projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove mgmt_valid_hdev() helper function
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
185static u8 mgmt_status(u8 hci_status)
186{
187 if (hci_status < ARRAY_SIZE(mgmt_status_table))
188 return mgmt_status_table[hci_status];
189
190 return MGMT_STATUS_FAILED;
191}
192
4e51eae9 193static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 194{
195 struct sk_buff *skb;
196 struct mgmt_hdr *hdr;
197 struct mgmt_ev_cmd_status *ev;
56b7d137 198 int err;
f7b64e69 199
34eb525c 200 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 201
790eff44 202 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 203 if (!skb)
204 return -ENOMEM;
205
206 hdr = (void *) skb_put(skb, sizeof(*hdr));
207
612dfce9 208 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 209 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 210 hdr->len = cpu_to_le16(sizeof(*ev));
211
212 ev = (void *) skb_put(skb, sizeof(*ev));
213 ev->status = status;
eb55ef07 214 ev->opcode = cpu_to_le16(cmd);
f7b64e69 215
56b7d137
GP		 216 err = sock_queue_rcv_skb(sk, skb);
217 if (err < 0)
f7b64e69
JH		 218 kfree_skb(skb);
219
56b7d137 220 return err;
f7b64e69
JH		 221}
222
aee9b218 223static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 224 void *rp, size_t rp_len)
02d98129
JH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228 struct mgmt_ev_cmd_complete *ev;
56b7d137 229 int err;
02d98129
JH		 230
231 BT_DBG("sock %p", sk);
232
790eff44 233 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 234 if (!skb)
235 return -ENOMEM;
236
237 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 238
612dfce9 239 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 240 hdr->index = cpu_to_le16(index);
a38528f1 241 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 242
a38528f1 243 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 244 ev->opcode = cpu_to_le16(cmd);
aee9b218 245 ev->status = status;
8020c16a
SJ		 246
247 if (rp)
248 memcpy(ev->data, rp, rp_len);
02d98129 249
56b7d137
GP		 250 err = sock_queue_rcv_skb(sk, skb);
251 if (err < 0)
02d98129
JH		 252 kfree_skb(skb);
253
e5f0e151 254 return err;
02d98129
JH		 255}
256
04124681
GP		 257static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
258 u16 data_len)
a38528f1
JH		 259{
260 struct mgmt_rp_read_version rp;
261
262 BT_DBG("sock %p", sk);
263
264 rp.version = MGMT_VERSION;
eb55ef07 265 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 266
aee9b218 267 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 268 sizeof(rp));
a38528f1
JH		 269}
270
04124681
GP		 271static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
e70bb2e8
JH		 273{
274 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 275 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 277 __le16 *opcode;
e70bb2e8
JH		 278 size_t rp_size;
279 int i, err;
280
281 BT_DBG("sock %p", sk);
282
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
284
285 rp = kmalloc(rp_size, GFP_KERNEL);
286 if (!rp)
287 return -ENOMEM;
288
eb55ef07
MH		 289 rp->num_commands = __constant_cpu_to_le16(num_commands);
290 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 291
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
294
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
297
aee9b218 298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 299 rp_size);
e70bb2e8
JH		 300 kfree(rp);
301
302 return err;
303}
304
04124681
GP		 305static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
306 u16 data_len)
faba42eb 307{
faba42eb 308 struct mgmt_rp_read_index_list *rp;
8035ded4 309 struct hci_dev *d;
a38528f1 310 size_t rp_len;
faba42eb 311 u16 count;
476e44cb 312 int err;
faba42eb
JH		 313
314 BT_DBG("sock %p", sk);
315
316 read_lock(&hci_dev_list_lock);
317
318 count = 0;
bb4b2a9a 319 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 320 if (d->dev_type == HCI_BREDR)
321 count++;
faba42eb
JH		 322 }
323
a38528f1
JH		 324 rp_len = sizeof(*rp) + (2 * count);
325 rp = kmalloc(rp_len, GFP_ATOMIC);
326 if (!rp) {
b2c60d42 327 read_unlock(&hci_dev_list_lock);
faba42eb 328 return -ENOMEM;
b2c60d42 329 }
faba42eb 330
476e44cb 331 count = 0;
8035ded4 332 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 333 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 334 continue;
335
0736cfa8
MH		 336 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
337 continue;
338
1514b892
MH		 339 if (d->dev_type == HCI_BREDR) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
342 }
faba42eb
JH		 343 }
344
476e44cb
JH		 345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
347
faba42eb
JH		 348 read_unlock(&hci_dev_list_lock);
349
aee9b218 350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 351 rp_len);
faba42eb 352
a38528f1
JH		 353 kfree(rp);
354
355 return err;
faba42eb
JH		 356}
357
69ab39ea
JH		 358static u32 get_supported_settings(struct hci_dev *hdev)
359{
360 u32 settings = 0;
361
362 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 363 settings |= MGMT_SETTING_PAIRABLE;
364
9a1a1996 365 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 366 settings |= MGMT_SETTING_SSP;
367
ed3fa31f 368 if (lmp_bredr_capable(hdev)) {
33c525c0 369 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 372 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 375 settings |= MGMT_SETTING_HS;
848566b3 376 }
d7b7e796 377
eeca6f89 378 if (lmp_le_capable(hdev)) {
9d42820f 379 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 380 settings |= MGMT_SETTING_ADVERTISING;
381 }
69ab39ea
JH		 382
383 return settings;
384}
385
386static u32 get_current_settings(struct hci_dev *hdev)
387{
388 u32 settings = 0;
389
f1f0eb02 390 if (hdev_is_powered(hdev))
f0d4b78a
MH		 391 settings |= MGMT_SETTING_POWERED;
392
5e5282bb 393 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 394 settings |= MGMT_SETTING_CONNECTABLE;
395
1a4d3c4b
JH		 396 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_FAST_CONNECTABLE;
398
5e5282bb 399 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 400 settings |= MGMT_SETTING_DISCOVERABLE;
401
a8b2d5c2 402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_PAIRABLE;
404
56f87901 405 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_BREDR;
407
06199cf8 408 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_LE;
410
47990ea0 411 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LINK_SECURITY;
413
84bde9d6 414 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_SSP;
416
6d80dfd0
JH		 417 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_HS;
419
f3d3444a 420 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 421 settings |= MGMT_SETTING_ADVERTISING;
422
69ab39ea
JH		 423 return settings;
424}
425
ef580372
JH		 426#define PNP_INFO_SVCLASS_ID 0x1200
427
213202ed
JH		 428static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
429{
430 u8 *ptr = data, *uuids_start = NULL;
431 struct bt_uuid *uuid;
432
433 if (len < 4)
434 return ptr;
435
436 list_for_each_entry(uuid, &hdev->uuids, list) {
437 u16 uuid16;
438
439 if (uuid->size != 16)
440 continue;
441
442 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
443 if (uuid16 < 0x1100)
444 continue;
445
446 if (uuid16 == PNP_INFO_SVCLASS_ID)
447 continue;
448
449 if (!uuids_start) {
450 uuids_start = ptr;
451 uuids_start[0] = 1;
452 uuids_start[1] = EIR_UUID16_ALL;
453 ptr += 2;
454 }
455
456 /* Stop if not enough space to put next UUID */
457 if ((ptr - data) + sizeof(u16) > len) {
458 uuids_start[1] = EIR_UUID16_SOME;
459 break;
460 }
461
462 *ptr++ = (uuid16 & 0x00ff);
463 *ptr++ = (uuid16 & 0xff00) >> 8;
464 uuids_start[0] += sizeof(uuid16);
465 }
466
467 return ptr;
468}
469
cdf1963f
JH		 470static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
471{
472 u8 *ptr = data, *uuids_start = NULL;
473 struct bt_uuid *uuid;
474
475 if (len < 6)
476 return ptr;
477
478 list_for_each_entry(uuid, &hdev->uuids, list) {
479 if (uuid->size != 32)
480 continue;
481
482 if (!uuids_start) {
483 uuids_start = ptr;
484 uuids_start[0] = 1;
485 uuids_start[1] = EIR_UUID32_ALL;
486 ptr += 2;
487 }
488
489 /* Stop if not enough space to put next UUID */
490 if ((ptr - data) + sizeof(u32) > len) {
491 uuids_start[1] = EIR_UUID32_SOME;
492 break;
493 }
494
495 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
496 ptr += sizeof(u32);
497 uuids_start[0] += sizeof(u32);
498 }
499
500 return ptr;
501}
502
c00d575b
JH		 503static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
504{
505 u8 *ptr = data, *uuids_start = NULL;
506 struct bt_uuid *uuid;
507
508 if (len < 18)
509 return ptr;
510
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 if (uuid->size != 128)
513 continue;
514
515 if (!uuids_start) {
516 uuids_start = ptr;
517 uuids_start[0] = 1;
518 uuids_start[1] = EIR_UUID128_ALL;
519 ptr += 2;
520 }
521
522 /* Stop if not enough space to put next UUID */
523 if ((ptr - data) + 16 > len) {
524 uuids_start[1] = EIR_UUID128_SOME;
525 break;
526 }
527
528 memcpy(ptr, uuid->uuid, 16);
529 ptr += 16;
530 uuids_start[0] += 16;
531 }
532
533 return ptr;
534}
535
ef580372
JH		 536static void create_eir(struct hci_dev *hdev, u8 *data)
537{
538 u8 *ptr = data;
ef580372
JH		 539 size_t name_len;
540
541 name_len = strlen(hdev->dev_name);
542
543 if (name_len > 0) {
544 /* EIR Data type */
545 if (name_len > 48) {
546 name_len = 48;
547 ptr[1] = EIR_NAME_SHORT;
548 } else
549 ptr[1] = EIR_NAME_COMPLETE;
550
551 /* EIR Data length */
552 ptr[0] = name_len + 1;
553
554 memcpy(ptr + 2, hdev->dev_name, name_len);
555
ef580372
JH		 556 ptr += (name_len + 2);
557 }
558
bbaf444a 559 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 560 ptr[0] = 2;
561 ptr[1] = EIR_TX_POWER;
562 ptr[2] = (u8) hdev->inq_tx_power;
563
91c4e9b1
MH		 564 ptr += 3;
565 }
566
2b9be137
MH		 567 if (hdev->devid_source > 0) {
568 ptr[0] = 9;
569 ptr[1] = EIR_DEVICE_ID;
570
571 put_unaligned_le16(hdev->devid_source, ptr + 2);
572 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
573 put_unaligned_le16(hdev->devid_product, ptr + 6);
574 put_unaligned_le16(hdev->devid_version, ptr + 8);
575
2b9be137
MH		 576 ptr += 10;
577 }
578
213202ed 579 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 580 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 581 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 582}
583
890ea898 584static void update_eir(struct hci_request *req)
ef580372 585{
890ea898 586 struct hci_dev *hdev = req->hdev;
ef580372
JH		 587 struct hci_cp_write_eir cp;
588
504c8dcd 589 if (!hdev_is_powered(hdev))
890ea898 590 return;
7770c4aa 591
976eb20e 592 if (!lmp_ext_inq_capable(hdev))
890ea898 593 return;
ef580372 594
84bde9d6 595 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 596 return;
ef580372 597
a8b2d5c2 598 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 599 return;
ef580372
JH		 600
601 memset(&cp, 0, sizeof(cp));
602
603 create_eir(hdev, cp.data);
604
605 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 606 return;
ef580372
JH		 607
608 memcpy(hdev->eir, cp.data, sizeof(cp.data));
609
890ea898 610 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 611}
612
613static u8 get_service_classes(struct hci_dev *hdev)
614{
615 struct bt_uuid *uuid;
616 u8 val = 0;
617
618 list_for_each_entry(uuid, &hdev->uuids, list)
619 val |= uuid->svc_hint;
620
621 return val;
622}
623
890ea898 624static void update_class(struct hci_request *req)
ef580372 625{
890ea898 626 struct hci_dev *hdev = req->hdev;
ef580372
JH		 627 u8 cod[3];
628
629 BT_DBG("%s", hdev->name);
630
504c8dcd 631 if (!hdev_is_powered(hdev))
890ea898 632 return;
7770c4aa 633
a8b2d5c2 634 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 635 return;
ef580372
JH		 636
637 cod[0] = hdev->minor_class;
638 cod[1] = hdev->major_class;
639 cod[2] = get_service_classes(hdev);
640
641 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 642 return;
ef580372 643
890ea898 644 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 645}
646
7d78525d
JH		 647static void service_cache_off(struct work_struct *work)
648{
649 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 650 service_cache.work);
890ea898 651 struct hci_request req;
7d78525d 652
a8b2d5c2 653 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 654 return;
655
890ea898
JH		 656 hci_req_init(&req, hdev);
657
7d78525d
JH		 658 hci_dev_lock(hdev);
659
890ea898
JH		 660 update_eir(&req);
661 update_class(&req);
7d78525d
JH		 662
663 hci_dev_unlock(hdev);
890ea898
JH		 664
665 hci_req_run(&req, NULL);
7d78525d
JH		 666}
667
6a919082 668static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 669{
4f87da80 670 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 671 return;
672
4f87da80 673 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 674
4f87da80
JH		 675 /* Non-mgmt controlled devices get this bit set
676 * implicitly so that pairing works for them, however
677 * for mgmt we require user-space to explicitly enable
678 * it
679 */
680 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 681}
682
0f4e68cf 683static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 684 void *data, u16 data_len)
0381101f 685{
a38528f1 686 struct mgmt_rp_read_info rp;
f7b64e69 687
bdb6d971 688 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 689
09fd0de5 690 hci_dev_lock(hdev);
f7b64e69 691
dc4fe30b
JH		 692 memset(&rp, 0, sizeof(rp));
693
69ab39ea 694 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 695
69ab39ea 696 rp.version = hdev->hci_ver;
eb55ef07 697 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 698
699 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
700 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 701
a38528f1 702 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 703
dc4fe30b 704 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 705 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 706
09fd0de5 707 hci_dev_unlock(hdev);
0381101f 708
bdb6d971 709 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 710 sizeof(rp));
0381101f
JH		 711}
712
eec8d2bc
JH		 713static void mgmt_pending_free(struct pending_cmd *cmd)
714{
715 sock_put(cmd->sk);
c68fb7ff 716 kfree(cmd->param);
eec8d2bc
JH		 717 kfree(cmd);
718}
719
366a0336 720static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 721 struct hci_dev *hdev, void *data,
722 u16 len)
eec8d2bc
JH		 723{
724 struct pending_cmd *cmd;
725
12b94565 726 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 727 if (!cmd)
366a0336 728 return NULL;
eec8d2bc
JH		 729
730 cmd->opcode = opcode;
2e58ef3e 731 cmd->index = hdev->id;
eec8d2bc 732
12b94565 733 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 734 if (!cmd->param) {
eec8d2bc 735 kfree(cmd);
366a0336 736 return NULL;
eec8d2bc
JH		 737 }
738
8fce6357
SJ		 739 if (data)
740 memcpy(cmd->param, data, len);
eec8d2bc
JH		 741
742 cmd->sk = sk;
743 sock_hold(sk);
744
2e58ef3e 745 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 746
366a0336 747 return cmd;
eec8d2bc
JH		 748}
749
744cf19e 750static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 751 void (*cb)(struct pending_cmd *cmd,
752 void *data),
04124681 753 void *data)
eec8d2bc 754{
a3d09356 755 struct pending_cmd *cmd, *tmp;
eec8d2bc 756
a3d09356 757 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 758 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 759 continue;
760
eec8d2bc
JH		 761 cb(cmd, data);
762 }
763}
764
2e58ef3e 765static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 766{
8035ded4 767 struct pending_cmd *cmd;
eec8d2bc 768
2e58ef3e 769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 770 if (cmd->opcode == opcode)
771 return cmd;
eec8d2bc
JH		 772 }
773
774 return NULL;
775}
776
a664b5bc 777static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 778{
73f22f62
JH		 779 list_del(&cmd->list);
780 mgmt_pending_free(cmd);
781}
782
69ab39ea 783static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 784{
69ab39ea 785 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 786
aee9b218 787 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 788 sizeof(settings));
8680570b
JH		 789}
790
bdb6d971 791static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 792 u16 len)
eec8d2bc 793{
650f726d 794 struct mgmt_mode *cp = data;
366a0336 795 struct pending_cmd *cmd;
4b34ee78 796 int err;
eec8d2bc 797
bdb6d971 798 BT_DBG("request for %s", hdev->name);
eec8d2bc 799
a7e80f25
JH		 800 if (cp->val != 0x00 && cp->val != 0x01)
801 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 MGMT_STATUS_INVALID_PARAMS);
803
09fd0de5 804 hci_dev_lock(hdev);
eec8d2bc 805
87b95ba6
JH		 806 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 MGMT_STATUS_BUSY);
809 goto failed;
810 }
811
f0d4b78a
MH		 812 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
813 cancel_delayed_work(&hdev->power_off);
814
815 if (cp->val) {
a1d70450
JH		 816 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
817 data, len);
818 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 819 goto failed;
820 }
821 }
822
4b34ee78 823 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 824 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 825 goto failed;
826 }
827
2e58ef3e 828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 829 if (!cmd) {
830 err = -ENOMEM;
eec8d2bc 831 goto failed;
366a0336 832 }
eec8d2bc 833
72a734ec 834 if (cp->val)
19202573 835 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 836 else
19202573 837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 838
366a0336 839 err = 0;
eec8d2bc
JH		 840
841failed:
09fd0de5 842 hci_dev_unlock(hdev);
366a0336 843 return err;
eec8d2bc
JH		 844}
845
04124681
GP		 846static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
847 struct sock *skip_sk)
beadb2bd
JH		 848{
849 struct sk_buff *skb;
850 struct mgmt_hdr *hdr;
851
790eff44 852 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 853 if (!skb)
854 return -ENOMEM;
855
856 hdr = (void *) skb_put(skb, sizeof(*hdr));
857 hdr->opcode = cpu_to_le16(event);
858 if (hdev)
859 hdr->index = cpu_to_le16(hdev->id);
860 else
612dfce9 861 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 862 hdr->len = cpu_to_le16(data_len);
863
864 if (data)
865 memcpy(skb_put(skb, data_len), data, data_len);
866
97e0bdeb
MH		 867 /* Time stamp */
868 __net_timestamp(skb);
869
beadb2bd
JH		 870 hci_send_to_control(skb, skip_sk);
871 kfree_skb(skb);
872
873 return 0;
874}
875
876static int new_settings(struct hci_dev *hdev, struct sock *skip)
877{
878 __le32 ev;
879
880 ev = cpu_to_le32(get_current_settings(hdev));
881
882 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
883}
884
bd99abdd
JH		 885struct cmd_lookup {
886 struct sock *sk;
887 struct hci_dev *hdev;
888 u8 mgmt_status;
889};
890
891static void settings_rsp(struct pending_cmd *cmd, void *data)
892{
893 struct cmd_lookup *match = data;
894
895 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
896
897 list_del(&cmd->list);
898
899 if (match->sk == NULL) {
900 match->sk = cmd->sk;
901 sock_hold(match->sk);
902 }
903
904 mgmt_pending_free(cmd);
905}
906
907static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
908{
909 u8 *status = data;
910
911 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
912 mgmt_pending_remove(cmd);
913}
914
e6fe7986
JH		 915static u8 mgmt_bredr_support(struct hci_dev *hdev)
916{
917 if (!lmp_bredr_capable(hdev))
918 return MGMT_STATUS_NOT_SUPPORTED;
919 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
920 return MGMT_STATUS_REJECTED;
921 else
922 return MGMT_STATUS_SUCCESS;
923}
924
925static u8 mgmt_le_support(struct hci_dev *hdev)
926{
927 if (!lmp_le_capable(hdev))
928 return MGMT_STATUS_NOT_SUPPORTED;
929 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
930 return MGMT_STATUS_REJECTED;
931 else
932 return MGMT_STATUS_SUCCESS;
933}
934
bdb6d971 935static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 936 u16 len)
73f22f62 937{
650f726d 938 struct mgmt_cp_set_discoverable *cp = data;
366a0336 939 struct pending_cmd *cmd;
5e5282bb 940 u16 timeout;
e6fe7986 941 u8 scan, status;
73f22f62
JH		 942 int err;
943
bdb6d971 944 BT_DBG("request for %s", hdev->name);
73f22f62 945
e6fe7986
JH		 946 status = mgmt_bredr_support(hdev);
947 if (status)
33c525c0 948 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 949 status);
33c525c0 950
a7e80f25
JH		 951 if (cp->val != 0x00 && cp->val != 0x01)
952 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
953 MGMT_STATUS_INVALID_PARAMS);
954
1f350c87 955 timeout = __le16_to_cpu(cp->timeout);
24c54a90 956 if (!cp->val && timeout > 0)
bdb6d971 957 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 958 MGMT_STATUS_INVALID_PARAMS);
73f22f62 959
09fd0de5 960 hci_dev_lock(hdev);
73f22f62 961
5e5282bb 962 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 964 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 965 goto failed;
966 }
967
2e58ef3e 968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 971 MGMT_STATUS_BUSY);
73f22f62
JH		 972 goto failed;
973 }
974
5e5282bb 975 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 977 MGMT_STATUS_REJECTED);
5e5282bb
JH		 978 goto failed;
979 }
980
981 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 982 bool changed = false;
983
984 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
985 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
986 changed = true;
987 }
988
5e5282bb 989 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 990 if (err < 0)
991 goto failed;
992
993 if (changed)
994 err = new_settings(hdev, sk);
995
5e5282bb
JH		 996 goto failed;
997 }
998
999 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1000 if (hdev->discov_timeout > 0) {
1001 cancel_delayed_work(&hdev->discov_off);
1002 hdev->discov_timeout = 0;
1003 }
1004
1005 if (cp->val && timeout > 0) {
1006 hdev->discov_timeout = timeout;
1007 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1008 msecs_to_jiffies(hdev->discov_timeout * 1000));
1009 }
1010
69ab39ea 1011 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1012 goto failed;
1013 }
1014
2e58ef3e 1015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1016 if (!cmd) {
1017 err = -ENOMEM;
73f22f62 1018 goto failed;
366a0336 1019 }
73f22f62
JH		 1020
1021 scan = SCAN_PAGE;
1022
72a734ec 1023 if (cp->val)
73f22f62 1024 scan |= SCAN_INQUIRY;
16ab91ab 1025 else
e0f9309f 1026 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1027
1028 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 if (err < 0)
a664b5bc 1030 mgmt_pending_remove(cmd);
73f22f62 1031
16ab91ab 1032 if (cp->val)
5e5282bb 1033 hdev->discov_timeout = timeout;
16ab91ab 1034
73f22f62 1035failed:
09fd0de5 1036 hci_dev_unlock(hdev);
73f22f62
JH		 1037 return err;
1038}
1039
406d7804
JH		 1040static void write_fast_connectable(struct hci_request *req, bool enable)
1041{
bd98b996 1042 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1043 struct hci_cp_write_page_scan_activity acp;
1044 u8 type;
1045
4c01f8b8
JH		 1046 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1047 return;
1048
406d7804
JH		 1049 if (enable) {
1050 type = PAGE_SCAN_TYPE_INTERLACED;
1051
1052 /* 160 msec page scan interval */
1053 acp.interval = __constant_cpu_to_le16(0x0100);
1054 } else {
1055 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1056
1057 /* default 1.28 sec page scan */
1058 acp.interval = __constant_cpu_to_le16(0x0800);
1059 }
1060
1061 acp.window = __constant_cpu_to_le16(0x0012);
1062
bd98b996
JH		 1063 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1064 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1065 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1066 sizeof(acp), &acp);
1067
1068 if (hdev->page_scan_type != type)
1069 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1070}
1071
2b76f453
JH		 1072static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1073{
1074 struct pending_cmd *cmd;
1075
1076 BT_DBG("status 0x%02x", status);
1077
1078 hci_dev_lock(hdev);
1079
1080 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1081 if (!cmd)
1082 goto unlock;
1083
1084 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1085
1086 mgmt_pending_remove(cmd);
1087
1088unlock:
1089 hci_dev_unlock(hdev);
1090}
1091
bdb6d971 1092static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1093 u16 len)
9fbcbb45 1094{
650f726d 1095 struct mgmt_mode *cp = data;
366a0336 1096 struct pending_cmd *cmd;
2b76f453 1097 struct hci_request req;
e6fe7986 1098 u8 scan, status;
9fbcbb45
JH		 1099 int err;
1100
bdb6d971 1101 BT_DBG("request for %s", hdev->name);
9fbcbb45 1102
e6fe7986
JH		 1103 status = mgmt_bredr_support(hdev);
1104 if (status)
33c525c0 1105 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1106 status);
33c525c0 1107
a7e80f25
JH		 1108 if (cp->val != 0x00 && cp->val != 0x01)
1109 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1110 MGMT_STATUS_INVALID_PARAMS);
1111
09fd0de5 1112 hci_dev_lock(hdev);
9fbcbb45 1113
4b34ee78 1114 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1115 bool changed = false;
1116
1117 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1118 changed = true;
1119
6bf0e469 1120 if (cp->val) {
5e5282bb 1121 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1122 } else {
5e5282bb
JH		 1123 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1124 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1125 }
0224d2fa 1126
5e5282bb 1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1128 if (err < 0)
1129 goto failed;
1130
1131 if (changed)
1132 err = new_settings(hdev, sk);
1133
9fbcbb45
JH		 1134 goto failed;
1135 }
1136
2e58ef3e 1137 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1138 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1140 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1141 goto failed;
1142 }
1143
5e5282bb 1144 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1145 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1146 goto failed;
1147 }
1148
2e58ef3e 1149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1150 if (!cmd) {
1151 err = -ENOMEM;
9fbcbb45 1152 goto failed;
366a0336 1153 }
9fbcbb45 1154
6bf0e469 1155 if (cp->val) {
9fbcbb45 1156 scan = SCAN_PAGE;
6bf0e469 1157 } else {
9fbcbb45
JH		 1158 scan = 0;
1159
df2c6c5e 1160 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1161 hdev->discov_timeout > 0)
df2c6c5e
JH		 1162 cancel_delayed_work(&hdev->discov_off);
1163 }
1164
2b76f453
JH		 1165 hci_req_init(&req, hdev);
1166
1167 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1168
4c01f8b8
JH		 1169 /* If we're going from non-connectable to connectable or
1170 * vice-versa when fast connectable is enabled ensure that fast
1171 * connectable gets disabled. write_fast_connectable won't do
1172 * anything if the page scan parameters are already what they
1173 * should be.
1174 */
1175 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1176 write_fast_connectable(&req, false);
1177
2b76f453 1178 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1179 if (err < 0)
a664b5bc 1180 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1181
1182failed:
09fd0de5 1183 hci_dev_unlock(hdev);
9fbcbb45
JH		 1184 return err;
1185}
1186
bdb6d971 1187static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1188 u16 len)
c542a06c 1189{
650f726d 1190 struct mgmt_mode *cp = data;
c542a06c
JH		 1191 int err;
1192
bdb6d971 1193 BT_DBG("request for %s", hdev->name);
c542a06c 1194
a7e80f25
JH		 1195 if (cp->val != 0x00 && cp->val != 0x01)
1196 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1197 MGMT_STATUS_INVALID_PARAMS);
1198
09fd0de5 1199 hci_dev_lock(hdev);
c542a06c
JH		 1200
1201 if (cp->val)
a8b2d5c2 1202 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1203 else
a8b2d5c2 1204 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1205
69ab39ea 1206 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1207 if (err < 0)
1208 goto failed;
1209
beadb2bd 1210 err = new_settings(hdev, sk);
c542a06c
JH		 1211
1212failed:
09fd0de5 1213 hci_dev_unlock(hdev);
c542a06c
JH		 1214 return err;
1215}
1216
04124681
GP		 1217static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1218 u16 len)
33ef95ed
JH		 1219{
1220 struct mgmt_mode *cp = data;
1221 struct pending_cmd *cmd;
e6fe7986 1222 u8 val, status;
33ef95ed
JH		 1223 int err;
1224
bdb6d971 1225 BT_DBG("request for %s", hdev->name);
33ef95ed 1226
e6fe7986
JH		 1227 status = mgmt_bredr_support(hdev);
1228 if (status)
33c525c0 1229 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1230 status);
33c525c0 1231
a7e80f25
JH		 1232 if (cp->val != 0x00 && cp->val != 0x01)
1233 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1234 MGMT_STATUS_INVALID_PARAMS);
1235
33ef95ed
JH		 1236 hci_dev_lock(hdev);
1237
4b34ee78 1238 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1239 bool changed = false;
1240
1241 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1242 &hdev->dev_flags)) {
47990ea0
JH		 1243 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1244 changed = true;
1245 }
1246
1247 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1248 if (err < 0)
1249 goto failed;
1250
1251 if (changed)
1252 err = new_settings(hdev, sk);
1253
33ef95ed
JH		 1254 goto failed;
1255 }
1256
1257 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1258 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1259 MGMT_STATUS_BUSY);
33ef95ed
JH		 1260 goto failed;
1261 }
1262
1263 val = !!cp->val;
1264
1265 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1266 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1267 goto failed;
1268 }
1269
1270 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1271 if (!cmd) {
1272 err = -ENOMEM;
1273 goto failed;
1274 }
1275
1276 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1277 if (err < 0) {
1278 mgmt_pending_remove(cmd);
1279 goto failed;
1280 }
1281
1282failed:
1283 hci_dev_unlock(hdev);
33ef95ed
JH		 1284 return err;
1285}
1286
bdb6d971 1287static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1288{
1289 struct mgmt_mode *cp = data;
1290 struct pending_cmd *cmd;
cdba5281 1291 u8 val, status;
ed2c4ee3
JH		 1292 int err;
1293
bdb6d971 1294 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1295
cdba5281
MH		 1296 status = mgmt_bredr_support(hdev);
1297 if (status)
1298 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1299
13ecd8b6
JH		 1300 if (!lmp_ssp_capable(hdev))
1301 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1302 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1303
a7e80f25
JH		 1304 if (cp->val != 0x00 && cp->val != 0x01)
1305 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1306 MGMT_STATUS_INVALID_PARAMS);
1307
13ecd8b6 1308 hci_dev_lock(hdev);
6c8f12c1 1309
c0ecddc2
JH		 1310 val = !!cp->val;
1311
4b34ee78 1312 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1313 bool changed = false;
1314
1315 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1316 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1317 changed = true;
1318 }
1319
1320 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1321 if (err < 0)
1322 goto failed;
1323
1324 if (changed)
1325 err = new_settings(hdev, sk);
1326
ed2c4ee3
JH		 1327 goto failed;
1328 }
1329
1330 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1331 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1332 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1333 goto failed;
1334 }
1335
ed2c4ee3
JH		 1336 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1337 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1338 goto failed;
1339 }
1340
1341 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1342 if (!cmd) {
1343 err = -ENOMEM;
1344 goto failed;
1345 }
1346
1347 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1348 if (err < 0) {
1349 mgmt_pending_remove(cmd);
1350 goto failed;
1351 }
1352
1353failed:
1354 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1355 return err;
1356}
1357
bdb6d971 1358static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1359{
1360 struct mgmt_mode *cp = data;
ee392693 1361 bool changed;
e6fe7986 1362 u8 status;
ee392693 1363 int err;
6d80dfd0 1364
bdb6d971 1365 BT_DBG("request for %s", hdev->name);
6d80dfd0 1366
e6fe7986
JH		 1367 status = mgmt_bredr_support(hdev);
1368 if (status)
1369 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1370
a7e80f25
JH		 1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1373 MGMT_STATUS_INVALID_PARAMS);
1374
ee392693
MH		 1375 hci_dev_lock(hdev);
1376
a0cdf960 1377 if (cp->val) {
ee392693 1378 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1379 } else {
1380 if (hdev_is_powered(hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1382 MGMT_STATUS_REJECTED);
1383 goto unlock;
1384 }
1385
ee392693 1386 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1387 }
ee392693
MH		 1388
1389 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1390 if (err < 0)
1391 goto unlock;
1392
1393 if (changed)
1394 err = new_settings(hdev, sk);
6d80dfd0 1395
ee392693
MH		 1396unlock:
1397 hci_dev_unlock(hdev);
1398 return err;
6d80dfd0
JH		 1399}
1400
bba3aa55
MH		 1401static void enable_advertising(struct hci_request *req)
1402{
b4faf300
MH		 1403 struct hci_dev *hdev = req->hdev;
1404 struct hci_cp_le_set_adv_param cp;
1405 u8 enable = 0x01;
1406
1407 memset(&cp, 0, sizeof(cp));
1408 cp.min_interval = __constant_cpu_to_le16(0x0800);
1409 cp.max_interval = __constant_cpu_to_le16(0x0800);
1410 cp.type = LE_ADV_IND;
1411 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1412 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1413 else
1414 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1415 cp.channel_map = 0x07;
1416
1417 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
bba3aa55 1418
b4faf300 1419 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1420}
1421
1422static void disable_advertising(struct hci_request *req)
1423{
b4faf300 1424 u8 enable = 0x00;
bba3aa55 1425
b4faf300 1426 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1427}
1428
416a4ae5
JH		 1429static void le_enable_complete(struct hci_dev *hdev, u8 status)
1430{
1431 struct cmd_lookup match = { NULL, hdev };
1432
1433 if (status) {
1434 u8 mgmt_err = mgmt_status(status);
1435
1436 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1437 &mgmt_err);
1438 return;
1439 }
1440
1441 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1442
1443 new_settings(hdev, match.sk);
1444
1445 if (match.sk)
1446 sock_put(match.sk);
1447}
1448
bdb6d971 1449static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1450{
1451 struct mgmt_mode *cp = data;
1452 struct hci_cp_write_le_host_supported hci_cp;
1453 struct pending_cmd *cmd;
416a4ae5 1454 struct hci_request req;
06199cf8 1455 int err;
0b60eba1 1456 u8 val, enabled;
06199cf8 1457
bdb6d971 1458 BT_DBG("request for %s", hdev->name);
06199cf8 1459
13ecd8b6
JH		 1460 if (!lmp_le_capable(hdev))
1461 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1462 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1463
a7e80f25
JH		 1464 if (cp->val != 0x00 && cp->val != 0x01)
1465 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1466 MGMT_STATUS_INVALID_PARAMS);
1467
c73eee91 1468 /* LE-only devices do not allow toggling LE on/off */
56f87901 1469 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1470 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1471 MGMT_STATUS_REJECTED);
1472
13ecd8b6 1473 hci_dev_lock(hdev);
06199cf8
JH		 1474
1475 val = !!cp->val;
ffa88e02 1476 enabled = lmp_host_le_capable(hdev);
06199cf8 1477
0b60eba1 1478 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1479 bool changed = false;
1480
1481 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1482 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1483 changed = true;
1484 }
1485
f3d3444a
JH		 1486 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1487 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1488 changed = true;
1489 }
1490
06199cf8
JH		 1491 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1492 if (err < 0)
1de028ce 1493 goto unlock;
06199cf8
JH		 1494
1495 if (changed)
1496 err = new_settings(hdev, sk);
1497
1de028ce 1498 goto unlock;
06199cf8
JH		 1499 }
1500
4375f103
JH		 1501 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1502 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1503 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1504 MGMT_STATUS_BUSY);
1de028ce 1505 goto unlock;
06199cf8
JH		 1506 }
1507
1508 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1509 if (!cmd) {
1510 err = -ENOMEM;
1de028ce 1511 goto unlock;
06199cf8
JH		 1512 }
1513
1514 memset(&hci_cp, 0, sizeof(hci_cp));
1515
1516 if (val) {
1517 hci_cp.le = val;
ffa88e02 1518 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1519 }
1520
416a4ae5
JH		 1521 hci_req_init(&req, hdev);
1522
bba3aa55
MH		 1523 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1524 disable_advertising(&req);
eeca6f89 1525
416a4ae5
JH		 1526 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1527 &hci_cp);
1528
1529 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1530 if (err < 0)
06199cf8 1531 mgmt_pending_remove(cmd);
06199cf8 1532
1de028ce
JH		 1533unlock:
1534 hci_dev_unlock(hdev);
06199cf8
JH		 1535 return err;
1536}
1537
0cab9c80
JH		 1538/* This is a helper function to test for pending mgmt commands that can
1539 * cause CoD or EIR HCI commands. We can only allow one such pending
1540 * mgmt command at a time since otherwise we cannot easily track what
1541 * the current values are, will be, and based on that calculate if a new
1542 * HCI command needs to be sent and if yes with what value.
1543 */
1544static bool pending_eir_or_class(struct hci_dev *hdev)
1545{
1546 struct pending_cmd *cmd;
1547
1548 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1549 switch (cmd->opcode) {
1550 case MGMT_OP_ADD_UUID:
1551 case MGMT_OP_REMOVE_UUID:
1552 case MGMT_OP_SET_DEV_CLASS:
1553 case MGMT_OP_SET_POWERED:
1554 return true;
1555 }
1556 }
1557
1558 return false;
1559}
1560
83be8eca
JH		 1561static const u8 bluetooth_base_uuid[] = {
1562 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1564};
1565
1566static u8 get_uuid_size(const u8 *uuid)
1567{
1568 u32 val;
1569
1570 if (memcmp(uuid, bluetooth_base_uuid, 12))
1571 return 128;
1572
1573 val = get_unaligned_le32(&uuid[12]);
1574 if (val > 0xffff)
1575 return 32;
1576
1577 return 16;
1578}
1579
92da6097
JH		 1580static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1581{
1582 struct pending_cmd *cmd;
1583
1584 hci_dev_lock(hdev);
1585
1586 cmd = mgmt_pending_find(mgmt_op, hdev);
1587 if (!cmd)
1588 goto unlock;
1589
1590 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1591 hdev->dev_class, 3);
1592
1593 mgmt_pending_remove(cmd);
1594
1595unlock:
1596 hci_dev_unlock(hdev);
1597}
1598
1599static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1600{
1601 BT_DBG("status 0x%02x", status);
1602
1603 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1604}
1605
bdb6d971 1606static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1607{
650f726d 1608 struct mgmt_cp_add_uuid *cp = data;
90e70454 1609 struct pending_cmd *cmd;
890ea898 1610 struct hci_request req;
2aeb9a1a 1611 struct bt_uuid *uuid;
2aeb9a1a
JH		 1612 int err;
1613
bdb6d971 1614 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1615
09fd0de5 1616 hci_dev_lock(hdev);
2aeb9a1a 1617
0cab9c80 1618 if (pending_eir_or_class(hdev)) {
bdb6d971 1619 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1620 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1621 goto failed;
1622 }
1623
92c4c204 1624 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1625 if (!uuid) {
1626 err = -ENOMEM;
1627 goto failed;
1628 }
1629
1630 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1631 uuid->svc_hint = cp->svc_hint;
83be8eca 1632 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1633
de66aa63 1634 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1635
890ea898 1636 hci_req_init(&req, hdev);
1aff6f09 1637
890ea898
JH		 1638 update_class(&req);
1639 update_eir(&req);
1640
92da6097
JH		 1641 err = hci_req_run(&req, add_uuid_complete);
1642 if (err < 0) {
1643 if (err != -ENODATA)
1644 goto failed;
80a1e1db 1645
bdb6d971 1646 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1647 hdev->dev_class, 3);
90e70454
JH		 1648 goto failed;
1649 }
1650
1651 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1652 if (!cmd) {
90e70454 1653 err = -ENOMEM;
890ea898
JH		 1654 goto failed;
1655 }
1656
1657 err = 0;
2aeb9a1a
JH		 1658
1659failed:
09fd0de5 1660 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1661 return err;
1662}
1663
24b78d0f
JH		 1664static bool enable_service_cache(struct hci_dev *hdev)
1665{
1666 if (!hdev_is_powered(hdev))
1667 return false;
1668
1669 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1670 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1671 CACHE_TIMEOUT);
24b78d0f
JH		 1672 return true;
1673 }
1674
1675 return false;
1676}
1677
92da6097
JH		 1678static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1679{
1680 BT_DBG("status 0x%02x", status);
1681
1682 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1683}
1684
bdb6d971 1685static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1686 u16 len)
2aeb9a1a 1687{
650f726d 1688 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1689 struct pending_cmd *cmd;
056341c8 1690 struct bt_uuid *match, *tmp;
2aeb9a1a 1691 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1692 struct hci_request req;
2aeb9a1a
JH		 1693 int err, found;
1694
bdb6d971 1695 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1696
09fd0de5 1697 hci_dev_lock(hdev);
2aeb9a1a 1698
0cab9c80 1699 if (pending_eir_or_class(hdev)) {
bdb6d971 1700 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1701 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1702 goto unlock;
1703 }
1704
2aeb9a1a
JH		 1705 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1706 err = hci_uuids_clear(hdev);
4004b6d9 1707
24b78d0f 1708 if (enable_service_cache(hdev)) {
bdb6d971 1709 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1710 0, hdev->dev_class, 3);
24b78d0f
JH		 1711 goto unlock;
1712 }
4004b6d9 1713
9246a869 1714 goto update_class;
2aeb9a1a
JH		 1715 }
1716
1717 found = 0;
1718
056341c8 1719 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1720 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1721 continue;
1722
1723 list_del(&match->list);
482049f7 1724 kfree(match);
2aeb9a1a
JH		 1725 found++;
1726 }
1727
1728 if (found == 0) {
bdb6d971 1729 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1730 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1731 goto unlock;
1732 }
1733
9246a869 1734update_class:
890ea898 1735 hci_req_init(&req, hdev);
1aff6f09 1736
890ea898
JH		 1737 update_class(&req);
1738 update_eir(&req);
1739
92da6097
JH		 1740 err = hci_req_run(&req, remove_uuid_complete);
1741 if (err < 0) {
1742 if (err != -ENODATA)
1743 goto unlock;
80a1e1db 1744
bdb6d971 1745 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1746 hdev->dev_class, 3);
90e70454
JH		 1747 goto unlock;
1748 }
1749
1750 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1751 if (!cmd) {
90e70454 1752 err = -ENOMEM;
890ea898
JH		 1753 goto unlock;
1754 }
1755
1756 err = 0;
2aeb9a1a
JH		 1757
1758unlock:
09fd0de5 1759 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1760 return err;
1761}
1762
92da6097
JH		 1763static void set_class_complete(struct hci_dev *hdev, u8 status)
1764{
1765 BT_DBG("status 0x%02x", status);
1766
1767 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1768}
1769
bdb6d971 1770static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1771 u16 len)
1aff6f09 1772{
650f726d 1773 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1774 struct pending_cmd *cmd;
890ea898 1775 struct hci_request req;
1aff6f09
JH		 1776 int err;
1777
bdb6d971 1778 BT_DBG("request for %s", hdev->name);
1aff6f09 1779
6203fc98 1780 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1781 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1782 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1783
0cab9c80 1784 hci_dev_lock(hdev);
ee98f473 1785
0cab9c80
JH		 1786 if (pending_eir_or_class(hdev)) {
1787 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1788 MGMT_STATUS_BUSY);
1789 goto unlock;
1790 }
c95f0ba7 1791
0cab9c80
JH		 1792 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1793 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1794 MGMT_STATUS_INVALID_PARAMS);
1795 goto unlock;
1796 }
575b3a02 1797
932f5ff5
JH		 1798 hdev->major_class = cp->major;
1799 hdev->minor_class = cp->minor;
1800
b5235a65 1801 if (!hdev_is_powered(hdev)) {
bdb6d971 1802 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1803 hdev->dev_class, 3);
b5235a65
JH		 1804 goto unlock;
1805 }
1806
890ea898
JH		 1807 hci_req_init(&req, hdev);
1808
a8b2d5c2 1809 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1810 hci_dev_unlock(hdev);
1811 cancel_delayed_work_sync(&hdev->service_cache);
1812 hci_dev_lock(hdev);
890ea898 1813 update_eir(&req);
7d78525d 1814 }
14c0b608 1815
890ea898
JH		 1816 update_class(&req);
1817
92da6097
JH		 1818 err = hci_req_run(&req, set_class_complete);
1819 if (err < 0) {
1820 if (err != -ENODATA)
1821 goto unlock;
1aff6f09 1822
bdb6d971 1823 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1824 hdev->dev_class, 3);
90e70454
JH		 1825 goto unlock;
1826 }
1827
1828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1829 if (!cmd) {
90e70454 1830 err = -ENOMEM;
890ea898
JH		 1831 goto unlock;
1832 }
1833
1834 err = 0;
1aff6f09 1835
b5235a65 1836unlock:
09fd0de5 1837 hci_dev_unlock(hdev);
1aff6f09
JH		 1838 return err;
1839}
1840
bdb6d971 1841static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1842 u16 len)
55ed8ca1 1843{
650f726d 1844 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1845 u16 key_count, expected_len;
a492cd52 1846 int i;
55ed8ca1 1847
9060d5cf
MH		 1848 BT_DBG("request for %s", hdev->name);
1849
1850 if (!lmp_bredr_capable(hdev))
1851 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1852 MGMT_STATUS_NOT_SUPPORTED);
1853
1f350c87 1854 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1855
86742e1e
JH		 1856 expected_len = sizeof(*cp) + key_count *
1857 sizeof(struct mgmt_link_key_info);
a492cd52 1858 if (expected_len != len) {
86742e1e 1859 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1860 len, expected_len);
bdb6d971 1861 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1862 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1863 }
1864
4ae14301
JH		 1865 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1866 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1867 MGMT_STATUS_INVALID_PARAMS);
1868
bdb6d971 1869 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1870 key_count);
55ed8ca1 1871
4ee71b20
JH		 1872 for (i = 0; i < key_count; i++) {
1873 struct mgmt_link_key_info *key = &cp->keys[i];
1874
1875 if (key->addr.type != BDADDR_BREDR)
1876 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1877 MGMT_STATUS_INVALID_PARAMS);
1878 }
1879
09fd0de5 1880 hci_dev_lock(hdev);
55ed8ca1
JH		 1881
1882 hci_link_keys_clear(hdev);
1883
55ed8ca1 1884 if (cp->debug_keys)
a8b2d5c2 1885 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1886 else
a8b2d5c2 1887 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1888
a492cd52 1889 for (i = 0; i < key_count; i++) {
86742e1e 1890 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1891
d753fdc4 1892 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1893 key->type, key->pin_len);
55ed8ca1
JH		 1894 }
1895
bdb6d971 1896 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1897
09fd0de5 1898 hci_dev_unlock(hdev);
55ed8ca1 1899
a492cd52 1900 return 0;
55ed8ca1
JH		 1901}
1902
b1078ad0 1903static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1904 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1905{
1906 struct mgmt_ev_device_unpaired ev;
1907
1908 bacpy(&ev.addr.bdaddr, bdaddr);
1909 ev.addr.type = addr_type;
1910
1911 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1912 skip_sk);
b1078ad0
JH		 1913}
1914
bdb6d971 1915static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1916 u16 len)
55ed8ca1 1917{
124f6e35
JH		 1918 struct mgmt_cp_unpair_device *cp = data;
1919 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1920 struct hci_cp_disconnect dc;
1921 struct pending_cmd *cmd;
55ed8ca1 1922 struct hci_conn *conn;
55ed8ca1
JH		 1923 int err;
1924
a8a1d19e 1925 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1926 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1927 rp.addr.type = cp->addr.type;
a8a1d19e 1928
4ee71b20
JH		 1929 if (!bdaddr_type_is_valid(cp->addr.type))
1930 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1931 MGMT_STATUS_INVALID_PARAMS,
1932 &rp, sizeof(rp));
1933
118da70b
JH		 1934 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1935 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1936 MGMT_STATUS_INVALID_PARAMS,
1937 &rp, sizeof(rp));
1938
4ee71b20
JH		 1939 hci_dev_lock(hdev);
1940
86a8cfc6 1941 if (!hdev_is_powered(hdev)) {
bdb6d971 1942 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1943 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1944 goto unlock;
1945 }
1946
591f47f3 1947 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1948 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1949 else
1950 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1951
55ed8ca1 1952 if (err < 0) {
bdb6d971 1953 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1954 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1955 goto unlock;
1956 }
1957
86a8cfc6 1958 if (cp->disconnect) {
591f47f3 1959 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1960 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1961 &cp->addr.bdaddr);
86a8cfc6
JH		 1962 else
1963 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1964 &cp->addr.bdaddr);
86a8cfc6
JH		 1965 } else {
1966 conn = NULL;
1967 }
124f6e35 1968
a8a1d19e 1969 if (!conn) {
bdb6d971 1970 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1971 &rp, sizeof(rp));
b1078ad0 1972 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1973 goto unlock;
1974 }
55ed8ca1 1975
124f6e35 1976 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1977 sizeof(*cp));
a8a1d19e
JH		 1978 if (!cmd) {
1979 err = -ENOMEM;
1980 goto unlock;
55ed8ca1
JH		 1981 }
1982
eb55ef07 1983 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1984 dc.reason = 0x13; /* Remote User Terminated Connection */
1985 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1986 if (err < 0)
1987 mgmt_pending_remove(cmd);
1988
55ed8ca1 1989unlock:
09fd0de5 1990 hci_dev_unlock(hdev);
55ed8ca1
JH		 1991 return err;
1992}
1993
bdb6d971 1994static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1995 u16 len)
8962ee74 1996{
650f726d 1997 struct mgmt_cp_disconnect *cp = data;
06a63b19 1998 struct mgmt_rp_disconnect rp;
8962ee74 1999 struct hci_cp_disconnect dc;
366a0336 2000 struct pending_cmd *cmd;
8962ee74 2001 struct hci_conn *conn;
8962ee74
JH		 2002 int err;
2003
2004 BT_DBG("");
2005
06a63b19
JH		 2006 memset(&rp, 0, sizeof(rp));
2007 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2008 rp.addr.type = cp->addr.type;
2009
4ee71b20 2010 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2011 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2012 MGMT_STATUS_INVALID_PARAMS,
2013 &rp, sizeof(rp));
4ee71b20 2014
09fd0de5 2015 hci_dev_lock(hdev);
8962ee74
JH		 2016
2017 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2018 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2019 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2020 goto failed;
2021 }
2022
2e58ef3e 2023 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2024 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2025 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2026 goto failed;
2027 }
2028
591f47f3 2029 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2030 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2031 &cp->addr.bdaddr);
88c3df13
JH		 2032 else
2033 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2034
f960727e 2035 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2036 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2037 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2038 goto failed;
2039 }
2040
2e58ef3e 2041 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2042 if (!cmd) {
2043 err = -ENOMEM;
8962ee74 2044 goto failed;
366a0336 2045 }
8962ee74 2046
eb55ef07 2047 dc.handle = cpu_to_le16(conn->handle);
3701f944 2048 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2049
2050 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2051 if (err < 0)
a664b5bc 2052 mgmt_pending_remove(cmd);
8962ee74
JH		 2053
2054failed:
09fd0de5 2055 hci_dev_unlock(hdev);
8962ee74
JH		 2056 return err;
2057}
2058
57c1477c 2059static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2060{
2061 switch (link_type) {
2062 case LE_LINK:
48264f06
JH		 2063 switch (addr_type) {
2064 case ADDR_LE_DEV_PUBLIC:
591f47f3 2065 return BDADDR_LE_PUBLIC;
0ed09148 2066
48264f06 2067 default:
0ed09148 2068 /* Fallback to LE Random address type */
591f47f3 2069 return BDADDR_LE_RANDOM;
48264f06 2070 }
0ed09148 2071
4c659c39 2072 default:
0ed09148 2073 /* Fallback to BR/EDR type */
591f47f3 2074 return BDADDR_BREDR;
4c659c39
JH		 2075 }
2076}
2077
04124681
GP		 2078static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2079 u16 data_len)
2784eb41 2080{
2784eb41 2081 struct mgmt_rp_get_connections *rp;
8035ded4 2082 struct hci_conn *c;
a38528f1 2083 size_t rp_len;
60fc5fb6
JH		 2084 int err;
2085 u16 i;
2784eb41
JH		 2086
2087 BT_DBG("");
2088
09fd0de5 2089 hci_dev_lock(hdev);
2784eb41 2090
5f97c1df 2091 if (!hdev_is_powered(hdev)) {
bdb6d971 2092 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2093 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2094 goto unlock;
2095 }
2096
60fc5fb6 2097 i = 0;
b644ba33
JH		 2098 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2099 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2100 i++;
2784eb41
JH		 2101 }
2102
60fc5fb6 2103 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2104 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2105 if (!rp) {
2784eb41
JH		 2106 err = -ENOMEM;
2107 goto unlock;
2108 }
2109
2784eb41 2110 i = 0;
4c659c39 2111 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2112 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2113 continue;
4c659c39 2114 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2115 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2116 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2117 continue;
2118 i++;
2119 }
2120
eb55ef07 2121 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2122
4c659c39
JH		 2123 /* Recalculate length in case of filtered SCO connections, etc */
2124 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2125
bdb6d971 2126 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2127 rp_len);
2784eb41 2128
a38528f1 2129 kfree(rp);
5f97c1df
JH		 2130
2131unlock:
09fd0de5 2132 hci_dev_unlock(hdev);
2784eb41
JH		 2133 return err;
2134}
2135
bdb6d971 2136static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2137 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2138{
2139 struct pending_cmd *cmd;
2140 int err;
2141
2e58ef3e 2142 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2143 sizeof(*cp));
96d97a67
WR		 2144 if (!cmd)
2145 return -ENOMEM;
2146
d8457698 2147 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2148 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2149 if (err < 0)
2150 mgmt_pending_remove(cmd);
2151
2152 return err;
2153}
2154
bdb6d971 2155static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2156 u16 len)
980e1a53 2157{
96d97a67 2158 struct hci_conn *conn;
650f726d 2159 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2160 struct hci_cp_pin_code_reply reply;
366a0336 2161 struct pending_cmd *cmd;
980e1a53
JH		 2162 int err;
2163
2164 BT_DBG("");
2165
09fd0de5 2166 hci_dev_lock(hdev);
980e1a53 2167
4b34ee78 2168 if (!hdev_is_powered(hdev)) {
bdb6d971 2169 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2170 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2171 goto failed;
2172 }
2173
d8457698 2174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2175 if (!conn) {
bdb6d971 2176 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2177 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2178 goto failed;
2179 }
2180
2181 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2182 struct mgmt_cp_pin_code_neg_reply ncp;
2183
2184 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2185
2186 BT_ERR("PIN code is not 16 bytes long");
2187
bdb6d971 2188 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2189 if (err >= 0)
bdb6d971 2190 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2191 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2192
2193 goto failed;
2194 }
2195
00abfe44 2196 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2197 if (!cmd) {
2198 err = -ENOMEM;
980e1a53 2199 goto failed;
366a0336 2200 }
980e1a53 2201
d8457698 2202 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2203 reply.pin_len = cp->pin_len;
24718ca5 2204 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2205
2206 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2207 if (err < 0)
a664b5bc 2208 mgmt_pending_remove(cmd);
980e1a53
JH		 2209
2210failed:
09fd0de5 2211 hci_dev_unlock(hdev);
980e1a53
JH		 2212 return err;
2213}
2214
04124681
GP		 2215static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2216 u16 len)
17fa4b9d 2217{
650f726d 2218 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2219
2220 BT_DBG("");
2221
09fd0de5 2222 hci_dev_lock(hdev);
17fa4b9d
JH		 2223
2224 hdev->io_capability = cp->io_capability;
2225
2226 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2227 hdev->io_capability);
17fa4b9d 2228
09fd0de5 2229 hci_dev_unlock(hdev);
17fa4b9d 2230
04124681
GP		 2231 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2232 0);
17fa4b9d
JH		 2233}
2234
6039aa73 2235static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2236{
2237 struct hci_dev *hdev = conn->hdev;
8035ded4 2238 struct pending_cmd *cmd;
e9a416b5 2239
2e58ef3e 2240 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2241 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2242 continue;
2243
e9a416b5
JH		 2244 if (cmd->user_data != conn)
2245 continue;
2246
2247 return cmd;
2248 }
2249
2250 return NULL;
2251}
2252
2253static void pairing_complete(struct pending_cmd *cmd, u8 status)
2254{
2255 struct mgmt_rp_pair_device rp;
2256 struct hci_conn *conn = cmd->user_data;
2257
ba4e564f 2258 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2259 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2260
aee9b218 2261 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2262 &rp, sizeof(rp));
e9a416b5
JH		 2263
2264 /* So we don't get further callbacks for this connection */
2265 conn->connect_cfm_cb = NULL;
2266 conn->security_cfm_cb = NULL;
2267 conn->disconn_cfm_cb = NULL;
2268
76a68ba0 2269 hci_conn_drop(conn);
e9a416b5 2270
a664b5bc 2271 mgmt_pending_remove(cmd);
e9a416b5
JH		 2272}
2273
2274static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2275{
2276 struct pending_cmd *cmd;
2277
2278 BT_DBG("status %u", status);
2279
2280 cmd = find_pairing(conn);
56e5cb86 2281 if (!cmd)
e9a416b5 2282 BT_DBG("Unable to find a pending command");
56e5cb86 2283 else
e211326c 2284 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2285}
2286
4c47d739
VA		 2287static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2288{
2289 struct pending_cmd *cmd;
2290
2291 BT_DBG("status %u", status);
2292
2293 if (!status)
2294 return;
2295
2296 cmd = find_pairing(conn);
2297 if (!cmd)
2298 BT_DBG("Unable to find a pending command");
2299 else
2300 pairing_complete(cmd, mgmt_status(status));
2301}
2302
bdb6d971 2303static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2304 u16 len)
e9a416b5 2305{
650f726d 2306 struct mgmt_cp_pair_device *cp = data;
1425acb7 2307 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2308 struct pending_cmd *cmd;
2309 u8 sec_level, auth_type;
2310 struct hci_conn *conn;
e9a416b5
JH		 2311 int err;
2312
2313 BT_DBG("");
2314
f950a30e
SJ		 2315 memset(&rp, 0, sizeof(rp));
2316 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2317 rp.addr.type = cp->addr.type;
2318
4ee71b20
JH		 2319 if (!bdaddr_type_is_valid(cp->addr.type))
2320 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2321 MGMT_STATUS_INVALID_PARAMS,
2322 &rp, sizeof(rp));
2323
09fd0de5 2324 hci_dev_lock(hdev);
e9a416b5 2325
5f97c1df 2326 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2327 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2328 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2329 goto unlock;
2330 }
2331
c908df36
VCG		 2332 sec_level = BT_SECURITY_MEDIUM;
2333 if (cp->io_cap == 0x03)
e9a416b5 2334 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2335 else
e9a416b5 2336 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2337
591f47f3 2338 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2339 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2340 cp->addr.type, sec_level, auth_type);
7a512d01 2341 else
b12f62cf
AG		 2342 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2343 cp->addr.type, sec_level, auth_type);
7a512d01 2344
30e76272 2345 if (IS_ERR(conn)) {
489dc48e
AK		 2346 int status;
2347
2348 if (PTR_ERR(conn) == -EBUSY)
2349 status = MGMT_STATUS_BUSY;
2350 else
2351 status = MGMT_STATUS_CONNECT_FAILED;
2352
bdb6d971 2353 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2354 status, &rp,
04124681 2355 sizeof(rp));
e9a416b5
JH		 2356 goto unlock;
2357 }
2358
2359 if (conn->connect_cfm_cb) {
76a68ba0 2360 hci_conn_drop(conn);
bdb6d971 2361 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2362 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2363 goto unlock;
2364 }
2365
2e58ef3e 2366 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2367 if (!cmd) {
2368 err = -ENOMEM;
76a68ba0 2369 hci_conn_drop(conn);
e9a416b5
JH		 2370 goto unlock;
2371 }
2372
7a512d01 2373 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2374 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2375 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2376 else
2377 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2378
e9a416b5
JH		 2379 conn->security_cfm_cb = pairing_complete_cb;
2380 conn->disconn_cfm_cb = pairing_complete_cb;
2381 conn->io_capability = cp->io_cap;
2382 cmd->user_data = conn;
2383
2384 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2385 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2386 pairing_complete(cmd, 0);
2387
2388 err = 0;
2389
2390unlock:
09fd0de5 2391 hci_dev_unlock(hdev);
e9a416b5
JH		 2392 return err;
2393}
2394
04124681
GP		 2395static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2396 u16 len)
28424707 2397{
0f4e68cf 2398 struct mgmt_addr_info *addr = data;
28424707
JH		 2399 struct pending_cmd *cmd;
2400 struct hci_conn *conn;
2401 int err;
2402
2403 BT_DBG("");
2404
28424707
JH		 2405 hci_dev_lock(hdev);
2406
5f97c1df 2407 if (!hdev_is_powered(hdev)) {
bdb6d971 2408 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2409 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2410 goto unlock;
2411 }
2412
28424707
JH		 2413 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2414 if (!cmd) {
bdb6d971 2415 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2416 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2417 goto unlock;
2418 }
2419
2420 conn = cmd->user_data;
2421
2422 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2423 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2424 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2425 goto unlock;
2426 }
2427
2428 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2429
bdb6d971 2430 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2431 addr, sizeof(*addr));
28424707
JH		 2432unlock:
2433 hci_dev_unlock(hdev);
28424707
JH		 2434 return err;
2435}
2436
bdb6d971 2437static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2438 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2439 u16 hci_op, __le32 passkey)
a5c29683 2440{
a5c29683 2441 struct pending_cmd *cmd;
0df4c185 2442 struct hci_conn *conn;
a5c29683
JH		 2443 int err;
2444
09fd0de5 2445 hci_dev_lock(hdev);
08ba5382 2446
4b34ee78 2447 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2448 err = cmd_complete(sk, hdev->id, mgmt_op,
2449 MGMT_STATUS_NOT_POWERED, addr,
2450 sizeof(*addr));
0df4c185 2451 goto done;
a5c29683
JH		 2452 }
2453
1707c60e
JH		 2454 if (addr->type == BDADDR_BREDR)
2455 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2456 else
1707c60e 2457 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2458
2459 if (!conn) {
feb94d3d
JH		 2460 err = cmd_complete(sk, hdev->id, mgmt_op,
2461 MGMT_STATUS_NOT_CONNECTED, addr,
2462 sizeof(*addr));
272d90df
JH		 2463 goto done;
2464 }
47c15e2b 2465
1707c60e 2466 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2467 /* Continue with pairing via SMP */
5fe57d9e
BG		 2468 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2469
2470 if (!err)
feb94d3d
JH		 2471 err = cmd_complete(sk, hdev->id, mgmt_op,
2472 MGMT_STATUS_SUCCESS, addr,
2473 sizeof(*addr));
5fe57d9e 2474 else
feb94d3d
JH		 2475 err = cmd_complete(sk, hdev->id, mgmt_op,
2476 MGMT_STATUS_FAILED, addr,
2477 sizeof(*addr));
47c15e2b 2478
47c15e2b
BG		 2479 goto done;
2480 }
2481
1707c60e 2482 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2483 if (!cmd) {
2484 err = -ENOMEM;
0df4c185 2485 goto done;
a5c29683
JH		 2486 }
2487
0df4c185 2488 /* Continue with pairing via HCI */
604086b7
BG		 2489 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2490 struct hci_cp_user_passkey_reply cp;
2491
1707c60e 2492 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2493 cp.passkey = passkey;
2494 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2495 } else
1707c60e
JH		 2496 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2497 &addr->bdaddr);
604086b7 2498
a664b5bc
JH		 2499 if (err < 0)
2500 mgmt_pending_remove(cmd);
a5c29683 2501
0df4c185 2502done:
09fd0de5 2503 hci_dev_unlock(hdev);
a5c29683
JH		 2504 return err;
2505}
2506
afeb019d
JK		 2507static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2508 void *data, u16 len)
2509{
2510 struct mgmt_cp_pin_code_neg_reply *cp = data;
2511
2512 BT_DBG("");
2513
1707c60e 2514 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2515 MGMT_OP_PIN_CODE_NEG_REPLY,
2516 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2517}
2518
04124681
GP		 2519static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2520 u16 len)
0df4c185 2521{
650f726d 2522 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2523
2524 BT_DBG("");
2525
2526 if (len != sizeof(*cp))
bdb6d971 2527 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2528 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2529
1707c60e 2530 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2531 MGMT_OP_USER_CONFIRM_REPLY,
2532 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2533}
2534
bdb6d971 2535static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2536 void *data, u16 len)
0df4c185 2537{
c9c2659f 2538 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2539
2540 BT_DBG("");
2541
1707c60e 2542 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2543 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2544 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2545}
2546
04124681
GP		 2547static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2548 u16 len)
604086b7 2549{
650f726d 2550 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2551
2552 BT_DBG("");
2553
1707c60e 2554 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2555 MGMT_OP_USER_PASSKEY_REPLY,
2556 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2557}
2558
bdb6d971 2559static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2560 void *data, u16 len)
604086b7 2561{
650f726d 2562 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2563
2564 BT_DBG("");
2565
1707c60e 2566 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2567 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2568 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2569}
2570
13928971 2571static void update_name(struct hci_request *req)
2b4bf397 2572{
13928971 2573 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2574 struct hci_cp_write_local_name cp;
2575
13928971 2576 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2577
890ea898 2578 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2579}
2580
13928971
JH		 2581static void set_name_complete(struct hci_dev *hdev, u8 status)
2582{
2583 struct mgmt_cp_set_local_name *cp;
2584 struct pending_cmd *cmd;
2585
2586 BT_DBG("status 0x%02x", status);
2587
2588 hci_dev_lock(hdev);
2589
2590 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2591 if (!cmd)
2592 goto unlock;
2593
2594 cp = cmd->param;
2595
2596 if (status)
2597 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2598 mgmt_status(status));
2599 else
2600 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2601 cp, sizeof(*cp));
2602
2603 mgmt_pending_remove(cmd);
2604
2605unlock:
2606 hci_dev_unlock(hdev);
2607}
2608
bdb6d971 2609static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2610 u16 len)
b312b161 2611{
2b4bf397 2612 struct mgmt_cp_set_local_name *cp = data;
b312b161 2613 struct pending_cmd *cmd;
890ea898 2614 struct hci_request req;
b312b161
JH		 2615 int err;
2616
2617 BT_DBG("");
2618
09fd0de5 2619 hci_dev_lock(hdev);
b312b161 2620
b3f2ca94
JH		 2621 /* If the old values are the same as the new ones just return a
2622 * direct command complete event.
2623 */
2624 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2625 !memcmp(hdev->short_name, cp->short_name,
2626 sizeof(hdev->short_name))) {
2627 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2628 data, len);
2629 goto failed;
2630 }
2631
2b4bf397 2632 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2633
b5235a65 2634 if (!hdev_is_powered(hdev)) {
2b4bf397 2635 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2636
2637 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2638 data, len);
28cc7bde
JH		 2639 if (err < 0)
2640 goto failed;
2641
2642 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2643 sk);
28cc7bde 2644
b5235a65
JH		 2645 goto failed;
2646 }
2647
28cc7bde 2648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2649 if (!cmd) {
2650 err = -ENOMEM;
2651 goto failed;
2652 }
2653
13928971
JH		 2654 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2655
890ea898 2656 hci_req_init(&req, hdev);
3f985050
JH		 2657
2658 if (lmp_bredr_capable(hdev)) {
2659 update_name(&req);
2660 update_eir(&req);
2661 }
2662
2663 if (lmp_le_capable(hdev))
2664 hci_update_ad(&req);
2665
13928971 2666 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2667 if (err < 0)
2668 mgmt_pending_remove(cmd);
2669
2670failed:
09fd0de5 2671 hci_dev_unlock(hdev);
b312b161
JH		 2672 return err;
2673}
2674
0f4e68cf 2675static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2676 void *data, u16 data_len)
c35938b2 2677{
c35938b2
SJ		 2678 struct pending_cmd *cmd;
2679 int err;
2680
bdb6d971 2681 BT_DBG("%s", hdev->name);
c35938b2 2682
09fd0de5 2683 hci_dev_lock(hdev);
c35938b2 2684
4b34ee78 2685 if (!hdev_is_powered(hdev)) {
bdb6d971 2686 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2687 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2688 goto unlock;
2689 }
2690
9a1a1996 2691 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2692 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2693 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2694 goto unlock;
2695 }
2696
2e58ef3e 2697 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2698 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2699 MGMT_STATUS_BUSY);
c35938b2
SJ		 2700 goto unlock;
2701 }
2702
2e58ef3e 2703 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2704 if (!cmd) {
2705 err = -ENOMEM;
2706 goto unlock;
2707 }
2708
2709 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2710 if (err < 0)
2711 mgmt_pending_remove(cmd);
2712
2713unlock:
09fd0de5 2714 hci_dev_unlock(hdev);
c35938b2
SJ		 2715 return err;
2716}
2717
bdb6d971 2718static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2719 void *data, u16 len)
2763eda6 2720{
650f726d 2721 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2722 u8 status;
2763eda6
SJ		 2723 int err;
2724
bdb6d971 2725 BT_DBG("%s ", hdev->name);
2763eda6 2726
09fd0de5 2727 hci_dev_lock(hdev);
2763eda6 2728
664ce4cc 2729 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2730 cp->randomizer);
2763eda6 2731 if (err < 0)
bf1e3541 2732 status = MGMT_STATUS_FAILED;
2763eda6 2733 else
a6785be2 2734 status = MGMT_STATUS_SUCCESS;
bf1e3541 2735
bdb6d971 2736 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2737 &cp->addr, sizeof(cp->addr));
2763eda6 2738
09fd0de5 2739 hci_dev_unlock(hdev);
2763eda6
SJ		 2740 return err;
2741}
2742
bdb6d971 2743static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2744 void *data, u16 len)
2763eda6 2745{
650f726d 2746 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2747 u8 status;
2763eda6
SJ		 2748 int err;
2749
bdb6d971 2750 BT_DBG("%s", hdev->name);
2763eda6 2751
09fd0de5 2752 hci_dev_lock(hdev);
2763eda6 2753
664ce4cc 2754 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2755 if (err < 0)
bf1e3541 2756 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2757 else
a6785be2 2758 status = MGMT_STATUS_SUCCESS;
bf1e3541 2759
bdb6d971 2760 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2761 status, &cp->addr, sizeof(cp->addr));
2763eda6 2762
09fd0de5 2763 hci_dev_unlock(hdev);
2763eda6
SJ		 2764 return err;
2765}
2766
41dc2bd6
AG		 2767static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2768{
2769 struct pending_cmd *cmd;
2770 u8 type;
2771 int err;
2772
2773 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2774
2775 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2776 if (!cmd)
2777 return -ENOENT;
2778
2779 type = hdev->discovery.type;
2780
2781 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2782 &type, sizeof(type));
2783 mgmt_pending_remove(cmd);
2784
2785 return err;
2786}
2787
7c307720
AG		 2788static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2789{
2790 BT_DBG("status %d", status);
2791
2792 if (status) {
2793 hci_dev_lock(hdev);
2794 mgmt_start_discovery_failed(hdev, status);
2795 hci_dev_unlock(hdev);
2796 return;
2797 }
2798
2799 hci_dev_lock(hdev);
2800 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2801 hci_dev_unlock(hdev);
2802
2803 switch (hdev->discovery.type) {
2804 case DISCOV_TYPE_LE:
2805 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2806 DISCOV_LE_TIMEOUT);
7c307720
AG		 2807 break;
2808
2809 case DISCOV_TYPE_INTERLEAVED:
2810 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2811 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2812 break;
2813
2814 case DISCOV_TYPE_BREDR:
2815 break;
2816
2817 default:
2818 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2819 }
2820}
2821
bdb6d971 2822static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2823 void *data, u16 len)
14a53664 2824{
650f726d 2825 struct mgmt_cp_start_discovery *cp = data;
14a53664 2826 struct pending_cmd *cmd;
7c307720
AG		 2827 struct hci_cp_le_set_scan_param param_cp;
2828 struct hci_cp_le_set_scan_enable enable_cp;
2829 struct hci_cp_inquiry inq_cp;
2830 struct hci_request req;
2831 /* General inquiry access code (GIAC) */
2832 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2833 u8 status;
14a53664
JH		 2834 int err;
2835
bdb6d971 2836 BT_DBG("%s", hdev->name);
14a53664 2837
09fd0de5 2838 hci_dev_lock(hdev);
14a53664 2839
4b34ee78 2840 if (!hdev_is_powered(hdev)) {
bdb6d971 2841 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2842 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2843 goto failed;
2844 }
2845
642be6c7
AG		 2846 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2847 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2848 MGMT_STATUS_BUSY);
2849 goto failed;
2850 }
2851
ff9ef578 2852 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2853 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2854 MGMT_STATUS_BUSY);
ff9ef578
JH		 2855 goto failed;
2856 }
2857
2e58ef3e 2858 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2859 if (!cmd) {
2860 err = -ENOMEM;
2861 goto failed;
2862 }
2863
4aab14e5
AG		 2864 hdev->discovery.type = cp->type;
2865
7c307720
AG		 2866 hci_req_init(&req, hdev);
2867
4aab14e5 2868 switch (hdev->discovery.type) {
f39799f5 2869 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2870 status = mgmt_bredr_support(hdev);
2871 if (status) {
04106755 2872 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2873 status);
04106755
JH		 2874 mgmt_pending_remove(cmd);
2875 goto failed;
2876 }
2877
7c307720
AG		 2878 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2879 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2880 MGMT_STATUS_BUSY);
2881 mgmt_pending_remove(cmd);
2882 goto failed;
2883 }
2884
2885 hci_inquiry_cache_flush(hdev);
2886
2887 memset(&inq_cp, 0, sizeof(inq_cp));
2888 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2889 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2890 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2891 break;
2892
2893 case DISCOV_TYPE_LE:
7c307720 2894 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2895 status = mgmt_le_support(hdev);
2896 if (status) {
04106755 2897 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2898 status);
04106755
JH		 2899 mgmt_pending_remove(cmd);
2900 goto failed;
2901 }
2902
7c307720 2903 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2904 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2905 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2906 MGMT_STATUS_NOT_SUPPORTED);
2907 mgmt_pending_remove(cmd);
2908 goto failed;
2909 }
2910
f3d3444a 2911 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2912 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2913 MGMT_STATUS_REJECTED);
2914 mgmt_pending_remove(cmd);
2915 goto failed;
2916 }
2917
2918 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2919 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2920 MGMT_STATUS_BUSY);
2921 mgmt_pending_remove(cmd);
2922 goto failed;
2923 }
2924
2925 memset(&param_cp, 0, sizeof(param_cp));
2926 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2927 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2928 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2929 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2930 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2931 else
2932 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2933 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2934 &param_cp);
2935
2936 memset(&enable_cp, 0, sizeof(enable_cp));
2937 enable_cp.enable = LE_SCAN_ENABLE;
2938 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2939 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2940 &enable_cp);
5e0452c0
AG		 2941 break;
2942
f39799f5 2943 default:
04106755
JH		 2944 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2945 MGMT_STATUS_INVALID_PARAMS);
2946 mgmt_pending_remove(cmd);
2947 goto failed;
f39799f5 2948 }
3fd24153 2949
7c307720 2950 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2951 if (err < 0)
2952 mgmt_pending_remove(cmd);
ff9ef578
JH		 2953 else
2954 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2955
2956failed:
09fd0de5 2957 hci_dev_unlock(hdev);
14a53664
JH		 2958 return err;
2959}
2960
1183fdca
AG		 2961static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2962{
2963 struct pending_cmd *cmd;
2964 int err;
2965
2966 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2967 if (!cmd)
2968 return -ENOENT;
2969
2970 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2971 &hdev->discovery.type, sizeof(hdev->discovery.type));
2972 mgmt_pending_remove(cmd);
2973
2974 return err;
2975}
2976
0e05bba6
AG		 2977static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2978{
2979 BT_DBG("status %d", status);
2980
2981 hci_dev_lock(hdev);
2982
2983 if (status) {
2984 mgmt_stop_discovery_failed(hdev, status);
2985 goto unlock;
2986 }
2987
2988 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2989
2990unlock:
2991 hci_dev_unlock(hdev);
2992}
2993
bdb6d971 2994static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2995 u16 len)
14a53664 2996{
d930650b 2997 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2998 struct pending_cmd *cmd;
30dc78e1
JH		 2999 struct hci_cp_remote_name_req_cancel cp;
3000 struct inquiry_entry *e;
0e05bba6
AG		 3001 struct hci_request req;
3002 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3003 int err;
3004
bdb6d971 3005 BT_DBG("%s", hdev->name);
14a53664 3006
09fd0de5 3007 hci_dev_lock(hdev);
14a53664 3008
30dc78e1 3009 if (!hci_discovery_active(hdev)) {
bdb6d971 3010 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3011 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3012 sizeof(mgmt_cp->type));
d930650b
JH		 3013 goto unlock;
3014 }
3015
3016 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3017 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3018 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3019 sizeof(mgmt_cp->type));
30dc78e1 3020 goto unlock;
ff9ef578
JH		 3021 }
3022
2e58ef3e 3023 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3024 if (!cmd) {
3025 err = -ENOMEM;
30dc78e1
JH		 3026 goto unlock;
3027 }
3028
0e05bba6
AG		 3029 hci_req_init(&req, hdev);
3030
e0d9727e
AG		 3031 switch (hdev->discovery.state) {
3032 case DISCOVERY_FINDING:
0e05bba6
AG		 3033 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3034 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3035 } else {
3036 cancel_delayed_work(&hdev->le_scan_disable);
3037
3038 memset(&enable_cp, 0, sizeof(enable_cp));
3039 enable_cp.enable = LE_SCAN_DISABLE;
3040 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3041 sizeof(enable_cp), &enable_cp);
3042 }
c9ecc48e 3043
e0d9727e
AG		 3044 break;
3045
3046 case DISCOVERY_RESOLVING:
3047 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3048 NAME_PENDING);
e0d9727e 3049 if (!e) {
30dc78e1 3050 mgmt_pending_remove(cmd);
e0d9727e
AG		 3051 err = cmd_complete(sk, hdev->id,
3052 MGMT_OP_STOP_DISCOVERY, 0,
3053 &mgmt_cp->type,
3054 sizeof(mgmt_cp->type));
3055 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3056 goto unlock;
3057 }
30dc78e1 3058
e0d9727e 3059 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3060 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3061 &cp);
e0d9727e
AG		 3062
3063 break;
3064
3065 default:
3066 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3067
3068 mgmt_pending_remove(cmd);
3069 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3070 MGMT_STATUS_FAILED, &mgmt_cp->type,
3071 sizeof(mgmt_cp->type));
3072 goto unlock;
14a53664
JH		 3073 }
3074
0e05bba6 3075 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3076 if (err < 0)
3077 mgmt_pending_remove(cmd);
ff9ef578
JH		 3078 else
3079 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3080
30dc78e1 3081unlock:
09fd0de5 3082 hci_dev_unlock(hdev);
14a53664
JH		 3083 return err;
3084}
3085
bdb6d971 3086static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3087 u16 len)
561aafbc 3088{
650f726d 3089 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3090 struct inquiry_entry *e;
561aafbc
JH		 3091 int err;
3092
bdb6d971 3093 BT_DBG("%s", hdev->name);
561aafbc 3094
561aafbc
JH		 3095 hci_dev_lock(hdev);
3096
30dc78e1 3097 if (!hci_discovery_active(hdev)) {
bdb6d971 3098 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3099 MGMT_STATUS_FAILED);
30dc78e1
JH		 3100 goto failed;
3101 }
3102
a198e7b1 3103 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3104 if (!e) {
bdb6d971 3105 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3106 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3107 goto failed;
3108 }
3109
3110 if (cp->name_known) {
3111 e->name_state = NAME_KNOWN;
3112 list_del(&e->list);
3113 } else {
3114 e->name_state = NAME_NEEDED;
a3d4e20a 3115 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3116 }
3117
e384662b
JH		 3118 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3119 sizeof(cp->addr));
561aafbc
JH		 3120
3121failed:
3122 hci_dev_unlock(hdev);
561aafbc
JH		 3123 return err;
3124}
3125
bdb6d971 3126static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3127 u16 len)
7fbec224 3128{
650f726d 3129 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3130 u8 status;
7fbec224
AJ		 3131 int err;
3132
bdb6d971 3133 BT_DBG("%s", hdev->name);
7fbec224 3134
4ee71b20 3135 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3136 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3137 MGMT_STATUS_INVALID_PARAMS,
3138 &cp->addr, sizeof(cp->addr));
4ee71b20 3139
09fd0de5 3140 hci_dev_lock(hdev);
5e762444 3141
88c1fe4b 3142 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3143 if (err < 0)
f0eeea8b 3144 status = MGMT_STATUS_FAILED;
7fbec224 3145 else
a6785be2 3146 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3147
bdb6d971 3148 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3149 &cp->addr, sizeof(cp->addr));
5e762444 3150
09fd0de5 3151 hci_dev_unlock(hdev);
7fbec224
AJ		 3152
3153 return err;
3154}
3155
bdb6d971 3156static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3157 u16 len)
7fbec224 3158{
650f726d 3159 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3160 u8 status;
7fbec224
AJ		 3161 int err;
3162
bdb6d971 3163 BT_DBG("%s", hdev->name);
7fbec224 3164
4ee71b20 3165 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3166 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3167 MGMT_STATUS_INVALID_PARAMS,
3168 &cp->addr, sizeof(cp->addr));
4ee71b20 3169
09fd0de5 3170 hci_dev_lock(hdev);
5e762444 3171
88c1fe4b 3172 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3173 if (err < 0)
f0eeea8b 3174 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3175 else
a6785be2 3176 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3177
bdb6d971 3178 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3179 &cp->addr, sizeof(cp->addr));
5e762444 3180
09fd0de5 3181 hci_dev_unlock(hdev);
7fbec224
AJ		 3182
3183 return err;
3184}
3185
cdbaccca
MH		 3186static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3187 u16 len)
3188{
3189 struct mgmt_cp_set_device_id *cp = data;
890ea898 3190 struct hci_request req;
cdbaccca 3191 int err;
c72d4b8a 3192 __u16 source;
cdbaccca
MH		 3193
3194 BT_DBG("%s", hdev->name);
3195
c72d4b8a
SJ		 3196 source = __le16_to_cpu(cp->source);
3197
3198 if (source > 0x0002)
3199 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3200 MGMT_STATUS_INVALID_PARAMS);
3201
cdbaccca
MH		 3202 hci_dev_lock(hdev);
3203
c72d4b8a 3204 hdev->devid_source = source;
cdbaccca
MH		 3205 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3206 hdev->devid_product = __le16_to_cpu(cp->product);
3207 hdev->devid_version = __le16_to_cpu(cp->version);
3208
3209 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3210
890ea898
JH		 3211 hci_req_init(&req, hdev);
3212 update_eir(&req);
3213 hci_req_run(&req, NULL);
cdbaccca
MH		 3214
3215 hci_dev_unlock(hdev);
3216
3217 return err;
3218}
3219
4375f103
JH		 3220static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3221{
3222 struct cmd_lookup match = { NULL, hdev };
3223
3224 if (status) {
3225 u8 mgmt_err = mgmt_status(status);
3226
3227 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3228 cmd_status_rsp, &mgmt_err);
3229 return;
3230 }
3231
3232 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3233 &match);
3234
3235 new_settings(hdev, match.sk);
3236
3237 if (match.sk)
3238 sock_put(match.sk);
3239}
3240
3241static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3242{
3243 struct mgmt_mode *cp = data;
3244 struct pending_cmd *cmd;
3245 struct hci_request req;
e6fe7986 3246 u8 val, enabled, status;
4375f103
JH		 3247 int err;
3248
3249 BT_DBG("request for %s", hdev->name);
3250
e6fe7986
JH		 3251 status = mgmt_le_support(hdev);
3252 if (status)
4375f103 3253 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3254 status);
4375f103
JH		 3255
3256 if (cp->val != 0x00 && cp->val != 0x01)
3257 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3258 MGMT_STATUS_INVALID_PARAMS);
3259
3260 hci_dev_lock(hdev);
3261
3262 val = !!cp->val;
f3d3444a 3263 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3264
3265 if (!hdev_is_powered(hdev) || val == enabled) {
3266 bool changed = false;
3267
f3d3444a
JH		 3268 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3269 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3270 changed = true;
3271 }
3272
3273 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3274 if (err < 0)
3275 goto unlock;
3276
3277 if (changed)
3278 err = new_settings(hdev, sk);
3279
3280 goto unlock;
3281 }
3282
3283 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3284 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3285 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3286 MGMT_STATUS_BUSY);
3287 goto unlock;
3288 }
3289
3290 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3291 if (!cmd) {
3292 err = -ENOMEM;
3293 goto unlock;
3294 }
3295
3296 hci_req_init(&req, hdev);
3297
bba3aa55
MH		 3298 if (val)
3299 enable_advertising(&req);
3300 else
3301 disable_advertising(&req);
4375f103
JH		 3302
3303 err = hci_req_run(&req, set_advertising_complete);
3304 if (err < 0)
3305 mgmt_pending_remove(cmd);
3306
3307unlock:
3308 hci_dev_unlock(hdev);
3309 return err;
3310}
3311
d13eafce
MH		 3312static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3313 void *data, u16 len)
3314{
3315 struct mgmt_cp_set_static_address *cp = data;
3316 int err;
3317
3318 BT_DBG("%s", hdev->name);
3319
62af4443 3320 if (!lmp_le_capable(hdev))
d13eafce 3321 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3322 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3323
3324 if (hdev_is_powered(hdev))
3325 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3326 MGMT_STATUS_REJECTED);
3327
3328 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3329 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3330 return cmd_status(sk, hdev->id,
3331 MGMT_OP_SET_STATIC_ADDRESS,
3332 MGMT_STATUS_INVALID_PARAMS);
3333
3334 /* Two most significant bits shall be set */
3335 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3336 return cmd_status(sk, hdev->id,
3337 MGMT_OP_SET_STATIC_ADDRESS,
3338 MGMT_STATUS_INVALID_PARAMS);
3339 }
3340
3341 hci_dev_lock(hdev);
3342
3343 bacpy(&hdev->static_addr, &cp->bdaddr);
3344
3345 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3346
3347 hci_dev_unlock(hdev);
3348
3349 return err;
3350}
3351
33e38b3e
JH		 3352static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3353{
3354 struct pending_cmd *cmd;
3355
3356 BT_DBG("status 0x%02x", status);
3357
3358 hci_dev_lock(hdev);
3359
3360 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3361 if (!cmd)
3362 goto unlock;
3363
3364 if (status) {
3365 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3366 mgmt_status(status));
3367 } else {
1a4d3c4b
JH		 3368 struct mgmt_mode *cp = cmd->param;
3369
3370 if (cp->val)
3371 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3372 else
3373 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3374
33e38b3e
JH		 3375 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3376 new_settings(hdev, cmd->sk);
3377 }
3378
3379 mgmt_pending_remove(cmd);
3380
3381unlock:
3382 hci_dev_unlock(hdev);
3383}
3384
bdb6d971 3385static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3386 void *data, u16 len)
f6422ec6 3387{
650f726d 3388 struct mgmt_mode *cp = data;
33e38b3e
JH		 3389 struct pending_cmd *cmd;
3390 struct hci_request req;
f6422ec6
AJ		 3391 int err;
3392
bdb6d971 3393 BT_DBG("%s", hdev->name);
f6422ec6 3394
56f87901
JH		 3395 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3396 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3397 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3398 MGMT_STATUS_NOT_SUPPORTED);
3399
a7e80f25
JH		 3400 if (cp->val != 0x00 && cp->val != 0x01)
3401 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3402 MGMT_STATUS_INVALID_PARAMS);
3403
5400c044 3404 if (!hdev_is_powered(hdev))
bdb6d971 3405 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3406 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3407
3408 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3409 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3410 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3411
3412 hci_dev_lock(hdev);
3413
05cbf29f
JH		 3414 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3415 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3416 MGMT_STATUS_BUSY);
3417 goto unlock;
3418 }
3419
1a4d3c4b
JH		 3420 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3421 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3422 hdev);
3423 goto unlock;
3424 }
3425
33e38b3e
JH		 3426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3427 data, len);
3428 if (!cmd) {
3429 err = -ENOMEM;
3430 goto unlock;
f6422ec6
AJ		 3431 }
3432
33e38b3e
JH		 3433 hci_req_init(&req, hdev);
3434
406d7804 3435 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3436
3437 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3438 if (err < 0) {
bdb6d971 3439 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3440 MGMT_STATUS_FAILED);
33e38b3e 3441 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3442 }
3443
33e38b3e 3444unlock:
f6422ec6 3445 hci_dev_unlock(hdev);
33e38b3e 3446
f6422ec6
AJ		 3447 return err;
3448}
3449
0663ca2a
JH		 3450static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3451{
3452 struct pending_cmd *cmd;
3453
3454 BT_DBG("status 0x%02x", status);
3455
3456 hci_dev_lock(hdev);
3457
3458 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3459 if (!cmd)
3460 goto unlock;
3461
3462 if (status) {
3463 u8 mgmt_err = mgmt_status(status);
3464
3465 /* We need to restore the flag if related HCI commands
3466 * failed.
3467 */
3468 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3469
3470 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3471 } else {
3472 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3473 new_settings(hdev, cmd->sk);
3474 }
3475
3476 mgmt_pending_remove(cmd);
3477
3478unlock:
3479 hci_dev_unlock(hdev);
3480}
3481
3482static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3483{
3484 struct mgmt_mode *cp = data;
3485 struct pending_cmd *cmd;
3486 struct hci_request req;
3487 int err;
3488
3489 BT_DBG("request for %s", hdev->name);
3490
3491 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3492 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3493 MGMT_STATUS_NOT_SUPPORTED);
3494
3495 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3496 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3497 MGMT_STATUS_REJECTED);
3498
3499 if (cp->val != 0x00 && cp->val != 0x01)
3500 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3501 MGMT_STATUS_INVALID_PARAMS);
3502
3503 hci_dev_lock(hdev);
3504
3505 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3506 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3507 goto unlock;
3508 }
3509
3510 if (!hdev_is_powered(hdev)) {
3511 if (!cp->val) {
3512 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3513 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3514 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3515 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3516 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3517 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3518 }
3519
3520 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3521
3522 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3523 if (err < 0)
3524 goto unlock;
3525
3526 err = new_settings(hdev, sk);
3527 goto unlock;
3528 }
3529
3530 /* Reject disabling when powered on */
3531 if (!cp->val) {
3532 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3533 MGMT_STATUS_REJECTED);
3534 goto unlock;
3535 }
3536
3537 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3538 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3539 MGMT_STATUS_BUSY);
3540 goto unlock;
3541 }
3542
3543 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3544 if (!cmd) {
3545 err = -ENOMEM;
3546 goto unlock;
3547 }
3548
3549 /* We need to flip the bit already here so that hci_update_ad
3550 * generates the correct flags.
3551 */
3552 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3553
3554 hci_req_init(&req, hdev);
3555 hci_update_ad(&req);
3556 err = hci_req_run(&req, set_bredr_complete);
3557 if (err < 0)
3558 mgmt_pending_remove(cmd);
3559
3560unlock:
3561 hci_dev_unlock(hdev);
3562 return err;
3563}
3564
3f706b72
JH		 3565static bool ltk_is_valid(struct mgmt_ltk_info *key)
3566{
44b20d33
JH		 3567 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3568 return false;
3f706b72
JH		 3569 if (key->master != 0x00 && key->master != 0x01)
3570 return false;
4ee71b20
JH		 3571 if (!bdaddr_type_is_le(key->addr.type))
3572 return false;
3f706b72
JH		 3573 return true;
3574}
3575
bdb6d971 3576static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3577 void *cp_data, u16 len)
346af67b 3578{
346af67b
VCG		 3579 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3580 u16 key_count, expected_len;
715a5bf2 3581 int i, err;
346af67b 3582
cf99ba13
MH		 3583 BT_DBG("request for %s", hdev->name);
3584
3585 if (!lmp_le_capable(hdev))
3586 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3587 MGMT_STATUS_NOT_SUPPORTED);
3588
1f350c87 3589 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3590
3591 expected_len = sizeof(*cp) + key_count *
3592 sizeof(struct mgmt_ltk_info);
3593 if (expected_len != len) {
3594 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3595 len, expected_len);
bdb6d971 3596 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3597 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3598 }
3599
bdb6d971 3600 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3601
54ad6d8a
JH		 3602 for (i = 0; i < key_count; i++) {
3603 struct mgmt_ltk_info *key = &cp->keys[i];
3604
3f706b72 3605 if (!ltk_is_valid(key))
54ad6d8a
JH		 3606 return cmd_status(sk, hdev->id,
3607 MGMT_OP_LOAD_LONG_TERM_KEYS,
3608 MGMT_STATUS_INVALID_PARAMS);
3609 }
3610
346af67b
VCG		 3611 hci_dev_lock(hdev);
3612
3613 hci_smp_ltks_clear(hdev);
3614
3615 for (i = 0; i < key_count; i++) {
3616 struct mgmt_ltk_info *key = &cp->keys[i];
3617 u8 type;
3618
3619 if (key->master)
3620 type = HCI_SMP_LTK;
3621 else
3622 type = HCI_SMP_LTK_SLAVE;
3623
4596fde5 3624 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3625 bdaddr_to_le(key->addr.type),
04124681
GP		 3626 type, 0, key->authenticated, key->val,
3627 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3628 }
3629
715a5bf2
JH		 3630 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3631 NULL, 0);
3632
346af67b 3633 hci_dev_unlock(hdev);
346af67b 3634
715a5bf2 3635 return err;
346af67b
VCG		 3636}
3637
2e3c35ea 3638static const struct mgmt_handler {
04124681
GP		 3639 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3640 u16 data_len);
be22b54e
JH		 3641 bool var_len;
3642 size_t data_len;
0f4e68cf
JH		 3643} mgmt_handlers[] = {
3644 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3645 { read_version, false, MGMT_READ_VERSION_SIZE },
3646 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3647 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3648 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3649 { set_powered, false, MGMT_SETTING_SIZE },
3650 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3651 { set_connectable, false, MGMT_SETTING_SIZE },
3652 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3653 { set_pairable, false, MGMT_SETTING_SIZE },
3654 { set_link_security, false, MGMT_SETTING_SIZE },
3655 { set_ssp, false, MGMT_SETTING_SIZE },
3656 { set_hs, false, MGMT_SETTING_SIZE },
3657 { set_le, false, MGMT_SETTING_SIZE },
3658 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3659 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3660 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3661 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3662 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3663 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3664 { disconnect, false, MGMT_DISCONNECT_SIZE },
3665 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3666 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3667 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3668 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3669 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3670 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3671 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3672 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3673 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3674 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3675 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3676 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3677 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3678 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3679 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3680 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3681 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3682 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3683 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3684 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3685 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3686 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3687 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3688};
3689
3690
0381101f
JH		 3691int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3692{
650f726d
VCG		 3693 void *buf;
3694 u8 *cp;
0381101f 3695 struct mgmt_hdr *hdr;
4e51eae9 3696 u16 opcode, index, len;
bdb6d971 3697 struct hci_dev *hdev = NULL;
2e3c35ea 3698 const struct mgmt_handler *handler;
0381101f
JH		 3699 int err;
3700
3701 BT_DBG("got %zu bytes", msglen);
3702
3703 if (msglen < sizeof(*hdr))
3704 return -EINVAL;
3705
e63a15ec 3706 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3707 if (!buf)
3708 return -ENOMEM;
3709
3710 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3711 err = -EFAULT;
3712 goto done;
3713 }
3714
650f726d 3715 hdr = buf;
1f350c87
MH		 3716 opcode = __le16_to_cpu(hdr->opcode);
3717 index = __le16_to_cpu(hdr->index);
3718 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3719
3720 if (len != msglen - sizeof(*hdr)) {
3721 err = -EINVAL;
3722 goto done;
3723 }
3724
0f4e68cf 3725 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3726 hdev = hci_dev_get(index);
3727 if (!hdev) {
3728 err = cmd_status(sk, index, opcode,
04124681 3729 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3730 goto done;
3731 }
0736cfa8
MH		 3732
3733 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3734 err = cmd_status(sk, index, opcode,
3735 MGMT_STATUS_INVALID_INDEX);
3736 goto done;
3737 }
bdb6d971
JH		 3738 }
3739
0f4e68cf 3740 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3741 mgmt_handlers[opcode].func == NULL) {
0381101f 3742 BT_DBG("Unknown op %u", opcode);
ca69b795 3743 err = cmd_status(sk, index, opcode,
04124681 3744 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3745 goto done;
3746 }
3747
3748 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3749 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3750 err = cmd_status(sk, index, opcode,
04124681 3751 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3752 goto done;
0381101f
JH		 3753 }
3754
be22b54e
JH		 3755 handler = &mgmt_handlers[opcode];
3756
3757 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3758 (!handler->var_len && len != handler->data_len)) {
be22b54e 3759 err = cmd_status(sk, index, opcode,
04124681 3760 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3761 goto done;
3762 }
3763
0f4e68cf
JH		 3764 if (hdev)
3765 mgmt_init_hdev(sk, hdev);
3766
3767 cp = buf + sizeof(*hdr);
3768
be22b54e 3769 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3770 if (err < 0)
3771 goto done;
3772
0381101f
JH		 3773 err = msglen;
3774
3775done:
bdb6d971
JH		 3776 if (hdev)
3777 hci_dev_put(hdev);
3778
0381101f
JH		 3779 kfree(buf);
3780 return err;
3781}
c71e97bf 3782
744cf19e 3783int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3784{
1514b892 3785 if (hdev->dev_type != HCI_BREDR)
bb4b2a9a
AE		 3786 return -ENOTSUPP;
3787
744cf19e 3788 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3789}
3790
744cf19e 3791int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3792{
5f159032 3793 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3794
1514b892 3795 if (hdev->dev_type != HCI_BREDR)
bb4b2a9a
AE		 3796 return -ENOTSUPP;
3797
744cf19e 3798 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3799
744cf19e 3800 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3801}
3802
890ea898 3803static void set_bredr_scan(struct hci_request *req)
7f0ae647 3804{
890ea898 3805 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3806 u8 scan = 0;
3807
4c01f8b8
JH		 3808 /* Ensure that fast connectable is disabled. This function will
3809 * not do anything if the page scan parameters are already what
3810 * they should be.
3811 */
3812 write_fast_connectable(req, false);
3813
7f0ae647
JH		 3814 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3815 scan |= SCAN_PAGE;
3816 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3817 scan |= SCAN_INQUIRY;
3818
890ea898
JH		 3819 if (scan)
3820 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3821}
3822
229ab39c
JH		 3823static void powered_complete(struct hci_dev *hdev, u8 status)
3824{
3825 struct cmd_lookup match = { NULL, hdev };
3826
3827 BT_DBG("status 0x%02x", status);
3828
3829 hci_dev_lock(hdev);
3830
3831 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3832
3833 new_settings(hdev, match.sk);
3834
3835 hci_dev_unlock(hdev);
3836
3837 if (match.sk)
3838 sock_put(match.sk);
3839}
3840
70da6243 3841static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3842{
890ea898 3843 struct hci_request req;
70da6243 3844 u8 link_sec;
5add6af8 3845
890ea898
JH		 3846 hci_req_init(&req, hdev);
3847
70da6243
JH		 3848 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3849 !lmp_host_ssp_capable(hdev)) {
3850 u8 ssp = 1;
5e5282bb 3851
890ea898 3852 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3853 }
5add6af8 3854
c73eee91
JH		 3855 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3856 lmp_bredr_capable(hdev)) {
70da6243 3857 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3858
70da6243
JH		 3859 cp.le = 1;
3860 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3861
70da6243
JH		 3862 /* Check first if we already have the right
3863 * host state (host features set)
3864 */
3865 if (cp.le != lmp_host_le_capable(hdev) ||
3866 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3867 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3868 sizeof(cp), &cp);
0663ca2a
JH		 3869
3870 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3871 hci_update_ad(&req);
70da6243 3872 }
3d1cbdd6 3873
d13eafce
MH		 3874 if (lmp_le_capable(hdev)) {
3875 /* Set random address to static address if configured */
3876 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3877 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3878 &hdev->static_addr);
eeca6f89 3879
bba3aa55
MH		 3880 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3881 enable_advertising(&req);
eeca6f89
JH		 3882 }
3883
70da6243
JH		 3884 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3885 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3886 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3887 sizeof(link_sec), &link_sec);
562fcc24 3888
70da6243 3889 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3890 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3891 set_bredr_scan(&req);
890ea898 3892 update_class(&req);
13928971 3893 update_name(&req);
890ea898 3894 update_eir(&req);
70da6243 3895 }
562fcc24 3896
229ab39c 3897 return hci_req_run(&req, powered_complete);
70da6243 3898}
562fcc24 3899
70da6243
JH		 3900int mgmt_powered(struct hci_dev *hdev, u8 powered)
3901{
3902 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3903 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3904 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3905 int err;
f0ff92fb 3906
70da6243
JH		 3907 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3908 return 0;
3909
70da6243 3910 if (powered) {
229ab39c
JH		 3911 if (powered_update_hci(hdev) == 0)
3912 return 0;
fe038884 3913
229ab39c
JH		 3914 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3915 &match);
3916 goto new_settings;
b24752fe
JH		 3917 }
3918
229ab39c
JH		 3919 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3920 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3921
3922 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3923 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3924 zero_cod, sizeof(zero_cod), NULL);
3925
3926new_settings:
beadb2bd 3927 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3928
3929 if (match.sk)
3930 sock_put(match.sk);
3931
7bb895d6 3932 return err;
5add6af8 3933}
73f22f62 3934
96570ffc
JH		 3935int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3936{
3937 struct pending_cmd *cmd;
3938 u8 status;
3939
3940 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3941 if (!cmd)
3942 return -ENOENT;
3943
3944 if (err == -ERFKILL)
3945 status = MGMT_STATUS_RFKILLED;
3946 else
3947 status = MGMT_STATUS_FAILED;
3948
3949 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3950
3951 mgmt_pending_remove(cmd);
3952
3953 return err;
3954}
3955
744cf19e 3956int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3957{
76a7f3a4 3958 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3959 bool changed = false;
3960 int err = 0;
73f22f62 3961
5e5282bb
JH		 3962 if (discoverable) {
3963 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3964 changed = true;
3965 } else {
3966 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3967 changed = true;
3968 }
73f22f62 3969
ed9b5f2f 3970 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3971 &match);
ed9b5f2f 3972
beadb2bd
JH		 3973 if (changed)
3974 err = new_settings(hdev, match.sk);
5e5282bb 3975
73f22f62
JH		 3976 if (match.sk)
3977 sock_put(match.sk);
3978
7bb895d6 3979 return err;
73f22f62 3980}
9fbcbb45 3981
744cf19e 3982int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3983{
2b76f453 3984 struct pending_cmd *cmd;
5e5282bb
JH		 3985 bool changed = false;
3986 int err = 0;
9fbcbb45 3987
5e5282bb
JH		 3988 if (connectable) {
3989 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3990 changed = true;
3991 } else {
3992 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3993 changed = true;
3994 }
9fbcbb45 3995
2b76f453 3996 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3997
beadb2bd 3998 if (changed)
2b76f453 3999 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 4000
7bb895d6 4001 return err;
9fbcbb45 4002}
55ed8ca1 4003
744cf19e 4004int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4005{
ca69b795
JH		 4006 u8 mgmt_err = mgmt_status(status);
4007
2d7cee58 4008 if (scan & SCAN_PAGE)
744cf19e 4009 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4010 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4011
4012 if (scan & SCAN_INQUIRY)
744cf19e 4013 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4014 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4015
4016 return 0;
4017}
4018
53168e5b
CC		 4019int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4020 bool persistent)
55ed8ca1 4021{
86742e1e 4022 struct mgmt_ev_new_link_key ev;
55ed8ca1 4023
a492cd52 4024 memset(&ev, 0, sizeof(ev));
55ed8ca1 4025
a492cd52 4026 ev.store_hint = persistent;
d753fdc4 4027 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4028 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4029 ev.key.type = key->type;
9b3b4460 4030 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4031 ev.key.pin_len = key->pin_len;
55ed8ca1 4032
744cf19e 4033 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4034}
f7520543 4035
346af67b
VCG		 4036int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4037{
4038 struct mgmt_ev_new_long_term_key ev;
4039
4040 memset(&ev, 0, sizeof(ev));
4041
4042 ev.store_hint = persistent;
4043 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4044 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4045 ev.key.authenticated = key->authenticated;
4046 ev.key.enc_size = key->enc_size;
4047 ev.key.ediv = key->ediv;
4048
4049 if (key->type == HCI_SMP_LTK)
4050 ev.key.master = 1;
4051
4052 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4053 memcpy(ev.key.val, key->val, sizeof(key->val));
4054
04124681
GP		 4055 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4056 NULL);
346af67b
VCG		 4057}
4058
afc747a6 4059int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4060 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4061 u8 *dev_class)
f7520543 4062{
b644ba33
JH		 4063 char buf[512];
4064 struct mgmt_ev_device_connected *ev = (void *) buf;
4065 u16 eir_len = 0;
f7520543 4066
b644ba33 4067 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4068 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4069
c95f0ba7 4070 ev->flags = __cpu_to_le32(flags);
08c79b61 4071
b644ba33
JH		 4072 if (name_len > 0)
4073 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4074 name, name_len);
b644ba33
JH		 4075
4076 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4077 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4078 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4079
eb55ef07 4080 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 4081
4082 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 4083 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4084}
4085
8962ee74
JH		 4086static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4087{
c68fb7ff 4088 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4089 struct sock **sk = data;
a38528f1 4090 struct mgmt_rp_disconnect rp;
8962ee74 4091
88c3df13
JH		 4092 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4093 rp.addr.type = cp->addr.type;
8962ee74 4094
aee9b218 4095 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4096 sizeof(rp));
8962ee74
JH		 4097
4098 *sk = cmd->sk;
4099 sock_hold(*sk);
4100
a664b5bc 4101 mgmt_pending_remove(cmd);
8962ee74
JH		 4102}
4103
124f6e35 4104static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4105{
b1078ad0 4106 struct hci_dev *hdev = data;
124f6e35
JH		 4107 struct mgmt_cp_unpair_device *cp = cmd->param;
4108 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4109
4110 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4111 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4112 rp.addr.type = cp->addr.type;
a8a1d19e 4113
b1078ad0
JH		 4114 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4115
aee9b218 4116 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4117
4118 mgmt_pending_remove(cmd);
4119}
4120
afc747a6 4121int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4122 u8 link_type, u8 addr_type, u8 reason)
f7520543 4123{
f0d6a0ea 4124 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4125 struct sock *sk = NULL;
4126 int err;
4127
744cf19e 4128 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4129
f0d6a0ea
MA		 4130 bacpy(&ev.addr.bdaddr, bdaddr);
4131 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4132 ev.reason = reason;
f7520543 4133
afc747a6 4134 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4135 sk);
8962ee74
JH		 4136
4137 if (sk)
d97dcb66 4138 sock_put(sk);
8962ee74 4139
124f6e35 4140 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4141 hdev);
a8a1d19e 4142
8962ee74
JH		 4143 return err;
4144}
4145
88c3df13 4146int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4147 u8 link_type, u8 addr_type, u8 status)
8962ee74 4148{
88c3df13 4149 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4150 struct pending_cmd *cmd;
4151 int err;
4152
36a75f1b
JD		 4153 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4154 hdev);
4155
2e58ef3e 4156 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4157 if (!cmd)
4158 return -ENOENT;
4159
88c3df13 4160 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4161 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4162
88c3df13 4163 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4164 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4165
a664b5bc 4166 mgmt_pending_remove(cmd);
8962ee74
JH		 4167
4168 return err;
f7520543 4169}
17d5c04c 4170
48264f06 4171int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4172 u8 addr_type, u8 status)
17d5c04c
JH		 4173{
4174 struct mgmt_ev_connect_failed ev;
4175
4c659c39 4176 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4177 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4178 ev.status = mgmt_status(status);
17d5c04c 4179
744cf19e 4180 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4181}
980e1a53 4182
744cf19e 4183int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4184{
4185 struct mgmt_ev_pin_code_request ev;
4186
d8457698 4187 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4188 ev.addr.type = BDADDR_BREDR;
a770bb5a 4189 ev.secure = secure;
980e1a53 4190
744cf19e 4191 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4192 NULL);
980e1a53
JH		 4193}
4194
744cf19e 4195int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4196 u8 status)
980e1a53
JH		 4197{
4198 struct pending_cmd *cmd;
ac56fb13 4199 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4200 int err;
4201
2e58ef3e 4202 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4203 if (!cmd)
4204 return -ENOENT;
4205
d8457698 4206 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4207 rp.addr.type = BDADDR_BREDR;
ac56fb13 4208
aee9b218 4209 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4210 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4211
a664b5bc 4212 mgmt_pending_remove(cmd);
980e1a53
JH		 4213
4214 return err;
4215}
4216
744cf19e 4217int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4218 u8 status)
980e1a53
JH		 4219{
4220 struct pending_cmd *cmd;
ac56fb13 4221 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4222 int err;
4223
2e58ef3e 4224 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4225 if (!cmd)
4226 return -ENOENT;
4227
d8457698 4228 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4229 rp.addr.type = BDADDR_BREDR;
ac56fb13 4230
aee9b218 4231 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4232 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4233
a664b5bc 4234 mgmt_pending_remove(cmd);
980e1a53
JH		 4235
4236 return err;
4237}
a5c29683 4238
744cf19e 4239int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4240 u8 link_type, u8 addr_type, __le32 value,
4241 u8 confirm_hint)
a5c29683
JH		 4242{
4243 struct mgmt_ev_user_confirm_request ev;
4244
744cf19e 4245 BT_DBG("%s", hdev->name);
a5c29683 4246
272d90df 4247 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4248 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4249 ev.confirm_hint = confirm_hint;
78e8098e 4250 ev.value = value;
a5c29683 4251
744cf19e 4252 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4253 NULL);
a5c29683
JH		 4254}
4255
272d90df 4256int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4257 u8 link_type, u8 addr_type)
604086b7
BG		 4258{
4259 struct mgmt_ev_user_passkey_request ev;
4260
4261 BT_DBG("%s", hdev->name);
4262
272d90df 4263 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4264 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4265
4266 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4267 NULL);
604086b7
BG		 4268}
4269
0df4c185 4270static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4271 u8 link_type, u8 addr_type, u8 status,
4272 u8 opcode)
a5c29683
JH		 4273{
4274 struct pending_cmd *cmd;
4275 struct mgmt_rp_user_confirm_reply rp;
4276 int err;
4277
2e58ef3e 4278 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4279 if (!cmd)
4280 return -ENOENT;
4281
272d90df 4282 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4283 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4284 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4285 &rp, sizeof(rp));
a5c29683 4286
a664b5bc 4287 mgmt_pending_remove(cmd);
a5c29683
JH		 4288
4289 return err;
4290}
4291
744cf19e 4292int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4293 u8 link_type, u8 addr_type, u8 status)
a5c29683 4294{
272d90df 4295 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4296 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4297}
4298
272d90df 4299int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4300 u8 link_type, u8 addr_type, u8 status)
a5c29683 4301{
272d90df 4302 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4303 status,
4304 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4305}
2a611692 4306
604086b7 4307int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4308 u8 link_type, u8 addr_type, u8 status)
604086b7 4309{
272d90df 4310 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4311 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4312}
4313
272d90df 4314int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4315 u8 link_type, u8 addr_type, u8 status)
604086b7 4316{
272d90df 4317 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4318 status,
4319 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4320}
4321
92a25256
JH		 4322int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4323 u8 link_type, u8 addr_type, u32 passkey,
4324 u8 entered)
4325{
4326 struct mgmt_ev_passkey_notify ev;
4327
4328 BT_DBG("%s", hdev->name);
4329
4330 bacpy(&ev.addr.bdaddr, bdaddr);
4331 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4332 ev.passkey = __cpu_to_le32(passkey);
4333 ev.entered = entered;
4334
4335 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4336}
4337
bab73cb6 4338int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4339 u8 addr_type, u8 status)
2a611692
JH		 4340{
4341 struct mgmt_ev_auth_failed ev;
4342
bab73cb6 4343 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4345 ev.status = mgmt_status(status);
2a611692 4346
744cf19e 4347 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4348}
b312b161 4349
33ef95ed
JH		 4350int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4351{
4352 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4353 bool changed = false;
4354 int err = 0;
33ef95ed
JH		 4355
4356 if (status) {
4357 u8 mgmt_err = mgmt_status(status);
4358 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4359 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4360 return 0;
4361 }
4362
47990ea0
JH		 4363 if (test_bit(HCI_AUTH, &hdev->flags)) {
4364 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4365 changed = true;
4366 } else {
4367 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4368 changed = true;
4369 }
4370
33ef95ed 4371 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4372 &match);
33ef95ed 4373
47990ea0
JH		 4374 if (changed)
4375 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4376
4377 if (match.sk)
4378 sock_put(match.sk);
4379
4380 return err;
4381}
4382
890ea898 4383static void clear_eir(struct hci_request *req)
cacaf52f 4384{
890ea898 4385 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4386 struct hci_cp_write_eir cp;
4387
976eb20e 4388 if (!lmp_ext_inq_capable(hdev))
890ea898 4389 return;
cacaf52f 4390
c80da27e
JH		 4391 memset(hdev->eir, 0, sizeof(hdev->eir));
4392
cacaf52f
JH		 4393 memset(&cp, 0, sizeof(cp));
4394
890ea898 4395 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4396}
4397
c0ecddc2 4398int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4399{
4400 struct cmd_lookup match = { NULL, hdev };
890ea898 4401 struct hci_request req;
c0ecddc2
JH		 4402 bool changed = false;
4403 int err = 0;
ed2c4ee3
JH		 4404
4405 if (status) {
4406 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4407
4408 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4409 &hdev->dev_flags))
c0ecddc2
JH		 4410 err = new_settings(hdev, NULL);
4411
04124681
GP		 4412 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4413 &mgmt_err);
c0ecddc2
JH		 4414
4415 return err;
4416 }
4417
4418 if (enable) {
4419 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4420 changed = true;
4421 } else {
4422 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4423 changed = true;
ed2c4ee3
JH		 4424 }
4425
4426 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4427
c0ecddc2
JH		 4428 if (changed)
4429 err = new_settings(hdev, match.sk);
ed2c4ee3 4430
5fc6ebb1 4431 if (match.sk)
ed2c4ee3
JH		 4432 sock_put(match.sk);
4433
890ea898
JH		 4434 hci_req_init(&req, hdev);
4435
5fc6ebb1 4436 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4437 update_eir(&req);
5fc6ebb1 4438 else
890ea898
JH		 4439 clear_eir(&req);
4440
4441 hci_req_run(&req, NULL);
cacaf52f 4442
ed2c4ee3
JH		 4443 return err;
4444}
4445
92da6097 4446static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4447{
4448 struct cmd_lookup *match = data;
4449
90e70454
JH		 4450 if (match->sk == NULL) {
4451 match->sk = cmd->sk;
4452 sock_hold(match->sk);
4453 }
90e70454
JH		 4454}
4455
7f9a903c 4456int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4457 u8 status)
7f9a903c 4458{
90e70454
JH		 4459 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4460 int err = 0;
7f9a903c 4461
92da6097
JH		 4462 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4463 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4464 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4465
4466 if (!status)
04124681
GP		 4467 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4468 3, NULL);
90e70454
JH		 4469
4470 if (match.sk)
4471 sock_put(match.sk);
7f9a903c
MH		 4472
4473 return err;
4474}
4475
744cf19e 4476int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4477{
b312b161 4478 struct mgmt_cp_set_local_name ev;
13928971 4479 struct pending_cmd *cmd;
28cc7bde 4480
13928971
JH		 4481 if (status)
4482 return 0;
b312b161
JH		 4483
4484 memset(&ev, 0, sizeof(ev));
4485 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4486 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4487
2e58ef3e 4488 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4489 if (!cmd) {
4490 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4491
13928971
JH		 4492 /* If this is a HCI command related to powering on the
4493 * HCI dev don't send any mgmt signals.
4494 */
4495 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4496 return 0;
890ea898 4497 }
b312b161 4498
13928971
JH		 4499 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4500 cmd ? cmd->sk : NULL);
b312b161 4501}
c35938b2 4502
744cf19e 4503int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4504 u8 *randomizer, u8 status)
c35938b2
SJ		 4505{
4506 struct pending_cmd *cmd;
4507 int err;
4508
744cf19e 4509 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4510
2e58ef3e 4511 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4512 if (!cmd)
4513 return -ENOENT;
4514
4515 if (status) {
04124681
GP		 4516 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4517 mgmt_status(status));
c35938b2
SJ		 4518 } else {
4519 struct mgmt_rp_read_local_oob_data rp;
4520
4521 memcpy(rp.hash, hash, sizeof(rp.hash));
4522 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4523
744cf19e 4524 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4525 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4526 sizeof(rp));
c35938b2
SJ		 4527 }
4528
4529 mgmt_pending_remove(cmd);
4530
4531 return err;
4532}
e17acd40 4533
48264f06 4534int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4535 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4536 ssp, u8 *eir, u16 eir_len)
e17acd40 4537{
e319d2e7
JH		 4538 char buf[512];
4539 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4540 size_t ev_size;
e17acd40 4541
12602d0c
AG		 4542 if (!hci_discovery_active(hdev))
4543 return -EPERM;
4544
1dc06093
JH		 4545 /* Leave 5 bytes for a potential CoD field */
4546 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4547 return -EINVAL;
4548
1dc06093
JH		 4549 memset(buf, 0, sizeof(buf));
4550
e319d2e7 4551 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4552 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4553 ev->rssi = rssi;
9a395a80 4554 if (cfm_name)
612dfce9 4555 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4556 if (!ssp)
612dfce9 4557 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4558
1dc06093 4559 if (eir_len > 0)
e319d2e7 4560 memcpy(ev->eir, eir, eir_len);
e17acd40 4561
1dc06093
JH		 4562 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4563 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4564 dev_class, 3);
1dc06093 4565
eb55ef07 4566 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4567 ev_size = sizeof(*ev) + eir_len;
f8523598 4568
e319d2e7 4569 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4570}
a88a9652 4571
b644ba33 4572int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4573 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4574{
b644ba33
JH		 4575 struct mgmt_ev_device_found *ev;
4576 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4577 u16 eir_len;
a88a9652 4578
b644ba33 4579 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4580
b644ba33
JH		 4581 memset(buf, 0, sizeof(buf));
4582
4583 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4584 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4585 ev->rssi = rssi;
4586
4587 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4588 name_len);
b644ba33 4589
eb55ef07 4590 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4591
053c7e0c 4592 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4593 sizeof(*ev) + eir_len, NULL);
a88a9652 4594}
314b2381 4595
744cf19e 4596int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4597{
f963e8e9 4598 struct mgmt_ev_discovering ev;
164a6e78
JH		 4599 struct pending_cmd *cmd;
4600
343fb145
AG		 4601 BT_DBG("%s discovering %u", hdev->name, discovering);
4602
164a6e78 4603 if (discovering)
2e58ef3e 4604 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4605 else
2e58ef3e 4606 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4607
4608 if (cmd != NULL) {
f808e166
JH		 4609 u8 type = hdev->discovery.type;
4610
04124681
GP		 4611 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4612 sizeof(type));
164a6e78
JH		 4613 mgmt_pending_remove(cmd);
4614 }
4615
f963e8e9
JH		 4616 memset(&ev, 0, sizeof(ev));
4617 ev.type = hdev->discovery.type;
4618 ev.discovering = discovering;
4619
4620 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4621}
5e762444 4622
88c1fe4b 4623int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4624{
4625 struct pending_cmd *cmd;
4626 struct mgmt_ev_device_blocked ev;
4627
2e58ef3e 4628 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4629
88c1fe4b
JH		 4630 bacpy(&ev.addr.bdaddr, bdaddr);
4631 ev.addr.type = type;
5e762444 4632
744cf19e 4633 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4634 cmd ? cmd->sk : NULL);
5e762444
AJ		 4635}
4636
88c1fe4b 4637int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4638{
4639 struct pending_cmd *cmd;
4640 struct mgmt_ev_device_unblocked ev;
4641
2e58ef3e 4642 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4643
88c1fe4b
JH		 4644 bacpy(&ev.addr.bdaddr, bdaddr);
4645 ev.addr.type = type;
5e762444 4646
744cf19e 4647 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4648 cmd ? cmd->sk : NULL);
5e762444 4649}
5976e608
MH		 4650
4651static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4652{
4653 BT_DBG("%s status %u", hdev->name, status);
4654
4655 /* Clear the advertising mgmt setting if we failed to re-enable it */
4656 if (status) {
4657 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4658 new_settings(hdev, NULL);
5976e608
MH		 4659 }
4660}
4661
4662void mgmt_reenable_advertising(struct hci_dev *hdev)
4663{
4664 struct hci_request req;
4665
4666 if (hdev->conn_hash.le_num)
4667 return;
4668
4669 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4670 return;
4671
4672 hci_req_init(&req, hdev);
4673 enable_advertising(&req);
4674
4675 /* If this fails we have no option but to let user space know
4676 * that we've disabled advertising.
4677 */
4678 if (hci_req_run(&req, adv_enable_complete) < 0) {
4679 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4680 new_settings(hdev, NULL);
5976e608
MH		 4681 }
4682}
Linux kernel - Deliverables
This page took 0.832255 seconds and 5 git commands to generate.