type, addr_type);
3459 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3460 &rp, sizeof(rp));
3461
3462 mgmt_pending_remove(cmd);
3463
3464 return err;
3465}
3466
3467int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3468 u8 link_type, u8 addr_type, u8 status)
3469{
3470 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3471 status, MGMT_OP_USER_CONFIRM_REPLY);
3472}
3473
3474int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3475 u8 link_type, u8 addr_type, u8 status)
3476{
3477 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3478 status,
3479 MGMT_OP_USER_CONFIRM_NEG_REPLY);
3480}
3481
3482int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3483 u8 link_type, u8 addr_type, u8 status)
3484{
3485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3486 status, MGMT_OP_USER_PASSKEY_REPLY);
3487}
3488
3489int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3490 u8 link_type, u8 addr_type, u8 status)
3491{
3492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3493 status,
3494 MGMT_OP_USER_PASSKEY_NEG_REPLY);
3495}
3496
3497int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3498 u8 link_type, u8 addr_type, u32 passkey,
3499 u8 entered)
3500{
3501 struct mgmt_ev_passkey_notify ev;
3502
3503 BT_DBG("%s", hdev->name);
3504
3505 bacpy(&ev.addr.bdaddr, bdaddr);
3506 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3507 ev.passkey = __cpu_to_le32(passkey);
3508 ev.entered = entered;
3509
3510 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3511}
3512
3513int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3514 u8 addr_type, u8 status)
3515{
3516 struct mgmt_ev_auth_failed ev;
3517
3518 bacpy(&ev.addr.bdaddr, bdaddr);
3519 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3520 ev.status = mgmt_status(status);
3521
3522 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3523}
3524
3525int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3526{
3527 struct cmd_lookup match = { NULL, hdev };
3528 bool changed = false;
3529 int err = 0;
3530
3531 if (status) {
3532 u8 mgmt_err = mgmt_status(status);
3533 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3534 cmd_status_rsp, &mgmt_err);
3535 return 0;
3536 }
3537
3538 if (test_bit(HCI_AUTH, &hdev->flags)) {
3539 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3540 changed = true;
3541 } else {
3542 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3543 changed = true;
3544 }
3545
3546 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3547 &match);
3548
3549 if (changed)
3550 err = new_settings(hdev, match.sk);
3551
3552 if (match.sk)
3553 sock_put(match.sk);
3554
3555 return err;
3556}
3557
3558static int clear_eir(struct hci_dev *hdev)
3559{
3560 struct hci_cp_write_eir cp;
3561
3562 if (!lmp_ext_inq_capable(hdev))
3563 return 0;
3564
3565 memset(hdev->eir, 0, sizeof(hdev->eir));
3566
3567 memset(&cp, 0, sizeof(cp));
3568
3569 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3570}
3571
3572int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3573{
3574 struct cmd_lookup match = { NULL, hdev };
3575 bool changed = false;
3576 int err = 0;
3577
3578 if (status) {
3579 u8 mgmt_err = mgmt_status(status);
3580
3581 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3582 &hdev->dev_flags))
3583 err = new_settings(hdev, NULL);
3584
3585 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3586 &mgmt_err);
3587
3588 return err;
3589 }
3590
3591 if (enable) {
3592 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3593 changed = true;
3594 } else {
3595 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3596 changed = true;
3597 }
3598
3599 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3600
3601 if (changed)
3602 err = new_settings(hdev, match.sk);
3603
3604 if (match.sk)
3605 sock_put(match.sk);
3606
3607 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3608 update_eir(hdev);
3609 else
3610 clear_eir(hdev);
3611
3612 return err;
3613}
3614
3615static void class_rsp(struct pending_cmd *cmd, void *data)
3616{
3617 struct cmd_lookup *match = data;
3618
3619 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3620 match->hdev->dev_class, 3);
3621
3622 list_del(&cmd->list);
3623
3624 if (match->sk == NULL) {
3625 match->sk = cmd->sk;
3626 sock_hold(match->sk);
3627 }
3628
3629 mgmt_pending_free(cmd);
3630}
3631
3632int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3633 u8 status)
3634{
3635 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3636 int err = 0;
3637
3638 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3639
3640 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3641 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3642 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3643
3644 if (!status)
3645 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3646 3, NULL);
3647
3648 if (match.sk)
3649 sock_put(match.sk);
3650
3651 return err;
3652}
3653
3654int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3655{
3656 struct pending_cmd *cmd;
3657 struct mgmt_cp_set_local_name ev;
3658 bool changed = false;
3659 int err = 0;
3660
3661 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3662 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3663 changed = true;
3664 }
3665
3666 memset(&ev, 0, sizeof(ev));
3667 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3668 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3669
3670 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3671 if (!cmd)
3672 goto send_event;
3673
3674
3675
3676 changed = true;
3677
3678 if (status) {
3679 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3680 mgmt_status(status));
3681 goto failed;
3682 }
3683
3684 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3685 sizeof(ev));
3686 if (err < 0)
3687 goto failed;
3688
3689send_event:
3690 if (changed)
3691 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3692 sizeof(ev), cmd ? cmd->sk : NULL);
3693
3694
3695
3696
3697
3698 if (!test_bit(HCI_INIT, &hdev->flags))
3699 update_eir(hdev);
3700
3701failed:
3702 if (cmd)
3703 mgmt_pending_remove(cmd);
3704 return err;
3705}
3706
3707int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3708 u8 *randomizer, u8 status)
3709{
3710 struct pending_cmd *cmd;
3711 int err;
3712
3713 BT_DBG("%s status %u", hdev->name, status);
3714
3715 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3716 if (!cmd)
3717 return -ENOENT;
3718
3719 if (status) {
3720 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3721 mgmt_status(status));
3722 } else {
3723 struct mgmt_rp_read_local_oob_data rp;
3724
3725 memcpy(rp.hash, hash, sizeof(rp.hash));
3726 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3727
3728 err = cmd_complete(cmd->sk, hdev->id,
3729 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3730 sizeof(rp));
3731 }
3732
3733 mgmt_pending_remove(cmd);
3734
3735 return err;
3736}
3737
3738int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3739{
3740 struct cmd_lookup match = { NULL, hdev };
3741 bool changed = false;
3742 int err = 0;
3743
3744 if (status) {
3745 u8 mgmt_err = mgmt_status(status);
3746
3747 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3748 &hdev->dev_flags))
3749 err = new_settings(hdev, NULL);
3750
3751 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3752 &mgmt_err);
3753
3754 return err;
3755 }
3756
3757 if (enable) {
3758 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3759 changed = true;
3760 } else {
3761 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3762 changed = true;
3763 }
3764
3765 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3766
3767 if (changed)
3768 err = new_settings(hdev, match.sk);
3769
3770 if (match.sk)
3771 sock_put(match.sk);
3772
3773 return err;
3774}
3775
3776int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3777 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3778 ssp, u8 *eir, u16 eir_len)
3779{
3780 char buf[512];
3781 struct mgmt_ev_device_found *ev = (void *) buf;
3782 size_t ev_size;
3783
3784
3785 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3786 return -EINVAL;
3787
3788 memset(buf, 0, sizeof(buf));
3789
3790 bacpy(&ev->addr.bdaddr, bdaddr);
3791 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3792 ev->rssi = rssi;
3793 if (cfm_name)
3794 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
3795 if (!ssp)
3796 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
3797
3798 if (eir_len > 0)
3799 memcpy(ev->eir, eir, eir_len);
3800
3801 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3802 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3803 dev_class, 3);
3804
3805 ev->eir_len = cpu_to_le16(eir_len);
3806 ev_size = sizeof(*ev) + eir_len;
3807
3808 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3809}
3810
3811int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3812 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3813{
3814 struct mgmt_ev_device_found *ev;
3815 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3816 u16 eir_len;
3817
3818 ev = (struct mgmt_ev_device_found *) buf;
3819
3820 memset(buf, 0, sizeof(buf));
3821
3822 bacpy(&ev->addr.bdaddr, bdaddr);
3823 ev->addr.type = link_to_bdaddr(link_type, addr_type);
3824 ev->rssi = rssi;
3825
3826 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3827 name_len);
3828
3829 ev->eir_len = cpu_to_le16(eir_len);
3830
3831 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3832 sizeof(*ev) + eir_len, NULL);
3833}
3834
3835int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3836{
3837 struct pending_cmd *cmd;
3838 u8 type;
3839 int err;
3840
3841 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3842
3843 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3844 if (!cmd)
3845 return -ENOENT;
3846
3847 type = hdev->discovery.type;
3848
3849 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3850 &type, sizeof(type));
3851 mgmt_pending_remove(cmd);
3852
3853 return err;
3854}
3855
3856int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3857{
3858 struct pending_cmd *cmd;
3859 int err;
3860
3861 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3862 if (!cmd)
3863 return -ENOENT;
3864
3865 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3866 &hdev->discovery.type, sizeof(hdev->discovery.type));
3867 mgmt_pending_remove(cmd);
3868
3869 return err;
3870}
3871
3872int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3873{
3874 struct mgmt_ev_discovering ev;
3875 struct pending_cmd *cmd;
3876
3877 BT_DBG("%s discovering %u", hdev->name, discovering);
3878
3879 if (discovering)
3880 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3881 else
3882 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3883
3884 if (cmd != NULL) {
3885 u8 type = hdev->discovery.type;
3886
3887 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3888 sizeof(type));
3889 mgmt_pending_remove(cmd);
3890 }
3891
3892 memset(&ev, 0, sizeof(ev));
3893 ev.type = hdev->discovery.type;
3894 ev.discovering = discovering;
3895
3896 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3897}
3898
3899int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3900{
3901 struct pending_cmd *cmd;
3902 struct mgmt_ev_device_blocked ev;
3903
3904 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3905
3906 bacpy(&ev.addr.bdaddr, bdaddr);
3907 ev.addr.type = type;
3908
3909 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3910 cmd ? cmd->sk : NULL);
3911}
3912
3913int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3914{
3915 struct pending_cmd *cmd;
3916 struct mgmt_ev_device_unblocked ev;
3917
3918 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3919
3920 bacpy(&ev.addr.bdaddr, bdaddr);
3921 ev.addr.type = type;
3922
3923 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3924 cmd ? cmd->sk : NULL);
3925}
3926
3927module_param(enable_hs, bool, 0644);
3928MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3929
