CoCalc -- mgmt.c

GitHub Repository: awilliam/linux-vfio
Path: blob/master/net/bluetooth/mgmt.c
¹⁵¹⁰⁹ views
1
/*
2
   BlueZ - Bluetooth protocol stack for Linux
3
   Copyright (C) 2010  Nokia Corporation
4

5
   This program is free software; you can redistribute it and/or modify
6
   it under the terms of the GNU General Public License version 2 as
7
   published by the Free Software Foundation;
8

9
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17

18
   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20
   SOFTWARE IS DISCLAIMED.
21
*/
22

23
/* Bluetooth HCI Management interface */
24

25
#include <linux/uaccess.h>
26
#include <asm/unaligned.h>
27

28
#include <net/bluetooth/bluetooth.h>
29
#include <net/bluetooth/hci_core.h>
30
#include <net/bluetooth/mgmt.h>
31

32
#define MGMT_VERSION	0
33
#define MGMT_REVISION	1
34

35
struct pending_cmd {
36
	struct list_head list;
37
	__u16 opcode;
38
	int index;
39
	void *param;
40
	struct sock *sk;
41
	void *user_data;
42
};
43

44
LIST_HEAD(cmd_list);
45

46
static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
47
{
48
	struct sk_buff *skb;
49
	struct mgmt_hdr *hdr;
50
	struct mgmt_ev_cmd_status *ev;
51

52
	BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
53

54
	skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
55
	if (!skb)
56
		return -ENOMEM;
57

58
	hdr = (void *) skb_put(skb, sizeof(*hdr));
59

60
	hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
61
	hdr->index = cpu_to_le16(index);
62
	hdr->len = cpu_to_le16(sizeof(*ev));
63

64
	ev = (void *) skb_put(skb, sizeof(*ev));
65
	ev->status = status;
66
	put_unaligned_le16(cmd, &ev->opcode);
67

68
	if (sock_queue_rcv_skb(sk, skb) < 0)
69
		kfree_skb(skb);
70

71
	return 0;
72
}
73

74
static int cmd_complete(struct sock *sk, u16 index, u16 cmd, void *rp,
75
								size_t rp_len)
76
{
77
	struct sk_buff *skb;
78
	struct mgmt_hdr *hdr;
79
	struct mgmt_ev_cmd_complete *ev;
80

81
	BT_DBG("sock %p", sk);
82

83
	skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
84
	if (!skb)
85
		return -ENOMEM;
86

87
	hdr = (void *) skb_put(skb, sizeof(*hdr));
88

89
	hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
90
	hdr->index = cpu_to_le16(index);
91
	hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
92

93
	ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
94
	put_unaligned_le16(cmd, &ev->opcode);
95

96
	if (rp)
97
		memcpy(ev->data, rp, rp_len);
98

99
	if (sock_queue_rcv_skb(sk, skb) < 0)
100
		kfree_skb(skb);
101

102
	return 0;
103
}
104

105
static int read_version(struct sock *sk)
106
{
107
	struct mgmt_rp_read_version rp;
108

109
	BT_DBG("sock %p", sk);
110

111
	rp.version = MGMT_VERSION;
112
	put_unaligned_le16(MGMT_REVISION, &rp.revision);
113

114
	return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, &rp,
115
								sizeof(rp));
116
}
117

118
static int read_index_list(struct sock *sk)
119
{
120
	struct mgmt_rp_read_index_list *rp;
121
	struct list_head *p;
122
	size_t rp_len;
123
	u16 count;
124
	int i, err;
125

126
	BT_DBG("sock %p", sk);
127

128
	read_lock(&hci_dev_list_lock);
129

130
	count = 0;
131
	list_for_each(p, &hci_dev_list) {
132
		count++;
133
	}
134

135
	rp_len = sizeof(*rp) + (2 * count);
136
	rp = kmalloc(rp_len, GFP_ATOMIC);
137
	if (!rp) {
138
		read_unlock(&hci_dev_list_lock);
139
		return -ENOMEM;
140
	}
141

142
	put_unaligned_le16(count, &rp->num_controllers);
143

144
	i = 0;
145
	list_for_each(p, &hci_dev_list) {
146
		struct hci_dev *d = list_entry(p, struct hci_dev, list);
147

148
		hci_del_off_timer(d);
149

150
		set_bit(HCI_MGMT, &d->flags);
151

152
		if (test_bit(HCI_SETUP, &d->flags))
153
			continue;
154

155
		put_unaligned_le16(d->id, &rp->index[i++]);
156
		BT_DBG("Added hci%u", d->id);
157
	}
158

159
	read_unlock(&hci_dev_list_lock);
160

161
	err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, rp,
162
									rp_len);
163

164
	kfree(rp);
165

166
	return err;
167
}
168

169
static int read_controller_info(struct sock *sk, u16 index)
170
{
171
	struct mgmt_rp_read_info rp;
172
	struct hci_dev *hdev;
173

174
	BT_DBG("sock %p hci%u", sk, index);
175

176
	hdev = hci_dev_get(index);
177
	if (!hdev)
178
		return cmd_status(sk, index, MGMT_OP_READ_INFO, ENODEV);
179

180
	hci_del_off_timer(hdev);
181

182
	hci_dev_lock(hdev);
183

184
	set_bit(HCI_MGMT, &hdev->flags);
185

186
	memset(&rp, 0, sizeof(rp));
187

188
	rp.type = hdev->dev_type;
189

190
	rp.powered = test_bit(HCI_UP, &hdev->flags);
191
	rp.connectable = test_bit(HCI_PSCAN, &hdev->flags);
192
	rp.discoverable = test_bit(HCI_ISCAN, &hdev->flags);
193
	rp.pairable = test_bit(HCI_PSCAN, &hdev->flags);
194

195
	if (test_bit(HCI_AUTH, &hdev->flags))
196
		rp.sec_mode = 3;
197
	else if (hdev->ssp_mode > 0)
198
		rp.sec_mode = 4;
199
	else
200
		rp.sec_mode = 2;
201

202
	bacpy(&rp.bdaddr, &hdev->bdaddr);
203
	memcpy(rp.features, hdev->features, 8);
204
	memcpy(rp.dev_class, hdev->dev_class, 3);
205
	put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
206
	rp.hci_ver = hdev->hci_ver;
207
	put_unaligned_le16(hdev->hci_rev, &rp.hci_rev);
208

209
	memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
210

211
	hci_dev_unlock(hdev);
212
	hci_dev_put(hdev);
213

214
	return cmd_complete(sk, index, MGMT_OP_READ_INFO, &rp, sizeof(rp));
215
}
216

217
static void mgmt_pending_free(struct pending_cmd *cmd)
218
{
219
	sock_put(cmd->sk);
220
	kfree(cmd->param);
221
	kfree(cmd);
222
}
223

224
static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
225
						u16 index, void *data, u16 len)
226
{
227
	struct pending_cmd *cmd;
228

229
	cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
230
	if (!cmd)
231
		return NULL;
232

233
	cmd->opcode = opcode;
234
	cmd->index = index;
235

236
	cmd->param = kmalloc(len, GFP_ATOMIC);
237
	if (!cmd->param) {
238
		kfree(cmd);
239
		return NULL;
240
	}
241

242
	if (data)
243
		memcpy(cmd->param, data, len);
244

245
	cmd->sk = sk;
246
	sock_hold(sk);
247

248
	list_add(&cmd->list, &cmd_list);
249

250
	return cmd;
251
}
252

253
static void mgmt_pending_foreach(u16 opcode, int index,
254
				void (*cb)(struct pending_cmd *cmd, void *data),
255
				void *data)
256
{
257
	struct list_head *p, *n;
258

259
	list_for_each_safe(p, n, &cmd_list) {
260
		struct pending_cmd *cmd;
261

262
		cmd = list_entry(p, struct pending_cmd, list);
263

264
		if (cmd->opcode != opcode)
265
			continue;
266

267
		if (index >= 0 && cmd->index != index)
268
			continue;
269

270
		cb(cmd, data);
271
	}
272
}
273

274
static struct pending_cmd *mgmt_pending_find(u16 opcode, int index)
275
{
276
	struct list_head *p;
277

278
	list_for_each(p, &cmd_list) {
279
		struct pending_cmd *cmd;
280

281
		cmd = list_entry(p, struct pending_cmd, list);
282

283
		if (cmd->opcode != opcode)
284
			continue;
285

286
		if (index >= 0 && cmd->index != index)
287
			continue;
288

289
		return cmd;
290
	}
291

292
	return NULL;
293
}
294

295
static void mgmt_pending_remove(struct pending_cmd *cmd)
296
{
297
	list_del(&cmd->list);
298
	mgmt_pending_free(cmd);
299
}
300

301
static int set_powered(struct sock *sk, u16 index, unsigned char *data, u16 len)
302
{
303
	struct mgmt_mode *cp;
304
	struct hci_dev *hdev;
305
	struct pending_cmd *cmd;
306
	int err, up;
307

308
	cp = (void *) data;
309

310
	BT_DBG("request for hci%u", index);
311

312
	if (len != sizeof(*cp))
313
		return cmd_status(sk, index, MGMT_OP_SET_POWERED, EINVAL);
314

315
	hdev = hci_dev_get(index);
316
	if (!hdev)
317
		return cmd_status(sk, index, MGMT_OP_SET_POWERED, ENODEV);
318

319
	hci_dev_lock(hdev);
320

321
	up = test_bit(HCI_UP, &hdev->flags);
322
	if ((cp->val && up) || (!cp->val && !up)) {
323
		err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EALREADY);
324
		goto failed;
325
	}
326

327
	if (mgmt_pending_find(MGMT_OP_SET_POWERED, index)) {
328
		err = cmd_status(sk, index, MGMT_OP_SET_POWERED, EBUSY);
329
		goto failed;
330
	}
331

332
	cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, index, data, len);
333
	if (!cmd) {
334
		err = -ENOMEM;
335
		goto failed;
336
	}
337

338
	if (cp->val)
339
		queue_work(hdev->workqueue, &hdev->power_on);
340
	else
341
		queue_work(hdev->workqueue, &hdev->power_off);
342

343
	err = 0;
344

345
failed:
346
	hci_dev_unlock(hdev);
347
	hci_dev_put(hdev);
348
	return err;
349
}
350

351
static int set_discoverable(struct sock *sk, u16 index, unsigned char *data,
352
									u16 len)
353
{
354
	struct mgmt_mode *cp;
355
	struct hci_dev *hdev;
356
	struct pending_cmd *cmd;
357
	u8 scan;
358
	int err;
359

360
	cp = (void *) data;
361

362
	BT_DBG("request for hci%u", index);
363

364
	if (len != sizeof(*cp))
365
		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EINVAL);
366

367
	hdev = hci_dev_get(index);
368
	if (!hdev)
369
		return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENODEV);
370

371
	hci_dev_lock(hdev);
372

373
	if (!test_bit(HCI_UP, &hdev->flags)) {
374
		err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, ENETDOWN);
375
		goto failed;
376
	}
377

378
	if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
379
			mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
380
		err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EBUSY);
381
		goto failed;
382
	}
383

384
	if (cp->val == test_bit(HCI_ISCAN, &hdev->flags) &&
385
					test_bit(HCI_PSCAN, &hdev->flags)) {
386
		err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE, EALREADY);
387
		goto failed;
388
	}
389

390
	cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, index, data, len);
391
	if (!cmd) {
392
		err = -ENOMEM;
393
		goto failed;
394
	}
395

396
	scan = SCAN_PAGE;
397

398
	if (cp->val)
399
		scan |= SCAN_INQUIRY;
400

401
	err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
402
	if (err < 0)
403
		mgmt_pending_remove(cmd);
404

405
failed:
406
	hci_dev_unlock(hdev);
407
	hci_dev_put(hdev);
408

409
	return err;
410
}
411

412
static int set_connectable(struct sock *sk, u16 index, unsigned char *data,
413
									u16 len)
414
{
415
	struct mgmt_mode *cp;
416
	struct hci_dev *hdev;
417
	struct pending_cmd *cmd;
418
	u8 scan;
419
	int err;
420

421
	cp = (void *) data;
422

423
	BT_DBG("request for hci%u", index);
424

425
	if (len != sizeof(*cp))
426
		return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EINVAL);
427

428
	hdev = hci_dev_get(index);
429
	if (!hdev)
430
		return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENODEV);
431

432
	hci_dev_lock(hdev);
433

434
	if (!test_bit(HCI_UP, &hdev->flags)) {
435
		err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, ENETDOWN);
436
		goto failed;
437
	}
438

439
	if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, index) ||
440
			mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, index)) {
441
		err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EBUSY);
442
		goto failed;
443
	}
444

445
	if (cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
446
		err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE, EALREADY);
447
		goto failed;
448
	}
449

450
	cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, index, data, len);
451
	if (!cmd) {
452
		err = -ENOMEM;
453
		goto failed;
454
	}
455

456
	if (cp->val)
457
		scan = SCAN_PAGE;
458
	else
459
		scan = 0;
460

461
	err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
462
	if (err < 0)
463
		mgmt_pending_remove(cmd);
464

465
failed:
466
	hci_dev_unlock(hdev);
467
	hci_dev_put(hdev);
468

469
	return err;
470
}
471

472
static int mgmt_event(u16 event, u16 index, void *data, u16 data_len,
473
							struct sock *skip_sk)
474
{
475
	struct sk_buff *skb;
476
	struct mgmt_hdr *hdr;
477

478
	skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
479
	if (!skb)
480
		return -ENOMEM;
481

482
	bt_cb(skb)->channel = HCI_CHANNEL_CONTROL;
483

484
	hdr = (void *) skb_put(skb, sizeof(*hdr));
485
	hdr->opcode = cpu_to_le16(event);
486
	hdr->index = cpu_to_le16(index);
487
	hdr->len = cpu_to_le16(data_len);
488

489
	if (data)
490
		memcpy(skb_put(skb, data_len), data, data_len);
491

492
	hci_send_to_sock(NULL, skb, skip_sk);
493
	kfree_skb(skb);
494

495
	return 0;
496
}
497

498
static int send_mode_rsp(struct sock *sk, u16 opcode, u16 index, u8 val)
499
{
500
	struct mgmt_mode rp;
501

502
	rp.val = val;
503

504
	return cmd_complete(sk, index, opcode, &rp, sizeof(rp));
505
}
506

507
static int set_pairable(struct sock *sk, u16 index, unsigned char *data,
508
									u16 len)
509
{
510
	struct mgmt_mode *cp, ev;
511
	struct hci_dev *hdev;
512
	int err;
513

514
	cp = (void *) data;
515

516
	BT_DBG("request for hci%u", index);
517

518
	if (len != sizeof(*cp))
519
		return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, EINVAL);
520

521
	hdev = hci_dev_get(index);
522
	if (!hdev)
523
		return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE, ENODEV);
524

525
	hci_dev_lock(hdev);
526

527
	if (cp->val)
528
		set_bit(HCI_PAIRABLE, &hdev->flags);
529
	else
530
		clear_bit(HCI_PAIRABLE, &hdev->flags);
531

532
	err = send_mode_rsp(sk, MGMT_OP_SET_PAIRABLE, index, cp->val);
533
	if (err < 0)
534
		goto failed;
535

536
	ev.val = cp->val;
537

538
	err = mgmt_event(MGMT_EV_PAIRABLE, index, &ev, sizeof(ev), sk);
539

540
failed:
541
	hci_dev_unlock(hdev);
542
	hci_dev_put(hdev);
543

544
	return err;
545
}
546

547
#define EIR_FLAGS		0x01 /* flags */
548
#define EIR_UUID16_SOME		0x02 /* 16-bit UUID, more available */
549
#define EIR_UUID16_ALL		0x03 /* 16-bit UUID, all listed */
550
#define EIR_UUID32_SOME		0x04 /* 32-bit UUID, more available */
551
#define EIR_UUID32_ALL		0x05 /* 32-bit UUID, all listed */
552
#define EIR_UUID128_SOME	0x06 /* 128-bit UUID, more available */
553
#define EIR_UUID128_ALL		0x07 /* 128-bit UUID, all listed */
554
#define EIR_NAME_SHORT		0x08 /* shortened local name */
555
#define EIR_NAME_COMPLETE	0x09 /* complete local name */
556
#define EIR_TX_POWER		0x0A /* transmit power level */
557
#define EIR_DEVICE_ID		0x10 /* device ID */
558

559
#define PNP_INFO_SVCLASS_ID		0x1200
560

561
static u8 bluetooth_base_uuid[] = {
562
			0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
563
			0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
564
};
565

566
static u16 get_uuid16(u8 *uuid128)
567
{
568
	u32 val;
569
	int i;
570

571
	for (i = 0; i < 12; i++) {
572
		if (bluetooth_base_uuid[i] != uuid128[i])
573
			return 0;
574
	}
575

576
	memcpy(&val, &uuid128[12], 4);
577

578
	val = le32_to_cpu(val);
579
	if (val > 0xffff)
580
		return 0;
581

582
	return (u16) val;
583
}
584

585
static void create_eir(struct hci_dev *hdev, u8 *data)
586
{
587
	u8 *ptr = data;
588
	u16 eir_len = 0;
589
	u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
590
	int i, truncated = 0;
591
	struct list_head *p;
592
	size_t name_len;
593

594
	name_len = strlen(hdev->dev_name);
595

596
	if (name_len > 0) {
597
		/* EIR Data type */
598
		if (name_len > 48) {
599
			name_len = 48;
600
			ptr[1] = EIR_NAME_SHORT;
601
		} else
602
			ptr[1] = EIR_NAME_COMPLETE;
603

604
		/* EIR Data length */
605
		ptr[0] = name_len + 1;
606

607
		memcpy(ptr + 2, hdev->dev_name, name_len);
608

609
		eir_len += (name_len + 2);
610
		ptr += (name_len + 2);
611
	}
612

613
	memset(uuid16_list, 0, sizeof(uuid16_list));
614

615
	/* Group all UUID16 types */
616
	list_for_each(p, &hdev->uuids) {
617
		struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
618
		u16 uuid16;
619

620
		uuid16 = get_uuid16(uuid->uuid);
621
		if (uuid16 == 0)
622
			return;
623

624
		if (uuid16 < 0x1100)
625
			continue;
626

627
		if (uuid16 == PNP_INFO_SVCLASS_ID)
628
			continue;
629

630
		/* Stop if not enough space to put next UUID */
631
		if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
632
			truncated = 1;
633
			break;
634
		}
635

636
		/* Check for duplicates */
637
		for (i = 0; uuid16_list[i] != 0; i++)
638
			if (uuid16_list[i] == uuid16)
639
				break;
640

641
		if (uuid16_list[i] == 0) {
642
			uuid16_list[i] = uuid16;
643
			eir_len += sizeof(u16);
644
		}
645
	}
646

647
	if (uuid16_list[0] != 0) {
648
		u8 *length = ptr;
649

650
		/* EIR Data type */
651
		ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
652

653
		ptr += 2;
654
		eir_len += 2;
655

656
		for (i = 0; uuid16_list[i] != 0; i++) {
657
			*ptr++ = (uuid16_list[i] & 0x00ff);
658
			*ptr++ = (uuid16_list[i] & 0xff00) >> 8;
659
		}
660

661
		/* EIR Data length */
662
		*length = (i * sizeof(u16)) + 1;
663
	}
664
}
665

666
static int update_eir(struct hci_dev *hdev)
667
{
668
	struct hci_cp_write_eir cp;
669

670
	if (!(hdev->features[6] & LMP_EXT_INQ))
671
		return 0;
672

673
	if (hdev->ssp_mode == 0)
674
		return 0;
675

676
	if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
677
		return 0;
678

679
	memset(&cp, 0, sizeof(cp));
680

681
	create_eir(hdev, cp.data);
682

683
	if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
684
		return 0;
685

686
	memcpy(hdev->eir, cp.data, sizeof(cp.data));
687

688
	return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
689
}
690

691
static u8 get_service_classes(struct hci_dev *hdev)
692
{
693
	struct list_head *p;
694
	u8 val = 0;
695

696
	list_for_each(p, &hdev->uuids) {
697
		struct bt_uuid *uuid = list_entry(p, struct bt_uuid, list);
698

699
		val |= uuid->svc_hint;
700
	}
701

702
	return val;
703
}
704

705
static int update_class(struct hci_dev *hdev)
706
{
707
	u8 cod[3];
708

709
	BT_DBG("%s", hdev->name);
710

711
	if (test_bit(HCI_SERVICE_CACHE, &hdev->flags))
712
		return 0;
713

714
	cod[0] = hdev->minor_class;
715
	cod[1] = hdev->major_class;
716
	cod[2] = get_service_classes(hdev);
717

718
	if (memcmp(cod, hdev->dev_class, 3) == 0)
719
		return 0;
720

721
	return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
722
}
723

724
static int add_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
725
{
726
	struct mgmt_cp_add_uuid *cp;
727
	struct hci_dev *hdev;
728
	struct bt_uuid *uuid;
729
	int err;
730

731
	cp = (void *) data;
732

733
	BT_DBG("request for hci%u", index);
734

735
	if (len != sizeof(*cp))
736
		return cmd_status(sk, index, MGMT_OP_ADD_UUID, EINVAL);
737

738
	hdev = hci_dev_get(index);
739
	if (!hdev)
740
		return cmd_status(sk, index, MGMT_OP_ADD_UUID, ENODEV);
741

742
	hci_dev_lock(hdev);
743

744
	uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
745
	if (!uuid) {
746
		err = -ENOMEM;
747
		goto failed;
748
	}
749

750
	memcpy(uuid->uuid, cp->uuid, 16);
751
	uuid->svc_hint = cp->svc_hint;
752

753
	list_add(&uuid->list, &hdev->uuids);
754

755
	err = update_class(hdev);
756
	if (err < 0)
757
		goto failed;
758

759
	err = update_eir(hdev);
760
	if (err < 0)
761
		goto failed;
762

763
	err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, NULL, 0);
764

765
failed:
766
	hci_dev_unlock(hdev);
767
	hci_dev_put(hdev);
768

769
	return err;
770
}
771

772
static int remove_uuid(struct sock *sk, u16 index, unsigned char *data, u16 len)
773
{
774
	struct list_head *p, *n;
775
	struct mgmt_cp_remove_uuid *cp;
776
	struct hci_dev *hdev;
777
	u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
778
	int err, found;
779

780
	cp = (void *) data;
781

782
	BT_DBG("request for hci%u", index);
783

784
	if (len != sizeof(*cp))
785
		return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, EINVAL);
786

787
	hdev = hci_dev_get(index);
788
	if (!hdev)
789
		return cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENODEV);
790

791
	hci_dev_lock(hdev);
792

793
	if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
794
		err = hci_uuids_clear(hdev);
795
		goto unlock;
796
	}
797

798
	found = 0;
799

800
	list_for_each_safe(p, n, &hdev->uuids) {
801
		struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
802

803
		if (memcmp(match->uuid, cp->uuid, 16) != 0)
804
			continue;
805

806
		list_del(&match->list);
807
		found++;
808
	}
809

810
	if (found == 0) {
811
		err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID, ENOENT);
812
		goto unlock;
813
	}
814

815
	err = update_class(hdev);
816
	if (err < 0)
817
		goto unlock;
818

819
	err = update_eir(hdev);
820
	if (err < 0)
821
		goto unlock;
822

823
	err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, NULL, 0);
824

825
unlock:
826
	hci_dev_unlock(hdev);
827
	hci_dev_put(hdev);
828

829
	return err;
830
}
831

832
static int set_dev_class(struct sock *sk, u16 index, unsigned char *data,
833
									u16 len)
834
{
835
	struct hci_dev *hdev;
836
	struct mgmt_cp_set_dev_class *cp;
837
	int err;
838

839
	cp = (void *) data;
840

841
	BT_DBG("request for hci%u", index);
842

843
	if (len != sizeof(*cp))
844
		return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, EINVAL);
845

846
	hdev = hci_dev_get(index);
847
	if (!hdev)
848
		return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS, ENODEV);
849

850
	hci_dev_lock(hdev);
851

852
	hdev->major_class = cp->major;
853
	hdev->minor_class = cp->minor;
854

855
	err = update_class(hdev);
856

857
	if (err == 0)
858
		err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, NULL, 0);
859

860
	hci_dev_unlock(hdev);
861
	hci_dev_put(hdev);
862

863
	return err;
864
}
865

866
static int set_service_cache(struct sock *sk, u16 index,  unsigned char *data,
867
									u16 len)
868
{
869
	struct hci_dev *hdev;
870
	struct mgmt_cp_set_service_cache *cp;
871
	int err;
872

873
	cp = (void *) data;
874

875
	if (len != sizeof(*cp))
876
		return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, EINVAL);
877

878
	hdev = hci_dev_get(index);
879
	if (!hdev)
880
		return cmd_status(sk, index, MGMT_OP_SET_SERVICE_CACHE, ENODEV);
881

882
	hci_dev_lock(hdev);
883

884
	BT_DBG("hci%u enable %d", index, cp->enable);
885

886
	if (cp->enable) {
887
		set_bit(HCI_SERVICE_CACHE, &hdev->flags);
888
		err = 0;
889
	} else {
890
		clear_bit(HCI_SERVICE_CACHE, &hdev->flags);
891
		err = update_class(hdev);
892
		if (err == 0)
893
			err = update_eir(hdev);
894
	}
895

896
	if (err == 0)
897
		err = cmd_complete(sk, index, MGMT_OP_SET_SERVICE_CACHE, NULL,
898
									0);
899

900
	hci_dev_unlock(hdev);
901
	hci_dev_put(hdev);
902

903
	return err;
904
}
905

906
static int load_keys(struct sock *sk, u16 index, unsigned char *data, u16 len)
907
{
908
	struct hci_dev *hdev;
909
	struct mgmt_cp_load_keys *cp;
910
	u16 key_count, expected_len;
911
	int i;
912

913
	cp = (void *) data;
914

915
	if (len < sizeof(*cp))
916
		return -EINVAL;
917

918
	key_count = get_unaligned_le16(&cp->key_count);
919

920
	expected_len = sizeof(*cp) + key_count * sizeof(struct mgmt_key_info);
921
	if (expected_len != len) {
922
		BT_ERR("load_keys: expected %u bytes, got %u bytes",
923
							len, expected_len);
924
		return -EINVAL;
925
	}
926

927
	hdev = hci_dev_get(index);
928
	if (!hdev)
929
		return cmd_status(sk, index, MGMT_OP_LOAD_KEYS, ENODEV);
930

931
	BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
932
								key_count);
933

934
	hci_dev_lock(hdev);
935

936
	hci_link_keys_clear(hdev);
937

938
	set_bit(HCI_LINK_KEYS, &hdev->flags);
939

940
	if (cp->debug_keys)
941
		set_bit(HCI_DEBUG_KEYS, &hdev->flags);
942
	else
943
		clear_bit(HCI_DEBUG_KEYS, &hdev->flags);
944

945
	for (i = 0; i < key_count; i++) {
946
		struct mgmt_key_info *key = &cp->keys[i];
947

948
		hci_add_link_key(hdev, NULL, 0, &key->bdaddr, key->val, key->type,
949
								key->pin_len);
950
	}
951

952
	hci_dev_unlock(hdev);
953
	hci_dev_put(hdev);
954

955
	return 0;
956
}
957

958
static int remove_key(struct sock *sk, u16 index, unsigned char *data, u16 len)
959
{
960
	struct hci_dev *hdev;
961
	struct mgmt_cp_remove_key *cp;
962
	struct hci_conn *conn;
963
	int err;
964

965
	cp = (void *) data;
966

967
	if (len != sizeof(*cp))
968
		return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, EINVAL);
969

970
	hdev = hci_dev_get(index);
971
	if (!hdev)
972
		return cmd_status(sk, index, MGMT_OP_REMOVE_KEY, ENODEV);
973

974
	hci_dev_lock(hdev);
975

976
	err = hci_remove_link_key(hdev, &cp->bdaddr);
977
	if (err < 0) {
978
		err = cmd_status(sk, index, MGMT_OP_REMOVE_KEY, -err);
979
		goto unlock;
980
	}
981

982
	err = 0;
983

984
	if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect)
985
		goto unlock;
986

987
	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
988
	if (conn) {
989
		struct hci_cp_disconnect dc;
990

991
		put_unaligned_le16(conn->handle, &dc.handle);
992
		dc.reason = 0x13; /* Remote User Terminated Connection */
993
		err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, 0, NULL);
994
	}
995

996
unlock:
997
	hci_dev_unlock(hdev);
998
	hci_dev_put(hdev);
999

1000
	return err;
1001
}
1002

1003
static int disconnect(struct sock *sk, u16 index, unsigned char *data, u16 len)
1004
{
1005
	struct hci_dev *hdev;
1006
	struct mgmt_cp_disconnect *cp;
1007
	struct hci_cp_disconnect dc;
1008
	struct pending_cmd *cmd;
1009
	struct hci_conn *conn;
1010
	int err;
1011

1012
	BT_DBG("");
1013

1014
	cp = (void *) data;
1015

1016
	if (len != sizeof(*cp))
1017
		return cmd_status(sk, index, MGMT_OP_DISCONNECT, EINVAL);
1018

1019
	hdev = hci_dev_get(index);
1020
	if (!hdev)
1021
		return cmd_status(sk, index, MGMT_OP_DISCONNECT, ENODEV);
1022

1023
	hci_dev_lock(hdev);
1024

1025
	if (!test_bit(HCI_UP, &hdev->flags)) {
1026
		err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENETDOWN);
1027
		goto failed;
1028
	}
1029

1030
	if (mgmt_pending_find(MGMT_OP_DISCONNECT, index)) {
1031
		err = cmd_status(sk, index, MGMT_OP_DISCONNECT, EBUSY);
1032
		goto failed;
1033
	}
1034

1035
	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1036
	if (!conn)
1037
		conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->bdaddr);
1038

1039
	if (!conn) {
1040
		err = cmd_status(sk, index, MGMT_OP_DISCONNECT, ENOTCONN);
1041
		goto failed;
1042
	}
1043

1044
	cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, index, data, len);
1045
	if (!cmd) {
1046
		err = -ENOMEM;
1047
		goto failed;
1048
	}
1049

1050
	put_unaligned_le16(conn->handle, &dc.handle);
1051
	dc.reason = 0x13; /* Remote User Terminated Connection */
1052

1053
	err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1054
	if (err < 0)
1055
		mgmt_pending_remove(cmd);
1056

1057
failed:
1058
	hci_dev_unlock(hdev);
1059
	hci_dev_put(hdev);
1060

1061
	return err;
1062
}
1063

1064
static int get_connections(struct sock *sk, u16 index)
1065
{
1066
	struct mgmt_rp_get_connections *rp;
1067
	struct hci_dev *hdev;
1068
	struct list_head *p;
1069
	size_t rp_len;
1070
	u16 count;
1071
	int i, err;
1072

1073
	BT_DBG("");
1074

1075
	hdev = hci_dev_get(index);
1076
	if (!hdev)
1077
		return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS, ENODEV);
1078

1079
	hci_dev_lock(hdev);
1080

1081
	count = 0;
1082
	list_for_each(p, &hdev->conn_hash.list) {
1083
		count++;
1084
	}
1085

1086
	rp_len = sizeof(*rp) + (count * sizeof(bdaddr_t));
1087
	rp = kmalloc(rp_len, GFP_ATOMIC);
1088
	if (!rp) {
1089
		err = -ENOMEM;
1090
		goto unlock;
1091
	}
1092

1093
	put_unaligned_le16(count, &rp->conn_count);
1094

1095
	read_lock(&hci_dev_list_lock);
1096

1097
	i = 0;
1098
	list_for_each(p, &hdev->conn_hash.list) {
1099
		struct hci_conn *c = list_entry(p, struct hci_conn, list);
1100

1101
		bacpy(&rp->conn[i++], &c->dst);
1102
	}
1103

1104
	read_unlock(&hci_dev_list_lock);
1105

1106
	err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, rp, rp_len);
1107

1108
unlock:
1109
	kfree(rp);
1110
	hci_dev_unlock(hdev);
1111
	hci_dev_put(hdev);
1112
	return err;
1113
}
1114

1115
static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data,
1116
									u16 len)
1117
{
1118
	struct hci_dev *hdev;
1119
	struct mgmt_cp_pin_code_reply *cp;
1120
	struct hci_cp_pin_code_reply reply;
1121
	struct pending_cmd *cmd;
1122
	int err;
1123

1124
	BT_DBG("");
1125

1126
	cp = (void *) data;
1127

1128
	if (len != sizeof(*cp))
1129
		return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, EINVAL);
1130

1131
	hdev = hci_dev_get(index);
1132
	if (!hdev)
1133
		return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENODEV);
1134

1135
	hci_dev_lock(hdev);
1136

1137
	if (!test_bit(HCI_UP, &hdev->flags)) {
1138
		err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENETDOWN);
1139
		goto failed;
1140
	}
1141

1142
	cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len);
1143
	if (!cmd) {
1144
		err = -ENOMEM;
1145
		goto failed;
1146
	}
1147

1148
	bacpy(&reply.bdaddr, &cp->bdaddr);
1149
	reply.pin_len = cp->pin_len;
1150
	memcpy(reply.pin_code, cp->pin_code, 16);
1151

1152
	err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1153
	if (err < 0)
1154
		mgmt_pending_remove(cmd);
1155

1156
failed:
1157
	hci_dev_unlock(hdev);
1158
	hci_dev_put(hdev);
1159

1160
	return err;
1161
}
1162

1163
static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data,
1164
									u16 len)
1165
{
1166
	struct hci_dev *hdev;
1167
	struct mgmt_cp_pin_code_neg_reply *cp;
1168
	struct pending_cmd *cmd;
1169
	int err;
1170

1171
	BT_DBG("");
1172

1173
	cp = (void *) data;
1174

1175
	if (len != sizeof(*cp))
1176
		return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1177
									EINVAL);
1178

1179
	hdev = hci_dev_get(index);
1180
	if (!hdev)
1181
		return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1182
									ENODEV);
1183

1184
	hci_dev_lock(hdev);
1185

1186
	if (!test_bit(HCI_UP, &hdev->flags)) {
1187
		err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
1188
								ENETDOWN);
1189
		goto failed;
1190
	}
1191

1192
	cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index,
1193
								data, len);
1194
	if (!cmd) {
1195
		err = -ENOMEM;
1196
		goto failed;
1197
	}
1198

1199
	err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr),
1200
								&cp->bdaddr);
1201
	if (err < 0)
1202
		mgmt_pending_remove(cmd);
1203

1204
failed:
1205
	hci_dev_unlock(hdev);
1206
	hci_dev_put(hdev);
1207

1208
	return err;
1209
}
1210

1211
static int set_io_capability(struct sock *sk, u16 index, unsigned char *data,
1212
									u16 len)
1213
{
1214
	struct hci_dev *hdev;
1215
	struct mgmt_cp_set_io_capability *cp;
1216

1217
	BT_DBG("");
1218

1219
	cp = (void *) data;
1220

1221
	if (len != sizeof(*cp))
1222
		return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, EINVAL);
1223

1224
	hdev = hci_dev_get(index);
1225
	if (!hdev)
1226
		return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY, ENODEV);
1227

1228
	hci_dev_lock(hdev);
1229

1230
	hdev->io_capability = cp->io_capability;
1231

1232
	BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1233
							hdev->io_capability);
1234

1235
	hci_dev_unlock(hdev);
1236
	hci_dev_put(hdev);
1237

1238
	return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, NULL, 0);
1239
}
1240

1241
static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1242
{
1243
	struct hci_dev *hdev = conn->hdev;
1244
	struct list_head *p;
1245

1246
	list_for_each(p, &cmd_list) {
1247
		struct pending_cmd *cmd;
1248

1249
		cmd = list_entry(p, struct pending_cmd, list);
1250

1251
		if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1252
			continue;
1253

1254
		if (cmd->index != hdev->id)
1255
			continue;
1256

1257
		if (cmd->user_data != conn)
1258
			continue;
1259

1260
		return cmd;
1261
	}
1262

1263
	return NULL;
1264
}
1265

1266
static void pairing_complete(struct pending_cmd *cmd, u8 status)
1267
{
1268
	struct mgmt_rp_pair_device rp;
1269
	struct hci_conn *conn = cmd->user_data;
1270

1271
	bacpy(&rp.bdaddr, &conn->dst);
1272
	rp.status = status;
1273

1274
	cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, &rp, sizeof(rp));
1275

1276
	/* So we don't get further callbacks for this connection */
1277
	conn->connect_cfm_cb = NULL;
1278
	conn->security_cfm_cb = NULL;
1279
	conn->disconn_cfm_cb = NULL;
1280

1281
	hci_conn_put(conn);
1282

1283
	mgmt_pending_remove(cmd);
1284
}
1285

1286
static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1287
{
1288
	struct pending_cmd *cmd;
1289

1290
	BT_DBG("status %u", status);
1291

1292
	cmd = find_pairing(conn);
1293
	if (!cmd) {
1294
		BT_DBG("Unable to find a pending command");
1295
		return;
1296
	}
1297

1298
	pairing_complete(cmd, status);
1299
}
1300

1301
static int pair_device(struct sock *sk, u16 index, unsigned char *data, u16 len)
1302
{
1303
	struct hci_dev *hdev;
1304
	struct mgmt_cp_pair_device *cp;
1305
	struct pending_cmd *cmd;
1306
	u8 sec_level, auth_type;
1307
	struct hci_conn *conn;
1308
	int err;
1309

1310
	BT_DBG("");
1311

1312
	cp = (void *) data;
1313

1314
	if (len != sizeof(*cp))
1315
		return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EINVAL);
1316

1317
	hdev = hci_dev_get(index);
1318
	if (!hdev)
1319
		return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, ENODEV);
1320

1321
	hci_dev_lock(hdev);
1322

1323
	if (cp->io_cap == 0x03) {
1324
		sec_level = BT_SECURITY_MEDIUM;
1325
		auth_type = HCI_AT_DEDICATED_BONDING;
1326
	} else {
1327
		sec_level = BT_SECURITY_HIGH;
1328
		auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1329
	}
1330

1331
	conn = hci_connect(hdev, ACL_LINK, &cp->bdaddr, sec_level, auth_type);
1332
	if (IS_ERR(conn)) {
1333
		err = PTR_ERR(conn);
1334
		goto unlock;
1335
	}
1336

1337
	if (conn->connect_cfm_cb) {
1338
		hci_conn_put(conn);
1339
		err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE, EBUSY);
1340
		goto unlock;
1341
	}
1342

1343
	cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, index, data, len);
1344
	if (!cmd) {
1345
		err = -ENOMEM;
1346
		hci_conn_put(conn);
1347
		goto unlock;
1348
	}
1349

1350
	conn->connect_cfm_cb = pairing_complete_cb;
1351
	conn->security_cfm_cb = pairing_complete_cb;
1352
	conn->disconn_cfm_cb = pairing_complete_cb;
1353
	conn->io_capability = cp->io_cap;
1354
	cmd->user_data = conn;
1355

1356
	if (conn->state == BT_CONNECTED &&
1357
				hci_conn_security(conn, sec_level, auth_type))
1358
		pairing_complete(cmd, 0);
1359

1360
	err = 0;
1361

1362
unlock:
1363
	hci_dev_unlock(hdev);
1364
	hci_dev_put(hdev);
1365

1366
	return err;
1367
}
1368

1369
static int user_confirm_reply(struct sock *sk, u16 index, unsigned char *data,
1370
							u16 len, int success)
1371
{
1372
	struct mgmt_cp_user_confirm_reply *cp = (void *) data;
1373
	u16 mgmt_op, hci_op;
1374
	struct pending_cmd *cmd;
1375
	struct hci_dev *hdev;
1376
	int err;
1377

1378
	BT_DBG("");
1379

1380
	if (success) {
1381
		mgmt_op = MGMT_OP_USER_CONFIRM_REPLY;
1382
		hci_op = HCI_OP_USER_CONFIRM_REPLY;
1383
	} else {
1384
		mgmt_op = MGMT_OP_USER_CONFIRM_NEG_REPLY;
1385
		hci_op = HCI_OP_USER_CONFIRM_NEG_REPLY;
1386
	}
1387

1388
	if (len != sizeof(*cp))
1389
		return cmd_status(sk, index, mgmt_op, EINVAL);
1390

1391
	hdev = hci_dev_get(index);
1392
	if (!hdev)
1393
		return cmd_status(sk, index, mgmt_op, ENODEV);
1394

1395
	hci_dev_lock(hdev);
1396

1397
	if (!test_bit(HCI_UP, &hdev->flags)) {
1398
		err = cmd_status(sk, index, mgmt_op, ENETDOWN);
1399
		goto failed;
1400
	}
1401

1402
	cmd = mgmt_pending_add(sk, mgmt_op, index, data, len);
1403
	if (!cmd) {
1404
		err = -ENOMEM;
1405
		goto failed;
1406
	}
1407

1408
	err = hci_send_cmd(hdev, hci_op, sizeof(cp->bdaddr), &cp->bdaddr);
1409
	if (err < 0)
1410
		mgmt_pending_remove(cmd);
1411

1412
failed:
1413
	hci_dev_unlock(hdev);
1414
	hci_dev_put(hdev);
1415

1416
	return err;
1417
}
1418

1419
static int set_local_name(struct sock *sk, u16 index, unsigned char *data,
1420
								u16 len)
1421
{
1422
	struct mgmt_cp_set_local_name *mgmt_cp = (void *) data;
1423
	struct hci_cp_write_local_name hci_cp;
1424
	struct hci_dev *hdev;
1425
	struct pending_cmd *cmd;
1426
	int err;
1427

1428
	BT_DBG("");
1429

1430
	if (len != sizeof(*mgmt_cp))
1431
		return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, EINVAL);
1432

1433
	hdev = hci_dev_get(index);
1434
	if (!hdev)
1435
		return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME, ENODEV);
1436

1437
	hci_dev_lock(hdev);
1438

1439
	cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, index, data, len);
1440
	if (!cmd) {
1441
		err = -ENOMEM;
1442
		goto failed;
1443
	}
1444

1445
	memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
1446
	err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
1447
								&hci_cp);
1448
	if (err < 0)
1449
		mgmt_pending_remove(cmd);
1450

1451
failed:
1452
	hci_dev_unlock(hdev);
1453
	hci_dev_put(hdev);
1454

1455
	return err;
1456
}
1457

1458
static int read_local_oob_data(struct sock *sk, u16 index)
1459
{
1460
	struct hci_dev *hdev;
1461
	struct pending_cmd *cmd;
1462
	int err;
1463

1464
	BT_DBG("hci%u", index);
1465

1466
	hdev = hci_dev_get(index);
1467
	if (!hdev)
1468
		return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1469
									ENODEV);
1470

1471
	hci_dev_lock(hdev);
1472

1473
	if (!test_bit(HCI_UP, &hdev->flags)) {
1474
		err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1475
								ENETDOWN);
1476
		goto unlock;
1477
	}
1478

1479
	if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1480
		err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
1481
								EOPNOTSUPP);
1482
		goto unlock;
1483
	}
1484

1485
	if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index)) {
1486
		err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA, EBUSY);
1487
		goto unlock;
1488
	}
1489

1490
	cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, index, NULL, 0);
1491
	if (!cmd) {
1492
		err = -ENOMEM;
1493
		goto unlock;
1494
	}
1495

1496
	err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
1497
	if (err < 0)
1498
		mgmt_pending_remove(cmd);
1499

1500
unlock:
1501
	hci_dev_unlock(hdev);
1502
	hci_dev_put(hdev);
1503

1504
	return err;
1505
}
1506

1507
static int add_remote_oob_data(struct sock *sk, u16 index, unsigned char *data,
1508
									u16 len)
1509
{
1510
	struct hci_dev *hdev;
1511
	struct mgmt_cp_add_remote_oob_data *cp = (void *) data;
1512
	int err;
1513

1514
	BT_DBG("hci%u ", index);
1515

1516
	if (len != sizeof(*cp))
1517
		return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1518
									EINVAL);
1519

1520
	hdev = hci_dev_get(index);
1521
	if (!hdev)
1522
		return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
1523
									ENODEV);
1524

1525
	hci_dev_lock(hdev);
1526

1527
	err = hci_add_remote_oob_data(hdev, &cp->bdaddr, cp->hash,
1528
								cp->randomizer);
1529
	if (err < 0)
1530
		err = cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, -err);
1531
	else
1532
		err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, NULL,
1533
									0);
1534

1535
	hci_dev_unlock(hdev);
1536
	hci_dev_put(hdev);
1537

1538
	return err;
1539
}
1540

1541
static int remove_remote_oob_data(struct sock *sk, u16 index,
1542
						unsigned char *data, u16 len)
1543
{
1544
	struct hci_dev *hdev;
1545
	struct mgmt_cp_remove_remote_oob_data *cp = (void *) data;
1546
	int err;
1547

1548
	BT_DBG("hci%u ", index);
1549

1550
	if (len != sizeof(*cp))
1551
		return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1552
									EINVAL);
1553

1554
	hdev = hci_dev_get(index);
1555
	if (!hdev)
1556
		return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1557
									ENODEV);
1558

1559
	hci_dev_lock(hdev);
1560

1561
	err = hci_remove_remote_oob_data(hdev, &cp->bdaddr);
1562
	if (err < 0)
1563
		err = cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1564
									-err);
1565
	else
1566
		err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
1567
								NULL, 0);
1568

1569
	hci_dev_unlock(hdev);
1570
	hci_dev_put(hdev);
1571

1572
	return err;
1573
}
1574

1575
static int start_discovery(struct sock *sk, u16 index)
1576
{
1577
	u8 lap[3] = { 0x33, 0x8b, 0x9e };
1578
	struct hci_cp_inquiry cp;
1579
	struct pending_cmd *cmd;
1580
	struct hci_dev *hdev;
1581
	int err;
1582

1583
	BT_DBG("hci%u", index);
1584

1585
	hdev = hci_dev_get(index);
1586
	if (!hdev)
1587
		return cmd_status(sk, index, MGMT_OP_START_DISCOVERY, ENODEV);
1588

1589
	hci_dev_lock_bh(hdev);
1590

1591
	cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, index, NULL, 0);
1592
	if (!cmd) {
1593
		err = -ENOMEM;
1594
		goto failed;
1595
	}
1596

1597
	memset(&cp, 0, sizeof(cp));
1598
	memcpy(&cp.lap, lap, 3);
1599
	cp.length  = 0x08;
1600
	cp.num_rsp = 0x00;
1601

1602
	err = hci_send_cmd(hdev, HCI_OP_INQUIRY, sizeof(cp), &cp);
1603
	if (err < 0)
1604
		mgmt_pending_remove(cmd);
1605

1606
failed:
1607
	hci_dev_unlock_bh(hdev);
1608
	hci_dev_put(hdev);
1609

1610
	return err;
1611
}
1612

1613
static int stop_discovery(struct sock *sk, u16 index)
1614
{
1615
	struct hci_dev *hdev;
1616
	struct pending_cmd *cmd;
1617
	int err;
1618

1619
	BT_DBG("hci%u", index);
1620

1621
	hdev = hci_dev_get(index);
1622
	if (!hdev)
1623
		return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY, ENODEV);
1624

1625
	hci_dev_lock_bh(hdev);
1626

1627
	cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, index, NULL, 0);
1628
	if (!cmd) {
1629
		err = -ENOMEM;
1630
		goto failed;
1631
	}
1632

1633
	err = hci_send_cmd(hdev, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1634
	if (err < 0)
1635
		mgmt_pending_remove(cmd);
1636

1637
failed:
1638
	hci_dev_unlock_bh(hdev);
1639
	hci_dev_put(hdev);
1640

1641
	return err;
1642
}
1643

1644
int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
1645
{
1646
	unsigned char *buf;
1647
	struct mgmt_hdr *hdr;
1648
	u16 opcode, index, len;
1649
	int err;
1650

1651
	BT_DBG("got %zu bytes", msglen);
1652

1653
	if (msglen < sizeof(*hdr))
1654
		return -EINVAL;
1655

1656
	buf = kmalloc(msglen, GFP_KERNEL);
1657
	if (!buf)
1658
		return -ENOMEM;
1659

1660
	if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
1661
		err = -EFAULT;
1662
		goto done;
1663
	}
1664

1665
	hdr = (struct mgmt_hdr *) buf;
1666
	opcode = get_unaligned_le16(&hdr->opcode);
1667
	index = get_unaligned_le16(&hdr->index);
1668
	len = get_unaligned_le16(&hdr->len);
1669

1670
	if (len != msglen - sizeof(*hdr)) {
1671
		err = -EINVAL;
1672
		goto done;
1673
	}
1674

1675
	switch (opcode) {
1676
	case MGMT_OP_READ_VERSION:
1677
		err = read_version(sk);
1678
		break;
1679
	case MGMT_OP_READ_INDEX_LIST:
1680
		err = read_index_list(sk);
1681
		break;
1682
	case MGMT_OP_READ_INFO:
1683
		err = read_controller_info(sk, index);
1684
		break;
1685
	case MGMT_OP_SET_POWERED:
1686
		err = set_powered(sk, index, buf + sizeof(*hdr), len);
1687
		break;
1688
	case MGMT_OP_SET_DISCOVERABLE:
1689
		err = set_discoverable(sk, index, buf + sizeof(*hdr), len);
1690
		break;
1691
	case MGMT_OP_SET_CONNECTABLE:
1692
		err = set_connectable(sk, index, buf + sizeof(*hdr), len);
1693
		break;
1694
	case MGMT_OP_SET_PAIRABLE:
1695
		err = set_pairable(sk, index, buf + sizeof(*hdr), len);
1696
		break;
1697
	case MGMT_OP_ADD_UUID:
1698
		err = add_uuid(sk, index, buf + sizeof(*hdr), len);
1699
		break;
1700
	case MGMT_OP_REMOVE_UUID:
1701
		err = remove_uuid(sk, index, buf + sizeof(*hdr), len);
1702
		break;
1703
	case MGMT_OP_SET_DEV_CLASS:
1704
		err = set_dev_class(sk, index, buf + sizeof(*hdr), len);
1705
		break;
1706
	case MGMT_OP_SET_SERVICE_CACHE:
1707
		err = set_service_cache(sk, index, buf + sizeof(*hdr), len);
1708
		break;
1709
	case MGMT_OP_LOAD_KEYS:
1710
		err = load_keys(sk, index, buf + sizeof(*hdr), len);
1711
		break;
1712
	case MGMT_OP_REMOVE_KEY:
1713
		err = remove_key(sk, index, buf + sizeof(*hdr), len);
1714
		break;
1715
	case MGMT_OP_DISCONNECT:
1716
		err = disconnect(sk, index, buf + sizeof(*hdr), len);
1717
		break;
1718
	case MGMT_OP_GET_CONNECTIONS:
1719
		err = get_connections(sk, index);
1720
		break;
1721
	case MGMT_OP_PIN_CODE_REPLY:
1722
		err = pin_code_reply(sk, index, buf + sizeof(*hdr), len);
1723
		break;
1724
	case MGMT_OP_PIN_CODE_NEG_REPLY:
1725
		err = pin_code_neg_reply(sk, index, buf + sizeof(*hdr), len);
1726
		break;
1727
	case MGMT_OP_SET_IO_CAPABILITY:
1728
		err = set_io_capability(sk, index, buf + sizeof(*hdr), len);
1729
		break;
1730
	case MGMT_OP_PAIR_DEVICE:
1731
		err = pair_device(sk, index, buf + sizeof(*hdr), len);
1732
		break;
1733
	case MGMT_OP_USER_CONFIRM_REPLY:
1734
		err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 1);
1735
		break;
1736
	case MGMT_OP_USER_CONFIRM_NEG_REPLY:
1737
		err = user_confirm_reply(sk, index, buf + sizeof(*hdr), len, 0);
1738
		break;
1739
	case MGMT_OP_SET_LOCAL_NAME:
1740
		err = set_local_name(sk, index, buf + sizeof(*hdr), len);
1741
		break;
1742
	case MGMT_OP_READ_LOCAL_OOB_DATA:
1743
		err = read_local_oob_data(sk, index);
1744
		break;
1745
	case MGMT_OP_ADD_REMOTE_OOB_DATA:
1746
		err = add_remote_oob_data(sk, index, buf + sizeof(*hdr), len);
1747
		break;
1748
	case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
1749
		err = remove_remote_oob_data(sk, index, buf + sizeof(*hdr),
1750
									len);
1751
		break;
1752
	case MGMT_OP_START_DISCOVERY:
1753
		err = start_discovery(sk, index);
1754
		break;
1755
	case MGMT_OP_STOP_DISCOVERY:
1756
		err = stop_discovery(sk, index);
1757
		break;
1758
	default:
1759
		BT_DBG("Unknown op %u", opcode);
1760
		err = cmd_status(sk, index, opcode, 0x01);
1761
		break;
1762
	}
1763

1764
	if (err < 0)
1765
		goto done;
1766

1767
	err = msglen;
1768

1769
done:
1770
	kfree(buf);
1771
	return err;
1772
}
1773

1774
int mgmt_index_added(u16 index)
1775
{
1776
	return mgmt_event(MGMT_EV_INDEX_ADDED, index, NULL, 0, NULL);
1777
}
1778

1779
int mgmt_index_removed(u16 index)
1780
{
1781
	return mgmt_event(MGMT_EV_INDEX_REMOVED, index, NULL, 0, NULL);
1782
}
1783

1784
struct cmd_lookup {
1785
	u8 val;
1786
	struct sock *sk;
1787
};
1788

1789
static void mode_rsp(struct pending_cmd *cmd, void *data)
1790
{
1791
	struct mgmt_mode *cp = cmd->param;
1792
	struct cmd_lookup *match = data;
1793

1794
	if (cp->val != match->val)
1795
		return;
1796

1797
	send_mode_rsp(cmd->sk, cmd->opcode, cmd->index, cp->val);
1798

1799
	list_del(&cmd->list);
1800

1801
	if (match->sk == NULL) {
1802
		match->sk = cmd->sk;
1803
		sock_hold(match->sk);
1804
	}
1805

1806
	mgmt_pending_free(cmd);
1807
}
1808

1809
int mgmt_powered(u16 index, u8 powered)
1810
{
1811
	struct mgmt_mode ev;
1812
	struct cmd_lookup match = { powered, NULL };
1813
	int ret;
1814

1815
	mgmt_pending_foreach(MGMT_OP_SET_POWERED, index, mode_rsp, &match);
1816

1817
	ev.val = powered;
1818

1819
	ret = mgmt_event(MGMT_EV_POWERED, index, &ev, sizeof(ev), match.sk);
1820

1821
	if (match.sk)
1822
		sock_put(match.sk);
1823

1824
	return ret;
1825
}
1826

1827
int mgmt_discoverable(u16 index, u8 discoverable)
1828
{
1829
	struct mgmt_mode ev;
1830
	struct cmd_lookup match = { discoverable, NULL };
1831
	int ret;
1832

1833
	mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, index, mode_rsp, &match);
1834

1835
	ev.val = discoverable;
1836

1837
	ret = mgmt_event(MGMT_EV_DISCOVERABLE, index, &ev, sizeof(ev),
1838
								match.sk);
1839

1840
	if (match.sk)
1841
		sock_put(match.sk);
1842

1843
	return ret;
1844
}
1845

1846
int mgmt_connectable(u16 index, u8 connectable)
1847
{
1848
	struct mgmt_mode ev;
1849
	struct cmd_lookup match = { connectable, NULL };
1850
	int ret;
1851

1852
	mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, index, mode_rsp, &match);
1853

1854
	ev.val = connectable;
1855

1856
	ret = mgmt_event(MGMT_EV_CONNECTABLE, index, &ev, sizeof(ev), match.sk);
1857

1858
	if (match.sk)
1859
		sock_put(match.sk);
1860

1861
	return ret;
1862
}
1863

1864
int mgmt_new_key(u16 index, struct link_key *key, u8 persistent)
1865
{
1866
	struct mgmt_ev_new_key ev;
1867

1868
	memset(&ev, 0, sizeof(ev));
1869

1870
	ev.store_hint = persistent;
1871
	bacpy(&ev.key.bdaddr, &key->bdaddr);
1872
	ev.key.type = key->type;
1873
	memcpy(ev.key.val, key->val, 16);
1874
	ev.key.pin_len = key->pin_len;
1875

1876
	return mgmt_event(MGMT_EV_NEW_KEY, index, &ev, sizeof(ev), NULL);
1877
}
1878

1879
int mgmt_connected(u16 index, bdaddr_t *bdaddr)
1880
{
1881
	struct mgmt_ev_connected ev;
1882

1883
	bacpy(&ev.bdaddr, bdaddr);
1884

1885
	return mgmt_event(MGMT_EV_CONNECTED, index, &ev, sizeof(ev), NULL);
1886
}
1887

1888
static void disconnect_rsp(struct pending_cmd *cmd, void *data)
1889
{
1890
	struct mgmt_cp_disconnect *cp = cmd->param;
1891
	struct sock **sk = data;
1892
	struct mgmt_rp_disconnect rp;
1893

1894
	bacpy(&rp.bdaddr, &cp->bdaddr);
1895

1896
	cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, &rp, sizeof(rp));
1897

1898
	*sk = cmd->sk;
1899
	sock_hold(*sk);
1900

1901
	mgmt_pending_remove(cmd);
1902
}
1903

1904
int mgmt_disconnected(u16 index, bdaddr_t *bdaddr)
1905
{
1906
	struct mgmt_ev_disconnected ev;
1907
	struct sock *sk = NULL;
1908
	int err;
1909

1910
	mgmt_pending_foreach(MGMT_OP_DISCONNECT, index, disconnect_rsp, &sk);
1911

1912
	bacpy(&ev.bdaddr, bdaddr);
1913

1914
	err = mgmt_event(MGMT_EV_DISCONNECTED, index, &ev, sizeof(ev), sk);
1915

1916
	if (sk)
1917
		sock_put(sk);
1918

1919
	return err;
1920
}
1921

1922
int mgmt_disconnect_failed(u16 index)
1923
{
1924
	struct pending_cmd *cmd;
1925
	int err;
1926

1927
	cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, index);
1928
	if (!cmd)
1929
		return -ENOENT;
1930

1931
	err = cmd_status(cmd->sk, index, MGMT_OP_DISCONNECT, EIO);
1932

1933
	mgmt_pending_remove(cmd);
1934

1935
	return err;
1936
}
1937

1938
int mgmt_connect_failed(u16 index, bdaddr_t *bdaddr, u8 status)
1939
{
1940
	struct mgmt_ev_connect_failed ev;
1941

1942
	bacpy(&ev.bdaddr, bdaddr);
1943
	ev.status = status;
1944

1945
	return mgmt_event(MGMT_EV_CONNECT_FAILED, index, &ev, sizeof(ev), NULL);
1946
}
1947

1948
int mgmt_pin_code_request(u16 index, bdaddr_t *bdaddr, u8 secure)
1949
{
1950
	struct mgmt_ev_pin_code_request ev;
1951

1952
	bacpy(&ev.bdaddr, bdaddr);
1953
	ev.secure = secure;
1954

1955
	return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, index, &ev, sizeof(ev),
1956
									NULL);
1957
}
1958

1959
int mgmt_pin_code_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1960
{
1961
	struct pending_cmd *cmd;
1962
	struct mgmt_rp_pin_code_reply rp;
1963
	int err;
1964

1965
	cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, index);
1966
	if (!cmd)
1967
		return -ENOENT;
1968

1969
	bacpy(&rp.bdaddr, bdaddr);
1970
	rp.status = status;
1971

1972
	err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_REPLY, &rp,
1973
								sizeof(rp));
1974

1975
	mgmt_pending_remove(cmd);
1976

1977
	return err;
1978
}
1979

1980
int mgmt_pin_code_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
1981
{
1982
	struct pending_cmd *cmd;
1983
	struct mgmt_rp_pin_code_reply rp;
1984
	int err;
1985

1986
	cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, index);
1987
	if (!cmd)
1988
		return -ENOENT;
1989

1990
	bacpy(&rp.bdaddr, bdaddr);
1991
	rp.status = status;
1992

1993
	err = cmd_complete(cmd->sk, index, MGMT_OP_PIN_CODE_NEG_REPLY, &rp,
1994
								sizeof(rp));
1995

1996
	mgmt_pending_remove(cmd);
1997

1998
	return err;
1999
}
2000

2001
int mgmt_user_confirm_request(u16 index, bdaddr_t *bdaddr, __le32 value,
2002
							u8 confirm_hint)
2003
{
2004
	struct mgmt_ev_user_confirm_request ev;
2005

2006
	BT_DBG("hci%u", index);
2007

2008
	bacpy(&ev.bdaddr, bdaddr);
2009
	ev.confirm_hint = confirm_hint;
2010
	put_unaligned_le32(value, &ev.value);
2011

2012
	return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, index, &ev, sizeof(ev),
2013
									NULL);
2014
}
2015

2016
static int confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status,
2017
								u8 opcode)
2018
{
2019
	struct pending_cmd *cmd;
2020
	struct mgmt_rp_user_confirm_reply rp;
2021
	int err;
2022

2023
	cmd = mgmt_pending_find(opcode, index);
2024
	if (!cmd)
2025
		return -ENOENT;
2026

2027
	bacpy(&rp.bdaddr, bdaddr);
2028
	rp.status = status;
2029
	err = cmd_complete(cmd->sk, index, opcode, &rp, sizeof(rp));
2030

2031
	mgmt_pending_remove(cmd);
2032

2033
	return err;
2034
}
2035

2036
int mgmt_user_confirm_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2037
{
2038
	return confirm_reply_complete(index, bdaddr, status,
2039
						MGMT_OP_USER_CONFIRM_REPLY);
2040
}
2041

2042
int mgmt_user_confirm_neg_reply_complete(u16 index, bdaddr_t *bdaddr, u8 status)
2043
{
2044
	return confirm_reply_complete(index, bdaddr, status,
2045
					MGMT_OP_USER_CONFIRM_NEG_REPLY);
2046
}
2047

2048
int mgmt_auth_failed(u16 index, bdaddr_t *bdaddr, u8 status)
2049
{
2050
	struct mgmt_ev_auth_failed ev;
2051

2052
	bacpy(&ev.bdaddr, bdaddr);
2053
	ev.status = status;
2054

2055
	return mgmt_event(MGMT_EV_AUTH_FAILED, index, &ev, sizeof(ev), NULL);
2056
}
2057

2058
int mgmt_set_local_name_complete(u16 index, u8 *name, u8 status)
2059
{
2060
	struct pending_cmd *cmd;
2061
	struct hci_dev *hdev;
2062
	struct mgmt_cp_set_local_name ev;
2063
	int err;
2064

2065
	memset(&ev, 0, sizeof(ev));
2066
	memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2067

2068
	cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, index);
2069
	if (!cmd)
2070
		goto send_event;
2071

2072
	if (status) {
2073
		err = cmd_status(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, EIO);
2074
		goto failed;
2075
	}
2076

2077
	hdev = hci_dev_get(index);
2078
	if (hdev) {
2079
		hci_dev_lock_bh(hdev);
2080
		update_eir(hdev);
2081
		hci_dev_unlock_bh(hdev);
2082
		hci_dev_put(hdev);
2083
	}
2084

2085
	err = cmd_complete(cmd->sk, index, MGMT_OP_SET_LOCAL_NAME, &ev,
2086
								sizeof(ev));
2087
	if (err < 0)
2088
		goto failed;
2089

2090
send_event:
2091
	err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, index, &ev, sizeof(ev),
2092
							cmd ? cmd->sk : NULL);
2093

2094
failed:
2095
	if (cmd)
2096
		mgmt_pending_remove(cmd);
2097
	return err;
2098
}
2099

2100
int mgmt_read_local_oob_data_reply_complete(u16 index, u8 *hash, u8 *randomizer,
2101
								u8 status)
2102
{
2103
	struct pending_cmd *cmd;
2104
	int err;
2105

2106
	BT_DBG("hci%u status %u", index, status);
2107

2108
	cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, index);
2109
	if (!cmd)
2110
		return -ENOENT;
2111

2112
	if (status) {
2113
		err = cmd_status(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2114
									EIO);
2115
	} else {
2116
		struct mgmt_rp_read_local_oob_data rp;
2117

2118
		memcpy(rp.hash, hash, sizeof(rp.hash));
2119
		memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
2120

2121
		err = cmd_complete(cmd->sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2122
							&rp, sizeof(rp));
2123
	}
2124

2125
	mgmt_pending_remove(cmd);
2126

2127
	return err;
2128
}
2129

2130
int mgmt_device_found(u16 index, bdaddr_t *bdaddr, u8 *dev_class, s8 rssi,
2131
								u8 *eir)
2132
{
2133
	struct mgmt_ev_device_found ev;
2134

2135
	memset(&ev, 0, sizeof(ev));
2136

2137
	bacpy(&ev.bdaddr, bdaddr);
2138
	memcpy(ev.dev_class, dev_class, sizeof(ev.dev_class));
2139
	ev.rssi = rssi;
2140

2141
	if (eir)
2142
		memcpy(ev.eir, eir, sizeof(ev.eir));
2143

2144
	return mgmt_event(MGMT_EV_DEVICE_FOUND, index, &ev, sizeof(ev), NULL);
2145
}
2146

2147
int mgmt_remote_name(u16 index, bdaddr_t *bdaddr, u8 *name)
2148
{
2149
	struct mgmt_ev_remote_name ev;
2150

2151
	memset(&ev, 0, sizeof(ev));
2152

2153
	bacpy(&ev.bdaddr, bdaddr);
2154
	memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
2155

2156
	return mgmt_event(MGMT_EV_REMOTE_NAME, index, &ev, sizeof(ev), NULL);
2157
}
2158

2159
int mgmt_discovering(u16 index, u8 discovering)
2160
{
2161
	return mgmt_event(MGMT_EV_DISCOVERING, index, &discovering,
2162
						sizeof(discovering), NULL);
2163
}
2164

2165
Product

Resources

Company
