projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use an async request for mgmt_set_connectable
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
ef580372
JH		 546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
ef580372
JH		 549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
ef580372
JH		 566 ptr += (name_len + 2);
567 }
568
bbaf444a 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
91c4e9b1
MH		 574 ptr += 3;
575 }
576
2b9be137
MH		 577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
2b9be137
MH		 586 ptr += 10;
587 }
588
213202ed 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 592}
593
890ea898 594static void update_eir(struct hci_request *req)
ef580372 595{
890ea898 596 struct hci_dev *hdev = req->hdev;
ef580372
JH		 597 struct hci_cp_write_eir cp;
598
504c8dcd 599 if (!hdev_is_powered(hdev))
890ea898 600 return;
7770c4aa 601
976eb20e 602 if (!lmp_ext_inq_capable(hdev))
890ea898 603 return;
ef580372 604
84bde9d6 605 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 606 return;
ef580372 607
a8b2d5c2 608 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 609 return;
ef580372
JH		 610
611 memset(&cp, 0, sizeof(cp));
612
613 create_eir(hdev, cp.data);
614
615 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 616 return;
ef580372
JH		 617
618 memcpy(hdev->eir, cp.data, sizeof(cp.data));
619
890ea898 620 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 621}
622
623static u8 get_service_classes(struct hci_dev *hdev)
624{
625 struct bt_uuid *uuid;
626 u8 val = 0;
627
628 list_for_each_entry(uuid, &hdev->uuids, list)
629 val |= uuid->svc_hint;
630
631 return val;
632}
633
890ea898 634static void update_class(struct hci_request *req)
ef580372 635{
890ea898 636 struct hci_dev *hdev = req->hdev;
ef580372
JH		 637 u8 cod[3];
638
639 BT_DBG("%s", hdev->name);
640
504c8dcd 641 if (!hdev_is_powered(hdev))
890ea898 642 return;
7770c4aa 643
a8b2d5c2 644 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 645 return;
ef580372
JH		 646
647 cod[0] = hdev->minor_class;
648 cod[1] = hdev->major_class;
649 cod[2] = get_service_classes(hdev);
650
651 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 652 return;
ef580372 653
890ea898 654 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 655}
656
7d78525d
JH		 657static void service_cache_off(struct work_struct *work)
658{
659 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 660 service_cache.work);
890ea898 661 struct hci_request req;
7d78525d 662
a8b2d5c2 663 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 664 return;
665
890ea898
JH		 666 hci_req_init(&req, hdev);
667
7d78525d
JH		 668 hci_dev_lock(hdev);
669
890ea898
JH		 670 update_eir(&req);
671 update_class(&req);
7d78525d
JH		 672
673 hci_dev_unlock(hdev);
890ea898
JH		 674
675 hci_req_run(&req, NULL);
7d78525d
JH		 676}
677
6a919082 678static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 679{
4f87da80 680 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 681 return;
682
4f87da80 683 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 684
4f87da80
JH		 685 /* Non-mgmt controlled devices get this bit set
686 * implicitly so that pairing works for them, however
687 * for mgmt we require user-space to explicitly enable
688 * it
689 */
690 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 691}
692
0f4e68cf 693static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 694 void *data, u16 data_len)
0381101f 695{
a38528f1 696 struct mgmt_rp_read_info rp;
f7b64e69 697
bdb6d971 698 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 699
09fd0de5 700 hci_dev_lock(hdev);
f7b64e69 701
dc4fe30b
JH		 702 memset(&rp, 0, sizeof(rp));
703
69ab39ea 704 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 705
69ab39ea 706 rp.version = hdev->hci_ver;
eb55ef07 707 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 708
709 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
710 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 711
a38528f1 712 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 713
dc4fe30b 714 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 715 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 716
09fd0de5 717 hci_dev_unlock(hdev);
0381101f 718
bdb6d971 719 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 720 sizeof(rp));
0381101f
JH		 721}
722
eec8d2bc
JH		 723static void mgmt_pending_free(struct pending_cmd *cmd)
724{
725 sock_put(cmd->sk);
c68fb7ff 726 kfree(cmd->param);
eec8d2bc
JH		 727 kfree(cmd);
728}
729
366a0336 730static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 731 struct hci_dev *hdev, void *data,
732 u16 len)
eec8d2bc
JH		 733{
734 struct pending_cmd *cmd;
735
12b94565 736 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 737 if (!cmd)
366a0336 738 return NULL;
eec8d2bc
JH		 739
740 cmd->opcode = opcode;
2e58ef3e 741 cmd->index = hdev->id;
eec8d2bc 742
12b94565 743 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 744 if (!cmd->param) {
eec8d2bc 745 kfree(cmd);
366a0336 746 return NULL;
eec8d2bc
JH		 747 }
748
8fce6357
SJ		 749 if (data)
750 memcpy(cmd->param, data, len);
eec8d2bc
JH		 751
752 cmd->sk = sk;
753 sock_hold(sk);
754
2e58ef3e 755 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 756
366a0336 757 return cmd;
eec8d2bc
JH		 758}
759
744cf19e 760static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 761 void (*cb)(struct pending_cmd *cmd,
762 void *data),
04124681 763 void *data)
eec8d2bc 764{
a3d09356 765 struct pending_cmd *cmd, *tmp;
eec8d2bc 766
a3d09356 767 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 768 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 769 continue;
770
eec8d2bc
JH		 771 cb(cmd, data);
772 }
773}
774
2e58ef3e 775static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 776{
8035ded4 777 struct pending_cmd *cmd;
eec8d2bc 778
2e58ef3e 779 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 780 if (cmd->opcode == opcode)
781 return cmd;
eec8d2bc
JH		 782 }
783
784 return NULL;
785}
786
a664b5bc 787static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 788{
73f22f62
JH		 789 list_del(&cmd->list);
790 mgmt_pending_free(cmd);
791}
792
69ab39ea 793static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 794{
69ab39ea 795 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 796
aee9b218 797 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 798 sizeof(settings));
8680570b
JH		 799}
800
bdb6d971 801static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 802 u16 len)
eec8d2bc 803{
650f726d 804 struct mgmt_mode *cp = data;
366a0336 805 struct pending_cmd *cmd;
4b34ee78 806 int err;
eec8d2bc 807
bdb6d971 808 BT_DBG("request for %s", hdev->name);
eec8d2bc 809
a7e80f25
JH		 810 if (cp->val != 0x00 && cp->val != 0x01)
811 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 MGMT_STATUS_INVALID_PARAMS);
813
09fd0de5 814 hci_dev_lock(hdev);
eec8d2bc 815
f0d4b78a
MH		 816 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
817 cancel_delayed_work(&hdev->power_off);
818
819 if (cp->val) {
a1d70450
JH		 820 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
821 data, len);
822 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 823 goto failed;
824 }
825 }
826
4b34ee78 827 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 828 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 829 goto failed;
830 }
831
2e58ef3e 832 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 833 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 834 MGMT_STATUS_BUSY);
eec8d2bc
JH		 835 goto failed;
836 }
837
2e58ef3e 838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 839 if (!cmd) {
840 err = -ENOMEM;
eec8d2bc 841 goto failed;
366a0336 842 }
eec8d2bc 843
72a734ec 844 if (cp->val)
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 846 else
19202573 847 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 848
366a0336 849 err = 0;
eec8d2bc
JH		 850
851failed:
09fd0de5 852 hci_dev_unlock(hdev);
366a0336 853 return err;
eec8d2bc
JH		 854}
855
04124681
GP		 856static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
857 struct sock *skip_sk)
beadb2bd
JH		 858{
859 struct sk_buff *skb;
860 struct mgmt_hdr *hdr;
861
790eff44 862 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 863 if (!skb)
864 return -ENOMEM;
865
866 hdr = (void *) skb_put(skb, sizeof(*hdr));
867 hdr->opcode = cpu_to_le16(event);
868 if (hdev)
869 hdr->index = cpu_to_le16(hdev->id);
870 else
612dfce9 871 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 872 hdr->len = cpu_to_le16(data_len);
873
874 if (data)
875 memcpy(skb_put(skb, data_len), data, data_len);
876
97e0bdeb
MH		 877 /* Time stamp */
878 __net_timestamp(skb);
879
beadb2bd
JH		 880 hci_send_to_control(skb, skip_sk);
881 kfree_skb(skb);
882
883 return 0;
884}
885
886static int new_settings(struct hci_dev *hdev, struct sock *skip)
887{
888 __le32 ev;
889
890 ev = cpu_to_le32(get_current_settings(hdev));
891
892 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
893}
894
bdb6d971 895static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 896 u16 len)
73f22f62 897{
650f726d 898 struct mgmt_cp_set_discoverable *cp = data;
366a0336 899 struct pending_cmd *cmd;
5e5282bb 900 u16 timeout;
73f22f62
JH		 901 u8 scan;
902 int err;
903
bdb6d971 904 BT_DBG("request for %s", hdev->name);
73f22f62 905
33c525c0
JH		 906 if (!lmp_bredr_capable(hdev))
907 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
908 MGMT_STATUS_NOT_SUPPORTED);
909
a7e80f25
JH		 910 if (cp->val != 0x00 && cp->val != 0x01)
911 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
912 MGMT_STATUS_INVALID_PARAMS);
913
1f350c87 914 timeout = __le16_to_cpu(cp->timeout);
24c54a90 915 if (!cp->val && timeout > 0)
bdb6d971 916 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 917 MGMT_STATUS_INVALID_PARAMS);
73f22f62 918
09fd0de5 919 hci_dev_lock(hdev);
73f22f62 920
5e5282bb 921 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 922 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 923 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 924 goto failed;
925 }
926
2e58ef3e 927 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 928 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 929 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 930 MGMT_STATUS_BUSY);
73f22f62
JH		 931 goto failed;
932 }
933
5e5282bb 934 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 935 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 936 MGMT_STATUS_REJECTED);
5e5282bb
JH		 937 goto failed;
938 }
939
940 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 941 bool changed = false;
942
943 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
944 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
945 changed = true;
946 }
947
5e5282bb 948 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 949 if (err < 0)
950 goto failed;
951
952 if (changed)
953 err = new_settings(hdev, sk);
954
5e5282bb
JH		 955 goto failed;
956 }
957
958 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 959 if (hdev->discov_timeout > 0) {
960 cancel_delayed_work(&hdev->discov_off);
961 hdev->discov_timeout = 0;
962 }
963
964 if (cp->val && timeout > 0) {
965 hdev->discov_timeout = timeout;
966 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
967 msecs_to_jiffies(hdev->discov_timeout * 1000));
968 }
969
69ab39ea 970 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 971 goto failed;
972 }
973
2e58ef3e 974 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 975 if (!cmd) {
976 err = -ENOMEM;
73f22f62 977 goto failed;
366a0336 978 }
73f22f62
JH		 979
980 scan = SCAN_PAGE;
981
72a734ec 982 if (cp->val)
73f22f62 983 scan |= SCAN_INQUIRY;
16ab91ab 984 else
e0f9309f 985 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 986
987 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
988 if (err < 0)
a664b5bc 989 mgmt_pending_remove(cmd);
73f22f62 990
16ab91ab 991 if (cp->val)
5e5282bb 992 hdev->discov_timeout = timeout;
16ab91ab 993
73f22f62 994failed:
09fd0de5 995 hci_dev_unlock(hdev);
73f22f62
JH		 996 return err;
997}
998
2b76f453
JH		 999static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1000{
1001 struct pending_cmd *cmd;
1002
1003 BT_DBG("status 0x%02x", status);
1004
1005 hci_dev_lock(hdev);
1006
1007 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1008 if (!cmd)
1009 goto unlock;
1010
1011 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1012
1013 mgmt_pending_remove(cmd);
1014
1015unlock:
1016 hci_dev_unlock(hdev);
1017}
1018
bdb6d971 1019static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1020 u16 len)
9fbcbb45 1021{
650f726d 1022 struct mgmt_mode *cp = data;
366a0336 1023 struct pending_cmd *cmd;
2b76f453 1024 struct hci_request req;
9fbcbb45
JH		 1025 u8 scan;
1026 int err;
1027
bdb6d971 1028 BT_DBG("request for %s", hdev->name);
9fbcbb45 1029
33c525c0
JH		 1030 if (!lmp_bredr_capable(hdev))
1031 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1032 MGMT_STATUS_NOT_SUPPORTED);
1033
a7e80f25
JH		 1034 if (cp->val != 0x00 && cp->val != 0x01)
1035 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1036 MGMT_STATUS_INVALID_PARAMS);
1037
09fd0de5 1038 hci_dev_lock(hdev);
9fbcbb45 1039
4b34ee78 1040 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1041 bool changed = false;
1042
1043 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1044 changed = true;
1045
6bf0e469 1046 if (cp->val) {
5e5282bb 1047 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1048 } else {
5e5282bb
JH		 1049 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1050 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1051 }
0224d2fa 1052
5e5282bb 1053 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1054 if (err < 0)
1055 goto failed;
1056
1057 if (changed)
1058 err = new_settings(hdev, sk);
1059
9fbcbb45
JH		 1060 goto failed;
1061 }
1062
2e58ef3e 1063 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1064 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1065 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1066 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1067 goto failed;
1068 }
1069
5e5282bb 1070 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1071 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1072 goto failed;
1073 }
1074
2e58ef3e 1075 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1076 if (!cmd) {
1077 err = -ENOMEM;
9fbcbb45 1078 goto failed;
366a0336 1079 }
9fbcbb45 1080
6bf0e469 1081 if (cp->val) {
9fbcbb45 1082 scan = SCAN_PAGE;
6bf0e469 1083 } else {
9fbcbb45
JH		 1084 scan = 0;
1085
df2c6c5e 1086 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1087 hdev->discov_timeout > 0)
df2c6c5e
JH		 1088 cancel_delayed_work(&hdev->discov_off);
1089 }
1090
2b76f453
JH		 1091 hci_req_init(&req, hdev);
1092
1093 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1094
1095 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1096 if (err < 0)
a664b5bc 1097 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1098
1099failed:
09fd0de5 1100 hci_dev_unlock(hdev);
9fbcbb45
JH		 1101 return err;
1102}
1103
bdb6d971 1104static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1105 u16 len)
c542a06c 1106{
650f726d 1107 struct mgmt_mode *cp = data;
c542a06c
JH		 1108 int err;
1109
bdb6d971 1110 BT_DBG("request for %s", hdev->name);
c542a06c 1111
a7e80f25
JH		 1112 if (cp->val != 0x00 && cp->val != 0x01)
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1114 MGMT_STATUS_INVALID_PARAMS);
1115
09fd0de5 1116 hci_dev_lock(hdev);
c542a06c
JH		 1117
1118 if (cp->val)
a8b2d5c2 1119 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1120 else
a8b2d5c2 1121 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1122
69ab39ea 1123 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1124 if (err < 0)
1125 goto failed;
1126
beadb2bd 1127 err = new_settings(hdev, sk);
c542a06c
JH		 1128
1129failed:
09fd0de5 1130 hci_dev_unlock(hdev);
c542a06c
JH		 1131 return err;
1132}
1133
04124681
GP		 1134static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1135 u16 len)
33ef95ed
JH		 1136{
1137 struct mgmt_mode *cp = data;
1138 struct pending_cmd *cmd;
816a11d5 1139 u8 val;
33ef95ed
JH		 1140 int err;
1141
bdb6d971 1142 BT_DBG("request for %s", hdev->name);
33ef95ed 1143
33c525c0
JH		 1144 if (!lmp_bredr_capable(hdev))
1145 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1146 MGMT_STATUS_NOT_SUPPORTED);
1147
a7e80f25
JH		 1148 if (cp->val != 0x00 && cp->val != 0x01)
1149 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1150 MGMT_STATUS_INVALID_PARAMS);
1151
33ef95ed
JH		 1152 hci_dev_lock(hdev);
1153
4b34ee78 1154 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1155 bool changed = false;
1156
1157 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1158 &hdev->dev_flags)) {
47990ea0
JH		 1159 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1160 changed = true;
1161 }
1162
1163 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1164 if (err < 0)
1165 goto failed;
1166
1167 if (changed)
1168 err = new_settings(hdev, sk);
1169
33ef95ed
JH		 1170 goto failed;
1171 }
1172
1173 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1174 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1175 MGMT_STATUS_BUSY);
33ef95ed
JH		 1176 goto failed;
1177 }
1178
1179 val = !!cp->val;
1180
1181 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1182 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1183 goto failed;
1184 }
1185
1186 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1187 if (!cmd) {
1188 err = -ENOMEM;
1189 goto failed;
1190 }
1191
1192 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1193 if (err < 0) {
1194 mgmt_pending_remove(cmd);
1195 goto failed;
1196 }
1197
1198failed:
1199 hci_dev_unlock(hdev);
33ef95ed
JH		 1200 return err;
1201}
1202
bdb6d971 1203static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1204{
1205 struct mgmt_mode *cp = data;
1206 struct pending_cmd *cmd;
816a11d5 1207 u8 val;
ed2c4ee3
JH		 1208 int err;
1209
bdb6d971 1210 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1211
13ecd8b6
JH		 1212 if (!lmp_ssp_capable(hdev))
1213 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1214 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1215
a7e80f25
JH		 1216 if (cp->val != 0x00 && cp->val != 0x01)
1217 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1218 MGMT_STATUS_INVALID_PARAMS);
1219
13ecd8b6 1220 hci_dev_lock(hdev);
6c8f12c1 1221
c0ecddc2
JH		 1222 val = !!cp->val;
1223
4b34ee78 1224 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1225 bool changed = false;
1226
1227 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1228 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1229 changed = true;
1230 }
1231
1232 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1233 if (err < 0)
1234 goto failed;
1235
1236 if (changed)
1237 err = new_settings(hdev, sk);
1238
ed2c4ee3
JH		 1239 goto failed;
1240 }
1241
1242 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1243 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1244 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1245 goto failed;
1246 }
1247
ed2c4ee3
JH		 1248 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1249 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1250 goto failed;
1251 }
1252
1253 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1254 if (!cmd) {
1255 err = -ENOMEM;
1256 goto failed;
1257 }
1258
1259 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1260 if (err < 0) {
1261 mgmt_pending_remove(cmd);
1262 goto failed;
1263 }
1264
1265failed:
1266 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1267 return err;
1268}
1269
bdb6d971 1270static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1271{
1272 struct mgmt_mode *cp = data;
6d80dfd0 1273
bdb6d971 1274 BT_DBG("request for %s", hdev->name);
6d80dfd0 1275
bdb6d971
JH		 1276 if (!enable_hs)
1277 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1278 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1279
a7e80f25
JH		 1280 if (cp->val != 0x00 && cp->val != 0x01)
1281 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1282 MGMT_STATUS_INVALID_PARAMS);
1283
6d80dfd0
JH		 1284 if (cp->val)
1285 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1286 else
1287 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1288
bdb6d971 1289 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1290}
1291
bdb6d971 1292static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1293{
1294 struct mgmt_mode *cp = data;
1295 struct hci_cp_write_le_host_supported hci_cp;
1296 struct pending_cmd *cmd;
06199cf8 1297 int err;
0b60eba1 1298 u8 val, enabled;
06199cf8 1299
bdb6d971 1300 BT_DBG("request for %s", hdev->name);
06199cf8 1301
13ecd8b6
JH		 1302 if (!lmp_le_capable(hdev))
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1304 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1305
a7e80f25
JH		 1306 if (cp->val != 0x00 && cp->val != 0x01)
1307 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1308 MGMT_STATUS_INVALID_PARAMS);
1309
13ecd8b6 1310 hci_dev_lock(hdev);
06199cf8
JH		 1311
1312 val = !!cp->val;
ffa88e02 1313 enabled = lmp_host_le_capable(hdev);
06199cf8 1314
0b60eba1 1315 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1316 bool changed = false;
1317
1318 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1319 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1320 changed = true;
1321 }
1322
1323 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1324 if (err < 0)
1de028ce 1325 goto unlock;
06199cf8
JH		 1326
1327 if (changed)
1328 err = new_settings(hdev, sk);
1329
1de028ce 1330 goto unlock;
06199cf8
JH		 1331 }
1332
1333 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1334 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1335 MGMT_STATUS_BUSY);
1de028ce 1336 goto unlock;
06199cf8
JH		 1337 }
1338
1339 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1340 if (!cmd) {
1341 err = -ENOMEM;
1de028ce 1342 goto unlock;
06199cf8
JH		 1343 }
1344
1345 memset(&hci_cp, 0, sizeof(hci_cp));
1346
1347 if (val) {
1348 hci_cp.le = val;
ffa88e02 1349 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1350 }
1351
04124681
GP		 1352 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1353 &hci_cp);
0c01bc48 1354 if (err < 0)
06199cf8 1355 mgmt_pending_remove(cmd);
06199cf8 1356
1de028ce
JH		 1357unlock:
1358 hci_dev_unlock(hdev);
06199cf8
JH		 1359 return err;
1360}
1361
0cab9c80
JH		 1362/* This is a helper function to test for pending mgmt commands that can
1363 * cause CoD or EIR HCI commands. We can only allow one such pending
1364 * mgmt command at a time since otherwise we cannot easily track what
1365 * the current values are, will be, and based on that calculate if a new
1366 * HCI command needs to be sent and if yes with what value.
1367 */
1368static bool pending_eir_or_class(struct hci_dev *hdev)
1369{
1370 struct pending_cmd *cmd;
1371
1372 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1373 switch (cmd->opcode) {
1374 case MGMT_OP_ADD_UUID:
1375 case MGMT_OP_REMOVE_UUID:
1376 case MGMT_OP_SET_DEV_CLASS:
1377 case MGMT_OP_SET_POWERED:
1378 return true;
1379 }
1380 }
1381
1382 return false;
1383}
1384
83be8eca
JH		 1385static const u8 bluetooth_base_uuid[] = {
1386 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1387 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1388};
1389
1390static u8 get_uuid_size(const u8 *uuid)
1391{
1392 u32 val;
1393
1394 if (memcmp(uuid, bluetooth_base_uuid, 12))
1395 return 128;
1396
1397 val = get_unaligned_le32(&uuid[12]);
1398 if (val > 0xffff)
1399 return 32;
1400
1401 return 16;
1402}
1403
92da6097
JH		 1404static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1405{
1406 struct pending_cmd *cmd;
1407
1408 hci_dev_lock(hdev);
1409
1410 cmd = mgmt_pending_find(mgmt_op, hdev);
1411 if (!cmd)
1412 goto unlock;
1413
1414 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1415 hdev->dev_class, 3);
1416
1417 mgmt_pending_remove(cmd);
1418
1419unlock:
1420 hci_dev_unlock(hdev);
1421}
1422
1423static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1424{
1425 BT_DBG("status 0x%02x", status);
1426
1427 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1428}
1429
bdb6d971 1430static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1431{
650f726d 1432 struct mgmt_cp_add_uuid *cp = data;
90e70454 1433 struct pending_cmd *cmd;
890ea898 1434 struct hci_request req;
2aeb9a1a 1435 struct bt_uuid *uuid;
2aeb9a1a
JH		 1436 int err;
1437
bdb6d971 1438 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1439
09fd0de5 1440 hci_dev_lock(hdev);
2aeb9a1a 1441
0cab9c80 1442 if (pending_eir_or_class(hdev)) {
bdb6d971 1443 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1444 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1445 goto failed;
1446 }
1447
92c4c204 1448 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1449 if (!uuid) {
1450 err = -ENOMEM;
1451 goto failed;
1452 }
1453
1454 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1455 uuid->svc_hint = cp->svc_hint;
83be8eca 1456 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1457
de66aa63 1458 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1459
890ea898 1460 hci_req_init(&req, hdev);
1aff6f09 1461
890ea898
JH		 1462 update_class(&req);
1463 update_eir(&req);
1464
92da6097
JH		 1465 err = hci_req_run(&req, add_uuid_complete);
1466 if (err < 0) {
1467 if (err != -ENODATA)
1468 goto failed;
80a1e1db 1469
bdb6d971 1470 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1471 hdev->dev_class, 3);
90e70454
JH		 1472 goto failed;
1473 }
1474
1475 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1476 if (!cmd) {
90e70454 1477 err = -ENOMEM;
890ea898
JH		 1478 goto failed;
1479 }
1480
1481 err = 0;
2aeb9a1a
JH		 1482
1483failed:
09fd0de5 1484 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1485 return err;
1486}
1487
24b78d0f
JH		 1488static bool enable_service_cache(struct hci_dev *hdev)
1489{
1490 if (!hdev_is_powered(hdev))
1491 return false;
1492
1493 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1494 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1495 CACHE_TIMEOUT);
24b78d0f
JH		 1496 return true;
1497 }
1498
1499 return false;
1500}
1501
92da6097
JH		 1502static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1503{
1504 BT_DBG("status 0x%02x", status);
1505
1506 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1507}
1508
bdb6d971 1509static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1510 u16 len)
2aeb9a1a 1511{
650f726d 1512 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1513 struct pending_cmd *cmd;
056341c8 1514 struct bt_uuid *match, *tmp;
2aeb9a1a 1515 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1516 struct hci_request req;
2aeb9a1a
JH		 1517 int err, found;
1518
bdb6d971 1519 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1520
09fd0de5 1521 hci_dev_lock(hdev);
2aeb9a1a 1522
0cab9c80 1523 if (pending_eir_or_class(hdev)) {
bdb6d971 1524 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1525 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1526 goto unlock;
1527 }
1528
2aeb9a1a
JH		 1529 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1530 err = hci_uuids_clear(hdev);
4004b6d9 1531
24b78d0f 1532 if (enable_service_cache(hdev)) {
bdb6d971 1533 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1534 0, hdev->dev_class, 3);
24b78d0f
JH		 1535 goto unlock;
1536 }
4004b6d9 1537
9246a869 1538 goto update_class;
2aeb9a1a
JH		 1539 }
1540
1541 found = 0;
1542
056341c8 1543 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1544 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1545 continue;
1546
1547 list_del(&match->list);
482049f7 1548 kfree(match);
2aeb9a1a
JH		 1549 found++;
1550 }
1551
1552 if (found == 0) {
bdb6d971 1553 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1554 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1555 goto unlock;
1556 }
1557
9246a869 1558update_class:
890ea898 1559 hci_req_init(&req, hdev);
1aff6f09 1560
890ea898
JH		 1561 update_class(&req);
1562 update_eir(&req);
1563
92da6097
JH		 1564 err = hci_req_run(&req, remove_uuid_complete);
1565 if (err < 0) {
1566 if (err != -ENODATA)
1567 goto unlock;
80a1e1db 1568
bdb6d971 1569 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1570 hdev->dev_class, 3);
90e70454
JH		 1571 goto unlock;
1572 }
1573
1574 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1575 if (!cmd) {
90e70454 1576 err = -ENOMEM;
890ea898
JH		 1577 goto unlock;
1578 }
1579
1580 err = 0;
2aeb9a1a
JH		 1581
1582unlock:
09fd0de5 1583 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1584 return err;
1585}
1586
92da6097
JH		 1587static void set_class_complete(struct hci_dev *hdev, u8 status)
1588{
1589 BT_DBG("status 0x%02x", status);
1590
1591 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1592}
1593
bdb6d971 1594static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1595 u16 len)
1aff6f09 1596{
650f726d 1597 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1598 struct pending_cmd *cmd;
890ea898 1599 struct hci_request req;
1aff6f09
JH		 1600 int err;
1601
bdb6d971 1602 BT_DBG("request for %s", hdev->name);
1aff6f09 1603
13ecd8b6
JH		 1604 if (!lmp_bredr_capable(hdev))
1605 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1606 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1607
0cab9c80 1608 hci_dev_lock(hdev);
ee98f473 1609
0cab9c80
JH		 1610 if (pending_eir_or_class(hdev)) {
1611 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1612 MGMT_STATUS_BUSY);
1613 goto unlock;
1614 }
c95f0ba7 1615
0cab9c80
JH		 1616 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1617 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1618 MGMT_STATUS_INVALID_PARAMS);
1619 goto unlock;
1620 }
575b3a02 1621
932f5ff5
JH		 1622 hdev->major_class = cp->major;
1623 hdev->minor_class = cp->minor;
1624
b5235a65 1625 if (!hdev_is_powered(hdev)) {
bdb6d971 1626 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1627 hdev->dev_class, 3);
b5235a65
JH		 1628 goto unlock;
1629 }
1630
890ea898
JH		 1631 hci_req_init(&req, hdev);
1632
a8b2d5c2 1633 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1634 hci_dev_unlock(hdev);
1635 cancel_delayed_work_sync(&hdev->service_cache);
1636 hci_dev_lock(hdev);
890ea898 1637 update_eir(&req);
7d78525d 1638 }
14c0b608 1639
890ea898
JH		 1640 update_class(&req);
1641
92da6097
JH		 1642 err = hci_req_run(&req, set_class_complete);
1643 if (err < 0) {
1644 if (err != -ENODATA)
1645 goto unlock;
1aff6f09 1646
bdb6d971 1647 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1648 hdev->dev_class, 3);
90e70454
JH		 1649 goto unlock;
1650 }
1651
1652 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1653 if (!cmd) {
90e70454 1654 err = -ENOMEM;
890ea898
JH		 1655 goto unlock;
1656 }
1657
1658 err = 0;
1aff6f09 1659
b5235a65 1660unlock:
09fd0de5 1661 hci_dev_unlock(hdev);
1aff6f09
JH		 1662 return err;
1663}
1664
bdb6d971 1665static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1666 u16 len)
55ed8ca1 1667{
650f726d 1668 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1669 u16 key_count, expected_len;
a492cd52 1670 int i;
55ed8ca1 1671
1f350c87 1672 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1673
86742e1e
JH		 1674 expected_len = sizeof(*cp) + key_count *
1675 sizeof(struct mgmt_link_key_info);
a492cd52 1676 if (expected_len != len) {
86742e1e 1677 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1678 len, expected_len);
bdb6d971 1679 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1680 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1681 }
1682
4ae14301
JH		 1683 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
bdb6d971 1687 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1688 key_count);
55ed8ca1 1689
4ee71b20
JH		 1690 for (i = 0; i < key_count; i++) {
1691 struct mgmt_link_key_info *key = &cp->keys[i];
1692
1693 if (key->addr.type != BDADDR_BREDR)
1694 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1695 MGMT_STATUS_INVALID_PARAMS);
1696 }
1697
09fd0de5 1698 hci_dev_lock(hdev);
55ed8ca1
JH		 1699
1700 hci_link_keys_clear(hdev);
1701
a8b2d5c2 1702 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1703
1704 if (cp->debug_keys)
a8b2d5c2 1705 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1706 else
a8b2d5c2 1707 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1708
a492cd52 1709 for (i = 0; i < key_count; i++) {
86742e1e 1710 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1711
d753fdc4 1712 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1713 key->type, key->pin_len);
55ed8ca1
JH		 1714 }
1715
bdb6d971 1716 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1717
09fd0de5 1718 hci_dev_unlock(hdev);
55ed8ca1 1719
a492cd52 1720 return 0;
55ed8ca1
JH		 1721}
1722
b1078ad0 1723static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1724 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1725{
1726 struct mgmt_ev_device_unpaired ev;
1727
1728 bacpy(&ev.addr.bdaddr, bdaddr);
1729 ev.addr.type = addr_type;
1730
1731 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1732 skip_sk);
b1078ad0
JH		 1733}
1734
bdb6d971 1735static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1736 u16 len)
55ed8ca1 1737{
124f6e35
JH		 1738 struct mgmt_cp_unpair_device *cp = data;
1739 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1740 struct hci_cp_disconnect dc;
1741 struct pending_cmd *cmd;
55ed8ca1 1742 struct hci_conn *conn;
55ed8ca1
JH		 1743 int err;
1744
a8a1d19e 1745 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1746 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1747 rp.addr.type = cp->addr.type;
a8a1d19e 1748
4ee71b20
JH		 1749 if (!bdaddr_type_is_valid(cp->addr.type))
1750 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1751 MGMT_STATUS_INVALID_PARAMS,
1752 &rp, sizeof(rp));
1753
118da70b
JH		 1754 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1755 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1756 MGMT_STATUS_INVALID_PARAMS,
1757 &rp, sizeof(rp));
1758
4ee71b20
JH		 1759 hci_dev_lock(hdev);
1760
86a8cfc6 1761 if (!hdev_is_powered(hdev)) {
bdb6d971 1762 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1763 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1764 goto unlock;
1765 }
1766
591f47f3 1767 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1768 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1769 else
1770 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1771
55ed8ca1 1772 if (err < 0) {
bdb6d971 1773 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1774 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1775 goto unlock;
1776 }
1777
86a8cfc6 1778 if (cp->disconnect) {
591f47f3 1779 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1780 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1781 &cp->addr.bdaddr);
86a8cfc6
JH		 1782 else
1783 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1784 &cp->addr.bdaddr);
86a8cfc6
JH		 1785 } else {
1786 conn = NULL;
1787 }
124f6e35 1788
a8a1d19e 1789 if (!conn) {
bdb6d971 1790 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1791 &rp, sizeof(rp));
b1078ad0 1792 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1793 goto unlock;
1794 }
55ed8ca1 1795
124f6e35 1796 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1797 sizeof(*cp));
a8a1d19e
JH		 1798 if (!cmd) {
1799 err = -ENOMEM;
1800 goto unlock;
55ed8ca1
JH		 1801 }
1802
eb55ef07 1803 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1804 dc.reason = 0x13; /* Remote User Terminated Connection */
1805 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1806 if (err < 0)
1807 mgmt_pending_remove(cmd);
1808
55ed8ca1 1809unlock:
09fd0de5 1810 hci_dev_unlock(hdev);
55ed8ca1
JH		 1811 return err;
1812}
1813
bdb6d971 1814static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1815 u16 len)
8962ee74 1816{
650f726d 1817 struct mgmt_cp_disconnect *cp = data;
06a63b19 1818 struct mgmt_rp_disconnect rp;
8962ee74 1819 struct hci_cp_disconnect dc;
366a0336 1820 struct pending_cmd *cmd;
8962ee74 1821 struct hci_conn *conn;
8962ee74
JH		 1822 int err;
1823
1824 BT_DBG("");
1825
06a63b19
JH		 1826 memset(&rp, 0, sizeof(rp));
1827 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1828 rp.addr.type = cp->addr.type;
1829
4ee71b20 1830 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1831 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1832 MGMT_STATUS_INVALID_PARAMS,
1833 &rp, sizeof(rp));
4ee71b20 1834
09fd0de5 1835 hci_dev_lock(hdev);
8962ee74
JH		 1836
1837 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1838 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1839 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1840 goto failed;
1841 }
1842
2e58ef3e 1843 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1844 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1845 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1846 goto failed;
1847 }
1848
591f47f3 1849 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1850 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1851 &cp->addr.bdaddr);
88c3df13
JH		 1852 else
1853 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1854
f960727e 1855 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1856 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1857 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1858 goto failed;
1859 }
1860
2e58ef3e 1861 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1862 if (!cmd) {
1863 err = -ENOMEM;
8962ee74 1864 goto failed;
366a0336 1865 }
8962ee74 1866
eb55ef07 1867 dc.handle = cpu_to_le16(conn->handle);
3701f944 1868 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1869
1870 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1871 if (err < 0)
a664b5bc 1872 mgmt_pending_remove(cmd);
8962ee74
JH		 1873
1874failed:
09fd0de5 1875 hci_dev_unlock(hdev);
8962ee74
JH		 1876 return err;
1877}
1878
57c1477c 1879static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1880{
1881 switch (link_type) {
1882 case LE_LINK:
48264f06
JH		 1883 switch (addr_type) {
1884 case ADDR_LE_DEV_PUBLIC:
591f47f3 1885 return BDADDR_LE_PUBLIC;
0ed09148 1886
48264f06 1887 default:
0ed09148 1888 /* Fallback to LE Random address type */
591f47f3 1889 return BDADDR_LE_RANDOM;
48264f06 1890 }
0ed09148 1891
4c659c39 1892 default:
0ed09148 1893 /* Fallback to BR/EDR type */
591f47f3 1894 return BDADDR_BREDR;
4c659c39
JH		 1895 }
1896}
1897
04124681
GP		 1898static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1899 u16 data_len)
2784eb41 1900{
2784eb41 1901 struct mgmt_rp_get_connections *rp;
8035ded4 1902 struct hci_conn *c;
a38528f1 1903 size_t rp_len;
60fc5fb6
JH		 1904 int err;
1905 u16 i;
2784eb41
JH		 1906
1907 BT_DBG("");
1908
09fd0de5 1909 hci_dev_lock(hdev);
2784eb41 1910
5f97c1df 1911 if (!hdev_is_powered(hdev)) {
bdb6d971 1912 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1913 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1914 goto unlock;
1915 }
1916
60fc5fb6 1917 i = 0;
b644ba33
JH		 1918 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1919 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1920 i++;
2784eb41
JH		 1921 }
1922
60fc5fb6 1923 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1924 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1925 if (!rp) {
2784eb41
JH		 1926 err = -ENOMEM;
1927 goto unlock;
1928 }
1929
2784eb41 1930 i = 0;
4c659c39 1931 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1932 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1933 continue;
4c659c39 1934 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1935 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1936 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1937 continue;
1938 i++;
1939 }
1940
eb55ef07 1941 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1942
4c659c39
JH		 1943 /* Recalculate length in case of filtered SCO connections, etc */
1944 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1945
bdb6d971 1946 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1947 rp_len);
2784eb41 1948
a38528f1 1949 kfree(rp);
5f97c1df
JH		 1950
1951unlock:
09fd0de5 1952 hci_dev_unlock(hdev);
2784eb41
JH		 1953 return err;
1954}
1955
bdb6d971 1956static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1957 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1958{
1959 struct pending_cmd *cmd;
1960 int err;
1961
2e58ef3e 1962 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1963 sizeof(*cp));
96d97a67
WR		 1964 if (!cmd)
1965 return -ENOMEM;
1966
d8457698 1967 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1968 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1969 if (err < 0)
1970 mgmt_pending_remove(cmd);
1971
1972 return err;
1973}
1974
bdb6d971 1975static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1976 u16 len)
980e1a53 1977{
96d97a67 1978 struct hci_conn *conn;
650f726d 1979 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1980 struct hci_cp_pin_code_reply reply;
366a0336 1981 struct pending_cmd *cmd;
980e1a53
JH		 1982 int err;
1983
1984 BT_DBG("");
1985
09fd0de5 1986 hci_dev_lock(hdev);
980e1a53 1987
4b34ee78 1988 if (!hdev_is_powered(hdev)) {
bdb6d971 1989 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1990 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1991 goto failed;
1992 }
1993
d8457698 1994 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1995 if (!conn) {
bdb6d971 1996 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1997 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1998 goto failed;
1999 }
2000
2001 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2002 struct mgmt_cp_pin_code_neg_reply ncp;
2003
2004 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2005
2006 BT_ERR("PIN code is not 16 bytes long");
2007
bdb6d971 2008 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2009 if (err >= 0)
bdb6d971 2010 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2011 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2012
2013 goto failed;
2014 }
2015
00abfe44 2016 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2017 if (!cmd) {
2018 err = -ENOMEM;
980e1a53 2019 goto failed;
366a0336 2020 }
980e1a53 2021
d8457698 2022 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2023 reply.pin_len = cp->pin_len;
24718ca5 2024 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2025
2026 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2027 if (err < 0)
a664b5bc 2028 mgmt_pending_remove(cmd);
980e1a53
JH		 2029
2030failed:
09fd0de5 2031 hci_dev_unlock(hdev);
980e1a53
JH		 2032 return err;
2033}
2034
04124681
GP		 2035static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2036 u16 len)
17fa4b9d 2037{
650f726d 2038 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2039
2040 BT_DBG("");
2041
09fd0de5 2042 hci_dev_lock(hdev);
17fa4b9d
JH		 2043
2044 hdev->io_capability = cp->io_capability;
2045
2046 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2047 hdev->io_capability);
17fa4b9d 2048
09fd0de5 2049 hci_dev_unlock(hdev);
17fa4b9d 2050
04124681
GP		 2051 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2052 0);
17fa4b9d
JH		 2053}
2054
6039aa73 2055static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2056{
2057 struct hci_dev *hdev = conn->hdev;
8035ded4 2058 struct pending_cmd *cmd;
e9a416b5 2059
2e58ef3e 2060 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2061 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2062 continue;
2063
e9a416b5
JH		 2064 if (cmd->user_data != conn)
2065 continue;
2066
2067 return cmd;
2068 }
2069
2070 return NULL;
2071}
2072
2073static void pairing_complete(struct pending_cmd *cmd, u8 status)
2074{
2075 struct mgmt_rp_pair_device rp;
2076 struct hci_conn *conn = cmd->user_data;
2077
ba4e564f 2078 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2079 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2080
aee9b218 2081 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2082 &rp, sizeof(rp));
e9a416b5
JH		 2083
2084 /* So we don't get further callbacks for this connection */
2085 conn->connect_cfm_cb = NULL;
2086 conn->security_cfm_cb = NULL;
2087 conn->disconn_cfm_cb = NULL;
2088
2089 hci_conn_put(conn);
2090
a664b5bc 2091 mgmt_pending_remove(cmd);
e9a416b5
JH		 2092}
2093
2094static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2095{
2096 struct pending_cmd *cmd;
2097
2098 BT_DBG("status %u", status);
2099
2100 cmd = find_pairing(conn);
56e5cb86 2101 if (!cmd)
e9a416b5 2102 BT_DBG("Unable to find a pending command");
56e5cb86 2103 else
e211326c 2104 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2105}
2106
4c47d739
VA		 2107static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2108{
2109 struct pending_cmd *cmd;
2110
2111 BT_DBG("status %u", status);
2112
2113 if (!status)
2114 return;
2115
2116 cmd = find_pairing(conn);
2117 if (!cmd)
2118 BT_DBG("Unable to find a pending command");
2119 else
2120 pairing_complete(cmd, mgmt_status(status));
2121}
2122
bdb6d971 2123static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2124 u16 len)
e9a416b5 2125{
650f726d 2126 struct mgmt_cp_pair_device *cp = data;
1425acb7 2127 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2128 struct pending_cmd *cmd;
2129 u8 sec_level, auth_type;
2130 struct hci_conn *conn;
e9a416b5
JH		 2131 int err;
2132
2133 BT_DBG("");
2134
f950a30e
SJ		 2135 memset(&rp, 0, sizeof(rp));
2136 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2137 rp.addr.type = cp->addr.type;
2138
4ee71b20
JH		 2139 if (!bdaddr_type_is_valid(cp->addr.type))
2140 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2141 MGMT_STATUS_INVALID_PARAMS,
2142 &rp, sizeof(rp));
2143
09fd0de5 2144 hci_dev_lock(hdev);
e9a416b5 2145
5f97c1df 2146 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2147 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2148 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2149 goto unlock;
2150 }
2151
c908df36
VCG		 2152 sec_level = BT_SECURITY_MEDIUM;
2153 if (cp->io_cap == 0x03)
e9a416b5 2154 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2155 else
e9a416b5 2156 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2157
591f47f3 2158 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2159 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2160 cp->addr.type, sec_level, auth_type);
7a512d01 2161 else
b12f62cf
AG		 2162 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2163 cp->addr.type, sec_level, auth_type);
7a512d01 2164
30e76272 2165 if (IS_ERR(conn)) {
489dc48e
AK		 2166 int status;
2167
2168 if (PTR_ERR(conn) == -EBUSY)
2169 status = MGMT_STATUS_BUSY;
2170 else
2171 status = MGMT_STATUS_CONNECT_FAILED;
2172
bdb6d971 2173 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2174 status, &rp,
04124681 2175 sizeof(rp));
e9a416b5
JH		 2176 goto unlock;
2177 }
2178
2179 if (conn->connect_cfm_cb) {
2180 hci_conn_put(conn);
bdb6d971 2181 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2182 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2183 goto unlock;
2184 }
2185
2e58ef3e 2186 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2187 if (!cmd) {
2188 err = -ENOMEM;
2189 hci_conn_put(conn);
2190 goto unlock;
2191 }
2192
7a512d01 2193 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2194 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2195 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2196 else
2197 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2198
e9a416b5
JH		 2199 conn->security_cfm_cb = pairing_complete_cb;
2200 conn->disconn_cfm_cb = pairing_complete_cb;
2201 conn->io_capability = cp->io_cap;
2202 cmd->user_data = conn;
2203
2204 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2205 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2206 pairing_complete(cmd, 0);
2207
2208 err = 0;
2209
2210unlock:
09fd0de5 2211 hci_dev_unlock(hdev);
e9a416b5
JH		 2212 return err;
2213}
2214
04124681
GP		 2215static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2216 u16 len)
28424707 2217{
0f4e68cf 2218 struct mgmt_addr_info *addr = data;
28424707
JH		 2219 struct pending_cmd *cmd;
2220 struct hci_conn *conn;
2221 int err;
2222
2223 BT_DBG("");
2224
28424707
JH		 2225 hci_dev_lock(hdev);
2226
5f97c1df 2227 if (!hdev_is_powered(hdev)) {
bdb6d971 2228 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2229 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2230 goto unlock;
2231 }
2232
28424707
JH		 2233 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2234 if (!cmd) {
bdb6d971 2235 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2236 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2237 goto unlock;
2238 }
2239
2240 conn = cmd->user_data;
2241
2242 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2243 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2244 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2245 goto unlock;
2246 }
2247
2248 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2249
bdb6d971 2250 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2251 addr, sizeof(*addr));
28424707
JH		 2252unlock:
2253 hci_dev_unlock(hdev);
28424707
JH		 2254 return err;
2255}
2256
bdb6d971 2257static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2258 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2259 u16 hci_op, __le32 passkey)
a5c29683 2260{
a5c29683 2261 struct pending_cmd *cmd;
0df4c185 2262 struct hci_conn *conn;
a5c29683
JH		 2263 int err;
2264
09fd0de5 2265 hci_dev_lock(hdev);
08ba5382 2266
4b34ee78 2267 if (!hdev_is_powered(hdev)) {
bdb6d971 2268 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2269 MGMT_STATUS_NOT_POWERED);
0df4c185 2270 goto done;
a5c29683
JH		 2271 }
2272
591f47f3 2273 if (type == BDADDR_BREDR)
272d90df
JH		 2274 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2275 else
47c15e2b 2276 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2277
2278 if (!conn) {
bdb6d971 2279 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2280 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2281 goto done;
2282 }
47c15e2b 2283
591f47f3 2284 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2285 /* Continue with pairing via SMP */
5fe57d9e
BG		 2286 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2287
2288 if (!err)
bdb6d971 2289 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2290 MGMT_STATUS_SUCCESS);
5fe57d9e 2291 else
bdb6d971 2292 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2293 MGMT_STATUS_FAILED);
47c15e2b 2294
47c15e2b
BG		 2295 goto done;
2296 }
2297
0df4c185 2298 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2299 if (!cmd) {
2300 err = -ENOMEM;
0df4c185 2301 goto done;
a5c29683
JH		 2302 }
2303
0df4c185 2304 /* Continue with pairing via HCI */
604086b7
BG		 2305 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2306 struct hci_cp_user_passkey_reply cp;
2307
2308 bacpy(&cp.bdaddr, bdaddr);
2309 cp.passkey = passkey;
2310 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2311 } else
2312 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2313
a664b5bc
JH		 2314 if (err < 0)
2315 mgmt_pending_remove(cmd);
a5c29683 2316
0df4c185 2317done:
09fd0de5 2318 hci_dev_unlock(hdev);
a5c29683
JH		 2319 return err;
2320}
2321
afeb019d
JK		 2322static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2323 void *data, u16 len)
2324{
2325 struct mgmt_cp_pin_code_neg_reply *cp = data;
2326
2327 BT_DBG("");
2328
2329 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2330 MGMT_OP_PIN_CODE_NEG_REPLY,
2331 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2332}
2333
04124681
GP		 2334static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2335 u16 len)
0df4c185 2336{
650f726d 2337 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2338
2339 BT_DBG("");
2340
2341 if (len != sizeof(*cp))
bdb6d971 2342 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2343 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2344
bdb6d971 2345 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2346 MGMT_OP_USER_CONFIRM_REPLY,
2347 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2348}
2349
bdb6d971 2350static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2351 void *data, u16 len)
0df4c185 2352{
c9c2659f 2353 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2354
2355 BT_DBG("");
2356
bdb6d971 2357 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2358 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2359 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2360}
2361
04124681
GP		 2362static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2363 u16 len)
604086b7 2364{
650f726d 2365 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2366
2367 BT_DBG("");
2368
bdb6d971 2369 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2370 MGMT_OP_USER_PASSKEY_REPLY,
2371 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2372}
2373
bdb6d971 2374static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2375 void *data, u16 len)
604086b7 2376{
650f726d 2377 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2378
2379 BT_DBG("");
2380
bdb6d971 2381 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2382 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2383 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2384}
2385
13928971 2386static void update_name(struct hci_request *req)
2b4bf397 2387{
13928971 2388 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2389 struct hci_cp_write_local_name cp;
2390
13928971 2391 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2392
890ea898 2393 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2394}
2395
13928971
JH		 2396static void set_name_complete(struct hci_dev *hdev, u8 status)
2397{
2398 struct mgmt_cp_set_local_name *cp;
2399 struct pending_cmd *cmd;
2400
2401 BT_DBG("status 0x%02x", status);
2402
2403 hci_dev_lock(hdev);
2404
2405 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2406 if (!cmd)
2407 goto unlock;
2408
2409 cp = cmd->param;
2410
2411 if (status)
2412 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2413 mgmt_status(status));
2414 else
2415 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2416 cp, sizeof(*cp));
2417
2418 mgmt_pending_remove(cmd);
2419
2420unlock:
2421 hci_dev_unlock(hdev);
2422}
2423
bdb6d971 2424static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2425 u16 len)
b312b161 2426{
2b4bf397 2427 struct mgmt_cp_set_local_name *cp = data;
b312b161 2428 struct pending_cmd *cmd;
890ea898 2429 struct hci_request req;
b312b161
JH		 2430 int err;
2431
2432 BT_DBG("");
2433
09fd0de5 2434 hci_dev_lock(hdev);
b312b161 2435
b3f2ca94
JH		 2436 /* If the old values are the same as the new ones just return a
2437 * direct command complete event.
2438 */
2439 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2440 !memcmp(hdev->short_name, cp->short_name,
2441 sizeof(hdev->short_name))) {
2442 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2443 data, len);
2444 goto failed;
2445 }
2446
2b4bf397 2447 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2448
b5235a65 2449 if (!hdev_is_powered(hdev)) {
2b4bf397 2450 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2451
2452 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2453 data, len);
28cc7bde
JH		 2454 if (err < 0)
2455 goto failed;
2456
2457 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2458 sk);
28cc7bde 2459
b5235a65
JH		 2460 goto failed;
2461 }
2462
28cc7bde 2463 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2464 if (!cmd) {
2465 err = -ENOMEM;
2466 goto failed;
2467 }
2468
13928971
JH		 2469 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2470
890ea898 2471 hci_req_init(&req, hdev);
3f985050
JH		 2472
2473 if (lmp_bredr_capable(hdev)) {
2474 update_name(&req);
2475 update_eir(&req);
2476 }
2477
2478 if (lmp_le_capable(hdev))
2479 hci_update_ad(&req);
2480
13928971 2481 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2482 if (err < 0)
2483 mgmt_pending_remove(cmd);
2484
2485failed:
09fd0de5 2486 hci_dev_unlock(hdev);
b312b161
JH		 2487 return err;
2488}
2489
0f4e68cf 2490static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2491 void *data, u16 data_len)
c35938b2 2492{
c35938b2
SJ		 2493 struct pending_cmd *cmd;
2494 int err;
2495
bdb6d971 2496 BT_DBG("%s", hdev->name);
c35938b2 2497
09fd0de5 2498 hci_dev_lock(hdev);
c35938b2 2499
4b34ee78 2500 if (!hdev_is_powered(hdev)) {
bdb6d971 2501 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2502 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2503 goto unlock;
2504 }
2505
9a1a1996 2506 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2507 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2508 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2509 goto unlock;
2510 }
2511
2e58ef3e 2512 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2513 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2514 MGMT_STATUS_BUSY);
c35938b2
SJ		 2515 goto unlock;
2516 }
2517
2e58ef3e 2518 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2519 if (!cmd) {
2520 err = -ENOMEM;
2521 goto unlock;
2522 }
2523
2524 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2525 if (err < 0)
2526 mgmt_pending_remove(cmd);
2527
2528unlock:
09fd0de5 2529 hci_dev_unlock(hdev);
c35938b2
SJ		 2530 return err;
2531}
2532
bdb6d971 2533static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2534 void *data, u16 len)
2763eda6 2535{
650f726d 2536 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2537 u8 status;
2763eda6
SJ		 2538 int err;
2539
bdb6d971 2540 BT_DBG("%s ", hdev->name);
2763eda6 2541
09fd0de5 2542 hci_dev_lock(hdev);
2763eda6 2543
664ce4cc 2544 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2545 cp->randomizer);
2763eda6 2546 if (err < 0)
bf1e3541 2547 status = MGMT_STATUS_FAILED;
2763eda6 2548 else
a6785be2 2549 status = MGMT_STATUS_SUCCESS;
bf1e3541 2550
bdb6d971 2551 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2552 &cp->addr, sizeof(cp->addr));
2763eda6 2553
09fd0de5 2554 hci_dev_unlock(hdev);
2763eda6
SJ		 2555 return err;
2556}
2557
bdb6d971 2558static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2559 void *data, u16 len)
2763eda6 2560{
650f726d 2561 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2562 u8 status;
2763eda6
SJ		 2563 int err;
2564
bdb6d971 2565 BT_DBG("%s", hdev->name);
2763eda6 2566
09fd0de5 2567 hci_dev_lock(hdev);
2763eda6 2568
664ce4cc 2569 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2570 if (err < 0)
bf1e3541 2571 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2572 else
a6785be2 2573 status = MGMT_STATUS_SUCCESS;
bf1e3541 2574
bdb6d971 2575 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2576 status, &cp->addr, sizeof(cp->addr));
2763eda6 2577
09fd0de5 2578 hci_dev_unlock(hdev);
2763eda6
SJ		 2579 return err;
2580}
2581
5e0452c0
AG		 2582int mgmt_interleaved_discovery(struct hci_dev *hdev)
2583{
2584 int err;
2585
2586 BT_DBG("%s", hdev->name);
2587
2588 hci_dev_lock(hdev);
2589
2590 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2591 if (err < 0)
2592 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2593
2594 hci_dev_unlock(hdev);
2595
2596 return err;
2597}
2598
bdb6d971 2599static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2600 void *data, u16 len)
14a53664 2601{
650f726d 2602 struct mgmt_cp_start_discovery *cp = data;
14a53664 2603 struct pending_cmd *cmd;
14a53664
JH		 2604 int err;
2605
bdb6d971 2606 BT_DBG("%s", hdev->name);
14a53664 2607
09fd0de5 2608 hci_dev_lock(hdev);
14a53664 2609
4b34ee78 2610 if (!hdev_is_powered(hdev)) {
bdb6d971 2611 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2612 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2613 goto failed;
2614 }
2615
642be6c7
AG		 2616 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2617 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2618 MGMT_STATUS_BUSY);
2619 goto failed;
2620 }
2621
ff9ef578 2622 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2623 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2624 MGMT_STATUS_BUSY);
ff9ef578
JH		 2625 goto failed;
2626 }
2627
2e58ef3e 2628 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2629 if (!cmd) {
2630 err = -ENOMEM;
2631 goto failed;
2632 }
2633
4aab14e5
AG		 2634 hdev->discovery.type = cp->type;
2635
2636 switch (hdev->discovery.type) {
f39799f5 2637 case DISCOV_TYPE_BREDR:
04106755
JH		 2638 if (!lmp_bredr_capable(hdev)) {
2639 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2640 MGMT_STATUS_NOT_SUPPORTED);
2641 mgmt_pending_remove(cmd);
2642 goto failed;
2643 }
2644
2645 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2646 break;
2647
2648 case DISCOV_TYPE_LE:
04106755
JH		 2649 if (!lmp_host_le_capable(hdev)) {
2650 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2651 MGMT_STATUS_NOT_SUPPORTED);
2652 mgmt_pending_remove(cmd);
2653 goto failed;
2654 }
2655
2656 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2657 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2658 break;
2659
5e0452c0 2660 case DISCOV_TYPE_INTERLEAVED:
04106755
JH		 2661 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2662 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2663 MGMT_STATUS_NOT_SUPPORTED);
2664 mgmt_pending_remove(cmd);
2665 goto failed;
2666 }
2667
2668 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2669 LE_SCAN_TIMEOUT_BREDR_LE);
5e0452c0
AG		 2670 break;
2671
f39799f5 2672 default:
04106755
JH		 2673 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2674 MGMT_STATUS_INVALID_PARAMS);
2675 mgmt_pending_remove(cmd);
2676 goto failed;
f39799f5 2677 }
3fd24153 2678
14a53664
JH		 2679 if (err < 0)
2680 mgmt_pending_remove(cmd);
ff9ef578
JH		 2681 else
2682 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2683
2684failed:
09fd0de5 2685 hci_dev_unlock(hdev);
14a53664
JH		 2686 return err;
2687}
2688
bdb6d971 2689static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2690 u16 len)
14a53664 2691{
d930650b 2692 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2693 struct pending_cmd *cmd;
30dc78e1
JH		 2694 struct hci_cp_remote_name_req_cancel cp;
2695 struct inquiry_entry *e;
14a53664
JH		 2696 int err;
2697
bdb6d971 2698 BT_DBG("%s", hdev->name);
14a53664 2699
09fd0de5 2700 hci_dev_lock(hdev);
14a53664 2701
30dc78e1 2702 if (!hci_discovery_active(hdev)) {
bdb6d971 2703 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2704 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2705 sizeof(mgmt_cp->type));
d930650b
JH		 2706 goto unlock;
2707 }
2708
2709 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2710 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2711 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2712 sizeof(mgmt_cp->type));
30dc78e1 2713 goto unlock;
ff9ef578
JH		 2714 }
2715
2e58ef3e 2716 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2717 if (!cmd) {
2718 err = -ENOMEM;
30dc78e1
JH		 2719 goto unlock;
2720 }
2721
e0d9727e
AG		 2722 switch (hdev->discovery.state) {
2723 case DISCOVERY_FINDING:
c9ecc48e
AG		 2724 if (test_bit(HCI_INQUIRY, &hdev->flags))
2725 err = hci_cancel_inquiry(hdev);
2726 else
2727 err = hci_cancel_le_scan(hdev);
2728
e0d9727e
AG		 2729 break;
2730
2731 case DISCOVERY_RESOLVING:
2732 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2733 NAME_PENDING);
e0d9727e 2734 if (!e) {
30dc78e1 2735 mgmt_pending_remove(cmd);
e0d9727e
AG		 2736 err = cmd_complete(sk, hdev->id,
2737 MGMT_OP_STOP_DISCOVERY, 0,
2738 &mgmt_cp->type,
2739 sizeof(mgmt_cp->type));
2740 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2741 goto unlock;
2742 }
30dc78e1 2743
e0d9727e
AG		 2744 bacpy(&cp.bdaddr, &e->data.bdaddr);
2745 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2746 sizeof(cp), &cp);
2747
2748 break;
2749
2750 default:
2751 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2752 err = -EFAULT;
14a53664
JH		 2753 }
2754
14a53664
JH		 2755 if (err < 0)
2756 mgmt_pending_remove(cmd);
ff9ef578
JH		 2757 else
2758 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2759
30dc78e1 2760unlock:
09fd0de5 2761 hci_dev_unlock(hdev);
14a53664
JH		 2762 return err;
2763}
2764
bdb6d971 2765static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2766 u16 len)
561aafbc 2767{
650f726d 2768 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2769 struct inquiry_entry *e;
561aafbc
JH		 2770 int err;
2771
bdb6d971 2772 BT_DBG("%s", hdev->name);
561aafbc 2773
561aafbc
JH		 2774 hci_dev_lock(hdev);
2775
30dc78e1 2776 if (!hci_discovery_active(hdev)) {
bdb6d971 2777 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2778 MGMT_STATUS_FAILED);
30dc78e1
JH		 2779 goto failed;
2780 }
2781
a198e7b1 2782 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2783 if (!e) {
bdb6d971 2784 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2785 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2786 goto failed;
2787 }
2788
2789 if (cp->name_known) {
2790 e->name_state = NAME_KNOWN;
2791 list_del(&e->list);
2792 } else {
2793 e->name_state = NAME_NEEDED;
a3d4e20a 2794 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2795 }
2796
e384662b
JH		 2797 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2798 sizeof(cp->addr));
561aafbc
JH		 2799
2800failed:
2801 hci_dev_unlock(hdev);
561aafbc
JH		 2802 return err;
2803}
2804
bdb6d971 2805static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2806 u16 len)
7fbec224 2807{
650f726d 2808 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2809 u8 status;
7fbec224
AJ		 2810 int err;
2811
bdb6d971 2812 BT_DBG("%s", hdev->name);
7fbec224 2813
4ee71b20 2814 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2815 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2816 MGMT_STATUS_INVALID_PARAMS,
2817 &cp->addr, sizeof(cp->addr));
4ee71b20 2818
09fd0de5 2819 hci_dev_lock(hdev);
5e762444 2820
88c1fe4b 2821 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2822 if (err < 0)
f0eeea8b 2823 status = MGMT_STATUS_FAILED;
7fbec224 2824 else
a6785be2 2825 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2826
bdb6d971 2827 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2828 &cp->addr, sizeof(cp->addr));
5e762444 2829
09fd0de5 2830 hci_dev_unlock(hdev);
7fbec224
AJ		 2831
2832 return err;
2833}
2834
bdb6d971 2835static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2836 u16 len)
7fbec224 2837{
650f726d 2838 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2839 u8 status;
7fbec224
AJ		 2840 int err;
2841
bdb6d971 2842 BT_DBG("%s", hdev->name);
7fbec224 2843
4ee71b20 2844 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2845 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2846 MGMT_STATUS_INVALID_PARAMS,
2847 &cp->addr, sizeof(cp->addr));
4ee71b20 2848
09fd0de5 2849 hci_dev_lock(hdev);
5e762444 2850
88c1fe4b 2851 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2852 if (err < 0)
f0eeea8b 2853 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2854 else
a6785be2 2855 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2856
bdb6d971 2857 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2858 &cp->addr, sizeof(cp->addr));
5e762444 2859
09fd0de5 2860 hci_dev_unlock(hdev);
7fbec224
AJ		 2861
2862 return err;
2863}
2864
cdbaccca
MH		 2865static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2866 u16 len)
2867{
2868 struct mgmt_cp_set_device_id *cp = data;
890ea898 2869 struct hci_request req;
cdbaccca 2870 int err;
c72d4b8a 2871 __u16 source;
cdbaccca
MH		 2872
2873 BT_DBG("%s", hdev->name);
2874
c72d4b8a
SJ		 2875 source = __le16_to_cpu(cp->source);
2876
2877 if (source > 0x0002)
2878 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2879 MGMT_STATUS_INVALID_PARAMS);
2880
cdbaccca
MH		 2881 hci_dev_lock(hdev);
2882
c72d4b8a 2883 hdev->devid_source = source;
cdbaccca
MH		 2884 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2885 hdev->devid_product = __le16_to_cpu(cp->product);
2886 hdev->devid_version = __le16_to_cpu(cp->version);
2887
2888 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2889
890ea898
JH		 2890 hci_req_init(&req, hdev);
2891 update_eir(&req);
2892 hci_req_run(&req, NULL);
cdbaccca
MH		 2893
2894 hci_dev_unlock(hdev);
2895
2896 return err;
2897}
2898
bdb6d971 2899static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2900 void *data, u16 len)
f6422ec6 2901{
650f726d 2902 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2903 struct hci_cp_write_page_scan_activity acp;
2904 u8 type;
2905 int err;
2906
bdb6d971 2907 BT_DBG("%s", hdev->name);
f6422ec6 2908
33c525c0
JH		 2909 if (!lmp_bredr_capable(hdev))
2910 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2911 MGMT_STATUS_NOT_SUPPORTED);
2912
a7e80f25
JH		 2913 if (cp->val != 0x00 && cp->val != 0x01)
2914 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2915 MGMT_STATUS_INVALID_PARAMS);
2916
5400c044 2917 if (!hdev_is_powered(hdev))
bdb6d971 2918 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2919 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2920
2921 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2922 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2923 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2924
2925 hci_dev_lock(hdev);
2926
f7c6869c 2927 if (cp->val) {
f6422ec6 2928 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2929
83ce9a06
JH		 2930 /* 160 msec page scan interval */
2931 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2932 } else {
2933 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2934
2935 /* default 1.28 sec page scan */
2936 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2937 }
2938
76ec9de8
AE		 2939 /* default 11.25 msec page scan window */
2940 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2941
04124681
GP		 2942 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2943 &acp);
f6422ec6 2944 if (err < 0) {
bdb6d971 2945 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2946 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2947 goto done;
2948 }
2949
2950 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2951 if (err < 0) {
bdb6d971 2952 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2953 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2954 goto done;
2955 }
2956
bdb6d971 2957 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2958 NULL, 0);
f6422ec6
AJ		 2959done:
2960 hci_dev_unlock(hdev);
f6422ec6
AJ		 2961 return err;
2962}
2963
3f706b72
JH		 2964static bool ltk_is_valid(struct mgmt_ltk_info *key)
2965{
44b20d33
JH		 2966 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2967 return false;
3f706b72
JH		 2968 if (key->master != 0x00 && key->master != 0x01)
2969 return false;
4ee71b20
JH		 2970 if (!bdaddr_type_is_le(key->addr.type))
2971 return false;
3f706b72
JH		 2972 return true;
2973}
2974
bdb6d971 2975static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2976 void *cp_data, u16 len)
346af67b 2977{
346af67b
VCG		 2978 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2979 u16 key_count, expected_len;
715a5bf2 2980 int i, err;
346af67b 2981
1f350c87 2982 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2983
2984 expected_len = sizeof(*cp) + key_count *
2985 sizeof(struct mgmt_ltk_info);
2986 if (expected_len != len) {
2987 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2988 len, expected_len);
bdb6d971 2989 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 2990 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 2991 }
2992
bdb6d971 2993 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 2994
54ad6d8a
JH		 2995 for (i = 0; i < key_count; i++) {
2996 struct mgmt_ltk_info *key = &cp->keys[i];
2997
3f706b72 2998 if (!ltk_is_valid(key))
54ad6d8a
JH		 2999 return cmd_status(sk, hdev->id,
3000 MGMT_OP_LOAD_LONG_TERM_KEYS,
3001 MGMT_STATUS_INVALID_PARAMS);
3002 }
3003
346af67b
VCG		 3004 hci_dev_lock(hdev);
3005
3006 hci_smp_ltks_clear(hdev);
3007
3008 for (i = 0; i < key_count; i++) {
3009 struct mgmt_ltk_info *key = &cp->keys[i];
3010 u8 type;
3011
3012 if (key->master)
3013 type = HCI_SMP_LTK;
3014 else
3015 type = HCI_SMP_LTK_SLAVE;
3016
4596fde5 3017 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3018 bdaddr_to_le(key->addr.type),
04124681
GP		 3019 type, 0, key->authenticated, key->val,
3020 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3021 }
3022
715a5bf2
JH		 3023 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3024 NULL, 0);
3025
346af67b 3026 hci_dev_unlock(hdev);
346af67b 3027
715a5bf2 3028 return err;
346af67b
VCG		 3029}
3030
2e3c35ea 3031static const struct mgmt_handler {
04124681
GP		 3032 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3033 u16 data_len);
be22b54e
JH		 3034 bool var_len;
3035 size_t data_len;
0f4e68cf
JH		 3036} mgmt_handlers[] = {
3037 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3038 { read_version, false, MGMT_READ_VERSION_SIZE },
3039 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3040 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3041 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3042 { set_powered, false, MGMT_SETTING_SIZE },
3043 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3044 { set_connectable, false, MGMT_SETTING_SIZE },
3045 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3046 { set_pairable, false, MGMT_SETTING_SIZE },
3047 { set_link_security, false, MGMT_SETTING_SIZE },
3048 { set_ssp, false, MGMT_SETTING_SIZE },
3049 { set_hs, false, MGMT_SETTING_SIZE },
3050 { set_le, false, MGMT_SETTING_SIZE },
3051 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3052 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3053 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3054 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3055 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3056 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3057 { disconnect, false, MGMT_DISCONNECT_SIZE },
3058 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3059 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3060 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3061 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3062 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3063 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3064 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3065 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3066 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3067 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3068 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3069 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3070 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3071 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3072 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3073 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3074 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3075 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3076 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3077 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3078};
3079
3080
0381101f
JH		 3081int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3082{
650f726d
VCG		 3083 void *buf;
3084 u8 *cp;
0381101f 3085 struct mgmt_hdr *hdr;
4e51eae9 3086 u16 opcode, index, len;
bdb6d971 3087 struct hci_dev *hdev = NULL;
2e3c35ea 3088 const struct mgmt_handler *handler;
0381101f
JH		 3089 int err;
3090
3091 BT_DBG("got %zu bytes", msglen);
3092
3093 if (msglen < sizeof(*hdr))
3094 return -EINVAL;
3095
e63a15ec 3096 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3097 if (!buf)
3098 return -ENOMEM;
3099
3100 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3101 err = -EFAULT;
3102 goto done;
3103 }
3104
650f726d 3105 hdr = buf;
1f350c87
MH		 3106 opcode = __le16_to_cpu(hdr->opcode);
3107 index = __le16_to_cpu(hdr->index);
3108 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3109
3110 if (len != msglen - sizeof(*hdr)) {
3111 err = -EINVAL;
3112 goto done;
3113 }
3114
0f4e68cf 3115 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3116 hdev = hci_dev_get(index);
3117 if (!hdev) {
3118 err = cmd_status(sk, index, opcode,
04124681 3119 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3120 goto done;
3121 }
3122 }
3123
0f4e68cf 3124 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3125 mgmt_handlers[opcode].func == NULL) {
0381101f 3126 BT_DBG("Unknown op %u", opcode);
ca69b795 3127 err = cmd_status(sk, index, opcode,
04124681 3128 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3129 goto done;
3130 }
3131
3132 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3133 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3134 err = cmd_status(sk, index, opcode,
04124681 3135 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3136 goto done;
0381101f
JH		 3137 }
3138
be22b54e
JH		 3139 handler = &mgmt_handlers[opcode];
3140
3141 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3142 (!handler->var_len && len != handler->data_len)) {
be22b54e 3143 err = cmd_status(sk, index, opcode,
04124681 3144 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3145 goto done;
3146 }
3147
0f4e68cf
JH		 3148 if (hdev)
3149 mgmt_init_hdev(sk, hdev);
3150
3151 cp = buf + sizeof(*hdr);
3152
be22b54e 3153 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3154 if (err < 0)
3155 goto done;
3156
0381101f
JH		 3157 err = msglen;
3158
3159done:
bdb6d971
JH		 3160 if (hdev)
3161 hci_dev_put(hdev);
3162
0381101f
JH		 3163 kfree(buf);
3164 return err;
3165}
c71e97bf 3166
b24752fe
JH		 3167static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3168{
3169 u8 *status = data;
3170
3171 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3172 mgmt_pending_remove(cmd);
3173}
3174
744cf19e 3175int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3176{
bb4b2a9a
AE		 3177 if (!mgmt_valid_hdev(hdev))
3178 return -ENOTSUPP;
3179
744cf19e 3180 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3181}
3182
744cf19e 3183int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3184{
5f159032 3185 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3186
bb4b2a9a
AE		 3187 if (!mgmt_valid_hdev(hdev))
3188 return -ENOTSUPP;
3189
744cf19e 3190 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3191
744cf19e 3192 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3193}
3194
73f22f62 3195struct cmd_lookup {
eec8d2bc 3196 struct sock *sk;
69ab39ea 3197 struct hci_dev *hdev;
90e70454 3198 u8 mgmt_status;
eec8d2bc
JH		 3199};
3200
69ab39ea 3201static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3202{
73f22f62 3203 struct cmd_lookup *match = data;
eec8d2bc 3204
69ab39ea 3205 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3206
3207 list_del(&cmd->list);
3208
3209 if (match->sk == NULL) {
3210 match->sk = cmd->sk;
3211 sock_hold(match->sk);
3212 }
3213
3214 mgmt_pending_free(cmd);
c71e97bf 3215}
5add6af8 3216
890ea898 3217static void set_bredr_scan(struct hci_request *req)
7f0ae647 3218{
890ea898 3219 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3220 u8 scan = 0;
3221
3222 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3223 scan |= SCAN_PAGE;
3224 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3225 scan |= SCAN_INQUIRY;
3226
890ea898
JH		 3227 if (scan)
3228 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3229}
3230
229ab39c
JH		 3231static void powered_complete(struct hci_dev *hdev, u8 status)
3232{
3233 struct cmd_lookup match = { NULL, hdev };
3234
3235 BT_DBG("status 0x%02x", status);
3236
3237 hci_dev_lock(hdev);
3238
3239 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3240
3241 new_settings(hdev, match.sk);
3242
3243 hci_dev_unlock(hdev);
3244
3245 if (match.sk)
3246 sock_put(match.sk);
3247}
3248
70da6243 3249static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3250{
890ea898 3251 struct hci_request req;
70da6243 3252 u8 link_sec;
5add6af8 3253
890ea898
JH		 3254 hci_req_init(&req, hdev);
3255
70da6243
JH		 3256 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3257 !lmp_host_ssp_capable(hdev)) {
3258 u8 ssp = 1;
5e5282bb 3259
890ea898 3260 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3261 }
5add6af8 3262
70da6243
JH		 3263 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3264 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3265
70da6243
JH		 3266 cp.le = 1;
3267 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3268
70da6243
JH		 3269 /* Check first if we already have the right
3270 * host state (host features set)
3271 */
3272 if (cp.le != lmp_host_le_capable(hdev) ||
3273 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3274 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3275 sizeof(cp), &cp);
70da6243 3276 }
3d1cbdd6 3277
70da6243
JH		 3278 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3279 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3280 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3281 sizeof(link_sec), &link_sec);
562fcc24 3282
70da6243 3283 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3284 set_bredr_scan(&req);
3285 update_class(&req);
13928971 3286 update_name(&req);
890ea898 3287 update_eir(&req);
70da6243 3288 }
562fcc24 3289
229ab39c 3290 return hci_req_run(&req, powered_complete);
70da6243 3291}
562fcc24 3292
70da6243
JH		 3293int mgmt_powered(struct hci_dev *hdev, u8 powered)
3294{
3295 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3296 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3297 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3298 int err;
f0ff92fb 3299
70da6243
JH		 3300 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3301 return 0;
3302
70da6243 3303 if (powered) {
229ab39c
JH		 3304 if (powered_update_hci(hdev) == 0)
3305 return 0;
fe038884 3306
229ab39c
JH		 3307 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3308 &match);
3309 goto new_settings;
b24752fe
JH		 3310 }
3311
229ab39c
JH		 3312 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3313 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3314
3315 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3316 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3317 zero_cod, sizeof(zero_cod), NULL);
3318
3319new_settings:
beadb2bd 3320 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3321
3322 if (match.sk)
3323 sock_put(match.sk);
3324
7bb895d6 3325 return err;
5add6af8 3326}
73f22f62 3327
744cf19e 3328int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3329{
76a7f3a4 3330 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3331 bool changed = false;
3332 int err = 0;
73f22f62 3333
5e5282bb
JH		 3334 if (discoverable) {
3335 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3336 changed = true;
3337 } else {
3338 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3339 changed = true;
3340 }
73f22f62 3341
ed9b5f2f 3342 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3343 &match);
ed9b5f2f 3344
beadb2bd
JH		 3345 if (changed)
3346 err = new_settings(hdev, match.sk);
5e5282bb 3347
73f22f62
JH		 3348 if (match.sk)
3349 sock_put(match.sk);
3350
7bb895d6 3351 return err;
73f22f62 3352}
9fbcbb45 3353
744cf19e 3354int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3355{
2b76f453 3356 struct pending_cmd *cmd;
5e5282bb
JH		 3357 bool changed = false;
3358 int err = 0;
9fbcbb45 3359
5e5282bb
JH		 3360 if (connectable) {
3361 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3362 changed = true;
3363 } else {
3364 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3365 changed = true;
3366 }
9fbcbb45 3367
2b76f453 3368 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3369
beadb2bd 3370 if (changed)
2b76f453 3371 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3372
7bb895d6 3373 return err;
9fbcbb45 3374}
55ed8ca1 3375
744cf19e 3376int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3377{
ca69b795
JH		 3378 u8 mgmt_err = mgmt_status(status);
3379
2d7cee58 3380 if (scan & SCAN_PAGE)
744cf19e 3381 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3382 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3383
3384 if (scan & SCAN_INQUIRY)
744cf19e 3385 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3386 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3387
3388 return 0;
3389}
3390
53168e5b
CC		 3391int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3392 bool persistent)
55ed8ca1 3393{
86742e1e 3394 struct mgmt_ev_new_link_key ev;
55ed8ca1 3395
a492cd52 3396 memset(&ev, 0, sizeof(ev));
55ed8ca1 3397
a492cd52 3398 ev.store_hint = persistent;
d753fdc4 3399 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3400 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3401 ev.key.type = key->type;
9b3b4460 3402 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3403 ev.key.pin_len = key->pin_len;
55ed8ca1 3404
744cf19e 3405 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3406}
f7520543 3407
346af67b
VCG		 3408int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3409{
3410 struct mgmt_ev_new_long_term_key ev;
3411
3412 memset(&ev, 0, sizeof(ev));
3413
3414 ev.store_hint = persistent;
3415 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3416 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3417 ev.key.authenticated = key->authenticated;
3418 ev.key.enc_size = key->enc_size;
3419 ev.key.ediv = key->ediv;
3420
3421 if (key->type == HCI_SMP_LTK)
3422 ev.key.master = 1;
3423
3424 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3425 memcpy(ev.key.val, key->val, sizeof(key->val));
3426
04124681
GP		 3427 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3428 NULL);
346af67b
VCG		 3429}
3430
afc747a6 3431int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3432 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3433 u8 *dev_class)
f7520543 3434{
b644ba33
JH		 3435 char buf[512];
3436 struct mgmt_ev_device_connected *ev = (void *) buf;
3437 u16 eir_len = 0;
f7520543 3438
b644ba33 3439 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3440 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3441
c95f0ba7 3442 ev->flags = __cpu_to_le32(flags);
08c79b61 3443
b644ba33
JH		 3444 if (name_len > 0)
3445 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3446 name, name_len);
b644ba33
JH		 3447
3448 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3449 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3450 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3451
eb55ef07 3452 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3453
3454 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3455 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3456}
3457
8962ee74
JH		 3458static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3459{
c68fb7ff 3460 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3461 struct sock **sk = data;
a38528f1 3462 struct mgmt_rp_disconnect rp;
8962ee74 3463
88c3df13
JH		 3464 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3465 rp.addr.type = cp->addr.type;
8962ee74 3466
aee9b218 3467 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3468 sizeof(rp));
8962ee74
JH		 3469
3470 *sk = cmd->sk;
3471 sock_hold(*sk);
3472
a664b5bc 3473 mgmt_pending_remove(cmd);
8962ee74
JH		 3474}
3475
124f6e35 3476static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3477{
b1078ad0 3478 struct hci_dev *hdev = data;
124f6e35
JH		 3479 struct mgmt_cp_unpair_device *cp = cmd->param;
3480 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3481
3482 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3483 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3484 rp.addr.type = cp->addr.type;
a8a1d19e 3485
b1078ad0
JH		 3486 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3487
aee9b218 3488 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3489
3490 mgmt_pending_remove(cmd);
3491}
3492
afc747a6 3493int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3494 u8 link_type, u8 addr_type, u8 reason)
f7520543 3495{
f0d6a0ea 3496 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3497 struct sock *sk = NULL;
3498 int err;
3499
744cf19e 3500 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3501
f0d6a0ea
MA		 3502 bacpy(&ev.addr.bdaddr, bdaddr);
3503 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3504 ev.reason = reason;
f7520543 3505
afc747a6 3506 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3507 sk);
8962ee74
JH		 3508
3509 if (sk)
d97dcb66 3510 sock_put(sk);
8962ee74 3511
124f6e35 3512 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3513 hdev);
a8a1d19e 3514
8962ee74
JH		 3515 return err;
3516}
3517
88c3df13 3518int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3519 u8 link_type, u8 addr_type, u8 status)
8962ee74 3520{
88c3df13 3521 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3522 struct pending_cmd *cmd;
3523 int err;
3524
36a75f1b
JD		 3525 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3526 hdev);
3527
2e58ef3e 3528 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3529 if (!cmd)
3530 return -ENOENT;
3531
88c3df13 3532 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3533 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3534
88c3df13 3535 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3536 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3537
a664b5bc 3538 mgmt_pending_remove(cmd);
8962ee74
JH		 3539
3540 return err;
f7520543 3541}
17d5c04c 3542
48264f06 3543int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3544 u8 addr_type, u8 status)
17d5c04c
JH		 3545{
3546 struct mgmt_ev_connect_failed ev;
3547
4c659c39 3548 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3549 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3550 ev.status = mgmt_status(status);
17d5c04c 3551
744cf19e 3552 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3553}
980e1a53 3554
744cf19e 3555int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3556{
3557 struct mgmt_ev_pin_code_request ev;
3558
d8457698 3559 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3560 ev.addr.type = BDADDR_BREDR;
a770bb5a 3561 ev.secure = secure;
980e1a53 3562
744cf19e 3563 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3564 NULL);
980e1a53
JH		 3565}
3566
744cf19e 3567int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3568 u8 status)
980e1a53
JH		 3569{
3570 struct pending_cmd *cmd;
ac56fb13 3571 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3572 int err;
3573
2e58ef3e 3574 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3575 if (!cmd)
3576 return -ENOENT;
3577
d8457698 3578 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3579 rp.addr.type = BDADDR_BREDR;
ac56fb13 3580
aee9b218 3581 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3582 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3583
a664b5bc 3584 mgmt_pending_remove(cmd);
980e1a53
JH		 3585
3586 return err;
3587}
3588
744cf19e 3589int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3590 u8 status)
980e1a53
JH		 3591{
3592 struct pending_cmd *cmd;
ac56fb13 3593 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3594 int err;
3595
2e58ef3e 3596 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3597 if (!cmd)
3598 return -ENOENT;
3599
d8457698 3600 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3601 rp.addr.type = BDADDR_BREDR;
ac56fb13 3602
aee9b218 3603 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3604 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3605
a664b5bc 3606 mgmt_pending_remove(cmd);
980e1a53
JH		 3607
3608 return err;
3609}
a5c29683 3610
744cf19e 3611int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3612 u8 link_type, u8 addr_type, __le32 value,
3613 u8 confirm_hint)
a5c29683
JH		 3614{
3615 struct mgmt_ev_user_confirm_request ev;
3616
744cf19e 3617 BT_DBG("%s", hdev->name);
a5c29683 3618
272d90df 3619 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3620 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3621 ev.confirm_hint = confirm_hint;
78e8098e 3622 ev.value = value;
a5c29683 3623
744cf19e 3624 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3625 NULL);
a5c29683
JH		 3626}
3627
272d90df 3628int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3629 u8 link_type, u8 addr_type)
604086b7
BG		 3630{
3631 struct mgmt_ev_user_passkey_request ev;
3632
3633 BT_DBG("%s", hdev->name);
3634
272d90df 3635 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3636 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3637
3638 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3639 NULL);
604086b7
BG		 3640}
3641
0df4c185 3642static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3643 u8 link_type, u8 addr_type, u8 status,
3644 u8 opcode)
a5c29683
JH		 3645{
3646 struct pending_cmd *cmd;
3647 struct mgmt_rp_user_confirm_reply rp;
3648 int err;
3649
2e58ef3e 3650 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3651 if (!cmd)
3652 return -ENOENT;
3653
272d90df 3654 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3655 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3656 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3657 &rp, sizeof(rp));
a5c29683 3658
a664b5bc 3659 mgmt_pending_remove(cmd);
a5c29683
JH		 3660
3661 return err;
3662}
3663
744cf19e 3664int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3665 u8 link_type, u8 addr_type, u8 status)
a5c29683 3666{
272d90df 3667 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3668 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3669}
3670
272d90df 3671int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3672 u8 link_type, u8 addr_type, u8 status)
a5c29683 3673{
272d90df 3674 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3675 status,
3676 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3677}
2a611692 3678
604086b7 3679int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3680 u8 link_type, u8 addr_type, u8 status)
604086b7 3681{
272d90df 3682 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3683 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3684}
3685
272d90df 3686int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3687 u8 link_type, u8 addr_type, u8 status)
604086b7 3688{
272d90df 3689 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3690 status,
3691 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3692}
3693
92a25256
JH		 3694int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3695 u8 link_type, u8 addr_type, u32 passkey,
3696 u8 entered)
3697{
3698 struct mgmt_ev_passkey_notify ev;
3699
3700 BT_DBG("%s", hdev->name);
3701
3702 bacpy(&ev.addr.bdaddr, bdaddr);
3703 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3704 ev.passkey = __cpu_to_le32(passkey);
3705 ev.entered = entered;
3706
3707 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3708}
3709
bab73cb6 3710int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3711 u8 addr_type, u8 status)
2a611692
JH		 3712{
3713 struct mgmt_ev_auth_failed ev;
3714
bab73cb6 3715 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3716 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3717 ev.status = mgmt_status(status);
2a611692 3718
744cf19e 3719 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3720}
b312b161 3721
33ef95ed
JH		 3722int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3723{
3724 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3725 bool changed = false;
3726 int err = 0;
33ef95ed
JH		 3727
3728 if (status) {
3729 u8 mgmt_err = mgmt_status(status);
3730 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3731 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3732 return 0;
3733 }
3734
47990ea0
JH		 3735 if (test_bit(HCI_AUTH, &hdev->flags)) {
3736 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3737 changed = true;
3738 } else {
3739 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3740 changed = true;
3741 }
3742
33ef95ed 3743 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3744 &match);
33ef95ed 3745
47990ea0
JH		 3746 if (changed)
3747 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3748
3749 if (match.sk)
3750 sock_put(match.sk);
3751
3752 return err;
3753}
3754
890ea898 3755static void clear_eir(struct hci_request *req)
cacaf52f 3756{
890ea898 3757 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3758 struct hci_cp_write_eir cp;
3759
976eb20e 3760 if (!lmp_ext_inq_capable(hdev))
890ea898 3761 return;
cacaf52f 3762
c80da27e
JH		 3763 memset(hdev->eir, 0, sizeof(hdev->eir));
3764
cacaf52f
JH		 3765 memset(&cp, 0, sizeof(cp));
3766
890ea898 3767 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 3768}
3769
c0ecddc2 3770int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3771{
3772 struct cmd_lookup match = { NULL, hdev };
890ea898 3773 struct hci_request req;
c0ecddc2
JH		 3774 bool changed = false;
3775 int err = 0;
ed2c4ee3
JH		 3776
3777 if (status) {
3778 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3779
3780 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3781 &hdev->dev_flags))
c0ecddc2
JH		 3782 err = new_settings(hdev, NULL);
3783
04124681
GP		 3784 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3785 &mgmt_err);
c0ecddc2
JH		 3786
3787 return err;
3788 }
3789
3790 if (enable) {
3791 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3792 changed = true;
3793 } else {
3794 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3795 changed = true;
ed2c4ee3
JH		 3796 }
3797
3798 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3799
c0ecddc2
JH		 3800 if (changed)
3801 err = new_settings(hdev, match.sk);
ed2c4ee3 3802
5fc6ebb1 3803 if (match.sk)
ed2c4ee3
JH		 3804 sock_put(match.sk);
3805
890ea898
JH		 3806 hci_req_init(&req, hdev);
3807
5fc6ebb1 3808 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 3809 update_eir(&req);
5fc6ebb1 3810 else
890ea898
JH		 3811 clear_eir(&req);
3812
3813 hci_req_run(&req, NULL);
cacaf52f 3814
ed2c4ee3
JH		 3815 return err;
3816}
3817
92da6097 3818static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 3819{
3820 struct cmd_lookup *match = data;
3821
90e70454
JH		 3822 if (match->sk == NULL) {
3823 match->sk = cmd->sk;
3824 sock_hold(match->sk);
3825 }
90e70454
JH		 3826}
3827
7f9a903c 3828int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3829 u8 status)
7f9a903c 3830{
90e70454
JH		 3831 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3832 int err = 0;
7f9a903c 3833
92da6097
JH		 3834 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
3835 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
3836 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 3837
3838 if (!status)
04124681
GP		 3839 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3840 3, NULL);
90e70454
JH		 3841
3842 if (match.sk)
3843 sock_put(match.sk);
7f9a903c
MH		 3844
3845 return err;
3846}
3847
744cf19e 3848int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 3849{
b312b161 3850 struct mgmt_cp_set_local_name ev;
13928971 3851 struct pending_cmd *cmd;
28cc7bde 3852
13928971
JH		 3853 if (status)
3854 return 0;
b312b161
JH		 3855
3856 memset(&ev, 0, sizeof(ev));
3857 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3858 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3859
2e58ef3e 3860 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3861 if (!cmd) {
3862 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 3863
13928971
JH		 3864 /* If this is a HCI command related to powering on the
3865 * HCI dev don't send any mgmt signals.
3866 */
3867 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
3868 return 0;
890ea898 3869 }
b312b161 3870
13928971
JH		 3871 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3872 cmd ? cmd->sk : NULL);
b312b161 3873}
c35938b2 3874
744cf19e 3875int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3876 u8 *randomizer, u8 status)
c35938b2
SJ		 3877{
3878 struct pending_cmd *cmd;
3879 int err;
3880
744cf19e 3881 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3882
2e58ef3e 3883 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3884 if (!cmd)
3885 return -ENOENT;
3886
3887 if (status) {
04124681
GP		 3888 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3889 mgmt_status(status));
c35938b2
SJ		 3890 } else {
3891 struct mgmt_rp_read_local_oob_data rp;
3892
3893 memcpy(rp.hash, hash, sizeof(rp.hash));
3894 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3895
744cf19e 3896 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3897 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3898 sizeof(rp));
c35938b2
SJ		 3899 }
3900
3901 mgmt_pending_remove(cmd);
3902
3903 return err;
3904}
e17acd40 3905
06199cf8
JH		 3906int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3907{
3908 struct cmd_lookup match = { NULL, hdev };
3909 bool changed = false;
3910 int err = 0;
3911
3912 if (status) {
3913 u8 mgmt_err = mgmt_status(status);
3914
3915 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3916 &hdev->dev_flags))
d97dcb66 3917 err = new_settings(hdev, NULL);
06199cf8 3918
d97dcb66
SJ		 3919 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3920 &mgmt_err);
06199cf8
JH		 3921
3922 return err;
3923 }
3924
3925 if (enable) {
3926 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3927 changed = true;
3928 } else {
3929 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3930 changed = true;
3931 }
3932
3933 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3934
3935 if (changed)
3936 err = new_settings(hdev, match.sk);
3937
3938 if (match.sk)
3939 sock_put(match.sk);
3940
3941 return err;
3942}
3943
48264f06 3944int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3945 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3946 ssp, u8 *eir, u16 eir_len)
e17acd40 3947{
e319d2e7
JH		 3948 char buf[512];
3949 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3950 size_t ev_size;
e17acd40 3951
1dc06093
JH		 3952 /* Leave 5 bytes for a potential CoD field */
3953 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3954 return -EINVAL;
3955
1dc06093
JH		 3956 memset(buf, 0, sizeof(buf));
3957
e319d2e7 3958 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3959 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3960 ev->rssi = rssi;
9a395a80 3961 if (cfm_name)
612dfce9 3962 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3963 if (!ssp)
612dfce9 3964 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3965
1dc06093 3966 if (eir_len > 0)
e319d2e7 3967 memcpy(ev->eir, eir, eir_len);
e17acd40 3968
1dc06093
JH		 3969 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3970 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3971 dev_class, 3);
1dc06093 3972
eb55ef07 3973 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3974 ev_size = sizeof(*ev) + eir_len;
f8523598 3975
e319d2e7 3976 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3977}
a88a9652 3978
b644ba33 3979int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3980 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3981{
b644ba33
JH		 3982 struct mgmt_ev_device_found *ev;
3983 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3984 u16 eir_len;
a88a9652 3985
b644ba33 3986 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3987
b644ba33
JH		 3988 memset(buf, 0, sizeof(buf));
3989
3990 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3991 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3992 ev->rssi = rssi;
3993
3994 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3995 name_len);
b644ba33 3996
eb55ef07 3997 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3998
053c7e0c 3999 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4000 sizeof(*ev) + eir_len, NULL);
a88a9652 4001}
314b2381 4002
7a135109 4003int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 4004{
4005 struct pending_cmd *cmd;
f808e166 4006 u8 type;
164a6e78
JH		 4007 int err;
4008
203159d4
AG		 4009 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4010
2e58ef3e 4011 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 4012 if (!cmd)
4013 return -ENOENT;
4014
f808e166
JH		 4015 type = hdev->discovery.type;
4016
4017 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 4018 &type, sizeof(type));
164a6e78
JH		 4019 mgmt_pending_remove(cmd);
4020
4021 return err;
4022}
4023
e6d465cb
AG		 4024int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
4025{
4026 struct pending_cmd *cmd;
4027 int err;
4028
4029 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4030 if (!cmd)
4031 return -ENOENT;
4032
d930650b 4033 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 4034 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 4035 mgmt_pending_remove(cmd);
4036
4037 return err;
4038}
4039
744cf19e 4040int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4041{
f963e8e9 4042 struct mgmt_ev_discovering ev;
164a6e78
JH		 4043 struct pending_cmd *cmd;
4044
343fb145
AG		 4045 BT_DBG("%s discovering %u", hdev->name, discovering);
4046
164a6e78 4047 if (discovering)
2e58ef3e 4048 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4049 else
2e58ef3e 4050 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4051
4052 if (cmd != NULL) {
f808e166
JH		 4053 u8 type = hdev->discovery.type;
4054
04124681
GP		 4055 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4056 sizeof(type));
164a6e78
JH		 4057 mgmt_pending_remove(cmd);
4058 }
4059
f963e8e9
JH		 4060 memset(&ev, 0, sizeof(ev));
4061 ev.type = hdev->discovery.type;
4062 ev.discovering = discovering;
4063
4064 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4065}
5e762444 4066
88c1fe4b 4067int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4068{
4069 struct pending_cmd *cmd;
4070 struct mgmt_ev_device_blocked ev;
4071
2e58ef3e 4072 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4073
88c1fe4b
JH		 4074 bacpy(&ev.addr.bdaddr, bdaddr);
4075 ev.addr.type = type;
5e762444 4076
744cf19e 4077 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4078 cmd ? cmd->sk : NULL);
5e762444
AJ		 4079}
4080
88c1fe4b 4081int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4082{
4083 struct pending_cmd *cmd;
4084 struct mgmt_ev_device_unblocked ev;
4085
2e58ef3e 4086 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4087
88c1fe4b
JH		 4088 bacpy(&ev.addr.bdaddr, bdaddr);
4089 ev.addr.type = type;
5e762444 4090
744cf19e 4091 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4092 cmd ? cmd->sk : NULL);
5e762444 4093}
d7b7e796
MH		 4094
4095module_param(enable_hs, bool, 0644);
4096MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.453557 seconds and 5 git commands to generate.