projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix busy condition testing for EIR and class updates
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
ef580372
JH		 546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
ef580372
JH		 549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
ef580372
JH		 566 ptr += (name_len + 2);
567 }
568
bbaf444a 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
91c4e9b1
MH		 574 ptr += 3;
575 }
576
2b9be137
MH		 577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
2b9be137
MH		 586 ptr += 10;
587 }
588
213202ed 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 592}
593
890ea898 594static void update_eir(struct hci_request *req)
ef580372 595{
890ea898 596 struct hci_dev *hdev = req->hdev;
ef580372
JH		 597 struct hci_cp_write_eir cp;
598
504c8dcd 599 if (!hdev_is_powered(hdev))
890ea898 600 return;
7770c4aa 601
976eb20e 602 if (!lmp_ext_inq_capable(hdev))
890ea898 603 return;
ef580372 604
84bde9d6 605 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 606 return;
ef580372 607
a8b2d5c2 608 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 609 return;
ef580372
JH		 610
611 memset(&cp, 0, sizeof(cp));
612
613 create_eir(hdev, cp.data);
614
615 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 616 return;
ef580372
JH		 617
618 memcpy(hdev->eir, cp.data, sizeof(cp.data));
619
890ea898 620 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 621}
622
623static u8 get_service_classes(struct hci_dev *hdev)
624{
625 struct bt_uuid *uuid;
626 u8 val = 0;
627
628 list_for_each_entry(uuid, &hdev->uuids, list)
629 val |= uuid->svc_hint;
630
631 return val;
632}
633
890ea898 634static void update_class(struct hci_request *req)
ef580372 635{
890ea898 636 struct hci_dev *hdev = req->hdev;
ef580372
JH		 637 u8 cod[3];
638
639 BT_DBG("%s", hdev->name);
640
504c8dcd 641 if (!hdev_is_powered(hdev))
890ea898 642 return;
7770c4aa 643
a8b2d5c2 644 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 645 return;
ef580372
JH		 646
647 cod[0] = hdev->minor_class;
648 cod[1] = hdev->major_class;
649 cod[2] = get_service_classes(hdev);
650
651 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 652 return;
ef580372 653
890ea898 654 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
c95f0ba7 655
890ea898 656 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
ef580372
JH		 657}
658
7d78525d
JH		 659static void service_cache_off(struct work_struct *work)
660{
661 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 662 service_cache.work);
890ea898 663 struct hci_request req;
7d78525d 664
a8b2d5c2 665 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 666 return;
667
890ea898
JH		 668 hci_req_init(&req, hdev);
669
7d78525d
JH		 670 hci_dev_lock(hdev);
671
890ea898
JH		 672 update_eir(&req);
673 update_class(&req);
7d78525d
JH		 674
675 hci_dev_unlock(hdev);
890ea898
JH		 676
677 hci_req_run(&req, NULL);
7d78525d
JH		 678}
679
6a919082 680static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 681{
4f87da80 682 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 683 return;
684
4f87da80 685 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 686
4f87da80
JH		 687 /* Non-mgmt controlled devices get this bit set
688 * implicitly so that pairing works for them, however
689 * for mgmt we require user-space to explicitly enable
690 * it
691 */
692 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 693}
694
0f4e68cf 695static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 696 void *data, u16 data_len)
0381101f 697{
a38528f1 698 struct mgmt_rp_read_info rp;
f7b64e69 699
bdb6d971 700 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 701
09fd0de5 702 hci_dev_lock(hdev);
f7b64e69 703
dc4fe30b
JH		 704 memset(&rp, 0, sizeof(rp));
705
69ab39ea 706 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 707
69ab39ea 708 rp.version = hdev->hci_ver;
eb55ef07 709 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 710
711 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
712 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 713
a38528f1 714 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 715
dc4fe30b 716 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 717 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 718
09fd0de5 719 hci_dev_unlock(hdev);
0381101f 720
bdb6d971 721 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 722 sizeof(rp));
0381101f
JH		 723}
724
eec8d2bc
JH		 725static void mgmt_pending_free(struct pending_cmd *cmd)
726{
727 sock_put(cmd->sk);
c68fb7ff 728 kfree(cmd->param);
eec8d2bc
JH		 729 kfree(cmd);
730}
731
366a0336 732static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 733 struct hci_dev *hdev, void *data,
734 u16 len)
eec8d2bc
JH		 735{
736 struct pending_cmd *cmd;
737
12b94565 738 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 739 if (!cmd)
366a0336 740 return NULL;
eec8d2bc
JH		 741
742 cmd->opcode = opcode;
2e58ef3e 743 cmd->index = hdev->id;
eec8d2bc 744
12b94565 745 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 746 if (!cmd->param) {
eec8d2bc 747 kfree(cmd);
366a0336 748 return NULL;
eec8d2bc
JH		 749 }
750
8fce6357
SJ		 751 if (data)
752 memcpy(cmd->param, data, len);
eec8d2bc
JH		 753
754 cmd->sk = sk;
755 sock_hold(sk);
756
2e58ef3e 757 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 758
366a0336 759 return cmd;
eec8d2bc
JH		 760}
761
744cf19e 762static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 763 void (*cb)(struct pending_cmd *cmd,
764 void *data),
04124681 765 void *data)
eec8d2bc 766{
a3d09356 767 struct pending_cmd *cmd, *tmp;
eec8d2bc 768
a3d09356 769 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 770 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 771 continue;
772
eec8d2bc
JH		 773 cb(cmd, data);
774 }
775}
776
2e58ef3e 777static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 778{
8035ded4 779 struct pending_cmd *cmd;
eec8d2bc 780
2e58ef3e 781 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 782 if (cmd->opcode == opcode)
783 return cmd;
eec8d2bc
JH		 784 }
785
786 return NULL;
787}
788
a664b5bc 789static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 790{
73f22f62
JH		 791 list_del(&cmd->list);
792 mgmt_pending_free(cmd);
793}
794
69ab39ea 795static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 796{
69ab39ea 797 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 798
aee9b218 799 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 800 sizeof(settings));
8680570b
JH		 801}
802
bdb6d971 803static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 804 u16 len)
eec8d2bc 805{
650f726d 806 struct mgmt_mode *cp = data;
366a0336 807 struct pending_cmd *cmd;
4b34ee78 808 int err;
eec8d2bc 809
bdb6d971 810 BT_DBG("request for %s", hdev->name);
eec8d2bc 811
a7e80f25
JH		 812 if (cp->val != 0x00 && cp->val != 0x01)
813 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
814 MGMT_STATUS_INVALID_PARAMS);
815
09fd0de5 816 hci_dev_lock(hdev);
eec8d2bc 817
f0d4b78a
MH		 818 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
819 cancel_delayed_work(&hdev->power_off);
820
821 if (cp->val) {
a1d70450
JH		 822 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
823 data, len);
824 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 825 goto failed;
826 }
827 }
828
4b34ee78 829 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 830 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 831 goto failed;
832 }
833
2e58ef3e 834 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 835 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 836 MGMT_STATUS_BUSY);
eec8d2bc
JH		 837 goto failed;
838 }
839
2e58ef3e 840 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 841 if (!cmd) {
842 err = -ENOMEM;
eec8d2bc 843 goto failed;
366a0336 844 }
eec8d2bc 845
72a734ec 846 if (cp->val)
19202573 847 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 848 else
19202573 849 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 850
366a0336 851 err = 0;
eec8d2bc
JH		 852
853failed:
09fd0de5 854 hci_dev_unlock(hdev);
366a0336 855 return err;
eec8d2bc
JH		 856}
857
04124681
GP		 858static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
859 struct sock *skip_sk)
beadb2bd
JH		 860{
861 struct sk_buff *skb;
862 struct mgmt_hdr *hdr;
863
790eff44 864 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 865 if (!skb)
866 return -ENOMEM;
867
868 hdr = (void *) skb_put(skb, sizeof(*hdr));
869 hdr->opcode = cpu_to_le16(event);
870 if (hdev)
871 hdr->index = cpu_to_le16(hdev->id);
872 else
612dfce9 873 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 874 hdr->len = cpu_to_le16(data_len);
875
876 if (data)
877 memcpy(skb_put(skb, data_len), data, data_len);
878
97e0bdeb
MH		 879 /* Time stamp */
880 __net_timestamp(skb);
881
beadb2bd
JH		 882 hci_send_to_control(skb, skip_sk);
883 kfree_skb(skb);
884
885 return 0;
886}
887
888static int new_settings(struct hci_dev *hdev, struct sock *skip)
889{
890 __le32 ev;
891
892 ev = cpu_to_le32(get_current_settings(hdev));
893
894 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
895}
896
bdb6d971 897static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 898 u16 len)
73f22f62 899{
650f726d 900 struct mgmt_cp_set_discoverable *cp = data;
366a0336 901 struct pending_cmd *cmd;
5e5282bb 902 u16 timeout;
73f22f62
JH		 903 u8 scan;
904 int err;
905
bdb6d971 906 BT_DBG("request for %s", hdev->name);
73f22f62 907
33c525c0
JH		 908 if (!lmp_bredr_capable(hdev))
909 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
910 MGMT_STATUS_NOT_SUPPORTED);
911
a7e80f25
JH		 912 if (cp->val != 0x00 && cp->val != 0x01)
913 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
914 MGMT_STATUS_INVALID_PARAMS);
915
1f350c87 916 timeout = __le16_to_cpu(cp->timeout);
24c54a90 917 if (!cp->val && timeout > 0)
bdb6d971 918 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 919 MGMT_STATUS_INVALID_PARAMS);
73f22f62 920
09fd0de5 921 hci_dev_lock(hdev);
73f22f62 922
5e5282bb 923 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 924 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 925 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 926 goto failed;
927 }
928
2e58ef3e 929 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 930 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 931 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 932 MGMT_STATUS_BUSY);
73f22f62
JH		 933 goto failed;
934 }
935
5e5282bb 936 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 937 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 938 MGMT_STATUS_REJECTED);
5e5282bb
JH		 939 goto failed;
940 }
941
942 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 943 bool changed = false;
944
945 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
946 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
947 changed = true;
948 }
949
5e5282bb 950 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 951 if (err < 0)
952 goto failed;
953
954 if (changed)
955 err = new_settings(hdev, sk);
956
5e5282bb
JH		 957 goto failed;
958 }
959
960 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 961 if (hdev->discov_timeout > 0) {
962 cancel_delayed_work(&hdev->discov_off);
963 hdev->discov_timeout = 0;
964 }
965
966 if (cp->val && timeout > 0) {
967 hdev->discov_timeout = timeout;
968 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
969 msecs_to_jiffies(hdev->discov_timeout * 1000));
970 }
971
69ab39ea 972 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 973 goto failed;
974 }
975
2e58ef3e 976 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 977 if (!cmd) {
978 err = -ENOMEM;
73f22f62 979 goto failed;
366a0336 980 }
73f22f62
JH		 981
982 scan = SCAN_PAGE;
983
72a734ec 984 if (cp->val)
73f22f62 985 scan |= SCAN_INQUIRY;
16ab91ab 986 else
e0f9309f 987 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 988
989 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
990 if (err < 0)
a664b5bc 991 mgmt_pending_remove(cmd);
73f22f62 992
16ab91ab 993 if (cp->val)
5e5282bb 994 hdev->discov_timeout = timeout;
16ab91ab 995
73f22f62 996failed:
09fd0de5 997 hci_dev_unlock(hdev);
73f22f62
JH		 998 return err;
999}
1000
bdb6d971 1001static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1002 u16 len)
9fbcbb45 1003{
650f726d 1004 struct mgmt_mode *cp = data;
366a0336 1005 struct pending_cmd *cmd;
9fbcbb45
JH		 1006 u8 scan;
1007 int err;
1008
bdb6d971 1009 BT_DBG("request for %s", hdev->name);
9fbcbb45 1010
33c525c0
JH		 1011 if (!lmp_bredr_capable(hdev))
1012 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1013 MGMT_STATUS_NOT_SUPPORTED);
1014
a7e80f25
JH		 1015 if (cp->val != 0x00 && cp->val != 0x01)
1016 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1017 MGMT_STATUS_INVALID_PARAMS);
1018
09fd0de5 1019 hci_dev_lock(hdev);
9fbcbb45 1020
4b34ee78 1021 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1022 bool changed = false;
1023
1024 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1025 changed = true;
1026
6bf0e469 1027 if (cp->val) {
5e5282bb 1028 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1029 } else {
5e5282bb
JH		 1030 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1031 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1032 }
0224d2fa 1033
5e5282bb 1034 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1035 if (err < 0)
1036 goto failed;
1037
1038 if (changed)
1039 err = new_settings(hdev, sk);
1040
9fbcbb45
JH		 1041 goto failed;
1042 }
1043
2e58ef3e 1044 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1045 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1046 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1047 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1048 goto failed;
1049 }
1050
5e5282bb 1051 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1052 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1053 goto failed;
1054 }
1055
2e58ef3e 1056 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1057 if (!cmd) {
1058 err = -ENOMEM;
9fbcbb45 1059 goto failed;
366a0336 1060 }
9fbcbb45 1061
6bf0e469 1062 if (cp->val) {
9fbcbb45 1063 scan = SCAN_PAGE;
6bf0e469 1064 } else {
9fbcbb45
JH		 1065 scan = 0;
1066
df2c6c5e 1067 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1068 hdev->discov_timeout > 0)
df2c6c5e
JH		 1069 cancel_delayed_work(&hdev->discov_off);
1070 }
1071
9fbcbb45
JH		 1072 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1073 if (err < 0)
a664b5bc 1074 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1075
1076failed:
09fd0de5 1077 hci_dev_unlock(hdev);
9fbcbb45
JH		 1078 return err;
1079}
1080
bdb6d971 1081static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1082 u16 len)
c542a06c 1083{
650f726d 1084 struct mgmt_mode *cp = data;
c542a06c
JH		 1085 int err;
1086
bdb6d971 1087 BT_DBG("request for %s", hdev->name);
c542a06c 1088
a7e80f25
JH		 1089 if (cp->val != 0x00 && cp->val != 0x01)
1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1091 MGMT_STATUS_INVALID_PARAMS);
1092
09fd0de5 1093 hci_dev_lock(hdev);
c542a06c
JH		 1094
1095 if (cp->val)
a8b2d5c2 1096 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1097 else
a8b2d5c2 1098 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1099
69ab39ea 1100 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1101 if (err < 0)
1102 goto failed;
1103
beadb2bd 1104 err = new_settings(hdev, sk);
c542a06c
JH		 1105
1106failed:
09fd0de5 1107 hci_dev_unlock(hdev);
c542a06c
JH		 1108 return err;
1109}
1110
04124681
GP		 1111static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1112 u16 len)
33ef95ed
JH		 1113{
1114 struct mgmt_mode *cp = data;
1115 struct pending_cmd *cmd;
816a11d5 1116 u8 val;
33ef95ed
JH		 1117 int err;
1118
bdb6d971 1119 BT_DBG("request for %s", hdev->name);
33ef95ed 1120
33c525c0
JH		 1121 if (!lmp_bredr_capable(hdev))
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1123 MGMT_STATUS_NOT_SUPPORTED);
1124
a7e80f25
JH		 1125 if (cp->val != 0x00 && cp->val != 0x01)
1126 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1127 MGMT_STATUS_INVALID_PARAMS);
1128
33ef95ed
JH		 1129 hci_dev_lock(hdev);
1130
4b34ee78 1131 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1132 bool changed = false;
1133
1134 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1135 &hdev->dev_flags)) {
47990ea0
JH		 1136 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1137 changed = true;
1138 }
1139
1140 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1141 if (err < 0)
1142 goto failed;
1143
1144 if (changed)
1145 err = new_settings(hdev, sk);
1146
33ef95ed
JH		 1147 goto failed;
1148 }
1149
1150 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1151 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1152 MGMT_STATUS_BUSY);
33ef95ed
JH		 1153 goto failed;
1154 }
1155
1156 val = !!cp->val;
1157
1158 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1159 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1160 goto failed;
1161 }
1162
1163 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1164 if (!cmd) {
1165 err = -ENOMEM;
1166 goto failed;
1167 }
1168
1169 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1170 if (err < 0) {
1171 mgmt_pending_remove(cmd);
1172 goto failed;
1173 }
1174
1175failed:
1176 hci_dev_unlock(hdev);
33ef95ed
JH		 1177 return err;
1178}
1179
bdb6d971 1180static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1181{
1182 struct mgmt_mode *cp = data;
1183 struct pending_cmd *cmd;
816a11d5 1184 u8 val;
ed2c4ee3
JH		 1185 int err;
1186
bdb6d971 1187 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1188
13ecd8b6
JH		 1189 if (!lmp_ssp_capable(hdev))
1190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1191 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1192
a7e80f25
JH		 1193 if (cp->val != 0x00 && cp->val != 0x01)
1194 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1195 MGMT_STATUS_INVALID_PARAMS);
1196
13ecd8b6 1197 hci_dev_lock(hdev);
6c8f12c1 1198
c0ecddc2
JH		 1199 val = !!cp->val;
1200
4b34ee78 1201 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1202 bool changed = false;
1203
1204 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1205 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1206 changed = true;
1207 }
1208
1209 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1210 if (err < 0)
1211 goto failed;
1212
1213 if (changed)
1214 err = new_settings(hdev, sk);
1215
ed2c4ee3
JH		 1216 goto failed;
1217 }
1218
1219 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1220 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1221 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1222 goto failed;
1223 }
1224
ed2c4ee3
JH		 1225 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1226 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1227 goto failed;
1228 }
1229
1230 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1231 if (!cmd) {
1232 err = -ENOMEM;
1233 goto failed;
1234 }
1235
1236 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1237 if (err < 0) {
1238 mgmt_pending_remove(cmd);
1239 goto failed;
1240 }
1241
1242failed:
1243 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1244 return err;
1245}
1246
bdb6d971 1247static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1248{
1249 struct mgmt_mode *cp = data;
6d80dfd0 1250
bdb6d971 1251 BT_DBG("request for %s", hdev->name);
6d80dfd0 1252
bdb6d971
JH		 1253 if (!enable_hs)
1254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1255 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1256
a7e80f25
JH		 1257 if (cp->val != 0x00 && cp->val != 0x01)
1258 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1259 MGMT_STATUS_INVALID_PARAMS);
1260
6d80dfd0
JH		 1261 if (cp->val)
1262 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1263 else
1264 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1265
bdb6d971 1266 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1267}
1268
bdb6d971 1269static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1270{
1271 struct mgmt_mode *cp = data;
1272 struct hci_cp_write_le_host_supported hci_cp;
1273 struct pending_cmd *cmd;
06199cf8 1274 int err;
0b60eba1 1275 u8 val, enabled;
06199cf8 1276
bdb6d971 1277 BT_DBG("request for %s", hdev->name);
06199cf8 1278
13ecd8b6
JH		 1279 if (!lmp_le_capable(hdev))
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1281 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1282
a7e80f25
JH		 1283 if (cp->val != 0x00 && cp->val != 0x01)
1284 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1285 MGMT_STATUS_INVALID_PARAMS);
1286
13ecd8b6 1287 hci_dev_lock(hdev);
06199cf8
JH		 1288
1289 val = !!cp->val;
ffa88e02 1290 enabled = lmp_host_le_capable(hdev);
06199cf8 1291
0b60eba1 1292 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1293 bool changed = false;
1294
1295 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1296 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1297 changed = true;
1298 }
1299
1300 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1301 if (err < 0)
1de028ce 1302 goto unlock;
06199cf8
JH		 1303
1304 if (changed)
1305 err = new_settings(hdev, sk);
1306
1de028ce 1307 goto unlock;
06199cf8
JH		 1308 }
1309
1310 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1311 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1312 MGMT_STATUS_BUSY);
1de028ce 1313 goto unlock;
06199cf8
JH		 1314 }
1315
1316 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1317 if (!cmd) {
1318 err = -ENOMEM;
1de028ce 1319 goto unlock;
06199cf8
JH		 1320 }
1321
1322 memset(&hci_cp, 0, sizeof(hci_cp));
1323
1324 if (val) {
1325 hci_cp.le = val;
ffa88e02 1326 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1327 }
1328
04124681
GP		 1329 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1330 &hci_cp);
0c01bc48 1331 if (err < 0)
06199cf8 1332 mgmt_pending_remove(cmd);
06199cf8 1333
1de028ce
JH		 1334unlock:
1335 hci_dev_unlock(hdev);
06199cf8
JH		 1336 return err;
1337}
1338
0cab9c80
JH		 1339/* This is a helper function to test for pending mgmt commands that can
1340 * cause CoD or EIR HCI commands. We can only allow one such pending
1341 * mgmt command at a time since otherwise we cannot easily track what
1342 * the current values are, will be, and based on that calculate if a new
1343 * HCI command needs to be sent and if yes with what value.
1344 */
1345static bool pending_eir_or_class(struct hci_dev *hdev)
1346{
1347 struct pending_cmd *cmd;
1348
1349 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1350 switch (cmd->opcode) {
1351 case MGMT_OP_ADD_UUID:
1352 case MGMT_OP_REMOVE_UUID:
1353 case MGMT_OP_SET_DEV_CLASS:
1354 case MGMT_OP_SET_POWERED:
1355 return true;
1356 }
1357 }
1358
1359 return false;
1360}
1361
83be8eca
JH		 1362static const u8 bluetooth_base_uuid[] = {
1363 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1364 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1365};
1366
1367static u8 get_uuid_size(const u8 *uuid)
1368{
1369 u32 val;
1370
1371 if (memcmp(uuid, bluetooth_base_uuid, 12))
1372 return 128;
1373
1374 val = get_unaligned_le32(&uuid[12]);
1375 if (val > 0xffff)
1376 return 32;
1377
1378 return 16;
1379}
1380
bdb6d971 1381static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1382{
650f726d 1383 struct mgmt_cp_add_uuid *cp = data;
90e70454 1384 struct pending_cmd *cmd;
890ea898 1385 struct hci_request req;
2aeb9a1a 1386 struct bt_uuid *uuid;
2aeb9a1a
JH		 1387 int err;
1388
bdb6d971 1389 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1390
09fd0de5 1391 hci_dev_lock(hdev);
2aeb9a1a 1392
0cab9c80 1393 if (pending_eir_or_class(hdev)) {
bdb6d971 1394 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1395 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1396 goto failed;
1397 }
1398
92c4c204 1399 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1400 if (!uuid) {
1401 err = -ENOMEM;
1402 goto failed;
1403 }
1404
1405 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1406 uuid->svc_hint = cp->svc_hint;
83be8eca 1407 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1408
de66aa63 1409 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1410
890ea898 1411 hci_req_init(&req, hdev);
1aff6f09 1412
890ea898
JH		 1413 update_class(&req);
1414 update_eir(&req);
1415
1416 hci_req_run(&req, NULL);
80a1e1db 1417
90e70454 1418 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1419 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1420 hdev->dev_class, 3);
90e70454
JH		 1421 goto failed;
1422 }
1423
1424 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1425 if (!cmd) {
90e70454 1426 err = -ENOMEM;
890ea898
JH		 1427 goto failed;
1428 }
1429
1430 err = 0;
2aeb9a1a
JH		 1431
1432failed:
09fd0de5 1433 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1434 return err;
1435}
1436
24b78d0f
JH		 1437static bool enable_service_cache(struct hci_dev *hdev)
1438{
1439 if (!hdev_is_powered(hdev))
1440 return false;
1441
1442 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1443 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1444 CACHE_TIMEOUT);
24b78d0f
JH		 1445 return true;
1446 }
1447
1448 return false;
1449}
1450
bdb6d971 1451static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1452 u16 len)
2aeb9a1a 1453{
650f726d 1454 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1455 struct pending_cmd *cmd;
056341c8 1456 struct bt_uuid *match, *tmp;
2aeb9a1a 1457 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1458 struct hci_request req;
2aeb9a1a
JH		 1459 int err, found;
1460
bdb6d971 1461 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1462
09fd0de5 1463 hci_dev_lock(hdev);
2aeb9a1a 1464
0cab9c80 1465 if (pending_eir_or_class(hdev)) {
bdb6d971 1466 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1467 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1468 goto unlock;
1469 }
1470
2aeb9a1a
JH		 1471 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1472 err = hci_uuids_clear(hdev);
4004b6d9 1473
24b78d0f 1474 if (enable_service_cache(hdev)) {
bdb6d971 1475 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1476 0, hdev->dev_class, 3);
24b78d0f
JH		 1477 goto unlock;
1478 }
4004b6d9 1479
9246a869 1480 goto update_class;
2aeb9a1a
JH		 1481 }
1482
1483 found = 0;
1484
056341c8 1485 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1486 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1487 continue;
1488
1489 list_del(&match->list);
482049f7 1490 kfree(match);
2aeb9a1a
JH		 1491 found++;
1492 }
1493
1494 if (found == 0) {
bdb6d971 1495 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1496 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1497 goto unlock;
1498 }
1499
9246a869 1500update_class:
890ea898 1501 hci_req_init(&req, hdev);
1aff6f09 1502
890ea898
JH		 1503 update_class(&req);
1504 update_eir(&req);
1505
1506 hci_req_run(&req, NULL);
80a1e1db 1507
90e70454 1508 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1509 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1510 hdev->dev_class, 3);
90e70454
JH		 1511 goto unlock;
1512 }
1513
1514 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1515 if (!cmd) {
90e70454 1516 err = -ENOMEM;
890ea898
JH		 1517 goto unlock;
1518 }
1519
1520 err = 0;
2aeb9a1a
JH		 1521
1522unlock:
09fd0de5 1523 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1524 return err;
1525}
1526
bdb6d971 1527static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1528 u16 len)
1aff6f09 1529{
650f726d 1530 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1531 struct pending_cmd *cmd;
890ea898 1532 struct hci_request req;
1aff6f09
JH		 1533 int err;
1534
bdb6d971 1535 BT_DBG("request for %s", hdev->name);
1aff6f09 1536
13ecd8b6
JH		 1537 if (!lmp_bredr_capable(hdev))
1538 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1539 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1540
0cab9c80 1541 hci_dev_lock(hdev);
ee98f473 1542
0cab9c80
JH		 1543 if (pending_eir_or_class(hdev)) {
1544 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1545 MGMT_STATUS_BUSY);
1546 goto unlock;
1547 }
c95f0ba7 1548
0cab9c80
JH		 1549 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1550 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1551 MGMT_STATUS_INVALID_PARAMS);
1552 goto unlock;
1553 }
575b3a02 1554
932f5ff5
JH		 1555 hdev->major_class = cp->major;
1556 hdev->minor_class = cp->minor;
1557
b5235a65 1558 if (!hdev_is_powered(hdev)) {
bdb6d971 1559 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1560 hdev->dev_class, 3);
b5235a65
JH		 1561 goto unlock;
1562 }
1563
890ea898
JH		 1564 hci_req_init(&req, hdev);
1565
a8b2d5c2 1566 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1567 hci_dev_unlock(hdev);
1568 cancel_delayed_work_sync(&hdev->service_cache);
1569 hci_dev_lock(hdev);
890ea898 1570 update_eir(&req);
7d78525d 1571 }
14c0b608 1572
890ea898
JH		 1573 update_class(&req);
1574
1575 hci_req_run(&req, NULL);
1aff6f09 1576
90e70454 1577 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1578 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1579 hdev->dev_class, 3);
90e70454
JH		 1580 goto unlock;
1581 }
1582
1583 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1584 if (!cmd) {
90e70454 1585 err = -ENOMEM;
890ea898
JH		 1586 goto unlock;
1587 }
1588
1589 err = 0;
1aff6f09 1590
b5235a65 1591unlock:
09fd0de5 1592 hci_dev_unlock(hdev);
1aff6f09
JH		 1593 return err;
1594}
1595
bdb6d971 1596static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1597 u16 len)
55ed8ca1 1598{
650f726d 1599 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1600 u16 key_count, expected_len;
a492cd52 1601 int i;
55ed8ca1 1602
1f350c87 1603 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1604
86742e1e
JH		 1605 expected_len = sizeof(*cp) + key_count *
1606 sizeof(struct mgmt_link_key_info);
a492cd52 1607 if (expected_len != len) {
86742e1e 1608 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1609 len, expected_len);
bdb6d971 1610 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1611 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1612 }
1613
4ae14301
JH		 1614 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1615 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1616 MGMT_STATUS_INVALID_PARAMS);
1617
bdb6d971 1618 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1619 key_count);
55ed8ca1 1620
4ee71b20
JH		 1621 for (i = 0; i < key_count; i++) {
1622 struct mgmt_link_key_info *key = &cp->keys[i];
1623
1624 if (key->addr.type != BDADDR_BREDR)
1625 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1626 MGMT_STATUS_INVALID_PARAMS);
1627 }
1628
09fd0de5 1629 hci_dev_lock(hdev);
55ed8ca1
JH		 1630
1631 hci_link_keys_clear(hdev);
1632
a8b2d5c2 1633 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1634
1635 if (cp->debug_keys)
a8b2d5c2 1636 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1637 else
a8b2d5c2 1638 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1639
a492cd52 1640 for (i = 0; i < key_count; i++) {
86742e1e 1641 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1642
d753fdc4 1643 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1644 key->type, key->pin_len);
55ed8ca1
JH		 1645 }
1646
bdb6d971 1647 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1648
09fd0de5 1649 hci_dev_unlock(hdev);
55ed8ca1 1650
a492cd52 1651 return 0;
55ed8ca1
JH		 1652}
1653
b1078ad0 1654static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1655 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1656{
1657 struct mgmt_ev_device_unpaired ev;
1658
1659 bacpy(&ev.addr.bdaddr, bdaddr);
1660 ev.addr.type = addr_type;
1661
1662 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1663 skip_sk);
b1078ad0
JH		 1664}
1665
bdb6d971 1666static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1667 u16 len)
55ed8ca1 1668{
124f6e35
JH		 1669 struct mgmt_cp_unpair_device *cp = data;
1670 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1671 struct hci_cp_disconnect dc;
1672 struct pending_cmd *cmd;
55ed8ca1 1673 struct hci_conn *conn;
55ed8ca1
JH		 1674 int err;
1675
a8a1d19e 1676 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1677 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1678 rp.addr.type = cp->addr.type;
a8a1d19e 1679
4ee71b20
JH		 1680 if (!bdaddr_type_is_valid(cp->addr.type))
1681 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1682 MGMT_STATUS_INVALID_PARAMS,
1683 &rp, sizeof(rp));
1684
118da70b
JH		 1685 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1686 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1687 MGMT_STATUS_INVALID_PARAMS,
1688 &rp, sizeof(rp));
1689
4ee71b20
JH		 1690 hci_dev_lock(hdev);
1691
86a8cfc6 1692 if (!hdev_is_powered(hdev)) {
bdb6d971 1693 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1694 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1695 goto unlock;
1696 }
1697
591f47f3 1698 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1699 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1700 else
1701 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1702
55ed8ca1 1703 if (err < 0) {
bdb6d971 1704 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1705 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1706 goto unlock;
1707 }
1708
86a8cfc6 1709 if (cp->disconnect) {
591f47f3 1710 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1711 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1712 &cp->addr.bdaddr);
86a8cfc6
JH		 1713 else
1714 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1715 &cp->addr.bdaddr);
86a8cfc6
JH		 1716 } else {
1717 conn = NULL;
1718 }
124f6e35 1719
a8a1d19e 1720 if (!conn) {
bdb6d971 1721 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1722 &rp, sizeof(rp));
b1078ad0 1723 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1724 goto unlock;
1725 }
55ed8ca1 1726
124f6e35 1727 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1728 sizeof(*cp));
a8a1d19e
JH		 1729 if (!cmd) {
1730 err = -ENOMEM;
1731 goto unlock;
55ed8ca1
JH		 1732 }
1733
eb55ef07 1734 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1735 dc.reason = 0x13; /* Remote User Terminated Connection */
1736 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1737 if (err < 0)
1738 mgmt_pending_remove(cmd);
1739
55ed8ca1 1740unlock:
09fd0de5 1741 hci_dev_unlock(hdev);
55ed8ca1
JH		 1742 return err;
1743}
1744
bdb6d971 1745static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1746 u16 len)
8962ee74 1747{
650f726d 1748 struct mgmt_cp_disconnect *cp = data;
06a63b19 1749 struct mgmt_rp_disconnect rp;
8962ee74 1750 struct hci_cp_disconnect dc;
366a0336 1751 struct pending_cmd *cmd;
8962ee74 1752 struct hci_conn *conn;
8962ee74
JH		 1753 int err;
1754
1755 BT_DBG("");
1756
06a63b19
JH		 1757 memset(&rp, 0, sizeof(rp));
1758 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1759 rp.addr.type = cp->addr.type;
1760
4ee71b20 1761 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1762 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1763 MGMT_STATUS_INVALID_PARAMS,
1764 &rp, sizeof(rp));
4ee71b20 1765
09fd0de5 1766 hci_dev_lock(hdev);
8962ee74
JH		 1767
1768 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1769 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1770 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1771 goto failed;
1772 }
1773
2e58ef3e 1774 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1775 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1776 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1777 goto failed;
1778 }
1779
591f47f3 1780 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1781 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1782 &cp->addr.bdaddr);
88c3df13
JH		 1783 else
1784 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1785
f960727e 1786 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1787 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1788 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1789 goto failed;
1790 }
1791
2e58ef3e 1792 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1793 if (!cmd) {
1794 err = -ENOMEM;
8962ee74 1795 goto failed;
366a0336 1796 }
8962ee74 1797
eb55ef07 1798 dc.handle = cpu_to_le16(conn->handle);
3701f944 1799 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1800
1801 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1802 if (err < 0)
a664b5bc 1803 mgmt_pending_remove(cmd);
8962ee74
JH		 1804
1805failed:
09fd0de5 1806 hci_dev_unlock(hdev);
8962ee74
JH		 1807 return err;
1808}
1809
57c1477c 1810static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1811{
1812 switch (link_type) {
1813 case LE_LINK:
48264f06
JH		 1814 switch (addr_type) {
1815 case ADDR_LE_DEV_PUBLIC:
591f47f3 1816 return BDADDR_LE_PUBLIC;
0ed09148 1817
48264f06 1818 default:
0ed09148 1819 /* Fallback to LE Random address type */
591f47f3 1820 return BDADDR_LE_RANDOM;
48264f06 1821 }
0ed09148 1822
4c659c39 1823 default:
0ed09148 1824 /* Fallback to BR/EDR type */
591f47f3 1825 return BDADDR_BREDR;
4c659c39
JH		 1826 }
1827}
1828
04124681
GP		 1829static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1830 u16 data_len)
2784eb41 1831{
2784eb41 1832 struct mgmt_rp_get_connections *rp;
8035ded4 1833 struct hci_conn *c;
a38528f1 1834 size_t rp_len;
60fc5fb6
JH		 1835 int err;
1836 u16 i;
2784eb41
JH		 1837
1838 BT_DBG("");
1839
09fd0de5 1840 hci_dev_lock(hdev);
2784eb41 1841
5f97c1df 1842 if (!hdev_is_powered(hdev)) {
bdb6d971 1843 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1844 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1845 goto unlock;
1846 }
1847
60fc5fb6 1848 i = 0;
b644ba33
JH		 1849 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1850 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1851 i++;
2784eb41
JH		 1852 }
1853
60fc5fb6 1854 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1855 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1856 if (!rp) {
2784eb41
JH		 1857 err = -ENOMEM;
1858 goto unlock;
1859 }
1860
2784eb41 1861 i = 0;
4c659c39 1862 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1863 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1864 continue;
4c659c39 1865 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1866 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1867 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1868 continue;
1869 i++;
1870 }
1871
eb55ef07 1872 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1873
4c659c39
JH		 1874 /* Recalculate length in case of filtered SCO connections, etc */
1875 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1876
bdb6d971 1877 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1878 rp_len);
2784eb41 1879
a38528f1 1880 kfree(rp);
5f97c1df
JH		 1881
1882unlock:
09fd0de5 1883 hci_dev_unlock(hdev);
2784eb41
JH		 1884 return err;
1885}
1886
bdb6d971 1887static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1888 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1889{
1890 struct pending_cmd *cmd;
1891 int err;
1892
2e58ef3e 1893 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1894 sizeof(*cp));
96d97a67
WR		 1895 if (!cmd)
1896 return -ENOMEM;
1897
d8457698 1898 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1899 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1900 if (err < 0)
1901 mgmt_pending_remove(cmd);
1902
1903 return err;
1904}
1905
bdb6d971 1906static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1907 u16 len)
980e1a53 1908{
96d97a67 1909 struct hci_conn *conn;
650f726d 1910 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1911 struct hci_cp_pin_code_reply reply;
366a0336 1912 struct pending_cmd *cmd;
980e1a53
JH		 1913 int err;
1914
1915 BT_DBG("");
1916
09fd0de5 1917 hci_dev_lock(hdev);
980e1a53 1918
4b34ee78 1919 if (!hdev_is_powered(hdev)) {
bdb6d971 1920 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1921 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1922 goto failed;
1923 }
1924
d8457698 1925 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1926 if (!conn) {
bdb6d971 1927 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1928 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1929 goto failed;
1930 }
1931
1932 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1933 struct mgmt_cp_pin_code_neg_reply ncp;
1934
1935 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1936
1937 BT_ERR("PIN code is not 16 bytes long");
1938
bdb6d971 1939 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1940 if (err >= 0)
bdb6d971 1941 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1942 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1943
1944 goto failed;
1945 }
1946
00abfe44 1947 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1948 if (!cmd) {
1949 err = -ENOMEM;
980e1a53 1950 goto failed;
366a0336 1951 }
980e1a53 1952
d8457698 1953 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1954 reply.pin_len = cp->pin_len;
24718ca5 1955 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1956
1957 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1958 if (err < 0)
a664b5bc 1959 mgmt_pending_remove(cmd);
980e1a53
JH		 1960
1961failed:
09fd0de5 1962 hci_dev_unlock(hdev);
980e1a53
JH		 1963 return err;
1964}
1965
04124681
GP		 1966static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1967 u16 len)
17fa4b9d 1968{
650f726d 1969 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1970
1971 BT_DBG("");
1972
09fd0de5 1973 hci_dev_lock(hdev);
17fa4b9d
JH		 1974
1975 hdev->io_capability = cp->io_capability;
1976
1977 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 1978 hdev->io_capability);
17fa4b9d 1979
09fd0de5 1980 hci_dev_unlock(hdev);
17fa4b9d 1981
04124681
GP		 1982 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1983 0);
17fa4b9d
JH		 1984}
1985
6039aa73 1986static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 1987{
1988 struct hci_dev *hdev = conn->hdev;
8035ded4 1989 struct pending_cmd *cmd;
e9a416b5 1990
2e58ef3e 1991 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1992 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1993 continue;
1994
e9a416b5
JH		 1995 if (cmd->user_data != conn)
1996 continue;
1997
1998 return cmd;
1999 }
2000
2001 return NULL;
2002}
2003
2004static void pairing_complete(struct pending_cmd *cmd, u8 status)
2005{
2006 struct mgmt_rp_pair_device rp;
2007 struct hci_conn *conn = cmd->user_data;
2008
ba4e564f 2009 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2010 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2011
aee9b218 2012 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2013 &rp, sizeof(rp));
e9a416b5
JH		 2014
2015 /* So we don't get further callbacks for this connection */
2016 conn->connect_cfm_cb = NULL;
2017 conn->security_cfm_cb = NULL;
2018 conn->disconn_cfm_cb = NULL;
2019
2020 hci_conn_put(conn);
2021
a664b5bc 2022 mgmt_pending_remove(cmd);
e9a416b5
JH		 2023}
2024
2025static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2026{
2027 struct pending_cmd *cmd;
2028
2029 BT_DBG("status %u", status);
2030
2031 cmd = find_pairing(conn);
56e5cb86 2032 if (!cmd)
e9a416b5 2033 BT_DBG("Unable to find a pending command");
56e5cb86 2034 else
e211326c 2035 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2036}
2037
4c47d739
VA		 2038static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2039{
2040 struct pending_cmd *cmd;
2041
2042 BT_DBG("status %u", status);
2043
2044 if (!status)
2045 return;
2046
2047 cmd = find_pairing(conn);
2048 if (!cmd)
2049 BT_DBG("Unable to find a pending command");
2050 else
2051 pairing_complete(cmd, mgmt_status(status));
2052}
2053
bdb6d971 2054static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2055 u16 len)
e9a416b5 2056{
650f726d 2057 struct mgmt_cp_pair_device *cp = data;
1425acb7 2058 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2059 struct pending_cmd *cmd;
2060 u8 sec_level, auth_type;
2061 struct hci_conn *conn;
e9a416b5
JH		 2062 int err;
2063
2064 BT_DBG("");
2065
f950a30e
SJ		 2066 memset(&rp, 0, sizeof(rp));
2067 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2068 rp.addr.type = cp->addr.type;
2069
4ee71b20
JH		 2070 if (!bdaddr_type_is_valid(cp->addr.type))
2071 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2072 MGMT_STATUS_INVALID_PARAMS,
2073 &rp, sizeof(rp));
2074
09fd0de5 2075 hci_dev_lock(hdev);
e9a416b5 2076
5f97c1df 2077 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2078 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2079 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2080 goto unlock;
2081 }
2082
c908df36
VCG		 2083 sec_level = BT_SECURITY_MEDIUM;
2084 if (cp->io_cap == 0x03)
e9a416b5 2085 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2086 else
e9a416b5 2087 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2088
591f47f3 2089 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2090 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2091 cp->addr.type, sec_level, auth_type);
7a512d01 2092 else
b12f62cf
AG		 2093 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2094 cp->addr.type, sec_level, auth_type);
7a512d01 2095
30e76272 2096 if (IS_ERR(conn)) {
489dc48e
AK		 2097 int status;
2098
2099 if (PTR_ERR(conn) == -EBUSY)
2100 status = MGMT_STATUS_BUSY;
2101 else
2102 status = MGMT_STATUS_CONNECT_FAILED;
2103
bdb6d971 2104 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2105 status, &rp,
04124681 2106 sizeof(rp));
e9a416b5
JH		 2107 goto unlock;
2108 }
2109
2110 if (conn->connect_cfm_cb) {
2111 hci_conn_put(conn);
bdb6d971 2112 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2113 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2114 goto unlock;
2115 }
2116
2e58ef3e 2117 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2118 if (!cmd) {
2119 err = -ENOMEM;
2120 hci_conn_put(conn);
2121 goto unlock;
2122 }
2123
7a512d01 2124 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2125 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2126 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2127 else
2128 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2129
e9a416b5
JH		 2130 conn->security_cfm_cb = pairing_complete_cb;
2131 conn->disconn_cfm_cb = pairing_complete_cb;
2132 conn->io_capability = cp->io_cap;
2133 cmd->user_data = conn;
2134
2135 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2136 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2137 pairing_complete(cmd, 0);
2138
2139 err = 0;
2140
2141unlock:
09fd0de5 2142 hci_dev_unlock(hdev);
e9a416b5
JH		 2143 return err;
2144}
2145
04124681
GP		 2146static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2147 u16 len)
28424707 2148{
0f4e68cf 2149 struct mgmt_addr_info *addr = data;
28424707
JH		 2150 struct pending_cmd *cmd;
2151 struct hci_conn *conn;
2152 int err;
2153
2154 BT_DBG("");
2155
28424707
JH		 2156 hci_dev_lock(hdev);
2157
5f97c1df 2158 if (!hdev_is_powered(hdev)) {
bdb6d971 2159 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2160 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2161 goto unlock;
2162 }
2163
28424707
JH		 2164 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2165 if (!cmd) {
bdb6d971 2166 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2167 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2168 goto unlock;
2169 }
2170
2171 conn = cmd->user_data;
2172
2173 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2174 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2175 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2176 goto unlock;
2177 }
2178
2179 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2180
bdb6d971 2181 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2182 addr, sizeof(*addr));
28424707
JH		 2183unlock:
2184 hci_dev_unlock(hdev);
28424707
JH		 2185 return err;
2186}
2187
bdb6d971 2188static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2189 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2190 u16 hci_op, __le32 passkey)
a5c29683 2191{
a5c29683 2192 struct pending_cmd *cmd;
0df4c185 2193 struct hci_conn *conn;
a5c29683
JH		 2194 int err;
2195
09fd0de5 2196 hci_dev_lock(hdev);
08ba5382 2197
4b34ee78 2198 if (!hdev_is_powered(hdev)) {
bdb6d971 2199 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2200 MGMT_STATUS_NOT_POWERED);
0df4c185 2201 goto done;
a5c29683
JH		 2202 }
2203
591f47f3 2204 if (type == BDADDR_BREDR)
272d90df
JH		 2205 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2206 else
47c15e2b 2207 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2208
2209 if (!conn) {
bdb6d971 2210 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2211 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2212 goto done;
2213 }
47c15e2b 2214
591f47f3 2215 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2216 /* Continue with pairing via SMP */
5fe57d9e
BG		 2217 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2218
2219 if (!err)
bdb6d971 2220 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2221 MGMT_STATUS_SUCCESS);
5fe57d9e 2222 else
bdb6d971 2223 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2224 MGMT_STATUS_FAILED);
47c15e2b 2225
47c15e2b
BG		 2226 goto done;
2227 }
2228
0df4c185 2229 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2230 if (!cmd) {
2231 err = -ENOMEM;
0df4c185 2232 goto done;
a5c29683
JH		 2233 }
2234
0df4c185 2235 /* Continue with pairing via HCI */
604086b7
BG		 2236 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2237 struct hci_cp_user_passkey_reply cp;
2238
2239 bacpy(&cp.bdaddr, bdaddr);
2240 cp.passkey = passkey;
2241 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2242 } else
2243 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2244
a664b5bc
JH		 2245 if (err < 0)
2246 mgmt_pending_remove(cmd);
a5c29683 2247
0df4c185 2248done:
09fd0de5 2249 hci_dev_unlock(hdev);
a5c29683
JH		 2250 return err;
2251}
2252
afeb019d
JK		 2253static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2254 void *data, u16 len)
2255{
2256 struct mgmt_cp_pin_code_neg_reply *cp = data;
2257
2258 BT_DBG("");
2259
2260 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2261 MGMT_OP_PIN_CODE_NEG_REPLY,
2262 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2263}
2264
04124681
GP		 2265static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2266 u16 len)
0df4c185 2267{
650f726d 2268 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2269
2270 BT_DBG("");
2271
2272 if (len != sizeof(*cp))
bdb6d971 2273 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2274 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2275
bdb6d971 2276 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2277 MGMT_OP_USER_CONFIRM_REPLY,
2278 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2279}
2280
bdb6d971 2281static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2282 void *data, u16 len)
0df4c185 2283{
c9c2659f 2284 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2285
2286 BT_DBG("");
2287
bdb6d971 2288 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2289 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2290 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2291}
2292
04124681
GP		 2293static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2294 u16 len)
604086b7 2295{
650f726d 2296 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2297
2298 BT_DBG("");
2299
bdb6d971 2300 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2301 MGMT_OP_USER_PASSKEY_REPLY,
2302 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2303}
2304
bdb6d971 2305static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2306 void *data, u16 len)
604086b7 2307{
650f726d 2308 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2309
2310 BT_DBG("");
2311
bdb6d971 2312 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2313 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2314 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2315}
2316
890ea898 2317static void update_name(struct hci_request *req, const char *name)
2b4bf397
JH		 2318{
2319 struct hci_cp_write_local_name cp;
2320
2321 memcpy(cp.name, name, sizeof(cp.name));
2322
890ea898 2323 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2324}
2325
bdb6d971 2326static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2327 u16 len)
b312b161 2328{
2b4bf397 2329 struct mgmt_cp_set_local_name *cp = data;
b312b161 2330 struct pending_cmd *cmd;
890ea898 2331 struct hci_request req;
b312b161
JH		 2332 int err;
2333
2334 BT_DBG("");
2335
09fd0de5 2336 hci_dev_lock(hdev);
b312b161 2337
2b4bf397 2338 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2339
b5235a65 2340 if (!hdev_is_powered(hdev)) {
2b4bf397 2341 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2342
2343 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2344 data, len);
28cc7bde
JH		 2345 if (err < 0)
2346 goto failed;
2347
2348 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2349 sk);
28cc7bde 2350
b5235a65
JH		 2351 goto failed;
2352 }
2353
28cc7bde 2354 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2355 if (!cmd) {
2356 err = -ENOMEM;
2357 goto failed;
2358 }
2359
890ea898
JH		 2360 hci_req_init(&req, hdev);
2361 update_name(&req, cp->name);
2362 err = hci_req_run(&req, NULL);
b312b161
JH		 2363 if (err < 0)
2364 mgmt_pending_remove(cmd);
2365
2366failed:
09fd0de5 2367 hci_dev_unlock(hdev);
b312b161
JH		 2368 return err;
2369}
2370
0f4e68cf 2371static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2372 void *data, u16 data_len)
c35938b2 2373{
c35938b2
SJ		 2374 struct pending_cmd *cmd;
2375 int err;
2376
bdb6d971 2377 BT_DBG("%s", hdev->name);
c35938b2 2378
09fd0de5 2379 hci_dev_lock(hdev);
c35938b2 2380
4b34ee78 2381 if (!hdev_is_powered(hdev)) {
bdb6d971 2382 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2383 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2384 goto unlock;
2385 }
2386
9a1a1996 2387 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2388 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2389 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2390 goto unlock;
2391 }
2392
2e58ef3e 2393 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2394 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2395 MGMT_STATUS_BUSY);
c35938b2
SJ		 2396 goto unlock;
2397 }
2398
2e58ef3e 2399 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2400 if (!cmd) {
2401 err = -ENOMEM;
2402 goto unlock;
2403 }
2404
2405 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2406 if (err < 0)
2407 mgmt_pending_remove(cmd);
2408
2409unlock:
09fd0de5 2410 hci_dev_unlock(hdev);
c35938b2
SJ		 2411 return err;
2412}
2413
bdb6d971 2414static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2415 void *data, u16 len)
2763eda6 2416{
650f726d 2417 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2418 u8 status;
2763eda6
SJ		 2419 int err;
2420
bdb6d971 2421 BT_DBG("%s ", hdev->name);
2763eda6 2422
09fd0de5 2423 hci_dev_lock(hdev);
2763eda6 2424
664ce4cc 2425 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2426 cp->randomizer);
2763eda6 2427 if (err < 0)
bf1e3541 2428 status = MGMT_STATUS_FAILED;
2763eda6 2429 else
a6785be2 2430 status = MGMT_STATUS_SUCCESS;
bf1e3541 2431
bdb6d971 2432 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2433 &cp->addr, sizeof(cp->addr));
2763eda6 2434
09fd0de5 2435 hci_dev_unlock(hdev);
2763eda6
SJ		 2436 return err;
2437}
2438
bdb6d971 2439static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2440 void *data, u16 len)
2763eda6 2441{
650f726d 2442 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2443 u8 status;
2763eda6
SJ		 2444 int err;
2445
bdb6d971 2446 BT_DBG("%s", hdev->name);
2763eda6 2447
09fd0de5 2448 hci_dev_lock(hdev);
2763eda6 2449
664ce4cc 2450 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2451 if (err < 0)
bf1e3541 2452 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2453 else
a6785be2 2454 status = MGMT_STATUS_SUCCESS;
bf1e3541 2455
bdb6d971 2456 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2457 status, &cp->addr, sizeof(cp->addr));
2763eda6 2458
09fd0de5 2459 hci_dev_unlock(hdev);
2763eda6
SJ		 2460 return err;
2461}
2462
5e0452c0
AG		 2463int mgmt_interleaved_discovery(struct hci_dev *hdev)
2464{
2465 int err;
2466
2467 BT_DBG("%s", hdev->name);
2468
2469 hci_dev_lock(hdev);
2470
2471 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2472 if (err < 0)
2473 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2474
2475 hci_dev_unlock(hdev);
2476
2477 return err;
2478}
2479
bdb6d971 2480static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2481 void *data, u16 len)
14a53664 2482{
650f726d 2483 struct mgmt_cp_start_discovery *cp = data;
14a53664 2484 struct pending_cmd *cmd;
14a53664
JH		 2485 int err;
2486
bdb6d971 2487 BT_DBG("%s", hdev->name);
14a53664 2488
09fd0de5 2489 hci_dev_lock(hdev);
14a53664 2490
4b34ee78 2491 if (!hdev_is_powered(hdev)) {
bdb6d971 2492 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2493 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2494 goto failed;
2495 }
2496
642be6c7
AG		 2497 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2498 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2499 MGMT_STATUS_BUSY);
2500 goto failed;
2501 }
2502
ff9ef578 2503 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2504 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2505 MGMT_STATUS_BUSY);
ff9ef578
JH		 2506 goto failed;
2507 }
2508
2e58ef3e 2509 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2510 if (!cmd) {
2511 err = -ENOMEM;
2512 goto failed;
2513 }
2514
4aab14e5
AG		 2515 hdev->discovery.type = cp->type;
2516
2517 switch (hdev->discovery.type) {
f39799f5 2518 case DISCOV_TYPE_BREDR:
04106755
JH		 2519 if (!lmp_bredr_capable(hdev)) {
2520 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2521 MGMT_STATUS_NOT_SUPPORTED);
2522 mgmt_pending_remove(cmd);
2523 goto failed;
2524 }
2525
2526 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2527 break;
2528
2529 case DISCOV_TYPE_LE:
04106755
JH		 2530 if (!lmp_host_le_capable(hdev)) {
2531 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2532 MGMT_STATUS_NOT_SUPPORTED);
2533 mgmt_pending_remove(cmd);
2534 goto failed;
2535 }
2536
2537 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2538 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2539 break;
2540
5e0452c0 2541 case DISCOV_TYPE_INTERLEAVED:
04106755
JH		 2542 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2543 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2544 MGMT_STATUS_NOT_SUPPORTED);
2545 mgmt_pending_remove(cmd);
2546 goto failed;
2547 }
2548
2549 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2550 LE_SCAN_TIMEOUT_BREDR_LE);
5e0452c0
AG		 2551 break;
2552
f39799f5 2553 default:
04106755
JH		 2554 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2555 MGMT_STATUS_INVALID_PARAMS);
2556 mgmt_pending_remove(cmd);
2557 goto failed;
f39799f5 2558 }
3fd24153 2559
14a53664
JH		 2560 if (err < 0)
2561 mgmt_pending_remove(cmd);
ff9ef578
JH		 2562 else
2563 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2564
2565failed:
09fd0de5 2566 hci_dev_unlock(hdev);
14a53664
JH		 2567 return err;
2568}
2569
bdb6d971 2570static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2571 u16 len)
14a53664 2572{
d930650b 2573 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2574 struct pending_cmd *cmd;
30dc78e1
JH		 2575 struct hci_cp_remote_name_req_cancel cp;
2576 struct inquiry_entry *e;
14a53664
JH		 2577 int err;
2578
bdb6d971 2579 BT_DBG("%s", hdev->name);
14a53664 2580
09fd0de5 2581 hci_dev_lock(hdev);
14a53664 2582
30dc78e1 2583 if (!hci_discovery_active(hdev)) {
bdb6d971 2584 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2585 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2586 sizeof(mgmt_cp->type));
d930650b
JH		 2587 goto unlock;
2588 }
2589
2590 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2591 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2592 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2593 sizeof(mgmt_cp->type));
30dc78e1 2594 goto unlock;
ff9ef578
JH		 2595 }
2596
2e58ef3e 2597 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2598 if (!cmd) {
2599 err = -ENOMEM;
30dc78e1
JH		 2600 goto unlock;
2601 }
2602
e0d9727e
AG		 2603 switch (hdev->discovery.state) {
2604 case DISCOVERY_FINDING:
c9ecc48e
AG		 2605 if (test_bit(HCI_INQUIRY, &hdev->flags))
2606 err = hci_cancel_inquiry(hdev);
2607 else
2608 err = hci_cancel_le_scan(hdev);
2609
e0d9727e
AG		 2610 break;
2611
2612 case DISCOVERY_RESOLVING:
2613 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2614 NAME_PENDING);
e0d9727e 2615 if (!e) {
30dc78e1 2616 mgmt_pending_remove(cmd);
e0d9727e
AG		 2617 err = cmd_complete(sk, hdev->id,
2618 MGMT_OP_STOP_DISCOVERY, 0,
2619 &mgmt_cp->type,
2620 sizeof(mgmt_cp->type));
2621 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2622 goto unlock;
2623 }
30dc78e1 2624
e0d9727e
AG		 2625 bacpy(&cp.bdaddr, &e->data.bdaddr);
2626 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2627 sizeof(cp), &cp);
2628
2629 break;
2630
2631 default:
2632 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2633 err = -EFAULT;
14a53664
JH		 2634 }
2635
14a53664
JH		 2636 if (err < 0)
2637 mgmt_pending_remove(cmd);
ff9ef578
JH		 2638 else
2639 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2640
30dc78e1 2641unlock:
09fd0de5 2642 hci_dev_unlock(hdev);
14a53664
JH		 2643 return err;
2644}
2645
bdb6d971 2646static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2647 u16 len)
561aafbc 2648{
650f726d 2649 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2650 struct inquiry_entry *e;
561aafbc
JH		 2651 int err;
2652
bdb6d971 2653 BT_DBG("%s", hdev->name);
561aafbc 2654
561aafbc
JH		 2655 hci_dev_lock(hdev);
2656
30dc78e1 2657 if (!hci_discovery_active(hdev)) {
bdb6d971 2658 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2659 MGMT_STATUS_FAILED);
30dc78e1
JH		 2660 goto failed;
2661 }
2662
a198e7b1 2663 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2664 if (!e) {
bdb6d971 2665 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2666 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2667 goto failed;
2668 }
2669
2670 if (cp->name_known) {
2671 e->name_state = NAME_KNOWN;
2672 list_del(&e->list);
2673 } else {
2674 e->name_state = NAME_NEEDED;
a3d4e20a 2675 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2676 }
2677
e384662b
JH		 2678 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2679 sizeof(cp->addr));
561aafbc
JH		 2680
2681failed:
2682 hci_dev_unlock(hdev);
561aafbc
JH		 2683 return err;
2684}
2685
bdb6d971 2686static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2687 u16 len)
7fbec224 2688{
650f726d 2689 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2690 u8 status;
7fbec224
AJ		 2691 int err;
2692
bdb6d971 2693 BT_DBG("%s", hdev->name);
7fbec224 2694
4ee71b20 2695 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2696 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2697 MGMT_STATUS_INVALID_PARAMS,
2698 &cp->addr, sizeof(cp->addr));
4ee71b20 2699
09fd0de5 2700 hci_dev_lock(hdev);
5e762444 2701
88c1fe4b 2702 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2703 if (err < 0)
f0eeea8b 2704 status = MGMT_STATUS_FAILED;
7fbec224 2705 else
a6785be2 2706 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2707
bdb6d971 2708 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2709 &cp->addr, sizeof(cp->addr));
5e762444 2710
09fd0de5 2711 hci_dev_unlock(hdev);
7fbec224
AJ		 2712
2713 return err;
2714}
2715
bdb6d971 2716static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2717 u16 len)
7fbec224 2718{
650f726d 2719 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2720 u8 status;
7fbec224
AJ		 2721 int err;
2722
bdb6d971 2723 BT_DBG("%s", hdev->name);
7fbec224 2724
4ee71b20 2725 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2726 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2727 MGMT_STATUS_INVALID_PARAMS,
2728 &cp->addr, sizeof(cp->addr));
4ee71b20 2729
09fd0de5 2730 hci_dev_lock(hdev);
5e762444 2731
88c1fe4b 2732 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2733 if (err < 0)
f0eeea8b 2734 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2735 else
a6785be2 2736 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2737
bdb6d971 2738 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2739 &cp->addr, sizeof(cp->addr));
5e762444 2740
09fd0de5 2741 hci_dev_unlock(hdev);
7fbec224
AJ		 2742
2743 return err;
2744}
2745
cdbaccca
MH		 2746static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2747 u16 len)
2748{
2749 struct mgmt_cp_set_device_id *cp = data;
890ea898 2750 struct hci_request req;
cdbaccca 2751 int err;
c72d4b8a 2752 __u16 source;
cdbaccca
MH		 2753
2754 BT_DBG("%s", hdev->name);
2755
c72d4b8a
SJ		 2756 source = __le16_to_cpu(cp->source);
2757
2758 if (source > 0x0002)
2759 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2760 MGMT_STATUS_INVALID_PARAMS);
2761
cdbaccca
MH		 2762 hci_dev_lock(hdev);
2763
c72d4b8a 2764 hdev->devid_source = source;
cdbaccca
MH		 2765 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2766 hdev->devid_product = __le16_to_cpu(cp->product);
2767 hdev->devid_version = __le16_to_cpu(cp->version);
2768
2769 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2770
890ea898
JH		 2771 hci_req_init(&req, hdev);
2772 update_eir(&req);
2773 hci_req_run(&req, NULL);
cdbaccca
MH		 2774
2775 hci_dev_unlock(hdev);
2776
2777 return err;
2778}
2779
bdb6d971 2780static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2781 void *data, u16 len)
f6422ec6 2782{
650f726d 2783 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2784 struct hci_cp_write_page_scan_activity acp;
2785 u8 type;
2786 int err;
2787
bdb6d971 2788 BT_DBG("%s", hdev->name);
f6422ec6 2789
33c525c0
JH		 2790 if (!lmp_bredr_capable(hdev))
2791 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2792 MGMT_STATUS_NOT_SUPPORTED);
2793
a7e80f25
JH		 2794 if (cp->val != 0x00 && cp->val != 0x01)
2795 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2796 MGMT_STATUS_INVALID_PARAMS);
2797
5400c044 2798 if (!hdev_is_powered(hdev))
bdb6d971 2799 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2800 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2801
2802 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2803 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2804 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2805
2806 hci_dev_lock(hdev);
2807
f7c6869c 2808 if (cp->val) {
f6422ec6 2809 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2810
83ce9a06
JH		 2811 /* 160 msec page scan interval */
2812 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2813 } else {
2814 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2815
2816 /* default 1.28 sec page scan */
2817 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2818 }
2819
76ec9de8
AE		 2820 /* default 11.25 msec page scan window */
2821 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2822
04124681
GP		 2823 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2824 &acp);
f6422ec6 2825 if (err < 0) {
bdb6d971 2826 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2827 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2828 goto done;
2829 }
2830
2831 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2832 if (err < 0) {
bdb6d971 2833 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2834 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2835 goto done;
2836 }
2837
bdb6d971 2838 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2839 NULL, 0);
f6422ec6
AJ		 2840done:
2841 hci_dev_unlock(hdev);
f6422ec6
AJ		 2842 return err;
2843}
2844
3f706b72
JH		 2845static bool ltk_is_valid(struct mgmt_ltk_info *key)
2846{
44b20d33
JH		 2847 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2848 return false;
3f706b72
JH		 2849 if (key->master != 0x00 && key->master != 0x01)
2850 return false;
4ee71b20
JH		 2851 if (!bdaddr_type_is_le(key->addr.type))
2852 return false;
3f706b72
JH		 2853 return true;
2854}
2855
bdb6d971 2856static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2857 void *cp_data, u16 len)
346af67b 2858{
346af67b
VCG		 2859 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2860 u16 key_count, expected_len;
715a5bf2 2861 int i, err;
346af67b 2862
1f350c87 2863 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2864
2865 expected_len = sizeof(*cp) + key_count *
2866 sizeof(struct mgmt_ltk_info);
2867 if (expected_len != len) {
2868 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2869 len, expected_len);
bdb6d971 2870 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 2871 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 2872 }
2873
bdb6d971 2874 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 2875
54ad6d8a
JH		 2876 for (i = 0; i < key_count; i++) {
2877 struct mgmt_ltk_info *key = &cp->keys[i];
2878
3f706b72 2879 if (!ltk_is_valid(key))
54ad6d8a
JH		 2880 return cmd_status(sk, hdev->id,
2881 MGMT_OP_LOAD_LONG_TERM_KEYS,
2882 MGMT_STATUS_INVALID_PARAMS);
2883 }
2884
346af67b
VCG		 2885 hci_dev_lock(hdev);
2886
2887 hci_smp_ltks_clear(hdev);
2888
2889 for (i = 0; i < key_count; i++) {
2890 struct mgmt_ltk_info *key = &cp->keys[i];
2891 u8 type;
2892
2893 if (key->master)
2894 type = HCI_SMP_LTK;
2895 else
2896 type = HCI_SMP_LTK_SLAVE;
2897
4596fde5 2898 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2899 bdaddr_to_le(key->addr.type),
04124681
GP		 2900 type, 0, key->authenticated, key->val,
2901 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2902 }
2903
715a5bf2
JH		 2904 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2905 NULL, 0);
2906
346af67b 2907 hci_dev_unlock(hdev);
346af67b 2908
715a5bf2 2909 return err;
346af67b
VCG		 2910}
2911
2e3c35ea 2912static const struct mgmt_handler {
04124681
GP		 2913 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2914 u16 data_len);
be22b54e
JH		 2915 bool var_len;
2916 size_t data_len;
0f4e68cf
JH		 2917} mgmt_handlers[] = {
2918 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2919 { read_version, false, MGMT_READ_VERSION_SIZE },
2920 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2921 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2922 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2923 { set_powered, false, MGMT_SETTING_SIZE },
2924 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2925 { set_connectable, false, MGMT_SETTING_SIZE },
2926 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2927 { set_pairable, false, MGMT_SETTING_SIZE },
2928 { set_link_security, false, MGMT_SETTING_SIZE },
2929 { set_ssp, false, MGMT_SETTING_SIZE },
2930 { set_hs, false, MGMT_SETTING_SIZE },
2931 { set_le, false, MGMT_SETTING_SIZE },
2932 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2933 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2934 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2935 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2936 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2937 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2938 { disconnect, false, MGMT_DISCONNECT_SIZE },
2939 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2940 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2941 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2942 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2943 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2944 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2945 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2946 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2947 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2948 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2949 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2950 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2951 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2952 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2953 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2954 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2955 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2956 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2957 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2958 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2959};
2960
2961
0381101f
JH		 2962int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2963{
650f726d
VCG		 2964 void *buf;
2965 u8 *cp;
0381101f 2966 struct mgmt_hdr *hdr;
4e51eae9 2967 u16 opcode, index, len;
bdb6d971 2968 struct hci_dev *hdev = NULL;
2e3c35ea 2969 const struct mgmt_handler *handler;
0381101f
JH		 2970 int err;
2971
2972 BT_DBG("got %zu bytes", msglen);
2973
2974 if (msglen < sizeof(*hdr))
2975 return -EINVAL;
2976
e63a15ec 2977 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2978 if (!buf)
2979 return -ENOMEM;
2980
2981 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2982 err = -EFAULT;
2983 goto done;
2984 }
2985
650f726d 2986 hdr = buf;
1f350c87
MH		 2987 opcode = __le16_to_cpu(hdr->opcode);
2988 index = __le16_to_cpu(hdr->index);
2989 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2990
2991 if (len != msglen - sizeof(*hdr)) {
2992 err = -EINVAL;
2993 goto done;
2994 }
2995
0f4e68cf 2996 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2997 hdev = hci_dev_get(index);
2998 if (!hdev) {
2999 err = cmd_status(sk, index, opcode,
04124681 3000 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3001 goto done;
3002 }
3003 }
3004
0f4e68cf 3005 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3006 mgmt_handlers[opcode].func == NULL) {
0381101f 3007 BT_DBG("Unknown op %u", opcode);
ca69b795 3008 err = cmd_status(sk, index, opcode,
04124681 3009 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3010 goto done;
3011 }
3012
3013 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3014 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3015 err = cmd_status(sk, index, opcode,
04124681 3016 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3017 goto done;
0381101f
JH		 3018 }
3019
be22b54e
JH		 3020 handler = &mgmt_handlers[opcode];
3021
3022 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3023 (!handler->var_len && len != handler->data_len)) {
be22b54e 3024 err = cmd_status(sk, index, opcode,
04124681 3025 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3026 goto done;
3027 }
3028
0f4e68cf
JH		 3029 if (hdev)
3030 mgmt_init_hdev(sk, hdev);
3031
3032 cp = buf + sizeof(*hdr);
3033
be22b54e 3034 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3035 if (err < 0)
3036 goto done;
3037
0381101f
JH		 3038 err = msglen;
3039
3040done:
bdb6d971
JH		 3041 if (hdev)
3042 hci_dev_put(hdev);
3043
0381101f
JH		 3044 kfree(buf);
3045 return err;
3046}
c71e97bf 3047
b24752fe
JH		 3048static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3049{
3050 u8 *status = data;
3051
3052 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3053 mgmt_pending_remove(cmd);
3054}
3055
744cf19e 3056int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3057{
bb4b2a9a
AE		 3058 if (!mgmt_valid_hdev(hdev))
3059 return -ENOTSUPP;
3060
744cf19e 3061 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3062}
3063
744cf19e 3064int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3065{
5f159032 3066 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3067
bb4b2a9a
AE		 3068 if (!mgmt_valid_hdev(hdev))
3069 return -ENOTSUPP;
3070
744cf19e 3071 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3072
744cf19e 3073 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3074}
3075
73f22f62 3076struct cmd_lookup {
eec8d2bc 3077 struct sock *sk;
69ab39ea 3078 struct hci_dev *hdev;
90e70454 3079 u8 mgmt_status;
eec8d2bc
JH		 3080};
3081
69ab39ea 3082static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3083{
73f22f62 3084 struct cmd_lookup *match = data;
eec8d2bc 3085
69ab39ea 3086 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3087
3088 list_del(&cmd->list);
3089
3090 if (match->sk == NULL) {
3091 match->sk = cmd->sk;
3092 sock_hold(match->sk);
3093 }
3094
3095 mgmt_pending_free(cmd);
c71e97bf 3096}
5add6af8 3097
890ea898 3098static void set_bredr_scan(struct hci_request *req)
7f0ae647 3099{
890ea898 3100 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3101 u8 scan = 0;
3102
3103 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3104 scan |= SCAN_PAGE;
3105 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3106 scan |= SCAN_INQUIRY;
3107
890ea898
JH		 3108 if (scan)
3109 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3110}
3111
229ab39c
JH		 3112static void powered_complete(struct hci_dev *hdev, u8 status)
3113{
3114 struct cmd_lookup match = { NULL, hdev };
3115
3116 BT_DBG("status 0x%02x", status);
3117
3118 hci_dev_lock(hdev);
3119
3120 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3121
3122 new_settings(hdev, match.sk);
3123
3124 hci_dev_unlock(hdev);
3125
3126 if (match.sk)
3127 sock_put(match.sk);
3128}
3129
70da6243 3130static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3131{
890ea898 3132 struct hci_request req;
70da6243 3133 u8 link_sec;
5add6af8 3134
890ea898
JH		 3135 hci_req_init(&req, hdev);
3136
70da6243
JH		 3137 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3138 !lmp_host_ssp_capable(hdev)) {
3139 u8 ssp = 1;
5e5282bb 3140
890ea898 3141 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3142 }
5add6af8 3143
70da6243
JH		 3144 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3145 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3146
70da6243
JH		 3147 cp.le = 1;
3148 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3149
70da6243
JH		 3150 /* Check first if we already have the right
3151 * host state (host features set)
3152 */
3153 if (cp.le != lmp_host_le_capable(hdev) ||
3154 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3155 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3156 sizeof(cp), &cp);
70da6243 3157 }
3d1cbdd6 3158
70da6243
JH		 3159 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3160 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3161 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3162 sizeof(link_sec), &link_sec);
562fcc24 3163
70da6243 3164 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3165 set_bredr_scan(&req);
3166 update_class(&req);
3167 update_name(&req, hdev->dev_name);
3168 update_eir(&req);
70da6243 3169 }
562fcc24 3170
229ab39c 3171 return hci_req_run(&req, powered_complete);
70da6243 3172}
562fcc24 3173
70da6243
JH		 3174int mgmt_powered(struct hci_dev *hdev, u8 powered)
3175{
3176 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3177 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3178 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3179 int err;
f0ff92fb 3180
70da6243
JH		 3181 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3182 return 0;
3183
70da6243 3184 if (powered) {
229ab39c
JH		 3185 if (powered_update_hci(hdev) == 0)
3186 return 0;
fe038884 3187
229ab39c
JH		 3188 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3189 &match);
3190 goto new_settings;
b24752fe
JH		 3191 }
3192
229ab39c
JH		 3193 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3194 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3195
3196 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3197 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3198 zero_cod, sizeof(zero_cod), NULL);
3199
3200new_settings:
beadb2bd 3201 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3202
3203 if (match.sk)
3204 sock_put(match.sk);
3205
7bb895d6 3206 return err;
5add6af8 3207}
73f22f62 3208
744cf19e 3209int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3210{
76a7f3a4 3211 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3212 bool changed = false;
3213 int err = 0;
73f22f62 3214
5e5282bb
JH		 3215 if (discoverable) {
3216 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3217 changed = true;
3218 } else {
3219 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3220 changed = true;
3221 }
73f22f62 3222
ed9b5f2f 3223 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3224 &match);
ed9b5f2f 3225
beadb2bd
JH		 3226 if (changed)
3227 err = new_settings(hdev, match.sk);
5e5282bb 3228
73f22f62
JH		 3229 if (match.sk)
3230 sock_put(match.sk);
3231
7bb895d6 3232 return err;
73f22f62 3233}
9fbcbb45 3234
744cf19e 3235int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3236{
76a7f3a4 3237 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3238 bool changed = false;
3239 int err = 0;
9fbcbb45 3240
5e5282bb
JH		 3241 if (connectable) {
3242 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3243 changed = true;
3244 } else {
3245 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3246 changed = true;
3247 }
9fbcbb45 3248
ed9b5f2f 3249 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3250 &match);
ed9b5f2f 3251
beadb2bd
JH		 3252 if (changed)
3253 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3254
3255 if (match.sk)
3256 sock_put(match.sk);
3257
7bb895d6 3258 return err;
9fbcbb45 3259}
55ed8ca1 3260
744cf19e 3261int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3262{
ca69b795
JH		 3263 u8 mgmt_err = mgmt_status(status);
3264
2d7cee58 3265 if (scan & SCAN_PAGE)
744cf19e 3266 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3267 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3268
3269 if (scan & SCAN_INQUIRY)
744cf19e 3270 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3271 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3272
3273 return 0;
3274}
3275
53168e5b
CC		 3276int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3277 bool persistent)
55ed8ca1 3278{
86742e1e 3279 struct mgmt_ev_new_link_key ev;
55ed8ca1 3280
a492cd52 3281 memset(&ev, 0, sizeof(ev));
55ed8ca1 3282
a492cd52 3283 ev.store_hint = persistent;
d753fdc4 3284 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3285 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3286 ev.key.type = key->type;
9b3b4460 3287 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3288 ev.key.pin_len = key->pin_len;
55ed8ca1 3289
744cf19e 3290 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3291}
f7520543 3292
346af67b
VCG		 3293int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3294{
3295 struct mgmt_ev_new_long_term_key ev;
3296
3297 memset(&ev, 0, sizeof(ev));
3298
3299 ev.store_hint = persistent;
3300 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3301 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3302 ev.key.authenticated = key->authenticated;
3303 ev.key.enc_size = key->enc_size;
3304 ev.key.ediv = key->ediv;
3305
3306 if (key->type == HCI_SMP_LTK)
3307 ev.key.master = 1;
3308
3309 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3310 memcpy(ev.key.val, key->val, sizeof(key->val));
3311
04124681
GP		 3312 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3313 NULL);
346af67b
VCG		 3314}
3315
afc747a6 3316int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3317 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3318 u8 *dev_class)
f7520543 3319{
b644ba33
JH		 3320 char buf[512];
3321 struct mgmt_ev_device_connected *ev = (void *) buf;
3322 u16 eir_len = 0;
f7520543 3323
b644ba33 3324 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3325 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3326
c95f0ba7 3327 ev->flags = __cpu_to_le32(flags);
08c79b61 3328
b644ba33
JH		 3329 if (name_len > 0)
3330 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3331 name, name_len);
b644ba33
JH		 3332
3333 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3334 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3335 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3336
eb55ef07 3337 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3338
3339 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3340 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3341}
3342
8962ee74
JH		 3343static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3344{
c68fb7ff 3345 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3346 struct sock **sk = data;
a38528f1 3347 struct mgmt_rp_disconnect rp;
8962ee74 3348
88c3df13
JH		 3349 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3350 rp.addr.type = cp->addr.type;
8962ee74 3351
aee9b218 3352 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3353 sizeof(rp));
8962ee74
JH		 3354
3355 *sk = cmd->sk;
3356 sock_hold(*sk);
3357
a664b5bc 3358 mgmt_pending_remove(cmd);
8962ee74
JH		 3359}
3360
124f6e35 3361static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3362{
b1078ad0 3363 struct hci_dev *hdev = data;
124f6e35
JH		 3364 struct mgmt_cp_unpair_device *cp = cmd->param;
3365 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3366
3367 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3368 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3369 rp.addr.type = cp->addr.type;
a8a1d19e 3370
b1078ad0
JH		 3371 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3372
aee9b218 3373 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3374
3375 mgmt_pending_remove(cmd);
3376}
3377
afc747a6 3378int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3379 u8 link_type, u8 addr_type, u8 reason)
f7520543 3380{
f0d6a0ea 3381 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3382 struct sock *sk = NULL;
3383 int err;
3384
744cf19e 3385 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3386
f0d6a0ea
MA		 3387 bacpy(&ev.addr.bdaddr, bdaddr);
3388 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3389 ev.reason = reason;
f7520543 3390
afc747a6 3391 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3392 sk);
8962ee74
JH		 3393
3394 if (sk)
d97dcb66 3395 sock_put(sk);
8962ee74 3396
124f6e35 3397 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3398 hdev);
a8a1d19e 3399
8962ee74
JH		 3400 return err;
3401}
3402
88c3df13 3403int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3404 u8 link_type, u8 addr_type, u8 status)
8962ee74 3405{
88c3df13 3406 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3407 struct pending_cmd *cmd;
3408 int err;
3409
36a75f1b
JD		 3410 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3411 hdev);
3412
2e58ef3e 3413 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3414 if (!cmd)
3415 return -ENOENT;
3416
88c3df13 3417 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3418 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3419
88c3df13 3420 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3421 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3422
a664b5bc 3423 mgmt_pending_remove(cmd);
8962ee74
JH		 3424
3425 return err;
f7520543 3426}
17d5c04c 3427
48264f06 3428int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3429 u8 addr_type, u8 status)
17d5c04c
JH		 3430{
3431 struct mgmt_ev_connect_failed ev;
3432
4c659c39 3433 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3434 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3435 ev.status = mgmt_status(status);
17d5c04c 3436
744cf19e 3437 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3438}
980e1a53 3439
744cf19e 3440int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3441{
3442 struct mgmt_ev_pin_code_request ev;
3443
d8457698 3444 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3445 ev.addr.type = BDADDR_BREDR;
a770bb5a 3446 ev.secure = secure;
980e1a53 3447
744cf19e 3448 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3449 NULL);
980e1a53
JH		 3450}
3451
744cf19e 3452int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3453 u8 status)
980e1a53
JH		 3454{
3455 struct pending_cmd *cmd;
ac56fb13 3456 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3457 int err;
3458
2e58ef3e 3459 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3460 if (!cmd)
3461 return -ENOENT;
3462
d8457698 3463 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3464 rp.addr.type = BDADDR_BREDR;
ac56fb13 3465
aee9b218 3466 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3467 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3468
a664b5bc 3469 mgmt_pending_remove(cmd);
980e1a53
JH		 3470
3471 return err;
3472}
3473
744cf19e 3474int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3475 u8 status)
980e1a53
JH		 3476{
3477 struct pending_cmd *cmd;
ac56fb13 3478 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3479 int err;
3480
2e58ef3e 3481 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3482 if (!cmd)
3483 return -ENOENT;
3484
d8457698 3485 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3486 rp.addr.type = BDADDR_BREDR;
ac56fb13 3487
aee9b218 3488 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3489 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3490
a664b5bc 3491 mgmt_pending_remove(cmd);
980e1a53
JH		 3492
3493 return err;
3494}
a5c29683 3495
744cf19e 3496int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3497 u8 link_type, u8 addr_type, __le32 value,
3498 u8 confirm_hint)
a5c29683
JH		 3499{
3500 struct mgmt_ev_user_confirm_request ev;
3501
744cf19e 3502 BT_DBG("%s", hdev->name);
a5c29683 3503
272d90df 3504 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3505 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3506 ev.confirm_hint = confirm_hint;
78e8098e 3507 ev.value = value;
a5c29683 3508
744cf19e 3509 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3510 NULL);
a5c29683
JH		 3511}
3512
272d90df 3513int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3514 u8 link_type, u8 addr_type)
604086b7
BG		 3515{
3516 struct mgmt_ev_user_passkey_request ev;
3517
3518 BT_DBG("%s", hdev->name);
3519
272d90df 3520 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3521 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3522
3523 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3524 NULL);
604086b7
BG		 3525}
3526
0df4c185 3527static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3528 u8 link_type, u8 addr_type, u8 status,
3529 u8 opcode)
a5c29683
JH		 3530{
3531 struct pending_cmd *cmd;
3532 struct mgmt_rp_user_confirm_reply rp;
3533 int err;
3534
2e58ef3e 3535 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3536 if (!cmd)
3537 return -ENOENT;
3538
272d90df 3539 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3540 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3541 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3542 &rp, sizeof(rp));
a5c29683 3543
a664b5bc 3544 mgmt_pending_remove(cmd);
a5c29683
JH		 3545
3546 return err;
3547}
3548
744cf19e 3549int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3550 u8 link_type, u8 addr_type, u8 status)
a5c29683 3551{
272d90df 3552 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3553 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3554}
3555
272d90df 3556int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3557 u8 link_type, u8 addr_type, u8 status)
a5c29683 3558{
272d90df 3559 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3560 status,
3561 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3562}
2a611692 3563
604086b7 3564int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3565 u8 link_type, u8 addr_type, u8 status)
604086b7 3566{
272d90df 3567 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3568 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3569}
3570
272d90df 3571int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3572 u8 link_type, u8 addr_type, u8 status)
604086b7 3573{
272d90df 3574 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3575 status,
3576 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3577}
3578
92a25256
JH		 3579int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3580 u8 link_type, u8 addr_type, u32 passkey,
3581 u8 entered)
3582{
3583 struct mgmt_ev_passkey_notify ev;
3584
3585 BT_DBG("%s", hdev->name);
3586
3587 bacpy(&ev.addr.bdaddr, bdaddr);
3588 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3589 ev.passkey = __cpu_to_le32(passkey);
3590 ev.entered = entered;
3591
3592 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3593}
3594
bab73cb6 3595int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3596 u8 addr_type, u8 status)
2a611692
JH		 3597{
3598 struct mgmt_ev_auth_failed ev;
3599
bab73cb6 3600 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3601 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3602 ev.status = mgmt_status(status);
2a611692 3603
744cf19e 3604 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3605}
b312b161 3606
33ef95ed
JH		 3607int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3608{
3609 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3610 bool changed = false;
3611 int err = 0;
33ef95ed
JH		 3612
3613 if (status) {
3614 u8 mgmt_err = mgmt_status(status);
3615 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3616 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3617 return 0;
3618 }
3619
47990ea0
JH		 3620 if (test_bit(HCI_AUTH, &hdev->flags)) {
3621 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3622 changed = true;
3623 } else {
3624 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3625 changed = true;
3626 }
3627
33ef95ed 3628 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3629 &match);
33ef95ed 3630
47990ea0
JH		 3631 if (changed)
3632 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3633
3634 if (match.sk)
3635 sock_put(match.sk);
3636
3637 return err;
3638}
3639
890ea898 3640static void clear_eir(struct hci_request *req)
cacaf52f 3641{
890ea898 3642 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3643 struct hci_cp_write_eir cp;
3644
976eb20e 3645 if (!lmp_ext_inq_capable(hdev))
890ea898 3646 return;
cacaf52f 3647
c80da27e
JH		 3648 memset(hdev->eir, 0, sizeof(hdev->eir));
3649
cacaf52f
JH		 3650 memset(&cp, 0, sizeof(cp));
3651
890ea898 3652 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 3653}
3654
c0ecddc2 3655int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3656{
3657 struct cmd_lookup match = { NULL, hdev };
890ea898 3658 struct hci_request req;
c0ecddc2
JH		 3659 bool changed = false;
3660 int err = 0;
ed2c4ee3
JH		 3661
3662 if (status) {
3663 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3664
3665 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3666 &hdev->dev_flags))
c0ecddc2
JH		 3667 err = new_settings(hdev, NULL);
3668
04124681
GP		 3669 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3670 &mgmt_err);
c0ecddc2
JH		 3671
3672 return err;
3673 }
3674
3675 if (enable) {
3676 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3677 changed = true;
3678 } else {
3679 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3680 changed = true;
ed2c4ee3
JH		 3681 }
3682
3683 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3684
c0ecddc2
JH		 3685 if (changed)
3686 err = new_settings(hdev, match.sk);
ed2c4ee3 3687
5fc6ebb1 3688 if (match.sk)
ed2c4ee3
JH		 3689 sock_put(match.sk);
3690
890ea898
JH		 3691 hci_req_init(&req, hdev);
3692
5fc6ebb1 3693 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 3694 update_eir(&req);
5fc6ebb1 3695 else
890ea898
JH		 3696 clear_eir(&req);
3697
3698 hci_req_run(&req, NULL);
cacaf52f 3699
ed2c4ee3
JH		 3700 return err;
3701}
3702
90e70454
JH		 3703static void class_rsp(struct pending_cmd *cmd, void *data)
3704{
3705 struct cmd_lookup *match = data;
3706
3707 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3708 match->hdev->dev_class, 3);
90e70454
JH		 3709
3710 list_del(&cmd->list);
3711
3712 if (match->sk == NULL) {
3713 match->sk = cmd->sk;
3714 sock_hold(match->sk);
3715 }
3716
3717 mgmt_pending_free(cmd);
3718}
3719
7f9a903c 3720int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3721 u8 status)
7f9a903c 3722{
90e70454
JH		 3723 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3724 int err = 0;
7f9a903c 3725
c95f0ba7
JH		 3726 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3727
90e70454
JH		 3728 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3729 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3730 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3731
3732 if (!status)
04124681
GP		 3733 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3734 3, NULL);
90e70454
JH		 3735
3736 if (match.sk)
3737 sock_put(match.sk);
7f9a903c
MH		 3738
3739 return err;
3740}
3741
744cf19e 3742int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3743{
3744 struct pending_cmd *cmd;
3745 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3746 bool changed = false;
3747 int err = 0;
3748
3749 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3750 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3751 changed = true;
3752 }
b312b161
JH		 3753
3754 memset(&ev, 0, sizeof(ev));
3755 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3756 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3757
2e58ef3e 3758 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3759 if (!cmd)
3760 goto send_event;
3761
7bdaae4a
JH		 3762 /* Always assume that either the short or the complete name has
3763 * changed if there was a pending mgmt command */
3764 changed = true;
3765
b312b161 3766 if (status) {
744cf19e 3767 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3768 mgmt_status(status));
b312b161
JH		 3769 goto failed;
3770 }
3771
aee9b218 3772 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3773 sizeof(ev));
b312b161
JH		 3774 if (err < 0)
3775 goto failed;
3776
3777send_event:
28cc7bde
JH		 3778 if (changed)
3779 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3780 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3781
1225a6bd
JH		 3782 /* EIR is taken care of separately when powering on the
3783 * adapter so only update them here if this is a name change
3784 * unrelated to power on.
3785 */
890ea898
JH		 3786 if (!test_bit(HCI_INIT, &hdev->flags)) {
3787 struct hci_request req;
3788 hci_req_init(&req, hdev);
3789 update_eir(&req);
3790 hci_req_run(&req, NULL);
3791 }
b312b161
JH		 3792
3793failed:
3794 if (cmd)
3795 mgmt_pending_remove(cmd);
3796 return err;
3797}
c35938b2 3798
744cf19e 3799int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3800 u8 *randomizer, u8 status)
c35938b2
SJ		 3801{
3802 struct pending_cmd *cmd;
3803 int err;
3804
744cf19e 3805 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3806
2e58ef3e 3807 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3808 if (!cmd)
3809 return -ENOENT;
3810
3811 if (status) {
04124681
GP		 3812 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3813 mgmt_status(status));
c35938b2
SJ		 3814 } else {
3815 struct mgmt_rp_read_local_oob_data rp;
3816
3817 memcpy(rp.hash, hash, sizeof(rp.hash));
3818 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3819
744cf19e 3820 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3821 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3822 sizeof(rp));
c35938b2
SJ		 3823 }
3824
3825 mgmt_pending_remove(cmd);
3826
3827 return err;
3828}
e17acd40 3829
06199cf8
JH		 3830int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3831{
3832 struct cmd_lookup match = { NULL, hdev };
3833 bool changed = false;
3834 int err = 0;
3835
3836 if (status) {
3837 u8 mgmt_err = mgmt_status(status);
3838
3839 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3840 &hdev->dev_flags))
d97dcb66 3841 err = new_settings(hdev, NULL);
06199cf8 3842
d97dcb66
SJ		 3843 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3844 &mgmt_err);
06199cf8
JH		 3845
3846 return err;
3847 }
3848
3849 if (enable) {
3850 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3851 changed = true;
3852 } else {
3853 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3854 changed = true;
3855 }
3856
3857 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3858
3859 if (changed)
3860 err = new_settings(hdev, match.sk);
3861
3862 if (match.sk)
3863 sock_put(match.sk);
3864
3865 return err;
3866}
3867
48264f06 3868int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3869 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3870 ssp, u8 *eir, u16 eir_len)
e17acd40 3871{
e319d2e7
JH		 3872 char buf[512];
3873 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3874 size_t ev_size;
e17acd40 3875
1dc06093
JH		 3876 /* Leave 5 bytes for a potential CoD field */
3877 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3878 return -EINVAL;
3879
1dc06093
JH		 3880 memset(buf, 0, sizeof(buf));
3881
e319d2e7 3882 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3883 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3884 ev->rssi = rssi;
9a395a80 3885 if (cfm_name)
612dfce9 3886 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3887 if (!ssp)
612dfce9 3888 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3889
1dc06093 3890 if (eir_len > 0)
e319d2e7 3891 memcpy(ev->eir, eir, eir_len);
e17acd40 3892
1dc06093
JH		 3893 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3894 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3895 dev_class, 3);
1dc06093 3896
eb55ef07 3897 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3898 ev_size = sizeof(*ev) + eir_len;
f8523598 3899
e319d2e7 3900 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3901}
a88a9652 3902
b644ba33 3903int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3904 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3905{
b644ba33
JH		 3906 struct mgmt_ev_device_found *ev;
3907 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3908 u16 eir_len;
a88a9652 3909
b644ba33 3910 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3911
b644ba33
JH		 3912 memset(buf, 0, sizeof(buf));
3913
3914 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3915 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3916 ev->rssi = rssi;
3917
3918 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3919 name_len);
b644ba33 3920
eb55ef07 3921 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3922
053c7e0c 3923 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3924 sizeof(*ev) + eir_len, NULL);
a88a9652 3925}
314b2381 3926
7a135109 3927int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3928{
3929 struct pending_cmd *cmd;
f808e166 3930 u8 type;
164a6e78
JH		 3931 int err;
3932
203159d4
AG		 3933 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3934
2e58ef3e 3935 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3936 if (!cmd)
3937 return -ENOENT;
3938
f808e166
JH		 3939 type = hdev->discovery.type;
3940
3941 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3942 &type, sizeof(type));
164a6e78
JH		 3943 mgmt_pending_remove(cmd);
3944
3945 return err;
3946}
3947
e6d465cb
AG		 3948int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3949{
3950 struct pending_cmd *cmd;
3951 int err;
3952
3953 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3954 if (!cmd)
3955 return -ENOENT;
3956
d930650b 3957 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3958 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3959 mgmt_pending_remove(cmd);
3960
3961 return err;
3962}
3963
744cf19e 3964int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3965{
f963e8e9 3966 struct mgmt_ev_discovering ev;
164a6e78
JH		 3967 struct pending_cmd *cmd;
3968
343fb145
AG		 3969 BT_DBG("%s discovering %u", hdev->name, discovering);
3970
164a6e78 3971 if (discovering)
2e58ef3e 3972 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3973 else
2e58ef3e 3974 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3975
3976 if (cmd != NULL) {
f808e166
JH		 3977 u8 type = hdev->discovery.type;
3978
04124681
GP		 3979 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3980 sizeof(type));
164a6e78
JH		 3981 mgmt_pending_remove(cmd);
3982 }
3983
f963e8e9
JH		 3984 memset(&ev, 0, sizeof(ev));
3985 ev.type = hdev->discovery.type;
3986 ev.discovering = discovering;
3987
3988 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3989}
5e762444 3990
88c1fe4b 3991int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3992{
3993 struct pending_cmd *cmd;
3994 struct mgmt_ev_device_blocked ev;
3995
2e58ef3e 3996 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3997
88c1fe4b
JH		 3998 bacpy(&ev.addr.bdaddr, bdaddr);
3999 ev.addr.type = type;
5e762444 4000
744cf19e 4001 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4002 cmd ? cmd->sk : NULL);
5e762444
AJ		 4003}
4004
88c1fe4b 4005int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4006{
4007 struct pending_cmd *cmd;
4008 struct mgmt_ev_device_unblocked ev;
4009
2e58ef3e 4010 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4011
88c1fe4b
JH		 4012 bacpy(&ev.addr.bdaddr, bdaddr);
4013 ev.addr.type = type;
5e762444 4014
744cf19e 4015 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4016 cmd ? cmd->sk : NULL);
5e762444 4017}
d7b7e796
MH		 4018
4019module_param(enable_hs, bool, 0644);
4020MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.43098 seconds and 5 git commands to generate.