~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/mgmt.c

Version: ~ [ linux-5.2-rc1 ] ~ [ linux-5.1.2 ] ~ [ linux-5.0.16 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.43 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.119 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.176 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.179 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.139 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.67 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    BlueZ - Bluetooth protocol stack for Linux
  3 
  4    Copyright (C) 2010  Nokia Corporation
  5    Copyright (C) 2011-2012 Intel Corporation
  6 
  7    This program is free software; you can redistribute it and/or modify
  8    it under the terms of the GNU General Public License version 2 as
  9    published by the Free Software Foundation;
 10 
 11    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 12    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 13    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 14    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 15    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 16    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 17    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 18    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 19 
 20    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 21    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 22    SOFTWARE IS DISCLAIMED.
 23 */
 24 
 25 /* Bluetooth HCI Management interface */
 26 
 27 #include <linux/kernel.h>
 28 #include <linux/uaccess.h>
 29 #include <linux/module.h>
 30 #include <asm/unaligned.h>
 31 
 32 #include <net/bluetooth/bluetooth.h>
 33 #include <net/bluetooth/hci_core.h>
 34 #include <net/bluetooth/mgmt.h>
 35 #include <net/bluetooth/smp.h>
 36 
 37 bool enable_hs;
 38 
 39 #define MGMT_VERSION    1
 40 #define MGMT_REVISION   1
 41 
 42 static const u16 mgmt_commands[] = {
 43         MGMT_OP_READ_INDEX_LIST,
 44         MGMT_OP_READ_INFO,
 45         MGMT_OP_SET_POWERED,
 46         MGMT_OP_SET_DISCOVERABLE,
 47         MGMT_OP_SET_CONNECTABLE,
 48         MGMT_OP_SET_FAST_CONNECTABLE,
 49         MGMT_OP_SET_PAIRABLE,
 50         MGMT_OP_SET_LINK_SECURITY,
 51         MGMT_OP_SET_SSP,
 52         MGMT_OP_SET_HS,
 53         MGMT_OP_SET_LE,
 54         MGMT_OP_SET_DEV_CLASS,
 55         MGMT_OP_SET_LOCAL_NAME,
 56         MGMT_OP_ADD_UUID,
 57         MGMT_OP_REMOVE_UUID,
 58         MGMT_OP_LOAD_LINK_KEYS,
 59         MGMT_OP_LOAD_LONG_TERM_KEYS,
 60         MGMT_OP_DISCONNECT,
 61         MGMT_OP_GET_CONNECTIONS,
 62         MGMT_OP_PIN_CODE_REPLY,
 63         MGMT_OP_PIN_CODE_NEG_REPLY,
 64         MGMT_OP_SET_IO_CAPABILITY,
 65         MGMT_OP_PAIR_DEVICE,
 66         MGMT_OP_CANCEL_PAIR_DEVICE,
 67         MGMT_OP_UNPAIR_DEVICE,
 68         MGMT_OP_USER_CONFIRM_REPLY,
 69         MGMT_OP_USER_CONFIRM_NEG_REPLY,
 70         MGMT_OP_USER_PASSKEY_REPLY,
 71         MGMT_OP_USER_PASSKEY_NEG_REPLY,
 72         MGMT_OP_READ_LOCAL_OOB_DATA,
 73         MGMT_OP_ADD_REMOTE_OOB_DATA,
 74         MGMT_OP_REMOVE_REMOTE_OOB_DATA,
 75         MGMT_OP_START_DISCOVERY,
 76         MGMT_OP_STOP_DISCOVERY,
 77         MGMT_OP_CONFIRM_NAME,
 78         MGMT_OP_BLOCK_DEVICE,
 79         MGMT_OP_UNBLOCK_DEVICE,
 80         MGMT_OP_SET_DEVICE_ID,
 81 };
 82 
 83 static const u16 mgmt_events[] = {
 84         MGMT_EV_CONTROLLER_ERROR,
 85         MGMT_EV_INDEX_ADDED,
 86         MGMT_EV_INDEX_REMOVED,
 87         MGMT_EV_NEW_SETTINGS,
 88         MGMT_EV_CLASS_OF_DEV_CHANGED,
 89         MGMT_EV_LOCAL_NAME_CHANGED,
 90         MGMT_EV_NEW_LINK_KEY,
 91         MGMT_EV_NEW_LONG_TERM_KEY,
 92         MGMT_EV_DEVICE_CONNECTED,
 93         MGMT_EV_DEVICE_DISCONNECTED,
 94         MGMT_EV_CONNECT_FAILED,
 95         MGMT_EV_PIN_CODE_REQUEST,
 96         MGMT_EV_USER_CONFIRM_REQUEST,
 97         MGMT_EV_USER_PASSKEY_REQUEST,
 98         MGMT_EV_AUTH_FAILED,
 99         MGMT_EV_DEVICE_FOUND,
100         MGMT_EV_DISCOVERING,
101         MGMT_EV_DEVICE_BLOCKED,
102         MGMT_EV_DEVICE_UNBLOCKED,
103         MGMT_EV_DEVICE_UNPAIRED,
104 };
105 
106 /*
107  * These LE scan and inquiry parameters were chosen according to LE General
108  * Discovery Procedure specification.
109  */
110 #define LE_SCAN_TYPE                    0x01
111 #define LE_SCAN_WIN                     0x12
112 #define LE_SCAN_INT                     0x12
113 #define LE_SCAN_TIMEOUT_LE_ONLY         10240   /* TGAP(gen_disc_scan_min) */
114 #define LE_SCAN_TIMEOUT_BREDR_LE        5120    /* TGAP(100)/2 */
115 
116 #define INQUIRY_LEN_BREDR               0x08    /* TGAP(100) */
117 #define INQUIRY_LEN_BREDR_LE            0x04    /* TGAP(100)/2 */
118 
119 #define CACHE_TIMEOUT   msecs_to_jiffies(2 * 1000)
120 
121 #define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122                                 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123 
124 struct pending_cmd {
125         struct list_head list;
126         u16 opcode;
127         int index;
128         void *param;
129         struct sock *sk;
130         void *user_data;
131 };
132 
133 /* HCI to MGMT error code conversion table */
134 static u8 mgmt_status_table[] = {
135         MGMT_STATUS_SUCCESS,
136         MGMT_STATUS_UNKNOWN_COMMAND,    /* Unknown Command */
137         MGMT_STATUS_NOT_CONNECTED,      /* No Connection */
138         MGMT_STATUS_FAILED,             /* Hardware Failure */
139         MGMT_STATUS_CONNECT_FAILED,     /* Page Timeout */
140         MGMT_STATUS_AUTH_FAILED,        /* Authentication Failed */
141         MGMT_STATUS_NOT_PAIRED,         /* PIN or Key Missing */
142         MGMT_STATUS_NO_RESOURCES,       /* Memory Full */
143         MGMT_STATUS_TIMEOUT,            /* Connection Timeout */
144         MGMT_STATUS_NO_RESOURCES,       /* Max Number of Connections */
145         MGMT_STATUS_NO_RESOURCES,       /* Max Number of SCO Connections */
146         MGMT_STATUS_ALREADY_CONNECTED,  /* ACL Connection Exists */
147         MGMT_STATUS_BUSY,               /* Command Disallowed */
148         MGMT_STATUS_NO_RESOURCES,       /* Rejected Limited Resources */
149         MGMT_STATUS_REJECTED,           /* Rejected Security */
150         MGMT_STATUS_REJECTED,           /* Rejected Personal */
151         MGMT_STATUS_TIMEOUT,            /* Host Timeout */
152         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Feature */
153         MGMT_STATUS_INVALID_PARAMS,     /* Invalid Parameters */
154         MGMT_STATUS_DISCONNECTED,       /* OE User Ended Connection */
155         MGMT_STATUS_NO_RESOURCES,       /* OE Low Resources */
156         MGMT_STATUS_DISCONNECTED,       /* OE Power Off */
157         MGMT_STATUS_DISCONNECTED,       /* Connection Terminated */
158         MGMT_STATUS_BUSY,               /* Repeated Attempts */
159         MGMT_STATUS_REJECTED,           /* Pairing Not Allowed */
160         MGMT_STATUS_FAILED,             /* Unknown LMP PDU */
161         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported Remote Feature */
162         MGMT_STATUS_REJECTED,           /* SCO Offset Rejected */
163         MGMT_STATUS_REJECTED,           /* SCO Interval Rejected */
164         MGMT_STATUS_REJECTED,           /* Air Mode Rejected */
165         MGMT_STATUS_INVALID_PARAMS,     /* Invalid LMP Parameters */
166         MGMT_STATUS_FAILED,             /* Unspecified Error */
167         MGMT_STATUS_NOT_SUPPORTED,      /* Unsupported LMP Parameter Value */
168         MGMT_STATUS_FAILED,             /* Role Change Not Allowed */
169         MGMT_STATUS_TIMEOUT,            /* LMP Response Timeout */
170         MGMT_STATUS_FAILED,             /* LMP Error Transaction Collision */
171         MGMT_STATUS_FAILED,             /* LMP PDU Not Allowed */
172         MGMT_STATUS_REJECTED,           /* Encryption Mode Not Accepted */
173         MGMT_STATUS_FAILED,             /* Unit Link Key Used */
174         MGMT_STATUS_NOT_SUPPORTED,      /* QoS Not Supported */
175         MGMT_STATUS_TIMEOUT,            /* Instant Passed */
176         MGMT_STATUS_NOT_SUPPORTED,      /* Pairing Not Supported */
177         MGMT_STATUS_FAILED,             /* Transaction Collision */
178         MGMT_STATUS_INVALID_PARAMS,     /* Unacceptable Parameter */
179         MGMT_STATUS_REJECTED,           /* QoS Rejected */
180         MGMT_STATUS_NOT_SUPPORTED,      /* Classification Not Supported */
181         MGMT_STATUS_REJECTED,           /* Insufficient Security */
182         MGMT_STATUS_INVALID_PARAMS,     /* Parameter Out Of Range */
183         MGMT_STATUS_BUSY,               /* Role Switch Pending */
184         MGMT_STATUS_FAILED,             /* Slot Violation */
185         MGMT_STATUS_FAILED,             /* Role Switch Failed */
186         MGMT_STATUS_INVALID_PARAMS,     /* EIR Too Large */
187         MGMT_STATUS_NOT_SUPPORTED,      /* Simple Pairing Not Supported */
188         MGMT_STATUS_BUSY,               /* Host Busy Pairing */
189         MGMT_STATUS_REJECTED,           /* Rejected, No Suitable Channel */
190         MGMT_STATUS_BUSY,               /* Controller Busy */
191         MGMT_STATUS_INVALID_PARAMS,     /* Unsuitable Connection Interval */
192         MGMT_STATUS_TIMEOUT,            /* Directed Advertising Timeout */
193         MGMT_STATUS_AUTH_FAILED,        /* Terminated Due to MIC Failure */
194         MGMT_STATUS_CONNECT_FAILED,     /* Connection Establishment Failed */
195         MGMT_STATUS_CONNECT_FAILED,     /* MAC Connection Failed */
196 };
197 
198 static u8 mgmt_status(u8 hci_status)
199 {
200         if (hci_status < ARRAY_SIZE(mgmt_status_table))
201                 return mgmt_status_table[hci_status];
202 
203         return MGMT_STATUS_FAILED;
204 }
205 
206 static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
207 {
208         struct sk_buff *skb;
209         struct mgmt_hdr *hdr;
210         struct mgmt_ev_cmd_status *ev;
211         int err;
212 
213         BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
214 
215         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216         if (!skb)
217                 return -ENOMEM;
218 
219         hdr = (void *) skb_put(skb, sizeof(*hdr));
220 
221         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
222         hdr->index = cpu_to_le16(index);
223         hdr->len = cpu_to_le16(sizeof(*ev));
224 
225         ev = (void *) skb_put(skb, sizeof(*ev));
226         ev->status = status;
227         ev->opcode = cpu_to_le16(cmd);
228 
229         err = sock_queue_rcv_skb(sk, skb);
230         if (err < 0)
231                 kfree_skb(skb);
232 
233         return err;
234 }
235 
236 static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237                         void *rp, size_t rp_len)
238 {
239         struct sk_buff *skb;
240         struct mgmt_hdr *hdr;
241         struct mgmt_ev_cmd_complete *ev;
242         int err;
243 
244         BT_DBG("sock %p", sk);
245 
246         skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
247         if (!skb)
248                 return -ENOMEM;
249 
250         hdr = (void *) skb_put(skb, sizeof(*hdr));
251 
252         hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
253         hdr->index = cpu_to_le16(index);
254         hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
255 
256         ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257         ev->opcode = cpu_to_le16(cmd);
258         ev->status = status;
259 
260         if (rp)
261                 memcpy(ev->data, rp, rp_len);
262 
263         err = sock_queue_rcv_skb(sk, skb);
264         if (err < 0)
265                 kfree_skb(skb);
266 
267         return err;
268 }
269 
270 static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
271                         u16 data_len)
272 {
273         struct mgmt_rp_read_version rp;
274 
275         BT_DBG("sock %p", sk);
276 
277         rp.version = MGMT_VERSION;
278         rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
279 
280         return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
281                             sizeof(rp));
282 }
283 
284 static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
285                          u16 data_len)
286 {
287         struct mgmt_rp_read_commands *rp;
288         const u16 num_commands = ARRAY_SIZE(mgmt_commands);
289         const u16 num_events = ARRAY_SIZE(mgmt_events);
290         __le16 *opcode;
291         size_t rp_size;
292         int i, err;
293 
294         BT_DBG("sock %p", sk);
295 
296         rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
297 
298         rp = kmalloc(rp_size, GFP_KERNEL);
299         if (!rp)
300                 return -ENOMEM;
301 
302         rp->num_commands = __constant_cpu_to_le16(num_commands);
303         rp->num_events = __constant_cpu_to_le16(num_events);
304 
305         for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306                 put_unaligned_le16(mgmt_commands[i], opcode);
307 
308         for (i = 0; i < num_events; i++, opcode++)
309                 put_unaligned_le16(mgmt_events[i], opcode);
310 
311         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
312                            rp_size);
313         kfree(rp);
314 
315         return err;
316 }
317 
318 static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
319                            u16 data_len)
320 {
321         struct mgmt_rp_read_index_list *rp;
322         struct list_head *p;
323         struct hci_dev *d;
324         size_t rp_len;
325         u16 count;
326         int i, err;
327 
328         BT_DBG("sock %p", sk);
329 
330         read_lock(&hci_dev_list_lock);
331 
332         count = 0;
333         list_for_each(p, &hci_dev_list) {
334                 count++;
335         }
336 
337         rp_len = sizeof(*rp) + (2 * count);
338         rp = kmalloc(rp_len, GFP_ATOMIC);
339         if (!rp) {
340                 read_unlock(&hci_dev_list_lock);
341                 return -ENOMEM;
342         }
343 
344         rp->num_controllers = cpu_to_le16(count);
345 
346         i = 0;
347         list_for_each_entry(d, &hci_dev_list, list) {
348                 if (test_bit(HCI_SETUP, &d->dev_flags))
349                         continue;
350 
351                 rp->index[i++] = cpu_to_le16(d->id);
352                 BT_DBG("Added hci%u", d->id);
353         }
354 
355         read_unlock(&hci_dev_list_lock);
356 
357         err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
358                            rp_len);
359 
360         kfree(rp);
361 
362         return err;
363 }
364 
365 static u32 get_supported_settings(struct hci_dev *hdev)
366 {
367         u32 settings = 0;
368 
369         settings |= MGMT_SETTING_POWERED;
370         settings |= MGMT_SETTING_CONNECTABLE;
371         settings |= MGMT_SETTING_FAST_CONNECTABLE;
372         settings |= MGMT_SETTING_DISCOVERABLE;
373         settings |= MGMT_SETTING_PAIRABLE;
374 
375         if (hdev->features[6] & LMP_SIMPLE_PAIR)
376                 settings |= MGMT_SETTING_SSP;
377 
378         if (!(hdev->features[4] & LMP_NO_BREDR)) {
379                 settings |= MGMT_SETTING_BREDR;
380                 settings |= MGMT_SETTING_LINK_SECURITY;
381         }
382 
383         if (enable_hs)
384                 settings |= MGMT_SETTING_HS;
385 
386         if (hdev->features[4] & LMP_LE)
387                 settings |= MGMT_SETTING_LE;
388 
389         return settings;
390 }
391 
392 static u32 get_current_settings(struct hci_dev *hdev)
393 {
394         u32 settings = 0;
395 
396         if (hdev_is_powered(hdev))
397                 settings |= MGMT_SETTING_POWERED;
398 
399         if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
400                 settings |= MGMT_SETTING_CONNECTABLE;
401 
402         if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
403                 settings |= MGMT_SETTING_DISCOVERABLE;
404 
405         if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
406                 settings |= MGMT_SETTING_PAIRABLE;
407 
408         if (!(hdev->features[4] & LMP_NO_BREDR))
409                 settings |= MGMT_SETTING_BREDR;
410 
411         if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
412                 settings |= MGMT_SETTING_LE;
413 
414         if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
415                 settings |= MGMT_SETTING_LINK_SECURITY;
416 
417         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
418                 settings |= MGMT_SETTING_SSP;
419 
420         if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421                 settings |= MGMT_SETTING_HS;
422 
423         return settings;
424 }
425 
426 #define PNP_INFO_SVCLASS_ID             0x1200
427 
428 static u8 bluetooth_base_uuid[] = {
429                         0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
430                         0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
431 };
432 
433 static u16 get_uuid16(u8 *uuid128)
434 {
435         u32 val;
436         int i;
437 
438         for (i = 0; i < 12; i++) {
439                 if (bluetooth_base_uuid[i] != uuid128[i])
440                         return 0;
441         }
442 
443         val = get_unaligned_le32(&uuid128[12]);
444         if (val > 0xffff)
445                 return 0;
446 
447         return (u16) val;
448 }
449 
450 static void create_eir(struct hci_dev *hdev, u8 *data)
451 {
452         u8 *ptr = data;
453         u16 eir_len = 0;
454         u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
455         int i, truncated = 0;
456         struct bt_uuid *uuid;
457         size_t name_len;
458 
459         name_len = strlen(hdev->dev_name);
460 
461         if (name_len > 0) {
462                 /* EIR Data type */
463                 if (name_len > 48) {
464                         name_len = 48;
465                         ptr[1] = EIR_NAME_SHORT;
466                 } else
467                         ptr[1] = EIR_NAME_COMPLETE;
468 
469                 /* EIR Data length */
470                 ptr[0] = name_len + 1;
471 
472                 memcpy(ptr + 2, hdev->dev_name, name_len);
473 
474                 eir_len += (name_len + 2);
475                 ptr += (name_len + 2);
476         }
477 
478         if (hdev->inq_tx_power) {
479                 ptr[0] = 2;
480                 ptr[1] = EIR_TX_POWER;
481                 ptr[2] = (u8) hdev->inq_tx_power;
482 
483                 eir_len += 3;
484                 ptr += 3;
485         }
486 
487         if (hdev->devid_source > 0) {
488                 ptr[0] = 9;
489                 ptr[1] = EIR_DEVICE_ID;
490 
491                 put_unaligned_le16(hdev->devid_source, ptr + 2);
492                 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
493                 put_unaligned_le16(hdev->devid_product, ptr + 6);
494                 put_unaligned_le16(hdev->devid_version, ptr + 8);
495 
496                 eir_len += 10;
497                 ptr += 10;
498         }
499 
500         memset(uuid16_list, 0, sizeof(uuid16_list));
501 
502         /* Group all UUID16 types */
503         list_for_each_entry(uuid, &hdev->uuids, list) {
504                 u16 uuid16;
505 
506                 uuid16 = get_uuid16(uuid->uuid);
507                 if (uuid16 == 0)
508                         return;
509 
510                 if (uuid16 < 0x1100)
511                         continue;
512 
513                 if (uuid16 == PNP_INFO_SVCLASS_ID)
514                         continue;
515 
516                 /* Stop if not enough space to put next UUID */
517                 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
518                         truncated = 1;
519                         break;
520                 }
521 
522                 /* Check for duplicates */
523                 for (i = 0; uuid16_list[i] != 0; i++)
524                         if (uuid16_list[i] == uuid16)
525                                 break;
526 
527                 if (uuid16_list[i] == 0) {
528                         uuid16_list[i] = uuid16;
529                         eir_len += sizeof(u16);
530                 }
531         }
532 
533         if (uuid16_list[0] != 0) {
534                 u8 *length = ptr;
535 
536                 /* EIR Data type */
537                 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
538 
539                 ptr += 2;
540                 eir_len += 2;
541 
542                 for (i = 0; uuid16_list[i] != 0; i++) {
543                         *ptr++ = (uuid16_list[i] & 0x00ff);
544                         *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
545                 }
546 
547                 /* EIR Data length */
548                 *length = (i * sizeof(u16)) + 1;
549         }
550 }
551 
552 static int update_eir(struct hci_dev *hdev)
553 {
554         struct hci_cp_write_eir cp;
555 
556         if (!hdev_is_powered(hdev))
557                 return 0;
558 
559         if (!(hdev->features[6] & LMP_EXT_INQ))
560                 return 0;
561 
562         if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
563                 return 0;
564 
565         if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
566                 return 0;
567 
568         memset(&cp, 0, sizeof(cp));
569 
570         create_eir(hdev, cp.data);
571 
572         if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
573                 return 0;
574 
575         memcpy(hdev->eir, cp.data, sizeof(cp.data));
576 
577         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
578 }
579 
580 static u8 get_service_classes(struct hci_dev *hdev)
581 {
582         struct bt_uuid *uuid;
583         u8 val = 0;
584 
585         list_for_each_entry(uuid, &hdev->uuids, list)
586                 val |= uuid->svc_hint;
587 
588         return val;
589 }
590 
591 static int update_class(struct hci_dev *hdev)
592 {
593         u8 cod[3];
594         int err;
595 
596         BT_DBG("%s", hdev->name);
597 
598         if (!hdev_is_powered(hdev))
599                 return 0;
600 
601         if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
602                 return 0;
603 
604         cod[0] = hdev->minor_class;
605         cod[1] = hdev->major_class;
606         cod[2] = get_service_classes(hdev);
607 
608         if (memcmp(cod, hdev->dev_class, 3) == 0)
609                 return 0;
610 
611         err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
612         if (err == 0)
613                 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
614 
615         return err;
616 }
617 
618 static void service_cache_off(struct work_struct *work)
619 {
620         struct hci_dev *hdev = container_of(work, struct hci_dev,
621                                             service_cache.work);
622 
623         if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
624                 return;
625 
626         hci_dev_lock(hdev);
627 
628         update_eir(hdev);
629         update_class(hdev);
630 
631         hci_dev_unlock(hdev);
632 }
633 
634 static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
635 {
636         if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
637                 return;
638 
639         INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
640 
641         /* Non-mgmt controlled devices get this bit set
642          * implicitly so that pairing works for them, however
643          * for mgmt we require user-space to explicitly enable
644          * it
645          */
646         clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
647 }
648 
649 static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
650                                 void *data, u16 data_len)
651 {
652         struct mgmt_rp_read_info rp;
653 
654         BT_DBG("sock %p %s", sk, hdev->name);
655 
656         hci_dev_lock(hdev);
657 
658         memset(&rp, 0, sizeof(rp));
659 
660         bacpy(&rp.bdaddr, &hdev->bdaddr);
661 
662         rp.version = hdev->hci_ver;
663         rp.manufacturer = cpu_to_le16(hdev->manufacturer);
664 
665         rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
666         rp.current_settings = cpu_to_le32(get_current_settings(hdev));
667 
668         memcpy(rp.dev_class, hdev->dev_class, 3);
669 
670         memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
671         memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
672 
673         hci_dev_unlock(hdev);
674 
675         return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
676                             sizeof(rp));
677 }
678 
679 static void mgmt_pending_free(struct pending_cmd *cmd)
680 {
681         sock_put(cmd->sk);
682         kfree(cmd->param);
683         kfree(cmd);
684 }
685 
686 static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
687                                             struct hci_dev *hdev, void *data,
688                                             u16 len)
689 {
690         struct pending_cmd *cmd;
691 
692         cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
693         if (!cmd)
694                 return NULL;
695 
696         cmd->opcode = opcode;
697         cmd->index = hdev->id;
698 
699         cmd->param = kmalloc(len, GFP_ATOMIC);
700         if (!cmd->param) {
701                 kfree(cmd);
702                 return NULL;
703         }
704 
705         if (data)
706                 memcpy(cmd->param, data, len);
707 
708         cmd->sk = sk;
709         sock_hold(sk);
710 
711         list_add(&cmd->list, &hdev->mgmt_pending);
712 
713         return cmd;
714 }
715 
716 static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
717                                  void (*cb)(struct pending_cmd *cmd, void *data),
718                                  void *data)
719 {
720         struct list_head *p, *n;
721 
722         list_for_each_safe(p, n, &hdev->mgmt_pending) {
723                 struct pending_cmd *cmd;
724 
725                 cmd = list_entry(p, struct pending_cmd, list);
726 
727                 if (opcode > 0 && cmd->opcode != opcode)
728                         continue;
729 
730                 cb(cmd, data);
731         }
732 }
733 
734 static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
735 {
736         struct pending_cmd *cmd;
737 
738         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
739                 if (cmd->opcode == opcode)
740                         return cmd;
741         }
742 
743         return NULL;
744 }
745 
746 static void mgmt_pending_remove(struct pending_cmd *cmd)
747 {
748         list_del(&cmd->list);
749         mgmt_pending_free(cmd);
750 }
751 
752 static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
753 {
754         __le32 settings = cpu_to_le32(get_current_settings(hdev));
755 
756         return cmd_complete(sk, hdev->id, opcode, 0, &settings,
757                             sizeof(settings));
758 }
759 
760 static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
761                        u16 len)
762 {
763         struct mgmt_mode *cp = data;
764         struct pending_cmd *cmd;
765         int err;
766 
767         BT_DBG("request for %s", hdev->name);
768 
769         hci_dev_lock(hdev);
770 
771         if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
772                 cancel_delayed_work(&hdev->power_off);
773 
774                 if (cp->val) {
775                         err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
776                         mgmt_powered(hdev, 1);
777                         goto failed;
778                 }
779         }
780 
781         if (!!cp->val == hdev_is_powered(hdev)) {
782                 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
783                 goto failed;
784         }
785 
786         if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
787                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
788                                  MGMT_STATUS_BUSY);
789                 goto failed;
790         }
791 
792         cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
793         if (!cmd) {
794                 err = -ENOMEM;
795                 goto failed;
796         }
797 
798         if (cp->val)
799                 schedule_work(&hdev->power_on);
800         else
801                 schedule_work(&hdev->power_off.work);
802 
803         err = 0;
804 
805 failed:
806         hci_dev_unlock(hdev);
807         return err;
808 }
809 
810 static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
811                       struct sock *skip_sk)
812 {
813         struct sk_buff *skb;
814         struct mgmt_hdr *hdr;
815 
816         skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
817         if (!skb)
818                 return -ENOMEM;
819 
820         hdr = (void *) skb_put(skb, sizeof(*hdr));
821         hdr->opcode = cpu_to_le16(event);
822         if (hdev)
823                 hdr->index = cpu_to_le16(hdev->id);
824         else
825                 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
826         hdr->len = cpu_to_le16(data_len);
827 
828         if (data)
829                 memcpy(skb_put(skb, data_len), data, data_len);
830 
831         /* Time stamp */
832         __net_timestamp(skb);
833 
834         hci_send_to_control(skb, skip_sk);
835         kfree_skb(skb);
836 
837         return 0;
838 }
839 
840 static int new_settings(struct hci_dev *hdev, struct sock *skip)
841 {
842         __le32 ev;
843 
844         ev = cpu_to_le32(get_current_settings(hdev));
845 
846         return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
847 }
848 
849 static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
850                             u16 len)
851 {
852         struct mgmt_cp_set_discoverable *cp = data;
853         struct pending_cmd *cmd;
854         u16 timeout;
855         u8 scan;
856         int err;
857 
858         BT_DBG("request for %s", hdev->name);
859 
860         timeout = __le16_to_cpu(cp->timeout);
861         if (!cp->val && timeout > 0)
862                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
863                                   MGMT_STATUS_INVALID_PARAMS);
864 
865         hci_dev_lock(hdev);
866 
867         if (!hdev_is_powered(hdev) && timeout > 0) {
868                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
869                                  MGMT_STATUS_NOT_POWERED);
870                 goto failed;
871         }
872 
873         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
874                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
875                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
876                                  MGMT_STATUS_BUSY);
877                 goto failed;
878         }
879 
880         if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
881                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
882                                  MGMT_STATUS_REJECTED);
883                 goto failed;
884         }
885 
886         if (!hdev_is_powered(hdev)) {
887                 bool changed = false;
888 
889                 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
890                         change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
891                         changed = true;
892                 }
893 
894                 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
895                 if (err < 0)
896                         goto failed;
897 
898                 if (changed)
899                         err = new_settings(hdev, sk);
900 
901                 goto failed;
902         }
903 
904         if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
905                 if (hdev->discov_timeout > 0) {
906                         cancel_delayed_work(&hdev->discov_off);
907                         hdev->discov_timeout = 0;
908                 }
909 
910                 if (cp->val && timeout > 0) {
911                         hdev->discov_timeout = timeout;
912                         queue_delayed_work(hdev->workqueue, &hdev->discov_off,
913                                 msecs_to_jiffies(hdev->discov_timeout * 1000));
914                 }
915 
916                 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
917                 goto failed;
918         }
919 
920         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
921         if (!cmd) {
922                 err = -ENOMEM;
923                 goto failed;
924         }
925 
926         scan = SCAN_PAGE;
927 
928         if (cp->val)
929                 scan |= SCAN_INQUIRY;
930         else
931                 cancel_delayed_work(&hdev->discov_off);
932 
933         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
934         if (err < 0)
935                 mgmt_pending_remove(cmd);
936 
937         if (cp->val)
938                 hdev->discov_timeout = timeout;
939 
940 failed:
941         hci_dev_unlock(hdev);
942         return err;
943 }
944 
945 static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
946                            u16 len)
947 {
948         struct mgmt_mode *cp = data;
949         struct pending_cmd *cmd;
950         u8 scan;
951         int err;
952 
953         BT_DBG("request for %s", hdev->name);
954 
955         hci_dev_lock(hdev);
956 
957         if (!hdev_is_powered(hdev)) {
958                 bool changed = false;
959 
960                 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
961                         changed = true;
962 
963                 if (cp->val) {
964                         set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
965                 } else {
966                         clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
967                         clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
968                 }
969 
970                 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
971                 if (err < 0)
972                         goto failed;
973 
974                 if (changed)
975                         err = new_settings(hdev, sk);
976 
977                 goto failed;
978         }
979 
980         if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
981                         mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
982                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
983                                  MGMT_STATUS_BUSY);
984                 goto failed;
985         }
986 
987         if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
988                 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
989                 goto failed;
990         }
991 
992         cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
993         if (!cmd) {
994                 err = -ENOMEM;
995                 goto failed;
996         }
997 
998         if (cp->val) {
999                 scan = SCAN_PAGE;
1000         } else {
1001                 scan = 0;
1002 
1003                 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1004                                                 hdev->discov_timeout > 0)
1005                         cancel_delayed_work(&hdev->discov_off);
1006         }
1007 
1008         err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1009         if (err < 0)
1010                 mgmt_pending_remove(cmd);
1011 
1012 failed:
1013         hci_dev_unlock(hdev);
1014         return err;
1015 }
1016 
1017 static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1018                         u16 len)
1019 {
1020         struct mgmt_mode *cp = data;
1021         int err;
1022 
1023         BT_DBG("request for %s", hdev->name);
1024 
1025         hci_dev_lock(hdev);
1026 
1027         if (cp->val)
1028                 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
1029         else
1030                 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
1031 
1032         err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
1033         if (err < 0)
1034                 goto failed;
1035 
1036         err = new_settings(hdev, sk);
1037 
1038 failed:
1039         hci_dev_unlock(hdev);
1040         return err;
1041 }
1042 
1043 static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1044                              u16 len)
1045 {
1046         struct mgmt_mode *cp = data;
1047         struct pending_cmd *cmd;
1048         u8 val;
1049         int err;
1050 
1051         BT_DBG("request for %s", hdev->name);
1052 
1053         hci_dev_lock(hdev);
1054 
1055         if (!hdev_is_powered(hdev)) {
1056                 bool changed = false;
1057 
1058                 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1059                                                         &hdev->dev_flags)) {
1060                         change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1061                         changed = true;
1062                 }
1063 
1064                 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1065                 if (err < 0)
1066                         goto failed;
1067 
1068                 if (changed)
1069                         err = new_settings(hdev, sk);
1070 
1071                 goto failed;
1072         }
1073 
1074         if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1075                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1076                                  MGMT_STATUS_BUSY);
1077                 goto failed;
1078         }
1079 
1080         val = !!cp->val;
1081 
1082         if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1083                 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1084                 goto failed;
1085         }
1086 
1087         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1088         if (!cmd) {
1089                 err = -ENOMEM;
1090                 goto failed;
1091         }
1092 
1093         err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1094         if (err < 0) {
1095                 mgmt_pending_remove(cmd);
1096                 goto failed;
1097         }
1098 
1099 failed:
1100         hci_dev_unlock(hdev);
1101         return err;
1102 }
1103 
1104 static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1105 {
1106         struct mgmt_mode *cp = data;
1107         struct pending_cmd *cmd;
1108         u8 val;
1109         int err;
1110 
1111         BT_DBG("request for %s", hdev->name);
1112 
1113         hci_dev_lock(hdev);
1114 
1115         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1116                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1117                                  MGMT_STATUS_NOT_SUPPORTED);
1118                 goto failed;
1119         }
1120 
1121         val = !!cp->val;
1122 
1123         if (!hdev_is_powered(hdev)) {
1124                 bool changed = false;
1125 
1126                 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1127                         change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1128                         changed = true;
1129                 }
1130 
1131                 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1132                 if (err < 0)
1133                         goto failed;
1134 
1135                 if (changed)
1136                         err = new_settings(hdev, sk);
1137 
1138                 goto failed;
1139         }
1140 
1141         if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1142                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1143                                  MGMT_STATUS_BUSY);
1144                 goto failed;
1145         }
1146 
1147         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1148                 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1149                 goto failed;
1150         }
1151 
1152         cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1153         if (!cmd) {
1154                 err = -ENOMEM;
1155                 goto failed;
1156         }
1157 
1158         err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1159         if (err < 0) {
1160                 mgmt_pending_remove(cmd);
1161                 goto failed;
1162         }
1163 
1164 failed:
1165         hci_dev_unlock(hdev);
1166         return err;
1167 }
1168 
1169 static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1170 {
1171         struct mgmt_mode *cp = data;
1172 
1173         BT_DBG("request for %s", hdev->name);
1174 
1175         if (!enable_hs)
1176                 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1177                                   MGMT_STATUS_NOT_SUPPORTED);
1178 
1179         if (cp->val)
1180                 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1181         else
1182                 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1183 
1184         return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1185 }
1186 
1187 static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1188 {
1189         struct mgmt_mode *cp = data;
1190         struct hci_cp_write_le_host_supported hci_cp;
1191         struct pending_cmd *cmd;
1192         int err;
1193         u8 val, enabled;
1194 
1195         BT_DBG("request for %s", hdev->name);
1196 
1197         hci_dev_lock(hdev);
1198 
1199         if (!(hdev->features[4] & LMP_LE)) {
1200                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1201                                  MGMT_STATUS_NOT_SUPPORTED);
1202                 goto unlock;
1203         }
1204 
1205         val = !!cp->val;
1206         enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
1207 
1208         if (!hdev_is_powered(hdev) || val == enabled) {
1209                 bool changed = false;
1210 
1211                 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1212                         change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1213                         changed = true;
1214                 }
1215 
1216                 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1217                 if (err < 0)
1218                         goto unlock;
1219 
1220                 if (changed)
1221                         err = new_settings(hdev, sk);
1222 
1223                 goto unlock;
1224         }
1225 
1226         if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1227                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1228                                  MGMT_STATUS_BUSY);
1229                 goto unlock;
1230         }
1231 
1232         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1233         if (!cmd) {
1234                 err = -ENOMEM;
1235                 goto unlock;
1236         }
1237 
1238         memset(&hci_cp, 0, sizeof(hci_cp));
1239 
1240         if (val) {
1241                 hci_cp.le = val;
1242                 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1243         }
1244 
1245         err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1246                            &hci_cp);
1247         if (err < 0)
1248                 mgmt_pending_remove(cmd);
1249 
1250 unlock:
1251         hci_dev_unlock(hdev);
1252         return err;
1253 }
1254 
1255 static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
1256 {
1257         struct mgmt_cp_add_uuid *cp = data;
1258         struct pending_cmd *cmd;
1259         struct bt_uuid *uuid;
1260         int err;
1261 
1262         BT_DBG("request for %s", hdev->name);
1263 
1264         hci_dev_lock(hdev);
1265 
1266         if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1267                 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1268                                  MGMT_STATUS_BUSY);
1269                 goto failed;
1270         }
1271 
1272         uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1273         if (!uuid) {
1274                 err = -ENOMEM;
1275                 goto failed;
1276         }
1277 
1278         memcpy(uuid->uuid, cp->uuid, 16);
1279         uuid->svc_hint = cp->svc_hint;
1280 
1281         list_add(&uuid->list, &hdev->uuids);
1282 
1283         err = update_class(hdev);
1284         if (err < 0)
1285                 goto failed;
1286 
1287         err = update_eir(hdev);
1288         if (err < 0)
1289                 goto failed;
1290 
1291         if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1292                 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1293                                    hdev->dev_class, 3);
1294                 goto failed;
1295         }
1296 
1297         cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1298         if (!cmd)
1299                 err = -ENOMEM;
1300 
1301 failed:
1302         hci_dev_unlock(hdev);
1303         return err;
1304 }
1305 
1306 static bool enable_service_cache(struct hci_dev *hdev)
1307 {
1308         if (!hdev_is_powered(hdev))
1309                 return false;
1310 
1311         if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1312                 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
1313                 return true;
1314         }
1315 
1316         return false;
1317 }
1318 
1319 static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1320                                                                 u16 len)
1321 {
1322         struct mgmt_cp_remove_uuid *cp = data;
1323         struct pending_cmd *cmd;
1324         struct list_head *p, *n;
1325         u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
1326         int err, found;
1327 
1328         BT_DBG("request for %s", hdev->name);
1329 
1330         hci_dev_lock(hdev);
1331 
1332         if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1333                 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1334                                  MGMT_STATUS_BUSY);
1335                 goto unlock;
1336         }
1337 
1338         if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1339                 err = hci_uuids_clear(hdev);
1340 
1341                 if (enable_service_cache(hdev)) {
1342                         err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1343                                            0, hdev->dev_class, 3);
1344                         goto unlock;
1345                 }
1346 
1347                 goto update_class;
1348         }
1349 
1350         found = 0;
1351 
1352         list_for_each_safe(p, n, &hdev->uuids) {
1353                 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1354 
1355                 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1356                         continue;
1357 
1358                 list_del(&match->list);
1359                 found++;
1360         }
1361 
1362         if (found == 0) {
1363                 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1364                                  MGMT_STATUS_INVALID_PARAMS);
1365                 goto unlock;
1366         }
1367 
1368 update_class:
1369         err = update_class(hdev);
1370         if (err < 0)
1371                 goto unlock;
1372 
1373         err = update_eir(hdev);
1374         if (err < 0)
1375                 goto unlock;
1376 
1377         if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1378                 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1379                                    hdev->dev_class, 3);
1380                 goto unlock;
1381         }
1382 
1383         cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1384         if (!cmd)
1385                 err = -ENOMEM;
1386 
1387 unlock:
1388         hci_dev_unlock(hdev);
1389         return err;
1390 }
1391 
1392 static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1393                          u16 len)
1394 {
1395         struct mgmt_cp_set_dev_class *cp = data;
1396         struct pending_cmd *cmd;
1397         int err;
1398 
1399         BT_DBG("request for %s", hdev->name);
1400 
1401         hci_dev_lock(hdev);
1402 
1403         if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1404                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1405                                  MGMT_STATUS_BUSY);
1406                 goto unlock;
1407         }
1408 
1409         hdev->major_class = cp->major;
1410         hdev->minor_class = cp->minor;
1411 
1412         if (!hdev_is_powered(hdev)) {
1413                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1414                                    hdev->dev_class, 3);
1415                 goto unlock;
1416         }
1417 
1418         if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1419                 hci_dev_unlock(hdev);
1420                 cancel_delayed_work_sync(&hdev->service_cache);
1421                 hci_dev_lock(hdev);
1422                 update_eir(hdev);
1423         }
1424 
1425         err = update_class(hdev);
1426         if (err < 0)
1427                 goto unlock;
1428 
1429         if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1430                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
1431                                    hdev->dev_class, 3);
1432                 goto unlock;
1433         }
1434 
1435         cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1436         if (!cmd)
1437                 err = -ENOMEM;
1438 
1439 unlock:
1440         hci_dev_unlock(hdev);
1441         return err;
1442 }
1443 
1444 static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1445                                                                 u16 len)
1446 {
1447         struct mgmt_cp_load_link_keys *cp = data;
1448         u16 key_count, expected_len;
1449         int i;
1450 
1451         key_count = __le16_to_cpu(cp->key_count);
1452 
1453         expected_len = sizeof(*cp) + key_count *
1454                                         sizeof(struct mgmt_link_key_info);
1455         if (expected_len != len) {
1456                 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
1457                                                         len, expected_len);
1458                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1459                                   MGMT_STATUS_INVALID_PARAMS);
1460         }
1461 
1462         BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
1463                                                                 key_count);
1464 
1465         hci_dev_lock(hdev);
1466 
1467         hci_link_keys_clear(hdev);
1468 
1469         set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
1470 
1471         if (cp->debug_keys)
1472                 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1473         else
1474                 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
1475 
1476         for (i = 0; i < key_count; i++) {
1477                 struct mgmt_link_key_info *key = &cp->keys[i];
1478 
1479                 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1480                                  key->type, key->pin_len);
1481         }
1482 
1483         cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
1484 
1485         hci_dev_unlock(hdev);
1486 
1487         return 0;
1488 }
1489 
1490 static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1491                            u8 addr_type, struct sock *skip_sk)
1492 {
1493         struct mgmt_ev_device_unpaired ev;
1494 
1495         bacpy(&ev.addr.bdaddr, bdaddr);
1496         ev.addr.type = addr_type;
1497 
1498         return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1499                           skip_sk);
1500 }
1501 
1502 static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1503                          u16 len)
1504 {
1505         struct mgmt_cp_unpair_device *cp = data;
1506         struct mgmt_rp_unpair_device rp;
1507         struct hci_cp_disconnect dc;
1508         struct pending_cmd *cmd;
1509         struct hci_conn *conn;
1510         int err;
1511 
1512         hci_dev_lock(hdev);
1513 
1514         memset(&rp, 0, sizeof(rp));
1515         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1516         rp.addr.type = cp->addr.type;
1517 
1518         if (!hdev_is_powered(hdev)) {
1519                 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1520                                    MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
1521                 goto unlock;
1522         }
1523 
1524         if (cp->addr.type == BDADDR_BREDR)
1525                 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1526         else
1527                 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
1528 
1529         if (err < 0) {
1530                 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1531                                    MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
1532                 goto unlock;
1533         }
1534 
1535         if (cp->disconnect) {
1536                 if (cp->addr.type == BDADDR_BREDR)
1537                         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1538                                                         &cp->addr.bdaddr);
1539                 else
1540                         conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1541                                                         &cp->addr.bdaddr);
1542         } else {
1543                 conn = NULL;
1544         }
1545 
1546         if (!conn) {
1547                 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
1548                                    &rp, sizeof(rp));
1549                 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
1550                 goto unlock;
1551         }
1552 
1553         cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1554                                sizeof(*cp));
1555         if (!cmd) {
1556                 err = -ENOMEM;
1557                 goto unlock;
1558         }
1559 
1560         dc.handle = cpu_to_le16(conn->handle);
1561         dc.reason = 0x13; /* Remote User Terminated Connection */
1562         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1563         if (err < 0)
1564                 mgmt_pending_remove(cmd);
1565 
1566 unlock:
1567         hci_dev_unlock(hdev);
1568         return err;
1569 }
1570 
1571 static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1572                       u16 len)
1573 {
1574         struct mgmt_cp_disconnect *cp = data;
1575         struct hci_cp_disconnect dc;
1576         struct pending_cmd *cmd;
1577         struct hci_conn *conn;
1578         int err;
1579 
1580         BT_DBG("");
1581 
1582         hci_dev_lock(hdev);
1583 
1584         if (!test_bit(HCI_UP, &hdev->flags)) {
1585                 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1586                                  MGMT_STATUS_NOT_POWERED);
1587                 goto failed;
1588         }
1589 
1590         if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
1591                 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1592                                  MGMT_STATUS_BUSY);
1593                 goto failed;
1594         }
1595 
1596         if (cp->addr.type == BDADDR_BREDR)
1597                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1598         else
1599                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
1600 
1601         if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
1602                 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
1603                                  MGMT_STATUS_NOT_CONNECTED);
1604                 goto failed;
1605         }
1606 
1607         cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
1608         if (!cmd) {
1609                 err = -ENOMEM;
1610                 goto failed;
1611         }
1612 
1613         dc.handle = cpu_to_le16(conn->handle);
1614         dc.reason = 0x13; /* Remote User Terminated Connection */
1615 
1616         err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1617         if (err < 0)
1618                 mgmt_pending_remove(cmd);
1619 
1620 failed:
1621         hci_dev_unlock(hdev);
1622         return err;
1623 }
1624 
1625 static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
1626 {
1627         switch (link_type) {
1628         case LE_LINK:
1629                 switch (addr_type) {
1630                 case ADDR_LE_DEV_PUBLIC:
1631                         return BDADDR_LE_PUBLIC;
1632 
1633                 default:
1634                         /* Fallback to LE Random address type */
1635                         return BDADDR_LE_RANDOM;
1636                 }
1637 
1638         default:
1639                 /* Fallback to BR/EDR type */
1640                 return BDADDR_BREDR;
1641         }
1642 }
1643 
1644 static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1645                            u16 data_len)
1646 {
1647         struct mgmt_rp_get_connections *rp;
1648         struct hci_conn *c;
1649         size_t rp_len;
1650         int err;
1651         u16 i;
1652 
1653         BT_DBG("");
1654 
1655         hci_dev_lock(hdev);
1656 
1657         if (!hdev_is_powered(hdev)) {
1658                 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
1659                                  MGMT_STATUS_NOT_POWERED);
1660                 goto unlock;
1661         }
1662 
1663         i = 0;
1664         list_for_each_entry(c, &hdev->conn_hash.list, list) {
1665                 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1666                         i++;
1667         }
1668 
1669         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1670         rp = kmalloc(rp_len, GFP_ATOMIC);
1671         if (!rp) {
1672                 err = -ENOMEM;
1673                 goto unlock;
1674         }
1675 
1676         i = 0;
1677         list_for_each_entry(c, &hdev->conn_hash.list, list) {
1678                 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1679                         continue;
1680                 bacpy(&rp->addr[i].bdaddr, &c->dst);
1681                 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
1682                 if (c->type == SCO_LINK || c->type == ESCO_LINK)
1683                         continue;
1684                 i++;
1685         }
1686 
1687         rp->conn_count = cpu_to_le16(i);
1688 
1689         /* Recalculate length in case of filtered SCO connections, etc */
1690         rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
1691 
1692         err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1693                            rp_len);
1694 
1695         kfree(rp);
1696 
1697 unlock:
1698         hci_dev_unlock(hdev);
1699         return err;
1700 }
1701 
1702 static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1703                                    struct mgmt_cp_pin_code_neg_reply *cp)
1704 {
1705         struct pending_cmd *cmd;
1706         int err;
1707 
1708         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
1709                                sizeof(*cp));
1710         if (!cmd)
1711                 return -ENOMEM;
1712 
1713         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1714                            sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
1715         if (err < 0)
1716                 mgmt_pending_remove(cmd);
1717 
1718         return err;
1719 }
1720 
1721 static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1722                           u16 len)
1723 {
1724         struct hci_conn *conn;
1725         struct mgmt_cp_pin_code_reply *cp = data;
1726         struct hci_cp_pin_code_reply reply;
1727         struct pending_cmd *cmd;
1728         int err;
1729 
1730         BT_DBG("");
1731 
1732         hci_dev_lock(hdev);
1733 
1734         if (!hdev_is_powered(hdev)) {
1735                 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1736                                  MGMT_STATUS_NOT_POWERED);
1737                 goto failed;
1738         }
1739 
1740         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1741         if (!conn) {
1742                 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1743                                  MGMT_STATUS_NOT_CONNECTED);
1744                 goto failed;
1745         }
1746 
1747         if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
1748                 struct mgmt_cp_pin_code_neg_reply ncp;
1749 
1750                 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
1751 
1752                 BT_ERR("PIN code is not 16 bytes long");
1753 
1754                 err = send_pin_code_neg_reply(sk, hdev, &ncp);
1755                 if (err >= 0)
1756                         err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
1757                                          MGMT_STATUS_INVALID_PARAMS);
1758 
1759                 goto failed;
1760         }
1761 
1762         cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
1763         if (!cmd) {
1764                 err = -ENOMEM;
1765                 goto failed;
1766         }
1767 
1768         bacpy(&reply.bdaddr, &cp->addr.bdaddr);
1769         reply.pin_len = cp->pin_len;
1770         memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
1771 
1772         err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1773         if (err < 0)
1774                 mgmt_pending_remove(cmd);
1775 
1776 failed:
1777         hci_dev_unlock(hdev);
1778         return err;
1779 }
1780 
1781 static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1782                               void *data, u16 len)
1783 {
1784         struct mgmt_cp_pin_code_neg_reply *cp = data;
1785         int err;
1786 
1787         BT_DBG("");
1788 
1789         hci_dev_lock(hdev);
1790 
1791         if (!hdev_is_powered(hdev)) {
1792                 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
1793                                  MGMT_STATUS_NOT_POWERED);
1794                 goto failed;
1795         }
1796 
1797         err = send_pin_code_neg_reply(sk, hdev, cp);
1798 
1799 failed:
1800         hci_dev_unlock(hdev);
1801         return err;
1802 }
1803 
1804 static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1805                              u16 len)
1806 {
1807         struct mgmt_cp_set_io_capability *cp = data;
1808 
1809         BT_DBG("");
1810 
1811         hci_dev_lock(hdev);
1812 
1813         hdev->io_capability = cp->io_capability;
1814 
1815         BT_DBG("%s IO capability set to 0x%02x", hdev->name,
1816                                                         hdev->io_capability);
1817 
1818         hci_dev_unlock(hdev);
1819 
1820         return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1821                             0);
1822 }
1823 
1824 static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1825 {
1826         struct hci_dev *hdev = conn->hdev;
1827         struct pending_cmd *cmd;
1828 
1829         list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1830                 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1831                         continue;
1832 
1833                 if (cmd->user_data != conn)
1834                         continue;
1835 
1836                 return cmd;
1837         }
1838 
1839         return NULL;
1840 }
1841 
1842 static void pairing_complete(struct pending_cmd *cmd, u8 status)
1843 {
1844         struct mgmt_rp_pair_device rp;
1845         struct hci_conn *conn = cmd->user_data;
1846 
1847         bacpy(&rp.addr.bdaddr, &conn->dst);
1848         rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
1849 
1850         cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1851                      &rp, sizeof(rp));
1852 
1853         /* So we don't get further callbacks for this connection */
1854         conn->connect_cfm_cb = NULL;
1855         conn->security_cfm_cb = NULL;
1856         conn->disconn_cfm_cb = NULL;
1857 
1858         hci_conn_put(conn);
1859 
1860         mgmt_pending_remove(cmd);
1861 }
1862 
1863 static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1864 {
1865         struct pending_cmd *cmd;
1866 
1867         BT_DBG("status %u", status);
1868 
1869         cmd = find_pairing(conn);
1870         if (!cmd)
1871                 BT_DBG("Unable to find a pending command");
1872         else
1873                 pairing_complete(cmd, mgmt_status(status));
1874 }
1875 
1876 static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1877 {
1878         struct pending_cmd *cmd;
1879 
1880         BT_DBG("status %u", status);
1881 
1882         if (!status)
1883                 return;
1884 
1885         cmd = find_pairing(conn);
1886         if (!cmd)
1887                 BT_DBG("Unable to find a pending command");
1888         else
1889                 pairing_complete(cmd, mgmt_status(status));
1890 }
1891 
1892 static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1893                        u16 len)
1894 {
1895         struct mgmt_cp_pair_device *cp = data;
1896         struct mgmt_rp_pair_device rp;
1897         struct pending_cmd *cmd;
1898         u8 sec_level, auth_type;
1899         struct hci_conn *conn;
1900         int err;
1901 
1902         BT_DBG("");
1903 
1904         hci_dev_lock(hdev);
1905 
1906         if (!hdev_is_powered(hdev)) {
1907                 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1908                                  MGMT_STATUS_NOT_POWERED);
1909                 goto unlock;
1910         }
1911 
1912         sec_level = BT_SECURITY_MEDIUM;
1913         if (cp->io_cap == 0x03)
1914                 auth_type = HCI_AT_DEDICATED_BONDING;
1915         else
1916                 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1917 
1918         if (cp->addr.type == BDADDR_BREDR)
1919                 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1920                                    cp->addr.type, sec_level, auth_type);
1921         else
1922                 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1923                                    cp->addr.type, sec_level, auth_type);
1924 
1925         memset(&rp, 0, sizeof(rp));
1926         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1927         rp.addr.type = cp->addr.type;
1928 
1929         if (IS_ERR(conn)) {
1930                 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1931                                    MGMT_STATUS_CONNECT_FAILED, &rp,
1932                                    sizeof(rp));
1933                 goto unlock;
1934         }
1935 
1936         if (conn->connect_cfm_cb) {
1937                 hci_conn_put(conn);
1938                 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1939                                    MGMT_STATUS_BUSY, &rp, sizeof(rp));
1940                 goto unlock;
1941         }
1942 
1943         cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
1944         if (!cmd) {
1945                 err = -ENOMEM;
1946                 hci_conn_put(conn);
1947                 goto unlock;
1948         }
1949 
1950         /* For LE, just connecting isn't a proof that the pairing finished */
1951         if (cp->addr.type == BDADDR_BREDR)
1952                 conn->connect_cfm_cb = pairing_complete_cb;
1953         else
1954                 conn->connect_cfm_cb = le_connect_complete_cb;
1955 
1956         conn->security_cfm_cb = pairing_complete_cb;
1957         conn->disconn_cfm_cb = pairing_complete_cb;
1958         conn->io_capability = cp->io_cap;
1959         cmd->user_data = conn;
1960 
1961         if (conn->state == BT_CONNECTED &&
1962                                 hci_conn_security(conn, sec_level, auth_type))
1963                 pairing_complete(cmd, 0);
1964 
1965         err = 0;
1966 
1967 unlock:
1968         hci_dev_unlock(hdev);
1969         return err;
1970 }
1971 
1972 static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1973                               u16 len)
1974 {
1975         struct mgmt_addr_info *addr = data;
1976         struct pending_cmd *cmd;
1977         struct hci_conn *conn;
1978         int err;
1979 
1980         BT_DBG("");
1981 
1982         hci_dev_lock(hdev);
1983 
1984         if (!hdev_is_powered(hdev)) {
1985                 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1986                                  MGMT_STATUS_NOT_POWERED);
1987                 goto unlock;
1988         }
1989 
1990         cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1991         if (!cmd) {
1992                 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
1993                                  MGMT_STATUS_INVALID_PARAMS);
1994                 goto unlock;
1995         }
1996 
1997         conn = cmd->user_data;
1998 
1999         if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2000                 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2001                                  MGMT_STATUS_INVALID_PARAMS);
2002                 goto unlock;
2003         }
2004 
2005         pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2006 
2007         err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2008                            addr, sizeof(*addr));
2009 unlock:
2010         hci_dev_unlock(hdev);
2011         return err;
2012 }
2013 
2014 static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
2015                              bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2016                              u16 hci_op, __le32 passkey)
2017 {
2018         struct pending_cmd *cmd;
2019         struct hci_conn *conn;
2020         int err;
2021 
2022         hci_dev_lock(hdev);
2023 
2024         if (!hdev_is_powered(hdev)) {
2025                 err = cmd_status(sk, hdev->id, mgmt_op,
2026                                  MGMT_STATUS_NOT_POWERED);
2027                 goto done;
2028         }
2029 
2030         if (type == BDADDR_BREDR)
2031                 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2032         else
2033                 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
2034 
2035         if (!conn) {
2036                 err = cmd_status(sk, hdev->id, mgmt_op,
2037                                  MGMT_STATUS_NOT_CONNECTED);
2038                 goto done;
2039         }
2040 
2041         if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
2042                 /* Continue with pairing via SMP */
2043                 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2044 
2045                 if (!err)
2046                         err = cmd_status(sk, hdev->id, mgmt_op,
2047                                          MGMT_STATUS_SUCCESS);
2048                 else
2049                         err = cmd_status(sk, hdev->id, mgmt_op,
2050                                          MGMT_STATUS_FAILED);
2051 
2052                 goto done;
2053         }
2054 
2055         cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
2056         if (!cmd) {
2057                 err = -ENOMEM;
2058                 goto done;
2059         }
2060 
2061         /* Continue with pairing via HCI */
2062         if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2063                 struct hci_cp_user_passkey_reply cp;
2064 
2065                 bacpy(&cp.bdaddr, bdaddr);
2066                 cp.passkey = passkey;
2067                 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2068         } else
2069                 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2070 
2071         if (err < 0)
2072                 mgmt_pending_remove(cmd);
2073 
2074 done:
2075         hci_dev_unlock(hdev);
2076         return err;
2077 }
2078 
2079 static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2080                               u16 len)
2081 {
2082         struct mgmt_cp_user_confirm_reply *cp = data;
2083 
2084         BT_DBG("");
2085 
2086         if (len != sizeof(*cp))
2087                 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2088                                   MGMT_STATUS_INVALID_PARAMS);
2089 
2090         return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2091                                  MGMT_OP_USER_CONFIRM_REPLY,
2092                                  HCI_OP_USER_CONFIRM_REPLY, 0);
2093 }
2094 
2095 static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2096                                   void *data, u16 len)
2097 {
2098         struct mgmt_cp_user_confirm_neg_reply *cp = data;
2099 
2100         BT_DBG("");
2101 
2102         return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2103                                  MGMT_OP_USER_CONFIRM_NEG_REPLY,
2104                                  HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
2105 }
2106 
2107 static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2108                               u16 len)
2109 {
2110         struct mgmt_cp_user_passkey_reply *cp = data;
2111 
2112         BT_DBG("");
2113 
2114         return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2115                                  MGMT_OP_USER_PASSKEY_REPLY,
2116                                  HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
2117 }
2118 
2119 static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2120                                   void *data, u16 len)
2121 {
2122         struct mgmt_cp_user_passkey_neg_reply *cp = data;
2123 
2124         BT_DBG("");
2125 
2126         return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2127                                  MGMT_OP_USER_PASSKEY_NEG_REPLY,
2128                                  HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
2129 }
2130 
2131 static int update_name(struct hci_dev *hdev, const char *name)
2132 {
2133         struct hci_cp_write_local_name cp;
2134 
2135         memcpy(cp.name, name, sizeof(cp.name));
2136 
2137         return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2138 }
2139 
2140 static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
2141                           u16 len)
2142 {
2143         struct mgmt_cp_set_local_name *cp = data;
2144         struct pending_cmd *cmd;
2145         int err;
2146 
2147         BT_DBG("");
2148 
2149         hci_dev_lock(hdev);
2150 
2151         memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
2152 
2153         if (!hdev_is_powered(hdev)) {
2154                 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2155 
2156                 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2157                                    data, len);
2158                 if (err < 0)
2159                         goto failed;
2160 
2161                 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2162                                  sk);
2163 
2164                 goto failed;
2165         }
2166 
2167         cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
2168         if (!cmd) {
2169                 err = -ENOMEM;
2170                 goto failed;
2171         }
2172 
2173         err = update_name(hdev, cp->name);
2174         if (err < 0)
2175                 mgmt_pending_remove(cmd);
2176 
2177 failed:
2178         hci_dev_unlock(hdev);
2179         return err;
2180 }
2181 
2182 static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2183                                void *data, u16 data_len)
2184 {
2185         struct pending_cmd *cmd;
2186         int err;
2187 
2188         BT_DBG("%s", hdev->name);
2189 
2190         hci_dev_lock(hdev);
2191 
2192         if (!hdev_is_powered(hdev)) {
2193                 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2194                                  MGMT_STATUS_NOT_POWERED);
2195                 goto unlock;
2196         }
2197 
2198         if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2199                 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2200                                  MGMT_STATUS_NOT_SUPPORTED);
2201                 goto unlock;
2202         }
2203 
2204         if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
2205                 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
2206                                  MGMT_STATUS_BUSY);
2207                 goto unlock;
2208         }
2209 
2210         cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
2211         if (!cmd) {
2212                 err = -ENOMEM;
2213                 goto unlock;
2214         }
2215 
2216         err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2217         if (err < 0)
2218                 mgmt_pending_remove(cmd);
2219 
2220 unlock:
2221         hci_dev_unlock(hdev);
2222         return err;
2223 }
2224 
2225 static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2226                                void *data, u16 len)
2227 {
2228         struct mgmt_cp_add_remote_oob_data *cp = data;
2229         u8 status;
2230         int err;
2231 
2232         BT_DBG("%s ", hdev->name);
2233 
2234         hci_dev_lock(hdev);
2235 
2236         if (!hdev_is_powered(hdev)) {
2237                 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
2238                                    MGMT_STATUS_NOT_POWERED, &cp->addr,
2239                                    sizeof(cp->addr));
2240                 goto unlock;
2241         }
2242 
2243         err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2244                                       cp->randomizer);
2245         if (err < 0)
2246                 status = MGMT_STATUS_FAILED;
2247         else
2248                 status = 0;
2249 
2250         err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2251                            &cp->addr, sizeof(cp->addr));
2252 
2253 unlock:
2254         hci_dev_unlock(hdev);
2255         return err;
2256 }
2257 
2258 static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2259                                                 void *data, u16 len)
2260 {
2261         struct mgmt_cp_remove_remote_oob_data *cp = data;
2262         u8 status;
2263         int err;
2264 
2265         BT_DBG("%s", hdev->name);
2266 
2267         hci_dev_lock(hdev);
2268 
2269         if (!hdev_is_powered(hdev)) {
2270                 err = cmd_complete(sk, hdev->id,
2271                                    MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2272                                    MGMT_STATUS_NOT_POWERED, &cp->addr,
2273                                    sizeof(cp->addr));
2274                 goto unlock;
2275         }
2276 
2277         err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2278         if (err < 0)
2279                 status = MGMT_STATUS_INVALID_PARAMS;
2280         else
2281                 status = 0;
2282 
2283         err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2284                            status, &cp->addr, sizeof(cp->addr));
2285 
2286 unlock:
2287         hci_dev_unlock(hdev);
2288         return err;
2289 }
2290 
2291 int mgmt_interleaved_discovery(struct hci_dev *hdev)
2292 {
2293         int err;
2294 
2295         BT_DBG("%s", hdev->name);
2296 
2297         hci_dev_lock(hdev);
2298 
2299         err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2300         if (err < 0)
2301                 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2302 
2303         hci_dev_unlock(hdev);
2304 
2305         return err;
2306 }
2307 
2308 static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2309                            void *data, u16 len)
2310 {
2311         struct mgmt_cp_start_discovery *cp = data;
2312         struct pending_cmd *cmd;
2313         int err;
2314 
2315         BT_DBG("%s", hdev->name);
2316 
2317         hci_dev_lock(hdev);
2318 
2319         if (!hdev_is_powered(hdev)) {
2320                 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2321                                  MGMT_STATUS_NOT_POWERED);
2322                 goto failed;
2323         }
2324 
2325         if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2326                 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2327                                  MGMT_STATUS_BUSY);
2328                 goto failed;
2329         }
2330 
2331         if (hdev->discovery.state != DISCOVERY_STOPPED) {
2332                 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2333                                  MGMT_STATUS_BUSY);
2334                 goto failed;
2335         }
2336 
2337         cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
2338         if (!cmd) {
2339                 err = -ENOMEM;
2340                 goto failed;
2341         }
2342 
2343         hdev->discovery.type = cp->type;
2344 
2345         switch (hdev->discovery.type) {
2346         case DISCOV_TYPE_BREDR:
2347                 if (lmp_bredr_capable(hdev))
2348                         err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2349                 else
2350                         err = -ENOTSUPP;
2351                 break;
2352 
2353         case DISCOV_TYPE_LE:
2354                 if (lmp_host_le_capable(hdev))
2355                         err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2356                                           LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2357                 else
2358                         err = -ENOTSUPP;
2359                 break;
2360 
2361         case DISCOV_TYPE_INTERLEAVED:
2362                 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2363                         err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2364                                           LE_SCAN_WIN,
2365                                           LE_SCAN_TIMEOUT_BREDR_LE);
2366                 else
2367                         err = -ENOTSUPP;
2368                 break;
2369 
2370         default:
2371                 err = -EINVAL;
2372         }
2373 
2374         if (err < 0)
2375                 mgmt_pending_remove(cmd);
2376         else
2377                 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
2378 
2379 failed:
2380         hci_dev_unlock(hdev);
2381         return err;
2382 }
2383 
2384 static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2385                           u16 len)
2386 {
2387         struct mgmt_cp_stop_discovery *mgmt_cp = data;
2388         struct pending_cmd *cmd;
2389         struct hci_cp_remote_name_req_cancel cp;
2390         struct inquiry_entry *e;
2391         int err;
2392 
2393         BT_DBG("%s", hdev->name);
2394 
2395         hci_dev_lock(hdev);
2396 
2397         if (!hci_discovery_active(hdev)) {
2398                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2399                                    MGMT_STATUS_REJECTED, &mgmt_cp->type,
2400                                    sizeof(mgmt_cp->type));
2401                 goto unlock;
2402         }
2403 
2404         if (hdev->discovery.type != mgmt_cp->type) {
2405                 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2406                                    MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2407                                    sizeof(mgmt_cp->type));
2408                 goto unlock;
2409         }
2410 
2411         cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
2412         if (!cmd) {
2413                 err = -ENOMEM;
2414                 goto unlock;
2415         }
2416 
2417         switch (hdev->discovery.state) {
2418         case DISCOVERY_FINDING:
2419                 if (test_bit(HCI_INQUIRY, &hdev->flags))
2420                         err = hci_cancel_inquiry(hdev);
2421                 else
2422                         err = hci_cancel_le_scan(hdev);
2423 
2424                 break;
2425 
2426         case DISCOVERY_RESOLVING:
2427                 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2428                                                         NAME_PENDING);
2429                 if (!e) {
2430                         mgmt_pending_remove(cmd);
2431                         err = cmd_complete(sk, hdev->id,
2432                                            MGMT_OP_STOP_DISCOVERY, 0,
2433                                            &mgmt_cp->type,
2434                                            sizeof(mgmt_cp->type));
2435                         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2436                         goto unlock;
2437                 }
2438 
2439                 bacpy(&cp.bdaddr, &e->data.bdaddr);
2440                 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2441                                    sizeof(cp), &cp);
2442 
2443                 break;
2444 
2445         default:
2446                 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2447                 err = -EFAULT;
2448         }
2449 
2450         if (err < 0)
2451                 mgmt_pending_remove(cmd);
2452         else
2453                 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2454 
2455 unlock:
2456         hci_dev_unlock(hdev);
2457         return err;
2458 }
2459 
2460 static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2461                         u16 len)
2462 {
2463         struct mgmt_cp_confirm_name *cp = data;
2464         struct inquiry_entry *e;
2465         int err;
2466 
2467         BT_DBG("%s", hdev->name);
2468 
2469         hci_dev_lock(hdev);
2470 
2471         if (!hci_discovery_active(hdev)) {
2472                 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2473                                  MGMT_STATUS_FAILED);
2474                 goto failed;
2475         }
2476 
2477         e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
2478         if (!e) {
2479                 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2480                                  MGMT_STATUS_INVALID_PARAMS);
2481                 goto failed;
2482         }
2483 
2484         if (cp->name_known) {
2485                 e->name_state = NAME_KNOWN;
2486                 list_del(&e->list);
2487         } else {
2488                 e->name_state = NAME_NEEDED;
2489                 hci_inquiry_cache_update_resolve(hdev, e);
2490         }
2491 
2492         err = 0;
2493 
2494 failed:
2495         hci_dev_unlock(hdev);
2496         return err;
2497 }
2498 
2499 static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2500                         u16 len)
2501 {
2502         struct mgmt_cp_block_device *cp = data;
2503         u8 status;
2504         int err;
2505 
2506         BT_DBG("%s", hdev->name);
2507 
2508         hci_dev_lock(hdev);
2509 
2510         err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2511         if (err < 0)
2512                 status = MGMT_STATUS_FAILED;
2513         else
2514                 status = 0;
2515 
2516         err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
2517                            &cp->addr, sizeof(cp->addr));
2518 
2519         hci_dev_unlock(hdev);
2520 
2521         return err;
2522 }
2523 
2524 static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2525                           u16 len)
2526 {
2527         struct mgmt_cp_unblock_device *cp = data;
2528         u8 status;
2529         int err;
2530 
2531         BT_DBG("%s", hdev->name);
2532 
2533         hci_dev_lock(hdev);
2534 
2535         err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2536         if (err < 0)
2537                 status = MGMT_STATUS_INVALID_PARAMS;
2538         else
2539                 status = 0;
2540 
2541         err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
2542                            &cp->addr, sizeof(cp->addr));
2543 
2544         hci_dev_unlock(hdev);
2545 
2546         return err;
2547 }
2548 
2549 static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2550                          u16 len)
2551 {
2552         struct mgmt_cp_set_device_id *cp = data;
2553         int err;
2554         __u16 source;
2555 
2556         BT_DBG("%s", hdev->name);
2557 
2558         source = __le16_to_cpu(cp->source);
2559 
2560         if (source > 0x0002)
2561                 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2562                                   MGMT_STATUS_INVALID_PARAMS);
2563 
2564         hci_dev_lock(hdev);
2565 
2566         hdev->devid_source = source;
2567         hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2568         hdev->devid_product = __le16_to_cpu(cp->product);
2569         hdev->devid_version = __le16_to_cpu(cp->version);
2570 
2571         err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2572 
2573         update_eir(hdev);
2574 
2575         hci_dev_unlock(hdev);
2576 
2577         return err;
2578 }
2579 
2580 static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2581                                 void *data, u16 len)
2582 {
2583         struct mgmt_mode *cp = data;
2584         struct hci_cp_write_page_scan_activity acp;
2585         u8 type;
2586         int err;
2587 
2588         BT_DBG("%s", hdev->name);
2589 
2590         if (!hdev_is_powered(hdev))
2591                 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2592                                   MGMT_STATUS_NOT_POWERED);
2593 
2594         if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2595                 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2596                                   MGMT_STATUS_REJECTED);
2597 
2598         hci_dev_lock(hdev);
2599 
2600         if (cp->val) {
2601                 type = PAGE_SCAN_TYPE_INTERLACED;
2602 
2603                 /* 22.5 msec page scan interval */
2604                 acp.interval = __constant_cpu_to_le16(0x0024);
2605         } else {
2606                 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2607 
2608                 /* default 1.28 sec page scan */
2609                 acp.interval = __constant_cpu_to_le16(0x0800);
2610         }
2611 
2612         /* default 11.25 msec page scan window */
2613         acp.window = __constant_cpu_to_le16(0x0012);
2614 
2615         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2616                            &acp);
2617         if (err < 0) {
2618                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2619                                  MGMT_STATUS_FAILED);
2620                 goto done;
2621         }
2622 
2623         err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2624         if (err < 0) {
2625                 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2626                                  MGMT_STATUS_FAILED);
2627                 goto done;
2628         }
2629 
2630         err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2631                            NULL, 0);
2632 done:
2633         hci_dev_unlock(hdev);
2634         return err;
2635 }
2636 
2637 static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
2638                                void *cp_data, u16 len)
2639 {
2640         struct mgmt_cp_load_long_term_keys *cp = cp_data;
2641         u16 key_count, expected_len;
2642         int i;
2643 
2644         key_count = __le16_to_cpu(cp->key_count);
2645 
2646         expected_len = sizeof(*cp) + key_count *
2647                                         sizeof(struct mgmt_ltk_info);
2648         if (expected_len != len) {
2649                 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2650                                                         len, expected_len);
2651                 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
2652                                   EINVAL);
2653         }
2654 
2655         BT_DBG("%s key_count %u", hdev->name, key_count);
2656 
2657         hci_dev_lock(hdev);
2658 
2659         hci_smp_ltks_clear(hdev);
2660 
2661         for (i = 0; i < key_count; i++) {
2662                 struct mgmt_ltk_info *key = &cp->keys[i];
2663                 u8 type;
2664 
2665                 if (key->master)
2666                         type = HCI_SMP_LTK;
2667                 else
2668                         type = HCI_SMP_LTK_SLAVE;
2669 
2670                 hci_add_ltk(hdev, &key->addr.bdaddr,
2671                             bdaddr_to_le(key->addr.type),
2672                             type, 0, key->authenticated, key->val,
2673                             key->enc_size, key->ediv, key->rand);
2674         }
2675 
2676         hci_dev_unlock(hdev);
2677 
2678         return 0;
2679 }
2680 
2681 static const struct mgmt_handler {
2682         int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2683                      u16 data_len);
2684         bool var_len;
2685         size_t data_len;
2686 } mgmt_handlers[] = {
2687         { NULL }, /* 0x0000 (no command) */
2688         { read_version,           false, MGMT_READ_VERSION_SIZE },
2689         { read_commands,          false, MGMT_READ_COMMANDS_SIZE },
2690         { read_index_list,        false, MGMT_READ_INDEX_LIST_SIZE },
2691         { read_controller_info,   false, MGMT_READ_INFO_SIZE },
2692         { set_powered,            false, MGMT_SETTING_SIZE },
2693         { set_discoverable,       false, MGMT_SET_DISCOVERABLE_SIZE },
2694         { set_connectable,        false, MGMT_SETTING_SIZE },
2695         { set_fast_connectable,   false, MGMT_SETTING_SIZE },
2696         { set_pairable,           false, MGMT_SETTING_SIZE },
2697         { set_link_security,      false, MGMT_SETTING_SIZE },
2698         { set_ssp,                false, MGMT_SETTING_SIZE },
2699         { set_hs,                 false, MGMT_SETTING_SIZE },
2700         { set_le,                 false, MGMT_SETTING_SIZE },
2701         { set_dev_class,          false, MGMT_SET_DEV_CLASS_SIZE },
2702         { set_local_name,         false, MGMT_SET_LOCAL_NAME_SIZE },
2703         { add_uuid,               false, MGMT_ADD_UUID_SIZE },
2704         { remove_uuid,            false, MGMT_REMOVE_UUID_SIZE },
2705         { load_link_keys,         true,  MGMT_LOAD_LINK_KEYS_SIZE },
2706         { load_long_term_keys,    true,  MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2707         { disconnect,             false, MGMT_DISCONNECT_SIZE },
2708         { get_connections,        false, MGMT_GET_CONNECTIONS_SIZE },
2709         { pin_code_reply,         false, MGMT_PIN_CODE_REPLY_SIZE },
2710         { pin_code_neg_reply,     false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2711         { set_io_capability,      false, MGMT_SET_IO_CAPABILITY_SIZE },
2712         { pair_device,            false, MGMT_PAIR_DEVICE_SIZE },
2713         { cancel_pair_device,     false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2714         { unpair_device,          false, MGMT_UNPAIR_DEVICE_SIZE },
2715         { user_confirm_reply,     false, MGMT_USER_CONFIRM_REPLY_SIZE },
2716         { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2717         { user_passkey_reply,     false, MGMT_USER_PASSKEY_REPLY_SIZE },
2718         { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2719         { read_local_oob_data,    false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2720         { add_remote_oob_data,    false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2721         { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2722         { start_discovery,        false, MGMT_START_DISCOVERY_SIZE },
2723         { stop_discovery,         false, MGMT_STOP_DISCOVERY_SIZE },
2724         { confirm_name,           false, MGMT_CONFIRM_NAME_SIZE },
2725         { block_device,           false, MGMT_BLOCK_DEVICE_SIZE },
2726         { unblock_device,         false, MGMT_UNBLOCK_DEVICE_SIZE },
2727         { set_device_id,          false, MGMT_SET_DEVICE_ID_SIZE },
2728 };
2729 
2730 
2731 int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2732 {
2733         void *buf;
2734         u8 *cp;
2735         struct mgmt_hdr *hdr;
2736         u16 opcode, index, len;
2737         struct hci_dev *hdev = NULL;
2738         const struct mgmt_handler *handler;
2739         int err;
2740 
2741         BT_DBG("got %zu bytes", msglen);
2742 
2743         if (msglen < sizeof(*hdr))
2744                 return -EINVAL;
2745 
2746         buf = kmalloc(msglen, GFP_KERNEL);
2747         if (!buf)
2748                 return -ENOMEM;
2749 
2750         if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2751                 err = -EFAULT;
2752                 goto done;
2753         }
2754 
2755         hdr = buf;
2756         opcode = __le16_to_cpu(hdr->opcode);
2757         index = __le16_to_cpu(hdr->index);
2758         len = __le16_to_cpu(hdr->len);
2759 
2760         if (len != msglen - sizeof(*hdr)) {
2761                 err = -EINVAL;
2762                 goto done;
2763         }
2764 
2765         if (index != MGMT_INDEX_NONE) {
2766                 hdev = hci_dev_get(index);
2767                 if (!hdev) {
2768                         err = cmd_status(sk, index, opcode,
2769                                          MGMT_STATUS_INVALID_INDEX);
2770                         goto done;
2771                 }
2772         }
2773 
2774         if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2775                                         mgmt_handlers[opcode].func == NULL) {
2776                 BT_DBG("Unknown op %u", opcode);
2777                 err = cmd_status(sk, index, opcode,
2778                                  MGMT_STATUS_UNKNOWN_COMMAND);
2779                 goto done;
2780         }
2781 
2782         if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2783                         (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2784                 err = cmd_status(sk, index, opcode,
2785                                  MGMT_STATUS_INVALID_INDEX);
2786                 goto done;
2787         }
2788 
2789         handler = &mgmt_handlers[opcode];
2790 
2791         if ((handler->var_len && len < handler->data_len) ||
2792                         (!handler->var_len && len != handler->data_len)) {
2793                 err = cmd_status(sk, index, opcode,
2794                                  MGMT_STATUS_INVALID_PARAMS);
2795                 goto done;
2796         }
2797 
2798         if (hdev)
2799                 mgmt_init_hdev(sk, hdev);
2800 
2801         cp = buf + sizeof(*hdr);
2802 
2803         err = handler->func(sk, hdev, cp, len);
2804         if (err < 0)
2805                 goto done;
2806 
2807         err = msglen;
2808 
2809 done:
2810         if (hdev)
2811                 hci_dev_put(hdev);
2812 
2813         kfree(buf);
2814         return err;
2815 }
2816 
2817 static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2818 {
2819         u8 *status = data;
2820 
2821         cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2822         mgmt_pending_remove(cmd);
2823 }
2824 
2825 int mgmt_index_added(struct hci_dev *hdev)
2826 {
2827         return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
2828 }
2829 
2830 int mgmt_index_removed(struct hci_dev *hdev)
2831 {
2832         u8 status = MGMT_STATUS_INVALID_INDEX;
2833 
2834         mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2835 
2836         return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
2837 }
2838 
2839 struct cmd_lookup {
2840         struct sock *sk;
2841         struct hci_dev *hdev;
2842         u8 mgmt_status;
2843 };
2844 
2845 static void settings_rsp(struct pending_cmd *cmd, void *data)
2846 {
2847         struct cmd_lookup *match = data;
2848 
2849         send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
2850 
2851         list_del(&cmd->list);
2852 
2853         if (match->sk == NULL) {
2854                 match->sk = cmd->sk;
2855                 sock_hold(match->sk);
2856         }
2857 
2858         mgmt_pending_free(cmd);
2859 }
2860 
2861 int mgmt_powered(struct hci_dev *hdev, u8 powered)
2862 {
2863         struct cmd_lookup match = { NULL, hdev };
2864         int err;
2865 
2866         if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2867                 return 0;
2868 
2869         mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
2870 
2871         if (powered) {
2872                 u8 scan = 0;
2873 
2874                 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2875                         scan |= SCAN_PAGE;
2876                 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2877                         scan |= SCAN_INQUIRY;
2878 
2879                 if (scan)
2880                         hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2881 
2882                 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
2883                         u8 ssp = 1;
2884 
2885                         hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2886                 }
2887 
2888                 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2889                         struct hci_cp_write_le_host_supported cp;
2890 
2891                         cp.le = 1;
2892                         cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
2893 
2894                         hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
2895                                      sizeof(cp), &cp);
2896                 }
2897 
2898                 update_class(hdev);
2899                 update_name(hdev, hdev->dev_name);
2900                 update_eir(hdev);
2901         } else {
2902                 u8 status = MGMT_STATUS_NOT_POWERED;
2903                 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
2904         }
2905 
2906         err = new_settings(hdev, match.sk);
2907 
2908         if (match.sk)
2909                 sock_put(match.sk);
2910 
2911         return err;
2912 }
2913 
2914 int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
2915 {
2916         struct cmd_lookup match = { NULL, hdev };
2917         bool changed = false;
2918         int err = 0;
2919 
2920         if (discoverable) {
2921                 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2922                         changed = true;
2923         } else {
2924                 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2925                         changed = true;
2926         }
2927 
2928         mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2929                              &match);
2930 
2931         if (changed)
2932                 err = new_settings(hdev, match.sk);
2933 
2934         if (match.sk)
2935                 sock_put(match.sk);
2936 
2937         return err;
2938 }
2939 
2940 int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
2941 {
2942         struct cmd_lookup match = { NULL, hdev };
2943         bool changed = false;
2944         int err = 0;
2945 
2946         if (connectable) {
2947                 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2948                         changed = true;
2949         } else {
2950                 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2951                         changed = true;
2952         }
2953 
2954         mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2955                              &match);
2956 
2957         if (changed)
2958                 err = new_settings(hdev, match.sk);
2959 
2960         if (match.sk)
2961                 sock_put(match.sk);
2962 
2963         return err;
2964 }
2965 
2966 int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2967 {
2968         u8 mgmt_err = mgmt_status(status);
2969 
2970         if (scan & SCAN_PAGE)
2971                 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
2972                                      cmd_status_rsp, &mgmt_err);
2973 
2974         if (scan & SCAN_INQUIRY)
2975                 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
2976                                      cmd_status_rsp, &mgmt_err);
2977 
2978         return 0;
2979 }
2980 
2981 int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2982                       bool persistent)
2983 {
2984         struct mgmt_ev_new_link_key ev;
2985 
2986         memset(&ev, 0, sizeof(ev));
2987 
2988         ev.store_hint = persistent;
2989         bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2990         ev.key.addr.type = BDADDR_BREDR;
2991         ev.key.type = key->type;
2992         memcpy(ev.key.val, key->val, 16);
2993         ev.key.pin_len = key->pin_len;
2994 
2995         return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
2996 }
2997 
2998 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2999 {
3000         struct mgmt_ev_new_long_term_key ev;
3001 
3002         memset(&ev, 0, sizeof(ev));
3003 
3004         ev.store_hint = persistent;
3005         bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3006         ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
3007         ev.key.authenticated = key->authenticated;
3008         ev.key.enc_size = key->enc_size;
3009         ev.key.ediv = key->ediv;
3010 
3011         if (key->type == HCI_SMP_LTK)
3012                 ev.key.master = 1;
3013 
3014         memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3015         memcpy(ev.key.val, key->val, sizeof(key->val));
3016 
3017         return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3018                           NULL);
3019 }
3020 
3021 int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3022                           u8 addr_type, u32 flags, u8 *name, u8 name_len,
3023                           u8 *dev_class)
3024 {
3025         char buf[512];
3026         struct mgmt_ev_device_connected *ev = (void *) buf;
3027         u16 eir_len = 0;
3028 
3029         bacpy(&ev->addr.bdaddr, bdaddr);
3030         ev->addr.type = link_to_bdaddr(link_type, addr_type);
3031 
3032         ev->flags = __cpu_to_le32(flags);
3033 
3034         if (name_len > 0)
3035                 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3036                                           name, name_len);
3037 
3038         if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3039                 eir_len = eir_append_data(ev->eir, eir_len,
3040                                           EIR_CLASS_OF_DEV, dev_class, 3);
3041 
3042         ev->eir_len = cpu_to_le16(eir_len);
3043 
3044         return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3045                           sizeof(*ev) + eir_len, NULL);
3046 }
3047 
3048 static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3049 {
3050         struct mgmt_cp_disconnect *cp = cmd->param;
3051         struct sock **sk = data;
3052         struct mgmt_rp_disconnect rp;
3053 
3054         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3055         rp.addr.type = cp->addr.type;
3056 
3057         cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3058                      sizeof(rp));
3059 
3060         *sk = cmd->sk;
3061         sock_hold(*sk);
3062 
3063         mgmt_pending_remove(cmd);
3064 }
3065 
3066 static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
3067 {
3068         struct hci_dev *hdev = data;
3069         struct mgmt_cp_unpair_device *cp = cmd->param;
3070         struct mgmt_rp_unpair_device rp;
3071 
3072         memset(&rp, 0, sizeof(rp));
3073         bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3074         rp.addr.type = cp->addr.type;
3075 
3076         device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3077 
3078         cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
3079 
3080         mgmt_pending_remove(cmd);
3081 }
3082 
3083 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3084                              u8 link_type, u8 addr_type)
3085 {
3086         struct mgmt_addr_info ev;
3087         struct sock *sk = NULL;
3088         int err;
3089 
3090         mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
3091 
3092         bacpy(&ev.bdaddr, bdaddr);
3093         ev.type = link_to_bdaddr(link_type, addr_type);
3094 
3095         err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3096                          sk);
3097 
3098         if (sk)
3099                 sock_put(sk);
3100 
3101         mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3102                              hdev);
3103 
3104         return err;
3105 }
3106 
3107 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3108                            u8 link_type, u8 addr_type, u8 status)
3109 {
3110         struct mgmt_rp_disconnect rp;
3111         struct pending_cmd *cmd;
3112         int err;
3113 
3114         cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
3115         if (!cmd)
3116                 return -ENOENT;
3117 
3118         bacpy(&rp.addr.bdaddr, bdaddr);
3119         rp.addr.type = link_to_bdaddr(link_type, addr_type);
3120 
3121         err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
3122                            mgmt_status(status), &rp, sizeof(rp));
3123 
3124         mgmt_pending_remove(cmd);
3125 
3126         mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3127                                                                         hdev);
3128         return err;
3129 }
3130 
3131 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3132                         u8 addr_type, u8 status)
3133 {
3134         struct mgmt_ev_connect_failed ev;
3135 
3136         bacpy(&ev.addr.bdaddr, bdaddr);
3137         ev.addr.type = link_to_bdaddr(link_type, addr_type);
3138         ev.status = mgmt_status(status);
3139 
3140         return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
3141 }
3142 
3143 int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
3144 {
3145         struct mgmt_ev_pin_code_request ev;
3146 
3147         bacpy(&ev.addr.bdaddr, bdaddr);
3148         ev.addr.type = BDADDR_BREDR;
3149         ev.secure = secure;
3150 
3151         return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
3152                           NULL);
3153 }
3154 
3155 int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3156                                  u8 status)
3157 {
3158         struct pending_cmd *cmd;
3159         struct mgmt_rp_pin_code_reply rp;
3160         int err;
3161 
3162         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
3163         if (!cmd)
3164                 return -ENOENT;
3165 
3166         bacpy(&rp.addr.bdaddr, bdaddr);
3167         rp.addr.type = BDADDR_BREDR;
3168 
3169         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3170                            mgmt_status(status), &rp, sizeof(rp));
3171 
3172         mgmt_pending_remove(cmd);
3173 
3174         return err;
3175 }
3176 
3177 int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3178                                      u8 status)
3179 {
3180         struct pending_cmd *cmd;
3181         struct mgmt_rp_pin_code_reply rp;
3182         int err;
3183 
3184         cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
3185         if (!cmd)
3186                 return -ENOENT;
3187 
3188         bacpy(&rp.addr.bdaddr, bdaddr);
3189         rp.addr.type = BDADDR_BREDR;
3190 
3191         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3192                            mgmt_status(status), &rp, sizeof(rp));
3193 
3194         mgmt_pending_remove(cmd);
3195 
3196         return err;
3197 }
3198 
3199 int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3200                               u8 link_type, u8 addr_type, __le32 value,
3201                               u8 confirm_hint)
3202 {
3203         struct mgmt_ev_user_confirm_request ev;
3204 
3205         BT_DBG("%s", hdev->name);
3206 
3207         bacpy(&ev.addr.bdaddr, bdaddr);
3208         ev.addr.type = link_to_bdaddr(link_type, addr_type);
3209         ev.confirm_hint = confirm_hint;
3210         ev.value = value;
3211 
3212         return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
3213                           NULL);
3214 }
3215 
3216 int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3217                                                 u8 link_type, u8 addr_type)
3218 {
3219         struct mgmt_ev_user_passkey_request ev;
3220 
3221         BT_DBG("%s", hdev->name);
3222 
3223         bacpy(&ev.addr.bdaddr, bdaddr);
3224         ev.addr.type = link_to_bdaddr(link_type, addr_type);
3225 
3226         return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3227                           NULL);
3228 }
3229 
3230 static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3231                                         u8 link_type, u8 addr_type, u8 status,
3232                                         u8 opcode)
3233 {
3234         struct pending_cmd *cmd;
3235         struct mgmt_rp_user_confirm_reply rp;
3236         int err;
3237 
3238         cmd = mgmt_pending_find(opcode, hdev);
3239         if (!cmd)
3240                 return -ENOENT;
3241 
3242         bacpy(&rp.addr.bdaddr, bdaddr);
3243         rp.addr.type = link_to_bdaddr(link_type, addr_type);
3244         err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3245                            &rp, sizeof(rp));
3246 
3247         mgmt_pending_remove(cmd);
3248 
3249         return err;
3250 }
3251 
3252 int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3253                                      u8 link_type, u8 addr_type, u8 status)
3254 {
3255         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3256                                           status, MGMT_OP_USER_CONFIRM_REPLY);
3257 }
3258 
3259 int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3260                                          u8 link_type, u8 addr_type, u8 status)
3261 {
3262         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3263                                           status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
3264 }
3265 
3266 int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3267                                      u8 link_type, u8 addr_type, u8 status)
3268 {
3269         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3270                                           status, MGMT_OP_USER_PASSKEY_REPLY);
3271 }
3272 
3273 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3274                                          u8 link_type, u8 addr_type, u8 status)
3275 {
3276         return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3277                                           status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
3278 }
3279 
3280 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3281                      u8 addr_type, u8 status)
3282 {
3283         struct mgmt_ev_auth_failed ev;
3284 
3285         bacpy(&ev.addr.bdaddr, bdaddr);
3286         ev.addr.type = link_to_bdaddr(link_type, addr_type);
3287         ev.status = mgmt_status(status);
3288 
3289         return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
3290 }
3291 
3292 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3293 {
3294         struct cmd_lookup match = { NULL, hdev };
3295         bool changed = false;
3296         int err = 0;
3297 
3298         if (status) {
3299                 u8 mgmt_err = mgmt_status(status);
3300                 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3301                                      cmd_status_rsp, &mgmt_err);
3302                 return 0;
3303         }
3304 
3305         if (test_bit(HCI_AUTH, &hdev->flags)) {
3306                 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3307                         changed = true;
3308         } else {
3309                 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3310                         changed = true;
3311         }
3312 
3313         mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3314                              &match);
3315 
3316         if (changed)
3317                 err = new_settings(hdev, match.sk);
3318 
3319         if (match.sk)
3320                 sock_put(match.sk);
3321 
3322         return err;
3323 }
3324 
3325 static int clear_eir(struct hci_dev *hdev)
3326 {
3327         struct hci_cp_write_eir cp;
3328 
3329         if (!(hdev->features[6] & LMP_EXT_INQ))
3330                 return 0;
3331 
3332         memset(hdev->eir, 0, sizeof(hdev->eir));
3333 
3334         memset(&cp, 0, sizeof(cp));
3335 
3336         return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3337 }
3338 
3339 int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3340 {
3341         struct cmd_lookup match = { NULL, hdev };
3342         bool changed = false;
3343         int err = 0;
3344 
3345         if (status) {
3346                 u8 mgmt_err = mgmt_status(status);
3347 
3348                 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3349                                                  &hdev->dev_flags))
3350                         err = new_settings(hdev, NULL);
3351 
3352                 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3353                                      &mgmt_err);
3354 
3355                 return err;
3356         }
3357 
3358         if (enable) {
3359                 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3360                         changed = true;
3361         } else {
3362                 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3363                         changed = true;
3364         }
3365 
3366         mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3367 
3368         if (changed)
3369                 err = new_settings(hdev, match.sk);
3370 
3371         if (match.sk)
3372                 sock_put(match.sk);
3373 
3374         if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3375                 update_eir(hdev);
3376         else
3377                 clear_eir(hdev);
3378 
3379         return err;
3380 }
3381 
3382 static void class_rsp(struct pending_cmd *cmd, void *data)
3383 {
3384         struct cmd_lookup *match = data;
3385 
3386         cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3387                      match->hdev->dev_class, 3);
3388 
3389         list_del(&cmd->list);
3390 
3391         if (match->sk == NULL) {
3392                 match->sk = cmd->sk;
3393                 sock_hold(match->sk);
3394         }
3395 
3396         mgmt_pending_free(cmd);
3397 }
3398 
3399 int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3400                                    u8 status)
3401 {
3402         struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3403         int err = 0;
3404 
3405         clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3406 
3407         mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3408         mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3409         mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3410 
3411         if (!status)
3412                 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3413                                  3, NULL);
3414 
3415         if (match.sk)
3416                 sock_put(match.sk);
3417 
3418         return err;
3419 }
3420 
3421 int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
3422 {
3423         struct pending_cmd *cmd;
3424         struct mgmt_cp_set_local_name ev;
3425         bool changed = false;
3426         int err = 0;
3427 
3428         if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3429                 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3430                 changed = true;
3431         }
3432 
3433         memset(&ev, 0, sizeof(ev));
3434         memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3435         memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
3436 
3437         cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3438         if (!cmd)
3439                 goto send_event;
3440 
3441         /* Always assume that either the short or the complete name has
3442          * changed if there was a pending mgmt command */
3443         changed = true;
3444 
3445         if (status) {
3446                 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3447                                  mgmt_status(status));
3448                 goto failed;
3449         }
3450 
3451         err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
3452                            sizeof(ev));
3453         if (err < 0)
3454                 goto failed;
3455 
3456 send_event:
3457         if (changed)
3458                 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3459                                  sizeof(ev), cmd ? cmd->sk : NULL);
3460 
3461         update_eir(hdev);
3462 
3463 failed:
3464         if (cmd)
3465                 mgmt_pending_remove(cmd);
3466         return err;
3467 }
3468 
3469 int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3470                                             u8 *randomizer, u8 status)
3471 {
3472         struct pending_cmd *cmd;
3473         int err;
3474 
3475         BT_DBG("%s status %u", hdev->name, status);
3476 
3477         cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3478         if (!cmd)
3479                 return -ENOENT;
3480 
3481         if (status) {
3482                 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3483                                  mgmt_status(status));
3484         } else {
3485                 struct mgmt_rp_read_local_oob_data rp;
3486 
3487                 memcpy(rp.hash, hash, sizeof(rp.hash));
3488                 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3489 
3490                 err = cmd_complete(cmd->sk, hdev->id,
3491                                    MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3492                                    sizeof(rp));
3493         }
3494 
3495         mgmt_pending_remove(cmd);
3496 
3497         return err;
3498 }
3499 
3500 int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3501 {
3502         struct cmd_lookup match = { NULL, hdev };
3503         bool changed = false;
3504         int err = 0;
3505 
3506         if (status) {
3507                 u8 mgmt_err = mgmt_status(status);
3508 
3509                 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3510                                                  &hdev->dev_flags))
3511                         err = new_settings(hdev, NULL);
3512 
3513                 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3514                                      &mgmt_err);
3515 
3516                 return err;
3517         }
3518 
3519         if (enable) {
3520                 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3521                         changed = true;
3522         } else {
3523                 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3524                         changed = true;
3525         }
3526 
3527         mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3528 
3529         if (changed)
3530                 err = new_settings(hdev, match.sk);
3531 
3532         if (match.sk)
3533                 sock_put(match.sk);
3534 
3535         return err;
3536 }
3537 
3538 int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3539                       u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3540                       ssp, u8 *eir, u16 eir_len)
3541 {
3542         char buf[512];
3543         struct mgmt_ev_device_found *ev = (void *) buf;
3544         size_t ev_size;
3545 
3546         /* Leave 5 bytes for a potential CoD field */
3547         if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
3548                 return -EINVAL;
3549 
3550         memset(buf, 0, sizeof(buf));
3551 
3552         bacpy(&ev->addr.bdaddr, bdaddr);
3553         ev->addr.type = link_to_bdaddr(link_type, addr_type);
3554         ev->rssi = rssi;
3555         if (cfm_name)
3556                 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
3557         if (!ssp)
3558                 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
3559 
3560         if (eir_len > 0)
3561                 memcpy(ev->eir, eir, eir_len);
3562 
3563         if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3564                 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3565                                           dev_class, 3);
3566 
3567         ev->eir_len = cpu_to_le16(eir_len);
3568 
3569         ev_size = sizeof(*ev) + eir_len;
3570 
3571         return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
3572 }
3573 
3574 int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3575                      u8 addr_type, s8 rssi, u8 *name, u8 name_len)
3576 {
3577         struct mgmt_ev_device_found *ev;
3578         char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3579         u16 eir_len;
3580 
3581         ev = (struct mgmt_ev_device_found *) buf;
3582 
3583         memset(buf, 0, sizeof(buf));
3584 
3585         bacpy(&ev->addr.bdaddr, bdaddr);
3586         ev->addr.type = link_to_bdaddr(link_type, addr_type);
3587         ev->rssi = rssi;
3588 
3589         eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3590                                   name_len);
3591 
3592         ev->eir_len = cpu_to_le16(eir_len);
3593 
3594         return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3595                           sizeof(*ev) + eir_len, NULL);
3596 }
3597 
3598 int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3599 {
3600         struct pending_cmd *cmd;
3601         u8 type;
3602         int err;
3603 
3604         hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3605 
3606         cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3607         if (!cmd)
3608                 return -ENOENT;
3609 
3610         type = hdev->discovery.type;
3611 
3612         err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3613                            &type, sizeof(type));
3614         mgmt_pending_remove(cmd);
3615 
3616         return err;
3617 }
3618 
3619 int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3620 {
3621         struct pending_cmd *cmd;
3622         int err;
3623 
3624         cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3625         if (!cmd)
3626                 return -ENOENT;
3627 
3628         err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3629                            &hdev->discovery.type, sizeof(hdev->discovery.type));
3630         mgmt_pending_remove(cmd);
3631 
3632         return err;
3633 }
3634 
3635 int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
3636 {
3637         struct mgmt_ev_discovering ev;
3638         struct pending_cmd *cmd;
3639 
3640         BT_DBG("%s discovering %u", hdev->name, discovering);
3641 
3642         if (discovering)
3643                 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3644         else
3645                 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3646 
3647         if (cmd != NULL) {
3648                 u8 type = hdev->discovery.type;
3649 
3650                 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3651                              sizeof(type));
3652                 mgmt_pending_remove(cmd);
3653         }
3654 
3655         memset(&ev, 0, sizeof(ev));
3656         ev.type = hdev->discovery.type;
3657         ev.discovering = discovering;
3658 
3659         return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
3660 }
3661 
3662 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3663 {
3664         struct pending_cmd *cmd;
3665         struct mgmt_ev_device_blocked ev;
3666 
3667         cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
3668 
3669         bacpy(&ev.addr.bdaddr, bdaddr);
3670         ev.addr.type = type;
3671 
3672         return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3673                           cmd ? cmd->sk : NULL);
3674 }
3675 
3676 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3677 {
3678         struct pending_cmd *cmd;
3679         struct mgmt_ev_device_unblocked ev;
3680 
3681         cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
3682 
3683         bacpy(&ev.addr.bdaddr, bdaddr);
3684         ev.addr.type = type;
3685 
3686         return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3687                           cmd ? cmd->sk : NULL);
3688 }
3689 
3690 module_param(enable_hs, bool, 0644);
3691 MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3692 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp