projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Wait for HCI command completion with mgmt_set_powered
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
ef580372
JH		 546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
ef580372
JH		 549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
ef580372
JH		 566 ptr += (name_len + 2);
567 }
568
bbaf444a 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
91c4e9b1
MH		 574 ptr += 3;
575 }
576
2b9be137
MH		 577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
2b9be137
MH		 586 ptr += 10;
587 }
588
213202ed 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 592}
593
890ea898 594static void update_eir(struct hci_request *req)
ef580372 595{
890ea898 596 struct hci_dev *hdev = req->hdev;
ef580372
JH		 597 struct hci_cp_write_eir cp;
598
504c8dcd 599 if (!hdev_is_powered(hdev))
890ea898 600 return;
7770c4aa 601
976eb20e 602 if (!lmp_ext_inq_capable(hdev))
890ea898 603 return;
ef580372 604
84bde9d6 605 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 606 return;
ef580372 607
a8b2d5c2 608 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 609 return;
ef580372
JH		 610
611 memset(&cp, 0, sizeof(cp));
612
613 create_eir(hdev, cp.data);
614
615 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 616 return;
ef580372
JH		 617
618 memcpy(hdev->eir, cp.data, sizeof(cp.data));
619
890ea898 620 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 621}
622
623static u8 get_service_classes(struct hci_dev *hdev)
624{
625 struct bt_uuid *uuid;
626 u8 val = 0;
627
628 list_for_each_entry(uuid, &hdev->uuids, list)
629 val |= uuid->svc_hint;
630
631 return val;
632}
633
890ea898 634static void update_class(struct hci_request *req)
ef580372 635{
890ea898 636 struct hci_dev *hdev = req->hdev;
ef580372
JH		 637 u8 cod[3];
638
639 BT_DBG("%s", hdev->name);
640
504c8dcd 641 if (!hdev_is_powered(hdev))
890ea898 642 return;
7770c4aa 643
a8b2d5c2 644 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 645 return;
ef580372
JH		 646
647 cod[0] = hdev->minor_class;
648 cod[1] = hdev->major_class;
649 cod[2] = get_service_classes(hdev);
650
651 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 652 return;
ef580372 653
890ea898 654 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
c95f0ba7 655
890ea898 656 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
ef580372
JH		 657}
658
7d78525d
JH		 659static void service_cache_off(struct work_struct *work)
660{
661 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 662 service_cache.work);
890ea898 663 struct hci_request req;
7d78525d 664
a8b2d5c2 665 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 666 return;
667
890ea898
JH		 668 hci_req_init(&req, hdev);
669
7d78525d
JH		 670 hci_dev_lock(hdev);
671
890ea898
JH		 672 update_eir(&req);
673 update_class(&req);
7d78525d
JH		 674
675 hci_dev_unlock(hdev);
890ea898
JH		 676
677 hci_req_run(&req, NULL);
7d78525d
JH		 678}
679
6a919082 680static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 681{
4f87da80 682 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 683 return;
684
4f87da80 685 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 686
4f87da80
JH		 687 /* Non-mgmt controlled devices get this bit set
688 * implicitly so that pairing works for them, however
689 * for mgmt we require user-space to explicitly enable
690 * it
691 */
692 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 693}
694
0f4e68cf 695static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 696 void *data, u16 data_len)
0381101f 697{
a38528f1 698 struct mgmt_rp_read_info rp;
f7b64e69 699
bdb6d971 700 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 701
09fd0de5 702 hci_dev_lock(hdev);
f7b64e69 703
dc4fe30b
JH		 704 memset(&rp, 0, sizeof(rp));
705
69ab39ea 706 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 707
69ab39ea 708 rp.version = hdev->hci_ver;
eb55ef07 709 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 710
711 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
712 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 713
a38528f1 714 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 715
dc4fe30b 716 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 717 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 718
09fd0de5 719 hci_dev_unlock(hdev);
0381101f 720
bdb6d971 721 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 722 sizeof(rp));
0381101f
JH		 723}
724
eec8d2bc
JH		 725static void mgmt_pending_free(struct pending_cmd *cmd)
726{
727 sock_put(cmd->sk);
c68fb7ff 728 kfree(cmd->param);
eec8d2bc
JH		 729 kfree(cmd);
730}
731
366a0336 732static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 733 struct hci_dev *hdev, void *data,
734 u16 len)
eec8d2bc
JH		 735{
736 struct pending_cmd *cmd;
737
12b94565 738 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 739 if (!cmd)
366a0336 740 return NULL;
eec8d2bc
JH		 741
742 cmd->opcode = opcode;
2e58ef3e 743 cmd->index = hdev->id;
eec8d2bc 744
12b94565 745 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 746 if (!cmd->param) {
eec8d2bc 747 kfree(cmd);
366a0336 748 return NULL;
eec8d2bc
JH		 749 }
750
8fce6357
SJ		 751 if (data)
752 memcpy(cmd->param, data, len);
eec8d2bc
JH		 753
754 cmd->sk = sk;
755 sock_hold(sk);
756
2e58ef3e 757 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 758
366a0336 759 return cmd;
eec8d2bc
JH		 760}
761
744cf19e 762static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 763 void (*cb)(struct pending_cmd *cmd,
764 void *data),
04124681 765 void *data)
eec8d2bc 766{
a3d09356 767 struct pending_cmd *cmd, *tmp;
eec8d2bc 768
a3d09356 769 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 770 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 771 continue;
772
eec8d2bc
JH		 773 cb(cmd, data);
774 }
775}
776
2e58ef3e 777static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 778{
8035ded4 779 struct pending_cmd *cmd;
eec8d2bc 780
2e58ef3e 781 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 782 if (cmd->opcode == opcode)
783 return cmd;
eec8d2bc
JH		 784 }
785
786 return NULL;
787}
788
a664b5bc 789static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 790{
73f22f62
JH		 791 list_del(&cmd->list);
792 mgmt_pending_free(cmd);
793}
794
69ab39ea 795static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 796{
69ab39ea 797 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 798
aee9b218 799 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 800 sizeof(settings));
8680570b
JH		 801}
802
bdb6d971 803static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 804 u16 len)
eec8d2bc 805{
650f726d 806 struct mgmt_mode *cp = data;
366a0336 807 struct pending_cmd *cmd;
4b34ee78 808 int err;
eec8d2bc 809
bdb6d971 810 BT_DBG("request for %s", hdev->name);
eec8d2bc 811
a7e80f25
JH		 812 if (cp->val != 0x00 && cp->val != 0x01)
813 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
814 MGMT_STATUS_INVALID_PARAMS);
815
09fd0de5 816 hci_dev_lock(hdev);
eec8d2bc 817
f0d4b78a
MH		 818 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
819 cancel_delayed_work(&hdev->power_off);
820
821 if (cp->val) {
a1d70450
JH		 822 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
823 data, len);
824 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 825 goto failed;
826 }
827 }
828
4b34ee78 829 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 830 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 831 goto failed;
832 }
833
2e58ef3e 834 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 835 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 836 MGMT_STATUS_BUSY);
eec8d2bc
JH		 837 goto failed;
838 }
839
2e58ef3e 840 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 841 if (!cmd) {
842 err = -ENOMEM;
eec8d2bc 843 goto failed;
366a0336 844 }
eec8d2bc 845
72a734ec 846 if (cp->val)
19202573 847 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 848 else
19202573 849 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 850
366a0336 851 err = 0;
eec8d2bc
JH		 852
853failed:
09fd0de5 854 hci_dev_unlock(hdev);
366a0336 855 return err;
eec8d2bc
JH		 856}
857
04124681
GP		 858static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
859 struct sock *skip_sk)
beadb2bd
JH		 860{
861 struct sk_buff *skb;
862 struct mgmt_hdr *hdr;
863
790eff44 864 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 865 if (!skb)
866 return -ENOMEM;
867
868 hdr = (void *) skb_put(skb, sizeof(*hdr));
869 hdr->opcode = cpu_to_le16(event);
870 if (hdev)
871 hdr->index = cpu_to_le16(hdev->id);
872 else
612dfce9 873 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 874 hdr->len = cpu_to_le16(data_len);
875
876 if (data)
877 memcpy(skb_put(skb, data_len), data, data_len);
878
97e0bdeb
MH		 879 /* Time stamp */
880 __net_timestamp(skb);
881
beadb2bd
JH		 882 hci_send_to_control(skb, skip_sk);
883 kfree_skb(skb);
884
885 return 0;
886}
887
888static int new_settings(struct hci_dev *hdev, struct sock *skip)
889{
890 __le32 ev;
891
892 ev = cpu_to_le32(get_current_settings(hdev));
893
894 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
895}
896
bdb6d971 897static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 898 u16 len)
73f22f62 899{
650f726d 900 struct mgmt_cp_set_discoverable *cp = data;
366a0336 901 struct pending_cmd *cmd;
5e5282bb 902 u16 timeout;
73f22f62
JH		 903 u8 scan;
904 int err;
905
bdb6d971 906 BT_DBG("request for %s", hdev->name);
73f22f62 907
33c525c0
JH		 908 if (!lmp_bredr_capable(hdev))
909 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
910 MGMT_STATUS_NOT_SUPPORTED);
911
a7e80f25
JH		 912 if (cp->val != 0x00 && cp->val != 0x01)
913 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
914 MGMT_STATUS_INVALID_PARAMS);
915
1f350c87 916 timeout = __le16_to_cpu(cp->timeout);
24c54a90 917 if (!cp->val && timeout > 0)
bdb6d971 918 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 919 MGMT_STATUS_INVALID_PARAMS);
73f22f62 920
09fd0de5 921 hci_dev_lock(hdev);
73f22f62 922
5e5282bb 923 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 924 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 925 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 926 goto failed;
927 }
928
2e58ef3e 929 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 930 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 931 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 932 MGMT_STATUS_BUSY);
73f22f62
JH		 933 goto failed;
934 }
935
5e5282bb 936 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 937 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 938 MGMT_STATUS_REJECTED);
5e5282bb
JH		 939 goto failed;
940 }
941
942 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 943 bool changed = false;
944
945 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
946 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
947 changed = true;
948 }
949
5e5282bb 950 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 951 if (err < 0)
952 goto failed;
953
954 if (changed)
955 err = new_settings(hdev, sk);
956
5e5282bb
JH		 957 goto failed;
958 }
959
960 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 961 if (hdev->discov_timeout > 0) {
962 cancel_delayed_work(&hdev->discov_off);
963 hdev->discov_timeout = 0;
964 }
965
966 if (cp->val && timeout > 0) {
967 hdev->discov_timeout = timeout;
968 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
969 msecs_to_jiffies(hdev->discov_timeout * 1000));
970 }
971
69ab39ea 972 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 973 goto failed;
974 }
975
2e58ef3e 976 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 977 if (!cmd) {
978 err = -ENOMEM;
73f22f62 979 goto failed;
366a0336 980 }
73f22f62
JH		 981
982 scan = SCAN_PAGE;
983
72a734ec 984 if (cp->val)
73f22f62 985 scan |= SCAN_INQUIRY;
16ab91ab 986 else
e0f9309f 987 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 988
989 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
990 if (err < 0)
a664b5bc 991 mgmt_pending_remove(cmd);
73f22f62 992
16ab91ab 993 if (cp->val)
5e5282bb 994 hdev->discov_timeout = timeout;
16ab91ab 995
73f22f62 996failed:
09fd0de5 997 hci_dev_unlock(hdev);
73f22f62
JH		 998 return err;
999}
1000
bdb6d971 1001static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1002 u16 len)
9fbcbb45 1003{
650f726d 1004 struct mgmt_mode *cp = data;
366a0336 1005 struct pending_cmd *cmd;
9fbcbb45
JH		 1006 u8 scan;
1007 int err;
1008
bdb6d971 1009 BT_DBG("request for %s", hdev->name);
9fbcbb45 1010
33c525c0
JH		 1011 if (!lmp_bredr_capable(hdev))
1012 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1013 MGMT_STATUS_NOT_SUPPORTED);
1014
a7e80f25
JH		 1015 if (cp->val != 0x00 && cp->val != 0x01)
1016 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1017 MGMT_STATUS_INVALID_PARAMS);
1018
09fd0de5 1019 hci_dev_lock(hdev);
9fbcbb45 1020
4b34ee78 1021 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1022 bool changed = false;
1023
1024 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1025 changed = true;
1026
6bf0e469 1027 if (cp->val) {
5e5282bb 1028 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1029 } else {
5e5282bb
JH		 1030 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1031 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1032 }
0224d2fa 1033
5e5282bb 1034 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1035 if (err < 0)
1036 goto failed;
1037
1038 if (changed)
1039 err = new_settings(hdev, sk);
1040
9fbcbb45
JH		 1041 goto failed;
1042 }
1043
2e58ef3e 1044 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1045 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1046 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1047 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1048 goto failed;
1049 }
1050
5e5282bb 1051 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1052 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1053 goto failed;
1054 }
1055
2e58ef3e 1056 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1057 if (!cmd) {
1058 err = -ENOMEM;
9fbcbb45 1059 goto failed;
366a0336 1060 }
9fbcbb45 1061
6bf0e469 1062 if (cp->val) {
9fbcbb45 1063 scan = SCAN_PAGE;
6bf0e469 1064 } else {
9fbcbb45
JH		 1065 scan = 0;
1066
df2c6c5e 1067 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1068 hdev->discov_timeout > 0)
df2c6c5e
JH		 1069 cancel_delayed_work(&hdev->discov_off);
1070 }
1071
9fbcbb45
JH		 1072 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1073 if (err < 0)
a664b5bc 1074 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1075
1076failed:
09fd0de5 1077 hci_dev_unlock(hdev);
9fbcbb45
JH		 1078 return err;
1079}
1080
bdb6d971 1081static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1082 u16 len)
c542a06c 1083{
650f726d 1084 struct mgmt_mode *cp = data;
c542a06c
JH		 1085 int err;
1086
bdb6d971 1087 BT_DBG("request for %s", hdev->name);
c542a06c 1088
a7e80f25
JH		 1089 if (cp->val != 0x00 && cp->val != 0x01)
1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1091 MGMT_STATUS_INVALID_PARAMS);
1092
09fd0de5 1093 hci_dev_lock(hdev);
c542a06c
JH		 1094
1095 if (cp->val)
a8b2d5c2 1096 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1097 else
a8b2d5c2 1098 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1099
69ab39ea 1100 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1101 if (err < 0)
1102 goto failed;
1103
beadb2bd 1104 err = new_settings(hdev, sk);
c542a06c
JH		 1105
1106failed:
09fd0de5 1107 hci_dev_unlock(hdev);
c542a06c
JH		 1108 return err;
1109}
1110
04124681
GP		 1111static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1112 u16 len)
33ef95ed
JH		 1113{
1114 struct mgmt_mode *cp = data;
1115 struct pending_cmd *cmd;
816a11d5 1116 u8 val;
33ef95ed
JH		 1117 int err;
1118
bdb6d971 1119 BT_DBG("request for %s", hdev->name);
33ef95ed 1120
33c525c0
JH		 1121 if (!lmp_bredr_capable(hdev))
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1123 MGMT_STATUS_NOT_SUPPORTED);
1124
a7e80f25
JH		 1125 if (cp->val != 0x00 && cp->val != 0x01)
1126 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1127 MGMT_STATUS_INVALID_PARAMS);
1128
33ef95ed
JH		 1129 hci_dev_lock(hdev);
1130
4b34ee78 1131 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1132 bool changed = false;
1133
1134 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1135 &hdev->dev_flags)) {
47990ea0
JH		 1136 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1137 changed = true;
1138 }
1139
1140 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1141 if (err < 0)
1142 goto failed;
1143
1144 if (changed)
1145 err = new_settings(hdev, sk);
1146
33ef95ed
JH		 1147 goto failed;
1148 }
1149
1150 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1151 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1152 MGMT_STATUS_BUSY);
33ef95ed
JH		 1153 goto failed;
1154 }
1155
1156 val = !!cp->val;
1157
1158 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1159 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1160 goto failed;
1161 }
1162
1163 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1164 if (!cmd) {
1165 err = -ENOMEM;
1166 goto failed;
1167 }
1168
1169 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1170 if (err < 0) {
1171 mgmt_pending_remove(cmd);
1172 goto failed;
1173 }
1174
1175failed:
1176 hci_dev_unlock(hdev);
33ef95ed
JH		 1177 return err;
1178}
1179
bdb6d971 1180static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1181{
1182 struct mgmt_mode *cp = data;
1183 struct pending_cmd *cmd;
816a11d5 1184 u8 val;
ed2c4ee3
JH		 1185 int err;
1186
bdb6d971 1187 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1188
13ecd8b6
JH		 1189 if (!lmp_ssp_capable(hdev))
1190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1191 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1192
a7e80f25
JH		 1193 if (cp->val != 0x00 && cp->val != 0x01)
1194 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1195 MGMT_STATUS_INVALID_PARAMS);
1196
13ecd8b6 1197 hci_dev_lock(hdev);
6c8f12c1 1198
c0ecddc2
JH		 1199 val = !!cp->val;
1200
4b34ee78 1201 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1202 bool changed = false;
1203
1204 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1205 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1206 changed = true;
1207 }
1208
1209 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1210 if (err < 0)
1211 goto failed;
1212
1213 if (changed)
1214 err = new_settings(hdev, sk);
1215
ed2c4ee3
JH		 1216 goto failed;
1217 }
1218
1219 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1220 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1221 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1222 goto failed;
1223 }
1224
ed2c4ee3
JH		 1225 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1226 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1227 goto failed;
1228 }
1229
1230 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1231 if (!cmd) {
1232 err = -ENOMEM;
1233 goto failed;
1234 }
1235
1236 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1237 if (err < 0) {
1238 mgmt_pending_remove(cmd);
1239 goto failed;
1240 }
1241
1242failed:
1243 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1244 return err;
1245}
1246
bdb6d971 1247static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1248{
1249 struct mgmt_mode *cp = data;
6d80dfd0 1250
bdb6d971 1251 BT_DBG("request for %s", hdev->name);
6d80dfd0 1252
bdb6d971
JH		 1253 if (!enable_hs)
1254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1255 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1256
a7e80f25
JH		 1257 if (cp->val != 0x00 && cp->val != 0x01)
1258 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1259 MGMT_STATUS_INVALID_PARAMS);
1260
6d80dfd0
JH		 1261 if (cp->val)
1262 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1263 else
1264 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1265
bdb6d971 1266 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1267}
1268
bdb6d971 1269static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1270{
1271 struct mgmt_mode *cp = data;
1272 struct hci_cp_write_le_host_supported hci_cp;
1273 struct pending_cmd *cmd;
06199cf8 1274 int err;
0b60eba1 1275 u8 val, enabled;
06199cf8 1276
bdb6d971 1277 BT_DBG("request for %s", hdev->name);
06199cf8 1278
13ecd8b6
JH		 1279 if (!lmp_le_capable(hdev))
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1281 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1282
a7e80f25
JH		 1283 if (cp->val != 0x00 && cp->val != 0x01)
1284 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1285 MGMT_STATUS_INVALID_PARAMS);
1286
13ecd8b6 1287 hci_dev_lock(hdev);
06199cf8
JH		 1288
1289 val = !!cp->val;
ffa88e02 1290 enabled = lmp_host_le_capable(hdev);
06199cf8 1291
0b60eba1 1292 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1293 bool changed = false;
1294
1295 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1296 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1297 changed = true;
1298 }
1299
1300 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1301 if (err < 0)
1de028ce 1302 goto unlock;
06199cf8
JH		 1303
1304 if (changed)
1305 err = new_settings(hdev, sk);
1306
1de028ce 1307 goto unlock;
06199cf8
JH		 1308 }
1309
1310 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1311 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1312 MGMT_STATUS_BUSY);
1de028ce 1313 goto unlock;
06199cf8
JH		 1314 }
1315
1316 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1317 if (!cmd) {
1318 err = -ENOMEM;
1de028ce 1319 goto unlock;
06199cf8
JH		 1320 }
1321
1322 memset(&hci_cp, 0, sizeof(hci_cp));
1323
1324 if (val) {
1325 hci_cp.le = val;
ffa88e02 1326 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1327 }
1328
04124681
GP		 1329 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1330 &hci_cp);
0c01bc48 1331 if (err < 0)
06199cf8 1332 mgmt_pending_remove(cmd);
06199cf8 1333
1de028ce
JH		 1334unlock:
1335 hci_dev_unlock(hdev);
06199cf8
JH		 1336 return err;
1337}
1338
83be8eca
JH		 1339static const u8 bluetooth_base_uuid[] = {
1340 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1341 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1342};
1343
1344static u8 get_uuid_size(const u8 *uuid)
1345{
1346 u32 val;
1347
1348 if (memcmp(uuid, bluetooth_base_uuid, 12))
1349 return 128;
1350
1351 val = get_unaligned_le32(&uuid[12]);
1352 if (val > 0xffff)
1353 return 32;
1354
1355 return 16;
1356}
1357
bdb6d971 1358static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1359{
650f726d 1360 struct mgmt_cp_add_uuid *cp = data;
90e70454 1361 struct pending_cmd *cmd;
890ea898 1362 struct hci_request req;
2aeb9a1a 1363 struct bt_uuid *uuid;
2aeb9a1a
JH		 1364 int err;
1365
bdb6d971 1366 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1367
09fd0de5 1368 hci_dev_lock(hdev);
2aeb9a1a 1369
c95f0ba7 1370 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1371 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1372 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1373 goto failed;
1374 }
1375
92c4c204 1376 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1377 if (!uuid) {
1378 err = -ENOMEM;
1379 goto failed;
1380 }
1381
1382 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1383 uuid->svc_hint = cp->svc_hint;
83be8eca 1384 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1385
de66aa63 1386 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1387
890ea898 1388 hci_req_init(&req, hdev);
1aff6f09 1389
890ea898
JH		 1390 update_class(&req);
1391 update_eir(&req);
1392
1393 hci_req_run(&req, NULL);
80a1e1db 1394
90e70454 1395 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1396 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1397 hdev->dev_class, 3);
90e70454
JH		 1398 goto failed;
1399 }
1400
1401 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1402 if (!cmd) {
90e70454 1403 err = -ENOMEM;
890ea898
JH		 1404 goto failed;
1405 }
1406
1407 err = 0;
2aeb9a1a
JH		 1408
1409failed:
09fd0de5 1410 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1411 return err;
1412}
1413
24b78d0f
JH		 1414static bool enable_service_cache(struct hci_dev *hdev)
1415{
1416 if (!hdev_is_powered(hdev))
1417 return false;
1418
1419 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1420 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1421 CACHE_TIMEOUT);
24b78d0f
JH		 1422 return true;
1423 }
1424
1425 return false;
1426}
1427
bdb6d971 1428static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1429 u16 len)
2aeb9a1a 1430{
650f726d 1431 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1432 struct pending_cmd *cmd;
056341c8 1433 struct bt_uuid *match, *tmp;
2aeb9a1a 1434 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1435 struct hci_request req;
2aeb9a1a
JH		 1436 int err, found;
1437
bdb6d971 1438 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1439
09fd0de5 1440 hci_dev_lock(hdev);
2aeb9a1a 1441
c95f0ba7 1442 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1443 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1444 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1445 goto unlock;
1446 }
1447
2aeb9a1a
JH		 1448 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1449 err = hci_uuids_clear(hdev);
4004b6d9 1450
24b78d0f 1451 if (enable_service_cache(hdev)) {
bdb6d971 1452 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1453 0, hdev->dev_class, 3);
24b78d0f
JH		 1454 goto unlock;
1455 }
4004b6d9 1456
9246a869 1457 goto update_class;
2aeb9a1a
JH		 1458 }
1459
1460 found = 0;
1461
056341c8 1462 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1463 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1464 continue;
1465
1466 list_del(&match->list);
482049f7 1467 kfree(match);
2aeb9a1a
JH		 1468 found++;
1469 }
1470
1471 if (found == 0) {
bdb6d971 1472 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1473 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1474 goto unlock;
1475 }
1476
9246a869 1477update_class:
890ea898 1478 hci_req_init(&req, hdev);
1aff6f09 1479
890ea898
JH		 1480 update_class(&req);
1481 update_eir(&req);
1482
1483 hci_req_run(&req, NULL);
80a1e1db 1484
90e70454 1485 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1486 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1487 hdev->dev_class, 3);
90e70454
JH		 1488 goto unlock;
1489 }
1490
1491 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1492 if (!cmd) {
90e70454 1493 err = -ENOMEM;
890ea898
JH		 1494 goto unlock;
1495 }
1496
1497 err = 0;
2aeb9a1a
JH		 1498
1499unlock:
09fd0de5 1500 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1501 return err;
1502}
1503
bdb6d971 1504static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1505 u16 len)
1aff6f09 1506{
650f726d 1507 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1508 struct pending_cmd *cmd;
890ea898 1509 struct hci_request req;
1aff6f09
JH		 1510 int err;
1511
bdb6d971 1512 BT_DBG("request for %s", hdev->name);
1aff6f09 1513
13ecd8b6
JH		 1514 if (!lmp_bredr_capable(hdev))
1515 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1516 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1517
13ecd8b6
JH		 1518 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1519 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1520 MGMT_STATUS_BUSY);
ee98f473 1521
13ecd8b6
JH		 1522 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1523 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1524 MGMT_STATUS_INVALID_PARAMS);
c95f0ba7 1525
13ecd8b6 1526 hci_dev_lock(hdev);
575b3a02 1527
932f5ff5
JH		 1528 hdev->major_class = cp->major;
1529 hdev->minor_class = cp->minor;
1530
b5235a65 1531 if (!hdev_is_powered(hdev)) {
bdb6d971 1532 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1533 hdev->dev_class, 3);
b5235a65
JH		 1534 goto unlock;
1535 }
1536
890ea898
JH		 1537 hci_req_init(&req, hdev);
1538
a8b2d5c2 1539 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1540 hci_dev_unlock(hdev);
1541 cancel_delayed_work_sync(&hdev->service_cache);
1542 hci_dev_lock(hdev);
890ea898 1543 update_eir(&req);
7d78525d 1544 }
14c0b608 1545
890ea898
JH		 1546 update_class(&req);
1547
1548 hci_req_run(&req, NULL);
1aff6f09 1549
90e70454 1550 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1551 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1552 hdev->dev_class, 3);
90e70454
JH		 1553 goto unlock;
1554 }
1555
1556 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1557 if (!cmd) {
90e70454 1558 err = -ENOMEM;
890ea898
JH		 1559 goto unlock;
1560 }
1561
1562 err = 0;
1aff6f09 1563
b5235a65 1564unlock:
09fd0de5 1565 hci_dev_unlock(hdev);
1aff6f09
JH		 1566 return err;
1567}
1568
bdb6d971 1569static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1570 u16 len)
55ed8ca1 1571{
650f726d 1572 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1573 u16 key_count, expected_len;
a492cd52 1574 int i;
55ed8ca1 1575
1f350c87 1576 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1577
86742e1e
JH		 1578 expected_len = sizeof(*cp) + key_count *
1579 sizeof(struct mgmt_link_key_info);
a492cd52 1580 if (expected_len != len) {
86742e1e 1581 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1582 len, expected_len);
bdb6d971 1583 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1584 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1585 }
1586
4ae14301
JH		 1587 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1588 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1589 MGMT_STATUS_INVALID_PARAMS);
1590
bdb6d971 1591 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1592 key_count);
55ed8ca1 1593
4ee71b20
JH		 1594 for (i = 0; i < key_count; i++) {
1595 struct mgmt_link_key_info *key = &cp->keys[i];
1596
1597 if (key->addr.type != BDADDR_BREDR)
1598 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1599 MGMT_STATUS_INVALID_PARAMS);
1600 }
1601
09fd0de5 1602 hci_dev_lock(hdev);
55ed8ca1
JH		 1603
1604 hci_link_keys_clear(hdev);
1605
a8b2d5c2 1606 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1607
1608 if (cp->debug_keys)
a8b2d5c2 1609 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1610 else
a8b2d5c2 1611 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1612
a492cd52 1613 for (i = 0; i < key_count; i++) {
86742e1e 1614 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1615
d753fdc4 1616 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1617 key->type, key->pin_len);
55ed8ca1
JH		 1618 }
1619
bdb6d971 1620 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1621
09fd0de5 1622 hci_dev_unlock(hdev);
55ed8ca1 1623
a492cd52 1624 return 0;
55ed8ca1
JH		 1625}
1626
b1078ad0 1627static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1628 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1629{
1630 struct mgmt_ev_device_unpaired ev;
1631
1632 bacpy(&ev.addr.bdaddr, bdaddr);
1633 ev.addr.type = addr_type;
1634
1635 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1636 skip_sk);
b1078ad0
JH		 1637}
1638
bdb6d971 1639static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1640 u16 len)
55ed8ca1 1641{
124f6e35
JH		 1642 struct mgmt_cp_unpair_device *cp = data;
1643 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1644 struct hci_cp_disconnect dc;
1645 struct pending_cmd *cmd;
55ed8ca1 1646 struct hci_conn *conn;
55ed8ca1
JH		 1647 int err;
1648
a8a1d19e 1649 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1650 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1651 rp.addr.type = cp->addr.type;
a8a1d19e 1652
4ee71b20
JH		 1653 if (!bdaddr_type_is_valid(cp->addr.type))
1654 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1655 MGMT_STATUS_INVALID_PARAMS,
1656 &rp, sizeof(rp));
1657
118da70b
JH		 1658 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1659 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1660 MGMT_STATUS_INVALID_PARAMS,
1661 &rp, sizeof(rp));
1662
4ee71b20
JH		 1663 hci_dev_lock(hdev);
1664
86a8cfc6 1665 if (!hdev_is_powered(hdev)) {
bdb6d971 1666 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1667 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1668 goto unlock;
1669 }
1670
591f47f3 1671 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1672 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1673 else
1674 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1675
55ed8ca1 1676 if (err < 0) {
bdb6d971 1677 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1678 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1679 goto unlock;
1680 }
1681
86a8cfc6 1682 if (cp->disconnect) {
591f47f3 1683 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1685 &cp->addr.bdaddr);
86a8cfc6
JH		 1686 else
1687 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1688 &cp->addr.bdaddr);
86a8cfc6
JH		 1689 } else {
1690 conn = NULL;
1691 }
124f6e35 1692
a8a1d19e 1693 if (!conn) {
bdb6d971 1694 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1695 &rp, sizeof(rp));
b1078ad0 1696 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1697 goto unlock;
1698 }
55ed8ca1 1699
124f6e35 1700 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1701 sizeof(*cp));
a8a1d19e
JH		 1702 if (!cmd) {
1703 err = -ENOMEM;
1704 goto unlock;
55ed8ca1
JH		 1705 }
1706
eb55ef07 1707 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1708 dc.reason = 0x13; /* Remote User Terminated Connection */
1709 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1710 if (err < 0)
1711 mgmt_pending_remove(cmd);
1712
55ed8ca1 1713unlock:
09fd0de5 1714 hci_dev_unlock(hdev);
55ed8ca1
JH		 1715 return err;
1716}
1717
bdb6d971 1718static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1719 u16 len)
8962ee74 1720{
650f726d 1721 struct mgmt_cp_disconnect *cp = data;
06a63b19 1722 struct mgmt_rp_disconnect rp;
8962ee74 1723 struct hci_cp_disconnect dc;
366a0336 1724 struct pending_cmd *cmd;
8962ee74 1725 struct hci_conn *conn;
8962ee74
JH		 1726 int err;
1727
1728 BT_DBG("");
1729
06a63b19
JH		 1730 memset(&rp, 0, sizeof(rp));
1731 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1732 rp.addr.type = cp->addr.type;
1733
4ee71b20 1734 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1735 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1736 MGMT_STATUS_INVALID_PARAMS,
1737 &rp, sizeof(rp));
4ee71b20 1738
09fd0de5 1739 hci_dev_lock(hdev);
8962ee74
JH		 1740
1741 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1742 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1743 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1744 goto failed;
1745 }
1746
2e58ef3e 1747 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1748 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1749 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1750 goto failed;
1751 }
1752
591f47f3 1753 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1754 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1755 &cp->addr.bdaddr);
88c3df13
JH		 1756 else
1757 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1758
f960727e 1759 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1760 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1761 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1762 goto failed;
1763 }
1764
2e58ef3e 1765 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1766 if (!cmd) {
1767 err = -ENOMEM;
8962ee74 1768 goto failed;
366a0336 1769 }
8962ee74 1770
eb55ef07 1771 dc.handle = cpu_to_le16(conn->handle);
3701f944 1772 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1773
1774 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1775 if (err < 0)
a664b5bc 1776 mgmt_pending_remove(cmd);
8962ee74
JH		 1777
1778failed:
09fd0de5 1779 hci_dev_unlock(hdev);
8962ee74
JH		 1780 return err;
1781}
1782
57c1477c 1783static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1784{
1785 switch (link_type) {
1786 case LE_LINK:
48264f06
JH		 1787 switch (addr_type) {
1788 case ADDR_LE_DEV_PUBLIC:
591f47f3 1789 return BDADDR_LE_PUBLIC;
0ed09148 1790
48264f06 1791 default:
0ed09148 1792 /* Fallback to LE Random address type */
591f47f3 1793 return BDADDR_LE_RANDOM;
48264f06 1794 }
0ed09148 1795
4c659c39 1796 default:
0ed09148 1797 /* Fallback to BR/EDR type */
591f47f3 1798 return BDADDR_BREDR;
4c659c39
JH		 1799 }
1800}
1801
04124681
GP		 1802static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1803 u16 data_len)
2784eb41 1804{
2784eb41 1805 struct mgmt_rp_get_connections *rp;
8035ded4 1806 struct hci_conn *c;
a38528f1 1807 size_t rp_len;
60fc5fb6
JH		 1808 int err;
1809 u16 i;
2784eb41
JH		 1810
1811 BT_DBG("");
1812
09fd0de5 1813 hci_dev_lock(hdev);
2784eb41 1814
5f97c1df 1815 if (!hdev_is_powered(hdev)) {
bdb6d971 1816 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1817 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1818 goto unlock;
1819 }
1820
60fc5fb6 1821 i = 0;
b644ba33
JH		 1822 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1823 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1824 i++;
2784eb41
JH		 1825 }
1826
60fc5fb6 1827 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1828 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1829 if (!rp) {
2784eb41
JH		 1830 err = -ENOMEM;
1831 goto unlock;
1832 }
1833
2784eb41 1834 i = 0;
4c659c39 1835 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1836 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1837 continue;
4c659c39 1838 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1839 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1840 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1841 continue;
1842 i++;
1843 }
1844
eb55ef07 1845 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1846
4c659c39
JH		 1847 /* Recalculate length in case of filtered SCO connections, etc */
1848 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1849
bdb6d971 1850 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1851 rp_len);
2784eb41 1852
a38528f1 1853 kfree(rp);
5f97c1df
JH		 1854
1855unlock:
09fd0de5 1856 hci_dev_unlock(hdev);
2784eb41
JH		 1857 return err;
1858}
1859
bdb6d971 1860static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1861 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1862{
1863 struct pending_cmd *cmd;
1864 int err;
1865
2e58ef3e 1866 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1867 sizeof(*cp));
96d97a67
WR		 1868 if (!cmd)
1869 return -ENOMEM;
1870
d8457698 1871 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1872 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1873 if (err < 0)
1874 mgmt_pending_remove(cmd);
1875
1876 return err;
1877}
1878
bdb6d971 1879static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1880 u16 len)
980e1a53 1881{
96d97a67 1882 struct hci_conn *conn;
650f726d 1883 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1884 struct hci_cp_pin_code_reply reply;
366a0336 1885 struct pending_cmd *cmd;
980e1a53
JH		 1886 int err;
1887
1888 BT_DBG("");
1889
09fd0de5 1890 hci_dev_lock(hdev);
980e1a53 1891
4b34ee78 1892 if (!hdev_is_powered(hdev)) {
bdb6d971 1893 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1894 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1895 goto failed;
1896 }
1897
d8457698 1898 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1899 if (!conn) {
bdb6d971 1900 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1901 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1902 goto failed;
1903 }
1904
1905 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1906 struct mgmt_cp_pin_code_neg_reply ncp;
1907
1908 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1909
1910 BT_ERR("PIN code is not 16 bytes long");
1911
bdb6d971 1912 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1913 if (err >= 0)
bdb6d971 1914 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1915 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1916
1917 goto failed;
1918 }
1919
00abfe44 1920 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1921 if (!cmd) {
1922 err = -ENOMEM;
980e1a53 1923 goto failed;
366a0336 1924 }
980e1a53 1925
d8457698 1926 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1927 reply.pin_len = cp->pin_len;
24718ca5 1928 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1929
1930 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1931 if (err < 0)
a664b5bc 1932 mgmt_pending_remove(cmd);
980e1a53
JH		 1933
1934failed:
09fd0de5 1935 hci_dev_unlock(hdev);
980e1a53
JH		 1936 return err;
1937}
1938
04124681
GP		 1939static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1940 u16 len)
17fa4b9d 1941{
650f726d 1942 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1943
1944 BT_DBG("");
1945
09fd0de5 1946 hci_dev_lock(hdev);
17fa4b9d
JH		 1947
1948 hdev->io_capability = cp->io_capability;
1949
1950 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 1951 hdev->io_capability);
17fa4b9d 1952
09fd0de5 1953 hci_dev_unlock(hdev);
17fa4b9d 1954
04124681
GP		 1955 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1956 0);
17fa4b9d
JH		 1957}
1958
6039aa73 1959static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 1960{
1961 struct hci_dev *hdev = conn->hdev;
8035ded4 1962 struct pending_cmd *cmd;
e9a416b5 1963
2e58ef3e 1964 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1965 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1966 continue;
1967
e9a416b5
JH		 1968 if (cmd->user_data != conn)
1969 continue;
1970
1971 return cmd;
1972 }
1973
1974 return NULL;
1975}
1976
1977static void pairing_complete(struct pending_cmd *cmd, u8 status)
1978{
1979 struct mgmt_rp_pair_device rp;
1980 struct hci_conn *conn = cmd->user_data;
1981
ba4e564f 1982 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 1983 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 1984
aee9b218 1985 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1986 &rp, sizeof(rp));
e9a416b5
JH		 1987
1988 /* So we don't get further callbacks for this connection */
1989 conn->connect_cfm_cb = NULL;
1990 conn->security_cfm_cb = NULL;
1991 conn->disconn_cfm_cb = NULL;
1992
1993 hci_conn_put(conn);
1994
a664b5bc 1995 mgmt_pending_remove(cmd);
e9a416b5
JH		 1996}
1997
1998static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1999{
2000 struct pending_cmd *cmd;
2001
2002 BT_DBG("status %u", status);
2003
2004 cmd = find_pairing(conn);
56e5cb86 2005 if (!cmd)
e9a416b5 2006 BT_DBG("Unable to find a pending command");
56e5cb86 2007 else
e211326c 2008 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2009}
2010
4c47d739
VA		 2011static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2012{
2013 struct pending_cmd *cmd;
2014
2015 BT_DBG("status %u", status);
2016
2017 if (!status)
2018 return;
2019
2020 cmd = find_pairing(conn);
2021 if (!cmd)
2022 BT_DBG("Unable to find a pending command");
2023 else
2024 pairing_complete(cmd, mgmt_status(status));
2025}
2026
bdb6d971 2027static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2028 u16 len)
e9a416b5 2029{
650f726d 2030 struct mgmt_cp_pair_device *cp = data;
1425acb7 2031 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2032 struct pending_cmd *cmd;
2033 u8 sec_level, auth_type;
2034 struct hci_conn *conn;
e9a416b5
JH		 2035 int err;
2036
2037 BT_DBG("");
2038
f950a30e
SJ		 2039 memset(&rp, 0, sizeof(rp));
2040 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2041 rp.addr.type = cp->addr.type;
2042
4ee71b20
JH		 2043 if (!bdaddr_type_is_valid(cp->addr.type))
2044 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2045 MGMT_STATUS_INVALID_PARAMS,
2046 &rp, sizeof(rp));
2047
09fd0de5 2048 hci_dev_lock(hdev);
e9a416b5 2049
5f97c1df 2050 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2051 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2052 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2053 goto unlock;
2054 }
2055
c908df36
VCG		 2056 sec_level = BT_SECURITY_MEDIUM;
2057 if (cp->io_cap == 0x03)
e9a416b5 2058 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2059 else
e9a416b5 2060 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2061
591f47f3 2062 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2063 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2064 cp->addr.type, sec_level, auth_type);
7a512d01 2065 else
b12f62cf
AG		 2066 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2067 cp->addr.type, sec_level, auth_type);
7a512d01 2068
30e76272 2069 if (IS_ERR(conn)) {
489dc48e
AK		 2070 int status;
2071
2072 if (PTR_ERR(conn) == -EBUSY)
2073 status = MGMT_STATUS_BUSY;
2074 else
2075 status = MGMT_STATUS_CONNECT_FAILED;
2076
bdb6d971 2077 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2078 status, &rp,
04124681 2079 sizeof(rp));
e9a416b5
JH		 2080 goto unlock;
2081 }
2082
2083 if (conn->connect_cfm_cb) {
2084 hci_conn_put(conn);
bdb6d971 2085 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2086 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2087 goto unlock;
2088 }
2089
2e58ef3e 2090 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2091 if (!cmd) {
2092 err = -ENOMEM;
2093 hci_conn_put(conn);
2094 goto unlock;
2095 }
2096
7a512d01 2097 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2098 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2099 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2100 else
2101 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2102
e9a416b5
JH		 2103 conn->security_cfm_cb = pairing_complete_cb;
2104 conn->disconn_cfm_cb = pairing_complete_cb;
2105 conn->io_capability = cp->io_cap;
2106 cmd->user_data = conn;
2107
2108 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2109 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2110 pairing_complete(cmd, 0);
2111
2112 err = 0;
2113
2114unlock:
09fd0de5 2115 hci_dev_unlock(hdev);
e9a416b5
JH		 2116 return err;
2117}
2118
04124681
GP		 2119static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2120 u16 len)
28424707 2121{
0f4e68cf 2122 struct mgmt_addr_info *addr = data;
28424707
JH		 2123 struct pending_cmd *cmd;
2124 struct hci_conn *conn;
2125 int err;
2126
2127 BT_DBG("");
2128
28424707
JH		 2129 hci_dev_lock(hdev);
2130
5f97c1df 2131 if (!hdev_is_powered(hdev)) {
bdb6d971 2132 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2133 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2134 goto unlock;
2135 }
2136
28424707
JH		 2137 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2138 if (!cmd) {
bdb6d971 2139 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2140 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2141 goto unlock;
2142 }
2143
2144 conn = cmd->user_data;
2145
2146 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2147 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2148 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2149 goto unlock;
2150 }
2151
2152 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2153
bdb6d971 2154 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2155 addr, sizeof(*addr));
28424707
JH		 2156unlock:
2157 hci_dev_unlock(hdev);
28424707
JH		 2158 return err;
2159}
2160
bdb6d971 2161static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2162 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2163 u16 hci_op, __le32 passkey)
a5c29683 2164{
a5c29683 2165 struct pending_cmd *cmd;
0df4c185 2166 struct hci_conn *conn;
a5c29683
JH		 2167 int err;
2168
09fd0de5 2169 hci_dev_lock(hdev);
08ba5382 2170
4b34ee78 2171 if (!hdev_is_powered(hdev)) {
bdb6d971 2172 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2173 MGMT_STATUS_NOT_POWERED);
0df4c185 2174 goto done;
a5c29683
JH		 2175 }
2176
591f47f3 2177 if (type == BDADDR_BREDR)
272d90df
JH		 2178 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2179 else
47c15e2b 2180 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2181
2182 if (!conn) {
bdb6d971 2183 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2184 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2185 goto done;
2186 }
47c15e2b 2187
591f47f3 2188 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2189 /* Continue with pairing via SMP */
5fe57d9e
BG		 2190 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2191
2192 if (!err)
bdb6d971 2193 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2194 MGMT_STATUS_SUCCESS);
5fe57d9e 2195 else
bdb6d971 2196 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2197 MGMT_STATUS_FAILED);
47c15e2b 2198
47c15e2b
BG		 2199 goto done;
2200 }
2201
0df4c185 2202 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2203 if (!cmd) {
2204 err = -ENOMEM;
0df4c185 2205 goto done;
a5c29683
JH		 2206 }
2207
0df4c185 2208 /* Continue with pairing via HCI */
604086b7
BG		 2209 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2210 struct hci_cp_user_passkey_reply cp;
2211
2212 bacpy(&cp.bdaddr, bdaddr);
2213 cp.passkey = passkey;
2214 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2215 } else
2216 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2217
a664b5bc
JH		 2218 if (err < 0)
2219 mgmt_pending_remove(cmd);
a5c29683 2220
0df4c185 2221done:
09fd0de5 2222 hci_dev_unlock(hdev);
a5c29683
JH		 2223 return err;
2224}
2225
afeb019d
JK		 2226static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2227 void *data, u16 len)
2228{
2229 struct mgmt_cp_pin_code_neg_reply *cp = data;
2230
2231 BT_DBG("");
2232
2233 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2234 MGMT_OP_PIN_CODE_NEG_REPLY,
2235 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2236}
2237
04124681
GP		 2238static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2239 u16 len)
0df4c185 2240{
650f726d 2241 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2242
2243 BT_DBG("");
2244
2245 if (len != sizeof(*cp))
bdb6d971 2246 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2247 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2248
bdb6d971 2249 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2250 MGMT_OP_USER_CONFIRM_REPLY,
2251 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2252}
2253
bdb6d971 2254static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2255 void *data, u16 len)
0df4c185 2256{
c9c2659f 2257 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2258
2259 BT_DBG("");
2260
bdb6d971 2261 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2262 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2263 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2264}
2265
04124681
GP		 2266static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2267 u16 len)
604086b7 2268{
650f726d 2269 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2270
2271 BT_DBG("");
2272
bdb6d971 2273 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2274 MGMT_OP_USER_PASSKEY_REPLY,
2275 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2276}
2277
bdb6d971 2278static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2279 void *data, u16 len)
604086b7 2280{
650f726d 2281 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2282
2283 BT_DBG("");
2284
bdb6d971 2285 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2286 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2287 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2288}
2289
890ea898 2290static void update_name(struct hci_request *req, const char *name)
2b4bf397
JH		 2291{
2292 struct hci_cp_write_local_name cp;
2293
2294 memcpy(cp.name, name, sizeof(cp.name));
2295
890ea898 2296 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2297}
2298
bdb6d971 2299static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2300 u16 len)
b312b161 2301{
2b4bf397 2302 struct mgmt_cp_set_local_name *cp = data;
b312b161 2303 struct pending_cmd *cmd;
890ea898 2304 struct hci_request req;
b312b161
JH		 2305 int err;
2306
2307 BT_DBG("");
2308
09fd0de5 2309 hci_dev_lock(hdev);
b312b161 2310
2b4bf397 2311 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2312
b5235a65 2313 if (!hdev_is_powered(hdev)) {
2b4bf397 2314 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2315
2316 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2317 data, len);
28cc7bde
JH		 2318 if (err < 0)
2319 goto failed;
2320
2321 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2322 sk);
28cc7bde 2323
b5235a65
JH		 2324 goto failed;
2325 }
2326
28cc7bde 2327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2328 if (!cmd) {
2329 err = -ENOMEM;
2330 goto failed;
2331 }
2332
890ea898
JH		 2333 hci_req_init(&req, hdev);
2334 update_name(&req, cp->name);
2335 err = hci_req_run(&req, NULL);
b312b161
JH		 2336 if (err < 0)
2337 mgmt_pending_remove(cmd);
2338
2339failed:
09fd0de5 2340 hci_dev_unlock(hdev);
b312b161
JH		 2341 return err;
2342}
2343
0f4e68cf 2344static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2345 void *data, u16 data_len)
c35938b2 2346{
c35938b2
SJ		 2347 struct pending_cmd *cmd;
2348 int err;
2349
bdb6d971 2350 BT_DBG("%s", hdev->name);
c35938b2 2351
09fd0de5 2352 hci_dev_lock(hdev);
c35938b2 2353
4b34ee78 2354 if (!hdev_is_powered(hdev)) {
bdb6d971 2355 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2356 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2357 goto unlock;
2358 }
2359
9a1a1996 2360 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2361 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2362 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2363 goto unlock;
2364 }
2365
2e58ef3e 2366 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2367 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2368 MGMT_STATUS_BUSY);
c35938b2
SJ		 2369 goto unlock;
2370 }
2371
2e58ef3e 2372 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2373 if (!cmd) {
2374 err = -ENOMEM;
2375 goto unlock;
2376 }
2377
2378 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2379 if (err < 0)
2380 mgmt_pending_remove(cmd);
2381
2382unlock:
09fd0de5 2383 hci_dev_unlock(hdev);
c35938b2
SJ		 2384 return err;
2385}
2386
bdb6d971 2387static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2388 void *data, u16 len)
2763eda6 2389{
650f726d 2390 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2391 u8 status;
2763eda6
SJ		 2392 int err;
2393
bdb6d971 2394 BT_DBG("%s ", hdev->name);
2763eda6 2395
09fd0de5 2396 hci_dev_lock(hdev);
2763eda6 2397
664ce4cc 2398 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2399 cp->randomizer);
2763eda6 2400 if (err < 0)
bf1e3541 2401 status = MGMT_STATUS_FAILED;
2763eda6 2402 else
a6785be2 2403 status = MGMT_STATUS_SUCCESS;
bf1e3541 2404
bdb6d971 2405 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2406 &cp->addr, sizeof(cp->addr));
2763eda6 2407
09fd0de5 2408 hci_dev_unlock(hdev);
2763eda6
SJ		 2409 return err;
2410}
2411
bdb6d971 2412static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2413 void *data, u16 len)
2763eda6 2414{
650f726d 2415 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2416 u8 status;
2763eda6
SJ		 2417 int err;
2418
bdb6d971 2419 BT_DBG("%s", hdev->name);
2763eda6 2420
09fd0de5 2421 hci_dev_lock(hdev);
2763eda6 2422
664ce4cc 2423 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2424 if (err < 0)
bf1e3541 2425 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2426 else
a6785be2 2427 status = MGMT_STATUS_SUCCESS;
bf1e3541 2428
bdb6d971 2429 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2430 status, &cp->addr, sizeof(cp->addr));
2763eda6 2431
09fd0de5 2432 hci_dev_unlock(hdev);
2763eda6
SJ		 2433 return err;
2434}
2435
5e0452c0
AG		 2436int mgmt_interleaved_discovery(struct hci_dev *hdev)
2437{
2438 int err;
2439
2440 BT_DBG("%s", hdev->name);
2441
2442 hci_dev_lock(hdev);
2443
2444 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2445 if (err < 0)
2446 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2447
2448 hci_dev_unlock(hdev);
2449
2450 return err;
2451}
2452
bdb6d971 2453static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2454 void *data, u16 len)
14a53664 2455{
650f726d 2456 struct mgmt_cp_start_discovery *cp = data;
14a53664 2457 struct pending_cmd *cmd;
14a53664
JH		 2458 int err;
2459
bdb6d971 2460 BT_DBG("%s", hdev->name);
14a53664 2461
09fd0de5 2462 hci_dev_lock(hdev);
14a53664 2463
4b34ee78 2464 if (!hdev_is_powered(hdev)) {
bdb6d971 2465 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2466 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2467 goto failed;
2468 }
2469
642be6c7
AG		 2470 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2472 MGMT_STATUS_BUSY);
2473 goto failed;
2474 }
2475
ff9ef578 2476 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2477 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2478 MGMT_STATUS_BUSY);
ff9ef578
JH		 2479 goto failed;
2480 }
2481
2e58ef3e 2482 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2483 if (!cmd) {
2484 err = -ENOMEM;
2485 goto failed;
2486 }
2487
4aab14e5
AG		 2488 hdev->discovery.type = cp->type;
2489
2490 switch (hdev->discovery.type) {
f39799f5 2491 case DISCOV_TYPE_BREDR:
04106755
JH		 2492 if (!lmp_bredr_capable(hdev)) {
2493 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2494 MGMT_STATUS_NOT_SUPPORTED);
2495 mgmt_pending_remove(cmd);
2496 goto failed;
2497 }
2498
2499 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2500 break;
2501
2502 case DISCOV_TYPE_LE:
04106755
JH		 2503 if (!lmp_host_le_capable(hdev)) {
2504 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2505 MGMT_STATUS_NOT_SUPPORTED);
2506 mgmt_pending_remove(cmd);
2507 goto failed;
2508 }
2509
2510 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2511 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2512 break;
2513
5e0452c0 2514 case DISCOV_TYPE_INTERLEAVED:
04106755
JH		 2515 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2516 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2517 MGMT_STATUS_NOT_SUPPORTED);
2518 mgmt_pending_remove(cmd);
2519 goto failed;
2520 }
2521
2522 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2523 LE_SCAN_TIMEOUT_BREDR_LE);
5e0452c0
AG		 2524 break;
2525
f39799f5 2526 default:
04106755
JH		 2527 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2528 MGMT_STATUS_INVALID_PARAMS);
2529 mgmt_pending_remove(cmd);
2530 goto failed;
f39799f5 2531 }
3fd24153 2532
14a53664
JH		 2533 if (err < 0)
2534 mgmt_pending_remove(cmd);
ff9ef578
JH		 2535 else
2536 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2537
2538failed:
09fd0de5 2539 hci_dev_unlock(hdev);
14a53664
JH		 2540 return err;
2541}
2542
bdb6d971 2543static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2544 u16 len)
14a53664 2545{
d930650b 2546 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2547 struct pending_cmd *cmd;
30dc78e1
JH		 2548 struct hci_cp_remote_name_req_cancel cp;
2549 struct inquiry_entry *e;
14a53664
JH		 2550 int err;
2551
bdb6d971 2552 BT_DBG("%s", hdev->name);
14a53664 2553
09fd0de5 2554 hci_dev_lock(hdev);
14a53664 2555
30dc78e1 2556 if (!hci_discovery_active(hdev)) {
bdb6d971 2557 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2558 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2559 sizeof(mgmt_cp->type));
d930650b
JH		 2560 goto unlock;
2561 }
2562
2563 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2564 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2565 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2566 sizeof(mgmt_cp->type));
30dc78e1 2567 goto unlock;
ff9ef578
JH		 2568 }
2569
2e58ef3e 2570 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2571 if (!cmd) {
2572 err = -ENOMEM;
30dc78e1
JH		 2573 goto unlock;
2574 }
2575
e0d9727e
AG		 2576 switch (hdev->discovery.state) {
2577 case DISCOVERY_FINDING:
c9ecc48e
AG		 2578 if (test_bit(HCI_INQUIRY, &hdev->flags))
2579 err = hci_cancel_inquiry(hdev);
2580 else
2581 err = hci_cancel_le_scan(hdev);
2582
e0d9727e
AG		 2583 break;
2584
2585 case DISCOVERY_RESOLVING:
2586 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2587 NAME_PENDING);
e0d9727e 2588 if (!e) {
30dc78e1 2589 mgmt_pending_remove(cmd);
e0d9727e
AG		 2590 err = cmd_complete(sk, hdev->id,
2591 MGMT_OP_STOP_DISCOVERY, 0,
2592 &mgmt_cp->type,
2593 sizeof(mgmt_cp->type));
2594 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2595 goto unlock;
2596 }
30dc78e1 2597
e0d9727e
AG		 2598 bacpy(&cp.bdaddr, &e->data.bdaddr);
2599 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2600 sizeof(cp), &cp);
2601
2602 break;
2603
2604 default:
2605 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2606 err = -EFAULT;
14a53664
JH		 2607 }
2608
14a53664
JH		 2609 if (err < 0)
2610 mgmt_pending_remove(cmd);
ff9ef578
JH		 2611 else
2612 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2613
30dc78e1 2614unlock:
09fd0de5 2615 hci_dev_unlock(hdev);
14a53664
JH		 2616 return err;
2617}
2618
bdb6d971 2619static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2620 u16 len)
561aafbc 2621{
650f726d 2622 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2623 struct inquiry_entry *e;
561aafbc
JH		 2624 int err;
2625
bdb6d971 2626 BT_DBG("%s", hdev->name);
561aafbc 2627
561aafbc
JH		 2628 hci_dev_lock(hdev);
2629
30dc78e1 2630 if (!hci_discovery_active(hdev)) {
bdb6d971 2631 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2632 MGMT_STATUS_FAILED);
30dc78e1
JH		 2633 goto failed;
2634 }
2635
a198e7b1 2636 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2637 if (!e) {
bdb6d971 2638 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2639 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2640 goto failed;
2641 }
2642
2643 if (cp->name_known) {
2644 e->name_state = NAME_KNOWN;
2645 list_del(&e->list);
2646 } else {
2647 e->name_state = NAME_NEEDED;
a3d4e20a 2648 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2649 }
2650
e384662b
JH		 2651 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2652 sizeof(cp->addr));
561aafbc
JH		 2653
2654failed:
2655 hci_dev_unlock(hdev);
561aafbc
JH		 2656 return err;
2657}
2658
bdb6d971 2659static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2660 u16 len)
7fbec224 2661{
650f726d 2662 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2663 u8 status;
7fbec224
AJ		 2664 int err;
2665
bdb6d971 2666 BT_DBG("%s", hdev->name);
7fbec224 2667
4ee71b20 2668 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2669 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2670 MGMT_STATUS_INVALID_PARAMS,
2671 &cp->addr, sizeof(cp->addr));
4ee71b20 2672
09fd0de5 2673 hci_dev_lock(hdev);
5e762444 2674
88c1fe4b 2675 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2676 if (err < 0)
f0eeea8b 2677 status = MGMT_STATUS_FAILED;
7fbec224 2678 else
a6785be2 2679 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2680
bdb6d971 2681 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2682 &cp->addr, sizeof(cp->addr));
5e762444 2683
09fd0de5 2684 hci_dev_unlock(hdev);
7fbec224
AJ		 2685
2686 return err;
2687}
2688
bdb6d971 2689static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2690 u16 len)
7fbec224 2691{
650f726d 2692 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2693 u8 status;
7fbec224
AJ		 2694 int err;
2695
bdb6d971 2696 BT_DBG("%s", hdev->name);
7fbec224 2697
4ee71b20 2698 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2699 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2700 MGMT_STATUS_INVALID_PARAMS,
2701 &cp->addr, sizeof(cp->addr));
4ee71b20 2702
09fd0de5 2703 hci_dev_lock(hdev);
5e762444 2704
88c1fe4b 2705 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2706 if (err < 0)
f0eeea8b 2707 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2708 else
a6785be2 2709 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2710
bdb6d971 2711 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2712 &cp->addr, sizeof(cp->addr));
5e762444 2713
09fd0de5 2714 hci_dev_unlock(hdev);
7fbec224
AJ		 2715
2716 return err;
2717}
2718
cdbaccca
MH		 2719static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2720 u16 len)
2721{
2722 struct mgmt_cp_set_device_id *cp = data;
890ea898 2723 struct hci_request req;
cdbaccca 2724 int err;
c72d4b8a 2725 __u16 source;
cdbaccca
MH		 2726
2727 BT_DBG("%s", hdev->name);
2728
c72d4b8a
SJ		 2729 source = __le16_to_cpu(cp->source);
2730
2731 if (source > 0x0002)
2732 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2733 MGMT_STATUS_INVALID_PARAMS);
2734
cdbaccca
MH		 2735 hci_dev_lock(hdev);
2736
c72d4b8a 2737 hdev->devid_source = source;
cdbaccca
MH		 2738 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2739 hdev->devid_product = __le16_to_cpu(cp->product);
2740 hdev->devid_version = __le16_to_cpu(cp->version);
2741
2742 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2743
890ea898
JH		 2744 hci_req_init(&req, hdev);
2745 update_eir(&req);
2746 hci_req_run(&req, NULL);
cdbaccca
MH		 2747
2748 hci_dev_unlock(hdev);
2749
2750 return err;
2751}
2752
bdb6d971 2753static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2754 void *data, u16 len)
f6422ec6 2755{
650f726d 2756 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2757 struct hci_cp_write_page_scan_activity acp;
2758 u8 type;
2759 int err;
2760
bdb6d971 2761 BT_DBG("%s", hdev->name);
f6422ec6 2762
33c525c0
JH		 2763 if (!lmp_bredr_capable(hdev))
2764 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2765 MGMT_STATUS_NOT_SUPPORTED);
2766
a7e80f25
JH		 2767 if (cp->val != 0x00 && cp->val != 0x01)
2768 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2769 MGMT_STATUS_INVALID_PARAMS);
2770
5400c044 2771 if (!hdev_is_powered(hdev))
bdb6d971 2772 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2773 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2774
2775 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2776 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2777 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2778
2779 hci_dev_lock(hdev);
2780
f7c6869c 2781 if (cp->val) {
f6422ec6 2782 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2783
83ce9a06
JH		 2784 /* 160 msec page scan interval */
2785 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2786 } else {
2787 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2788
2789 /* default 1.28 sec page scan */
2790 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2791 }
2792
76ec9de8
AE		 2793 /* default 11.25 msec page scan window */
2794 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2795
04124681
GP		 2796 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2797 &acp);
f6422ec6 2798 if (err < 0) {
bdb6d971 2799 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2800 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2801 goto done;
2802 }
2803
2804 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2805 if (err < 0) {
bdb6d971 2806 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2807 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2808 goto done;
2809 }
2810
bdb6d971 2811 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2812 NULL, 0);
f6422ec6
AJ		 2813done:
2814 hci_dev_unlock(hdev);
f6422ec6
AJ		 2815 return err;
2816}
2817
3f706b72
JH		 2818static bool ltk_is_valid(struct mgmt_ltk_info *key)
2819{
44b20d33
JH		 2820 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2821 return false;
3f706b72
JH		 2822 if (key->master != 0x00 && key->master != 0x01)
2823 return false;
4ee71b20
JH		 2824 if (!bdaddr_type_is_le(key->addr.type))
2825 return false;
3f706b72
JH		 2826 return true;
2827}
2828
bdb6d971 2829static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2830 void *cp_data, u16 len)
346af67b 2831{
346af67b
VCG		 2832 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2833 u16 key_count, expected_len;
715a5bf2 2834 int i, err;
346af67b 2835
1f350c87 2836 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2837
2838 expected_len = sizeof(*cp) + key_count *
2839 sizeof(struct mgmt_ltk_info);
2840 if (expected_len != len) {
2841 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2842 len, expected_len);
bdb6d971 2843 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 2844 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 2845 }
2846
bdb6d971 2847 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 2848
54ad6d8a
JH		 2849 for (i = 0; i < key_count; i++) {
2850 struct mgmt_ltk_info *key = &cp->keys[i];
2851
3f706b72 2852 if (!ltk_is_valid(key))
54ad6d8a
JH		 2853 return cmd_status(sk, hdev->id,
2854 MGMT_OP_LOAD_LONG_TERM_KEYS,
2855 MGMT_STATUS_INVALID_PARAMS);
2856 }
2857
346af67b
VCG		 2858 hci_dev_lock(hdev);
2859
2860 hci_smp_ltks_clear(hdev);
2861
2862 for (i = 0; i < key_count; i++) {
2863 struct mgmt_ltk_info *key = &cp->keys[i];
2864 u8 type;
2865
2866 if (key->master)
2867 type = HCI_SMP_LTK;
2868 else
2869 type = HCI_SMP_LTK_SLAVE;
2870
4596fde5 2871 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2872 bdaddr_to_le(key->addr.type),
04124681
GP		 2873 type, 0, key->authenticated, key->val,
2874 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2875 }
2876
715a5bf2
JH		 2877 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2878 NULL, 0);
2879
346af67b 2880 hci_dev_unlock(hdev);
346af67b 2881
715a5bf2 2882 return err;
346af67b
VCG		 2883}
2884
2e3c35ea 2885static const struct mgmt_handler {
04124681
GP		 2886 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2887 u16 data_len);
be22b54e
JH		 2888 bool var_len;
2889 size_t data_len;
0f4e68cf
JH		 2890} mgmt_handlers[] = {
2891 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2892 { read_version, false, MGMT_READ_VERSION_SIZE },
2893 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2894 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2895 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2896 { set_powered, false, MGMT_SETTING_SIZE },
2897 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2898 { set_connectable, false, MGMT_SETTING_SIZE },
2899 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2900 { set_pairable, false, MGMT_SETTING_SIZE },
2901 { set_link_security, false, MGMT_SETTING_SIZE },
2902 { set_ssp, false, MGMT_SETTING_SIZE },
2903 { set_hs, false, MGMT_SETTING_SIZE },
2904 { set_le, false, MGMT_SETTING_SIZE },
2905 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2906 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2907 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2908 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2909 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2910 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2911 { disconnect, false, MGMT_DISCONNECT_SIZE },
2912 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2913 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2914 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2915 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2916 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2917 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2918 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2919 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2920 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2921 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2922 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2923 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2924 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2925 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2926 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2927 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2928 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2929 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2930 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2931 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2932};
2933
2934
0381101f
JH		 2935int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2936{
650f726d
VCG		 2937 void *buf;
2938 u8 *cp;
0381101f 2939 struct mgmt_hdr *hdr;
4e51eae9 2940 u16 opcode, index, len;
bdb6d971 2941 struct hci_dev *hdev = NULL;
2e3c35ea 2942 const struct mgmt_handler *handler;
0381101f
JH		 2943 int err;
2944
2945 BT_DBG("got %zu bytes", msglen);
2946
2947 if (msglen < sizeof(*hdr))
2948 return -EINVAL;
2949
e63a15ec 2950 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2951 if (!buf)
2952 return -ENOMEM;
2953
2954 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2955 err = -EFAULT;
2956 goto done;
2957 }
2958
650f726d 2959 hdr = buf;
1f350c87
MH		 2960 opcode = __le16_to_cpu(hdr->opcode);
2961 index = __le16_to_cpu(hdr->index);
2962 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2963
2964 if (len != msglen - sizeof(*hdr)) {
2965 err = -EINVAL;
2966 goto done;
2967 }
2968
0f4e68cf 2969 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2970 hdev = hci_dev_get(index);
2971 if (!hdev) {
2972 err = cmd_status(sk, index, opcode,
04124681 2973 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2974 goto done;
2975 }
2976 }
2977
0f4e68cf 2978 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 2979 mgmt_handlers[opcode].func == NULL) {
0381101f 2980 BT_DBG("Unknown op %u", opcode);
ca69b795 2981 err = cmd_status(sk, index, opcode,
04124681 2982 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2983 goto done;
2984 }
2985
2986 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 2987 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 2988 err = cmd_status(sk, index, opcode,
04124681 2989 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2990 goto done;
0381101f
JH		 2991 }
2992
be22b54e
JH		 2993 handler = &mgmt_handlers[opcode];
2994
2995 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 2996 (!handler->var_len && len != handler->data_len)) {
be22b54e 2997 err = cmd_status(sk, index, opcode,
04124681 2998 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2999 goto done;
3000 }
3001
0f4e68cf
JH		 3002 if (hdev)
3003 mgmt_init_hdev(sk, hdev);
3004
3005 cp = buf + sizeof(*hdr);
3006
be22b54e 3007 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3008 if (err < 0)
3009 goto done;
3010
0381101f
JH		 3011 err = msglen;
3012
3013done:
bdb6d971
JH		 3014 if (hdev)
3015 hci_dev_put(hdev);
3016
0381101f
JH		 3017 kfree(buf);
3018 return err;
3019}
c71e97bf 3020
b24752fe
JH		 3021static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3022{
3023 u8 *status = data;
3024
3025 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3026 mgmt_pending_remove(cmd);
3027}
3028
744cf19e 3029int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3030{
bb4b2a9a
AE		 3031 if (!mgmt_valid_hdev(hdev))
3032 return -ENOTSUPP;
3033
744cf19e 3034 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3035}
3036
744cf19e 3037int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3038{
5f159032 3039 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3040
bb4b2a9a
AE		 3041 if (!mgmt_valid_hdev(hdev))
3042 return -ENOTSUPP;
3043
744cf19e 3044 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3045
744cf19e 3046 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3047}
3048
73f22f62 3049struct cmd_lookup {
eec8d2bc 3050 struct sock *sk;
69ab39ea 3051 struct hci_dev *hdev;
90e70454 3052 u8 mgmt_status;
eec8d2bc
JH		 3053};
3054
69ab39ea 3055static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3056{
73f22f62 3057 struct cmd_lookup *match = data;
eec8d2bc 3058
69ab39ea 3059 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3060
3061 list_del(&cmd->list);
3062
3063 if (match->sk == NULL) {
3064 match->sk = cmd->sk;
3065 sock_hold(match->sk);
3066 }
3067
3068 mgmt_pending_free(cmd);
c71e97bf 3069}
5add6af8 3070
890ea898 3071static void set_bredr_scan(struct hci_request *req)
7f0ae647 3072{
890ea898 3073 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3074 u8 scan = 0;
3075
3076 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3077 scan |= SCAN_PAGE;
3078 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3079 scan |= SCAN_INQUIRY;
3080
890ea898
JH		 3081 if (scan)
3082 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3083}
3084
229ab39c
JH		 3085static void powered_complete(struct hci_dev *hdev, u8 status)
3086{
3087 struct cmd_lookup match = { NULL, hdev };
3088
3089 BT_DBG("status 0x%02x", status);
3090
3091 hci_dev_lock(hdev);
3092
3093 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3094
3095 new_settings(hdev, match.sk);
3096
3097 hci_dev_unlock(hdev);
3098
3099 if (match.sk)
3100 sock_put(match.sk);
3101}
3102
70da6243 3103static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3104{
890ea898 3105 struct hci_request req;
70da6243 3106 u8 link_sec;
5add6af8 3107
890ea898
JH		 3108 hci_req_init(&req, hdev);
3109
70da6243
JH		 3110 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3111 !lmp_host_ssp_capable(hdev)) {
3112 u8 ssp = 1;
5e5282bb 3113
890ea898 3114 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3115 }
5add6af8 3116
70da6243
JH		 3117 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3118 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3119
70da6243
JH		 3120 cp.le = 1;
3121 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3122
70da6243
JH		 3123 /* Check first if we already have the right
3124 * host state (host features set)
3125 */
3126 if (cp.le != lmp_host_le_capable(hdev) ||
3127 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3128 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3129 sizeof(cp), &cp);
70da6243 3130 }
3d1cbdd6 3131
70da6243
JH		 3132 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3133 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3134 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3135 sizeof(link_sec), &link_sec);
562fcc24 3136
70da6243 3137 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3138 set_bredr_scan(&req);
3139 update_class(&req);
3140 update_name(&req, hdev->dev_name);
3141 update_eir(&req);
70da6243 3142 }
562fcc24 3143
229ab39c 3144 return hci_req_run(&req, powered_complete);
70da6243 3145}
562fcc24 3146
70da6243
JH		 3147int mgmt_powered(struct hci_dev *hdev, u8 powered)
3148{
3149 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3150 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3151 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3152 int err;
f0ff92fb 3153
70da6243
JH		 3154 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3155 return 0;
3156
70da6243 3157 if (powered) {
229ab39c
JH		 3158 if (powered_update_hci(hdev) == 0)
3159 return 0;
fe038884 3160
229ab39c
JH		 3161 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3162 &match);
3163 goto new_settings;
b24752fe
JH		 3164 }
3165
229ab39c
JH		 3166 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3167 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3168
3169 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3170 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3171 zero_cod, sizeof(zero_cod), NULL);
3172
3173new_settings:
beadb2bd 3174 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3175
3176 if (match.sk)
3177 sock_put(match.sk);
3178
7bb895d6 3179 return err;
5add6af8 3180}
73f22f62 3181
744cf19e 3182int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3183{
76a7f3a4 3184 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3185 bool changed = false;
3186 int err = 0;
73f22f62 3187
5e5282bb
JH		 3188 if (discoverable) {
3189 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3190 changed = true;
3191 } else {
3192 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3193 changed = true;
3194 }
73f22f62 3195
ed9b5f2f 3196 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3197 &match);
ed9b5f2f 3198
beadb2bd
JH		 3199 if (changed)
3200 err = new_settings(hdev, match.sk);
5e5282bb 3201
73f22f62
JH		 3202 if (match.sk)
3203 sock_put(match.sk);
3204
7bb895d6 3205 return err;
73f22f62 3206}
9fbcbb45 3207
744cf19e 3208int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3209{
76a7f3a4 3210 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3211 bool changed = false;
3212 int err = 0;
9fbcbb45 3213
5e5282bb
JH		 3214 if (connectable) {
3215 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3216 changed = true;
3217 } else {
3218 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3219 changed = true;
3220 }
9fbcbb45 3221
ed9b5f2f 3222 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3223 &match);
ed9b5f2f 3224
beadb2bd
JH		 3225 if (changed)
3226 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3227
3228 if (match.sk)
3229 sock_put(match.sk);
3230
7bb895d6 3231 return err;
9fbcbb45 3232}
55ed8ca1 3233
744cf19e 3234int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3235{
ca69b795
JH		 3236 u8 mgmt_err = mgmt_status(status);
3237
2d7cee58 3238 if (scan & SCAN_PAGE)
744cf19e 3239 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3240 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3241
3242 if (scan & SCAN_INQUIRY)
744cf19e 3243 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3244 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3245
3246 return 0;
3247}
3248
53168e5b
CC		 3249int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3250 bool persistent)
55ed8ca1 3251{
86742e1e 3252 struct mgmt_ev_new_link_key ev;
55ed8ca1 3253
a492cd52 3254 memset(&ev, 0, sizeof(ev));
55ed8ca1 3255
a492cd52 3256 ev.store_hint = persistent;
d753fdc4 3257 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3258 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3259 ev.key.type = key->type;
9b3b4460 3260 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3261 ev.key.pin_len = key->pin_len;
55ed8ca1 3262
744cf19e 3263 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3264}
f7520543 3265
346af67b
VCG		 3266int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3267{
3268 struct mgmt_ev_new_long_term_key ev;
3269
3270 memset(&ev, 0, sizeof(ev));
3271
3272 ev.store_hint = persistent;
3273 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3274 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3275 ev.key.authenticated = key->authenticated;
3276 ev.key.enc_size = key->enc_size;
3277 ev.key.ediv = key->ediv;
3278
3279 if (key->type == HCI_SMP_LTK)
3280 ev.key.master = 1;
3281
3282 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3283 memcpy(ev.key.val, key->val, sizeof(key->val));
3284
04124681
GP		 3285 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3286 NULL);
346af67b
VCG		 3287}
3288
afc747a6 3289int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3290 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3291 u8 *dev_class)
f7520543 3292{
b644ba33
JH		 3293 char buf[512];
3294 struct mgmt_ev_device_connected *ev = (void *) buf;
3295 u16 eir_len = 0;
f7520543 3296
b644ba33 3297 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3298 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3299
c95f0ba7 3300 ev->flags = __cpu_to_le32(flags);
08c79b61 3301
b644ba33
JH		 3302 if (name_len > 0)
3303 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3304 name, name_len);
b644ba33
JH		 3305
3306 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3307 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3308 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3309
eb55ef07 3310 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3311
3312 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3313 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3314}
3315
8962ee74
JH		 3316static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3317{
c68fb7ff 3318 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3319 struct sock **sk = data;
a38528f1 3320 struct mgmt_rp_disconnect rp;
8962ee74 3321
88c3df13
JH		 3322 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3323 rp.addr.type = cp->addr.type;
8962ee74 3324
aee9b218 3325 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3326 sizeof(rp));
8962ee74
JH		 3327
3328 *sk = cmd->sk;
3329 sock_hold(*sk);
3330
a664b5bc 3331 mgmt_pending_remove(cmd);
8962ee74
JH		 3332}
3333
124f6e35 3334static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3335{
b1078ad0 3336 struct hci_dev *hdev = data;
124f6e35
JH		 3337 struct mgmt_cp_unpair_device *cp = cmd->param;
3338 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3339
3340 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3341 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3342 rp.addr.type = cp->addr.type;
a8a1d19e 3343
b1078ad0
JH		 3344 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3345
aee9b218 3346 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3347
3348 mgmt_pending_remove(cmd);
3349}
3350
afc747a6 3351int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3352 u8 link_type, u8 addr_type, u8 reason)
f7520543 3353{
f0d6a0ea 3354 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3355 struct sock *sk = NULL;
3356 int err;
3357
744cf19e 3358 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3359
f0d6a0ea
MA		 3360 bacpy(&ev.addr.bdaddr, bdaddr);
3361 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3362 ev.reason = reason;
f7520543 3363
afc747a6 3364 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3365 sk);
8962ee74
JH		 3366
3367 if (sk)
d97dcb66 3368 sock_put(sk);
8962ee74 3369
124f6e35 3370 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3371 hdev);
a8a1d19e 3372
8962ee74
JH		 3373 return err;
3374}
3375
88c3df13 3376int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3377 u8 link_type, u8 addr_type, u8 status)
8962ee74 3378{
88c3df13 3379 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3380 struct pending_cmd *cmd;
3381 int err;
3382
36a75f1b
JD		 3383 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3384 hdev);
3385
2e58ef3e 3386 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3387 if (!cmd)
3388 return -ENOENT;
3389
88c3df13 3390 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3391 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3392
88c3df13 3393 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3394 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3395
a664b5bc 3396 mgmt_pending_remove(cmd);
8962ee74
JH		 3397
3398 return err;
f7520543 3399}
17d5c04c 3400
48264f06 3401int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3402 u8 addr_type, u8 status)
17d5c04c
JH		 3403{
3404 struct mgmt_ev_connect_failed ev;
3405
4c659c39 3406 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3407 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3408 ev.status = mgmt_status(status);
17d5c04c 3409
744cf19e 3410 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3411}
980e1a53 3412
744cf19e 3413int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3414{
3415 struct mgmt_ev_pin_code_request ev;
3416
d8457698 3417 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3418 ev.addr.type = BDADDR_BREDR;
a770bb5a 3419 ev.secure = secure;
980e1a53 3420
744cf19e 3421 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3422 NULL);
980e1a53
JH		 3423}
3424
744cf19e 3425int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3426 u8 status)
980e1a53
JH		 3427{
3428 struct pending_cmd *cmd;
ac56fb13 3429 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3430 int err;
3431
2e58ef3e 3432 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3433 if (!cmd)
3434 return -ENOENT;
3435
d8457698 3436 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3437 rp.addr.type = BDADDR_BREDR;
ac56fb13 3438
aee9b218 3439 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3440 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3441
a664b5bc 3442 mgmt_pending_remove(cmd);
980e1a53
JH		 3443
3444 return err;
3445}
3446
744cf19e 3447int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3448 u8 status)
980e1a53
JH		 3449{
3450 struct pending_cmd *cmd;
ac56fb13 3451 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3452 int err;
3453
2e58ef3e 3454 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3455 if (!cmd)
3456 return -ENOENT;
3457
d8457698 3458 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3459 rp.addr.type = BDADDR_BREDR;
ac56fb13 3460
aee9b218 3461 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3462 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3463
a664b5bc 3464 mgmt_pending_remove(cmd);
980e1a53
JH		 3465
3466 return err;
3467}
a5c29683 3468
744cf19e 3469int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3470 u8 link_type, u8 addr_type, __le32 value,
3471 u8 confirm_hint)
a5c29683
JH		 3472{
3473 struct mgmt_ev_user_confirm_request ev;
3474
744cf19e 3475 BT_DBG("%s", hdev->name);
a5c29683 3476
272d90df 3477 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3478 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3479 ev.confirm_hint = confirm_hint;
78e8098e 3480 ev.value = value;
a5c29683 3481
744cf19e 3482 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3483 NULL);
a5c29683
JH		 3484}
3485
272d90df 3486int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3487 u8 link_type, u8 addr_type)
604086b7
BG		 3488{
3489 struct mgmt_ev_user_passkey_request ev;
3490
3491 BT_DBG("%s", hdev->name);
3492
272d90df 3493 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3494 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3495
3496 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3497 NULL);
604086b7
BG		 3498}
3499
0df4c185 3500static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3501 u8 link_type, u8 addr_type, u8 status,
3502 u8 opcode)
a5c29683
JH		 3503{
3504 struct pending_cmd *cmd;
3505 struct mgmt_rp_user_confirm_reply rp;
3506 int err;
3507
2e58ef3e 3508 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3509 if (!cmd)
3510 return -ENOENT;
3511
272d90df 3512 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3513 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3514 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3515 &rp, sizeof(rp));
a5c29683 3516
a664b5bc 3517 mgmt_pending_remove(cmd);
a5c29683
JH		 3518
3519 return err;
3520}
3521
744cf19e 3522int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3523 u8 link_type, u8 addr_type, u8 status)
a5c29683 3524{
272d90df 3525 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3526 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3527}
3528
272d90df 3529int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3530 u8 link_type, u8 addr_type, u8 status)
a5c29683 3531{
272d90df 3532 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3533 status,
3534 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3535}
2a611692 3536
604086b7 3537int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3538 u8 link_type, u8 addr_type, u8 status)
604086b7 3539{
272d90df 3540 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3541 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3542}
3543
272d90df 3544int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3545 u8 link_type, u8 addr_type, u8 status)
604086b7 3546{
272d90df 3547 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3548 status,
3549 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3550}
3551
92a25256
JH		 3552int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3553 u8 link_type, u8 addr_type, u32 passkey,
3554 u8 entered)
3555{
3556 struct mgmt_ev_passkey_notify ev;
3557
3558 BT_DBG("%s", hdev->name);
3559
3560 bacpy(&ev.addr.bdaddr, bdaddr);
3561 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3562 ev.passkey = __cpu_to_le32(passkey);
3563 ev.entered = entered;
3564
3565 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3566}
3567
bab73cb6 3568int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3569 u8 addr_type, u8 status)
2a611692
JH		 3570{
3571 struct mgmt_ev_auth_failed ev;
3572
bab73cb6 3573 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3574 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3575 ev.status = mgmt_status(status);
2a611692 3576
744cf19e 3577 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3578}
b312b161 3579
33ef95ed
JH		 3580int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3581{
3582 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3583 bool changed = false;
3584 int err = 0;
33ef95ed
JH		 3585
3586 if (status) {
3587 u8 mgmt_err = mgmt_status(status);
3588 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3589 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3590 return 0;
3591 }
3592
47990ea0
JH		 3593 if (test_bit(HCI_AUTH, &hdev->flags)) {
3594 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3595 changed = true;
3596 } else {
3597 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3598 changed = true;
3599 }
3600
33ef95ed 3601 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3602 &match);
33ef95ed 3603
47990ea0
JH		 3604 if (changed)
3605 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3606
3607 if (match.sk)
3608 sock_put(match.sk);
3609
3610 return err;
3611}
3612
890ea898 3613static void clear_eir(struct hci_request *req)
cacaf52f 3614{
890ea898 3615 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3616 struct hci_cp_write_eir cp;
3617
976eb20e 3618 if (!lmp_ext_inq_capable(hdev))
890ea898 3619 return;
cacaf52f 3620
c80da27e
JH		 3621 memset(hdev->eir, 0, sizeof(hdev->eir));
3622
cacaf52f
JH		 3623 memset(&cp, 0, sizeof(cp));
3624
890ea898 3625 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 3626}
3627
c0ecddc2 3628int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3629{
3630 struct cmd_lookup match = { NULL, hdev };
890ea898 3631 struct hci_request req;
c0ecddc2
JH		 3632 bool changed = false;
3633 int err = 0;
ed2c4ee3
JH		 3634
3635 if (status) {
3636 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3637
3638 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3639 &hdev->dev_flags))
c0ecddc2
JH		 3640 err = new_settings(hdev, NULL);
3641
04124681
GP		 3642 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3643 &mgmt_err);
c0ecddc2
JH		 3644
3645 return err;
3646 }
3647
3648 if (enable) {
3649 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3650 changed = true;
3651 } else {
3652 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3653 changed = true;
ed2c4ee3
JH		 3654 }
3655
3656 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3657
c0ecddc2
JH		 3658 if (changed)
3659 err = new_settings(hdev, match.sk);
ed2c4ee3 3660
5fc6ebb1 3661 if (match.sk)
ed2c4ee3
JH		 3662 sock_put(match.sk);
3663
890ea898
JH		 3664 hci_req_init(&req, hdev);
3665
5fc6ebb1 3666 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 3667 update_eir(&req);
5fc6ebb1 3668 else
890ea898
JH		 3669 clear_eir(&req);
3670
3671 hci_req_run(&req, NULL);
cacaf52f 3672
ed2c4ee3
JH		 3673 return err;
3674}
3675
90e70454
JH		 3676static void class_rsp(struct pending_cmd *cmd, void *data)
3677{
3678 struct cmd_lookup *match = data;
3679
3680 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3681 match->hdev->dev_class, 3);
90e70454
JH		 3682
3683 list_del(&cmd->list);
3684
3685 if (match->sk == NULL) {
3686 match->sk = cmd->sk;
3687 sock_hold(match->sk);
3688 }
3689
3690 mgmt_pending_free(cmd);
3691}
3692
7f9a903c 3693int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3694 u8 status)
7f9a903c 3695{
90e70454
JH		 3696 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3697 int err = 0;
7f9a903c 3698
c95f0ba7
JH		 3699 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3700
90e70454
JH		 3701 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3702 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3703 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3704
3705 if (!status)
04124681
GP		 3706 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3707 3, NULL);
90e70454
JH		 3708
3709 if (match.sk)
3710 sock_put(match.sk);
7f9a903c
MH		 3711
3712 return err;
3713}
3714
744cf19e 3715int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3716{
3717 struct pending_cmd *cmd;
3718 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3719 bool changed = false;
3720 int err = 0;
3721
3722 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3723 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3724 changed = true;
3725 }
b312b161
JH		 3726
3727 memset(&ev, 0, sizeof(ev));
3728 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3729 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3730
2e58ef3e 3731 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3732 if (!cmd)
3733 goto send_event;
3734
7bdaae4a
JH		 3735 /* Always assume that either the short or the complete name has
3736 * changed if there was a pending mgmt command */
3737 changed = true;
3738
b312b161 3739 if (status) {
744cf19e 3740 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3741 mgmt_status(status));
b312b161
JH		 3742 goto failed;
3743 }
3744
aee9b218 3745 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3746 sizeof(ev));
b312b161
JH		 3747 if (err < 0)
3748 goto failed;
3749
3750send_event:
28cc7bde
JH		 3751 if (changed)
3752 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3753 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3754
1225a6bd
JH		 3755 /* EIR is taken care of separately when powering on the
3756 * adapter so only update them here if this is a name change
3757 * unrelated to power on.
3758 */
890ea898
JH		 3759 if (!test_bit(HCI_INIT, &hdev->flags)) {
3760 struct hci_request req;
3761 hci_req_init(&req, hdev);
3762 update_eir(&req);
3763 hci_req_run(&req, NULL);
3764 }
b312b161
JH		 3765
3766failed:
3767 if (cmd)
3768 mgmt_pending_remove(cmd);
3769 return err;
3770}
c35938b2 3771
744cf19e 3772int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3773 u8 *randomizer, u8 status)
c35938b2
SJ		 3774{
3775 struct pending_cmd *cmd;
3776 int err;
3777
744cf19e 3778 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3779
2e58ef3e 3780 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3781 if (!cmd)
3782 return -ENOENT;
3783
3784 if (status) {
04124681
GP		 3785 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3786 mgmt_status(status));
c35938b2
SJ		 3787 } else {
3788 struct mgmt_rp_read_local_oob_data rp;
3789
3790 memcpy(rp.hash, hash, sizeof(rp.hash));
3791 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3792
744cf19e 3793 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3794 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3795 sizeof(rp));
c35938b2
SJ		 3796 }
3797
3798 mgmt_pending_remove(cmd);
3799
3800 return err;
3801}
e17acd40 3802
06199cf8
JH		 3803int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3804{
3805 struct cmd_lookup match = { NULL, hdev };
3806 bool changed = false;
3807 int err = 0;
3808
3809 if (status) {
3810 u8 mgmt_err = mgmt_status(status);
3811
3812 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3813 &hdev->dev_flags))
d97dcb66 3814 err = new_settings(hdev, NULL);
06199cf8 3815
d97dcb66
SJ		 3816 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3817 &mgmt_err);
06199cf8
JH		 3818
3819 return err;
3820 }
3821
3822 if (enable) {
3823 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3824 changed = true;
3825 } else {
3826 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3827 changed = true;
3828 }
3829
3830 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3831
3832 if (changed)
3833 err = new_settings(hdev, match.sk);
3834
3835 if (match.sk)
3836 sock_put(match.sk);
3837
3838 return err;
3839}
3840
48264f06 3841int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3842 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3843 ssp, u8 *eir, u16 eir_len)
e17acd40 3844{
e319d2e7
JH		 3845 char buf[512];
3846 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3847 size_t ev_size;
e17acd40 3848
1dc06093
JH		 3849 /* Leave 5 bytes for a potential CoD field */
3850 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3851 return -EINVAL;
3852
1dc06093
JH		 3853 memset(buf, 0, sizeof(buf));
3854
e319d2e7 3855 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3856 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3857 ev->rssi = rssi;
9a395a80 3858 if (cfm_name)
612dfce9 3859 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3860 if (!ssp)
612dfce9 3861 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3862
1dc06093 3863 if (eir_len > 0)
e319d2e7 3864 memcpy(ev->eir, eir, eir_len);
e17acd40 3865
1dc06093
JH		 3866 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3867 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3868 dev_class, 3);
1dc06093 3869
eb55ef07 3870 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3871 ev_size = sizeof(*ev) + eir_len;
f8523598 3872
e319d2e7 3873 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3874}
a88a9652 3875
b644ba33 3876int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3877 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3878{
b644ba33
JH		 3879 struct mgmt_ev_device_found *ev;
3880 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3881 u16 eir_len;
a88a9652 3882
b644ba33 3883 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3884
b644ba33
JH		 3885 memset(buf, 0, sizeof(buf));
3886
3887 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3888 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3889 ev->rssi = rssi;
3890
3891 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3892 name_len);
b644ba33 3893
eb55ef07 3894 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3895
053c7e0c 3896 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3897 sizeof(*ev) + eir_len, NULL);
a88a9652 3898}
314b2381 3899
7a135109 3900int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3901{
3902 struct pending_cmd *cmd;
f808e166 3903 u8 type;
164a6e78
JH		 3904 int err;
3905
203159d4
AG		 3906 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3907
2e58ef3e 3908 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3909 if (!cmd)
3910 return -ENOENT;
3911
f808e166
JH		 3912 type = hdev->discovery.type;
3913
3914 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3915 &type, sizeof(type));
164a6e78
JH		 3916 mgmt_pending_remove(cmd);
3917
3918 return err;
3919}
3920
e6d465cb
AG		 3921int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3922{
3923 struct pending_cmd *cmd;
3924 int err;
3925
3926 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3927 if (!cmd)
3928 return -ENOENT;
3929
d930650b 3930 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3931 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3932 mgmt_pending_remove(cmd);
3933
3934 return err;
3935}
3936
744cf19e 3937int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3938{
f963e8e9 3939 struct mgmt_ev_discovering ev;
164a6e78
JH		 3940 struct pending_cmd *cmd;
3941
343fb145
AG		 3942 BT_DBG("%s discovering %u", hdev->name, discovering);
3943
164a6e78 3944 if (discovering)
2e58ef3e 3945 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3946 else
2e58ef3e 3947 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3948
3949 if (cmd != NULL) {
f808e166
JH		 3950 u8 type = hdev->discovery.type;
3951
04124681
GP		 3952 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3953 sizeof(type));
164a6e78
JH		 3954 mgmt_pending_remove(cmd);
3955 }
3956
f963e8e9
JH		 3957 memset(&ev, 0, sizeof(ev));
3958 ev.type = hdev->discovery.type;
3959 ev.discovering = discovering;
3960
3961 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3962}
5e762444 3963
88c1fe4b 3964int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3965{
3966 struct pending_cmd *cmd;
3967 struct mgmt_ev_device_blocked ev;
3968
2e58ef3e 3969 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3970
88c1fe4b
JH		 3971 bacpy(&ev.addr.bdaddr, bdaddr);
3972 ev.addr.type = type;
5e762444 3973
744cf19e 3974 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3975 cmd ? cmd->sk : NULL);
5e762444
AJ		 3976}
3977
88c1fe4b 3978int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3979{
3980 struct pending_cmd *cmd;
3981 struct mgmt_ev_device_unblocked ev;
3982
2e58ef3e 3983 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3984
88c1fe4b
JH		 3985 bacpy(&ev.addr.bdaddr, bdaddr);
3986 ev.addr.type = type;
5e762444 3987
744cf19e 3988 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3989 cmd ? cmd->sk : NULL);
5e762444 3990}
d7b7e796
MH		 3991
3992module_param(enable_hs, bool, 0644);
3993MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.437906 seconds and 5 git commands to generate.