projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'urgent-slab-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/device...
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
b75cf9cd 38#define MGMT_REVISION 6
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
e70bb2e8
JH		 88};
89
90static const u16 mgmt_events[] = {
91 MGMT_EV_CONTROLLER_ERROR,
92 MGMT_EV_INDEX_ADDED,
93 MGMT_EV_INDEX_REMOVED,
94 MGMT_EV_NEW_SETTINGS,
95 MGMT_EV_CLASS_OF_DEV_CHANGED,
96 MGMT_EV_LOCAL_NAME_CHANGED,
97 MGMT_EV_NEW_LINK_KEY,
98 MGMT_EV_NEW_LONG_TERM_KEY,
99 MGMT_EV_DEVICE_CONNECTED,
100 MGMT_EV_DEVICE_DISCONNECTED,
101 MGMT_EV_CONNECT_FAILED,
102 MGMT_EV_PIN_CODE_REQUEST,
103 MGMT_EV_USER_CONFIRM_REQUEST,
104 MGMT_EV_USER_PASSKEY_REQUEST,
105 MGMT_EV_AUTH_FAILED,
106 MGMT_EV_DEVICE_FOUND,
107 MGMT_EV_DISCOVERING,
108 MGMT_EV_DEVICE_BLOCKED,
109 MGMT_EV_DEVICE_UNBLOCKED,
110 MGMT_EV_DEVICE_UNPAIRED,
92a25256 111 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 112 MGMT_EV_NEW_IRK,
7ee4ea36 113 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 114};
115
17b02e62 116#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 117
4b34ee78
JH		 118#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
119 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
120
eec8d2bc
JH		 121struct pending_cmd {
122 struct list_head list;
fc2f4b13 123 u16 opcode;
eec8d2bc 124 int index;
c68fb7ff 125 void *param;
eec8d2bc 126 struct sock *sk;
e9a416b5 127 void *user_data;
eec8d2bc
JH		 128};
129
ca69b795
JH		 130/* HCI to MGMT error code conversion table */
131static u8 mgmt_status_table[] = {
132 MGMT_STATUS_SUCCESS,
133 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
134 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
135 MGMT_STATUS_FAILED, /* Hardware Failure */
136 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
137 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 138 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 139 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
140 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
143 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
144 MGMT_STATUS_BUSY, /* Command Disallowed */
145 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
146 MGMT_STATUS_REJECTED, /* Rejected Security */
147 MGMT_STATUS_REJECTED, /* Rejected Personal */
148 MGMT_STATUS_TIMEOUT, /* Host Timeout */
149 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
150 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
151 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
152 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
153 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
154 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
155 MGMT_STATUS_BUSY, /* Repeated Attempts */
156 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
157 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
158 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
159 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
160 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
161 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
162 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
163 MGMT_STATUS_FAILED, /* Unspecified Error */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
165 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
166 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
167 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
168 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
169 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
170 MGMT_STATUS_FAILED, /* Unit Link Key Used */
171 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
172 MGMT_STATUS_TIMEOUT, /* Instant Passed */
173 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
174 MGMT_STATUS_FAILED, /* Transaction Collision */
175 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
176 MGMT_STATUS_REJECTED, /* QoS Rejected */
177 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
178 MGMT_STATUS_REJECTED, /* Insufficient Security */
179 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
180 MGMT_STATUS_BUSY, /* Role Switch Pending */
181 MGMT_STATUS_FAILED, /* Slot Violation */
182 MGMT_STATUS_FAILED, /* Role Switch Failed */
183 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
184 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
185 MGMT_STATUS_BUSY, /* Host Busy Pairing */
186 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
187 MGMT_STATUS_BUSY, /* Controller Busy */
188 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
189 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
190 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
191 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
192 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
193};
194
195static u8 mgmt_status(u8 hci_status)
196{
197 if (hci_status < ARRAY_SIZE(mgmt_status_table))
198 return mgmt_status_table[hci_status];
199
200 return MGMT_STATUS_FAILED;
201}
202
4e51eae9 203static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 204{
205 struct sk_buff *skb;
206 struct mgmt_hdr *hdr;
207 struct mgmt_ev_cmd_status *ev;
56b7d137 208 int err;
f7b64e69 209
34eb525c 210 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 211
790eff44 212 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 213 if (!skb)
214 return -ENOMEM;
215
216 hdr = (void *) skb_put(skb, sizeof(*hdr));
217
dcf4adbf 218 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 219 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 220 hdr->len = cpu_to_le16(sizeof(*ev));
221
222 ev = (void *) skb_put(skb, sizeof(*ev));
223 ev->status = status;
eb55ef07 224 ev->opcode = cpu_to_le16(cmd);
f7b64e69 225
56b7d137
GP		 226 err = sock_queue_rcv_skb(sk, skb);
227 if (err < 0)
f7b64e69
JH		 228 kfree_skb(skb);
229
56b7d137 230 return err;
f7b64e69
JH		 231}
232
aee9b218 233static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 234 void *rp, size_t rp_len)
02d98129
JH		 235{
236 struct sk_buff *skb;
237 struct mgmt_hdr *hdr;
238 struct mgmt_ev_cmd_complete *ev;
56b7d137 239 int err;
02d98129
JH		 240
241 BT_DBG("sock %p", sk);
242
790eff44 243 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 244 if (!skb)
245 return -ENOMEM;
246
247 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 248
dcf4adbf 249 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 250 hdr->index = cpu_to_le16(index);
a38528f1 251 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 252
a38528f1 253 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 254 ev->opcode = cpu_to_le16(cmd);
aee9b218 255 ev->status = status;
8020c16a
SJ		 256
257 if (rp)
258 memcpy(ev->data, rp, rp_len);
02d98129 259
56b7d137
GP		 260 err = sock_queue_rcv_skb(sk, skb);
261 if (err < 0)
02d98129
JH		 262 kfree_skb(skb);
263
e5f0e151 264 return err;
02d98129
JH		 265}
266
04124681
GP		 267static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
268 u16 data_len)
a38528f1
JH		 269{
270 struct mgmt_rp_read_version rp;
271
272 BT_DBG("sock %p", sk);
273
274 rp.version = MGMT_VERSION;
dcf4adbf 275 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 276
aee9b218 277 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 278 sizeof(rp));
a38528f1
JH		 279}
280
04124681
GP		 281static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
282 u16 data_len)
e70bb2e8
JH		 283{
284 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 285 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
286 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 287 __le16 *opcode;
e70bb2e8
JH		 288 size_t rp_size;
289 int i, err;
290
291 BT_DBG("sock %p", sk);
292
293 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
294
295 rp = kmalloc(rp_size, GFP_KERNEL);
296 if (!rp)
297 return -ENOMEM;
298
dcf4adbf
JP		 299 rp->num_commands = cpu_to_le16(num_commands);
300 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 301
302 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
303 put_unaligned_le16(mgmt_commands[i], opcode);
304
305 for (i = 0; i < num_events; i++, opcode++)
306 put_unaligned_le16(mgmt_events[i], opcode);
307
aee9b218 308 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 309 rp_size);
e70bb2e8
JH		 310 kfree(rp);
311
312 return err;
313}
314
04124681
GP		 315static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
faba42eb 317{
faba42eb 318 struct mgmt_rp_read_index_list *rp;
8035ded4 319 struct hci_dev *d;
a38528f1 320 size_t rp_len;
faba42eb 321 u16 count;
476e44cb 322 int err;
faba42eb
JH		 323
324 BT_DBG("sock %p", sk);
325
326 read_lock(&hci_dev_list_lock);
327
328 count = 0;
bb4b2a9a 329 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 330 if (d->dev_type == HCI_BREDR)
331 count++;
faba42eb
JH		 332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
476e44cb 341 count = 0;
8035ded4 342 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 343 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 344 continue;
345
0736cfa8
MH		 346 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
347 continue;
348
1514b892
MH		 349 if (d->dev_type == HCI_BREDR) {
350 rp->index[count++] = cpu_to_le16(d->id);
351 BT_DBG("Added hci%u", d->id);
352 }
faba42eb
JH		 353 }
354
476e44cb
JH		 355 rp->num_controllers = cpu_to_le16(count);
356 rp_len = sizeof(*rp) + (2 * count);
357
faba42eb
JH		 358 read_unlock(&hci_dev_list_lock);
359
aee9b218 360 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 361 rp_len);
faba42eb 362
a38528f1
JH		 363 kfree(rp);
364
365 return err;
faba42eb
JH		 366}
367
69ab39ea
JH		 368static u32 get_supported_settings(struct hci_dev *hdev)
369{
370 u32 settings = 0;
371
372 settings |= MGMT_SETTING_POWERED;
69ab39ea 373 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 374 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 383
384 if (lmp_ssp_capable(hdev)) {
385 settings |= MGMT_SETTING_SSP;
386 settings |= MGMT_SETTING_HS;
387 }
e98d2ce2 388
5afeac14
MH		 389 if (lmp_sc_capable(hdev) ||
390 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 391 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 392 }
d7b7e796 393
eeca6f89 394 if (lmp_le_capable(hdev)) {
9d42820f 395 settings |= MGMT_SETTING_LE;
eeca6f89 396 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 397 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 398 }
69ab39ea
JH		 399
400 return settings;
401}
402
403static u32 get_current_settings(struct hci_dev *hdev)
404{
405 u32 settings = 0;
406
f1f0eb02 407 if (hdev_is_powered(hdev))
f0d4b78a
MH		 408 settings |= MGMT_SETTING_POWERED;
409
5e5282bb 410 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_CONNECTABLE;
412
1a4d3c4b
JH		 413 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
414 settings |= MGMT_SETTING_FAST_CONNECTABLE;
415
5e5282bb 416 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_DISCOVERABLE;
418
a8b2d5c2 419 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_PAIRABLE;
421
56f87901 422 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_BREDR;
424
06199cf8 425 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LE;
427
47990ea0 428 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_LINK_SECURITY;
430
84bde9d6 431 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 432 settings |= MGMT_SETTING_SSP;
433
6d80dfd0
JH		 434 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
435 settings |= MGMT_SETTING_HS;
436
f3d3444a 437 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 438 settings |= MGMT_SETTING_ADVERTISING;
439
e98d2ce2
MH		 440 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
441 settings |= MGMT_SETTING_SECURE_CONN;
442
b1de97d8
MH		 443 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
444 settings |= MGMT_SETTING_DEBUG_KEYS;
445
0f4bd942
JH		 446 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
447 settings |= MGMT_SETTING_PRIVACY;
448
69ab39ea
JH		 449 return settings;
450}
451
ef580372
JH		 452#define PNP_INFO_SVCLASS_ID 0x1200
453
213202ed
JH		 454static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
455{
456 u8 *ptr = data, *uuids_start = NULL;
457 struct bt_uuid *uuid;
458
459 if (len < 4)
460 return ptr;
461
462 list_for_each_entry(uuid, &hdev->uuids, list) {
463 u16 uuid16;
464
465 if (uuid->size != 16)
466 continue;
467
468 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
469 if (uuid16 < 0x1100)
470 continue;
471
472 if (uuid16 == PNP_INFO_SVCLASS_ID)
473 continue;
474
475 if (!uuids_start) {
476 uuids_start = ptr;
477 uuids_start[0] = 1;
478 uuids_start[1] = EIR_UUID16_ALL;
479 ptr += 2;
480 }
481
482 /* Stop if not enough space to put next UUID */
483 if ((ptr - data) + sizeof(u16) > len) {
484 uuids_start[1] = EIR_UUID16_SOME;
485 break;
486 }
487
488 *ptr++ = (uuid16 & 0x00ff);
489 *ptr++ = (uuid16 & 0xff00) >> 8;
490 uuids_start[0] += sizeof(uuid16);
491 }
492
493 return ptr;
494}
495
cdf1963f
JH		 496static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
497{
498 u8 *ptr = data, *uuids_start = NULL;
499 struct bt_uuid *uuid;
500
501 if (len < 6)
502 return ptr;
503
504 list_for_each_entry(uuid, &hdev->uuids, list) {
505 if (uuid->size != 32)
506 continue;
507
508 if (!uuids_start) {
509 uuids_start = ptr;
510 uuids_start[0] = 1;
511 uuids_start[1] = EIR_UUID32_ALL;
512 ptr += 2;
513 }
514
515 /* Stop if not enough space to put next UUID */
516 if ((ptr - data) + sizeof(u32) > len) {
517 uuids_start[1] = EIR_UUID32_SOME;
518 break;
519 }
520
521 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
522 ptr += sizeof(u32);
523 uuids_start[0] += sizeof(u32);
524 }
525
526 return ptr;
527}
528
c00d575b
JH		 529static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
530{
531 u8 *ptr = data, *uuids_start = NULL;
532 struct bt_uuid *uuid;
533
534 if (len < 18)
535 return ptr;
536
537 list_for_each_entry(uuid, &hdev->uuids, list) {
538 if (uuid->size != 128)
539 continue;
540
541 if (!uuids_start) {
542 uuids_start = ptr;
543 uuids_start[0] = 1;
544 uuids_start[1] = EIR_UUID128_ALL;
545 ptr += 2;
546 }
547
548 /* Stop if not enough space to put next UUID */
549 if ((ptr - data) + 16 > len) {
550 uuids_start[1] = EIR_UUID128_SOME;
551 break;
552 }
553
554 memcpy(ptr, uuid->uuid, 16);
555 ptr += 16;
556 uuids_start[0] += 16;
557 }
558
559 return ptr;
560}
561
eb2a8d20
JH		 562static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
563{
564 struct pending_cmd *cmd;
565
566 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
567 if (cmd->opcode == opcode)
568 return cmd;
569 }
570
571 return NULL;
572}
573
f14d8f64
MH		 574static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
575{
7a5f4990
MH		 576 u8 ad_len = 0;
577 size_t name_len;
578
579 name_len = strlen(hdev->dev_name);
580 if (name_len > 0) {
581 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
582
583 if (name_len > max_len) {
584 name_len = max_len;
585 ptr[1] = EIR_NAME_SHORT;
586 } else
587 ptr[1] = EIR_NAME_COMPLETE;
588
589 ptr[0] = name_len + 1;
590
591 memcpy(ptr + 2, hdev->dev_name, name_len);
592
593 ad_len += (name_len + 2);
594 ptr += (name_len + 2);
595 }
596
597 return ad_len;
f14d8f64
MH		 598}
599
600static void update_scan_rsp_data(struct hci_request *req)
601{
602 struct hci_dev *hdev = req->hdev;
603 struct hci_cp_le_set_scan_rsp_data cp;
604 u8 len;
605
7751ef1b 606 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 607 return;
608
609 memset(&cp, 0, sizeof(cp));
610
611 len = create_scan_rsp_data(hdev, cp.data);
612
eb438b5f
JH		 613 if (hdev->scan_rsp_data_len == len &&
614 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 615 return;
616
eb438b5f
JH		 617 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
618 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 619
620 cp.length = len;
621
622 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
623}
624
9a43e25f
JH		 625static u8 get_adv_discov_flags(struct hci_dev *hdev)
626{
627 struct pending_cmd *cmd;
628
629 /* If there's a pending mgmt command the flags will not yet have
630 * their final values, so check for this first.
631 */
632 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
633 if (cmd) {
634 struct mgmt_mode *cp = cmd->param;
635 if (cp->val == 0x01)
636 return LE_AD_GENERAL;
637 else if (cp->val == 0x02)
638 return LE_AD_LIMITED;
639 } else {
640 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_LIMITED;
642 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
643 return LE_AD_GENERAL;
644 }
645
646 return 0;
647}
648
46cad2ed 649static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 650{
651 u8 ad_len = 0, flags = 0;
441ad2d0 652
9a43e25f 653 flags |= get_adv_discov_flags(hdev);
441ad2d0 654
e834004b 655 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 656 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 657
658 if (flags) {
659 BT_DBG("adv flags 0x%02x", flags);
660
661 ptr[0] = 2;
662 ptr[1] = EIR_FLAGS;
663 ptr[2] = flags;
664
665 ad_len += 3;
666 ptr += 3;
667 }
668
669 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
670 ptr[0] = 2;
671 ptr[1] = EIR_TX_POWER;
672 ptr[2] = (u8) hdev->adv_tx_power;
673
674 ad_len += 3;
675 ptr += 3;
676 }
677
441ad2d0
MH		 678 return ad_len;
679}
680
5947f4bc 681static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 682{
683 struct hci_dev *hdev = req->hdev;
684 struct hci_cp_le_set_adv_data cp;
685 u8 len;
686
10994ce6 687 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 688 return;
689
690 memset(&cp, 0, sizeof(cp));
691
46cad2ed 692 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 693
694 if (hdev->adv_data_len == len &&
695 memcmp(cp.data, hdev->adv_data, len) == 0)
696 return;
697
698 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
699 hdev->adv_data_len = len;
700
701 cp.length = len;
702
703 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
704}
705
ef580372
JH		 706static void create_eir(struct hci_dev *hdev, u8 *data)
707{
708 u8 *ptr = data;
ef580372
JH		 709 size_t name_len;
710
711 name_len = strlen(hdev->dev_name);
712
713 if (name_len > 0) {
714 /* EIR Data type */
715 if (name_len > 48) {
716 name_len = 48;
717 ptr[1] = EIR_NAME_SHORT;
718 } else
719 ptr[1] = EIR_NAME_COMPLETE;
720
721 /* EIR Data length */
722 ptr[0] = name_len + 1;
723
724 memcpy(ptr + 2, hdev->dev_name, name_len);
725
ef580372
JH		 726 ptr += (name_len + 2);
727 }
728
bbaf444a 729 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 730 ptr[0] = 2;
731 ptr[1] = EIR_TX_POWER;
732 ptr[2] = (u8) hdev->inq_tx_power;
733
91c4e9b1
MH		 734 ptr += 3;
735 }
736
2b9be137
MH		 737 if (hdev->devid_source > 0) {
738 ptr[0] = 9;
739 ptr[1] = EIR_DEVICE_ID;
740
741 put_unaligned_le16(hdev->devid_source, ptr + 2);
742 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
743 put_unaligned_le16(hdev->devid_product, ptr + 6);
744 put_unaligned_le16(hdev->devid_version, ptr + 8);
745
2b9be137
MH		 746 ptr += 10;
747 }
748
213202ed 749 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 750 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 751 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 752}
753
890ea898 754static void update_eir(struct hci_request *req)
ef580372 755{
890ea898 756 struct hci_dev *hdev = req->hdev;
ef580372
JH		 757 struct hci_cp_write_eir cp;
758
504c8dcd 759 if (!hdev_is_powered(hdev))
890ea898 760 return;
7770c4aa 761
976eb20e 762 if (!lmp_ext_inq_capable(hdev))
890ea898 763 return;
ef580372 764
84bde9d6 765 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 766 return;
ef580372 767
a8b2d5c2 768 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 769 return;
ef580372
JH		 770
771 memset(&cp, 0, sizeof(cp));
772
773 create_eir(hdev, cp.data);
774
775 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 776 return;
ef580372
JH		 777
778 memcpy(hdev->eir, cp.data, sizeof(cp.data));
779
890ea898 780 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 781}
782
783static u8 get_service_classes(struct hci_dev *hdev)
784{
785 struct bt_uuid *uuid;
786 u8 val = 0;
787
788 list_for_each_entry(uuid, &hdev->uuids, list)
789 val |= uuid->svc_hint;
790
791 return val;
792}
793
890ea898 794static void update_class(struct hci_request *req)
ef580372 795{
890ea898 796 struct hci_dev *hdev = req->hdev;
ef580372
JH		 797 u8 cod[3];
798
799 BT_DBG("%s", hdev->name);
800
504c8dcd 801 if (!hdev_is_powered(hdev))
890ea898 802 return;
7770c4aa 803
f87ea1da
JH		 804 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
805 return;
806
a8b2d5c2 807 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 808 return;
ef580372
JH		 809
810 cod[0] = hdev->minor_class;
811 cod[1] = hdev->major_class;
812 cod[2] = get_service_classes(hdev);
813
6acd7db4
MH		 814 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
815 cod[1] |= 0x20;
816
ef580372 817 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 818 return;
ef580372 819
890ea898 820 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 821}
822
a4858cb9 823static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 824{
825 struct pending_cmd *cmd;
199a2fb1
JH		 826
827 /* If there's a pending mgmt command the flag will not yet have
828 * it's final value, so check for this first.
829 */
830 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
831 if (cmd) {
832 struct mgmt_mode *cp = cmd->param;
a4858cb9 833 return cp->val;
199a2fb1
JH		 834 }
835
a4858cb9 836 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
a4858cb9 844 bool connectable;
199a2fb1 845
8d97250e
JH		 846 /* Clear the HCI_ADVERTISING bit temporarily so that the
847 * hci_update_random_address knows that it's safe to go ahead
848 * and write a new random address. The flag will be set back on
849 * as soon as the SET_ADV_ENABLE HCI command completes.
850 */
851 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
852
a4858cb9 853 connectable = get_connectable(hdev);
8f2a0601 854
a4858cb9
JH		 855 /* Set require_privacy to true only when non-connectable
856 * advertising is used. In that case it is fine to use a
857 * non-resolvable private address.
858 */
859 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 860 return;
861
41c90c18 862 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 863 cp.min_interval = cpu_to_le16(0x0800);
864 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 865 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 866 cp.own_address_type = own_addr_type;
199a2fb1
JH		 867 cp.channel_map = hdev->le_adv_channel_map;
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
870
871 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
872}
873
874static void disable_advertising(struct hci_request *req)
875{
876 u8 enable = 0x00;
877
878 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
879}
880
7d78525d
JH		 881static void service_cache_off(struct work_struct *work)
882{
883 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 884 service_cache.work);
890ea898 885 struct hci_request req;
7d78525d 886
a8b2d5c2 887 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 888 return;
889
890ea898
JH		 890 hci_req_init(&req, hdev);
891
7d78525d
JH		 892 hci_dev_lock(hdev);
893
890ea898
JH		 894 update_eir(&req);
895 update_class(&req);
7d78525d
JH		 896
897 hci_dev_unlock(hdev);
890ea898
JH		 898
899 hci_req_run(&req, NULL);
7d78525d
JH		 900}
901
d6bfd59c
JH		 902static void rpa_expired(struct work_struct *work)
903{
904 struct hci_dev *hdev = container_of(work, struct hci_dev,
905 rpa_expired.work);
906 struct hci_request req;
907
908 BT_DBG("");
909
910 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
911
912 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
913 hci_conn_num(hdev, LE_LINK) > 0)
914 return;
915
916 /* The generation of a new RPA and programming it into the
917 * controller happens in the enable_advertising() function.
918 */
919
920 hci_req_init(&req, hdev);
921
922 disable_advertising(&req);
923 enable_advertising(&req);
924
925 hci_req_run(&req, NULL);
926}
927
6a919082 928static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 929{
4f87da80 930 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 931 return;
932
4f87da80 933 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 934 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 935
4f87da80
JH		 936 /* Non-mgmt controlled devices get this bit set
937 * implicitly so that pairing works for them, however
938 * for mgmt we require user-space to explicitly enable
939 * it
940 */
941 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 942}
943
0f4e68cf 944static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 945 void *data, u16 data_len)
0381101f 946{
a38528f1 947 struct mgmt_rp_read_info rp;
f7b64e69 948
bdb6d971 949 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 950
09fd0de5 951 hci_dev_lock(hdev);
f7b64e69 952
dc4fe30b
JH		 953 memset(&rp, 0, sizeof(rp));
954
69ab39ea 955 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 956
69ab39ea 957 rp.version = hdev->hci_ver;
eb55ef07 958 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 959
960 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
961 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 962
a38528f1 963 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 964
dc4fe30b 965 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 966 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 967
09fd0de5 968 hci_dev_unlock(hdev);
0381101f 969
bdb6d971 970 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 971 sizeof(rp));
0381101f
JH		 972}
973
eec8d2bc
JH		 974static void mgmt_pending_free(struct pending_cmd *cmd)
975{
976 sock_put(cmd->sk);
c68fb7ff 977 kfree(cmd->param);
eec8d2bc
JH		 978 kfree(cmd);
979}
980
366a0336 981static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 982 struct hci_dev *hdev, void *data,
983 u16 len)
eec8d2bc
JH		 984{
985 struct pending_cmd *cmd;
986
12b94565 987 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 988 if (!cmd)
366a0336 989 return NULL;
eec8d2bc
JH		 990
991 cmd->opcode = opcode;
2e58ef3e 992 cmd->index = hdev->id;
eec8d2bc 993
12b94565 994 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 995 if (!cmd->param) {
eec8d2bc 996 kfree(cmd);
366a0336 997 return NULL;
eec8d2bc
JH		 998 }
999
8fce6357
SJ		 1000 if (data)
1001 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1002
1003 cmd->sk = sk;
1004 sock_hold(sk);
1005
2e58ef3e 1006 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1007
366a0336 1008 return cmd;
eec8d2bc
JH		 1009}
1010
744cf19e 1011static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1012 void (*cb)(struct pending_cmd *cmd,
1013 void *data),
04124681 1014 void *data)
eec8d2bc 1015{
a3d09356 1016 struct pending_cmd *cmd, *tmp;
eec8d2bc 1017
a3d09356 1018 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1019 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1020 continue;
1021
eec8d2bc
JH		 1022 cb(cmd, data);
1023 }
1024}
1025
a664b5bc 1026static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1027{
73f22f62
JH		 1028 list_del(&cmd->list);
1029 mgmt_pending_free(cmd);
1030}
1031
69ab39ea 1032static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1033{
69ab39ea 1034 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1035
aee9b218 1036 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1037 sizeof(settings));
8680570b
JH		 1038}
1039
8b064a3a
JH		 1040static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1041{
1042 BT_DBG("%s status 0x%02x", hdev->name, status);
1043
a3172b7e
JH		 1044 if (hci_conn_count(hdev) == 0) {
1045 cancel_delayed_work(&hdev->power_off);
8b064a3a 1046 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1047 }
8b064a3a
JH		 1048}
1049
21a60d30
JH		 1050static void hci_stop_discovery(struct hci_request *req)
1051{
1052 struct hci_dev *hdev = req->hdev;
1053 struct hci_cp_remote_name_req_cancel cp;
1054 struct inquiry_entry *e;
1055
1056 switch (hdev->discovery.state) {
1057 case DISCOVERY_FINDING:
1058 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1059 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1060 } else {
1061 cancel_delayed_work(&hdev->le_scan_disable);
1062 hci_req_add_le_scan_disable(req);
1063 }
1064
1065 break;
1066
1067 case DISCOVERY_RESOLVING:
1068 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1069 NAME_PENDING);
1070 if (!e)
1071 return;
1072
1073 bacpy(&cp.bdaddr, &e->data.bdaddr);
1074 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1075 &cp);
1076
1077 break;
1078
1079 default:
1080 /* Passive scanning */
1081 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1082 hci_req_add_le_scan_disable(req);
1083 break;
1084 }
1085}
1086
8b064a3a
JH		 1087static int clean_up_hci_state(struct hci_dev *hdev)
1088{
1089 struct hci_request req;
1090 struct hci_conn *conn;
1091
1092 hci_req_init(&req, hdev);
1093
1094 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1095 test_bit(HCI_PSCAN, &hdev->flags)) {
1096 u8 scan = 0x00;
1097 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1098 }
1099
1100 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1101 disable_advertising(&req);
1102
f8680f12 1103 hci_stop_discovery(&req);
8b064a3a
JH		 1104
1105 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1106 struct hci_cp_disconnect dc;
c9910d0f
JH		 1107 struct hci_cp_reject_conn_req rej;
1108
1109 switch (conn->state) {
1110 case BT_CONNECTED:
1111 case BT_CONFIG:
1112 dc.handle = cpu_to_le16(conn->handle);
1113 dc.reason = 0x15; /* Terminated due to Power Off */
1114 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1115 break;
1116 case BT_CONNECT:
1117 if (conn->type == LE_LINK)
1118 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1119 0, NULL);
1120 else if (conn->type == ACL_LINK)
1121 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1122 6, &conn->dst);
1123 break;
1124 case BT_CONNECT2:
1125 bacpy(&rej.bdaddr, &conn->dst);
1126 rej.reason = 0x15; /* Terminated due to Power Off */
1127 if (conn->type == ACL_LINK)
1128 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1129 sizeof(rej), &rej);
1130 else if (conn->type == SCO_LINK)
1131 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1132 sizeof(rej), &rej);
1133 break;
1134 }
8b064a3a
JH		 1135 }
1136
1137 return hci_req_run(&req, clean_up_hci_complete);
1138}
1139
bdb6d971 1140static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1141 u16 len)
eec8d2bc 1142{
650f726d 1143 struct mgmt_mode *cp = data;
366a0336 1144 struct pending_cmd *cmd;
4b34ee78 1145 int err;
eec8d2bc 1146
bdb6d971 1147 BT_DBG("request for %s", hdev->name);
eec8d2bc 1148
a7e80f25
JH		 1149 if (cp->val != 0x00 && cp->val != 0x01)
1150 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1151 MGMT_STATUS_INVALID_PARAMS);
1152
09fd0de5 1153 hci_dev_lock(hdev);
eec8d2bc 1154
87b95ba6
JH		 1155 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1156 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1157 MGMT_STATUS_BUSY);
1158 goto failed;
1159 }
1160
f0d4b78a
MH		 1161 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1162 cancel_delayed_work(&hdev->power_off);
1163
1164 if (cp->val) {
a1d70450
JH		 1165 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1166 data, len);
1167 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1168 goto failed;
1169 }
1170 }
1171
4b34ee78 1172 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1173 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1174 goto failed;
1175 }
1176
2e58ef3e 1177 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1178 if (!cmd) {
1179 err = -ENOMEM;
eec8d2bc 1180 goto failed;
366a0336 1181 }
eec8d2bc 1182
8b064a3a 1183 if (cp->val) {
19202573 1184 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1185 err = 0;
1186 } else {
1187 /* Disconnect connections, stop scans, etc */
1188 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1189 if (!err)
1190 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1191 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1192
8b064a3a
JH		 1193 /* ENODATA means there were no HCI commands queued */
1194 if (err == -ENODATA) {
a3172b7e 1195 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1196 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1197 err = 0;
1198 }
1199 }
eec8d2bc
JH		 1200
1201failed:
09fd0de5 1202 hci_dev_unlock(hdev);
366a0336 1203 return err;
eec8d2bc
JH		 1204}
1205
04124681
GP		 1206static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1207 struct sock *skip_sk)
beadb2bd
JH		 1208{
1209 struct sk_buff *skb;
1210 struct mgmt_hdr *hdr;
1211
790eff44 1212 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1213 if (!skb)
1214 return -ENOMEM;
1215
1216 hdr = (void *) skb_put(skb, sizeof(*hdr));
1217 hdr->opcode = cpu_to_le16(event);
1218 if (hdev)
1219 hdr->index = cpu_to_le16(hdev->id);
1220 else
dcf4adbf 1221 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1222 hdr->len = cpu_to_le16(data_len);
1223
1224 if (data)
1225 memcpy(skb_put(skb, data_len), data, data_len);
1226
97e0bdeb
MH		 1227 /* Time stamp */
1228 __net_timestamp(skb);
1229
beadb2bd
JH		 1230 hci_send_to_control(skb, skip_sk);
1231 kfree_skb(skb);
1232
1233 return 0;
1234}
1235
1236static int new_settings(struct hci_dev *hdev, struct sock *skip)
1237{
1238 __le32 ev;
1239
1240 ev = cpu_to_le32(get_current_settings(hdev));
1241
1242 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1243}
1244
bd99abdd
JH		 1245struct cmd_lookup {
1246 struct sock *sk;
1247 struct hci_dev *hdev;
1248 u8 mgmt_status;
1249};
1250
1251static void settings_rsp(struct pending_cmd *cmd, void *data)
1252{
1253 struct cmd_lookup *match = data;
1254
1255 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1256
1257 list_del(&cmd->list);
1258
1259 if (match->sk == NULL) {
1260 match->sk = cmd->sk;
1261 sock_hold(match->sk);
1262 }
1263
1264 mgmt_pending_free(cmd);
1265}
1266
1267static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1268{
1269 u8 *status = data;
1270
1271 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1272 mgmt_pending_remove(cmd);
1273}
1274
e6fe7986
JH		 1275static u8 mgmt_bredr_support(struct hci_dev *hdev)
1276{
1277 if (!lmp_bredr_capable(hdev))
1278 return MGMT_STATUS_NOT_SUPPORTED;
1279 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1280 return MGMT_STATUS_REJECTED;
1281 else
1282 return MGMT_STATUS_SUCCESS;
1283}
1284
1285static u8 mgmt_le_support(struct hci_dev *hdev)
1286{
1287 if (!lmp_le_capable(hdev))
1288 return MGMT_STATUS_NOT_SUPPORTED;
1289 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1290 return MGMT_STATUS_REJECTED;
1291 else
1292 return MGMT_STATUS_SUCCESS;
1293}
1294
bfaf8c9f
JH		 1295static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1296{
1297 struct pending_cmd *cmd;
1298 struct mgmt_mode *cp;
970ba524 1299 struct hci_request req;
bfaf8c9f
JH		 1300 bool changed;
1301
1302 BT_DBG("status 0x%02x", status);
1303
1304 hci_dev_lock(hdev);
1305
1306 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1307 if (!cmd)
1308 goto unlock;
1309
1310 if (status) {
1311 u8 mgmt_err = mgmt_status(status);
1312 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1313 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1314 goto remove_cmd;
1315 }
1316
1317 cp = cmd->param;
d4462a07 1318 if (cp->val) {
bfaf8c9f
JH		 1319 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1320 &hdev->dev_flags);
d4462a07
MH		 1321
1322 if (hdev->discov_timeout > 0) {
1323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1325 to);
1326 }
1327 } else {
bfaf8c9f
JH		 1328 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1329 &hdev->dev_flags);
d4462a07 1330 }
bfaf8c9f
JH		 1331
1332 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1333
1334 if (changed)
1335 new_settings(hdev, cmd->sk);
1336
970ba524
MH		 1337 /* When the discoverable mode gets changed, make sure
1338 * that class of device has the limited discoverable
1339 * bit correctly set.
1340 */
1341 hci_req_init(&req, hdev);
1342 update_class(&req);
1343 hci_req_run(&req, NULL);
1344
bfaf8c9f
JH		 1345remove_cmd:
1346 mgmt_pending_remove(cmd);
1347
1348unlock:
1349 hci_dev_unlock(hdev);
1350}
1351
bdb6d971 1352static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1353 u16 len)
73f22f62 1354{
650f726d 1355 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1356 struct pending_cmd *cmd;
bfaf8c9f 1357 struct hci_request req;
5e5282bb 1358 u16 timeout;
9a43e25f 1359 u8 scan;
73f22f62
JH		 1360 int err;
1361
bdb6d971 1362 BT_DBG("request for %s", hdev->name);
73f22f62 1363
9a43e25f
JH		 1364 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1365 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1366 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1367 MGMT_STATUS_REJECTED);
33c525c0 1368
310a3d48 1369 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1370 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1371 MGMT_STATUS_INVALID_PARAMS);
1372
1f350c87 1373 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1374
1375 /* Disabling discoverable requires that no timeout is set,
1376 * and enabling limited discoverable requires a timeout.
1377 */
1378 if ((cp->val == 0x00 && timeout > 0) ||
1379 (cp->val == 0x02 && timeout == 0))
bdb6d971 1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1381 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1382
09fd0de5 1383 hci_dev_lock(hdev);
73f22f62 1384
5e5282bb 1385 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1386 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1387 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1388 goto failed;
1389 }
1390
2e58ef3e 1391 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1392 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1394 MGMT_STATUS_BUSY);
73f22f62
JH		 1395 goto failed;
1396 }
1397
5e5282bb 1398 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1399 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1400 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1401 goto failed;
1402 }
1403
1404 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1405 bool changed = false;
1406
310a3d48
MH		 1407 /* Setting limited discoverable when powered off is
1408 * not a valid operation since it requires a timeout
1409 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1410 */
0224d2fa
JH		 1411 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1412 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1413 changed = true;
1414 }
1415
5e5282bb 1416 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1417 if (err < 0)
1418 goto failed;
1419
1420 if (changed)
1421 err = new_settings(hdev, sk);
1422
5e5282bb
JH		 1423 goto failed;
1424 }
1425
310a3d48
MH		 1426 /* If the current mode is the same, then just update the timeout
1427 * value with the new value. And if only the timeout gets updated,
1428 * then no need for any HCI transactions.
1429 */
1430 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1431 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1432 &hdev->dev_flags)) {
36261547
MH		 1433 cancel_delayed_work(&hdev->discov_off);
1434 hdev->discov_timeout = timeout;
955638ec 1435
36261547
MH		 1436 if (cp->val && hdev->discov_timeout > 0) {
1437 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1438 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1439 to);
955638ec
MH		 1440 }
1441
69ab39ea 1442 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1443 goto failed;
1444 }
1445
2e58ef3e 1446 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1447 if (!cmd) {
1448 err = -ENOMEM;
73f22f62 1449 goto failed;
366a0336 1450 }
73f22f62 1451
310a3d48
MH		 1452 /* Cancel any potential discoverable timeout that might be
1453 * still active and store new timeout value. The arming of
1454 * the timeout happens in the complete handler.
1455 */
1456 cancel_delayed_work(&hdev->discov_off);
1457 hdev->discov_timeout = timeout;
1458
b456f87c
JH		 1459 /* Limited discoverable mode */
1460 if (cp->val == 0x02)
1461 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1462 else
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464
bfaf8c9f
JH		 1465 hci_req_init(&req, hdev);
1466
9a43e25f
JH		 1467 /* The procedure for LE-only controllers is much simpler - just
1468 * update the advertising data.
1469 */
1470 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1471 goto update_ad;
1472
73f22f62
JH		 1473 scan = SCAN_PAGE;
1474
310a3d48
MH		 1475 if (cp->val) {
1476 struct hci_cp_write_current_iac_lap hci_cp;
1477
1478 if (cp->val == 0x02) {
1479 /* Limited discoverable mode */
33337dcb 1480 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1481 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1482 hci_cp.iac_lap[1] = 0x8b;
1483 hci_cp.iac_lap[2] = 0x9e;
1484 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1485 hci_cp.iac_lap[4] = 0x8b;
1486 hci_cp.iac_lap[5] = 0x9e;
1487 } else {
1488 /* General discoverable mode */
310a3d48
MH		 1489 hci_cp.num_iac = 1;
1490 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1491 hci_cp.iac_lap[1] = 0x8b;
1492 hci_cp.iac_lap[2] = 0x9e;
1493 }
1494
1495 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1496 (hci_cp.num_iac * 3) + 1, &hci_cp);
1497
73f22f62 1498 scan |= SCAN_INQUIRY;
310a3d48
MH		 1499 } else {
1500 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1501 }
73f22f62 1502
310a3d48 1503 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1504
9a43e25f
JH		 1505update_ad:
1506 update_adv_data(&req);
1507
bfaf8c9f 1508 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1509 if (err < 0)
a664b5bc 1510 mgmt_pending_remove(cmd);
73f22f62
JH		 1511
1512failed:
09fd0de5 1513 hci_dev_unlock(hdev);
73f22f62
JH		 1514 return err;
1515}
1516
406d7804
JH		 1517static void write_fast_connectable(struct hci_request *req, bool enable)
1518{
bd98b996 1519 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1520 struct hci_cp_write_page_scan_activity acp;
1521 u8 type;
1522
547003b1
JH		 1523 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1524 return;
1525
4c01f8b8
JH		 1526 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1527 return;
1528
406d7804
JH		 1529 if (enable) {
1530 type = PAGE_SCAN_TYPE_INTERLACED;
1531
1532 /* 160 msec page scan interval */
dcf4adbf 1533 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1534 } else {
1535 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1536
1537 /* default 1.28 sec page scan */
dcf4adbf 1538 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1539 }
1540
dcf4adbf 1541 acp.window = cpu_to_le16(0x0012);
406d7804 1542
bd98b996
JH		 1543 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1544 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1545 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1546 sizeof(acp), &acp);
1547
1548 if (hdev->page_scan_type != type)
1549 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1550}
1551
2b76f453
JH		 1552static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1553{
1554 struct pending_cmd *cmd;
d7b856f9
JH		 1555 struct mgmt_mode *cp;
1556 bool changed;
2b76f453
JH		 1557
1558 BT_DBG("status 0x%02x", status);
1559
1560 hci_dev_lock(hdev);
1561
1562 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1563 if (!cmd)
1564 goto unlock;
1565
37438c1f
JH		 1566 if (status) {
1567 u8 mgmt_err = mgmt_status(status);
1568 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1569 goto remove_cmd;
1570 }
1571
d7b856f9
JH		 1572 cp = cmd->param;
1573 if (cp->val)
1574 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1575 else
1576 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1577
2b76f453
JH		 1578 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1579
d7b856f9
JH		 1580 if (changed)
1581 new_settings(hdev, cmd->sk);
1582
37438c1f 1583remove_cmd:
2b76f453
JH		 1584 mgmt_pending_remove(cmd);
1585
1586unlock:
1587 hci_dev_unlock(hdev);
1588}
1589
e8ba3a1f
JH		 1590static int set_connectable_update_settings(struct hci_dev *hdev,
1591 struct sock *sk, u8 val)
1592{
1593 bool changed = false;
1594 int err;
1595
1596 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1597 changed = true;
1598
1599 if (val) {
1600 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1601 } else {
1602 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1603 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1604 }
1605
1606 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1607 if (err < 0)
1608 return err;
1609
1610 if (changed)
1611 return new_settings(hdev, sk);
1612
1613 return 0;
1614}
1615
bdb6d971 1616static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1617 u16 len)
9fbcbb45 1618{
650f726d 1619 struct mgmt_mode *cp = data;
366a0336 1620 struct pending_cmd *cmd;
2b76f453 1621 struct hci_request req;
1987fdc7 1622 u8 scan;
9fbcbb45
JH		 1623 int err;
1624
bdb6d971 1625 BT_DBG("request for %s", hdev->name);
9fbcbb45 1626
1987fdc7
JH		 1627 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1628 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1629 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1630 MGMT_STATUS_REJECTED);
33c525c0 1631
a7e80f25
JH		 1632 if (cp->val != 0x00 && cp->val != 0x01)
1633 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1634 MGMT_STATUS_INVALID_PARAMS);
1635
09fd0de5 1636 hci_dev_lock(hdev);
9fbcbb45 1637
4b34ee78 1638 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1639 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1640 goto failed;
1641 }
1642
2e58ef3e 1643 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1644 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1645 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1646 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1647 goto failed;
1648 }
1649
2e58ef3e 1650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1651 if (!cmd) {
1652 err = -ENOMEM;
9fbcbb45 1653 goto failed;
366a0336 1654 }
9fbcbb45 1655
9b74246f 1656 hci_req_init(&req, hdev);
9fbcbb45 1657
9a43e25f
JH		 1658 /* If BR/EDR is not enabled and we disable advertising as a
1659 * by-product of disabling connectable, we need to update the
1660 * advertising flags.
1661 */
1662 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1663 if (!cp->val) {
1664 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1665 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1666 }
1667 update_adv_data(&req);
1668 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1669 if (cp->val) {
1670 scan = SCAN_PAGE;
1671 } else {
1672 scan = 0;
1673
1674 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1675 hdev->discov_timeout > 0)
9b74246f
JH		 1676 cancel_delayed_work(&hdev->discov_off);
1677 }
2b76f453 1678
9b74246f
JH		 1679 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1680 }
2b76f453 1681
4c01f8b8
JH		 1682 /* If we're going from non-connectable to connectable or
1683 * vice-versa when fast connectable is enabled ensure that fast
1684 * connectable gets disabled. write_fast_connectable won't do
1685 * anything if the page scan parameters are already what they
1686 * should be.
1687 */
1688 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1689 write_fast_connectable(&req, false);
1690
1987fdc7
JH		 1691 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1692 hci_conn_num(hdev, LE_LINK) == 0) {
1693 disable_advertising(&req);
1694 enable_advertising(&req);
1695 }
1696
2b76f453 1697 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1698 if (err < 0) {
a664b5bc 1699 mgmt_pending_remove(cmd);
9b74246f 1700 if (err == -ENODATA)
a81070ba
JH		 1701 err = set_connectable_update_settings(hdev, sk,
1702 cp->val);
9b74246f
JH		 1703 goto failed;
1704 }
9fbcbb45
JH		 1705
1706failed:
09fd0de5 1707 hci_dev_unlock(hdev);
9fbcbb45
JH		 1708 return err;
1709}
1710
bdb6d971 1711static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1712 u16 len)
c542a06c 1713{
650f726d 1714 struct mgmt_mode *cp = data;
55594356 1715 bool changed;
c542a06c
JH		 1716 int err;
1717
bdb6d971 1718 BT_DBG("request for %s", hdev->name);
c542a06c 1719
a7e80f25
JH		 1720 if (cp->val != 0x00 && cp->val != 0x01)
1721 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1722 MGMT_STATUS_INVALID_PARAMS);
1723
09fd0de5 1724 hci_dev_lock(hdev);
c542a06c
JH		 1725
1726 if (cp->val)
55594356 1727 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1728 else
55594356 1729 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1730
69ab39ea 1731 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1732 if (err < 0)
55594356 1733 goto unlock;
c542a06c 1734
55594356
MH		 1735 if (changed)
1736 err = new_settings(hdev, sk);
c542a06c 1737
55594356 1738unlock:
09fd0de5 1739 hci_dev_unlock(hdev);
c542a06c
JH		 1740 return err;
1741}
1742
04124681
GP		 1743static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1744 u16 len)
33ef95ed
JH		 1745{
1746 struct mgmt_mode *cp = data;
1747 struct pending_cmd *cmd;
e6fe7986 1748 u8 val, status;
33ef95ed
JH		 1749 int err;
1750
bdb6d971 1751 BT_DBG("request for %s", hdev->name);
33ef95ed 1752
e6fe7986
JH		 1753 status = mgmt_bredr_support(hdev);
1754 if (status)
33c525c0 1755 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1756 status);
33c525c0 1757
a7e80f25
JH		 1758 if (cp->val != 0x00 && cp->val != 0x01)
1759 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1760 MGMT_STATUS_INVALID_PARAMS);
1761
33ef95ed
JH		 1762 hci_dev_lock(hdev);
1763
4b34ee78 1764 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1765 bool changed = false;
1766
1767 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1768 &hdev->dev_flags)) {
47990ea0
JH		 1769 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1770 changed = true;
1771 }
1772
1773 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1774 if (err < 0)
1775 goto failed;
1776
1777 if (changed)
1778 err = new_settings(hdev, sk);
1779
33ef95ed
JH		 1780 goto failed;
1781 }
1782
1783 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1784 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1785 MGMT_STATUS_BUSY);
33ef95ed
JH		 1786 goto failed;
1787 }
1788
1789 val = !!cp->val;
1790
1791 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1792 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1793 goto failed;
1794 }
1795
1796 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1797 if (!cmd) {
1798 err = -ENOMEM;
1799 goto failed;
1800 }
1801
1802 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1803 if (err < 0) {
1804 mgmt_pending_remove(cmd);
1805 goto failed;
1806 }
1807
1808failed:
1809 hci_dev_unlock(hdev);
33ef95ed
JH		 1810 return err;
1811}
1812
bdb6d971 1813static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1814{
1815 struct mgmt_mode *cp = data;
1816 struct pending_cmd *cmd;
72ef0c1a 1817 u8 status;
ed2c4ee3
JH		 1818 int err;
1819
bdb6d971 1820 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1821
cdba5281
MH		 1822 status = mgmt_bredr_support(hdev);
1823 if (status)
1824 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1825
13ecd8b6
JH		 1826 if (!lmp_ssp_capable(hdev))
1827 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1829
a7e80f25
JH		 1830 if (cp->val != 0x00 && cp->val != 0x01)
1831 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1832 MGMT_STATUS_INVALID_PARAMS);
1833
13ecd8b6 1834 hci_dev_lock(hdev);
6c8f12c1 1835
4b34ee78 1836 if (!hdev_is_powered(hdev)) {
9ecb3e24 1837 bool changed;
c0ecddc2 1838
9ecb3e24
MH		 1839 if (cp->val) {
1840 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1841 &hdev->dev_flags);
1842 } else {
1843 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1844 &hdev->dev_flags);
1845 if (!changed)
1846 changed = test_and_clear_bit(HCI_HS_ENABLED,
1847 &hdev->dev_flags);
1848 else
1849 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1850 }
1851
1852 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1853 if (err < 0)
1854 goto failed;
1855
1856 if (changed)
1857 err = new_settings(hdev, sk);
1858
ed2c4ee3
JH		 1859 goto failed;
1860 }
1861
9ecb3e24
MH		 1862 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1863 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1865 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1866 goto failed;
1867 }
1868
72ef0c1a 1869 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1870 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1871 goto failed;
1872 }
1873
1874 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1875 if (!cmd) {
1876 err = -ENOMEM;
1877 goto failed;
1878 }
1879
72ef0c1a 1880 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1881 if (err < 0) {
1882 mgmt_pending_remove(cmd);
1883 goto failed;
1884 }
1885
1886failed:
1887 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1888 return err;
1889}
1890
bdb6d971 1891static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1892{
1893 struct mgmt_mode *cp = data;
ee392693 1894 bool changed;
e6fe7986 1895 u8 status;
ee392693 1896 int err;
6d80dfd0 1897
bdb6d971 1898 BT_DBG("request for %s", hdev->name);
6d80dfd0 1899
e6fe7986
JH		 1900 status = mgmt_bredr_support(hdev);
1901 if (status)
1902 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1903
9ecb3e24
MH		 1904 if (!lmp_ssp_capable(hdev))
1905 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1906 MGMT_STATUS_NOT_SUPPORTED);
1907
1908 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1909 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1910 MGMT_STATUS_REJECTED);
1911
a7e80f25
JH		 1912 if (cp->val != 0x00 && cp->val != 0x01)
1913 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1914 MGMT_STATUS_INVALID_PARAMS);
1915
ee392693
MH		 1916 hci_dev_lock(hdev);
1917
a0cdf960 1918 if (cp->val) {
ee392693 1919 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1920 } else {
1921 if (hdev_is_powered(hdev)) {
1922 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1923 MGMT_STATUS_REJECTED);
1924 goto unlock;
1925 }
1926
ee392693 1927 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1928 }
ee392693
MH		 1929
1930 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1931 if (err < 0)
1932 goto unlock;
1933
1934 if (changed)
1935 err = new_settings(hdev, sk);
6d80dfd0 1936
ee392693
MH		 1937unlock:
1938 hci_dev_unlock(hdev);
1939 return err;
6d80dfd0
JH		 1940}
1941
416a4ae5
JH		 1942static void le_enable_complete(struct hci_dev *hdev, u8 status)
1943{
1944 struct cmd_lookup match = { NULL, hdev };
1945
1946 if (status) {
1947 u8 mgmt_err = mgmt_status(status);
1948
1949 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1950 &mgmt_err);
1951 return;
1952 }
1953
1954 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1955
1956 new_settings(hdev, match.sk);
1957
1958 if (match.sk)
1959 sock_put(match.sk);
441ad2d0
MH		 1960
1961 /* Make sure the controller has a good default for
1962 * advertising data. Restrict the update to when LE
1963 * has actually been enabled. During power on, the
1964 * update in powered_update_hci will take care of it.
1965 */
1966 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1967 struct hci_request req;
1968
1969 hci_dev_lock(hdev);
1970
1971 hci_req_init(&req, hdev);
5947f4bc 1972 update_adv_data(&req);
f14d8f64 1973 update_scan_rsp_data(&req);
441ad2d0
MH		 1974 hci_req_run(&req, NULL);
1975
1976 hci_dev_unlock(hdev);
1977 }
416a4ae5
JH		 1978}
1979
bdb6d971 1980static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1981{
1982 struct mgmt_mode *cp = data;
1983 struct hci_cp_write_le_host_supported hci_cp;
1984 struct pending_cmd *cmd;
416a4ae5 1985 struct hci_request req;
06199cf8 1986 int err;
0b60eba1 1987 u8 val, enabled;
06199cf8 1988
bdb6d971 1989 BT_DBG("request for %s", hdev->name);
06199cf8 1990
13ecd8b6
JH		 1991 if (!lmp_le_capable(hdev))
1992 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1993 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1994
a7e80f25
JH		 1995 if (cp->val != 0x00 && cp->val != 0x01)
1996 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1997 MGMT_STATUS_INVALID_PARAMS);
1998
c73eee91 1999 /* LE-only devices do not allow toggling LE on/off */
56f87901 2000 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2001 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2002 MGMT_STATUS_REJECTED);
2003
13ecd8b6 2004 hci_dev_lock(hdev);
06199cf8
JH		 2005
2006 val = !!cp->val;
ffa88e02 2007 enabled = lmp_host_le_capable(hdev);
06199cf8 2008
0b60eba1 2009 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2010 bool changed = false;
2011
2012 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2013 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2014 changed = true;
2015 }
2016
f3d3444a
JH		 2017 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2018 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2019 changed = true;
2020 }
2021
06199cf8
JH		 2022 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2023 if (err < 0)
1de028ce 2024 goto unlock;
06199cf8
JH		 2025
2026 if (changed)
2027 err = new_settings(hdev, sk);
2028
1de028ce 2029 goto unlock;
06199cf8
JH		 2030 }
2031
4375f103
JH		 2032 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2033 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2034 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2035 MGMT_STATUS_BUSY);
1de028ce 2036 goto unlock;
06199cf8
JH		 2037 }
2038
2039 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2040 if (!cmd) {
2041 err = -ENOMEM;
1de028ce 2042 goto unlock;
06199cf8
JH		 2043 }
2044
441ad2d0
MH		 2045 hci_req_init(&req, hdev);
2046
06199cf8
JH		 2047 memset(&hci_cp, 0, sizeof(hci_cp));
2048
2049 if (val) {
2050 hci_cp.le = val;
ffa88e02 2051 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2052 } else {
2053 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2054 disable_advertising(&req);
06199cf8
JH		 2055 }
2056
416a4ae5
JH		 2057 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2058 &hci_cp);
2059
2060 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2061 if (err < 0)
06199cf8 2062 mgmt_pending_remove(cmd);
06199cf8 2063
1de028ce
JH		 2064unlock:
2065 hci_dev_unlock(hdev);
06199cf8
JH		 2066 return err;
2067}
2068
0cab9c80
JH		 2069/* This is a helper function to test for pending mgmt commands that can
2070 * cause CoD or EIR HCI commands. We can only allow one such pending
2071 * mgmt command at a time since otherwise we cannot easily track what
2072 * the current values are, will be, and based on that calculate if a new
2073 * HCI command needs to be sent and if yes with what value.
2074 */
2075static bool pending_eir_or_class(struct hci_dev *hdev)
2076{
2077 struct pending_cmd *cmd;
2078
2079 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2080 switch (cmd->opcode) {
2081 case MGMT_OP_ADD_UUID:
2082 case MGMT_OP_REMOVE_UUID:
2083 case MGMT_OP_SET_DEV_CLASS:
2084 case MGMT_OP_SET_POWERED:
2085 return true;
2086 }
2087 }
2088
2089 return false;
2090}
2091
83be8eca
JH		 2092static const u8 bluetooth_base_uuid[] = {
2093 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2094 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2095};
2096
2097static u8 get_uuid_size(const u8 *uuid)
2098{
2099 u32 val;
2100
2101 if (memcmp(uuid, bluetooth_base_uuid, 12))
2102 return 128;
2103
2104 val = get_unaligned_le32(&uuid[12]);
2105 if (val > 0xffff)
2106 return 32;
2107
2108 return 16;
2109}
2110
92da6097
JH		 2111static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2112{
2113 struct pending_cmd *cmd;
2114
2115 hci_dev_lock(hdev);
2116
2117 cmd = mgmt_pending_find(mgmt_op, hdev);
2118 if (!cmd)
2119 goto unlock;
2120
2121 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2122 hdev->dev_class, 3);
2123
2124 mgmt_pending_remove(cmd);
2125
2126unlock:
2127 hci_dev_unlock(hdev);
2128}
2129
2130static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2131{
2132 BT_DBG("status 0x%02x", status);
2133
2134 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2135}
2136
bdb6d971 2137static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2138{
650f726d 2139 struct mgmt_cp_add_uuid *cp = data;
90e70454 2140 struct pending_cmd *cmd;
890ea898 2141 struct hci_request req;
2aeb9a1a 2142 struct bt_uuid *uuid;
2aeb9a1a
JH		 2143 int err;
2144
bdb6d971 2145 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2146
09fd0de5 2147 hci_dev_lock(hdev);
2aeb9a1a 2148
0cab9c80 2149 if (pending_eir_or_class(hdev)) {
bdb6d971 2150 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2151 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2152 goto failed;
2153 }
2154
92c4c204 2155 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2156 if (!uuid) {
2157 err = -ENOMEM;
2158 goto failed;
2159 }
2160
2161 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2162 uuid->svc_hint = cp->svc_hint;
83be8eca 2163 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2164
de66aa63 2165 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2166
890ea898 2167 hci_req_init(&req, hdev);
1aff6f09 2168
890ea898
JH		 2169 update_class(&req);
2170 update_eir(&req);
2171
92da6097
JH		 2172 err = hci_req_run(&req, add_uuid_complete);
2173 if (err < 0) {
2174 if (err != -ENODATA)
2175 goto failed;
80a1e1db 2176
bdb6d971 2177 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2178 hdev->dev_class, 3);
90e70454
JH		 2179 goto failed;
2180 }
2181
2182 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2183 if (!cmd) {
90e70454 2184 err = -ENOMEM;
890ea898
JH		 2185 goto failed;
2186 }
2187
2188 err = 0;
2aeb9a1a
JH		 2189
2190failed:
09fd0de5 2191 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2192 return err;
2193}
2194
24b78d0f
JH		 2195static bool enable_service_cache(struct hci_dev *hdev)
2196{
2197 if (!hdev_is_powered(hdev))
2198 return false;
2199
2200 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2201 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2202 CACHE_TIMEOUT);
24b78d0f
JH		 2203 return true;
2204 }
2205
2206 return false;
2207}
2208
92da6097
JH		 2209static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2210{
2211 BT_DBG("status 0x%02x", status);
2212
2213 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2214}
2215
bdb6d971 2216static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2217 u16 len)
2aeb9a1a 2218{
650f726d 2219 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2220 struct pending_cmd *cmd;
056341c8 2221 struct bt_uuid *match, *tmp;
2aeb9a1a 2222 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2223 struct hci_request req;
2aeb9a1a
JH		 2224 int err, found;
2225
bdb6d971 2226 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2227
09fd0de5 2228 hci_dev_lock(hdev);
2aeb9a1a 2229
0cab9c80 2230 if (pending_eir_or_class(hdev)) {
bdb6d971 2231 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2232 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2233 goto unlock;
2234 }
2235
2aeb9a1a 2236 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2237 hci_uuids_clear(hdev);
4004b6d9 2238
24b78d0f 2239 if (enable_service_cache(hdev)) {
bdb6d971 2240 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2241 0, hdev->dev_class, 3);
24b78d0f
JH		 2242 goto unlock;
2243 }
4004b6d9 2244
9246a869 2245 goto update_class;
2aeb9a1a
JH		 2246 }
2247
2248 found = 0;
2249
056341c8 2250 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2251 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2252 continue;
2253
2254 list_del(&match->list);
482049f7 2255 kfree(match);
2aeb9a1a
JH		 2256 found++;
2257 }
2258
2259 if (found == 0) {
bdb6d971 2260 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2261 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2262 goto unlock;
2263 }
2264
9246a869 2265update_class:
890ea898 2266 hci_req_init(&req, hdev);
1aff6f09 2267
890ea898
JH		 2268 update_class(&req);
2269 update_eir(&req);
2270
92da6097
JH		 2271 err = hci_req_run(&req, remove_uuid_complete);
2272 if (err < 0) {
2273 if (err != -ENODATA)
2274 goto unlock;
80a1e1db 2275
bdb6d971 2276 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2277 hdev->dev_class, 3);
90e70454
JH		 2278 goto unlock;
2279 }
2280
2281 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2282 if (!cmd) {
90e70454 2283 err = -ENOMEM;
890ea898
JH		 2284 goto unlock;
2285 }
2286
2287 err = 0;
2aeb9a1a
JH		 2288
2289unlock:
09fd0de5 2290 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2291 return err;
2292}
2293
92da6097
JH		 2294static void set_class_complete(struct hci_dev *hdev, u8 status)
2295{
2296 BT_DBG("status 0x%02x", status);
2297
2298 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2299}
2300
bdb6d971 2301static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2302 u16 len)
1aff6f09 2303{
650f726d 2304 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2305 struct pending_cmd *cmd;
890ea898 2306 struct hci_request req;
1aff6f09
JH		 2307 int err;
2308
bdb6d971 2309 BT_DBG("request for %s", hdev->name);
1aff6f09 2310
6203fc98 2311 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2312 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2313 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2314
0cab9c80 2315 hci_dev_lock(hdev);
ee98f473 2316
0cab9c80
JH		 2317 if (pending_eir_or_class(hdev)) {
2318 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2319 MGMT_STATUS_BUSY);
2320 goto unlock;
2321 }
c95f0ba7 2322
0cab9c80
JH		 2323 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2324 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2325 MGMT_STATUS_INVALID_PARAMS);
2326 goto unlock;
2327 }
575b3a02 2328
932f5ff5
JH		 2329 hdev->major_class = cp->major;
2330 hdev->minor_class = cp->minor;
2331
b5235a65 2332 if (!hdev_is_powered(hdev)) {
bdb6d971 2333 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2334 hdev->dev_class, 3);
b5235a65
JH		 2335 goto unlock;
2336 }
2337
890ea898
JH		 2338 hci_req_init(&req, hdev);
2339
a8b2d5c2 2340 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2341 hci_dev_unlock(hdev);
2342 cancel_delayed_work_sync(&hdev->service_cache);
2343 hci_dev_lock(hdev);
890ea898 2344 update_eir(&req);
7d78525d 2345 }
14c0b608 2346
890ea898
JH		 2347 update_class(&req);
2348
92da6097
JH		 2349 err = hci_req_run(&req, set_class_complete);
2350 if (err < 0) {
2351 if (err != -ENODATA)
2352 goto unlock;
1aff6f09 2353
bdb6d971 2354 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2355 hdev->dev_class, 3);
90e70454
JH		 2356 goto unlock;
2357 }
2358
2359 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2360 if (!cmd) {
90e70454 2361 err = -ENOMEM;
890ea898
JH		 2362 goto unlock;
2363 }
2364
2365 err = 0;
1aff6f09 2366
b5235a65 2367unlock:
09fd0de5 2368 hci_dev_unlock(hdev);
1aff6f09
JH		 2369 return err;
2370}
2371
bdb6d971 2372static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2373 u16 len)
55ed8ca1 2374{
650f726d 2375 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2376 u16 key_count, expected_len;
b1de97d8 2377 bool changed;
a492cd52 2378 int i;
55ed8ca1 2379
9060d5cf
MH		 2380 BT_DBG("request for %s", hdev->name);
2381
2382 if (!lmp_bredr_capable(hdev))
2383 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2384 MGMT_STATUS_NOT_SUPPORTED);
2385
1f350c87 2386 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2387
86742e1e
JH		 2388 expected_len = sizeof(*cp) + key_count *
2389 sizeof(struct mgmt_link_key_info);
a492cd52 2390 if (expected_len != len) {
86742e1e 2391 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2392 expected_len, len);
bdb6d971 2393 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2394 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2395 }
2396
4ae14301
JH		 2397 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2398 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2399 MGMT_STATUS_INVALID_PARAMS);
2400
bdb6d971 2401 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2402 key_count);
55ed8ca1 2403
4ee71b20
JH		 2404 for (i = 0; i < key_count; i++) {
2405 struct mgmt_link_key_info *key = &cp->keys[i];
2406
8e991132 2407 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2408 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2409 MGMT_STATUS_INVALID_PARAMS);
2410 }
2411
09fd0de5 2412 hci_dev_lock(hdev);
55ed8ca1
JH		 2413
2414 hci_link_keys_clear(hdev);
2415
55ed8ca1 2416 if (cp->debug_keys)
b1de97d8 2417 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2418 else
b1de97d8
MH		 2419 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2420
2421 if (changed)
2422 new_settings(hdev, NULL);
55ed8ca1 2423
a492cd52 2424 for (i = 0; i < key_count; i++) {
86742e1e 2425 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2426
d753fdc4 2427 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2428 key->type, key->pin_len);
55ed8ca1
JH		 2429 }
2430
bdb6d971 2431 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2432
09fd0de5 2433 hci_dev_unlock(hdev);
55ed8ca1 2434
a492cd52 2435 return 0;
55ed8ca1
JH		 2436}
2437
b1078ad0 2438static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2439 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2440{
2441 struct mgmt_ev_device_unpaired ev;
2442
2443 bacpy(&ev.addr.bdaddr, bdaddr);
2444 ev.addr.type = addr_type;
2445
2446 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2447 skip_sk);
b1078ad0
JH		 2448}
2449
bdb6d971 2450static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2451 u16 len)
55ed8ca1 2452{
124f6e35
JH		 2453 struct mgmt_cp_unpair_device *cp = data;
2454 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2455 struct hci_cp_disconnect dc;
2456 struct pending_cmd *cmd;
55ed8ca1 2457 struct hci_conn *conn;
55ed8ca1
JH		 2458 int err;
2459
a8a1d19e 2460 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2461 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2462 rp.addr.type = cp->addr.type;
a8a1d19e 2463
4ee71b20
JH		 2464 if (!bdaddr_type_is_valid(cp->addr.type))
2465 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2466 MGMT_STATUS_INVALID_PARAMS,
2467 &rp, sizeof(rp));
2468
118da70b
JH		 2469 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2470 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2471 MGMT_STATUS_INVALID_PARAMS,
2472 &rp, sizeof(rp));
2473
4ee71b20
JH		 2474 hci_dev_lock(hdev);
2475
86a8cfc6 2476 if (!hdev_is_powered(hdev)) {
bdb6d971 2477 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2478 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2479 goto unlock;
2480 }
2481
e0b2b27e 2482 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2483 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2484 } else {
2485 u8 addr_type;
2486
2487 if (cp->addr.type == BDADDR_LE_PUBLIC)
2488 addr_type = ADDR_LE_DEV_PUBLIC;
2489 else
2490 addr_type = ADDR_LE_DEV_RANDOM;
2491
a7ec7338
JH		 2492 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2493
a9b0a04c
AG		 2494 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2495
e0b2b27e
JH		 2496 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2497 }
b0dbfb46 2498
55ed8ca1 2499 if (err < 0) {
bdb6d971 2500 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2501 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2502 goto unlock;
2503 }
2504
86a8cfc6 2505 if (cp->disconnect) {
591f47f3 2506 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2507 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2508 &cp->addr.bdaddr);
86a8cfc6
JH		 2509 else
2510 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2511 &cp->addr.bdaddr);
86a8cfc6
JH		 2512 } else {
2513 conn = NULL;
2514 }
124f6e35 2515
a8a1d19e 2516 if (!conn) {
bdb6d971 2517 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2518 &rp, sizeof(rp));
b1078ad0 2519 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2520 goto unlock;
2521 }
55ed8ca1 2522
124f6e35 2523 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2524 sizeof(*cp));
a8a1d19e
JH		 2525 if (!cmd) {
2526 err = -ENOMEM;
2527 goto unlock;
55ed8ca1
JH		 2528 }
2529
eb55ef07 2530 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2531 dc.reason = 0x13; /* Remote User Terminated Connection */
2532 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2533 if (err < 0)
2534 mgmt_pending_remove(cmd);
2535
55ed8ca1 2536unlock:
09fd0de5 2537 hci_dev_unlock(hdev);
55ed8ca1
JH		 2538 return err;
2539}
2540
bdb6d971 2541static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2542 u16 len)
8962ee74 2543{
650f726d 2544 struct mgmt_cp_disconnect *cp = data;
06a63b19 2545 struct mgmt_rp_disconnect rp;
8962ee74 2546 struct hci_cp_disconnect dc;
366a0336 2547 struct pending_cmd *cmd;
8962ee74 2548 struct hci_conn *conn;
8962ee74
JH		 2549 int err;
2550
2551 BT_DBG("");
2552
06a63b19
JH		 2553 memset(&rp, 0, sizeof(rp));
2554 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2555 rp.addr.type = cp->addr.type;
2556
4ee71b20 2557 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2558 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2559 MGMT_STATUS_INVALID_PARAMS,
2560 &rp, sizeof(rp));
4ee71b20 2561
09fd0de5 2562 hci_dev_lock(hdev);
8962ee74
JH		 2563
2564 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2565 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2566 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2567 goto failed;
2568 }
2569
2e58ef3e 2570 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2571 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2572 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2573 goto failed;
2574 }
2575
591f47f3 2576 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2577 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2578 &cp->addr.bdaddr);
88c3df13
JH		 2579 else
2580 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2581
f960727e 2582 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2583 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2584 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2585 goto failed;
2586 }
2587
2e58ef3e 2588 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2589 if (!cmd) {
2590 err = -ENOMEM;
8962ee74 2591 goto failed;
366a0336 2592 }
8962ee74 2593
eb55ef07 2594 dc.handle = cpu_to_le16(conn->handle);
3701f944 2595 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2596
2597 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2598 if (err < 0)
a664b5bc 2599 mgmt_pending_remove(cmd);
8962ee74
JH		 2600
2601failed:
09fd0de5 2602 hci_dev_unlock(hdev);
8962ee74
JH		 2603 return err;
2604}
2605
57c1477c 2606static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2607{
2608 switch (link_type) {
2609 case LE_LINK:
48264f06
JH		 2610 switch (addr_type) {
2611 case ADDR_LE_DEV_PUBLIC:
591f47f3 2612 return BDADDR_LE_PUBLIC;
0ed09148 2613
48264f06 2614 default:
0ed09148 2615 /* Fallback to LE Random address type */
591f47f3 2616 return BDADDR_LE_RANDOM;
48264f06 2617 }
0ed09148 2618
4c659c39 2619 default:
0ed09148 2620 /* Fallback to BR/EDR type */
591f47f3 2621 return BDADDR_BREDR;
4c659c39
JH		 2622 }
2623}
2624
04124681
GP		 2625static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2626 u16 data_len)
2784eb41 2627{
2784eb41 2628 struct mgmt_rp_get_connections *rp;
8035ded4 2629 struct hci_conn *c;
a38528f1 2630 size_t rp_len;
60fc5fb6
JH		 2631 int err;
2632 u16 i;
2784eb41
JH		 2633
2634 BT_DBG("");
2635
09fd0de5 2636 hci_dev_lock(hdev);
2784eb41 2637
5f97c1df 2638 if (!hdev_is_powered(hdev)) {
bdb6d971 2639 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2640 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2641 goto unlock;
2642 }
2643
60fc5fb6 2644 i = 0;
b644ba33
JH		 2645 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2646 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2647 i++;
2784eb41
JH		 2648 }
2649
60fc5fb6 2650 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2651 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2652 if (!rp) {
2784eb41
JH		 2653 err = -ENOMEM;
2654 goto unlock;
2655 }
2656
2784eb41 2657 i = 0;
4c659c39 2658 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2659 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2660 continue;
4c659c39 2661 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2662 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2663 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2664 continue;
2665 i++;
2666 }
2667
eb55ef07 2668 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2669
4c659c39
JH		 2670 /* Recalculate length in case of filtered SCO connections, etc */
2671 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2672
bdb6d971 2673 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2674 rp_len);
2784eb41 2675
a38528f1 2676 kfree(rp);
5f97c1df
JH		 2677
2678unlock:
09fd0de5 2679 hci_dev_unlock(hdev);
2784eb41
JH		 2680 return err;
2681}
2682
bdb6d971 2683static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2684 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2685{
2686 struct pending_cmd *cmd;
2687 int err;
2688
2e58ef3e 2689 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2690 sizeof(*cp));
96d97a67
WR		 2691 if (!cmd)
2692 return -ENOMEM;
2693
d8457698 2694 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2695 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2696 if (err < 0)
2697 mgmt_pending_remove(cmd);
2698
2699 return err;
2700}
2701
bdb6d971 2702static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2703 u16 len)
980e1a53 2704{
96d97a67 2705 struct hci_conn *conn;
650f726d 2706 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2707 struct hci_cp_pin_code_reply reply;
366a0336 2708 struct pending_cmd *cmd;
980e1a53
JH		 2709 int err;
2710
2711 BT_DBG("");
2712
09fd0de5 2713 hci_dev_lock(hdev);
980e1a53 2714
4b34ee78 2715 if (!hdev_is_powered(hdev)) {
bdb6d971 2716 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2717 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2718 goto failed;
2719 }
2720
d8457698 2721 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2722 if (!conn) {
bdb6d971 2723 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2724 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2725 goto failed;
2726 }
2727
2728 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2729 struct mgmt_cp_pin_code_neg_reply ncp;
2730
2731 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2732
2733 BT_ERR("PIN code is not 16 bytes long");
2734
bdb6d971 2735 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2736 if (err >= 0)
bdb6d971 2737 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2738 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2739
2740 goto failed;
2741 }
2742
00abfe44 2743 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2744 if (!cmd) {
2745 err = -ENOMEM;
980e1a53 2746 goto failed;
366a0336 2747 }
980e1a53 2748
d8457698 2749 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2750 reply.pin_len = cp->pin_len;
24718ca5 2751 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2752
2753 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2754 if (err < 0)
a664b5bc 2755 mgmt_pending_remove(cmd);
980e1a53
JH		 2756
2757failed:
09fd0de5 2758 hci_dev_unlock(hdev);
980e1a53
JH		 2759 return err;
2760}
2761
04124681
GP		 2762static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2763 u16 len)
17fa4b9d 2764{
650f726d 2765 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2766
2767 BT_DBG("");
2768
09fd0de5 2769 hci_dev_lock(hdev);
17fa4b9d
JH		 2770
2771 hdev->io_capability = cp->io_capability;
2772
2773 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2774 hdev->io_capability);
17fa4b9d 2775
09fd0de5 2776 hci_dev_unlock(hdev);
17fa4b9d 2777
04124681
GP		 2778 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2779 0);
17fa4b9d
JH		 2780}
2781
6039aa73 2782static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2783{
2784 struct hci_dev *hdev = conn->hdev;
8035ded4 2785 struct pending_cmd *cmd;
e9a416b5 2786
2e58ef3e 2787 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2788 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2789 continue;
2790
e9a416b5
JH		 2791 if (cmd->user_data != conn)
2792 continue;
2793
2794 return cmd;
2795 }
2796
2797 return NULL;
2798}
2799
2800static void pairing_complete(struct pending_cmd *cmd, u8 status)
2801{
2802 struct mgmt_rp_pair_device rp;
2803 struct hci_conn *conn = cmd->user_data;
2804
61b1a7fb
JH		 2805 bacpy(&rp.addr.bdaddr, &conn->dst);
2806 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2807
aee9b218 2808 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2809 &rp, sizeof(rp));
e9a416b5
JH		 2810
2811 /* So we don't get further callbacks for this connection */
2812 conn->connect_cfm_cb = NULL;
2813 conn->security_cfm_cb = NULL;
2814 conn->disconn_cfm_cb = NULL;
2815
76a68ba0 2816 hci_conn_drop(conn);
e9a416b5 2817
a664b5bc 2818 mgmt_pending_remove(cmd);
e9a416b5
JH		 2819}
2820
f4a407be
JH		 2821void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2822{
2823 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2824 struct pending_cmd *cmd;
2825
2826 cmd = find_pairing(conn);
2827 if (cmd)
2828 pairing_complete(cmd, status);
2829}
2830
e9a416b5
JH		 2831static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2832{
2833 struct pending_cmd *cmd;
2834
2835 BT_DBG("status %u", status);
2836
2837 cmd = find_pairing(conn);
56e5cb86 2838 if (!cmd)
e9a416b5 2839 BT_DBG("Unable to find a pending command");
56e5cb86 2840 else
e211326c 2841 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2842}
2843
f4a407be 2844static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2845{
2846 struct pending_cmd *cmd;
2847
2848 BT_DBG("status %u", status);
2849
2850 if (!status)
2851 return;
2852
2853 cmd = find_pairing(conn);
2854 if (!cmd)
2855 BT_DBG("Unable to find a pending command");
2856 else
2857 pairing_complete(cmd, mgmt_status(status));
2858}
2859
bdb6d971 2860static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2861 u16 len)
e9a416b5 2862{
650f726d 2863 struct mgmt_cp_pair_device *cp = data;
1425acb7 2864 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2865 struct pending_cmd *cmd;
2866 u8 sec_level, auth_type;
2867 struct hci_conn *conn;
e9a416b5
JH		 2868 int err;
2869
2870 BT_DBG("");
2871
f950a30e
SJ		 2872 memset(&rp, 0, sizeof(rp));
2873 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2874 rp.addr.type = cp->addr.type;
2875
4ee71b20
JH		 2876 if (!bdaddr_type_is_valid(cp->addr.type))
2877 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2878 MGMT_STATUS_INVALID_PARAMS,
2879 &rp, sizeof(rp));
2880
09fd0de5 2881 hci_dev_lock(hdev);
e9a416b5 2882
5f97c1df 2883 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2884 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2885 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2886 goto unlock;
2887 }
2888
c908df36 2889 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2890 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2891
6f77d8c7 2892 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2893 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2894 auth_type);
6f77d8c7
AG		 2895 } else {
2896 u8 addr_type;
2897
2898 /* Convert from L2CAP channel address type to HCI address type
2899 */
2900 if (cp->addr.type == BDADDR_LE_PUBLIC)
2901 addr_type = ADDR_LE_DEV_PUBLIC;
2902 else
2903 addr_type = ADDR_LE_DEV_RANDOM;
2904
2905 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2906 sec_level, auth_type);
6f77d8c7 2907 }
7a512d01 2908
30e76272 2909 if (IS_ERR(conn)) {
489dc48e
AK		 2910 int status;
2911
2912 if (PTR_ERR(conn) == -EBUSY)
2913 status = MGMT_STATUS_BUSY;
2914 else
2915 status = MGMT_STATUS_CONNECT_FAILED;
2916
bdb6d971 2917 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2918 status, &rp,
04124681 2919 sizeof(rp));
e9a416b5
JH		 2920 goto unlock;
2921 }
2922
2923 if (conn->connect_cfm_cb) {
76a68ba0 2924 hci_conn_drop(conn);
bdb6d971 2925 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2926 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2927 goto unlock;
2928 }
2929
2e58ef3e 2930 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2931 if (!cmd) {
2932 err = -ENOMEM;
76a68ba0 2933 hci_conn_drop(conn);
e9a416b5
JH		 2934 goto unlock;
2935 }
2936
7a512d01 2937 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2938 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2939 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2940 conn->security_cfm_cb = pairing_complete_cb;
2941 conn->disconn_cfm_cb = pairing_complete_cb;
2942 } else {
2943 conn->connect_cfm_cb = le_pairing_complete_cb;
2944 conn->security_cfm_cb = le_pairing_complete_cb;
2945 conn->disconn_cfm_cb = le_pairing_complete_cb;
2946 }
7a512d01 2947
e9a416b5
JH		 2948 conn->io_capability = cp->io_cap;
2949 cmd->user_data = conn;
2950
2951 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2952 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2953 pairing_complete(cmd, 0);
2954
2955 err = 0;
2956
2957unlock:
09fd0de5 2958 hci_dev_unlock(hdev);
e9a416b5
JH		 2959 return err;
2960}
2961
04124681
GP		 2962static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2963 u16 len)
28424707 2964{
0f4e68cf 2965 struct mgmt_addr_info *addr = data;
28424707
JH		 2966 struct pending_cmd *cmd;
2967 struct hci_conn *conn;
2968 int err;
2969
2970 BT_DBG("");
2971
28424707
JH		 2972 hci_dev_lock(hdev);
2973
5f97c1df 2974 if (!hdev_is_powered(hdev)) {
bdb6d971 2975 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2976 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2977 goto unlock;
2978 }
2979
28424707
JH		 2980 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2981 if (!cmd) {
bdb6d971 2982 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2983 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2984 goto unlock;
2985 }
2986
2987 conn = cmd->user_data;
2988
2989 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2990 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2991 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2992 goto unlock;
2993 }
2994
2995 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2996
bdb6d971 2997 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2998 addr, sizeof(*addr));
28424707
JH		 2999unlock:
3000 hci_dev_unlock(hdev);
28424707
JH		 3001 return err;
3002}
3003
bdb6d971 3004static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3005 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3006 u16 hci_op, __le32 passkey)
a5c29683 3007{
a5c29683 3008 struct pending_cmd *cmd;
0df4c185 3009 struct hci_conn *conn;
a5c29683
JH		 3010 int err;
3011
09fd0de5 3012 hci_dev_lock(hdev);
08ba5382 3013
4b34ee78 3014 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3015 err = cmd_complete(sk, hdev->id, mgmt_op,
3016 MGMT_STATUS_NOT_POWERED, addr,
3017 sizeof(*addr));
0df4c185 3018 goto done;
a5c29683
JH		 3019 }
3020
1707c60e
JH		 3021 if (addr->type == BDADDR_BREDR)
3022 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3023 else
1707c60e 3024 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3025
3026 if (!conn) {
feb94d3d
JH		 3027 err = cmd_complete(sk, hdev->id, mgmt_op,
3028 MGMT_STATUS_NOT_CONNECTED, addr,
3029 sizeof(*addr));
272d90df
JH		 3030 goto done;
3031 }
47c15e2b 3032
1707c60e 3033 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
c73f94b8
JH		 3034 /* Continue with pairing via SMP. The hdev lock must be
3035 * released as SMP may try to recquire it for crypto
3036 * purposes.
3037 */
3038 hci_dev_unlock(hdev);
5fe57d9e 3039 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
c73f94b8 3040 hci_dev_lock(hdev);
5fe57d9e
BG		 3041
3042 if (!err)
feb94d3d
JH		 3043 err = cmd_complete(sk, hdev->id, mgmt_op,
3044 MGMT_STATUS_SUCCESS, addr,
3045 sizeof(*addr));
5fe57d9e 3046 else
feb94d3d
JH		 3047 err = cmd_complete(sk, hdev->id, mgmt_op,
3048 MGMT_STATUS_FAILED, addr,
3049 sizeof(*addr));
47c15e2b 3050
47c15e2b
BG		 3051 goto done;
3052 }
3053
1707c60e 3054 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3055 if (!cmd) {
3056 err = -ENOMEM;
0df4c185 3057 goto done;
a5c29683
JH		 3058 }
3059
0df4c185 3060 /* Continue with pairing via HCI */
604086b7
BG		 3061 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3062 struct hci_cp_user_passkey_reply cp;
3063
1707c60e 3064 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3065 cp.passkey = passkey;
3066 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3067 } else
1707c60e
JH		 3068 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3069 &addr->bdaddr);
604086b7 3070
a664b5bc
JH		 3071 if (err < 0)
3072 mgmt_pending_remove(cmd);
a5c29683 3073
0df4c185 3074done:
09fd0de5 3075 hci_dev_unlock(hdev);
a5c29683
JH		 3076 return err;
3077}
3078
afeb019d
JK		 3079static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3080 void *data, u16 len)
3081{
3082 struct mgmt_cp_pin_code_neg_reply *cp = data;
3083
3084 BT_DBG("");
3085
1707c60e 3086 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3087 MGMT_OP_PIN_CODE_NEG_REPLY,
3088 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3089}
3090
04124681
GP		 3091static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3092 u16 len)
0df4c185 3093{
650f726d 3094 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3095
3096 BT_DBG("");
3097
3098 if (len != sizeof(*cp))
bdb6d971 3099 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3100 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3101
1707c60e 3102 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3103 MGMT_OP_USER_CONFIRM_REPLY,
3104 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3105}
3106
bdb6d971 3107static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3108 void *data, u16 len)
0df4c185 3109{
c9c2659f 3110 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3111
3112 BT_DBG("");
3113
1707c60e 3114 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3115 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3116 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3117}
3118
04124681
GP		 3119static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3120 u16 len)
604086b7 3121{
650f726d 3122 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3123
3124 BT_DBG("");
3125
1707c60e 3126 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3127 MGMT_OP_USER_PASSKEY_REPLY,
3128 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3129}
3130
bdb6d971 3131static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3132 void *data, u16 len)
604086b7 3133{
650f726d 3134 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3135
3136 BT_DBG("");
3137
1707c60e 3138 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3139 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3140 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3141}
3142
13928971 3143static void update_name(struct hci_request *req)
2b4bf397 3144{
13928971 3145 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3146 struct hci_cp_write_local_name cp;
3147
13928971 3148 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3149
890ea898 3150 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3151}
3152
13928971
JH		 3153static void set_name_complete(struct hci_dev *hdev, u8 status)
3154{
3155 struct mgmt_cp_set_local_name *cp;
3156 struct pending_cmd *cmd;
3157
3158 BT_DBG("status 0x%02x", status);
3159
3160 hci_dev_lock(hdev);
3161
3162 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3163 if (!cmd)
3164 goto unlock;
3165
3166 cp = cmd->param;
3167
3168 if (status)
3169 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3170 mgmt_status(status));
3171 else
3172 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3173 cp, sizeof(*cp));
3174
3175 mgmt_pending_remove(cmd);
3176
3177unlock:
3178 hci_dev_unlock(hdev);
3179}
3180
bdb6d971 3181static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3182 u16 len)
b312b161 3183{
2b4bf397 3184 struct mgmt_cp_set_local_name *cp = data;
b312b161 3185 struct pending_cmd *cmd;
890ea898 3186 struct hci_request req;
b312b161
JH		 3187 int err;
3188
3189 BT_DBG("");
3190
09fd0de5 3191 hci_dev_lock(hdev);
b312b161 3192
b3f2ca94
JH		 3193 /* If the old values are the same as the new ones just return a
3194 * direct command complete event.
3195 */
3196 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3197 !memcmp(hdev->short_name, cp->short_name,
3198 sizeof(hdev->short_name))) {
3199 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3200 data, len);
3201 goto failed;
3202 }
3203
2b4bf397 3204 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3205
b5235a65 3206 if (!hdev_is_powered(hdev)) {
2b4bf397 3207 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3208
3209 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3210 data, len);
28cc7bde
JH		 3211 if (err < 0)
3212 goto failed;
3213
3214 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3215 sk);
28cc7bde 3216
b5235a65
JH		 3217 goto failed;
3218 }
3219
28cc7bde 3220 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3221 if (!cmd) {
3222 err = -ENOMEM;
3223 goto failed;
3224 }
3225
13928971
JH		 3226 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3227
890ea898 3228 hci_req_init(&req, hdev);
3f985050
JH		 3229
3230 if (lmp_bredr_capable(hdev)) {
3231 update_name(&req);
3232 update_eir(&req);
3233 }
3234
7a5f4990
MH		 3235 /* The name is stored in the scan response data and so
3236 * no need to udpate the advertising data here.
3237 */
3f985050 3238 if (lmp_le_capable(hdev))
7a5f4990 3239 update_scan_rsp_data(&req);
3f985050 3240
13928971 3241 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3242 if (err < 0)
3243 mgmt_pending_remove(cmd);
3244
3245failed:
09fd0de5 3246 hci_dev_unlock(hdev);
b312b161
JH		 3247 return err;
3248}
3249
0f4e68cf 3250static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3251 void *data, u16 data_len)
c35938b2 3252{
c35938b2
SJ		 3253 struct pending_cmd *cmd;
3254 int err;
3255
bdb6d971 3256 BT_DBG("%s", hdev->name);
c35938b2 3257
09fd0de5 3258 hci_dev_lock(hdev);
c35938b2 3259
4b34ee78 3260 if (!hdev_is_powered(hdev)) {
bdb6d971 3261 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3262 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3263 goto unlock;
3264 }
3265
9a1a1996 3266 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3267 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3268 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3269 goto unlock;
3270 }
3271
2e58ef3e 3272 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3273 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3274 MGMT_STATUS_BUSY);
c35938b2
SJ		 3275 goto unlock;
3276 }
3277
2e58ef3e 3278 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3279 if (!cmd) {
3280 err = -ENOMEM;
3281 goto unlock;
3282 }
3283
4d2d2796
MH		 3284 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3285 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3286 0, NULL);
3287 else
3288 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3289
c35938b2
SJ		 3290 if (err < 0)
3291 mgmt_pending_remove(cmd);
3292
3293unlock:
09fd0de5 3294 hci_dev_unlock(hdev);
c35938b2
SJ		 3295 return err;
3296}
3297
bdb6d971 3298static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3299 void *data, u16 len)
2763eda6 3300{
2763eda6
SJ		 3301 int err;
3302
bdb6d971 3303 BT_DBG("%s ", hdev->name);
2763eda6 3304
09fd0de5 3305 hci_dev_lock(hdev);
2763eda6 3306
ec109113
MH		 3307 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3308 struct mgmt_cp_add_remote_oob_data *cp = data;
3309 u8 status;
bf1e3541 3310
ec109113
MH		 3311 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3312 cp->hash, cp->randomizer);
3313 if (err < 0)
3314 status = MGMT_STATUS_FAILED;
3315 else
3316 status = MGMT_STATUS_SUCCESS;
3317
3318 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3319 status, &cp->addr, sizeof(cp->addr));
3320 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3321 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3322 u8 status;
3323
3324 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3325 cp->hash192,
3326 cp->randomizer192,
3327 cp->hash256,
3328 cp->randomizer256);
3329 if (err < 0)
3330 status = MGMT_STATUS_FAILED;
3331 else
3332 status = MGMT_STATUS_SUCCESS;
3333
3334 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3335 status, &cp->addr, sizeof(cp->addr));
3336 } else {
3337 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3338 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3339 MGMT_STATUS_INVALID_PARAMS);
3340 }
2763eda6 3341
09fd0de5 3342 hci_dev_unlock(hdev);
2763eda6
SJ		 3343 return err;
3344}
3345
bdb6d971 3346static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3347 void *data, u16 len)
2763eda6 3348{
650f726d 3349 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3350 u8 status;
2763eda6
SJ		 3351 int err;
3352
bdb6d971 3353 BT_DBG("%s", hdev->name);
2763eda6 3354
09fd0de5 3355 hci_dev_lock(hdev);
2763eda6 3356
664ce4cc 3357 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3358 if (err < 0)
bf1e3541 3359 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3360 else
a6785be2 3361 status = MGMT_STATUS_SUCCESS;
bf1e3541 3362
bdb6d971 3363 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3364 status, &cp->addr, sizeof(cp->addr));
2763eda6 3365
09fd0de5 3366 hci_dev_unlock(hdev);
2763eda6
SJ		 3367 return err;
3368}
3369
41dc2bd6
AG		 3370static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3371{
3372 struct pending_cmd *cmd;
3373 u8 type;
3374 int err;
3375
3376 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3377
3378 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3379 if (!cmd)
3380 return -ENOENT;
3381
3382 type = hdev->discovery.type;
3383
3384 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3385 &type, sizeof(type));
3386 mgmt_pending_remove(cmd);
3387
3388 return err;
3389}
3390
7c307720
AG		 3391static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3392{
ae55f598
LR		 3393 unsigned long timeout = 0;
3394
7c307720
AG		 3395 BT_DBG("status %d", status);
3396
3397 if (status) {
3398 hci_dev_lock(hdev);
3399 mgmt_start_discovery_failed(hdev, status);
3400 hci_dev_unlock(hdev);
3401 return;
3402 }
3403
3404 hci_dev_lock(hdev);
3405 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3406 hci_dev_unlock(hdev);
3407
3408 switch (hdev->discovery.type) {
3409 case DISCOV_TYPE_LE:
3d5a76f0 3410 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3411 break;
3412
3413 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3414 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3415 break;
3416
3417 case DISCOV_TYPE_BREDR:
3418 break;
3419
3420 default:
3421 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3422 }
ae55f598
LR		 3423
3424 if (!timeout)
3425 return;
3426
3427 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3428}
3429
bdb6d971 3430static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3431 void *data, u16 len)
14a53664 3432{
650f726d 3433 struct mgmt_cp_start_discovery *cp = data;
14a53664 3434 struct pending_cmd *cmd;
7c307720
AG		 3435 struct hci_cp_le_set_scan_param param_cp;
3436 struct hci_cp_le_set_scan_enable enable_cp;
3437 struct hci_cp_inquiry inq_cp;
3438 struct hci_request req;
3439 /* General inquiry access code (GIAC) */
3440 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3441 u8 status, own_addr_type;
14a53664
JH		 3442 int err;
3443
bdb6d971 3444 BT_DBG("%s", hdev->name);
14a53664 3445
09fd0de5 3446 hci_dev_lock(hdev);
14a53664 3447
4b34ee78 3448 if (!hdev_is_powered(hdev)) {
bdb6d971 3449 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3450 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3451 goto failed;
3452 }
3453
642be6c7
AG		 3454 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3456 MGMT_STATUS_BUSY);
3457 goto failed;
3458 }
3459
ff9ef578 3460 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3461 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3462 MGMT_STATUS_BUSY);
ff9ef578
JH		 3463 goto failed;
3464 }
3465
2e58ef3e 3466 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3467 if (!cmd) {
3468 err = -ENOMEM;
3469 goto failed;
3470 }
3471
4aab14e5
AG		 3472 hdev->discovery.type = cp->type;
3473
7c307720
AG		 3474 hci_req_init(&req, hdev);
3475
4aab14e5 3476 switch (hdev->discovery.type) {
f39799f5 3477 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3478 status = mgmt_bredr_support(hdev);
3479 if (status) {
04106755 3480 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3481 status);
04106755
JH		 3482 mgmt_pending_remove(cmd);
3483 goto failed;
3484 }
3485
7c307720
AG		 3486 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3487 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3488 MGMT_STATUS_BUSY);
3489 mgmt_pending_remove(cmd);
3490 goto failed;
3491 }
3492
3493 hci_inquiry_cache_flush(hdev);
3494
3495 memset(&inq_cp, 0, sizeof(inq_cp));
3496 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3497 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3498 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3499 break;
3500
3501 case DISCOV_TYPE_LE:
7c307720 3502 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3503 status = mgmt_le_support(hdev);
3504 if (status) {
04106755 3505 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3506 status);
04106755
JH		 3507 mgmt_pending_remove(cmd);
3508 goto failed;
3509 }
3510
7c307720 3511 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3512 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3513 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3514 MGMT_STATUS_NOT_SUPPORTED);
3515 mgmt_pending_remove(cmd);
3516 goto failed;
3517 }
3518
f3d3444a 3519 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3520 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3521 MGMT_STATUS_REJECTED);
3522 mgmt_pending_remove(cmd);
3523 goto failed;
3524 }
3525
c54c3860
AG		 3526 /* If controller is scanning, it means the background scanning
3527 * is running. Thus, we should temporarily stop it in order to
3528 * set the discovery scanning parameters.
3529 */
3530 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3531 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3532
3533 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3534
94b1fc92
MH		 3535 /* All active scans will be done with either a resolvable
3536 * private address (when privacy feature has been enabled)
3537 * or unresolvable private address.
3538 */
3539 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3540 if (err < 0) {
3541 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3542 MGMT_STATUS_FAILED);
3543 mgmt_pending_remove(cmd);
3544 goto failed;
3545 }
3546
7c307720 3547 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3548 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3549 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3550 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3551 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3552 &param_cp);
3553
3554 memset(&enable_cp, 0, sizeof(enable_cp));
3555 enable_cp.enable = LE_SCAN_ENABLE;
3556 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3557 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3558 &enable_cp);
5e0452c0
AG		 3559 break;
3560
f39799f5 3561 default:
04106755
JH		 3562 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3563 MGMT_STATUS_INVALID_PARAMS);
3564 mgmt_pending_remove(cmd);
3565 goto failed;
f39799f5 3566 }
3fd24153 3567
7c307720 3568 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3569 if (err < 0)
3570 mgmt_pending_remove(cmd);
ff9ef578
JH		 3571 else
3572 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3573
3574failed:
09fd0de5 3575 hci_dev_unlock(hdev);
14a53664
JH		 3576 return err;
3577}
3578
1183fdca
AG		 3579static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3580{
3581 struct pending_cmd *cmd;
3582 int err;
3583
3584 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3585 if (!cmd)
3586 return -ENOENT;
3587
3588 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3589 &hdev->discovery.type, sizeof(hdev->discovery.type));
3590 mgmt_pending_remove(cmd);
3591
3592 return err;
3593}
3594
0e05bba6
AG		 3595static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3596{
3597 BT_DBG("status %d", status);
3598
3599 hci_dev_lock(hdev);
3600
3601 if (status) {
3602 mgmt_stop_discovery_failed(hdev, status);
3603 goto unlock;
3604 }
3605
3606 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3607
3608unlock:
3609 hci_dev_unlock(hdev);
3610}
3611
bdb6d971 3612static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3613 u16 len)
14a53664 3614{
d930650b 3615 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3616 struct pending_cmd *cmd;
0e05bba6 3617 struct hci_request req;
14a53664
JH		 3618 int err;
3619
bdb6d971 3620 BT_DBG("%s", hdev->name);
14a53664 3621
09fd0de5 3622 hci_dev_lock(hdev);
14a53664 3623
30dc78e1 3624 if (!hci_discovery_active(hdev)) {
bdb6d971 3625 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3626 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3627 sizeof(mgmt_cp->type));
d930650b
JH		 3628 goto unlock;
3629 }
3630
3631 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3632 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3633 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3634 sizeof(mgmt_cp->type));
30dc78e1 3635 goto unlock;
ff9ef578
JH		 3636 }
3637
2e58ef3e 3638 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3639 if (!cmd) {
3640 err = -ENOMEM;
30dc78e1
JH		 3641 goto unlock;
3642 }
3643
0e05bba6
AG		 3644 hci_req_init(&req, hdev);
3645
21a60d30 3646 hci_stop_discovery(&req);
e0d9727e 3647
21a60d30
JH		 3648 err = hci_req_run(&req, stop_discovery_complete);
3649 if (!err) {
3650 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3651 goto unlock;
14a53664
JH		 3652 }
3653
21a60d30
JH		 3654 mgmt_pending_remove(cmd);
3655
3656 /* If no HCI commands were sent we're done */
3657 if (err == -ENODATA) {
3658 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3659 &mgmt_cp->type, sizeof(mgmt_cp->type));
3660 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3661 }
14a53664 3662
30dc78e1 3663unlock:
09fd0de5 3664 hci_dev_unlock(hdev);
14a53664
JH		 3665 return err;
3666}
3667
bdb6d971 3668static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3669 u16 len)
561aafbc 3670{
650f726d 3671 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3672 struct inquiry_entry *e;
561aafbc
JH		 3673 int err;
3674
bdb6d971 3675 BT_DBG("%s", hdev->name);
561aafbc 3676
561aafbc
JH		 3677 hci_dev_lock(hdev);
3678
30dc78e1 3679 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3680 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3681 MGMT_STATUS_FAILED, &cp->addr,
3682 sizeof(cp->addr));
30dc78e1
JH		 3683 goto failed;
3684 }
3685
a198e7b1 3686 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3687 if (!e) {
d3a2541d
LR		 3688 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3689 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3690 sizeof(cp->addr));
561aafbc
JH		 3691 goto failed;
3692 }
3693
3694 if (cp->name_known) {
3695 e->name_state = NAME_KNOWN;
3696 list_del(&e->list);
3697 } else {
3698 e->name_state = NAME_NEEDED;
a3d4e20a 3699 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3700 }
3701
e384662b
JH		 3702 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3703 sizeof(cp->addr));
561aafbc
JH		 3704
3705failed:
3706 hci_dev_unlock(hdev);
561aafbc
JH		 3707 return err;
3708}
3709
bdb6d971 3710static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3711 u16 len)
7fbec224 3712{
650f726d 3713 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3714 u8 status;
7fbec224
AJ		 3715 int err;
3716
bdb6d971 3717 BT_DBG("%s", hdev->name);
7fbec224 3718
4ee71b20 3719 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3720 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3721 MGMT_STATUS_INVALID_PARAMS,
3722 &cp->addr, sizeof(cp->addr));
4ee71b20 3723
09fd0de5 3724 hci_dev_lock(hdev);
5e762444 3725
88c1fe4b 3726 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3727 if (err < 0)
f0eeea8b 3728 status = MGMT_STATUS_FAILED;
7fbec224 3729 else
a6785be2 3730 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3731
bdb6d971 3732 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3733 &cp->addr, sizeof(cp->addr));
5e762444 3734
09fd0de5 3735 hci_dev_unlock(hdev);
7fbec224
AJ		 3736
3737 return err;
3738}
3739
bdb6d971 3740static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3741 u16 len)
7fbec224 3742{
650f726d 3743 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3744 u8 status;
7fbec224
AJ		 3745 int err;
3746
bdb6d971 3747 BT_DBG("%s", hdev->name);
7fbec224 3748
4ee71b20 3749 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3750 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3751 MGMT_STATUS_INVALID_PARAMS,
3752 &cp->addr, sizeof(cp->addr));
4ee71b20 3753
09fd0de5 3754 hci_dev_lock(hdev);
5e762444 3755
88c1fe4b 3756 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3757 if (err < 0)
f0eeea8b 3758 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3759 else
a6785be2 3760 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3761
bdb6d971 3762 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3763 &cp->addr, sizeof(cp->addr));
5e762444 3764
09fd0de5 3765 hci_dev_unlock(hdev);
7fbec224
AJ		 3766
3767 return err;
3768}
3769
cdbaccca
MH		 3770static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3771 u16 len)
3772{
3773 struct mgmt_cp_set_device_id *cp = data;
890ea898 3774 struct hci_request req;
cdbaccca 3775 int err;
c72d4b8a 3776 __u16 source;
cdbaccca
MH		 3777
3778 BT_DBG("%s", hdev->name);
3779
c72d4b8a
SJ		 3780 source = __le16_to_cpu(cp->source);
3781
3782 if (source > 0x0002)
3783 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3784 MGMT_STATUS_INVALID_PARAMS);
3785
cdbaccca
MH		 3786 hci_dev_lock(hdev);
3787
c72d4b8a 3788 hdev->devid_source = source;
cdbaccca
MH		 3789 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3790 hdev->devid_product = __le16_to_cpu(cp->product);
3791 hdev->devid_version = __le16_to_cpu(cp->version);
3792
3793 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3794
890ea898
JH		 3795 hci_req_init(&req, hdev);
3796 update_eir(&req);
3797 hci_req_run(&req, NULL);
cdbaccca
MH		 3798
3799 hci_dev_unlock(hdev);
3800
3801 return err;
3802}
3803
4375f103
JH		 3804static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3805{
3806 struct cmd_lookup match = { NULL, hdev };
3807
3808 if (status) {
3809 u8 mgmt_err = mgmt_status(status);
3810
3811 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3812 cmd_status_rsp, &mgmt_err);
3813 return;
3814 }
3815
3816 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3817 &match);
3818
3819 new_settings(hdev, match.sk);
3820
3821 if (match.sk)
3822 sock_put(match.sk);
3823}
3824
21b5187f
MH		 3825static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3826 u16 len)
4375f103
JH		 3827{
3828 struct mgmt_mode *cp = data;
3829 struct pending_cmd *cmd;
3830 struct hci_request req;
e6fe7986 3831 u8 val, enabled, status;
4375f103
JH		 3832 int err;
3833
3834 BT_DBG("request for %s", hdev->name);
3835
e6fe7986
JH		 3836 status = mgmt_le_support(hdev);
3837 if (status)
4375f103 3838 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3839 status);
4375f103
JH		 3840
3841 if (cp->val != 0x00 && cp->val != 0x01)
3842 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3843 MGMT_STATUS_INVALID_PARAMS);
3844
3845 hci_dev_lock(hdev);
3846
3847 val = !!cp->val;
f3d3444a 3848 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3849
f74ca9b8
JH		 3850 /* The following conditions are ones which mean that we should
3851 * not do any HCI communication but directly send a mgmt
3852 * response to user space (after toggling the flag if
3853 * necessary).
3854 */
3855 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3856 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3857 bool changed = false;
3858
f3d3444a
JH		 3859 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3860 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3861 changed = true;
3862 }
3863
3864 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3865 if (err < 0)
3866 goto unlock;
3867
3868 if (changed)
3869 err = new_settings(hdev, sk);
3870
3871 goto unlock;
3872 }
3873
3874 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3875 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3876 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3877 MGMT_STATUS_BUSY);
3878 goto unlock;
3879 }
3880
3881 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3882 if (!cmd) {
3883 err = -ENOMEM;
3884 goto unlock;
3885 }
3886
3887 hci_req_init(&req, hdev);
3888
bba3aa55
MH		 3889 if (val)
3890 enable_advertising(&req);
3891 else
3892 disable_advertising(&req);
4375f103
JH		 3893
3894 err = hci_req_run(&req, set_advertising_complete);
3895 if (err < 0)
3896 mgmt_pending_remove(cmd);
3897
3898unlock:
3899 hci_dev_unlock(hdev);
3900 return err;
3901}
3902
d13eafce
MH		 3903static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3904 void *data, u16 len)
3905{
3906 struct mgmt_cp_set_static_address *cp = data;
3907 int err;
3908
3909 BT_DBG("%s", hdev->name);
3910
62af4443 3911 if (!lmp_le_capable(hdev))
d13eafce 3912 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3913 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3914
3915 if (hdev_is_powered(hdev))
3916 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3917 MGMT_STATUS_REJECTED);
3918
3919 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3920 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3921 return cmd_status(sk, hdev->id,
3922 MGMT_OP_SET_STATIC_ADDRESS,
3923 MGMT_STATUS_INVALID_PARAMS);
3924
3925 /* Two most significant bits shall be set */
3926 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3927 return cmd_status(sk, hdev->id,
3928 MGMT_OP_SET_STATIC_ADDRESS,
3929 MGMT_STATUS_INVALID_PARAMS);
3930 }
3931
3932 hci_dev_lock(hdev);
3933
3934 bacpy(&hdev->static_addr, &cp->bdaddr);
3935
3936 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3937
3938 hci_dev_unlock(hdev);
3939
3940 return err;
3941}
3942
14b49b9a
MH		 3943static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3944 void *data, u16 len)
3945{
3946 struct mgmt_cp_set_scan_params *cp = data;
3947 __u16 interval, window;
3948 int err;
3949
3950 BT_DBG("%s", hdev->name);
3951
3952 if (!lmp_le_capable(hdev))
3953 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3954 MGMT_STATUS_NOT_SUPPORTED);
3955
3956 interval = __le16_to_cpu(cp->interval);
3957
3958 if (interval < 0x0004 || interval > 0x4000)
3959 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3960 MGMT_STATUS_INVALID_PARAMS);
3961
3962 window = __le16_to_cpu(cp->window);
3963
3964 if (window < 0x0004 || window > 0x4000)
3965 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3966 MGMT_STATUS_INVALID_PARAMS);
3967
899e1075
MH		 3968 if (window > interval)
3969 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3970 MGMT_STATUS_INVALID_PARAMS);
3971
14b49b9a
MH		 3972 hci_dev_lock(hdev);
3973
3974 hdev->le_scan_interval = interval;
3975 hdev->le_scan_window = window;
3976
3977 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3978
dd2ef8e2
AG		 3979 /* If background scan is running, restart it so new parameters are
3980 * loaded.
3981 */
3982 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3983 hdev->discovery.state == DISCOVERY_STOPPED) {
3984 struct hci_request req;
3985
3986 hci_req_init(&req, hdev);
3987
3988 hci_req_add_le_scan_disable(&req);
3989 hci_req_add_le_passive_scan(&req);
3990
3991 hci_req_run(&req, NULL);
3992 }
3993
14b49b9a
MH		 3994 hci_dev_unlock(hdev);
3995
3996 return err;
3997}
3998
33e38b3e
JH		 3999static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4000{
4001 struct pending_cmd *cmd;
4002
4003 BT_DBG("status 0x%02x", status);
4004
4005 hci_dev_lock(hdev);
4006
4007 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4008 if (!cmd)
4009 goto unlock;
4010
4011 if (status) {
4012 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4013 mgmt_status(status));
4014 } else {
1a4d3c4b
JH		 4015 struct mgmt_mode *cp = cmd->param;
4016
4017 if (cp->val)
4018 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4019 else
4020 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4021
33e38b3e
JH		 4022 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4023 new_settings(hdev, cmd->sk);
4024 }
4025
4026 mgmt_pending_remove(cmd);
4027
4028unlock:
4029 hci_dev_unlock(hdev);
4030}
4031
bdb6d971 4032static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4033 void *data, u16 len)
f6422ec6 4034{
650f726d 4035 struct mgmt_mode *cp = data;
33e38b3e
JH		 4036 struct pending_cmd *cmd;
4037 struct hci_request req;
f6422ec6
AJ		 4038 int err;
4039
bdb6d971 4040 BT_DBG("%s", hdev->name);
f6422ec6 4041
56f87901
JH		 4042 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4043 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4044 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4045 MGMT_STATUS_NOT_SUPPORTED);
4046
a7e80f25
JH		 4047 if (cp->val != 0x00 && cp->val != 0x01)
4048 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4049 MGMT_STATUS_INVALID_PARAMS);
4050
5400c044 4051 if (!hdev_is_powered(hdev))
bdb6d971 4052 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4053 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4054
4055 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4056 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4057 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4058
4059 hci_dev_lock(hdev);
4060
05cbf29f
JH		 4061 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4062 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4063 MGMT_STATUS_BUSY);
4064 goto unlock;
4065 }
4066
1a4d3c4b
JH		 4067 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4068 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4069 hdev);
4070 goto unlock;
4071 }
4072
33e38b3e
JH		 4073 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4074 data, len);
4075 if (!cmd) {
4076 err = -ENOMEM;
4077 goto unlock;
f6422ec6
AJ		 4078 }
4079
33e38b3e
JH		 4080 hci_req_init(&req, hdev);
4081
406d7804 4082 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4083
4084 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4085 if (err < 0) {
bdb6d971 4086 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4087 MGMT_STATUS_FAILED);
33e38b3e 4088 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4089 }
4090
33e38b3e 4091unlock:
f6422ec6 4092 hci_dev_unlock(hdev);
33e38b3e 4093
f6422ec6
AJ		 4094 return err;
4095}
4096
67e5a7a3
JH		 4097static void set_bredr_scan(struct hci_request *req)
4098{
4099 struct hci_dev *hdev = req->hdev;
4100 u8 scan = 0;
4101
4102 /* Ensure that fast connectable is disabled. This function will
4103 * not do anything if the page scan parameters are already what
4104 * they should be.
4105 */
4106 write_fast_connectable(req, false);
4107
4108 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4109 scan |= SCAN_PAGE;
4110 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4111 scan |= SCAN_INQUIRY;
4112
4113 if (scan)
4114 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4115}
4116
0663ca2a
JH		 4117static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4118{
4119 struct pending_cmd *cmd;
4120
4121 BT_DBG("status 0x%02x", status);
4122
4123 hci_dev_lock(hdev);
4124
4125 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4126 if (!cmd)
4127 goto unlock;
4128
4129 if (status) {
4130 u8 mgmt_err = mgmt_status(status);
4131
4132 /* We need to restore the flag if related HCI commands
4133 * failed.
4134 */
4135 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4136
4137 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4138 } else {
4139 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4140 new_settings(hdev, cmd->sk);
4141 }
4142
4143 mgmt_pending_remove(cmd);
4144
4145unlock:
4146 hci_dev_unlock(hdev);
4147}
4148
4149static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4150{
4151 struct mgmt_mode *cp = data;
4152 struct pending_cmd *cmd;
4153 struct hci_request req;
4154 int err;
4155
4156 BT_DBG("request for %s", hdev->name);
4157
4158 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4159 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4160 MGMT_STATUS_NOT_SUPPORTED);
4161
4162 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4163 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4164 MGMT_STATUS_REJECTED);
4165
4166 if (cp->val != 0x00 && cp->val != 0x01)
4167 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4168 MGMT_STATUS_INVALID_PARAMS);
4169
4170 hci_dev_lock(hdev);
4171
4172 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4173 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4174 goto unlock;
4175 }
4176
4177 if (!hdev_is_powered(hdev)) {
4178 if (!cp->val) {
0663ca2a
JH		 4179 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4180 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4181 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4182 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4183 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4184 }
4185
4186 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4187
4188 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4189 if (err < 0)
4190 goto unlock;
4191
4192 err = new_settings(hdev, sk);
4193 goto unlock;
4194 }
4195
4196 /* Reject disabling when powered on */
4197 if (!cp->val) {
4198 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4199 MGMT_STATUS_REJECTED);
4200 goto unlock;
4201 }
4202
4203 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4204 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4205 MGMT_STATUS_BUSY);
4206 goto unlock;
4207 }
4208
4209 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4210 if (!cmd) {
4211 err = -ENOMEM;
4212 goto unlock;
4213 }
4214
5947f4bc 4215 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4216 * generates the correct flags.
4217 */
4218 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4219
4220 hci_req_init(&req, hdev);
aa8af46e
JH		 4221
4222 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4223 set_bredr_scan(&req);
4224
f14d8f64
MH		 4225 /* Since only the advertising data flags will change, there
4226 * is no need to update the scan response data.
4227 */
5947f4bc 4228 update_adv_data(&req);
aa8af46e 4229
0663ca2a
JH		 4230 err = hci_req_run(&req, set_bredr_complete);
4231 if (err < 0)
4232 mgmt_pending_remove(cmd);
4233
4234unlock:
4235 hci_dev_unlock(hdev);
4236 return err;
4237}
4238
eac83dc6
MH		 4239static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4240 void *data, u16 len)
4241{
4242 struct mgmt_mode *cp = data;
4243 struct pending_cmd *cmd;
0ab04a9c 4244 u8 val, status;
eac83dc6
MH		 4245 int err;
4246
4247 BT_DBG("request for %s", hdev->name);
4248
4249 status = mgmt_bredr_support(hdev);
4250 if (status)
4251 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4252 status);
4253
5afeac14
MH		 4254 if (!lmp_sc_capable(hdev) &&
4255 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4256 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4257 MGMT_STATUS_NOT_SUPPORTED);
4258
0ab04a9c 4259 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4260 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4261 MGMT_STATUS_INVALID_PARAMS);
4262
4263 hci_dev_lock(hdev);
4264
4265 if (!hdev_is_powered(hdev)) {
4266 bool changed;
4267
0ab04a9c 4268 if (cp->val) {
eac83dc6
MH		 4269 changed = !test_and_set_bit(HCI_SC_ENABLED,
4270 &hdev->dev_flags);
0ab04a9c
MH		 4271 if (cp->val == 0x02)
4272 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4273 else
4274 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4275 } else {
eac83dc6
MH		 4276 changed = test_and_clear_bit(HCI_SC_ENABLED,
4277 &hdev->dev_flags);
0ab04a9c
MH		 4278 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4279 }
eac83dc6
MH		 4280
4281 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4282 if (err < 0)
4283 goto failed;
4284
4285 if (changed)
4286 err = new_settings(hdev, sk);
4287
4288 goto failed;
4289 }
4290
4291 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4292 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4293 MGMT_STATUS_BUSY);
4294 goto failed;
4295 }
4296
0ab04a9c
MH		 4297 val = !!cp->val;
4298
4299 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4300 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4301 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4302 goto failed;
4303 }
4304
4305 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4306 if (!cmd) {
4307 err = -ENOMEM;
4308 goto failed;
4309 }
4310
0ab04a9c 4311 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4312 if (err < 0) {
4313 mgmt_pending_remove(cmd);
4314 goto failed;
4315 }
4316
0ab04a9c
MH		 4317 if (cp->val == 0x02)
4318 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4319 else
4320 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4321
eac83dc6
MH		 4322failed:
4323 hci_dev_unlock(hdev);
4324 return err;
4325}
4326
4e39ac81
MH		 4327static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4328 void *data, u16 len)
4329{
4330 struct mgmt_mode *cp = data;
4331 bool changed;
4332 int err;
4333
4334 BT_DBG("request for %s", hdev->name);
4335
4336 if (cp->val != 0x00 && cp->val != 0x01)
4337 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4338 MGMT_STATUS_INVALID_PARAMS);
4339
4340 hci_dev_lock(hdev);
4341
4342 if (cp->val)
4343 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4344 else
4345 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4346
4347 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4348 if (err < 0)
4349 goto unlock;
4350
4351 if (changed)
4352 err = new_settings(hdev, sk);
4353
4354unlock:
4355 hci_dev_unlock(hdev);
4356 return err;
4357}
4358
62b04cd1
JH		 4359static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4360 u16 len)
4361{
4362 struct mgmt_cp_set_privacy *cp = cp_data;
4363 bool changed;
4364 int err;
4365
4366 BT_DBG("request for %s", hdev->name);
4367
4368 if (!lmp_le_capable(hdev))
4369 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4370 MGMT_STATUS_NOT_SUPPORTED);
4371
4372 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4373 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4374 MGMT_STATUS_INVALID_PARAMS);
4375
4376 if (hdev_is_powered(hdev))
4377 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4378 MGMT_STATUS_REJECTED);
4379
4380 hci_dev_lock(hdev);
4381
c21c0ea0
JH		 4382 /* If user space supports this command it is also expected to
4383 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4384 */
4385 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4386
62b04cd1
JH		 4387 if (cp->privacy) {
4388 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4389 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4390 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4391 } else {
4392 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4393 memset(hdev->irk, 0, sizeof(hdev->irk));
4394 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4395 }
4396
4397 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4398 if (err < 0)
4399 goto unlock;
4400
4401 if (changed)
4402 err = new_settings(hdev, sk);
4403
4404unlock:
4405 hci_dev_unlock(hdev);
4406 return err;
4407}
4408
41edf160
JH		 4409static bool irk_is_valid(struct mgmt_irk_info *irk)
4410{
4411 switch (irk->addr.type) {
4412 case BDADDR_LE_PUBLIC:
4413 return true;
4414
4415 case BDADDR_LE_RANDOM:
4416 /* Two most significant bits shall be set */
4417 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4418 return false;
4419 return true;
4420 }
4421
4422 return false;
4423}
4424
4425static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4426 u16 len)
4427{
4428 struct mgmt_cp_load_irks *cp = cp_data;
4429 u16 irk_count, expected_len;
4430 int i, err;
4431
4432 BT_DBG("request for %s", hdev->name);
4433
4434 if (!lmp_le_capable(hdev))
4435 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4436 MGMT_STATUS_NOT_SUPPORTED);
4437
4438 irk_count = __le16_to_cpu(cp->irk_count);
4439
4440 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4441 if (expected_len != len) {
4442 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4443 expected_len, len);
41edf160
JH		 4444 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4445 MGMT_STATUS_INVALID_PARAMS);
4446 }
4447
4448 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4449
4450 for (i = 0; i < irk_count; i++) {
4451 struct mgmt_irk_info *key = &cp->irks[i];
4452
4453 if (!irk_is_valid(key))
4454 return cmd_status(sk, hdev->id,
4455 MGMT_OP_LOAD_IRKS,
4456 MGMT_STATUS_INVALID_PARAMS);
4457 }
4458
4459 hci_dev_lock(hdev);
4460
4461 hci_smp_irks_clear(hdev);
4462
4463 for (i = 0; i < irk_count; i++) {
4464 struct mgmt_irk_info *irk = &cp->irks[i];
4465 u8 addr_type;
4466
4467 if (irk->addr.type == BDADDR_LE_PUBLIC)
4468 addr_type = ADDR_LE_DEV_PUBLIC;
4469 else
4470 addr_type = ADDR_LE_DEV_RANDOM;
4471
4472 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4473 BDADDR_ANY);
4474 }
4475
4476 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4477
4478 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4479
4480 hci_dev_unlock(hdev);
4481
4482 return err;
4483}
4484
3f706b72
JH		 4485static bool ltk_is_valid(struct mgmt_ltk_info *key)
4486{
4487 if (key->master != 0x00 && key->master != 0x01)
4488 return false;
490cb0b3
MH		 4489
4490 switch (key->addr.type) {
4491 case BDADDR_LE_PUBLIC:
4492 return true;
4493
4494 case BDADDR_LE_RANDOM:
4495 /* Two most significant bits shall be set */
4496 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4497 return false;
4498 return true;
4499 }
4500
4501 return false;
3f706b72
JH		 4502}
4503
bdb6d971 4504static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4505 void *cp_data, u16 len)
346af67b 4506{
346af67b
VCG		 4507 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4508 u16 key_count, expected_len;
715a5bf2 4509 int i, err;
346af67b 4510
cf99ba13
MH		 4511 BT_DBG("request for %s", hdev->name);
4512
4513 if (!lmp_le_capable(hdev))
4514 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4515 MGMT_STATUS_NOT_SUPPORTED);
4516
1f350c87 4517 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4518
4519 expected_len = sizeof(*cp) + key_count *
4520 sizeof(struct mgmt_ltk_info);
4521 if (expected_len != len) {
4522 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4523 expected_len, len);
bdb6d971 4524 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4525 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4526 }
4527
bdb6d971 4528 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4529
54ad6d8a
JH		 4530 for (i = 0; i < key_count; i++) {
4531 struct mgmt_ltk_info *key = &cp->keys[i];
4532
3f706b72 4533 if (!ltk_is_valid(key))
54ad6d8a
JH		 4534 return cmd_status(sk, hdev->id,
4535 MGMT_OP_LOAD_LONG_TERM_KEYS,
4536 MGMT_STATUS_INVALID_PARAMS);
4537 }
4538
346af67b
VCG		 4539 hci_dev_lock(hdev);
4540
4541 hci_smp_ltks_clear(hdev);
4542
4543 for (i = 0; i < key_count; i++) {
4544 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4545 u8 type, addr_type, authenticated;
79d95a19
MH		 4546
4547 if (key->addr.type == BDADDR_LE_PUBLIC)
4548 addr_type = ADDR_LE_DEV_PUBLIC;
4549 else
4550 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4551
4552 if (key->master)
4553 type = HCI_SMP_LTK;
4554 else
4555 type = HCI_SMP_LTK_SLAVE;
4556
61b43357
JH		 4557 switch (key->type) {
4558 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4559 authenticated = 0x00;
61b43357
JH		 4560 break;
4561 case MGMT_LTK_AUTHENTICATED:
d7b25450 4562 authenticated = 0x01;
61b43357
JH		 4563 break;
4564 default:
4565 continue;
4566 }
d7b25450 4567
35d70271 4568 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4569 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4570 key->rand);
346af67b
VCG		 4571 }
4572
715a5bf2
JH		 4573 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4574 NULL, 0);
4575
346af67b 4576 hci_dev_unlock(hdev);
346af67b 4577
715a5bf2 4578 return err;
346af67b
VCG		 4579}
4580
dd983808
AK		 4581struct cmd_conn_lookup {
4582 struct hci_conn *conn;
4583 bool valid_tx_power;
4584 u8 mgmt_status;
4585};
4586
4587static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4588{
4589 struct cmd_conn_lookup *match = data;
4590 struct mgmt_cp_get_conn_info *cp;
4591 struct mgmt_rp_get_conn_info rp;
4592 struct hci_conn *conn = cmd->user_data;
4593
4594 if (conn != match->conn)
4595 return;
4596
4597 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4598
4599 memset(&rp, 0, sizeof(rp));
4600 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4601 rp.addr.type = cp->addr.type;
4602
4603 if (!match->mgmt_status) {
4604 rp.rssi = conn->rssi;
4605
eed5daf3 4606 if (match->valid_tx_power) {
dd983808 4607 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4608 rp.max_tx_power = conn->max_tx_power;
4609 } else {
dd983808 4610 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4611 rp.max_tx_power = HCI_TX_POWER_INVALID;
4612 }
dd983808
AK		 4613 }
4614
4615 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4616 match->mgmt_status, &rp, sizeof(rp));
4617
4618 hci_conn_drop(conn);
4619
4620 mgmt_pending_remove(cmd);
4621}
4622
4623static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4624{
4625 struct hci_cp_read_rssi *cp;
4626 struct hci_conn *conn;
4627 struct cmd_conn_lookup match;
4628 u16 handle;
4629
4630 BT_DBG("status 0x%02x", status);
4631
4632 hci_dev_lock(hdev);
4633
4634 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4635 * otherwise we assume it's not valid. At the moment we assume that
4636 * either both or none of current and max values are valid to keep code
4637 * simple.
dd983808
AK		 4638 */
4639 match.valid_tx_power = !status;
4640
4641 /* Commands sent in request are either Read RSSI or Read Transmit Power
4642 * Level so we check which one was last sent to retrieve connection
4643 * handle. Both commands have handle as first parameter so it's safe to
4644 * cast data on the same command struct.
4645 *
4646 * First command sent is always Read RSSI and we fail only if it fails.
4647 * In other case we simply override error to indicate success as we
4648 * already remembered if TX power value is actually valid.
4649 */
4650 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4651 if (!cp) {
4652 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4653 status = 0;
4654 }
4655
4656 if (!cp) {
4657 BT_ERR("invalid sent_cmd in response");
4658 goto unlock;
4659 }
4660
4661 handle = __le16_to_cpu(cp->handle);
4662 conn = hci_conn_hash_lookup_handle(hdev, handle);
4663 if (!conn) {
4664 BT_ERR("unknown handle (%d) in response", handle);
4665 goto unlock;
4666 }
4667
4668 match.conn = conn;
4669 match.mgmt_status = mgmt_status(status);
4670
4671 /* Cache refresh is complete, now reply for mgmt request for given
4672 * connection only.
4673 */
4674 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4675 get_conn_info_complete, &match);
4676
4677unlock:
4678 hci_dev_unlock(hdev);
4679}
4680
4681static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4682 u16 len)
4683{
4684 struct mgmt_cp_get_conn_info *cp = data;
4685 struct mgmt_rp_get_conn_info rp;
4686 struct hci_conn *conn;
4687 unsigned long conn_info_age;
4688 int err = 0;
4689
4690 BT_DBG("%s", hdev->name);
4691
4692 memset(&rp, 0, sizeof(rp));
4693 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4694 rp.addr.type = cp->addr.type;
4695
4696 if (!bdaddr_type_is_valid(cp->addr.type))
4697 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4698 MGMT_STATUS_INVALID_PARAMS,
4699 &rp, sizeof(rp));
4700
4701 hci_dev_lock(hdev);
4702
4703 if (!hdev_is_powered(hdev)) {
4704 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4705 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4706 goto unlock;
4707 }
4708
4709 if (cp->addr.type == BDADDR_BREDR)
4710 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4711 &cp->addr.bdaddr);
4712 else
4713 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4714
4715 if (!conn || conn->state != BT_CONNECTED) {
4716 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4717 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4718 goto unlock;
4719 }
4720
4721 /* To avoid client trying to guess when to poll again for information we
4722 * calculate conn info age as random value between min/max set in hdev.
4723 */
4724 conn_info_age = hdev->conn_info_min_age +
4725 prandom_u32_max(hdev->conn_info_max_age -
4726 hdev->conn_info_min_age);
4727
4728 /* Query controller to refresh cached values if they are too old or were
4729 * never read.
4730 */
f4e2dd53
AK		 4731 if (time_after(jiffies, conn->conn_info_timestamp +
4732 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4733 !conn->conn_info_timestamp) {
4734 struct hci_request req;
4735 struct hci_cp_read_tx_power req_txp_cp;
4736 struct hci_cp_read_rssi req_rssi_cp;
4737 struct pending_cmd *cmd;
4738
4739 hci_req_init(&req, hdev);
4740 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4741 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4742 &req_rssi_cp);
4743
f7faab0c
AK		 4744 /* For LE links TX power does not change thus we don't need to
4745 * query for it once value is known.
4746 */
4747 if (!bdaddr_type_is_le(cp->addr.type) ||
4748 conn->tx_power == HCI_TX_POWER_INVALID) {
4749 req_txp_cp.handle = cpu_to_le16(conn->handle);
4750 req_txp_cp.type = 0x00;
4751 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4752 sizeof(req_txp_cp), &req_txp_cp);
4753 }
dd983808 4754
eed5daf3
AK		 4755 /* Max TX power needs to be read only once per connection */
4756 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4757 req_txp_cp.handle = cpu_to_le16(conn->handle);
4758 req_txp_cp.type = 0x01;
4759 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4760 sizeof(req_txp_cp), &req_txp_cp);
4761 }
4762
dd983808
AK		 4763 err = hci_req_run(&req, conn_info_refresh_complete);
4764 if (err < 0)
4765 goto unlock;
4766
4767 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4768 data, len);
4769 if (!cmd) {
4770 err = -ENOMEM;
4771 goto unlock;
4772 }
4773
4774 hci_conn_hold(conn);
4775 cmd->user_data = conn;
4776
4777 conn->conn_info_timestamp = jiffies;
4778 } else {
4779 /* Cache is valid, just reply with values cached in hci_conn */
4780 rp.rssi = conn->rssi;
4781 rp.tx_power = conn->tx_power;
eed5daf3 4782 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4783
4784 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4785 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4786 }
4787
4788unlock:
4789 hci_dev_unlock(hdev);
4790 return err;
4791}
4792
2e3c35ea 4793static const struct mgmt_handler {
04124681
GP		 4794 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4795 u16 data_len);
be22b54e
JH		 4796 bool var_len;
4797 size_t data_len;
0f4e68cf
JH		 4798} mgmt_handlers[] = {
4799 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4800 { read_version, false, MGMT_READ_VERSION_SIZE },
4801 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4802 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4803 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4804 { set_powered, false, MGMT_SETTING_SIZE },
4805 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4806 { set_connectable, false, MGMT_SETTING_SIZE },
4807 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4808 { set_pairable, false, MGMT_SETTING_SIZE },
4809 { set_link_security, false, MGMT_SETTING_SIZE },
4810 { set_ssp, false, MGMT_SETTING_SIZE },
4811 { set_hs, false, MGMT_SETTING_SIZE },
4812 { set_le, false, MGMT_SETTING_SIZE },
4813 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4814 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4815 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4816 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4817 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4818 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4819 { disconnect, false, MGMT_DISCONNECT_SIZE },
4820 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4821 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4822 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4823 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4824 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4825 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4826 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4827 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4828 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4829 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4830 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4831 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4832 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4833 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4834 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4835 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4836 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4837 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4838 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4839 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4840 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4841 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4842 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4843 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4844 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4845 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4846 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4847 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 4848 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
0f4e68cf
JH		 4849};
4850
4851
0381101f
JH		 4852int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4853{
650f726d
VCG		 4854 void *buf;
4855 u8 *cp;
0381101f 4856 struct mgmt_hdr *hdr;
4e51eae9 4857 u16 opcode, index, len;
bdb6d971 4858 struct hci_dev *hdev = NULL;
2e3c35ea 4859 const struct mgmt_handler *handler;
0381101f
JH		 4860 int err;
4861
4862 BT_DBG("got %zu bytes", msglen);
4863
4864 if (msglen < sizeof(*hdr))
4865 return -EINVAL;
4866
e63a15ec 4867 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4868 if (!buf)
4869 return -ENOMEM;
4870
4871 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4872 err = -EFAULT;
4873 goto done;
4874 }
4875
650f726d 4876 hdr = buf;
1f350c87
MH		 4877 opcode = __le16_to_cpu(hdr->opcode);
4878 index = __le16_to_cpu(hdr->index);
4879 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4880
4881 if (len != msglen - sizeof(*hdr)) {
4882 err = -EINVAL;
4883 goto done;
4884 }
4885
0f4e68cf 4886 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4887 hdev = hci_dev_get(index);
4888 if (!hdev) {
4889 err = cmd_status(sk, index, opcode,
04124681 4890 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4891 goto done;
4892 }
0736cfa8 4893
cebf4cfd
JH		 4894 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4895 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4896 err = cmd_status(sk, index, opcode,
4897 MGMT_STATUS_INVALID_INDEX);
4898 goto done;
4899 }
bdb6d971
JH		 4900 }
4901
0f4e68cf 4902 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4903 mgmt_handlers[opcode].func == NULL) {
0381101f 4904 BT_DBG("Unknown op %u", opcode);
ca69b795 4905 err = cmd_status(sk, index, opcode,
04124681 4906 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4907 goto done;
4908 }
4909
4910 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4911 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4912 err = cmd_status(sk, index, opcode,
04124681 4913 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4914 goto done;
0381101f
JH		 4915 }
4916
be22b54e
JH		 4917 handler = &mgmt_handlers[opcode];
4918
4919 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4920 (!handler->var_len && len != handler->data_len)) {
be22b54e 4921 err = cmd_status(sk, index, opcode,
04124681 4922 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4923 goto done;
4924 }
4925
0f4e68cf
JH		 4926 if (hdev)
4927 mgmt_init_hdev(sk, hdev);
4928
4929 cp = buf + sizeof(*hdr);
4930
be22b54e 4931 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4932 if (err < 0)
4933 goto done;
4934
0381101f
JH		 4935 err = msglen;
4936
4937done:
bdb6d971
JH		 4938 if (hdev)
4939 hci_dev_put(hdev);
4940
0381101f
JH		 4941 kfree(buf);
4942 return err;
4943}
c71e97bf 4944
bf6b56db 4945void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4946{
1514b892 4947 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4948 return;
bb4b2a9a 4949
bf6b56db 4950 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4951}
4952
bf6b56db 4953void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4954{
5f159032 4955 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4956
1514b892 4957 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4958 return;
bb4b2a9a 4959
744cf19e 4960 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4961
bf6b56db 4962 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4963}
4964
6046dc3e
AG		 4965/* This function requires the caller holds hdev->lock */
4966static void restart_le_auto_conns(struct hci_dev *hdev)
4967{
4968 struct hci_conn_params *p;
4969
4970 list_for_each_entry(p, &hdev->le_conn_params, list) {
4971 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4972 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4973 }
4974}
4975
229ab39c
JH		 4976static void powered_complete(struct hci_dev *hdev, u8 status)
4977{
4978 struct cmd_lookup match = { NULL, hdev };
4979
4980 BT_DBG("status 0x%02x", status);
4981
4982 hci_dev_lock(hdev);
4983
6046dc3e
AG		 4984 restart_le_auto_conns(hdev);
4985
229ab39c
JH		 4986 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4987
4988 new_settings(hdev, match.sk);
4989
4990 hci_dev_unlock(hdev);
4991
4992 if (match.sk)
4993 sock_put(match.sk);
4994}
4995
70da6243 4996static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4997{
890ea898 4998 struct hci_request req;
70da6243 4999 u8 link_sec;
5add6af8 5000
890ea898
JH		 5001 hci_req_init(&req, hdev);
5002
70da6243
JH		 5003 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5004 !lmp_host_ssp_capable(hdev)) {
5005 u8 ssp = 1;
5e5282bb 5006
890ea898 5007 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5008 }
5add6af8 5009
c73eee91
JH		 5010 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5011 lmp_bredr_capable(hdev)) {
70da6243 5012 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5013
70da6243
JH		 5014 cp.le = 1;
5015 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5016
70da6243
JH		 5017 /* Check first if we already have the right
5018 * host state (host features set)
5019 */
5020 if (cp.le != lmp_host_le_capable(hdev) ||
5021 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5022 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5023 sizeof(cp), &cp);
70da6243 5024 }
3d1cbdd6 5025
d13eafce 5026 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5027 /* Make sure the controller has a good default for
5028 * advertising data. This also applies to the case
5029 * where BR/EDR was toggled during the AUTO_OFF phase.
5030 */
f14d8f64 5031 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5032 update_adv_data(&req);
f14d8f64
MH		 5033 update_scan_rsp_data(&req);
5034 }
441ad2d0 5035
bba3aa55
MH		 5036 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5037 enable_advertising(&req);
eeca6f89
JH		 5038 }
5039
70da6243
JH		 5040 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5041 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5042 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5043 sizeof(link_sec), &link_sec);
562fcc24 5044
70da6243 5045 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5046 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5047 set_bredr_scan(&req);
890ea898 5048 update_class(&req);
13928971 5049 update_name(&req);
890ea898 5050 update_eir(&req);
70da6243 5051 }
562fcc24 5052
229ab39c 5053 return hci_req_run(&req, powered_complete);
70da6243 5054}
562fcc24 5055
70da6243
JH		 5056int mgmt_powered(struct hci_dev *hdev, u8 powered)
5057{
5058 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5059 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5060 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5061 int err;
f0ff92fb 5062
70da6243
JH		 5063 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5064 return 0;
5065
70da6243 5066 if (powered) {
229ab39c
JH		 5067 if (powered_update_hci(hdev) == 0)
5068 return 0;
fe038884 5069
229ab39c
JH		 5070 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5071 &match);
5072 goto new_settings;
b24752fe
JH		 5073 }
5074
229ab39c
JH		 5075 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5076 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5077
5078 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5079 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5080 zero_cod, sizeof(zero_cod), NULL);
5081
5082new_settings:
beadb2bd 5083 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5084
5085 if (match.sk)
5086 sock_put(match.sk);
5087
7bb895d6 5088 return err;
5add6af8 5089}
73f22f62 5090
3eec705e 5091void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5092{
5093 struct pending_cmd *cmd;
5094 u8 status;
5095
5096 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5097 if (!cmd)
3eec705e 5098 return;
96570ffc
JH		 5099
5100 if (err == -ERFKILL)
5101 status = MGMT_STATUS_RFKILLED;
5102 else
5103 status = MGMT_STATUS_FAILED;
5104
3eec705e 5105 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5106
5107 mgmt_pending_remove(cmd);
96570ffc
JH		 5108}
5109
d1967ff8
MH		 5110void mgmt_discoverable_timeout(struct hci_dev *hdev)
5111{
5112 struct hci_request req;
d1967ff8
MH		 5113
5114 hci_dev_lock(hdev);
5115
5116 /* When discoverable timeout triggers, then just make sure
5117 * the limited discoverable flag is cleared. Even in the case
5118 * of a timeout triggered from general discoverable, it is
5119 * safe to unconditionally clear the flag.
5120 */
5121 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5122 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5123
5124 hci_req_init(&req, hdev);
4b580614
JH		 5125 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5126 u8 scan = SCAN_PAGE;
5127 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5128 sizeof(scan), &scan);
5129 }
d1967ff8 5130 update_class(&req);
9a43e25f 5131 update_adv_data(&req);
d1967ff8
MH		 5132 hci_req_run(&req, NULL);
5133
5134 hdev->discov_timeout = 0;
5135
9a43e25f
JH		 5136 new_settings(hdev, NULL);
5137
d1967ff8
MH		 5138 hci_dev_unlock(hdev);
5139}
5140
86a75645 5141void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5142{
86a75645 5143 bool changed;
73f22f62 5144
bfaf8c9f
JH		 5145 /* Nothing needed here if there's a pending command since that
5146 * commands request completion callback takes care of everything
5147 * necessary.
5148 */
5149 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5150 return;
bfaf8c9f 5151
bd107999
JH		 5152 /* Powering off may clear the scan mode - don't let that interfere */
5153 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5154 return;
5155
9a43e25f 5156 if (discoverable) {
86a75645 5157 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5158 } else {
5159 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5160 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5161 }
5162
5163 if (changed) {
5164 struct hci_request req;
5165
5166 /* In case this change in discoverable was triggered by
5167 * a disabling of connectable there could be a need to
5168 * update the advertising flags.
5169 */
5170 hci_req_init(&req, hdev);
5171 update_adv_data(&req);
5172 hci_req_run(&req, NULL);
73f22f62 5173
86a75645 5174 new_settings(hdev, NULL);
9a43e25f 5175 }
73f22f62 5176}
9fbcbb45 5177
a330916c 5178void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5179{
a330916c 5180 bool changed;
9fbcbb45 5181
d7b856f9
JH		 5182 /* Nothing needed here if there's a pending command since that
5183 * commands request completion callback takes care of everything
5184 * necessary.
5185 */
5186 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5187 return;
d7b856f9 5188
ce3f24cf
JH		 5189 /* Powering off may clear the scan mode - don't let that interfere */
5190 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5191 return;
5192
a330916c
MH		 5193 if (connectable)
5194 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5195 else
5196 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5197
beadb2bd 5198 if (changed)
a330916c 5199 new_settings(hdev, NULL);
9fbcbb45 5200}
55ed8ca1 5201
778b235a
JH		 5202void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5203{
7c4cfab8
JH		 5204 /* Powering off may stop advertising - don't let that interfere */
5205 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5206 return;
5207
778b235a
JH		 5208 if (advertising)
5209 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5210 else
5211 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5212}
5213
4796e8af 5214void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5215{
ca69b795
JH		 5216 u8 mgmt_err = mgmt_status(status);
5217
2d7cee58 5218 if (scan & SCAN_PAGE)
744cf19e 5219 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5220 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5221
5222 if (scan & SCAN_INQUIRY)
744cf19e 5223 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5224 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5225}
5226
dc4a5ee2
MH		 5227void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5228 bool persistent)
55ed8ca1 5229{
86742e1e 5230 struct mgmt_ev_new_link_key ev;
55ed8ca1 5231
a492cd52 5232 memset(&ev, 0, sizeof(ev));
55ed8ca1 5233
a492cd52 5234 ev.store_hint = persistent;
d753fdc4 5235 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5236 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5237 ev.key.type = key->type;
9b3b4460 5238 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5239 ev.key.pin_len = key->pin_len;
55ed8ca1 5240
dc4a5ee2 5241 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5242}
f7520543 5243
d7b25450
JH		 5244static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5245{
5246 if (ltk->authenticated)
5247 return MGMT_LTK_AUTHENTICATED;
5248
5249 return MGMT_LTK_UNAUTHENTICATED;
5250}
5251
53ac6ab6 5252void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5253{
5254 struct mgmt_ev_new_long_term_key ev;
5255
5256 memset(&ev, 0, sizeof(ev));
5257
5192d301
MH		 5258 /* Devices using resolvable or non-resolvable random addresses
5259 * without providing an indentity resolving key don't require
5260 * to store long term keys. Their addresses will change the
5261 * next time around.
5262 *
5263 * Only when a remote device provides an identity address
5264 * make sure the long term key is stored. If the remote
5265 * identity is known, the long term keys are internally
5266 * mapped to the identity address. So allow static random
5267 * and public addresses here.
5268 */
ba74b666
JH		 5269 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5270 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5271 ev.store_hint = 0x00;
5272 else
53ac6ab6 5273 ev.store_hint = persistent;
ba74b666 5274
346af67b 5275 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5276 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5277 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5278 ev.key.enc_size = key->enc_size;
5279 ev.key.ediv = key->ediv;
fe39c7b2 5280 ev.key.rand = key->rand;
346af67b
VCG		 5281
5282 if (key->type == HCI_SMP_LTK)
5283 ev.key.master = 1;
5284
346af67b
VCG		 5285 memcpy(ev.key.val, key->val, sizeof(key->val));
5286
083368f7 5287 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5288}
5289
95fbac8a
JH		 5290void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5291{
5292 struct mgmt_ev_new_irk ev;
5293
5294 memset(&ev, 0, sizeof(ev));
5295
bab6d1e5
MH		 5296 /* For identity resolving keys from devices that are already
5297 * using a public address or static random address, do not
5298 * ask for storing this key. The identity resolving key really
5299 * is only mandatory for devices using resovlable random
5300 * addresses.
5301 *
5302 * Storing all identity resolving keys has the downside that
5303 * they will be also loaded on next boot of they system. More
5304 * identity resolving keys, means more time during scanning is
5305 * needed to actually resolve these addresses.
5306 */
5307 if (bacmp(&irk->rpa, BDADDR_ANY))
5308 ev.store_hint = 0x01;
5309 else
5310 ev.store_hint = 0x00;
5311
95fbac8a
JH		 5312 bacpy(&ev.rpa, &irk->rpa);
5313 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5314 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5315 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5316
5317 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5318}
5319
53ac6ab6
MH		 5320void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5321 bool persistent)
7ee4ea36
MH		 5322{
5323 struct mgmt_ev_new_csrk ev;
5324
5325 memset(&ev, 0, sizeof(ev));
5326
5327 /* Devices using resolvable or non-resolvable random addresses
5328 * without providing an indentity resolving key don't require
5329 * to store signature resolving keys. Their addresses will change
5330 * the next time around.
5331 *
5332 * Only when a remote device provides an identity address
5333 * make sure the signature resolving key is stored. So allow
5334 * static random and public addresses here.
5335 */
5336 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5337 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5338 ev.store_hint = 0x00;
5339 else
53ac6ab6 5340 ev.store_hint = persistent;
7ee4ea36
MH		 5341
5342 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5343 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5344 ev.key.master = csrk->master;
5345 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5346
5347 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5348}
5349
94933991
MH		 5350static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5351 u8 data_len)
5352{
5353 eir[eir_len++] = sizeof(type) + data_len;
5354 eir[eir_len++] = type;
5355 memcpy(&eir[eir_len], data, data_len);
5356 eir_len += data_len;
5357
5358 return eir_len;
5359}
5360
ecd90ae7
MH		 5361void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5362 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5363 u8 *dev_class)
f7520543 5364{
b644ba33
JH		 5365 char buf[512];
5366 struct mgmt_ev_device_connected *ev = (void *) buf;
5367 u16 eir_len = 0;
f7520543 5368
b644ba33 5369 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5370 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5371
c95f0ba7 5372 ev->flags = __cpu_to_le32(flags);
08c79b61 5373
b644ba33
JH		 5374 if (name_len > 0)
5375 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5376 name, name_len);
b644ba33
JH		 5377
5378 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5379 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5380 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5381
eb55ef07 5382 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5383
ecd90ae7
MH		 5384 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5385 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5386}
5387
8962ee74
JH		 5388static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5389{
c68fb7ff 5390 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5391 struct sock **sk = data;
a38528f1 5392 struct mgmt_rp_disconnect rp;
8962ee74 5393
88c3df13
JH		 5394 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5395 rp.addr.type = cp->addr.type;
8962ee74 5396
aee9b218 5397 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5398 sizeof(rp));
8962ee74
JH		 5399
5400 *sk = cmd->sk;
5401 sock_hold(*sk);
5402
a664b5bc 5403 mgmt_pending_remove(cmd);
8962ee74
JH		 5404}
5405
124f6e35 5406static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5407{
b1078ad0 5408 struct hci_dev *hdev = data;
124f6e35
JH		 5409 struct mgmt_cp_unpair_device *cp = cmd->param;
5410 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5411
5412 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5413 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5414 rp.addr.type = cp->addr.type;
a8a1d19e 5415
b1078ad0
JH		 5416 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5417
aee9b218 5418 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5419
5420 mgmt_pending_remove(cmd);
5421}
5422
9b80ec5e 5423void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5424 u8 link_type, u8 addr_type, u8 reason,
5425 bool mgmt_connected)
f7520543 5426{
f0d6a0ea 5427 struct mgmt_ev_device_disconnected ev;
8b064a3a 5428 struct pending_cmd *power_off;
8962ee74 5429 struct sock *sk = NULL;
8962ee74 5430
8b064a3a
JH		 5431 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5432 if (power_off) {
5433 struct mgmt_mode *cp = power_off->param;
5434
5435 /* The connection is still in hci_conn_hash so test for 1
5436 * instead of 0 to know if this is the last one.
5437 */
a3172b7e
JH		 5438 if (!cp->val && hci_conn_count(hdev) == 1) {
5439 cancel_delayed_work(&hdev->power_off);
8b064a3a 5440 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5441 }
8b064a3a
JH		 5442 }
5443
12d4a3b2
JH		 5444 if (!mgmt_connected)
5445 return;
5446
57eb776f
AG		 5447 if (link_type != ACL_LINK && link_type != LE_LINK)
5448 return;
5449
744cf19e 5450 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5451
f0d6a0ea
MA		 5452 bacpy(&ev.addr.bdaddr, bdaddr);
5453 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5454 ev.reason = reason;
f7520543 5455
9b80ec5e 5456 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5457
5458 if (sk)
d97dcb66 5459 sock_put(sk);
8962ee74 5460
124f6e35 5461 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5462 hdev);
8962ee74
JH		 5463}
5464
7892924c
MH		 5465void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5466 u8 link_type, u8 addr_type, u8 status)
8962ee74 5467{
3655bba8
AG		 5468 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5469 struct mgmt_cp_disconnect *cp;
88c3df13 5470 struct mgmt_rp_disconnect rp;
8962ee74 5471 struct pending_cmd *cmd;
8962ee74 5472
36a75f1b
JD		 5473 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5474 hdev);
5475
2e58ef3e 5476 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5477 if (!cmd)
7892924c 5478 return;
8962ee74 5479
3655bba8
AG		 5480 cp = cmd->param;
5481
5482 if (bacmp(bdaddr, &cp->addr.bdaddr))
5483 return;
5484
5485 if (cp->addr.type != bdaddr_type)
5486 return;
5487
88c3df13 5488 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5489 rp.addr.type = bdaddr_type;
37d9ef76 5490
7892924c
MH		 5491 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5492 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5493
a664b5bc 5494 mgmt_pending_remove(cmd);
f7520543 5495}
17d5c04c 5496
445608d0
MH		 5497void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5498 u8 addr_type, u8 status)
17d5c04c
JH		 5499{
5500 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5501 struct pending_cmd *power_off;
5502
5503 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5504 if (power_off) {
5505 struct mgmt_mode *cp = power_off->param;
5506
5507 /* The connection is still in hci_conn_hash so test for 1
5508 * instead of 0 to know if this is the last one.
5509 */
a3172b7e
JH		 5510 if (!cp->val && hci_conn_count(hdev) == 1) {
5511 cancel_delayed_work(&hdev->power_off);
c9910d0f 5512 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5513 }
c9910d0f 5514 }
17d5c04c 5515
4c659c39 5516 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5517 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5518 ev.status = mgmt_status(status);
17d5c04c 5519
445608d0 5520 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5521}
980e1a53 5522
ce0e4a0d 5523void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5524{
5525 struct mgmt_ev_pin_code_request ev;
5526
d8457698 5527 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5528 ev.addr.type = BDADDR_BREDR;
a770bb5a 5529 ev.secure = secure;
980e1a53 5530
ce0e4a0d 5531 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5532}
5533
e669cf80
MH		 5534void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5535 u8 status)
980e1a53
JH		 5536{
5537 struct pending_cmd *cmd;
ac56fb13 5538 struct mgmt_rp_pin_code_reply rp;
980e1a53 5539
2e58ef3e 5540 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5541 if (!cmd)
e669cf80 5542 return;
980e1a53 5543
d8457698 5544 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5545 rp.addr.type = BDADDR_BREDR;
ac56fb13 5546
e669cf80
MH		 5547 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5548 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5549
a664b5bc 5550 mgmt_pending_remove(cmd);
980e1a53
JH		 5551}
5552
3eb38528
MH		 5553void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5554 u8 status)
980e1a53
JH		 5555{
5556 struct pending_cmd *cmd;
ac56fb13 5557 struct mgmt_rp_pin_code_reply rp;
980e1a53 5558
2e58ef3e 5559 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5560 if (!cmd)
3eb38528 5561 return;
980e1a53 5562
d8457698 5563 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5564 rp.addr.type = BDADDR_BREDR;
ac56fb13 5565
3eb38528
MH		 5566 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5567 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5568
a664b5bc 5569 mgmt_pending_remove(cmd);
980e1a53 5570}
a5c29683 5571
744cf19e 5572int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5573 u8 link_type, u8 addr_type, u32 value,
04124681 5574 u8 confirm_hint)
a5c29683
JH		 5575{
5576 struct mgmt_ev_user_confirm_request ev;
5577
744cf19e 5578 BT_DBG("%s", hdev->name);
a5c29683 5579
272d90df 5580 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5581 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5582 ev.confirm_hint = confirm_hint;
39adbffe 5583 ev.value = cpu_to_le32(value);
a5c29683 5584
744cf19e 5585 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5586 NULL);
a5c29683
JH		 5587}
5588
272d90df 5589int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5590 u8 link_type, u8 addr_type)
604086b7
BG		 5591{
5592 struct mgmt_ev_user_passkey_request ev;
5593
5594 BT_DBG("%s", hdev->name);
5595
272d90df 5596 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5597 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5598
5599 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5600 NULL);
604086b7
BG		 5601}
5602
0df4c185 5603static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5604 u8 link_type, u8 addr_type, u8 status,
5605 u8 opcode)
a5c29683
JH		 5606{
5607 struct pending_cmd *cmd;
5608 struct mgmt_rp_user_confirm_reply rp;
5609 int err;
5610
2e58ef3e 5611 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5612 if (!cmd)
5613 return -ENOENT;
5614
272d90df 5615 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5616 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5617 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5618 &rp, sizeof(rp));
a5c29683 5619
a664b5bc 5620 mgmt_pending_remove(cmd);
a5c29683
JH		 5621
5622 return err;
5623}
5624
744cf19e 5625int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5626 u8 link_type, u8 addr_type, u8 status)
a5c29683 5627{
272d90df 5628 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5629 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5630}
5631
272d90df 5632int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5633 u8 link_type, u8 addr_type, u8 status)
a5c29683 5634{
272d90df 5635 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5636 status,
5637 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5638}
2a611692 5639
604086b7 5640int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5641 u8 link_type, u8 addr_type, u8 status)
604086b7 5642{
272d90df 5643 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5644 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5645}
5646
272d90df 5647int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5648 u8 link_type, u8 addr_type, u8 status)
604086b7 5649{
272d90df 5650 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5651 status,
5652 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5653}
5654
92a25256
JH		 5655int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5656 u8 link_type, u8 addr_type, u32 passkey,
5657 u8 entered)
5658{
5659 struct mgmt_ev_passkey_notify ev;
5660
5661 BT_DBG("%s", hdev->name);
5662
5663 bacpy(&ev.addr.bdaddr, bdaddr);
5664 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5665 ev.passkey = __cpu_to_le32(passkey);
5666 ev.entered = entered;
5667
5668 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5669}
5670
e546099c
MH		 5671void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5672 u8 addr_type, u8 status)
2a611692
JH		 5673{
5674 struct mgmt_ev_auth_failed ev;
5675
bab73cb6 5676 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5677 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5678 ev.status = mgmt_status(status);
2a611692 5679
e546099c 5680 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5681}
b312b161 5682
464996ae 5683void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5684{
5685 struct cmd_lookup match = { NULL, hdev };
464996ae 5686 bool changed;
33ef95ed
JH		 5687
5688 if (status) {
5689 u8 mgmt_err = mgmt_status(status);
5690 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5691 cmd_status_rsp, &mgmt_err);
464996ae 5692 return;
33ef95ed
JH		 5693 }
5694
464996ae
MH		 5695 if (test_bit(HCI_AUTH, &hdev->flags))
5696 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5697 &hdev->dev_flags);
5698 else
5699 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5700 &hdev->dev_flags);
47990ea0 5701
33ef95ed 5702 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5703 &match);
33ef95ed 5704
47990ea0 5705 if (changed)
464996ae 5706 new_settings(hdev, match.sk);
33ef95ed
JH		 5707
5708 if (match.sk)
5709 sock_put(match.sk);
33ef95ed
JH		 5710}
5711
890ea898 5712static void clear_eir(struct hci_request *req)
cacaf52f 5713{
890ea898 5714 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5715 struct hci_cp_write_eir cp;
5716
976eb20e 5717 if (!lmp_ext_inq_capable(hdev))
890ea898 5718 return;
cacaf52f 5719
c80da27e
JH		 5720 memset(hdev->eir, 0, sizeof(hdev->eir));
5721
cacaf52f
JH		 5722 memset(&cp, 0, sizeof(cp));
5723
890ea898 5724 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5725}
5726
3e248560 5727void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5728{
5729 struct cmd_lookup match = { NULL, hdev };
890ea898 5730 struct hci_request req;
c0ecddc2 5731 bool changed = false;
ed2c4ee3
JH		 5732
5733 if (status) {
5734 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5735
5736 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5737 &hdev->dev_flags)) {
5738 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5739 new_settings(hdev, NULL);
9ecb3e24 5740 }
c0ecddc2 5741
04124681
GP		 5742 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5743 &mgmt_err);
3e248560 5744 return;
c0ecddc2
JH		 5745 }
5746
5747 if (enable) {
9ecb3e24 5748 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5749 } else {
9ecb3e24
MH		 5750 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5751 if (!changed)
5752 changed = test_and_clear_bit(HCI_HS_ENABLED,
5753 &hdev->dev_flags);
5754 else
5755 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5756 }
5757
5758 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5759
c0ecddc2 5760 if (changed)
3e248560 5761 new_settings(hdev, match.sk);
ed2c4ee3 5762
5fc6ebb1 5763 if (match.sk)
ed2c4ee3
JH		 5764 sock_put(match.sk);
5765
890ea898
JH		 5766 hci_req_init(&req, hdev);
5767
5fc6ebb1 5768 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5769 update_eir(&req);
5fc6ebb1 5770 else
890ea898
JH		 5771 clear_eir(&req);
5772
5773 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5774}
5775
eac83dc6
MH		 5776void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5777{
5778 struct cmd_lookup match = { NULL, hdev };
5779 bool changed = false;
5780
5781 if (status) {
5782 u8 mgmt_err = mgmt_status(status);
5783
0ab04a9c
MH		 5784 if (enable) {
5785 if (test_and_clear_bit(HCI_SC_ENABLED,
5786 &hdev->dev_flags))
5787 new_settings(hdev, NULL);
5788 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5789 }
eac83dc6
MH		 5790
5791 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5792 cmd_status_rsp, &mgmt_err);
5793 return;
5794 }
5795
0ab04a9c 5796 if (enable) {
eac83dc6 5797 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5798 } else {
eac83dc6 5799 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5800 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5801 }
eac83dc6
MH		 5802
5803 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5804 settings_rsp, &match);
5805
5806 if (changed)
5807 new_settings(hdev, match.sk);
5808
5809 if (match.sk)
5810 sock_put(match.sk);
5811}
5812
92da6097 5813static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5814{
5815 struct cmd_lookup *match = data;
5816
90e70454
JH		 5817 if (match->sk == NULL) {
5818 match->sk = cmd->sk;
5819 sock_hold(match->sk);
5820 }
90e70454
JH		 5821}
5822
4e1b0245
MH		 5823void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5824 u8 status)
7f9a903c 5825{
90e70454 5826 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5827
92da6097
JH		 5828 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5829 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5830 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5831
5832 if (!status)
4e1b0245
MH		 5833 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5834 NULL);
90e70454
JH		 5835
5836 if (match.sk)
5837 sock_put(match.sk);
7f9a903c
MH		 5838}
5839
7667da34 5840void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5841{
b312b161 5842 struct mgmt_cp_set_local_name ev;
13928971 5843 struct pending_cmd *cmd;
28cc7bde 5844
13928971 5845 if (status)
7667da34 5846 return;
b312b161
JH		 5847
5848 memset(&ev, 0, sizeof(ev));
5849 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5850 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5851
2e58ef3e 5852 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5853 if (!cmd) {
5854 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5855
13928971
JH		 5856 /* If this is a HCI command related to powering on the
5857 * HCI dev don't send any mgmt signals.
5858 */
5859 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5860 return;
890ea898 5861 }
b312b161 5862
7667da34
MH		 5863 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5864 cmd ? cmd->sk : NULL);
b312b161 5865}
c35938b2 5866
4d2d2796
MH		 5867void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5868 u8 *randomizer192, u8 *hash256,
5869 u8 *randomizer256, u8 status)
c35938b2
SJ		 5870{
5871 struct pending_cmd *cmd;
c35938b2 5872
744cf19e 5873 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5874
2e58ef3e 5875 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5876 if (!cmd)
3edaf092 5877 return;
c35938b2
SJ		 5878
5879 if (status) {
3edaf092
MH		 5880 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5881 mgmt_status(status));
c35938b2 5882 } else {
4d2d2796
MH		 5883 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5884 hash256 && randomizer256) {
5885 struct mgmt_rp_read_local_oob_ext_data rp;
5886
5887 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5888 memcpy(rp.randomizer192, randomizer192,
5889 sizeof(rp.randomizer192));
c35938b2 5890
4d2d2796
MH		 5891 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5892 memcpy(rp.randomizer256, randomizer256,
5893 sizeof(rp.randomizer256));
c35938b2 5894
4d2d2796
MH		 5895 cmd_complete(cmd->sk, hdev->id,
5896 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5897 &rp, sizeof(rp));
5898 } else {
5899 struct mgmt_rp_read_local_oob_data rp;
5900
5901 memcpy(rp.hash, hash192, sizeof(rp.hash));
5902 memcpy(rp.randomizer, randomizer192,
5903 sizeof(rp.randomizer));
5904
5905 cmd_complete(cmd->sk, hdev->id,
5906 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5907 &rp, sizeof(rp));
5908 }
c35938b2
SJ		 5909 }
5910
5911 mgmt_pending_remove(cmd);
c35938b2 5912}
e17acd40 5913
901801b9 5914void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5915 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5916 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5917 u8 scan_rsp_len)
e17acd40 5918{
e319d2e7
JH		 5919 char buf[512];
5920 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5921 struct smp_irk *irk;
1dc06093 5922 size_t ev_size;
e17acd40 5923
12602d0c 5924 if (!hci_discovery_active(hdev))
901801b9 5925 return;
12602d0c 5926
5d2e9fad
JH		 5927 /* Make sure that the buffer is big enough. The 5 extra bytes
5928 * are for the potential CoD field.
5929 */
5930 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5931 return;
7d262f86 5932
1dc06093
JH		 5933 memset(buf, 0, sizeof(buf));
5934
5cedbb8d
JH		 5935 irk = hci_get_irk(hdev, bdaddr, addr_type);
5936 if (irk) {
5937 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5938 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5939 } else {
5940 bacpy(&ev->addr.bdaddr, bdaddr);
5941 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5942 }
5943
e319d2e7 5944 ev->rssi = rssi;
9a395a80 5945 if (cfm_name)
dcf4adbf 5946 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5947 if (!ssp)
dcf4adbf 5948 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5949
1dc06093 5950 if (eir_len > 0)
e319d2e7 5951 memcpy(ev->eir, eir, eir_len);
e17acd40 5952
1dc06093
JH		 5953 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5954 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5955 dev_class, 3);
1dc06093 5956
5d2e9fad
JH		 5957 if (scan_rsp_len > 0)
5958 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5959
5960 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5961 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5962
901801b9 5963 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5964}
a88a9652 5965
9cf12aee
MH		 5966void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5967 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5968{
b644ba33
JH		 5969 struct mgmt_ev_device_found *ev;
5970 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5971 u16 eir_len;
a88a9652 5972
b644ba33 5973 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5974
b644ba33
JH		 5975 memset(buf, 0, sizeof(buf));
5976
5977 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5978 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5979 ev->rssi = rssi;
5980
5981 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5982 name_len);
b644ba33 5983
eb55ef07 5984 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5985
9cf12aee 5986 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5987}
314b2381 5988
2f1e063b 5989void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5990{
f963e8e9 5991 struct mgmt_ev_discovering ev;
164a6e78
JH		 5992 struct pending_cmd *cmd;
5993
343fb145
AG		 5994 BT_DBG("%s discovering %u", hdev->name, discovering);
5995
164a6e78 5996 if (discovering)
2e58ef3e 5997 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5998 else
2e58ef3e 5999 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6000
6001 if (cmd != NULL) {
f808e166
JH		 6002 u8 type = hdev->discovery.type;
6003
04124681
GP		 6004 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6005 sizeof(type));
164a6e78
JH		 6006 mgmt_pending_remove(cmd);
6007 }
6008
f963e8e9
JH		 6009 memset(&ev, 0, sizeof(ev));
6010 ev.type = hdev->discovery.type;
6011 ev.discovering = discovering;
6012
2f1e063b 6013 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6014}
5e762444 6015
88c1fe4b 6016int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6017{
6018 struct pending_cmd *cmd;
6019 struct mgmt_ev_device_blocked ev;
6020
2e58ef3e 6021 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 6022
88c1fe4b
JH		 6023 bacpy(&ev.addr.bdaddr, bdaddr);
6024 ev.addr.type = type;
5e762444 6025
744cf19e 6026 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 6027 cmd ? cmd->sk : NULL);
5e762444
AJ		 6028}
6029
88c1fe4b 6030int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6031{
6032 struct pending_cmd *cmd;
6033 struct mgmt_ev_device_unblocked ev;
6034
2e58ef3e 6035 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 6036
88c1fe4b
JH		 6037 bacpy(&ev.addr.bdaddr, bdaddr);
6038 ev.addr.type = type;
5e762444 6039
744cf19e 6040 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6041 cmd ? cmd->sk : NULL);
5e762444 6042}
5976e608
MH		 6043
6044static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6045{
6046 BT_DBG("%s status %u", hdev->name, status);
6047
6048 /* Clear the advertising mgmt setting if we failed to re-enable it */
6049 if (status) {
6050 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6051 new_settings(hdev, NULL);
5976e608
MH		 6052 }
6053}
6054
6055void mgmt_reenable_advertising(struct hci_dev *hdev)
6056{
6057 struct hci_request req;
6058
b145edcd 6059 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6060 return;
6061
6062 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6063 return;
6064
6065 hci_req_init(&req, hdev);
6066 enable_advertising(&req);
6067
6068 /* If this fails we have no option but to let user space know
6069 * that we've disabled advertising.
6070 */
6071 if (hci_req_run(&req, adv_enable_complete) < 0) {
6072 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6073 new_settings(hdev, NULL);
5976e608
MH		 6074 }
6075}
Linux kernel - Deliverables
This page took 0.658213 seconds and 5 git commands to generate.