projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add a new mgmt_set_bredr command
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
3810285c 36#define MGMT_REVISION 3
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
17b02e62 105#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 106
4b34ee78
JH		 107#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
108 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
109
eec8d2bc
JH		 110struct pending_cmd {
111 struct list_head list;
fc2f4b13 112 u16 opcode;
eec8d2bc 113 int index;
c68fb7ff 114 void *param;
eec8d2bc 115 struct sock *sk;
e9a416b5 116 void *user_data;
eec8d2bc
JH		 117};
118
ca69b795
JH		 119/* HCI to MGMT error code conversion table */
120static u8 mgmt_status_table[] = {
121 MGMT_STATUS_SUCCESS,
122 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
123 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
124 MGMT_STATUS_FAILED, /* Hardware Failure */
125 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
126 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
127 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
128 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
129 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
132 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
133 MGMT_STATUS_BUSY, /* Command Disallowed */
134 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
135 MGMT_STATUS_REJECTED, /* Rejected Security */
136 MGMT_STATUS_REJECTED, /* Rejected Personal */
137 MGMT_STATUS_TIMEOUT, /* Host Timeout */
138 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
139 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
140 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
141 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
142 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
143 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
144 MGMT_STATUS_BUSY, /* Repeated Attempts */
145 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
146 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
148 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
149 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
150 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
152 MGMT_STATUS_FAILED, /* Unspecified Error */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
154 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
155 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
156 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
157 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
158 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
159 MGMT_STATUS_FAILED, /* Unit Link Key Used */
160 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
161 MGMT_STATUS_TIMEOUT, /* Instant Passed */
162 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
163 MGMT_STATUS_FAILED, /* Transaction Collision */
164 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
165 MGMT_STATUS_REJECTED, /* QoS Rejected */
166 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
167 MGMT_STATUS_REJECTED, /* Insufficient Security */
168 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
169 MGMT_STATUS_BUSY, /* Role Switch Pending */
170 MGMT_STATUS_FAILED, /* Slot Violation */
171 MGMT_STATUS_FAILED, /* Role Switch Failed */
172 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
173 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
174 MGMT_STATUS_BUSY, /* Host Busy Pairing */
175 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
176 MGMT_STATUS_BUSY, /* Controller Busy */
177 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
178 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
179 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
180 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
181 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
182};
183
bb4b2a9a
AE		 184bool mgmt_valid_hdev(struct hci_dev *hdev)
185{
186 return hdev->dev_type == HCI_BREDR;
187}
188
ca69b795
JH		 189static u8 mgmt_status(u8 hci_status)
190{
191 if (hci_status < ARRAY_SIZE(mgmt_status_table))
192 return mgmt_status_table[hci_status];
193
194 return MGMT_STATUS_FAILED;
195}
196
4e51eae9 197static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 198{
199 struct sk_buff *skb;
200 struct mgmt_hdr *hdr;
201 struct mgmt_ev_cmd_status *ev;
56b7d137 202 int err;
f7b64e69 203
34eb525c 204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 205
790eff44 206 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 207 if (!skb)
208 return -ENOMEM;
209
210 hdr = (void *) skb_put(skb, sizeof(*hdr));
211
612dfce9 212 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 213 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 214 hdr->len = cpu_to_le16(sizeof(*ev));
215
216 ev = (void *) skb_put(skb, sizeof(*ev));
217 ev->status = status;
eb55ef07 218 ev->opcode = cpu_to_le16(cmd);
f7b64e69 219
56b7d137
GP		 220 err = sock_queue_rcv_skb(sk, skb);
221 if (err < 0)
f7b64e69
JH		 222 kfree_skb(skb);
223
56b7d137 224 return err;
f7b64e69
JH		 225}
226
aee9b218 227static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 228 void *rp, size_t rp_len)
02d98129
JH		 229{
230 struct sk_buff *skb;
231 struct mgmt_hdr *hdr;
232 struct mgmt_ev_cmd_complete *ev;
56b7d137 233 int err;
02d98129
JH		 234
235 BT_DBG("sock %p", sk);
236
790eff44 237 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 238 if (!skb)
239 return -ENOMEM;
240
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 242
612dfce9 243 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 244 hdr->index = cpu_to_le16(index);
a38528f1 245 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 246
a38528f1 247 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 248 ev->opcode = cpu_to_le16(cmd);
aee9b218 249 ev->status = status;
8020c16a
SJ		 250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
02d98129 253
56b7d137
GP		 254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
02d98129
JH		 256 kfree_skb(skb);
257
e5f0e151 258 return err;
02d98129
JH		 259}
260
04124681
GP		 261static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 u16 data_len)
a38528f1
JH		 263{
264 struct mgmt_rp_read_version rp;
265
266 BT_DBG("sock %p", sk);
267
268 rp.version = MGMT_VERSION;
eb55ef07 269 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 270
aee9b218 271 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 272 sizeof(rp));
a38528f1
JH		 273}
274
04124681
GP		 275static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
e70bb2e8
JH		 277{
278 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 279 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
280 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 281 __le16 *opcode;
e70bb2e8
JH		 282 size_t rp_size;
283 int i, err;
284
285 BT_DBG("sock %p", sk);
286
287 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
288
289 rp = kmalloc(rp_size, GFP_KERNEL);
290 if (!rp)
291 return -ENOMEM;
292
eb55ef07
MH		 293 rp->num_commands = __constant_cpu_to_le16(num_commands);
294 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 295
296 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
297 put_unaligned_le16(mgmt_commands[i], opcode);
298
299 for (i = 0; i < num_events; i++, opcode++)
300 put_unaligned_le16(mgmt_events[i], opcode);
301
aee9b218 302 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 303 rp_size);
e70bb2e8
JH		 304 kfree(rp);
305
306 return err;
307}
308
04124681
GP		 309static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
faba42eb 311{
faba42eb 312 struct mgmt_rp_read_index_list *rp;
8035ded4 313 struct hci_dev *d;
a38528f1 314 size_t rp_len;
faba42eb 315 u16 count;
476e44cb 316 int err;
faba42eb
JH		 317
318 BT_DBG("sock %p", sk);
319
320 read_lock(&hci_dev_list_lock);
321
322 count = 0;
bb4b2a9a
AE		 323 list_for_each_entry(d, &hci_dev_list, list) {
324 if (!mgmt_valid_hdev(d))
325 continue;
326
faba42eb
JH		 327 count++;
328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
0736cfa8
MH		 342 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
343 continue;
344
bb4b2a9a
AE		 345 if (!mgmt_valid_hdev(d))
346 continue;
347
476e44cb 348 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 349 BT_DBG("Added hci%u", d->id);
350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 370 settings |= MGMT_SETTING_PAIRABLE;
371
9a1a1996 372 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 373 settings |= MGMT_SETTING_SSP;
374
ed3fa31f 375 if (lmp_bredr_capable(hdev)) {
33c525c0 376 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 379 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 382 settings |= MGMT_SETTING_HS;
848566b3 383 }
d7b7e796 384
eeca6f89 385 if (lmp_le_capable(hdev)) {
9d42820f 386 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 387 settings |= MGMT_SETTING_ADVERTISING;
388 }
69ab39ea
JH		 389
390 return settings;
391}
392
393static u32 get_current_settings(struct hci_dev *hdev)
394{
395 u32 settings = 0;
396
f1f0eb02 397 if (hdev_is_powered(hdev))
f0d4b78a
MH		 398 settings |= MGMT_SETTING_POWERED;
399
5e5282bb 400 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 401 settings |= MGMT_SETTING_CONNECTABLE;
402
1a4d3c4b
JH		 403 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
404 settings |= MGMT_SETTING_FAST_CONNECTABLE;
405
5e5282bb 406 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_DISCOVERABLE;
408
a8b2d5c2 409 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_PAIRABLE;
411
56f87901 412 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_BREDR;
414
06199cf8 415 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_LE;
417
47990ea0 418 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_LINK_SECURITY;
420
84bde9d6 421 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_SSP;
423
6d80dfd0
JH		 424 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
425 settings |= MGMT_SETTING_HS;
426
eeca6f89
JH		 427 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
428 settings |= MGMT_SETTING_ADVERTISING;
429
69ab39ea
JH		 430 return settings;
431}
432
ef580372
JH		 433#define PNP_INFO_SVCLASS_ID 0x1200
434
213202ed
JH		 435static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
436{
437 u8 *ptr = data, *uuids_start = NULL;
438 struct bt_uuid *uuid;
439
440 if (len < 4)
441 return ptr;
442
443 list_for_each_entry(uuid, &hdev->uuids, list) {
444 u16 uuid16;
445
446 if (uuid->size != 16)
447 continue;
448
449 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
450 if (uuid16 < 0x1100)
451 continue;
452
453 if (uuid16 == PNP_INFO_SVCLASS_ID)
454 continue;
455
456 if (!uuids_start) {
457 uuids_start = ptr;
458 uuids_start[0] = 1;
459 uuids_start[1] = EIR_UUID16_ALL;
460 ptr += 2;
461 }
462
463 /* Stop if not enough space to put next UUID */
464 if ((ptr - data) + sizeof(u16) > len) {
465 uuids_start[1] = EIR_UUID16_SOME;
466 break;
467 }
468
469 *ptr++ = (uuid16 & 0x00ff);
470 *ptr++ = (uuid16 & 0xff00) >> 8;
471 uuids_start[0] += sizeof(uuid16);
472 }
473
474 return ptr;
475}
476
cdf1963f
JH		 477static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
478{
479 u8 *ptr = data, *uuids_start = NULL;
480 struct bt_uuid *uuid;
481
482 if (len < 6)
483 return ptr;
484
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 if (uuid->size != 32)
487 continue;
488
489 if (!uuids_start) {
490 uuids_start = ptr;
491 uuids_start[0] = 1;
492 uuids_start[1] = EIR_UUID32_ALL;
493 ptr += 2;
494 }
495
496 /* Stop if not enough space to put next UUID */
497 if ((ptr - data) + sizeof(u32) > len) {
498 uuids_start[1] = EIR_UUID32_SOME;
499 break;
500 }
501
502 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
503 ptr += sizeof(u32);
504 uuids_start[0] += sizeof(u32);
505 }
506
507 return ptr;
508}
509
c00d575b
JH		 510static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
511{
512 u8 *ptr = data, *uuids_start = NULL;
513 struct bt_uuid *uuid;
514
515 if (len < 18)
516 return ptr;
517
518 list_for_each_entry(uuid, &hdev->uuids, list) {
519 if (uuid->size != 128)
520 continue;
521
522 if (!uuids_start) {
523 uuids_start = ptr;
524 uuids_start[0] = 1;
525 uuids_start[1] = EIR_UUID128_ALL;
526 ptr += 2;
527 }
528
529 /* Stop if not enough space to put next UUID */
530 if ((ptr - data) + 16 > len) {
531 uuids_start[1] = EIR_UUID128_SOME;
532 break;
533 }
534
535 memcpy(ptr, uuid->uuid, 16);
536 ptr += 16;
537 uuids_start[0] += 16;
538 }
539
540 return ptr;
541}
542
ef580372
JH		 543static void create_eir(struct hci_dev *hdev, u8 *data)
544{
545 u8 *ptr = data;
ef580372
JH		 546 size_t name_len;
547
548 name_len = strlen(hdev->dev_name);
549
550 if (name_len > 0) {
551 /* EIR Data type */
552 if (name_len > 48) {
553 name_len = 48;
554 ptr[1] = EIR_NAME_SHORT;
555 } else
556 ptr[1] = EIR_NAME_COMPLETE;
557
558 /* EIR Data length */
559 ptr[0] = name_len + 1;
560
561 memcpy(ptr + 2, hdev->dev_name, name_len);
562
ef580372
JH		 563 ptr += (name_len + 2);
564 }
565
bbaf444a 566 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 567 ptr[0] = 2;
568 ptr[1] = EIR_TX_POWER;
569 ptr[2] = (u8) hdev->inq_tx_power;
570
91c4e9b1
MH		 571 ptr += 3;
572 }
573
2b9be137
MH		 574 if (hdev->devid_source > 0) {
575 ptr[0] = 9;
576 ptr[1] = EIR_DEVICE_ID;
577
578 put_unaligned_le16(hdev->devid_source, ptr + 2);
579 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
580 put_unaligned_le16(hdev->devid_product, ptr + 6);
581 put_unaligned_le16(hdev->devid_version, ptr + 8);
582
2b9be137
MH		 583 ptr += 10;
584 }
585
213202ed 586 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 587 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 588 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 589}
590
890ea898 591static void update_eir(struct hci_request *req)
ef580372 592{
890ea898 593 struct hci_dev *hdev = req->hdev;
ef580372
JH		 594 struct hci_cp_write_eir cp;
595
504c8dcd 596 if (!hdev_is_powered(hdev))
890ea898 597 return;
7770c4aa 598
976eb20e 599 if (!lmp_ext_inq_capable(hdev))
890ea898 600 return;
ef580372 601
84bde9d6 602 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 603 return;
ef580372 604
a8b2d5c2 605 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 606 return;
ef580372
JH		 607
608 memset(&cp, 0, sizeof(cp));
609
610 create_eir(hdev, cp.data);
611
612 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 613 return;
ef580372
JH		 614
615 memcpy(hdev->eir, cp.data, sizeof(cp.data));
616
890ea898 617 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 618}
619
620static u8 get_service_classes(struct hci_dev *hdev)
621{
622 struct bt_uuid *uuid;
623 u8 val = 0;
624
625 list_for_each_entry(uuid, &hdev->uuids, list)
626 val |= uuid->svc_hint;
627
628 return val;
629}
630
890ea898 631static void update_class(struct hci_request *req)
ef580372 632{
890ea898 633 struct hci_dev *hdev = req->hdev;
ef580372
JH		 634 u8 cod[3];
635
636 BT_DBG("%s", hdev->name);
637
504c8dcd 638 if (!hdev_is_powered(hdev))
890ea898 639 return;
7770c4aa 640
a8b2d5c2 641 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 642 return;
ef580372
JH		 643
644 cod[0] = hdev->minor_class;
645 cod[1] = hdev->major_class;
646 cod[2] = get_service_classes(hdev);
647
648 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 649 return;
ef580372 650
890ea898 651 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 652}
653
7d78525d
JH		 654static void service_cache_off(struct work_struct *work)
655{
656 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 657 service_cache.work);
890ea898 658 struct hci_request req;
7d78525d 659
a8b2d5c2 660 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 661 return;
662
890ea898
JH		 663 hci_req_init(&req, hdev);
664
7d78525d
JH		 665 hci_dev_lock(hdev);
666
890ea898
JH		 667 update_eir(&req);
668 update_class(&req);
7d78525d
JH		 669
670 hci_dev_unlock(hdev);
890ea898
JH		 671
672 hci_req_run(&req, NULL);
7d78525d
JH		 673}
674
6a919082 675static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 676{
4f87da80 677 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 678 return;
679
4f87da80 680 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 681
4f87da80
JH		 682 /* Non-mgmt controlled devices get this bit set
683 * implicitly so that pairing works for them, however
684 * for mgmt we require user-space to explicitly enable
685 * it
686 */
687 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 688}
689
0f4e68cf 690static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 691 void *data, u16 data_len)
0381101f 692{
a38528f1 693 struct mgmt_rp_read_info rp;
f7b64e69 694
bdb6d971 695 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 696
09fd0de5 697 hci_dev_lock(hdev);
f7b64e69 698
dc4fe30b
JH		 699 memset(&rp, 0, sizeof(rp));
700
69ab39ea 701 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 702
69ab39ea 703 rp.version = hdev->hci_ver;
eb55ef07 704 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 705
706 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
707 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 708
a38528f1 709 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 710
dc4fe30b 711 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 712 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 713
09fd0de5 714 hci_dev_unlock(hdev);
0381101f 715
bdb6d971 716 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 717 sizeof(rp));
0381101f
JH		 718}
719
eec8d2bc
JH		 720static void mgmt_pending_free(struct pending_cmd *cmd)
721{
722 sock_put(cmd->sk);
c68fb7ff 723 kfree(cmd->param);
eec8d2bc
JH		 724 kfree(cmd);
725}
726
366a0336 727static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 728 struct hci_dev *hdev, void *data,
729 u16 len)
eec8d2bc
JH		 730{
731 struct pending_cmd *cmd;
732
12b94565 733 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 734 if (!cmd)
366a0336 735 return NULL;
eec8d2bc
JH		 736
737 cmd->opcode = opcode;
2e58ef3e 738 cmd->index = hdev->id;
eec8d2bc 739
12b94565 740 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 741 if (!cmd->param) {
eec8d2bc 742 kfree(cmd);
366a0336 743 return NULL;
eec8d2bc
JH		 744 }
745
8fce6357
SJ		 746 if (data)
747 memcpy(cmd->param, data, len);
eec8d2bc
JH		 748
749 cmd->sk = sk;
750 sock_hold(sk);
751
2e58ef3e 752 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 753
366a0336 754 return cmd;
eec8d2bc
JH		 755}
756
744cf19e 757static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 758 void (*cb)(struct pending_cmd *cmd,
759 void *data),
04124681 760 void *data)
eec8d2bc 761{
a3d09356 762 struct pending_cmd *cmd, *tmp;
eec8d2bc 763
a3d09356 764 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 765 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 766 continue;
767
eec8d2bc
JH		 768 cb(cmd, data);
769 }
770}
771
2e58ef3e 772static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 773{
8035ded4 774 struct pending_cmd *cmd;
eec8d2bc 775
2e58ef3e 776 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 777 if (cmd->opcode == opcode)
778 return cmd;
eec8d2bc
JH		 779 }
780
781 return NULL;
782}
783
a664b5bc 784static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 785{
73f22f62
JH		 786 list_del(&cmd->list);
787 mgmt_pending_free(cmd);
788}
789
69ab39ea 790static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 791{
69ab39ea 792 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 793
aee9b218 794 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 795 sizeof(settings));
8680570b
JH		 796}
797
bdb6d971 798static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 799 u16 len)
eec8d2bc 800{
650f726d 801 struct mgmt_mode *cp = data;
366a0336 802 struct pending_cmd *cmd;
4b34ee78 803 int err;
eec8d2bc 804
bdb6d971 805 BT_DBG("request for %s", hdev->name);
eec8d2bc 806
a7e80f25
JH		 807 if (cp->val != 0x00 && cp->val != 0x01)
808 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
809 MGMT_STATUS_INVALID_PARAMS);
810
09fd0de5 811 hci_dev_lock(hdev);
eec8d2bc 812
87b95ba6
JH		 813 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
814 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
815 MGMT_STATUS_BUSY);
816 goto failed;
817 }
818
f0d4b78a
MH		 819 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
820 cancel_delayed_work(&hdev->power_off);
821
822 if (cp->val) {
a1d70450
JH		 823 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
824 data, len);
825 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 826 goto failed;
827 }
828 }
829
4b34ee78 830 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 831 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 832 goto failed;
833 }
834
2e58ef3e 835 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 836 if (!cmd) {
837 err = -ENOMEM;
eec8d2bc 838 goto failed;
366a0336 839 }
eec8d2bc 840
72a734ec 841 if (cp->val)
19202573 842 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 843 else
19202573 844 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 845
366a0336 846 err = 0;
eec8d2bc
JH		 847
848failed:
09fd0de5 849 hci_dev_unlock(hdev);
366a0336 850 return err;
eec8d2bc
JH		 851}
852
04124681
GP		 853static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
854 struct sock *skip_sk)
beadb2bd
JH		 855{
856 struct sk_buff *skb;
857 struct mgmt_hdr *hdr;
858
790eff44 859 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 860 if (!skb)
861 return -ENOMEM;
862
863 hdr = (void *) skb_put(skb, sizeof(*hdr));
864 hdr->opcode = cpu_to_le16(event);
865 if (hdev)
866 hdr->index = cpu_to_le16(hdev->id);
867 else
612dfce9 868 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 869 hdr->len = cpu_to_le16(data_len);
870
871 if (data)
872 memcpy(skb_put(skb, data_len), data, data_len);
873
97e0bdeb
MH		 874 /* Time stamp */
875 __net_timestamp(skb);
876
beadb2bd
JH		 877 hci_send_to_control(skb, skip_sk);
878 kfree_skb(skb);
879
880 return 0;
881}
882
883static int new_settings(struct hci_dev *hdev, struct sock *skip)
884{
885 __le32 ev;
886
887 ev = cpu_to_le32(get_current_settings(hdev));
888
889 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
890}
891
bd99abdd
JH		 892struct cmd_lookup {
893 struct sock *sk;
894 struct hci_dev *hdev;
895 u8 mgmt_status;
896};
897
898static void settings_rsp(struct pending_cmd *cmd, void *data)
899{
900 struct cmd_lookup *match = data;
901
902 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
903
904 list_del(&cmd->list);
905
906 if (match->sk == NULL) {
907 match->sk = cmd->sk;
908 sock_hold(match->sk);
909 }
910
911 mgmt_pending_free(cmd);
912}
913
914static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
915{
916 u8 *status = data;
917
918 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
919 mgmt_pending_remove(cmd);
920}
921
bdb6d971 922static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 923 u16 len)
73f22f62 924{
650f726d 925 struct mgmt_cp_set_discoverable *cp = data;
366a0336 926 struct pending_cmd *cmd;
5e5282bb 927 u16 timeout;
73f22f62
JH		 928 u8 scan;
929 int err;
930
bdb6d971 931 BT_DBG("request for %s", hdev->name);
73f22f62 932
56f87901 933 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 934 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
935 MGMT_STATUS_NOT_SUPPORTED);
936
a7e80f25
JH		 937 if (cp->val != 0x00 && cp->val != 0x01)
938 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
939 MGMT_STATUS_INVALID_PARAMS);
940
1f350c87 941 timeout = __le16_to_cpu(cp->timeout);
24c54a90 942 if (!cp->val && timeout > 0)
bdb6d971 943 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 944 MGMT_STATUS_INVALID_PARAMS);
73f22f62 945
09fd0de5 946 hci_dev_lock(hdev);
73f22f62 947
5e5282bb 948 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 949 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 950 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 951 goto failed;
952 }
953
2e58ef3e 954 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 955 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 956 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 957 MGMT_STATUS_BUSY);
73f22f62
JH		 958 goto failed;
959 }
960
5e5282bb 961 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 962 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 963 MGMT_STATUS_REJECTED);
5e5282bb
JH		 964 goto failed;
965 }
966
967 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 968 bool changed = false;
969
970 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
971 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
972 changed = true;
973 }
974
5e5282bb 975 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 976 if (err < 0)
977 goto failed;
978
979 if (changed)
980 err = new_settings(hdev, sk);
981
5e5282bb
JH		 982 goto failed;
983 }
984
985 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 986 if (hdev->discov_timeout > 0) {
987 cancel_delayed_work(&hdev->discov_off);
988 hdev->discov_timeout = 0;
989 }
990
991 if (cp->val && timeout > 0) {
992 hdev->discov_timeout = timeout;
993 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
994 msecs_to_jiffies(hdev->discov_timeout * 1000));
995 }
996
69ab39ea 997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 998 goto failed;
999 }
1000
2e58ef3e 1001 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1002 if (!cmd) {
1003 err = -ENOMEM;
73f22f62 1004 goto failed;
366a0336 1005 }
73f22f62
JH		 1006
1007 scan = SCAN_PAGE;
1008
72a734ec 1009 if (cp->val)
73f22f62 1010 scan |= SCAN_INQUIRY;
16ab91ab 1011 else
e0f9309f 1012 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1013
1014 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1015 if (err < 0)
a664b5bc 1016 mgmt_pending_remove(cmd);
73f22f62 1017
16ab91ab 1018 if (cp->val)
5e5282bb 1019 hdev->discov_timeout = timeout;
16ab91ab 1020
73f22f62 1021failed:
09fd0de5 1022 hci_dev_unlock(hdev);
73f22f62
JH		 1023 return err;
1024}
1025
406d7804
JH		 1026static void write_fast_connectable(struct hci_request *req, bool enable)
1027{
bd98b996 1028 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1029 struct hci_cp_write_page_scan_activity acp;
1030 u8 type;
1031
4c01f8b8
JH		 1032 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1033 return;
1034
406d7804
JH		 1035 if (enable) {
1036 type = PAGE_SCAN_TYPE_INTERLACED;
1037
1038 /* 160 msec page scan interval */
1039 acp.interval = __constant_cpu_to_le16(0x0100);
1040 } else {
1041 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1042
1043 /* default 1.28 sec page scan */
1044 acp.interval = __constant_cpu_to_le16(0x0800);
1045 }
1046
1047 acp.window = __constant_cpu_to_le16(0x0012);
1048
bd98b996
JH		 1049 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1050 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1051 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1052 sizeof(acp), &acp);
1053
1054 if (hdev->page_scan_type != type)
1055 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1056}
1057
2b76f453
JH		 1058static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1059{
1060 struct pending_cmd *cmd;
1061
1062 BT_DBG("status 0x%02x", status);
1063
1064 hci_dev_lock(hdev);
1065
1066 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1067 if (!cmd)
1068 goto unlock;
1069
1070 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1071
1072 mgmt_pending_remove(cmd);
1073
1074unlock:
1075 hci_dev_unlock(hdev);
1076}
1077
bdb6d971 1078static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1079 u16 len)
9fbcbb45 1080{
650f726d 1081 struct mgmt_mode *cp = data;
366a0336 1082 struct pending_cmd *cmd;
2b76f453 1083 struct hci_request req;
9fbcbb45
JH		 1084 u8 scan;
1085 int err;
1086
bdb6d971 1087 BT_DBG("request for %s", hdev->name);
9fbcbb45 1088
56f87901 1089 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1091 MGMT_STATUS_NOT_SUPPORTED);
1092
a7e80f25
JH		 1093 if (cp->val != 0x00 && cp->val != 0x01)
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1095 MGMT_STATUS_INVALID_PARAMS);
1096
09fd0de5 1097 hci_dev_lock(hdev);
9fbcbb45 1098
4b34ee78 1099 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1100 bool changed = false;
1101
1102 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1103 changed = true;
1104
6bf0e469 1105 if (cp->val) {
5e5282bb 1106 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1107 } else {
5e5282bb
JH		 1108 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1109 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1110 }
0224d2fa 1111
5e5282bb 1112 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1113 if (err < 0)
1114 goto failed;
1115
1116 if (changed)
1117 err = new_settings(hdev, sk);
1118
9fbcbb45
JH		 1119 goto failed;
1120 }
1121
2e58ef3e 1122 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1123 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1124 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1125 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1126 goto failed;
1127 }
1128
5e5282bb 1129 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1130 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1131 goto failed;
1132 }
1133
2e58ef3e 1134 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1135 if (!cmd) {
1136 err = -ENOMEM;
9fbcbb45 1137 goto failed;
366a0336 1138 }
9fbcbb45 1139
6bf0e469 1140 if (cp->val) {
9fbcbb45 1141 scan = SCAN_PAGE;
6bf0e469 1142 } else {
9fbcbb45
JH		 1143 scan = 0;
1144
df2c6c5e 1145 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1146 hdev->discov_timeout > 0)
df2c6c5e
JH		 1147 cancel_delayed_work(&hdev->discov_off);
1148 }
1149
2b76f453
JH		 1150 hci_req_init(&req, hdev);
1151
1152 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1153
4c01f8b8
JH		 1154 /* If we're going from non-connectable to connectable or
1155 * vice-versa when fast connectable is enabled ensure that fast
1156 * connectable gets disabled. write_fast_connectable won't do
1157 * anything if the page scan parameters are already what they
1158 * should be.
1159 */
1160 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1161 write_fast_connectable(&req, false);
1162
2b76f453 1163 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1164 if (err < 0)
a664b5bc 1165 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1166
1167failed:
09fd0de5 1168 hci_dev_unlock(hdev);
9fbcbb45
JH		 1169 return err;
1170}
1171
bdb6d971 1172static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1173 u16 len)
c542a06c 1174{
650f726d 1175 struct mgmt_mode *cp = data;
c542a06c
JH		 1176 int err;
1177
bdb6d971 1178 BT_DBG("request for %s", hdev->name);
c542a06c 1179
a7e80f25
JH		 1180 if (cp->val != 0x00 && cp->val != 0x01)
1181 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1182 MGMT_STATUS_INVALID_PARAMS);
1183
09fd0de5 1184 hci_dev_lock(hdev);
c542a06c
JH		 1185
1186 if (cp->val)
a8b2d5c2 1187 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1188 else
a8b2d5c2 1189 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1190
69ab39ea 1191 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1192 if (err < 0)
1193 goto failed;
1194
beadb2bd 1195 err = new_settings(hdev, sk);
c542a06c
JH		 1196
1197failed:
09fd0de5 1198 hci_dev_unlock(hdev);
c542a06c
JH		 1199 return err;
1200}
1201
04124681
GP		 1202static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1203 u16 len)
33ef95ed
JH		 1204{
1205 struct mgmt_mode *cp = data;
1206 struct pending_cmd *cmd;
816a11d5 1207 u8 val;
33ef95ed
JH		 1208 int err;
1209
bdb6d971 1210 BT_DBG("request for %s", hdev->name);
33ef95ed 1211
56f87901 1212 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1213 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1214 MGMT_STATUS_NOT_SUPPORTED);
1215
a7e80f25
JH		 1216 if (cp->val != 0x00 && cp->val != 0x01)
1217 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1218 MGMT_STATUS_INVALID_PARAMS);
1219
33ef95ed
JH		 1220 hci_dev_lock(hdev);
1221
4b34ee78 1222 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1223 bool changed = false;
1224
1225 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1226 &hdev->dev_flags)) {
47990ea0
JH		 1227 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1228 changed = true;
1229 }
1230
1231 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1232 if (err < 0)
1233 goto failed;
1234
1235 if (changed)
1236 err = new_settings(hdev, sk);
1237
33ef95ed
JH		 1238 goto failed;
1239 }
1240
1241 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1242 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1243 MGMT_STATUS_BUSY);
33ef95ed
JH		 1244 goto failed;
1245 }
1246
1247 val = !!cp->val;
1248
1249 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1250 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1251 goto failed;
1252 }
1253
1254 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1255 if (!cmd) {
1256 err = -ENOMEM;
1257 goto failed;
1258 }
1259
1260 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1261 if (err < 0) {
1262 mgmt_pending_remove(cmd);
1263 goto failed;
1264 }
1265
1266failed:
1267 hci_dev_unlock(hdev);
33ef95ed
JH		 1268 return err;
1269}
1270
bdb6d971 1271static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1272{
1273 struct mgmt_mode *cp = data;
1274 struct pending_cmd *cmd;
816a11d5 1275 u8 val;
ed2c4ee3
JH		 1276 int err;
1277
bdb6d971 1278 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1279
13ecd8b6
JH		 1280 if (!lmp_ssp_capable(hdev))
1281 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1282 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1283
a7e80f25
JH		 1284 if (cp->val != 0x00 && cp->val != 0x01)
1285 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1286 MGMT_STATUS_INVALID_PARAMS);
1287
13ecd8b6 1288 hci_dev_lock(hdev);
6c8f12c1 1289
c0ecddc2
JH		 1290 val = !!cp->val;
1291
4b34ee78 1292 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1293 bool changed = false;
1294
1295 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1296 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1297 changed = true;
1298 }
1299
1300 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1301 if (err < 0)
1302 goto failed;
1303
1304 if (changed)
1305 err = new_settings(hdev, sk);
1306
ed2c4ee3
JH		 1307 goto failed;
1308 }
1309
1310 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1311 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1312 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1313 goto failed;
1314 }
1315
ed2c4ee3
JH		 1316 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1317 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1318 goto failed;
1319 }
1320
1321 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1322 if (!cmd) {
1323 err = -ENOMEM;
1324 goto failed;
1325 }
1326
1327 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1328 if (err < 0) {
1329 mgmt_pending_remove(cmd);
1330 goto failed;
1331 }
1332
1333failed:
1334 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1335 return err;
1336}
1337
bdb6d971 1338static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1339{
1340 struct mgmt_mode *cp = data;
ee392693
MH		 1341 bool changed;
1342 int err;
6d80dfd0 1343
bdb6d971 1344 BT_DBG("request for %s", hdev->name);
6d80dfd0 1345
56f87901 1346 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
bdb6d971 1347 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1348 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1349
a7e80f25
JH		 1350 if (cp->val != 0x00 && cp->val != 0x01)
1351 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1352 MGMT_STATUS_INVALID_PARAMS);
1353
ee392693
MH		 1354 hci_dev_lock(hdev);
1355
6d80dfd0 1356 if (cp->val)
ee392693 1357 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6d80dfd0 1358 else
ee392693
MH		 1359 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1360
1361 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1362 if (err < 0)
1363 goto unlock;
1364
1365 if (changed)
1366 err = new_settings(hdev, sk);
6d80dfd0 1367
ee392693
MH		 1368unlock:
1369 hci_dev_unlock(hdev);
1370 return err;
6d80dfd0
JH		 1371}
1372
416a4ae5
JH		 1373static void le_enable_complete(struct hci_dev *hdev, u8 status)
1374{
1375 struct cmd_lookup match = { NULL, hdev };
1376
1377 if (status) {
1378 u8 mgmt_err = mgmt_status(status);
1379
1380 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1381 &mgmt_err);
1382 return;
1383 }
1384
1385 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1386
1387 new_settings(hdev, match.sk);
1388
1389 if (match.sk)
1390 sock_put(match.sk);
1391}
1392
bdb6d971 1393static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1394{
1395 struct mgmt_mode *cp = data;
1396 struct hci_cp_write_le_host_supported hci_cp;
1397 struct pending_cmd *cmd;
416a4ae5 1398 struct hci_request req;
06199cf8 1399 int err;
0b60eba1 1400 u8 val, enabled;
06199cf8 1401
bdb6d971 1402 BT_DBG("request for %s", hdev->name);
06199cf8 1403
13ecd8b6
JH		 1404 if (!lmp_le_capable(hdev))
1405 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1406 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1407
a7e80f25
JH		 1408 if (cp->val != 0x00 && cp->val != 0x01)
1409 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1410 MGMT_STATUS_INVALID_PARAMS);
1411
c73eee91 1412 /* LE-only devices do not allow toggling LE on/off */
56f87901 1413 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1414 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1415 MGMT_STATUS_REJECTED);
1416
13ecd8b6 1417 hci_dev_lock(hdev);
06199cf8
JH		 1418
1419 val = !!cp->val;
ffa88e02 1420 enabled = lmp_host_le_capable(hdev);
06199cf8 1421
0b60eba1 1422 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1423 bool changed = false;
1424
1425 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1426 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1427 changed = true;
1428 }
1429
eeca6f89
JH		 1430 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1431 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1432 changed = true;
1433 }
1434
06199cf8
JH		 1435 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1436 if (err < 0)
1de028ce 1437 goto unlock;
06199cf8
JH		 1438
1439 if (changed)
1440 err = new_settings(hdev, sk);
1441
1de028ce 1442 goto unlock;
06199cf8
JH		 1443 }
1444
4375f103
JH		 1445 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1446 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1447 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1448 MGMT_STATUS_BUSY);
1de028ce 1449 goto unlock;
06199cf8
JH		 1450 }
1451
1452 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1453 if (!cmd) {
1454 err = -ENOMEM;
1de028ce 1455 goto unlock;
06199cf8
JH		 1456 }
1457
1458 memset(&hci_cp, 0, sizeof(hci_cp));
1459
1460 if (val) {
1461 hci_cp.le = val;
ffa88e02 1462 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1463 }
1464
416a4ae5
JH		 1465 hci_req_init(&req, hdev);
1466
eeca6f89
JH		 1467 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1468 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1469
416a4ae5
JH		 1470 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1471 &hci_cp);
1472
1473 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1474 if (err < 0)
06199cf8 1475 mgmt_pending_remove(cmd);
06199cf8 1476
1de028ce
JH		 1477unlock:
1478 hci_dev_unlock(hdev);
06199cf8
JH		 1479 return err;
1480}
1481
0cab9c80
JH		 1482/* This is a helper function to test for pending mgmt commands that can
1483 * cause CoD or EIR HCI commands. We can only allow one such pending
1484 * mgmt command at a time since otherwise we cannot easily track what
1485 * the current values are, will be, and based on that calculate if a new
1486 * HCI command needs to be sent and if yes with what value.
1487 */
1488static bool pending_eir_or_class(struct hci_dev *hdev)
1489{
1490 struct pending_cmd *cmd;
1491
1492 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1493 switch (cmd->opcode) {
1494 case MGMT_OP_ADD_UUID:
1495 case MGMT_OP_REMOVE_UUID:
1496 case MGMT_OP_SET_DEV_CLASS:
1497 case MGMT_OP_SET_POWERED:
1498 return true;
1499 }
1500 }
1501
1502 return false;
1503}
1504
83be8eca
JH		 1505static const u8 bluetooth_base_uuid[] = {
1506 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1507 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1508};
1509
1510static u8 get_uuid_size(const u8 *uuid)
1511{
1512 u32 val;
1513
1514 if (memcmp(uuid, bluetooth_base_uuid, 12))
1515 return 128;
1516
1517 val = get_unaligned_le32(&uuid[12]);
1518 if (val > 0xffff)
1519 return 32;
1520
1521 return 16;
1522}
1523
92da6097
JH		 1524static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1525{
1526 struct pending_cmd *cmd;
1527
1528 hci_dev_lock(hdev);
1529
1530 cmd = mgmt_pending_find(mgmt_op, hdev);
1531 if (!cmd)
1532 goto unlock;
1533
1534 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1535 hdev->dev_class, 3);
1536
1537 mgmt_pending_remove(cmd);
1538
1539unlock:
1540 hci_dev_unlock(hdev);
1541}
1542
1543static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1544{
1545 BT_DBG("status 0x%02x", status);
1546
1547 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1548}
1549
bdb6d971 1550static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1551{
650f726d 1552 struct mgmt_cp_add_uuid *cp = data;
90e70454 1553 struct pending_cmd *cmd;
890ea898 1554 struct hci_request req;
2aeb9a1a 1555 struct bt_uuid *uuid;
2aeb9a1a
JH		 1556 int err;
1557
bdb6d971 1558 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1559
09fd0de5 1560 hci_dev_lock(hdev);
2aeb9a1a 1561
0cab9c80 1562 if (pending_eir_or_class(hdev)) {
bdb6d971 1563 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1564 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1565 goto failed;
1566 }
1567
92c4c204 1568 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1569 if (!uuid) {
1570 err = -ENOMEM;
1571 goto failed;
1572 }
1573
1574 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1575 uuid->svc_hint = cp->svc_hint;
83be8eca 1576 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1577
de66aa63 1578 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1579
890ea898 1580 hci_req_init(&req, hdev);
1aff6f09 1581
890ea898
JH		 1582 update_class(&req);
1583 update_eir(&req);
1584
92da6097
JH		 1585 err = hci_req_run(&req, add_uuid_complete);
1586 if (err < 0) {
1587 if (err != -ENODATA)
1588 goto failed;
80a1e1db 1589
bdb6d971 1590 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1591 hdev->dev_class, 3);
90e70454
JH		 1592 goto failed;
1593 }
1594
1595 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1596 if (!cmd) {
90e70454 1597 err = -ENOMEM;
890ea898
JH		 1598 goto failed;
1599 }
1600
1601 err = 0;
2aeb9a1a
JH		 1602
1603failed:
09fd0de5 1604 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1605 return err;
1606}
1607
24b78d0f
JH		 1608static bool enable_service_cache(struct hci_dev *hdev)
1609{
1610 if (!hdev_is_powered(hdev))
1611 return false;
1612
1613 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1614 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1615 CACHE_TIMEOUT);
24b78d0f
JH		 1616 return true;
1617 }
1618
1619 return false;
1620}
1621
92da6097
JH		 1622static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1623{
1624 BT_DBG("status 0x%02x", status);
1625
1626 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1627}
1628
bdb6d971 1629static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1630 u16 len)
2aeb9a1a 1631{
650f726d 1632 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1633 struct pending_cmd *cmd;
056341c8 1634 struct bt_uuid *match, *tmp;
2aeb9a1a 1635 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1636 struct hci_request req;
2aeb9a1a
JH		 1637 int err, found;
1638
bdb6d971 1639 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1640
09fd0de5 1641 hci_dev_lock(hdev);
2aeb9a1a 1642
0cab9c80 1643 if (pending_eir_or_class(hdev)) {
bdb6d971 1644 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1645 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1646 goto unlock;
1647 }
1648
2aeb9a1a
JH		 1649 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1650 err = hci_uuids_clear(hdev);
4004b6d9 1651
24b78d0f 1652 if (enable_service_cache(hdev)) {
bdb6d971 1653 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1654 0, hdev->dev_class, 3);
24b78d0f
JH		 1655 goto unlock;
1656 }
4004b6d9 1657
9246a869 1658 goto update_class;
2aeb9a1a
JH		 1659 }
1660
1661 found = 0;
1662
056341c8 1663 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1664 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1665 continue;
1666
1667 list_del(&match->list);
482049f7 1668 kfree(match);
2aeb9a1a
JH		 1669 found++;
1670 }
1671
1672 if (found == 0) {
bdb6d971 1673 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1674 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1675 goto unlock;
1676 }
1677
9246a869 1678update_class:
890ea898 1679 hci_req_init(&req, hdev);
1aff6f09 1680
890ea898
JH		 1681 update_class(&req);
1682 update_eir(&req);
1683
92da6097
JH		 1684 err = hci_req_run(&req, remove_uuid_complete);
1685 if (err < 0) {
1686 if (err != -ENODATA)
1687 goto unlock;
80a1e1db 1688
bdb6d971 1689 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1690 hdev->dev_class, 3);
90e70454
JH		 1691 goto unlock;
1692 }
1693
1694 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1695 if (!cmd) {
90e70454 1696 err = -ENOMEM;
890ea898
JH		 1697 goto unlock;
1698 }
1699
1700 err = 0;
2aeb9a1a
JH		 1701
1702unlock:
09fd0de5 1703 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1704 return err;
1705}
1706
92da6097
JH		 1707static void set_class_complete(struct hci_dev *hdev, u8 status)
1708{
1709 BT_DBG("status 0x%02x", status);
1710
1711 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1712}
1713
bdb6d971 1714static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1715 u16 len)
1aff6f09 1716{
650f726d 1717 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1718 struct pending_cmd *cmd;
890ea898 1719 struct hci_request req;
1aff6f09
JH		 1720 int err;
1721
bdb6d971 1722 BT_DBG("request for %s", hdev->name);
1aff6f09 1723
56f87901 1724 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
13ecd8b6
JH		 1725 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1726 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1727
0cab9c80 1728 hci_dev_lock(hdev);
ee98f473 1729
0cab9c80
JH		 1730 if (pending_eir_or_class(hdev)) {
1731 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1732 MGMT_STATUS_BUSY);
1733 goto unlock;
1734 }
c95f0ba7 1735
0cab9c80
JH		 1736 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1737 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1738 MGMT_STATUS_INVALID_PARAMS);
1739 goto unlock;
1740 }
575b3a02 1741
932f5ff5
JH		 1742 hdev->major_class = cp->major;
1743 hdev->minor_class = cp->minor;
1744
b5235a65 1745 if (!hdev_is_powered(hdev)) {
bdb6d971 1746 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1747 hdev->dev_class, 3);
b5235a65
JH		 1748 goto unlock;
1749 }
1750
890ea898
JH		 1751 hci_req_init(&req, hdev);
1752
a8b2d5c2 1753 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1754 hci_dev_unlock(hdev);
1755 cancel_delayed_work_sync(&hdev->service_cache);
1756 hci_dev_lock(hdev);
890ea898 1757 update_eir(&req);
7d78525d 1758 }
14c0b608 1759
890ea898
JH		 1760 update_class(&req);
1761
92da6097
JH		 1762 err = hci_req_run(&req, set_class_complete);
1763 if (err < 0) {
1764 if (err != -ENODATA)
1765 goto unlock;
1aff6f09 1766
bdb6d971 1767 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1768 hdev->dev_class, 3);
90e70454
JH		 1769 goto unlock;
1770 }
1771
1772 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1773 if (!cmd) {
90e70454 1774 err = -ENOMEM;
890ea898
JH		 1775 goto unlock;
1776 }
1777
1778 err = 0;
1aff6f09 1779
b5235a65 1780unlock:
09fd0de5 1781 hci_dev_unlock(hdev);
1aff6f09
JH		 1782 return err;
1783}
1784
bdb6d971 1785static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1786 u16 len)
55ed8ca1 1787{
650f726d 1788 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1789 u16 key_count, expected_len;
a492cd52 1790 int i;
55ed8ca1 1791
1f350c87 1792 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1793
86742e1e
JH		 1794 expected_len = sizeof(*cp) + key_count *
1795 sizeof(struct mgmt_link_key_info);
a492cd52 1796 if (expected_len != len) {
86742e1e 1797 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1798 len, expected_len);
bdb6d971 1799 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1800 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1801 }
1802
4ae14301
JH		 1803 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1804 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1805 MGMT_STATUS_INVALID_PARAMS);
1806
bdb6d971 1807 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1808 key_count);
55ed8ca1 1809
4ee71b20
JH		 1810 for (i = 0; i < key_count; i++) {
1811 struct mgmt_link_key_info *key = &cp->keys[i];
1812
1813 if (key->addr.type != BDADDR_BREDR)
1814 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1815 MGMT_STATUS_INVALID_PARAMS);
1816 }
1817
09fd0de5 1818 hci_dev_lock(hdev);
55ed8ca1
JH		 1819
1820 hci_link_keys_clear(hdev);
1821
55ed8ca1 1822 if (cp->debug_keys)
a8b2d5c2 1823 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1824 else
a8b2d5c2 1825 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1826
a492cd52 1827 for (i = 0; i < key_count; i++) {
86742e1e 1828 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1829
d753fdc4 1830 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1831 key->type, key->pin_len);
55ed8ca1
JH		 1832 }
1833
bdb6d971 1834 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1835
09fd0de5 1836 hci_dev_unlock(hdev);
55ed8ca1 1837
a492cd52 1838 return 0;
55ed8ca1
JH		 1839}
1840
b1078ad0 1841static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1842 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1843{
1844 struct mgmt_ev_device_unpaired ev;
1845
1846 bacpy(&ev.addr.bdaddr, bdaddr);
1847 ev.addr.type = addr_type;
1848
1849 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1850 skip_sk);
b1078ad0
JH		 1851}
1852
bdb6d971 1853static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1854 u16 len)
55ed8ca1 1855{
124f6e35
JH		 1856 struct mgmt_cp_unpair_device *cp = data;
1857 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1858 struct hci_cp_disconnect dc;
1859 struct pending_cmd *cmd;
55ed8ca1 1860 struct hci_conn *conn;
55ed8ca1
JH		 1861 int err;
1862
a8a1d19e 1863 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1864 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1865 rp.addr.type = cp->addr.type;
a8a1d19e 1866
4ee71b20
JH		 1867 if (!bdaddr_type_is_valid(cp->addr.type))
1868 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1869 MGMT_STATUS_INVALID_PARAMS,
1870 &rp, sizeof(rp));
1871
118da70b
JH		 1872 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1873 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1874 MGMT_STATUS_INVALID_PARAMS,
1875 &rp, sizeof(rp));
1876
4ee71b20
JH		 1877 hci_dev_lock(hdev);
1878
86a8cfc6 1879 if (!hdev_is_powered(hdev)) {
bdb6d971 1880 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1881 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1882 goto unlock;
1883 }
1884
591f47f3 1885 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1886 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1887 else
1888 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1889
55ed8ca1 1890 if (err < 0) {
bdb6d971 1891 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1892 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1893 goto unlock;
1894 }
1895
86a8cfc6 1896 if (cp->disconnect) {
591f47f3 1897 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1898 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1899 &cp->addr.bdaddr);
86a8cfc6
JH		 1900 else
1901 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1902 &cp->addr.bdaddr);
86a8cfc6
JH		 1903 } else {
1904 conn = NULL;
1905 }
124f6e35 1906
a8a1d19e 1907 if (!conn) {
bdb6d971 1908 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1909 &rp, sizeof(rp));
b1078ad0 1910 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1911 goto unlock;
1912 }
55ed8ca1 1913
124f6e35 1914 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1915 sizeof(*cp));
a8a1d19e
JH		 1916 if (!cmd) {
1917 err = -ENOMEM;
1918 goto unlock;
55ed8ca1
JH		 1919 }
1920
eb55ef07 1921 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1922 dc.reason = 0x13; /* Remote User Terminated Connection */
1923 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1924 if (err < 0)
1925 mgmt_pending_remove(cmd);
1926
55ed8ca1 1927unlock:
09fd0de5 1928 hci_dev_unlock(hdev);
55ed8ca1
JH		 1929 return err;
1930}
1931
bdb6d971 1932static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1933 u16 len)
8962ee74 1934{
650f726d 1935 struct mgmt_cp_disconnect *cp = data;
06a63b19 1936 struct mgmt_rp_disconnect rp;
8962ee74 1937 struct hci_cp_disconnect dc;
366a0336 1938 struct pending_cmd *cmd;
8962ee74 1939 struct hci_conn *conn;
8962ee74
JH		 1940 int err;
1941
1942 BT_DBG("");
1943
06a63b19
JH		 1944 memset(&rp, 0, sizeof(rp));
1945 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1946 rp.addr.type = cp->addr.type;
1947
4ee71b20 1948 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1949 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1950 MGMT_STATUS_INVALID_PARAMS,
1951 &rp, sizeof(rp));
4ee71b20 1952
09fd0de5 1953 hci_dev_lock(hdev);
8962ee74
JH		 1954
1955 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1956 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1957 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1958 goto failed;
1959 }
1960
2e58ef3e 1961 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1962 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1963 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1964 goto failed;
1965 }
1966
591f47f3 1967 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1968 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1969 &cp->addr.bdaddr);
88c3df13
JH		 1970 else
1971 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1972
f960727e 1973 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1974 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1975 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1976 goto failed;
1977 }
1978
2e58ef3e 1979 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1980 if (!cmd) {
1981 err = -ENOMEM;
8962ee74 1982 goto failed;
366a0336 1983 }
8962ee74 1984
eb55ef07 1985 dc.handle = cpu_to_le16(conn->handle);
3701f944 1986 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1987
1988 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1989 if (err < 0)
a664b5bc 1990 mgmt_pending_remove(cmd);
8962ee74
JH		 1991
1992failed:
09fd0de5 1993 hci_dev_unlock(hdev);
8962ee74
JH		 1994 return err;
1995}
1996
57c1477c 1997static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1998{
1999 switch (link_type) {
2000 case LE_LINK:
48264f06
JH		 2001 switch (addr_type) {
2002 case ADDR_LE_DEV_PUBLIC:
591f47f3 2003 return BDADDR_LE_PUBLIC;
0ed09148 2004
48264f06 2005 default:
0ed09148 2006 /* Fallback to LE Random address type */
591f47f3 2007 return BDADDR_LE_RANDOM;
48264f06 2008 }
0ed09148 2009
4c659c39 2010 default:
0ed09148 2011 /* Fallback to BR/EDR type */
591f47f3 2012 return BDADDR_BREDR;
4c659c39
JH		 2013 }
2014}
2015
04124681
GP		 2016static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2017 u16 data_len)
2784eb41 2018{
2784eb41 2019 struct mgmt_rp_get_connections *rp;
8035ded4 2020 struct hci_conn *c;
a38528f1 2021 size_t rp_len;
60fc5fb6
JH		 2022 int err;
2023 u16 i;
2784eb41
JH		 2024
2025 BT_DBG("");
2026
09fd0de5 2027 hci_dev_lock(hdev);
2784eb41 2028
5f97c1df 2029 if (!hdev_is_powered(hdev)) {
bdb6d971 2030 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2031 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2032 goto unlock;
2033 }
2034
60fc5fb6 2035 i = 0;
b644ba33
JH		 2036 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2037 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2038 i++;
2784eb41
JH		 2039 }
2040
60fc5fb6 2041 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2042 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2043 if (!rp) {
2784eb41
JH		 2044 err = -ENOMEM;
2045 goto unlock;
2046 }
2047
2784eb41 2048 i = 0;
4c659c39 2049 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2050 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2051 continue;
4c659c39 2052 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2053 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2054 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2055 continue;
2056 i++;
2057 }
2058
eb55ef07 2059 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2060
4c659c39
JH		 2061 /* Recalculate length in case of filtered SCO connections, etc */
2062 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2063
bdb6d971 2064 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2065 rp_len);
2784eb41 2066
a38528f1 2067 kfree(rp);
5f97c1df
JH		 2068
2069unlock:
09fd0de5 2070 hci_dev_unlock(hdev);
2784eb41
JH		 2071 return err;
2072}
2073
bdb6d971 2074static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2075 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2076{
2077 struct pending_cmd *cmd;
2078 int err;
2079
2e58ef3e 2080 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2081 sizeof(*cp));
96d97a67
WR		 2082 if (!cmd)
2083 return -ENOMEM;
2084
d8457698 2085 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2086 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2087 if (err < 0)
2088 mgmt_pending_remove(cmd);
2089
2090 return err;
2091}
2092
bdb6d971 2093static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2094 u16 len)
980e1a53 2095{
96d97a67 2096 struct hci_conn *conn;
650f726d 2097 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2098 struct hci_cp_pin_code_reply reply;
366a0336 2099 struct pending_cmd *cmd;
980e1a53
JH		 2100 int err;
2101
2102 BT_DBG("");
2103
09fd0de5 2104 hci_dev_lock(hdev);
980e1a53 2105
4b34ee78 2106 if (!hdev_is_powered(hdev)) {
bdb6d971 2107 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2108 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2109 goto failed;
2110 }
2111
d8457698 2112 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2113 if (!conn) {
bdb6d971 2114 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2115 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2116 goto failed;
2117 }
2118
2119 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2120 struct mgmt_cp_pin_code_neg_reply ncp;
2121
2122 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2123
2124 BT_ERR("PIN code is not 16 bytes long");
2125
bdb6d971 2126 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2127 if (err >= 0)
bdb6d971 2128 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2129 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2130
2131 goto failed;
2132 }
2133
00abfe44 2134 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2135 if (!cmd) {
2136 err = -ENOMEM;
980e1a53 2137 goto failed;
366a0336 2138 }
980e1a53 2139
d8457698 2140 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2141 reply.pin_len = cp->pin_len;
24718ca5 2142 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2143
2144 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2145 if (err < 0)
a664b5bc 2146 mgmt_pending_remove(cmd);
980e1a53
JH		 2147
2148failed:
09fd0de5 2149 hci_dev_unlock(hdev);
980e1a53
JH		 2150 return err;
2151}
2152
04124681
GP		 2153static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2154 u16 len)
17fa4b9d 2155{
650f726d 2156 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2157
2158 BT_DBG("");
2159
09fd0de5 2160 hci_dev_lock(hdev);
17fa4b9d
JH		 2161
2162 hdev->io_capability = cp->io_capability;
2163
2164 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2165 hdev->io_capability);
17fa4b9d 2166
09fd0de5 2167 hci_dev_unlock(hdev);
17fa4b9d 2168
04124681
GP		 2169 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2170 0);
17fa4b9d
JH		 2171}
2172
6039aa73 2173static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2174{
2175 struct hci_dev *hdev = conn->hdev;
8035ded4 2176 struct pending_cmd *cmd;
e9a416b5 2177
2e58ef3e 2178 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2179 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2180 continue;
2181
e9a416b5
JH		 2182 if (cmd->user_data != conn)
2183 continue;
2184
2185 return cmd;
2186 }
2187
2188 return NULL;
2189}
2190
2191static void pairing_complete(struct pending_cmd *cmd, u8 status)
2192{
2193 struct mgmt_rp_pair_device rp;
2194 struct hci_conn *conn = cmd->user_data;
2195
ba4e564f 2196 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2197 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2198
aee9b218 2199 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2200 &rp, sizeof(rp));
e9a416b5
JH		 2201
2202 /* So we don't get further callbacks for this connection */
2203 conn->connect_cfm_cb = NULL;
2204 conn->security_cfm_cb = NULL;
2205 conn->disconn_cfm_cb = NULL;
2206
76a68ba0 2207 hci_conn_drop(conn);
e9a416b5 2208
a664b5bc 2209 mgmt_pending_remove(cmd);
e9a416b5
JH		 2210}
2211
2212static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2213{
2214 struct pending_cmd *cmd;
2215
2216 BT_DBG("status %u", status);
2217
2218 cmd = find_pairing(conn);
56e5cb86 2219 if (!cmd)
e9a416b5 2220 BT_DBG("Unable to find a pending command");
56e5cb86 2221 else
e211326c 2222 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2223}
2224
4c47d739
VA		 2225static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2226{
2227 struct pending_cmd *cmd;
2228
2229 BT_DBG("status %u", status);
2230
2231 if (!status)
2232 return;
2233
2234 cmd = find_pairing(conn);
2235 if (!cmd)
2236 BT_DBG("Unable to find a pending command");
2237 else
2238 pairing_complete(cmd, mgmt_status(status));
2239}
2240
bdb6d971 2241static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2242 u16 len)
e9a416b5 2243{
650f726d 2244 struct mgmt_cp_pair_device *cp = data;
1425acb7 2245 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2246 struct pending_cmd *cmd;
2247 u8 sec_level, auth_type;
2248 struct hci_conn *conn;
e9a416b5
JH		 2249 int err;
2250
2251 BT_DBG("");
2252
f950a30e
SJ		 2253 memset(&rp, 0, sizeof(rp));
2254 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2255 rp.addr.type = cp->addr.type;
2256
4ee71b20
JH		 2257 if (!bdaddr_type_is_valid(cp->addr.type))
2258 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2259 MGMT_STATUS_INVALID_PARAMS,
2260 &rp, sizeof(rp));
2261
09fd0de5 2262 hci_dev_lock(hdev);
e9a416b5 2263
5f97c1df 2264 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2265 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2266 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2267 goto unlock;
2268 }
2269
c908df36
VCG		 2270 sec_level = BT_SECURITY_MEDIUM;
2271 if (cp->io_cap == 0x03)
e9a416b5 2272 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2273 else
e9a416b5 2274 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2275
591f47f3 2276 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2277 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2278 cp->addr.type, sec_level, auth_type);
7a512d01 2279 else
b12f62cf
AG		 2280 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2281 cp->addr.type, sec_level, auth_type);
7a512d01 2282
30e76272 2283 if (IS_ERR(conn)) {
489dc48e
AK		 2284 int status;
2285
2286 if (PTR_ERR(conn) == -EBUSY)
2287 status = MGMT_STATUS_BUSY;
2288 else
2289 status = MGMT_STATUS_CONNECT_FAILED;
2290
bdb6d971 2291 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2292 status, &rp,
04124681 2293 sizeof(rp));
e9a416b5
JH		 2294 goto unlock;
2295 }
2296
2297 if (conn->connect_cfm_cb) {
76a68ba0 2298 hci_conn_drop(conn);
bdb6d971 2299 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2300 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2301 goto unlock;
2302 }
2303
2e58ef3e 2304 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2305 if (!cmd) {
2306 err = -ENOMEM;
76a68ba0 2307 hci_conn_drop(conn);
e9a416b5
JH		 2308 goto unlock;
2309 }
2310
7a512d01 2311 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2312 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2313 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2314 else
2315 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2316
e9a416b5
JH		 2317 conn->security_cfm_cb = pairing_complete_cb;
2318 conn->disconn_cfm_cb = pairing_complete_cb;
2319 conn->io_capability = cp->io_cap;
2320 cmd->user_data = conn;
2321
2322 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2323 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2324 pairing_complete(cmd, 0);
2325
2326 err = 0;
2327
2328unlock:
09fd0de5 2329 hci_dev_unlock(hdev);
e9a416b5
JH		 2330 return err;
2331}
2332
04124681
GP		 2333static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2334 u16 len)
28424707 2335{
0f4e68cf 2336 struct mgmt_addr_info *addr = data;
28424707
JH		 2337 struct pending_cmd *cmd;
2338 struct hci_conn *conn;
2339 int err;
2340
2341 BT_DBG("");
2342
28424707
JH		 2343 hci_dev_lock(hdev);
2344
5f97c1df 2345 if (!hdev_is_powered(hdev)) {
bdb6d971 2346 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2347 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2348 goto unlock;
2349 }
2350
28424707
JH		 2351 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2352 if (!cmd) {
bdb6d971 2353 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2354 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2355 goto unlock;
2356 }
2357
2358 conn = cmd->user_data;
2359
2360 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2361 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2362 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2363 goto unlock;
2364 }
2365
2366 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2367
bdb6d971 2368 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2369 addr, sizeof(*addr));
28424707
JH		 2370unlock:
2371 hci_dev_unlock(hdev);
28424707
JH		 2372 return err;
2373}
2374
bdb6d971 2375static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2376 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2377 u16 hci_op, __le32 passkey)
a5c29683 2378{
a5c29683 2379 struct pending_cmd *cmd;
0df4c185 2380 struct hci_conn *conn;
a5c29683
JH		 2381 int err;
2382
09fd0de5 2383 hci_dev_lock(hdev);
08ba5382 2384
4b34ee78 2385 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2386 err = cmd_complete(sk, hdev->id, mgmt_op,
2387 MGMT_STATUS_NOT_POWERED, addr,
2388 sizeof(*addr));
0df4c185 2389 goto done;
a5c29683
JH		 2390 }
2391
1707c60e
JH		 2392 if (addr->type == BDADDR_BREDR)
2393 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2394 else
1707c60e 2395 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2396
2397 if (!conn) {
feb94d3d
JH		 2398 err = cmd_complete(sk, hdev->id, mgmt_op,
2399 MGMT_STATUS_NOT_CONNECTED, addr,
2400 sizeof(*addr));
272d90df
JH		 2401 goto done;
2402 }
47c15e2b 2403
1707c60e 2404 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2405 /* Continue with pairing via SMP */
5fe57d9e
BG		 2406 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2407
2408 if (!err)
feb94d3d
JH		 2409 err = cmd_complete(sk, hdev->id, mgmt_op,
2410 MGMT_STATUS_SUCCESS, addr,
2411 sizeof(*addr));
5fe57d9e 2412 else
feb94d3d
JH		 2413 err = cmd_complete(sk, hdev->id, mgmt_op,
2414 MGMT_STATUS_FAILED, addr,
2415 sizeof(*addr));
47c15e2b 2416
47c15e2b
BG		 2417 goto done;
2418 }
2419
1707c60e 2420 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2421 if (!cmd) {
2422 err = -ENOMEM;
0df4c185 2423 goto done;
a5c29683
JH		 2424 }
2425
0df4c185 2426 /* Continue with pairing via HCI */
604086b7
BG		 2427 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2428 struct hci_cp_user_passkey_reply cp;
2429
1707c60e 2430 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2431 cp.passkey = passkey;
2432 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2433 } else
1707c60e
JH		 2434 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2435 &addr->bdaddr);
604086b7 2436
a664b5bc
JH		 2437 if (err < 0)
2438 mgmt_pending_remove(cmd);
a5c29683 2439
0df4c185 2440done:
09fd0de5 2441 hci_dev_unlock(hdev);
a5c29683
JH		 2442 return err;
2443}
2444
afeb019d
JK		 2445static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2446 void *data, u16 len)
2447{
2448 struct mgmt_cp_pin_code_neg_reply *cp = data;
2449
2450 BT_DBG("");
2451
1707c60e 2452 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2453 MGMT_OP_PIN_CODE_NEG_REPLY,
2454 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2455}
2456
04124681
GP		 2457static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2458 u16 len)
0df4c185 2459{
650f726d 2460 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2461
2462 BT_DBG("");
2463
2464 if (len != sizeof(*cp))
bdb6d971 2465 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2466 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2467
1707c60e 2468 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2469 MGMT_OP_USER_CONFIRM_REPLY,
2470 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2471}
2472
bdb6d971 2473static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2474 void *data, u16 len)
0df4c185 2475{
c9c2659f 2476 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2477
2478 BT_DBG("");
2479
1707c60e 2480 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2481 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2482 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2483}
2484
04124681
GP		 2485static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2486 u16 len)
604086b7 2487{
650f726d 2488 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2489
2490 BT_DBG("");
2491
1707c60e 2492 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2493 MGMT_OP_USER_PASSKEY_REPLY,
2494 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2495}
2496
bdb6d971 2497static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2498 void *data, u16 len)
604086b7 2499{
650f726d 2500 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2501
2502 BT_DBG("");
2503
1707c60e 2504 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2505 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2506 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2507}
2508
13928971 2509static void update_name(struct hci_request *req)
2b4bf397 2510{
13928971 2511 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2512 struct hci_cp_write_local_name cp;
2513
13928971 2514 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2515
890ea898 2516 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2517}
2518
13928971
JH		 2519static void set_name_complete(struct hci_dev *hdev, u8 status)
2520{
2521 struct mgmt_cp_set_local_name *cp;
2522 struct pending_cmd *cmd;
2523
2524 BT_DBG("status 0x%02x", status);
2525
2526 hci_dev_lock(hdev);
2527
2528 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2529 if (!cmd)
2530 goto unlock;
2531
2532 cp = cmd->param;
2533
2534 if (status)
2535 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2536 mgmt_status(status));
2537 else
2538 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2539 cp, sizeof(*cp));
2540
2541 mgmt_pending_remove(cmd);
2542
2543unlock:
2544 hci_dev_unlock(hdev);
2545}
2546
bdb6d971 2547static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2548 u16 len)
b312b161 2549{
2b4bf397 2550 struct mgmt_cp_set_local_name *cp = data;
b312b161 2551 struct pending_cmd *cmd;
890ea898 2552 struct hci_request req;
b312b161
JH		 2553 int err;
2554
2555 BT_DBG("");
2556
09fd0de5 2557 hci_dev_lock(hdev);
b312b161 2558
b3f2ca94
JH		 2559 /* If the old values are the same as the new ones just return a
2560 * direct command complete event.
2561 */
2562 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2563 !memcmp(hdev->short_name, cp->short_name,
2564 sizeof(hdev->short_name))) {
2565 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2566 data, len);
2567 goto failed;
2568 }
2569
2b4bf397 2570 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2571
b5235a65 2572 if (!hdev_is_powered(hdev)) {
2b4bf397 2573 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2574
2575 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2576 data, len);
28cc7bde
JH		 2577 if (err < 0)
2578 goto failed;
2579
2580 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2581 sk);
28cc7bde 2582
b5235a65
JH		 2583 goto failed;
2584 }
2585
28cc7bde 2586 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2587 if (!cmd) {
2588 err = -ENOMEM;
2589 goto failed;
2590 }
2591
13928971
JH		 2592 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2593
890ea898 2594 hci_req_init(&req, hdev);
3f985050
JH		 2595
2596 if (lmp_bredr_capable(hdev)) {
2597 update_name(&req);
2598 update_eir(&req);
2599 }
2600
2601 if (lmp_le_capable(hdev))
2602 hci_update_ad(&req);
2603
13928971 2604 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2605 if (err < 0)
2606 mgmt_pending_remove(cmd);
2607
2608failed:
09fd0de5 2609 hci_dev_unlock(hdev);
b312b161
JH		 2610 return err;
2611}
2612
0f4e68cf 2613static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2614 void *data, u16 data_len)
c35938b2 2615{
c35938b2
SJ		 2616 struct pending_cmd *cmd;
2617 int err;
2618
bdb6d971 2619 BT_DBG("%s", hdev->name);
c35938b2 2620
09fd0de5 2621 hci_dev_lock(hdev);
c35938b2 2622
4b34ee78 2623 if (!hdev_is_powered(hdev)) {
bdb6d971 2624 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2625 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2626 goto unlock;
2627 }
2628
9a1a1996 2629 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2630 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2631 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2632 goto unlock;
2633 }
2634
2e58ef3e 2635 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2636 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2637 MGMT_STATUS_BUSY);
c35938b2
SJ		 2638 goto unlock;
2639 }
2640
2e58ef3e 2641 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2642 if (!cmd) {
2643 err = -ENOMEM;
2644 goto unlock;
2645 }
2646
2647 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2648 if (err < 0)
2649 mgmt_pending_remove(cmd);
2650
2651unlock:
09fd0de5 2652 hci_dev_unlock(hdev);
c35938b2
SJ		 2653 return err;
2654}
2655
bdb6d971 2656static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2657 void *data, u16 len)
2763eda6 2658{
650f726d 2659 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2660 u8 status;
2763eda6
SJ		 2661 int err;
2662
bdb6d971 2663 BT_DBG("%s ", hdev->name);
2763eda6 2664
09fd0de5 2665 hci_dev_lock(hdev);
2763eda6 2666
664ce4cc 2667 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2668 cp->randomizer);
2763eda6 2669 if (err < 0)
bf1e3541 2670 status = MGMT_STATUS_FAILED;
2763eda6 2671 else
a6785be2 2672 status = MGMT_STATUS_SUCCESS;
bf1e3541 2673
bdb6d971 2674 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2675 &cp->addr, sizeof(cp->addr));
2763eda6 2676
09fd0de5 2677 hci_dev_unlock(hdev);
2763eda6
SJ		 2678 return err;
2679}
2680
bdb6d971 2681static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2682 void *data, u16 len)
2763eda6 2683{
650f726d 2684 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2685 u8 status;
2763eda6
SJ		 2686 int err;
2687
bdb6d971 2688 BT_DBG("%s", hdev->name);
2763eda6 2689
09fd0de5 2690 hci_dev_lock(hdev);
2763eda6 2691
664ce4cc 2692 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2693 if (err < 0)
bf1e3541 2694 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2695 else
a6785be2 2696 status = MGMT_STATUS_SUCCESS;
bf1e3541 2697
bdb6d971 2698 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2699 status, &cp->addr, sizeof(cp->addr));
2763eda6 2700
09fd0de5 2701 hci_dev_unlock(hdev);
2763eda6
SJ		 2702 return err;
2703}
2704
41dc2bd6
AG		 2705static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2706{
2707 struct pending_cmd *cmd;
2708 u8 type;
2709 int err;
2710
2711 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2712
2713 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2714 if (!cmd)
2715 return -ENOENT;
2716
2717 type = hdev->discovery.type;
2718
2719 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2720 &type, sizeof(type));
2721 mgmt_pending_remove(cmd);
2722
2723 return err;
2724}
2725
7c307720
AG		 2726static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2727{
2728 BT_DBG("status %d", status);
2729
2730 if (status) {
2731 hci_dev_lock(hdev);
2732 mgmt_start_discovery_failed(hdev, status);
2733 hci_dev_unlock(hdev);
2734 return;
2735 }
2736
2737 hci_dev_lock(hdev);
2738 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2739 hci_dev_unlock(hdev);
2740
2741 switch (hdev->discovery.type) {
2742 case DISCOV_TYPE_LE:
2743 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2744 DISCOV_LE_TIMEOUT);
7c307720
AG		 2745 break;
2746
2747 case DISCOV_TYPE_INTERLEAVED:
2748 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2749 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2750 break;
2751
2752 case DISCOV_TYPE_BREDR:
2753 break;
2754
2755 default:
2756 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2757 }
2758}
2759
bdb6d971 2760static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2761 void *data, u16 len)
14a53664 2762{
650f726d 2763 struct mgmt_cp_start_discovery *cp = data;
14a53664 2764 struct pending_cmd *cmd;
7c307720
AG		 2765 struct hci_cp_le_set_scan_param param_cp;
2766 struct hci_cp_le_set_scan_enable enable_cp;
2767 struct hci_cp_inquiry inq_cp;
2768 struct hci_request req;
2769 /* General inquiry access code (GIAC) */
2770 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2771 int err;
2772
bdb6d971 2773 BT_DBG("%s", hdev->name);
14a53664 2774
09fd0de5 2775 hci_dev_lock(hdev);
14a53664 2776
4b34ee78 2777 if (!hdev_is_powered(hdev)) {
bdb6d971 2778 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2779 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2780 goto failed;
2781 }
2782
642be6c7
AG		 2783 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2784 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2785 MGMT_STATUS_BUSY);
2786 goto failed;
2787 }
2788
ff9ef578 2789 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2790 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2791 MGMT_STATUS_BUSY);
ff9ef578
JH		 2792 goto failed;
2793 }
2794
2e58ef3e 2795 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2796 if (!cmd) {
2797 err = -ENOMEM;
2798 goto failed;
2799 }
2800
4aab14e5
AG		 2801 hdev->discovery.type = cp->type;
2802
7c307720
AG		 2803 hci_req_init(&req, hdev);
2804
4aab14e5 2805 switch (hdev->discovery.type) {
f39799f5 2806 case DISCOV_TYPE_BREDR:
56f87901 2807 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2808 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2809 MGMT_STATUS_NOT_SUPPORTED);
2810 mgmt_pending_remove(cmd);
2811 goto failed;
2812 }
2813
7c307720
AG		 2814 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2815 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2816 MGMT_STATUS_BUSY);
2817 mgmt_pending_remove(cmd);
2818 goto failed;
2819 }
2820
2821 hci_inquiry_cache_flush(hdev);
2822
2823 memset(&inq_cp, 0, sizeof(inq_cp));
2824 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2825 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2826 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2827 break;
2828
2829 case DISCOV_TYPE_LE:
7c307720 2830 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2831 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2832 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2833 MGMT_STATUS_NOT_SUPPORTED);
2834 mgmt_pending_remove(cmd);
2835 goto failed;
2836 }
2837
7c307720 2838 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2839 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2840 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2841 MGMT_STATUS_NOT_SUPPORTED);
2842 mgmt_pending_remove(cmd);
2843 goto failed;
2844 }
2845
7c307720
AG		 2846 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2847 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2848 MGMT_STATUS_REJECTED);
2849 mgmt_pending_remove(cmd);
2850 goto failed;
2851 }
2852
2853 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2854 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2855 MGMT_STATUS_BUSY);
2856 mgmt_pending_remove(cmd);
2857 goto failed;
2858 }
2859
2860 memset(&param_cp, 0, sizeof(param_cp));
2861 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2862 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2863 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2864 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2865 &param_cp);
2866
2867 memset(&enable_cp, 0, sizeof(enable_cp));
2868 enable_cp.enable = LE_SCAN_ENABLE;
2869 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2870 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2871 &enable_cp);
5e0452c0
AG		 2872 break;
2873
f39799f5 2874 default:
04106755
JH		 2875 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2876 MGMT_STATUS_INVALID_PARAMS);
2877 mgmt_pending_remove(cmd);
2878 goto failed;
f39799f5 2879 }
3fd24153 2880
7c307720 2881 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2882 if (err < 0)
2883 mgmt_pending_remove(cmd);
ff9ef578
JH		 2884 else
2885 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2886
2887failed:
09fd0de5 2888 hci_dev_unlock(hdev);
14a53664
JH		 2889 return err;
2890}
2891
1183fdca
AG		 2892static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2893{
2894 struct pending_cmd *cmd;
2895 int err;
2896
2897 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2898 if (!cmd)
2899 return -ENOENT;
2900
2901 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2902 &hdev->discovery.type, sizeof(hdev->discovery.type));
2903 mgmt_pending_remove(cmd);
2904
2905 return err;
2906}
2907
0e05bba6
AG		 2908static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2909{
2910 BT_DBG("status %d", status);
2911
2912 hci_dev_lock(hdev);
2913
2914 if (status) {
2915 mgmt_stop_discovery_failed(hdev, status);
2916 goto unlock;
2917 }
2918
2919 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2920
2921unlock:
2922 hci_dev_unlock(hdev);
2923}
2924
bdb6d971 2925static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2926 u16 len)
14a53664 2927{
d930650b 2928 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2929 struct pending_cmd *cmd;
30dc78e1
JH		 2930 struct hci_cp_remote_name_req_cancel cp;
2931 struct inquiry_entry *e;
0e05bba6
AG		 2932 struct hci_request req;
2933 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2934 int err;
2935
bdb6d971 2936 BT_DBG("%s", hdev->name);
14a53664 2937
09fd0de5 2938 hci_dev_lock(hdev);
14a53664 2939
30dc78e1 2940 if (!hci_discovery_active(hdev)) {
bdb6d971 2941 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2942 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2943 sizeof(mgmt_cp->type));
d930650b
JH		 2944 goto unlock;
2945 }
2946
2947 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2948 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2949 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2950 sizeof(mgmt_cp->type));
30dc78e1 2951 goto unlock;
ff9ef578
JH		 2952 }
2953
2e58ef3e 2954 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2955 if (!cmd) {
2956 err = -ENOMEM;
30dc78e1
JH		 2957 goto unlock;
2958 }
2959
0e05bba6
AG		 2960 hci_req_init(&req, hdev);
2961
e0d9727e
AG		 2962 switch (hdev->discovery.state) {
2963 case DISCOVERY_FINDING:
0e05bba6
AG		 2964 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2965 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2966 } else {
2967 cancel_delayed_work(&hdev->le_scan_disable);
2968
2969 memset(&enable_cp, 0, sizeof(enable_cp));
2970 enable_cp.enable = LE_SCAN_DISABLE;
2971 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2972 sizeof(enable_cp), &enable_cp);
2973 }
c9ecc48e 2974
e0d9727e
AG		 2975 break;
2976
2977 case DISCOVERY_RESOLVING:
2978 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2979 NAME_PENDING);
e0d9727e 2980 if (!e) {
30dc78e1 2981 mgmt_pending_remove(cmd);
e0d9727e
AG		 2982 err = cmd_complete(sk, hdev->id,
2983 MGMT_OP_STOP_DISCOVERY, 0,
2984 &mgmt_cp->type,
2985 sizeof(mgmt_cp->type));
2986 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2987 goto unlock;
2988 }
30dc78e1 2989
e0d9727e 2990 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2991 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2992 &cp);
e0d9727e
AG		 2993
2994 break;
2995
2996 default:
2997 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2998
2999 mgmt_pending_remove(cmd);
3000 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3001 MGMT_STATUS_FAILED, &mgmt_cp->type,
3002 sizeof(mgmt_cp->type));
3003 goto unlock;
14a53664
JH		 3004 }
3005
0e05bba6 3006 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3007 if (err < 0)
3008 mgmt_pending_remove(cmd);
ff9ef578
JH		 3009 else
3010 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3011
30dc78e1 3012unlock:
09fd0de5 3013 hci_dev_unlock(hdev);
14a53664
JH		 3014 return err;
3015}
3016
bdb6d971 3017static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3018 u16 len)
561aafbc 3019{
650f726d 3020 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3021 struct inquiry_entry *e;
561aafbc
JH		 3022 int err;
3023
bdb6d971 3024 BT_DBG("%s", hdev->name);
561aafbc 3025
561aafbc
JH		 3026 hci_dev_lock(hdev);
3027
30dc78e1 3028 if (!hci_discovery_active(hdev)) {
bdb6d971 3029 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3030 MGMT_STATUS_FAILED);
30dc78e1
JH		 3031 goto failed;
3032 }
3033
a198e7b1 3034 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3035 if (!e) {
bdb6d971 3036 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3037 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3038 goto failed;
3039 }
3040
3041 if (cp->name_known) {
3042 e->name_state = NAME_KNOWN;
3043 list_del(&e->list);
3044 } else {
3045 e->name_state = NAME_NEEDED;
a3d4e20a 3046 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3047 }
3048
e384662b
JH		 3049 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3050 sizeof(cp->addr));
561aafbc
JH		 3051
3052failed:
3053 hci_dev_unlock(hdev);
561aafbc
JH		 3054 return err;
3055}
3056
bdb6d971 3057static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3058 u16 len)
7fbec224 3059{
650f726d 3060 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3061 u8 status;
7fbec224
AJ		 3062 int err;
3063
bdb6d971 3064 BT_DBG("%s", hdev->name);
7fbec224 3065
4ee71b20 3066 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3067 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3068 MGMT_STATUS_INVALID_PARAMS,
3069 &cp->addr, sizeof(cp->addr));
4ee71b20 3070
09fd0de5 3071 hci_dev_lock(hdev);
5e762444 3072
88c1fe4b 3073 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3074 if (err < 0)
f0eeea8b 3075 status = MGMT_STATUS_FAILED;
7fbec224 3076 else
a6785be2 3077 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3078
bdb6d971 3079 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3080 &cp->addr, sizeof(cp->addr));
5e762444 3081
09fd0de5 3082 hci_dev_unlock(hdev);
7fbec224
AJ		 3083
3084 return err;
3085}
3086
bdb6d971 3087static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3088 u16 len)
7fbec224 3089{
650f726d 3090 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3091 u8 status;
7fbec224
AJ		 3092 int err;
3093
bdb6d971 3094 BT_DBG("%s", hdev->name);
7fbec224 3095
4ee71b20 3096 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3097 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3098 MGMT_STATUS_INVALID_PARAMS,
3099 &cp->addr, sizeof(cp->addr));
4ee71b20 3100
09fd0de5 3101 hci_dev_lock(hdev);
5e762444 3102
88c1fe4b 3103 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3104 if (err < 0)
f0eeea8b 3105 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3106 else
a6785be2 3107 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3108
bdb6d971 3109 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3110 &cp->addr, sizeof(cp->addr));
5e762444 3111
09fd0de5 3112 hci_dev_unlock(hdev);
7fbec224
AJ		 3113
3114 return err;
3115}
3116
cdbaccca
MH		 3117static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3118 u16 len)
3119{
3120 struct mgmt_cp_set_device_id *cp = data;
890ea898 3121 struct hci_request req;
cdbaccca 3122 int err;
c72d4b8a 3123 __u16 source;
cdbaccca
MH		 3124
3125 BT_DBG("%s", hdev->name);
3126
c72d4b8a
SJ		 3127 source = __le16_to_cpu(cp->source);
3128
3129 if (source > 0x0002)
3130 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3131 MGMT_STATUS_INVALID_PARAMS);
3132
cdbaccca
MH		 3133 hci_dev_lock(hdev);
3134
c72d4b8a 3135 hdev->devid_source = source;
cdbaccca
MH		 3136 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3137 hdev->devid_product = __le16_to_cpu(cp->product);
3138 hdev->devid_version = __le16_to_cpu(cp->version);
3139
3140 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3141
890ea898
JH		 3142 hci_req_init(&req, hdev);
3143 update_eir(&req);
3144 hci_req_run(&req, NULL);
cdbaccca
MH		 3145
3146 hci_dev_unlock(hdev);
3147
3148 return err;
3149}
3150
4375f103
JH		 3151static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3152{
3153 struct cmd_lookup match = { NULL, hdev };
3154
3155 if (status) {
3156 u8 mgmt_err = mgmt_status(status);
3157
3158 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3159 cmd_status_rsp, &mgmt_err);
3160 return;
3161 }
3162
3163 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3164 &match);
3165
3166 new_settings(hdev, match.sk);
3167
3168 if (match.sk)
3169 sock_put(match.sk);
3170}
3171
3172static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3173{
3174 struct mgmt_mode *cp = data;
3175 struct pending_cmd *cmd;
3176 struct hci_request req;
3177 u8 val, enabled;
3178 int err;
3179
3180 BT_DBG("request for %s", hdev->name);
3181
3182 if (!lmp_le_capable(hdev))
3183 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3184 MGMT_STATUS_NOT_SUPPORTED);
3185
3186 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3187 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3188 MGMT_STATUS_REJECTED);
3189
3190 if (cp->val != 0x00 && cp->val != 0x01)
3191 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3192 MGMT_STATUS_INVALID_PARAMS);
3193
3194 hci_dev_lock(hdev);
3195
3196 val = !!cp->val;
3197 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3198
3199 if (!hdev_is_powered(hdev) || val == enabled) {
3200 bool changed = false;
3201
3202 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3203 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3204 changed = true;
3205 }
3206
3207 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3208 if (err < 0)
3209 goto unlock;
3210
3211 if (changed)
3212 err = new_settings(hdev, sk);
3213
3214 goto unlock;
3215 }
3216
3217 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3218 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3219 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3220 MGMT_STATUS_BUSY);
3221 goto unlock;
3222 }
3223
3224 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3225 if (!cmd) {
3226 err = -ENOMEM;
3227 goto unlock;
3228 }
3229
3230 hci_req_init(&req, hdev);
3231
3232 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3233
3234 err = hci_req_run(&req, set_advertising_complete);
3235 if (err < 0)
3236 mgmt_pending_remove(cmd);
3237
3238unlock:
3239 hci_dev_unlock(hdev);
3240 return err;
3241}
3242
33e38b3e
JH		 3243static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3244{
3245 struct pending_cmd *cmd;
3246
3247 BT_DBG("status 0x%02x", status);
3248
3249 hci_dev_lock(hdev);
3250
3251 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3252 if (!cmd)
3253 goto unlock;
3254
3255 if (status) {
3256 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3257 mgmt_status(status));
3258 } else {
1a4d3c4b
JH		 3259 struct mgmt_mode *cp = cmd->param;
3260
3261 if (cp->val)
3262 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3263 else
3264 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3265
33e38b3e
JH		 3266 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3267 new_settings(hdev, cmd->sk);
3268 }
3269
3270 mgmt_pending_remove(cmd);
3271
3272unlock:
3273 hci_dev_unlock(hdev);
3274}
3275
bdb6d971 3276static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3277 void *data, u16 len)
f6422ec6 3278{
650f726d 3279 struct mgmt_mode *cp = data;
33e38b3e
JH		 3280 struct pending_cmd *cmd;
3281 struct hci_request req;
f6422ec6
AJ		 3282 int err;
3283
bdb6d971 3284 BT_DBG("%s", hdev->name);
f6422ec6 3285
56f87901
JH		 3286 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3287 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3288 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3289 MGMT_STATUS_NOT_SUPPORTED);
3290
a7e80f25
JH		 3291 if (cp->val != 0x00 && cp->val != 0x01)
3292 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3293 MGMT_STATUS_INVALID_PARAMS);
3294
5400c044 3295 if (!hdev_is_powered(hdev))
bdb6d971 3296 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3297 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3298
3299 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3300 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3301 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3302
3303 hci_dev_lock(hdev);
3304
05cbf29f
JH		 3305 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3306 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3307 MGMT_STATUS_BUSY);
3308 goto unlock;
3309 }
3310
1a4d3c4b
JH		 3311 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3312 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3313 hdev);
3314 goto unlock;
3315 }
3316
33e38b3e
JH		 3317 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3318 data, len);
3319 if (!cmd) {
3320 err = -ENOMEM;
3321 goto unlock;
f6422ec6
AJ		 3322 }
3323
33e38b3e
JH		 3324 hci_req_init(&req, hdev);
3325
406d7804 3326 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3327
3328 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3329 if (err < 0) {
bdb6d971 3330 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3331 MGMT_STATUS_FAILED);
33e38b3e 3332 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3333 }
3334
33e38b3e 3335unlock:
f6422ec6 3336 hci_dev_unlock(hdev);
33e38b3e 3337
f6422ec6
AJ		 3338 return err;
3339}
3340
0663ca2a
JH		 3341static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3342{
3343 struct pending_cmd *cmd;
3344
3345 BT_DBG("status 0x%02x", status);
3346
3347 hci_dev_lock(hdev);
3348
3349 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3350 if (!cmd)
3351 goto unlock;
3352
3353 if (status) {
3354 u8 mgmt_err = mgmt_status(status);
3355
3356 /* We need to restore the flag if related HCI commands
3357 * failed.
3358 */
3359 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3360
3361 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3362 } else {
3363 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3364 new_settings(hdev, cmd->sk);
3365 }
3366
3367 mgmt_pending_remove(cmd);
3368
3369unlock:
3370 hci_dev_unlock(hdev);
3371}
3372
3373static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3374{
3375 struct mgmt_mode *cp = data;
3376 struct pending_cmd *cmd;
3377 struct hci_request req;
3378 int err;
3379
3380 BT_DBG("request for %s", hdev->name);
3381
3382 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3383 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3384 MGMT_STATUS_NOT_SUPPORTED);
3385
3386 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3387 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3388 MGMT_STATUS_REJECTED);
3389
3390 if (cp->val != 0x00 && cp->val != 0x01)
3391 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3392 MGMT_STATUS_INVALID_PARAMS);
3393
3394 hci_dev_lock(hdev);
3395
3396 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3397 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3398 goto unlock;
3399 }
3400
3401 if (!hdev_is_powered(hdev)) {
3402 if (!cp->val) {
3403 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3404 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3405 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3406 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3407 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3408 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3409 }
3410
3411 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3412
3413 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3414 if (err < 0)
3415 goto unlock;
3416
3417 err = new_settings(hdev, sk);
3418 goto unlock;
3419 }
3420
3421 /* Reject disabling when powered on */
3422 if (!cp->val) {
3423 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3424 MGMT_STATUS_REJECTED);
3425 goto unlock;
3426 }
3427
3428 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3429 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3430 MGMT_STATUS_BUSY);
3431 goto unlock;
3432 }
3433
3434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3435 if (!cmd) {
3436 err = -ENOMEM;
3437 goto unlock;
3438 }
3439
3440 /* We need to flip the bit already here so that hci_update_ad
3441 * generates the correct flags.
3442 */
3443 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3444
3445 hci_req_init(&req, hdev);
3446 hci_update_ad(&req);
3447 err = hci_req_run(&req, set_bredr_complete);
3448 if (err < 0)
3449 mgmt_pending_remove(cmd);
3450
3451unlock:
3452 hci_dev_unlock(hdev);
3453 return err;
3454}
3455
3f706b72
JH		 3456static bool ltk_is_valid(struct mgmt_ltk_info *key)
3457{
44b20d33
JH		 3458 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3459 return false;
3f706b72
JH		 3460 if (key->master != 0x00 && key->master != 0x01)
3461 return false;
4ee71b20
JH		 3462 if (!bdaddr_type_is_le(key->addr.type))
3463 return false;
3f706b72
JH		 3464 return true;
3465}
3466
bdb6d971 3467static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3468 void *cp_data, u16 len)
346af67b 3469{
346af67b
VCG		 3470 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3471 u16 key_count, expected_len;
715a5bf2 3472 int i, err;
346af67b 3473
1f350c87 3474 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3475
3476 expected_len = sizeof(*cp) + key_count *
3477 sizeof(struct mgmt_ltk_info);
3478 if (expected_len != len) {
3479 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3480 len, expected_len);
bdb6d971 3481 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3482 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3483 }
3484
bdb6d971 3485 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3486
54ad6d8a
JH		 3487 for (i = 0; i < key_count; i++) {
3488 struct mgmt_ltk_info *key = &cp->keys[i];
3489
3f706b72 3490 if (!ltk_is_valid(key))
54ad6d8a
JH		 3491 return cmd_status(sk, hdev->id,
3492 MGMT_OP_LOAD_LONG_TERM_KEYS,
3493 MGMT_STATUS_INVALID_PARAMS);
3494 }
3495
346af67b
VCG		 3496 hci_dev_lock(hdev);
3497
3498 hci_smp_ltks_clear(hdev);
3499
3500 for (i = 0; i < key_count; i++) {
3501 struct mgmt_ltk_info *key = &cp->keys[i];
3502 u8 type;
3503
3504 if (key->master)
3505 type = HCI_SMP_LTK;
3506 else
3507 type = HCI_SMP_LTK_SLAVE;
3508
4596fde5 3509 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3510 bdaddr_to_le(key->addr.type),
04124681
GP		 3511 type, 0, key->authenticated, key->val,
3512 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3513 }
3514
715a5bf2
JH		 3515 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3516 NULL, 0);
3517
346af67b 3518 hci_dev_unlock(hdev);
346af67b 3519
715a5bf2 3520 return err;
346af67b
VCG		 3521}
3522
2e3c35ea 3523static const struct mgmt_handler {
04124681
GP		 3524 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3525 u16 data_len);
be22b54e
JH		 3526 bool var_len;
3527 size_t data_len;
0f4e68cf
JH		 3528} mgmt_handlers[] = {
3529 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3530 { read_version, false, MGMT_READ_VERSION_SIZE },
3531 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3532 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3533 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3534 { set_powered, false, MGMT_SETTING_SIZE },
3535 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3536 { set_connectable, false, MGMT_SETTING_SIZE },
3537 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3538 { set_pairable, false, MGMT_SETTING_SIZE },
3539 { set_link_security, false, MGMT_SETTING_SIZE },
3540 { set_ssp, false, MGMT_SETTING_SIZE },
3541 { set_hs, false, MGMT_SETTING_SIZE },
3542 { set_le, false, MGMT_SETTING_SIZE },
3543 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3544 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3545 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3546 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3547 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3548 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3549 { disconnect, false, MGMT_DISCONNECT_SIZE },
3550 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3551 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3552 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3553 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3554 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3555 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3556 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3557 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3558 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3559 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3560 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3561 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3562 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3563 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3564 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3565 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3566 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3567 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3568 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3569 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3570 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3571 { set_bredr, false, MGMT_SETTING_SIZE },
0f4e68cf
JH		 3572};
3573
3574
0381101f
JH		 3575int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3576{
650f726d
VCG		 3577 void *buf;
3578 u8 *cp;
0381101f 3579 struct mgmt_hdr *hdr;
4e51eae9 3580 u16 opcode, index, len;
bdb6d971 3581 struct hci_dev *hdev = NULL;
2e3c35ea 3582 const struct mgmt_handler *handler;
0381101f
JH		 3583 int err;
3584
3585 BT_DBG("got %zu bytes", msglen);
3586
3587 if (msglen < sizeof(*hdr))
3588 return -EINVAL;
3589
e63a15ec 3590 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3591 if (!buf)
3592 return -ENOMEM;
3593
3594 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3595 err = -EFAULT;
3596 goto done;
3597 }
3598
650f726d 3599 hdr = buf;
1f350c87
MH		 3600 opcode = __le16_to_cpu(hdr->opcode);
3601 index = __le16_to_cpu(hdr->index);
3602 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3603
3604 if (len != msglen - sizeof(*hdr)) {
3605 err = -EINVAL;
3606 goto done;
3607 }
3608
0f4e68cf 3609 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3610 hdev = hci_dev_get(index);
3611 if (!hdev) {
3612 err = cmd_status(sk, index, opcode,
04124681 3613 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3614 goto done;
3615 }
0736cfa8
MH		 3616
3617 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3618 err = cmd_status(sk, index, opcode,
3619 MGMT_STATUS_INVALID_INDEX);
3620 goto done;
3621 }
bdb6d971
JH		 3622 }
3623
0f4e68cf 3624 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3625 mgmt_handlers[opcode].func == NULL) {
0381101f 3626 BT_DBG("Unknown op %u", opcode);
ca69b795 3627 err = cmd_status(sk, index, opcode,
04124681 3628 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3629 goto done;
3630 }
3631
3632 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3633 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3634 err = cmd_status(sk, index, opcode,
04124681 3635 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3636 goto done;
0381101f
JH		 3637 }
3638
be22b54e
JH		 3639 handler = &mgmt_handlers[opcode];
3640
3641 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3642 (!handler->var_len && len != handler->data_len)) {
be22b54e 3643 err = cmd_status(sk, index, opcode,
04124681 3644 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3645 goto done;
3646 }
3647
0f4e68cf
JH		 3648 if (hdev)
3649 mgmt_init_hdev(sk, hdev);
3650
3651 cp = buf + sizeof(*hdr);
3652
be22b54e 3653 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3654 if (err < 0)
3655 goto done;
3656
0381101f
JH		 3657 err = msglen;
3658
3659done:
bdb6d971
JH		 3660 if (hdev)
3661 hci_dev_put(hdev);
3662
0381101f
JH		 3663 kfree(buf);
3664 return err;
3665}
c71e97bf 3666
744cf19e 3667int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3668{
bb4b2a9a
AE		 3669 if (!mgmt_valid_hdev(hdev))
3670 return -ENOTSUPP;
3671
744cf19e 3672 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3673}
3674
744cf19e 3675int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3676{
5f159032 3677 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3678
bb4b2a9a
AE		 3679 if (!mgmt_valid_hdev(hdev))
3680 return -ENOTSUPP;
3681
744cf19e 3682 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3683
744cf19e 3684 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3685}
3686
890ea898 3687static void set_bredr_scan(struct hci_request *req)
7f0ae647 3688{
890ea898 3689 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3690 u8 scan = 0;
3691
4c01f8b8
JH		 3692 /* Ensure that fast connectable is disabled. This function will
3693 * not do anything if the page scan parameters are already what
3694 * they should be.
3695 */
3696 write_fast_connectable(req, false);
3697
7f0ae647
JH		 3698 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3699 scan |= SCAN_PAGE;
3700 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3701 scan |= SCAN_INQUIRY;
3702
890ea898
JH		 3703 if (scan)
3704 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3705}
3706
229ab39c
JH		 3707static void powered_complete(struct hci_dev *hdev, u8 status)
3708{
3709 struct cmd_lookup match = { NULL, hdev };
3710
3711 BT_DBG("status 0x%02x", status);
3712
3713 hci_dev_lock(hdev);
3714
3715 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3716
3717 new_settings(hdev, match.sk);
3718
3719 hci_dev_unlock(hdev);
3720
3721 if (match.sk)
3722 sock_put(match.sk);
3723}
3724
70da6243 3725static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3726{
890ea898 3727 struct hci_request req;
70da6243 3728 u8 link_sec;
5add6af8 3729
890ea898
JH		 3730 hci_req_init(&req, hdev);
3731
70da6243
JH		 3732 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3733 !lmp_host_ssp_capable(hdev)) {
3734 u8 ssp = 1;
5e5282bb 3735
890ea898 3736 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3737 }
5add6af8 3738
c73eee91
JH		 3739 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3740 lmp_bredr_capable(hdev)) {
70da6243 3741 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3742
70da6243
JH		 3743 cp.le = 1;
3744 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3745
70da6243
JH		 3746 /* Check first if we already have the right
3747 * host state (host features set)
3748 */
3749 if (cp.le != lmp_host_le_capable(hdev) ||
3750 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3751 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3752 sizeof(cp), &cp);
0663ca2a
JH		 3753
3754 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3755 hci_update_ad(&req);
70da6243 3756 }
3d1cbdd6 3757
eeca6f89
JH		 3758 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3759 u8 adv = 0x01;
3760
3761 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3762 }
3763
70da6243
JH		 3764 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3765 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3766 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3767 sizeof(link_sec), &link_sec);
562fcc24 3768
70da6243 3769 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3770 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3771 set_bredr_scan(&req);
890ea898 3772 update_class(&req);
13928971 3773 update_name(&req);
890ea898 3774 update_eir(&req);
70da6243 3775 }
562fcc24 3776
229ab39c 3777 return hci_req_run(&req, powered_complete);
70da6243 3778}
562fcc24 3779
70da6243
JH		 3780int mgmt_powered(struct hci_dev *hdev, u8 powered)
3781{
3782 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3783 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3784 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3785 int err;
f0ff92fb 3786
70da6243
JH		 3787 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3788 return 0;
3789
70da6243 3790 if (powered) {
229ab39c
JH		 3791 if (powered_update_hci(hdev) == 0)
3792 return 0;
fe038884 3793
229ab39c
JH		 3794 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3795 &match);
3796 goto new_settings;
b24752fe
JH		 3797 }
3798
229ab39c
JH		 3799 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3800 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3801
3802 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3803 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3804 zero_cod, sizeof(zero_cod), NULL);
3805
3806new_settings:
beadb2bd 3807 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3808
3809 if (match.sk)
3810 sock_put(match.sk);
3811
7bb895d6 3812 return err;
5add6af8 3813}
73f22f62 3814
96570ffc
JH		 3815int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3816{
3817 struct pending_cmd *cmd;
3818 u8 status;
3819
3820 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3821 if (!cmd)
3822 return -ENOENT;
3823
3824 if (err == -ERFKILL)
3825 status = MGMT_STATUS_RFKILLED;
3826 else
3827 status = MGMT_STATUS_FAILED;
3828
3829 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3830
3831 mgmt_pending_remove(cmd);
3832
3833 return err;
3834}
3835
744cf19e 3836int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3837{
76a7f3a4 3838 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3839 bool changed = false;
3840 int err = 0;
73f22f62 3841
5e5282bb
JH		 3842 if (discoverable) {
3843 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3844 changed = true;
3845 } else {
3846 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3847 changed = true;
3848 }
73f22f62 3849
ed9b5f2f 3850 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3851 &match);
ed9b5f2f 3852
beadb2bd
JH		 3853 if (changed)
3854 err = new_settings(hdev, match.sk);
5e5282bb 3855
73f22f62
JH		 3856 if (match.sk)
3857 sock_put(match.sk);
3858
7bb895d6 3859 return err;
73f22f62 3860}
9fbcbb45 3861
744cf19e 3862int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3863{
2b76f453 3864 struct pending_cmd *cmd;
5e5282bb
JH		 3865 bool changed = false;
3866 int err = 0;
9fbcbb45 3867
5e5282bb
JH		 3868 if (connectable) {
3869 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3870 changed = true;
3871 } else {
3872 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3873 changed = true;
3874 }
9fbcbb45 3875
2b76f453 3876 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3877
beadb2bd 3878 if (changed)
2b76f453 3879 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3880
7bb895d6 3881 return err;
9fbcbb45 3882}
55ed8ca1 3883
744cf19e 3884int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3885{
ca69b795
JH		 3886 u8 mgmt_err = mgmt_status(status);
3887
2d7cee58 3888 if (scan & SCAN_PAGE)
744cf19e 3889 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3890 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3891
3892 if (scan & SCAN_INQUIRY)
744cf19e 3893 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3894 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3895
3896 return 0;
3897}
3898
53168e5b
CC		 3899int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3900 bool persistent)
55ed8ca1 3901{
86742e1e 3902 struct mgmt_ev_new_link_key ev;
55ed8ca1 3903
a492cd52 3904 memset(&ev, 0, sizeof(ev));
55ed8ca1 3905
a492cd52 3906 ev.store_hint = persistent;
d753fdc4 3907 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3908 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3909 ev.key.type = key->type;
9b3b4460 3910 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3911 ev.key.pin_len = key->pin_len;
55ed8ca1 3912
744cf19e 3913 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3914}
f7520543 3915
346af67b
VCG		 3916int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3917{
3918 struct mgmt_ev_new_long_term_key ev;
3919
3920 memset(&ev, 0, sizeof(ev));
3921
3922 ev.store_hint = persistent;
3923 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3924 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3925 ev.key.authenticated = key->authenticated;
3926 ev.key.enc_size = key->enc_size;
3927 ev.key.ediv = key->ediv;
3928
3929 if (key->type == HCI_SMP_LTK)
3930 ev.key.master = 1;
3931
3932 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3933 memcpy(ev.key.val, key->val, sizeof(key->val));
3934
04124681
GP		 3935 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3936 NULL);
346af67b
VCG		 3937}
3938
afc747a6 3939int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3940 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3941 u8 *dev_class)
f7520543 3942{
b644ba33
JH		 3943 char buf[512];
3944 struct mgmt_ev_device_connected *ev = (void *) buf;
3945 u16 eir_len = 0;
f7520543 3946
b644ba33 3947 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3948 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3949
c95f0ba7 3950 ev->flags = __cpu_to_le32(flags);
08c79b61 3951
b644ba33
JH		 3952 if (name_len > 0)
3953 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3954 name, name_len);
b644ba33
JH		 3955
3956 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3957 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3958 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3959
eb55ef07 3960 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3961
3962 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3963 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3964}
3965
8962ee74
JH		 3966static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3967{
c68fb7ff 3968 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3969 struct sock **sk = data;
a38528f1 3970 struct mgmt_rp_disconnect rp;
8962ee74 3971
88c3df13
JH		 3972 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3973 rp.addr.type = cp->addr.type;
8962ee74 3974
aee9b218 3975 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3976 sizeof(rp));
8962ee74
JH		 3977
3978 *sk = cmd->sk;
3979 sock_hold(*sk);
3980
a664b5bc 3981 mgmt_pending_remove(cmd);
8962ee74
JH		 3982}
3983
124f6e35 3984static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3985{
b1078ad0 3986 struct hci_dev *hdev = data;
124f6e35
JH		 3987 struct mgmt_cp_unpair_device *cp = cmd->param;
3988 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3989
3990 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3991 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3992 rp.addr.type = cp->addr.type;
a8a1d19e 3993
b1078ad0
JH		 3994 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3995
aee9b218 3996 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3997
3998 mgmt_pending_remove(cmd);
3999}
4000
afc747a6 4001int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4002 u8 link_type, u8 addr_type, u8 reason)
f7520543 4003{
f0d6a0ea 4004 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4005 struct sock *sk = NULL;
4006 int err;
4007
744cf19e 4008 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4009
f0d6a0ea
MA		 4010 bacpy(&ev.addr.bdaddr, bdaddr);
4011 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4012 ev.reason = reason;
f7520543 4013
afc747a6 4014 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4015 sk);
8962ee74
JH		 4016
4017 if (sk)
d97dcb66 4018 sock_put(sk);
8962ee74 4019
124f6e35 4020 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4021 hdev);
a8a1d19e 4022
8962ee74
JH		 4023 return err;
4024}
4025
88c3df13 4026int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4027 u8 link_type, u8 addr_type, u8 status)
8962ee74 4028{
88c3df13 4029 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4030 struct pending_cmd *cmd;
4031 int err;
4032
36a75f1b
JD		 4033 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4034 hdev);
4035
2e58ef3e 4036 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4037 if (!cmd)
4038 return -ENOENT;
4039
88c3df13 4040 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4041 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4042
88c3df13 4043 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4044 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4045
a664b5bc 4046 mgmt_pending_remove(cmd);
8962ee74
JH		 4047
4048 return err;
f7520543 4049}
17d5c04c 4050
48264f06 4051int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4052 u8 addr_type, u8 status)
17d5c04c
JH		 4053{
4054 struct mgmt_ev_connect_failed ev;
4055
4c659c39 4056 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4057 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4058 ev.status = mgmt_status(status);
17d5c04c 4059
744cf19e 4060 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4061}
980e1a53 4062
744cf19e 4063int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4064{
4065 struct mgmt_ev_pin_code_request ev;
4066
d8457698 4067 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4068 ev.addr.type = BDADDR_BREDR;
a770bb5a 4069 ev.secure = secure;
980e1a53 4070
744cf19e 4071 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4072 NULL);
980e1a53
JH		 4073}
4074
744cf19e 4075int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4076 u8 status)
980e1a53
JH		 4077{
4078 struct pending_cmd *cmd;
ac56fb13 4079 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4080 int err;
4081
2e58ef3e 4082 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4083 if (!cmd)
4084 return -ENOENT;
4085
d8457698 4086 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4087 rp.addr.type = BDADDR_BREDR;
ac56fb13 4088
aee9b218 4089 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4090 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4091
a664b5bc 4092 mgmt_pending_remove(cmd);
980e1a53
JH		 4093
4094 return err;
4095}
4096
744cf19e 4097int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4098 u8 status)
980e1a53
JH		 4099{
4100 struct pending_cmd *cmd;
ac56fb13 4101 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4102 int err;
4103
2e58ef3e 4104 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4105 if (!cmd)
4106 return -ENOENT;
4107
d8457698 4108 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4109 rp.addr.type = BDADDR_BREDR;
ac56fb13 4110
aee9b218 4111 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4112 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4113
a664b5bc 4114 mgmt_pending_remove(cmd);
980e1a53
JH		 4115
4116 return err;
4117}
a5c29683 4118
744cf19e 4119int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4120 u8 link_type, u8 addr_type, __le32 value,
4121 u8 confirm_hint)
a5c29683
JH		 4122{
4123 struct mgmt_ev_user_confirm_request ev;
4124
744cf19e 4125 BT_DBG("%s", hdev->name);
a5c29683 4126
272d90df 4127 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4128 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4129 ev.confirm_hint = confirm_hint;
78e8098e 4130 ev.value = value;
a5c29683 4131
744cf19e 4132 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4133 NULL);
a5c29683
JH		 4134}
4135
272d90df 4136int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4137 u8 link_type, u8 addr_type)
604086b7
BG		 4138{
4139 struct mgmt_ev_user_passkey_request ev;
4140
4141 BT_DBG("%s", hdev->name);
4142
272d90df 4143 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4144 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4145
4146 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4147 NULL);
604086b7
BG		 4148}
4149
0df4c185 4150static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4151 u8 link_type, u8 addr_type, u8 status,
4152 u8 opcode)
a5c29683
JH		 4153{
4154 struct pending_cmd *cmd;
4155 struct mgmt_rp_user_confirm_reply rp;
4156 int err;
4157
2e58ef3e 4158 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4159 if (!cmd)
4160 return -ENOENT;
4161
272d90df 4162 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4163 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4164 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4165 &rp, sizeof(rp));
a5c29683 4166
a664b5bc 4167 mgmt_pending_remove(cmd);
a5c29683
JH		 4168
4169 return err;
4170}
4171
744cf19e 4172int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4173 u8 link_type, u8 addr_type, u8 status)
a5c29683 4174{
272d90df 4175 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4176 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4177}
4178
272d90df 4179int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4180 u8 link_type, u8 addr_type, u8 status)
a5c29683 4181{
272d90df 4182 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4183 status,
4184 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4185}
2a611692 4186
604086b7 4187int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4188 u8 link_type, u8 addr_type, u8 status)
604086b7 4189{
272d90df 4190 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4191 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4192}
4193
272d90df 4194int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4195 u8 link_type, u8 addr_type, u8 status)
604086b7 4196{
272d90df 4197 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4198 status,
4199 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4200}
4201
92a25256
JH		 4202int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4203 u8 link_type, u8 addr_type, u32 passkey,
4204 u8 entered)
4205{
4206 struct mgmt_ev_passkey_notify ev;
4207
4208 BT_DBG("%s", hdev->name);
4209
4210 bacpy(&ev.addr.bdaddr, bdaddr);
4211 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4212 ev.passkey = __cpu_to_le32(passkey);
4213 ev.entered = entered;
4214
4215 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4216}
4217
bab73cb6 4218int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4219 u8 addr_type, u8 status)
2a611692
JH		 4220{
4221 struct mgmt_ev_auth_failed ev;
4222
bab73cb6 4223 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4225 ev.status = mgmt_status(status);
2a611692 4226
744cf19e 4227 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4228}
b312b161 4229
33ef95ed
JH		 4230int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4231{
4232 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4233 bool changed = false;
4234 int err = 0;
33ef95ed
JH		 4235
4236 if (status) {
4237 u8 mgmt_err = mgmt_status(status);
4238 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4239 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4240 return 0;
4241 }
4242
47990ea0
JH		 4243 if (test_bit(HCI_AUTH, &hdev->flags)) {
4244 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4245 changed = true;
4246 } else {
4247 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4248 changed = true;
4249 }
4250
33ef95ed 4251 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4252 &match);
33ef95ed 4253
47990ea0
JH		 4254 if (changed)
4255 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4256
4257 if (match.sk)
4258 sock_put(match.sk);
4259
4260 return err;
4261}
4262
890ea898 4263static void clear_eir(struct hci_request *req)
cacaf52f 4264{
890ea898 4265 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4266 struct hci_cp_write_eir cp;
4267
976eb20e 4268 if (!lmp_ext_inq_capable(hdev))
890ea898 4269 return;
cacaf52f 4270
c80da27e
JH		 4271 memset(hdev->eir, 0, sizeof(hdev->eir));
4272
cacaf52f
JH		 4273 memset(&cp, 0, sizeof(cp));
4274
890ea898 4275 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4276}
4277
c0ecddc2 4278int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4279{
4280 struct cmd_lookup match = { NULL, hdev };
890ea898 4281 struct hci_request req;
c0ecddc2
JH		 4282 bool changed = false;
4283 int err = 0;
ed2c4ee3
JH		 4284
4285 if (status) {
4286 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4287
4288 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4289 &hdev->dev_flags))
c0ecddc2
JH		 4290 err = new_settings(hdev, NULL);
4291
04124681
GP		 4292 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4293 &mgmt_err);
c0ecddc2
JH		 4294
4295 return err;
4296 }
4297
4298 if (enable) {
4299 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4300 changed = true;
4301 } else {
4302 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4303 changed = true;
ed2c4ee3
JH		 4304 }
4305
4306 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4307
c0ecddc2
JH		 4308 if (changed)
4309 err = new_settings(hdev, match.sk);
ed2c4ee3 4310
5fc6ebb1 4311 if (match.sk)
ed2c4ee3
JH		 4312 sock_put(match.sk);
4313
890ea898
JH		 4314 hci_req_init(&req, hdev);
4315
5fc6ebb1 4316 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4317 update_eir(&req);
5fc6ebb1 4318 else
890ea898
JH		 4319 clear_eir(&req);
4320
4321 hci_req_run(&req, NULL);
cacaf52f 4322
ed2c4ee3
JH		 4323 return err;
4324}
4325
92da6097 4326static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4327{
4328 struct cmd_lookup *match = data;
4329
90e70454
JH		 4330 if (match->sk == NULL) {
4331 match->sk = cmd->sk;
4332 sock_hold(match->sk);
4333 }
90e70454
JH		 4334}
4335
7f9a903c 4336int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4337 u8 status)
7f9a903c 4338{
90e70454
JH		 4339 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4340 int err = 0;
7f9a903c 4341
92da6097
JH		 4342 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4343 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4344 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4345
4346 if (!status)
04124681
GP		 4347 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4348 3, NULL);
90e70454
JH		 4349
4350 if (match.sk)
4351 sock_put(match.sk);
7f9a903c
MH		 4352
4353 return err;
4354}
4355
744cf19e 4356int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4357{
b312b161 4358 struct mgmt_cp_set_local_name ev;
13928971 4359 struct pending_cmd *cmd;
28cc7bde 4360
13928971
JH		 4361 if (status)
4362 return 0;
b312b161
JH		 4363
4364 memset(&ev, 0, sizeof(ev));
4365 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4366 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4367
2e58ef3e 4368 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4369 if (!cmd) {
4370 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4371
13928971
JH		 4372 /* If this is a HCI command related to powering on the
4373 * HCI dev don't send any mgmt signals.
4374 */
4375 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4376 return 0;
890ea898 4377 }
b312b161 4378
13928971
JH		 4379 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4380 cmd ? cmd->sk : NULL);
b312b161 4381}
c35938b2 4382
744cf19e 4383int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4384 u8 *randomizer, u8 status)
c35938b2
SJ		 4385{
4386 struct pending_cmd *cmd;
4387 int err;
4388
744cf19e 4389 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4390
2e58ef3e 4391 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4392 if (!cmd)
4393 return -ENOENT;
4394
4395 if (status) {
04124681
GP		 4396 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4397 mgmt_status(status));
c35938b2
SJ		 4398 } else {
4399 struct mgmt_rp_read_local_oob_data rp;
4400
4401 memcpy(rp.hash, hash, sizeof(rp.hash));
4402 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4403
744cf19e 4404 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4405 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4406 sizeof(rp));
c35938b2
SJ		 4407 }
4408
4409 mgmt_pending_remove(cmd);
4410
4411 return err;
4412}
e17acd40 4413
48264f06 4414int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4415 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4416 ssp, u8 *eir, u16 eir_len)
e17acd40 4417{
e319d2e7
JH		 4418 char buf[512];
4419 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4420 size_t ev_size;
e17acd40 4421
12602d0c
AG		 4422 if (!hci_discovery_active(hdev))
4423 return -EPERM;
4424
1dc06093
JH		 4425 /* Leave 5 bytes for a potential CoD field */
4426 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4427 return -EINVAL;
4428
1dc06093
JH		 4429 memset(buf, 0, sizeof(buf));
4430
e319d2e7 4431 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4432 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4433 ev->rssi = rssi;
9a395a80 4434 if (cfm_name)
612dfce9 4435 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4436 if (!ssp)
612dfce9 4437 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4438
1dc06093 4439 if (eir_len > 0)
e319d2e7 4440 memcpy(ev->eir, eir, eir_len);
e17acd40 4441
1dc06093
JH		 4442 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4443 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4444 dev_class, 3);
1dc06093 4445
eb55ef07 4446 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4447 ev_size = sizeof(*ev) + eir_len;
f8523598 4448
e319d2e7 4449 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4450}
a88a9652 4451
b644ba33 4452int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4453 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4454{
b644ba33
JH		 4455 struct mgmt_ev_device_found *ev;
4456 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4457 u16 eir_len;
a88a9652 4458
b644ba33 4459 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4460
b644ba33
JH		 4461 memset(buf, 0, sizeof(buf));
4462
4463 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4464 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4465 ev->rssi = rssi;
4466
4467 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4468 name_len);
b644ba33 4469
eb55ef07 4470 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4471
053c7e0c 4472 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4473 sizeof(*ev) + eir_len, NULL);
a88a9652 4474}
314b2381 4475
744cf19e 4476int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4477{
f963e8e9 4478 struct mgmt_ev_discovering ev;
164a6e78
JH		 4479 struct pending_cmd *cmd;
4480
343fb145
AG		 4481 BT_DBG("%s discovering %u", hdev->name, discovering);
4482
164a6e78 4483 if (discovering)
2e58ef3e 4484 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4485 else
2e58ef3e 4486 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4487
4488 if (cmd != NULL) {
f808e166
JH		 4489 u8 type = hdev->discovery.type;
4490
04124681
GP		 4491 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4492 sizeof(type));
164a6e78
JH		 4493 mgmt_pending_remove(cmd);
4494 }
4495
f963e8e9
JH		 4496 memset(&ev, 0, sizeof(ev));
4497 ev.type = hdev->discovery.type;
4498 ev.discovering = discovering;
4499
4500 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4501}
5e762444 4502
88c1fe4b 4503int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4504{
4505 struct pending_cmd *cmd;
4506 struct mgmt_ev_device_blocked ev;
4507
2e58ef3e 4508 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4509
88c1fe4b
JH		 4510 bacpy(&ev.addr.bdaddr, bdaddr);
4511 ev.addr.type = type;
5e762444 4512
744cf19e 4513 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4514 cmd ? cmd->sk : NULL);
5e762444
AJ		 4515}
4516
88c1fe4b 4517int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4518{
4519 struct pending_cmd *cmd;
4520 struct mgmt_ev_device_unblocked ev;
4521
2e58ef3e 4522 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4523
88c1fe4b
JH		 4524 bacpy(&ev.addr.bdaddr, bdaddr);
4525 ev.addr.type = type;
5e762444 4526
744cf19e 4527 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4528 cmd ? cmd->sk : NULL);
5e762444 4529}
Linux kernel - Deliverables
This page took 0.472424 seconds and 5 git commands to generate.