projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Handle EIR tags for Device ID
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
17b02e62 119#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
e5f0e151 267 return err;
02d98129
JH		 268}
269
04124681
GP		 270static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
271 u16 data_len)
a38528f1
JH		 272{
273 struct mgmt_rp_read_version rp;
274
275 BT_DBG("sock %p", sk);
276
277 rp.version = MGMT_VERSION;
278 put_unaligned_le16(MGMT_REVISION, &rp.revision);
279
aee9b218 280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 281 sizeof(rp));
a38528f1
JH		 282}
283
04124681
GP		 284static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
285 u16 data_len)
e70bb2e8
JH		 286{
287 struct mgmt_rp_read_commands *rp;
288 u16 num_commands = ARRAY_SIZE(mgmt_commands);
289 u16 num_events = ARRAY_SIZE(mgmt_events);
290 u16 *opcode;
291 size_t rp_size;
292 int i, err;
293
294 BT_DBG("sock %p", sk);
295
296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
297
298 rp = kmalloc(rp_size, GFP_KERNEL);
299 if (!rp)
300 return -ENOMEM;
301
302 put_unaligned_le16(num_commands, &rp->num_commands);
303 put_unaligned_le16(num_events, &rp->num_events);
304
305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306 put_unaligned_le16(mgmt_commands[i], opcode);
307
308 for (i = 0; i < num_events; i++, opcode++)
309 put_unaligned_le16(mgmt_events[i], opcode);
310
aee9b218 311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 312 rp_size);
e70bb2e8
JH		 313 kfree(rp);
314
315 return err;
316}
317
04124681
GP		 318static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
319 u16 data_len)
faba42eb 320{
faba42eb
JH		 321 struct mgmt_rp_read_index_list *rp;
322 struct list_head *p;
8035ded4 323 struct hci_dev *d;
a38528f1 324 size_t rp_len;
faba42eb 325 u16 count;
a38528f1 326 int i, err;
faba42eb
JH		 327
328 BT_DBG("sock %p", sk);
329
330 read_lock(&hci_dev_list_lock);
331
332 count = 0;
333 list_for_each(p, &hci_dev_list) {
334 count++;
335 }
336
a38528f1
JH		 337 rp_len = sizeof(*rp) + (2 * count);
338 rp = kmalloc(rp_len, GFP_ATOMIC);
339 if (!rp) {
b2c60d42 340 read_unlock(&hci_dev_list_lock);
faba42eb 341 return -ENOMEM;
b2c60d42 342 }
faba42eb 343
faba42eb
JH		 344 put_unaligned_le16(count, &rp->num_controllers);
345
346 i = 0;
8035ded4 347 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 348 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 349 continue;
350
faba42eb
JH		 351 put_unaligned_le16(d->id, &rp->index[i++]);
352 BT_DBG("Added hci%u", d->id);
353 }
354
355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
370 settings |= MGMT_SETTING_CONNECTABLE;
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_PAIRABLE;
374
375 if (hdev->features[6] & LMP_SIMPLE_PAIR)
376 settings |= MGMT_SETTING_SSP;
377
378 if (!(hdev->features[4] & LMP_NO_BREDR)) {
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
381 }
382
d7b7e796
MH		 383 if (enable_hs)
384 settings |= MGMT_SETTING_HS;
385
386 if (enable_le) {
387 if (hdev->features[4] & LMP_LE)
388 settings |= MGMT_SETTING_LE;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
5e5282bb 404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_DISCOVERABLE;
406
a8b2d5c2 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_PAIRABLE;
409
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
412
06199cf8 413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_LE;
415
47990ea0 416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LINK_SECURITY;
418
84bde9d6 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_SSP;
421
6d80dfd0
JH		 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
69ab39ea
JH		 425 return settings;
426}
427
ef580372
JH		 428#define PNP_INFO_SVCLASS_ID 0x1200
429
430static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433};
434
435static u16 get_uuid16(u8 *uuid128)
436{
437 u32 val;
438 int i;
439
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
442 return 0;
443 }
444
445 memcpy(&val, &uuid128[12], 4);
446
447 val = le32_to_cpu(val);
448 if (val > 0xffff)
449 return 0;
450
451 return (u16) val;
452}
453
454static void create_eir(struct hci_dev *hdev, u8 *data)
455{
456 u8 *ptr = data;
457 u16 eir_len = 0;
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
461 size_t name_len;
462
463 name_len = strlen(hdev->dev_name);
464
465 if (name_len > 0) {
466 /* EIR Data type */
467 if (name_len > 48) {
468 name_len = 48;
469 ptr[1] = EIR_NAME_SHORT;
470 } else
471 ptr[1] = EIR_NAME_COMPLETE;
472
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
475
476 memcpy(ptr + 2, hdev->dev_name, name_len);
477
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
480 }
481
91c4e9b1
MH		 482 if (hdev->inq_tx_power) {
483 ptr[0] = 2;
484 ptr[1] = EIR_TX_POWER;
485 ptr[2] = (u8) hdev->inq_tx_power;
486
487 eir_len += 3;
488 ptr += 3;
489 }
490
2b9be137
MH		 491 if (hdev->devid_source > 0) {
492 ptr[0] = 9;
493 ptr[1] = EIR_DEVICE_ID;
494
495 put_unaligned_le16(hdev->devid_source, ptr + 2);
496 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
497 put_unaligned_le16(hdev->devid_product, ptr + 6);
498 put_unaligned_le16(hdev->devid_version, ptr + 8);
499
500 eir_len += 10;
501 ptr += 10;
502 }
503
ef580372
JH		 504 memset(uuid16_list, 0, sizeof(uuid16_list));
505
506 /* Group all UUID16 types */
507 list_for_each_entry(uuid, &hdev->uuids, list) {
508 u16 uuid16;
509
510 uuid16 = get_uuid16(uuid->uuid);
511 if (uuid16 == 0)
512 return;
513
514 if (uuid16 < 0x1100)
515 continue;
516
517 if (uuid16 == PNP_INFO_SVCLASS_ID)
518 continue;
519
520 /* Stop if not enough space to put next UUID */
521 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
522 truncated = 1;
523 break;
524 }
525
526 /* Check for duplicates */
527 for (i = 0; uuid16_list[i] != 0; i++)
528 if (uuid16_list[i] == uuid16)
529 break;
530
531 if (uuid16_list[i] == 0) {
532 uuid16_list[i] = uuid16;
533 eir_len += sizeof(u16);
534 }
535 }
536
537 if (uuid16_list[0] != 0) {
538 u8 *length = ptr;
539
540 /* EIR Data type */
541 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
542
543 ptr += 2;
544 eir_len += 2;
545
546 for (i = 0; uuid16_list[i] != 0; i++) {
547 *ptr++ = (uuid16_list[i] & 0x00ff);
548 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
549 }
550
551 /* EIR Data length */
552 *length = (i * sizeof(u16)) + 1;
553 }
554}
555
556static int update_eir(struct hci_dev *hdev)
557{
558 struct hci_cp_write_eir cp;
559
504c8dcd 560 if (!hdev_is_powered(hdev))
7770c4aa
JH		 561 return 0;
562
ef580372
JH		 563 if (!(hdev->features[6] & LMP_EXT_INQ))
564 return 0;
565
84bde9d6 566 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 567 return 0;
568
a8b2d5c2 569 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 570 return 0;
571
572 memset(&cp, 0, sizeof(cp));
573
574 create_eir(hdev, cp.data);
575
576 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
577 return 0;
578
579 memcpy(hdev->eir, cp.data, sizeof(cp.data));
580
581 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
582}
583
584static u8 get_service_classes(struct hci_dev *hdev)
585{
586 struct bt_uuid *uuid;
587 u8 val = 0;
588
589 list_for_each_entry(uuid, &hdev->uuids, list)
590 val |= uuid->svc_hint;
591
592 return val;
593}
594
595static int update_class(struct hci_dev *hdev)
596{
597 u8 cod[3];
c95f0ba7 598 int err;
ef580372
JH		 599
600 BT_DBG("%s", hdev->name);
601
504c8dcd 602 if (!hdev_is_powered(hdev))
7770c4aa
JH		 603 return 0;
604
a8b2d5c2 605 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 606 return 0;
607
608 cod[0] = hdev->minor_class;
609 cod[1] = hdev->major_class;
610 cod[2] = get_service_classes(hdev);
611
612 if (memcmp(cod, hdev->dev_class, 3) == 0)
613 return 0;
614
c95f0ba7
JH		 615 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
616 if (err == 0)
617 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
618
619 return err;
ef580372
JH		 620}
621
7d78525d
JH		 622static void service_cache_off(struct work_struct *work)
623{
624 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 625 service_cache.work);
7d78525d 626
a8b2d5c2 627 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 628 return;
629
630 hci_dev_lock(hdev);
631
632 update_eir(hdev);
633 update_class(hdev);
634
635 hci_dev_unlock(hdev);
636}
637
6a919082 638static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 639{
4f87da80 640 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 641 return;
642
4f87da80 643 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 644
4f87da80
JH		 645 /* Non-mgmt controlled devices get this bit set
646 * implicitly so that pairing works for them, however
647 * for mgmt we require user-space to explicitly enable
648 * it
649 */
650 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 651}
652
0f4e68cf 653static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 654 void *data, u16 data_len)
0381101f 655{
a38528f1 656 struct mgmt_rp_read_info rp;
f7b64e69 657
bdb6d971 658 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 659
09fd0de5 660 hci_dev_lock(hdev);
f7b64e69 661
dc4fe30b
JH		 662 memset(&rp, 0, sizeof(rp));
663
69ab39ea 664 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 665
69ab39ea 666 rp.version = hdev->hci_ver;
f7b64e69 667
69ab39ea
JH		 668 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
669
670 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
671 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 672
a38528f1 673 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 674
dc4fe30b 675 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 676 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 677
09fd0de5 678 hci_dev_unlock(hdev);
0381101f 679
bdb6d971 680 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 681 sizeof(rp));
0381101f
JH		 682}
683
eec8d2bc
JH		 684static void mgmt_pending_free(struct pending_cmd *cmd)
685{
686 sock_put(cmd->sk);
c68fb7ff 687 kfree(cmd->param);
eec8d2bc
JH		 688 kfree(cmd);
689}
690
366a0336 691static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 692 struct hci_dev *hdev, void *data,
693 u16 len)
eec8d2bc
JH		 694{
695 struct pending_cmd *cmd;
696
697 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
698 if (!cmd)
366a0336 699 return NULL;
eec8d2bc
JH		 700
701 cmd->opcode = opcode;
2e58ef3e 702 cmd->index = hdev->id;
eec8d2bc 703
c68fb7ff
SJ		 704 cmd->param = kmalloc(len, GFP_ATOMIC);
705 if (!cmd->param) {
eec8d2bc 706 kfree(cmd);
366a0336 707 return NULL;
eec8d2bc
JH		 708 }
709
8fce6357
SJ		 710 if (data)
711 memcpy(cmd->param, data, len);
eec8d2bc
JH		 712
713 cmd->sk = sk;
714 sock_hold(sk);
715
2e58ef3e 716 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 717
366a0336 718 return cmd;
eec8d2bc
JH		 719}
720
744cf19e 721static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
04124681
GP		 722 void (*cb)(struct pending_cmd *cmd, void *data),
723 void *data)
eec8d2bc
JH		 724{
725 struct list_head *p, *n;
726
2e58ef3e 727 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 728 struct pending_cmd *cmd;
729
730 cmd = list_entry(p, struct pending_cmd, list);
731
b24752fe 732 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 733 continue;
734
eec8d2bc
JH		 735 cb(cmd, data);
736 }
737}
738
2e58ef3e 739static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 740{
8035ded4 741 struct pending_cmd *cmd;
eec8d2bc 742
2e58ef3e 743 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 744 if (cmd->opcode == opcode)
745 return cmd;
eec8d2bc
JH		 746 }
747
748 return NULL;
749}
750
a664b5bc 751static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 752{
73f22f62
JH		 753 list_del(&cmd->list);
754 mgmt_pending_free(cmd);
755}
756
69ab39ea 757static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 758{
69ab39ea 759 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 760
aee9b218 761 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 762 sizeof(settings));
8680570b
JH		 763}
764
bdb6d971 765static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 766 u16 len)
eec8d2bc 767{
650f726d 768 struct mgmt_mode *cp = data;
366a0336 769 struct pending_cmd *cmd;
4b34ee78 770 int err;
eec8d2bc 771
bdb6d971 772 BT_DBG("request for %s", hdev->name);
eec8d2bc 773
09fd0de5 774 hci_dev_lock(hdev);
eec8d2bc 775
f0d4b78a
MH		 776 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
777 cancel_delayed_work(&hdev->power_off);
778
779 if (cp->val) {
780 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
781 mgmt_powered(hdev, 1);
782 goto failed;
783 }
784 }
785
4b34ee78 786 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 787 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 788 goto failed;
789 }
790
2e58ef3e 791 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 792 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 793 MGMT_STATUS_BUSY);
eec8d2bc
JH		 794 goto failed;
795 }
796
2e58ef3e 797 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 798 if (!cmd) {
799 err = -ENOMEM;
eec8d2bc 800 goto failed;
366a0336 801 }
eec8d2bc 802
72a734ec 803 if (cp->val)
7f971041 804 schedule_work(&hdev->power_on);
eec8d2bc 805 else
80b7ab33 806 schedule_work(&hdev->power_off.work);
eec8d2bc 807
366a0336 808 err = 0;
eec8d2bc
JH		 809
810failed:
09fd0de5 811 hci_dev_unlock(hdev);
366a0336 812 return err;
eec8d2bc
JH		 813}
814
04124681
GP		 815static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
816 struct sock *skip_sk)
beadb2bd
JH		 817{
818 struct sk_buff *skb;
819 struct mgmt_hdr *hdr;
820
821 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
822 if (!skb)
823 return -ENOMEM;
824
825 hdr = (void *) skb_put(skb, sizeof(*hdr));
826 hdr->opcode = cpu_to_le16(event);
827 if (hdev)
828 hdr->index = cpu_to_le16(hdev->id);
829 else
830 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
831 hdr->len = cpu_to_le16(data_len);
832
833 if (data)
834 memcpy(skb_put(skb, data_len), data, data_len);
835
97e0bdeb
MH		 836 /* Time stamp */
837 __net_timestamp(skb);
838
beadb2bd
JH		 839 hci_send_to_control(skb, skip_sk);
840 kfree_skb(skb);
841
842 return 0;
843}
844
845static int new_settings(struct hci_dev *hdev, struct sock *skip)
846{
847 __le32 ev;
848
849 ev = cpu_to_le32(get_current_settings(hdev));
850
851 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
852}
853
bdb6d971 854static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 855 u16 len)
73f22f62 856{
650f726d 857 struct mgmt_cp_set_discoverable *cp = data;
366a0336 858 struct pending_cmd *cmd;
5e5282bb 859 u16 timeout;
73f22f62
JH		 860 u8 scan;
861 int err;
862
bdb6d971 863 BT_DBG("request for %s", hdev->name);
73f22f62 864
24c54a90
MH		 865 timeout = get_unaligned_le16(&cp->timeout);
866 if (!cp->val && timeout > 0)
bdb6d971 867 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 868 MGMT_STATUS_INVALID_PARAMS);
73f22f62 869
09fd0de5 870 hci_dev_lock(hdev);
73f22f62 871
5e5282bb 872 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 873 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 874 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 875 goto failed;
876 }
877
2e58ef3e
JH		 878 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
879 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 880 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 881 MGMT_STATUS_BUSY);
73f22f62
JH		 882 goto failed;
883 }
884
5e5282bb 885 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 886 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 887 MGMT_STATUS_REJECTED);
5e5282bb
JH		 888 goto failed;
889 }
890
891 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 892 bool changed = false;
893
894 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
895 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
896 changed = true;
897 }
898
5e5282bb 899 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 900 if (err < 0)
901 goto failed;
902
903 if (changed)
904 err = new_settings(hdev, sk);
905
5e5282bb
JH		 906 goto failed;
907 }
908
909 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 910 if (hdev->discov_timeout > 0) {
911 cancel_delayed_work(&hdev->discov_off);
912 hdev->discov_timeout = 0;
913 }
914
915 if (cp->val && timeout > 0) {
916 hdev->discov_timeout = timeout;
917 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
918 msecs_to_jiffies(hdev->discov_timeout * 1000));
919 }
920
69ab39ea 921 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 922 goto failed;
923 }
924
2e58ef3e 925 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 926 if (!cmd) {
927 err = -ENOMEM;
73f22f62 928 goto failed;
366a0336 929 }
73f22f62
JH		 930
931 scan = SCAN_PAGE;
932
72a734ec 933 if (cp->val)
73f22f62 934 scan |= SCAN_INQUIRY;
16ab91ab 935 else
e0f9309f 936 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 937
938 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
939 if (err < 0)
a664b5bc 940 mgmt_pending_remove(cmd);
73f22f62 941
16ab91ab 942 if (cp->val)
5e5282bb 943 hdev->discov_timeout = timeout;
16ab91ab 944
73f22f62 945failed:
09fd0de5 946 hci_dev_unlock(hdev);
73f22f62
JH		 947 return err;
948}
949
bdb6d971 950static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 951 u16 len)
9fbcbb45 952{
650f726d 953 struct mgmt_mode *cp = data;
366a0336 954 struct pending_cmd *cmd;
9fbcbb45
JH		 955 u8 scan;
956 int err;
957
bdb6d971 958 BT_DBG("request for %s", hdev->name);
9fbcbb45 959
09fd0de5 960 hci_dev_lock(hdev);
9fbcbb45 961
4b34ee78 962 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 963 bool changed = false;
964
965 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
966 changed = true;
967
6bf0e469 968 if (cp->val) {
5e5282bb 969 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 970 } else {
5e5282bb
JH		 971 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
972 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
973 }
0224d2fa 974
5e5282bb 975 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 976 if (err < 0)
977 goto failed;
978
979 if (changed)
980 err = new_settings(hdev, sk);
981
9fbcbb45
JH		 982 goto failed;
983 }
984
2e58ef3e
JH		 985 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
986 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 987 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 988 MGMT_STATUS_BUSY);
9fbcbb45
JH		 989 goto failed;
990 }
991
5e5282bb 992 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 993 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 994 goto failed;
995 }
996
2e58ef3e 997 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 998 if (!cmd) {
999 err = -ENOMEM;
9fbcbb45 1000 goto failed;
366a0336 1001 }
9fbcbb45 1002
6bf0e469 1003 if (cp->val) {
9fbcbb45 1004 scan = SCAN_PAGE;
6bf0e469 1005 } else {
9fbcbb45
JH		 1006 scan = 0;
1007
df2c6c5e
JH		 1008 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1009 hdev->discov_timeout > 0)
1010 cancel_delayed_work(&hdev->discov_off);
1011 }
1012
9fbcbb45
JH		 1013 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1014 if (err < 0)
a664b5bc 1015 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1016
1017failed:
09fd0de5 1018 hci_dev_unlock(hdev);
9fbcbb45
JH		 1019 return err;
1020}
1021
bdb6d971 1022static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1023 u16 len)
c542a06c 1024{
650f726d 1025 struct mgmt_mode *cp = data;
c542a06c
JH		 1026 int err;
1027
bdb6d971 1028 BT_DBG("request for %s", hdev->name);
c542a06c 1029
09fd0de5 1030 hci_dev_lock(hdev);
c542a06c
JH		 1031
1032 if (cp->val)
a8b2d5c2 1033 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1034 else
a8b2d5c2 1035 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1036
69ab39ea 1037 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1038 if (err < 0)
1039 goto failed;
1040
beadb2bd 1041 err = new_settings(hdev, sk);
c542a06c
JH		 1042
1043failed:
09fd0de5 1044 hci_dev_unlock(hdev);
c542a06c
JH		 1045 return err;
1046}
1047
04124681
GP		 1048static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1049 u16 len)
33ef95ed
JH		 1050{
1051 struct mgmt_mode *cp = data;
1052 struct pending_cmd *cmd;
816a11d5 1053 u8 val;
33ef95ed
JH		 1054 int err;
1055
bdb6d971 1056 BT_DBG("request for %s", hdev->name);
33ef95ed 1057
33ef95ed
JH		 1058 hci_dev_lock(hdev);
1059
4b34ee78 1060 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1061 bool changed = false;
1062
1063 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1064 &hdev->dev_flags)) {
1065 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1066 changed = true;
1067 }
1068
1069 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1070 if (err < 0)
1071 goto failed;
1072
1073 if (changed)
1074 err = new_settings(hdev, sk);
1075
33ef95ed
JH		 1076 goto failed;
1077 }
1078
1079 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1080 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1081 MGMT_STATUS_BUSY);
33ef95ed
JH		 1082 goto failed;
1083 }
1084
1085 val = !!cp->val;
1086
1087 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1088 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1089 goto failed;
1090 }
1091
1092 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1093 if (!cmd) {
1094 err = -ENOMEM;
1095 goto failed;
1096 }
1097
1098 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1099 if (err < 0) {
1100 mgmt_pending_remove(cmd);
1101 goto failed;
1102 }
1103
1104failed:
1105 hci_dev_unlock(hdev);
33ef95ed
JH		 1106 return err;
1107}
1108
bdb6d971 1109static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1110{
1111 struct mgmt_mode *cp = data;
1112 struct pending_cmd *cmd;
816a11d5 1113 u8 val;
ed2c4ee3
JH		 1114 int err;
1115
bdb6d971 1116 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1117
ed2c4ee3
JH		 1118 hci_dev_lock(hdev);
1119
6c8f12c1 1120 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1121 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1122 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1123 goto failed;
1124 }
1125
c0ecddc2
JH		 1126 val = !!cp->val;
1127
4b34ee78 1128 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1129 bool changed = false;
1130
1131 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1132 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1133 changed = true;
1134 }
1135
1136 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1137 if (err < 0)
1138 goto failed;
1139
1140 if (changed)
1141 err = new_settings(hdev, sk);
1142
ed2c4ee3
JH		 1143 goto failed;
1144 }
1145
1146 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
04124681
GP		 1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1148 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1149 goto failed;
1150 }
1151
ed2c4ee3
JH		 1152 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1153 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1154 goto failed;
1155 }
1156
1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1158 if (!cmd) {
1159 err = -ENOMEM;
1160 goto failed;
1161 }
1162
1163 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1164 if (err < 0) {
1165 mgmt_pending_remove(cmd);
1166 goto failed;
1167 }
1168
1169failed:
1170 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1171 return err;
1172}
1173
bdb6d971 1174static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1175{
1176 struct mgmt_mode *cp = data;
6d80dfd0 1177
bdb6d971 1178 BT_DBG("request for %s", hdev->name);
6d80dfd0 1179
bdb6d971
JH		 1180 if (!enable_hs)
1181 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1182 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1183
1184 if (cp->val)
1185 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1186 else
1187 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1188
bdb6d971 1189 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1190}
1191
bdb6d971 1192static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1193{
1194 struct mgmt_mode *cp = data;
1195 struct hci_cp_write_le_host_supported hci_cp;
1196 struct pending_cmd *cmd;
06199cf8 1197 int err;
0b60eba1 1198 u8 val, enabled;
06199cf8 1199
bdb6d971 1200 BT_DBG("request for %s", hdev->name);
06199cf8 1201
1de028ce
JH		 1202 hci_dev_lock(hdev);
1203
06199cf8 1204 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1205 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1206 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1207 goto unlock;
06199cf8
JH		 1208 }
1209
1210 val = !!cp->val;
0b60eba1 1211 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1212
0b60eba1 1213 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1214 bool changed = false;
1215
1216 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1217 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1218 changed = true;
1219 }
1220
1221 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1222 if (err < 0)
1de028ce 1223 goto unlock;
06199cf8
JH		 1224
1225 if (changed)
1226 err = new_settings(hdev, sk);
1227
1de028ce 1228 goto unlock;
06199cf8
JH		 1229 }
1230
1231 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1232 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1233 MGMT_STATUS_BUSY);
1de028ce 1234 goto unlock;
06199cf8
JH		 1235 }
1236
1237 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1238 if (!cmd) {
1239 err = -ENOMEM;
1de028ce 1240 goto unlock;
06199cf8
JH		 1241 }
1242
1243 memset(&hci_cp, 0, sizeof(hci_cp));
1244
1245 if (val) {
1246 hci_cp.le = val;
1247 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1248 }
1249
04124681
GP		 1250 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1251 &hci_cp);
06199cf8
JH		 1252 if (err < 0) {
1253 mgmt_pending_remove(cmd);
1de028ce 1254 goto unlock;
06199cf8
JH		 1255 }
1256
1de028ce
JH		 1257unlock:
1258 hci_dev_unlock(hdev);
06199cf8
JH		 1259 return err;
1260}
1261
bdb6d971 1262static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1263{
650f726d 1264 struct mgmt_cp_add_uuid *cp = data;
90e70454 1265 struct pending_cmd *cmd;
2aeb9a1a 1266 struct bt_uuid *uuid;
2aeb9a1a
JH		 1267 int err;
1268
bdb6d971 1269 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1270
09fd0de5 1271 hci_dev_lock(hdev);
2aeb9a1a 1272
c95f0ba7 1273 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1274 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1275 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1276 goto failed;
1277 }
1278
2aeb9a1a
JH		 1279 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1280 if (!uuid) {
1281 err = -ENOMEM;
1282 goto failed;
1283 }
1284
1285 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1286 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1287
1288 list_add(&uuid->list, &hdev->uuids);
1289
1aff6f09
JH		 1290 err = update_class(hdev);
1291 if (err < 0)
1292 goto failed;
1293
80a1e1db
JH		 1294 err = update_eir(hdev);
1295 if (err < 0)
1296 goto failed;
1297
90e70454 1298 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1299 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1300 hdev->dev_class, 3);
90e70454
JH		 1301 goto failed;
1302 }
1303
1304 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1305 if (!cmd) {
1306 err = -ENOMEM;
1307 goto failed;
1308 }
2aeb9a1a
JH		 1309
1310failed:
09fd0de5 1311 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1312 return err;
1313}
1314
24b78d0f
JH		 1315static bool enable_service_cache(struct hci_dev *hdev)
1316{
1317 if (!hdev_is_powered(hdev))
1318 return false;
1319
1320 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1321 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1322 return true;
1323 }
1324
1325 return false;
1326}
1327
bdb6d971
JH		 1328static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1329 u16 len)
2aeb9a1a 1330{
650f726d 1331 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1332 struct pending_cmd *cmd;
2aeb9a1a 1333 struct list_head *p, *n;
2aeb9a1a 1334 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1335 int err, found;
1336
bdb6d971 1337 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1338
09fd0de5 1339 hci_dev_lock(hdev);
2aeb9a1a 1340
c95f0ba7 1341 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1342 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1343 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1344 goto unlock;
1345 }
1346
2aeb9a1a
JH		 1347 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1348 err = hci_uuids_clear(hdev);
4004b6d9 1349
24b78d0f 1350 if (enable_service_cache(hdev)) {
bdb6d971 1351 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1352 0, hdev->dev_class, 3);
24b78d0f
JH		 1353 goto unlock;
1354 }
4004b6d9 1355
9246a869 1356 goto update_class;
2aeb9a1a
JH		 1357 }
1358
1359 found = 0;
1360
1361 list_for_each_safe(p, n, &hdev->uuids) {
1362 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1363
1364 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1365 continue;
1366
1367 list_del(&match->list);
1368 found++;
1369 }
1370
1371 if (found == 0) {
bdb6d971 1372 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1373 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1374 goto unlock;
1375 }
1376
9246a869 1377update_class:
1aff6f09
JH		 1378 err = update_class(hdev);
1379 if (err < 0)
1380 goto unlock;
1381
80a1e1db
JH		 1382 err = update_eir(hdev);
1383 if (err < 0)
1384 goto unlock;
1385
90e70454 1386 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1387 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1388 hdev->dev_class, 3);
90e70454
JH		 1389 goto unlock;
1390 }
1391
1392 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1393 if (!cmd) {
1394 err = -ENOMEM;
1395 goto unlock;
1396 }
2aeb9a1a
JH		 1397
1398unlock:
09fd0de5 1399 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1400 return err;
1401}
1402
bdb6d971 1403static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1404 u16 len)
1aff6f09 1405{
650f726d 1406 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1407 struct pending_cmd *cmd;
1aff6f09
JH		 1408 int err;
1409
bdb6d971 1410 BT_DBG("request for %s", hdev->name);
1aff6f09 1411
09fd0de5 1412 hci_dev_lock(hdev);
1aff6f09 1413
c95f0ba7 1414 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1415 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1416 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1417 goto unlock;
1418 }
1419
932f5ff5
JH		 1420 hdev->major_class = cp->major;
1421 hdev->minor_class = cp->minor;
1422
b5235a65 1423 if (!hdev_is_powered(hdev)) {
bdb6d971 1424 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1425 hdev->dev_class, 3);
b5235a65
JH		 1426 goto unlock;
1427 }
1428
a8b2d5c2 1429 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1430 hci_dev_unlock(hdev);
1431 cancel_delayed_work_sync(&hdev->service_cache);
1432 hci_dev_lock(hdev);
14c0b608 1433 update_eir(hdev);
7d78525d 1434 }
14c0b608 1435
1aff6f09 1436 err = update_class(hdev);
90e70454
JH		 1437 if (err < 0)
1438 goto unlock;
1aff6f09 1439
90e70454 1440 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1441 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1442 hdev->dev_class, 3);
90e70454
JH		 1443 goto unlock;
1444 }
1445
1446 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1447 if (!cmd) {
1448 err = -ENOMEM;
1449 goto unlock;
1450 }
1aff6f09 1451
b5235a65 1452unlock:
09fd0de5 1453 hci_dev_unlock(hdev);
1aff6f09
JH		 1454 return err;
1455}
1456
bdb6d971
JH		 1457static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1458 u16 len)
55ed8ca1 1459{
650f726d 1460 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1461 u16 key_count, expected_len;
a492cd52 1462 int i;
55ed8ca1 1463
55ed8ca1
JH		 1464 key_count = get_unaligned_le16(&cp->key_count);
1465
86742e1e
JH		 1466 expected_len = sizeof(*cp) + key_count *
1467 sizeof(struct mgmt_link_key_info);
a492cd52 1468 if (expected_len != len) {
86742e1e 1469 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1470 len, expected_len);
bdb6d971 1471 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1472 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1473 }
1474
bdb6d971 1475 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1476 key_count);
1477
09fd0de5 1478 hci_dev_lock(hdev);
55ed8ca1
JH		 1479
1480 hci_link_keys_clear(hdev);
1481
a8b2d5c2 1482 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1483
1484 if (cp->debug_keys)
a8b2d5c2 1485 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1486 else
a8b2d5c2 1487 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1488
a492cd52 1489 for (i = 0; i < key_count; i++) {
86742e1e 1490 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1491
d753fdc4 1492 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1493 key->type, key->pin_len);
55ed8ca1
JH		 1494 }
1495
bdb6d971 1496 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1497
09fd0de5 1498 hci_dev_unlock(hdev);
55ed8ca1 1499
a492cd52 1500 return 0;
55ed8ca1
JH		 1501}
1502
b1078ad0 1503static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1504 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1505{
1506 struct mgmt_ev_device_unpaired ev;
1507
1508 bacpy(&ev.addr.bdaddr, bdaddr);
1509 ev.addr.type = addr_type;
1510
1511 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1512 skip_sk);
b1078ad0
JH		 1513}
1514
bdb6d971 1515static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1516 u16 len)
55ed8ca1 1517{
124f6e35
JH		 1518 struct mgmt_cp_unpair_device *cp = data;
1519 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1520 struct hci_cp_disconnect dc;
1521 struct pending_cmd *cmd;
55ed8ca1 1522 struct hci_conn *conn;
55ed8ca1
JH		 1523 int err;
1524
09fd0de5 1525 hci_dev_lock(hdev);
55ed8ca1 1526
a8a1d19e 1527 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1528 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1529 rp.addr.type = cp->addr.type;
a8a1d19e 1530
86a8cfc6 1531 if (!hdev_is_powered(hdev)) {
bdb6d971 1532 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1533 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1534 goto unlock;
1535 }
1536
124f6e35
JH		 1537 if (cp->addr.type == MGMT_ADDR_BREDR)
1538 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1539 else
1540 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1541
55ed8ca1 1542 if (err < 0) {
bdb6d971 1543 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1544 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1545 goto unlock;
1546 }
1547
86a8cfc6
JH		 1548 if (cp->disconnect) {
1549 if (cp->addr.type == MGMT_ADDR_BREDR)
1550 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1551 &cp->addr.bdaddr);
86a8cfc6
JH		 1552 else
1553 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1554 &cp->addr.bdaddr);
86a8cfc6
JH		 1555 } else {
1556 conn = NULL;
1557 }
124f6e35 1558
a8a1d19e 1559 if (!conn) {
bdb6d971 1560 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1561 &rp, sizeof(rp));
b1078ad0 1562 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1563 goto unlock;
1564 }
55ed8ca1 1565
124f6e35 1566 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1567 sizeof(*cp));
a8a1d19e
JH		 1568 if (!cmd) {
1569 err = -ENOMEM;
1570 goto unlock;
55ed8ca1
JH		 1571 }
1572
a8a1d19e
JH		 1573 put_unaligned_le16(conn->handle, &dc.handle);
1574 dc.reason = 0x13; /* Remote User Terminated Connection */
1575 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1576 if (err < 0)
1577 mgmt_pending_remove(cmd);
1578
55ed8ca1 1579unlock:
09fd0de5 1580 hci_dev_unlock(hdev);
55ed8ca1
JH		 1581 return err;
1582}
1583
bdb6d971 1584static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1585 u16 len)
8962ee74 1586{
650f726d 1587 struct mgmt_cp_disconnect *cp = data;
8962ee74 1588 struct hci_cp_disconnect dc;
366a0336 1589 struct pending_cmd *cmd;
8962ee74 1590 struct hci_conn *conn;
8962ee74
JH		 1591 int err;
1592
1593 BT_DBG("");
1594
09fd0de5 1595 hci_dev_lock(hdev);
8962ee74
JH		 1596
1597 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1598 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1599 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1600 goto failed;
1601 }
1602
2e58ef3e 1603 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1604 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1605 MGMT_STATUS_BUSY);
8962ee74
JH		 1606 goto failed;
1607 }
1608
88c3df13
JH		 1609 if (cp->addr.type == MGMT_ADDR_BREDR)
1610 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1611 else
1612 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1613
8962ee74 1614 if (!conn) {
bdb6d971 1615 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1616 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1617 goto failed;
1618 }
1619
2e58ef3e 1620 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1621 if (!cmd) {
1622 err = -ENOMEM;
8962ee74 1623 goto failed;
366a0336 1624 }
8962ee74
JH		 1625
1626 put_unaligned_le16(conn->handle, &dc.handle);
1627 dc.reason = 0x13; /* Remote User Terminated Connection */
1628
1629 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1630 if (err < 0)
a664b5bc 1631 mgmt_pending_remove(cmd);
8962ee74
JH		 1632
1633failed:
09fd0de5 1634 hci_dev_unlock(hdev);
8962ee74
JH		 1635 return err;
1636}
1637
48264f06 1638static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1639{
1640 switch (link_type) {
1641 case LE_LINK:
48264f06
JH		 1642 switch (addr_type) {
1643 case ADDR_LE_DEV_PUBLIC:
1644 return MGMT_ADDR_LE_PUBLIC;
1645 case ADDR_LE_DEV_RANDOM:
1646 return MGMT_ADDR_LE_RANDOM;
1647 default:
1648 return MGMT_ADDR_INVALID;
1649 }
4c659c39
JH		 1650 case ACL_LINK:
1651 return MGMT_ADDR_BREDR;
1652 default:
1653 return MGMT_ADDR_INVALID;
1654 }
1655}
1656
04124681
GP		 1657static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1658 u16 data_len)
2784eb41 1659{
2784eb41 1660 struct mgmt_rp_get_connections *rp;
8035ded4 1661 struct hci_conn *c;
a38528f1 1662 size_t rp_len;
60fc5fb6
JH		 1663 int err;
1664 u16 i;
2784eb41
JH		 1665
1666 BT_DBG("");
1667
09fd0de5 1668 hci_dev_lock(hdev);
2784eb41 1669
5f97c1df 1670 if (!hdev_is_powered(hdev)) {
bdb6d971 1671 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1672 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1673 goto unlock;
1674 }
1675
60fc5fb6 1676 i = 0;
b644ba33
JH		 1677 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1678 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1679 i++;
2784eb41
JH		 1680 }
1681
60fc5fb6 1682 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1683 rp = kmalloc(rp_len, GFP_ATOMIC);
1684 if (!rp) {
2784eb41
JH		 1685 err = -ENOMEM;
1686 goto unlock;
1687 }
1688
2784eb41 1689 i = 0;
4c659c39 1690 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1691 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1692 continue;
4c659c39 1693 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1694 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1695 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1696 continue;
1697 i++;
1698 }
1699
60fc5fb6
JH		 1700 put_unaligned_le16(i, &rp->conn_count);
1701
4c659c39
JH		 1702 /* Recalculate length in case of filtered SCO connections, etc */
1703 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1704
bdb6d971 1705 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1706 rp_len);
2784eb41 1707
a38528f1 1708 kfree(rp);
5f97c1df
JH		 1709
1710unlock:
09fd0de5 1711 hci_dev_unlock(hdev);
2784eb41
JH		 1712 return err;
1713}
1714
bdb6d971 1715static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1716 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1717{
1718 struct pending_cmd *cmd;
1719 int err;
1720
2e58ef3e 1721 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1722 sizeof(*cp));
96d97a67
WR		 1723 if (!cmd)
1724 return -ENOMEM;
1725
d8457698 1726 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1727 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1728 if (err < 0)
1729 mgmt_pending_remove(cmd);
1730
1731 return err;
1732}
1733
bdb6d971 1734static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1735 u16 len)
980e1a53 1736{
96d97a67 1737 struct hci_conn *conn;
650f726d 1738 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1739 struct hci_cp_pin_code_reply reply;
366a0336 1740 struct pending_cmd *cmd;
980e1a53
JH		 1741 int err;
1742
1743 BT_DBG("");
1744
09fd0de5 1745 hci_dev_lock(hdev);
980e1a53 1746
4b34ee78 1747 if (!hdev_is_powered(hdev)) {
bdb6d971 1748 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1749 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1750 goto failed;
1751 }
1752
d8457698 1753 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1754 if (!conn) {
bdb6d971 1755 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1756 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1757 goto failed;
1758 }
1759
1760 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1761 struct mgmt_cp_pin_code_neg_reply ncp;
1762
1763 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1764
1765 BT_ERR("PIN code is not 16 bytes long");
1766
bdb6d971 1767 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1768 if (err >= 0)
bdb6d971 1769 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1770 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1771
1772 goto failed;
1773 }
1774
00abfe44 1775 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1776 if (!cmd) {
1777 err = -ENOMEM;
980e1a53 1778 goto failed;
366a0336 1779 }
980e1a53 1780
d8457698 1781 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1782 reply.pin_len = cp->pin_len;
24718ca5 1783 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1784
1785 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1786 if (err < 0)
a664b5bc 1787 mgmt_pending_remove(cmd);
980e1a53
JH		 1788
1789failed:
09fd0de5 1790 hci_dev_unlock(hdev);
980e1a53
JH		 1791 return err;
1792}
1793
bdb6d971 1794static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1795 void *data, u16 len)
980e1a53 1796{
650f726d 1797 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1798 int err;
1799
1800 BT_DBG("");
1801
09fd0de5 1802 hci_dev_lock(hdev);
980e1a53 1803
4b34ee78 1804 if (!hdev_is_powered(hdev)) {
bdb6d971 1805 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 1806 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1807 goto failed;
1808 }
1809
bdb6d971 1810 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1811
1812failed:
09fd0de5 1813 hci_dev_unlock(hdev);
980e1a53
JH		 1814 return err;
1815}
1816
04124681
GP		 1817static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1818 u16 len)
17fa4b9d 1819{
650f726d 1820 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1821
1822 BT_DBG("");
1823
09fd0de5 1824 hci_dev_lock(hdev);
17fa4b9d
JH		 1825
1826 hdev->io_capability = cp->io_capability;
1827
1828 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1829 hdev->io_capability);
17fa4b9d 1830
09fd0de5 1831 hci_dev_unlock(hdev);
17fa4b9d 1832
04124681
GP		 1833 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1834 0);
17fa4b9d
JH		 1835}
1836
e9a416b5
JH		 1837static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1838{
1839 struct hci_dev *hdev = conn->hdev;
8035ded4 1840 struct pending_cmd *cmd;
e9a416b5 1841
2e58ef3e 1842 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1843 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1844 continue;
1845
e9a416b5
JH		 1846 if (cmd->user_data != conn)
1847 continue;
1848
1849 return cmd;
1850 }
1851
1852 return NULL;
1853}
1854
1855static void pairing_complete(struct pending_cmd *cmd, u8 status)
1856{
1857 struct mgmt_rp_pair_device rp;
1858 struct hci_conn *conn = cmd->user_data;
1859
ba4e564f
JH		 1860 bacpy(&rp.addr.bdaddr, &conn->dst);
1861 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1862
aee9b218 1863 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1864 &rp, sizeof(rp));
e9a416b5
JH		 1865
1866 /* So we don't get further callbacks for this connection */
1867 conn->connect_cfm_cb = NULL;
1868 conn->security_cfm_cb = NULL;
1869 conn->disconn_cfm_cb = NULL;
1870
1871 hci_conn_put(conn);
1872
a664b5bc 1873 mgmt_pending_remove(cmd);
e9a416b5
JH		 1874}
1875
1876static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1877{
1878 struct pending_cmd *cmd;
1879
1880 BT_DBG("status %u", status);
1881
1882 cmd = find_pairing(conn);
56e5cb86 1883 if (!cmd)
e9a416b5 1884 BT_DBG("Unable to find a pending command");
56e5cb86 1885 else
e211326c 1886 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1887}
1888
bdb6d971 1889static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1890 u16 len)
e9a416b5 1891{
650f726d 1892 struct mgmt_cp_pair_device *cp = data;
1425acb7 1893 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1894 struct pending_cmd *cmd;
1895 u8 sec_level, auth_type;
1896 struct hci_conn *conn;
e9a416b5
JH		 1897 int err;
1898
1899 BT_DBG("");
1900
09fd0de5 1901 hci_dev_lock(hdev);
e9a416b5 1902
5f97c1df 1903 if (!hdev_is_powered(hdev)) {
bdb6d971 1904 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1905 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1906 goto unlock;
1907 }
1908
c908df36
VCG		 1909 sec_level = BT_SECURITY_MEDIUM;
1910 if (cp->io_cap == 0x03)
e9a416b5 1911 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1912 else
e9a416b5 1913 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1914
ba4e564f
JH		 1915 if (cp->addr.type == MGMT_ADDR_BREDR)
1916 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
04124681 1917 auth_type);
7a512d01 1918 else
ba4e564f 1919 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
04124681 1920 auth_type);
7a512d01 1921
1425acb7
JH		 1922 memset(&rp, 0, sizeof(rp));
1923 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1924 rp.addr.type = cp->addr.type;
1925
30e76272 1926 if (IS_ERR(conn)) {
bdb6d971 1927 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681
GP		 1928 MGMT_STATUS_CONNECT_FAILED, &rp,
1929 sizeof(rp));
e9a416b5
JH		 1930 goto unlock;
1931 }
1932
1933 if (conn->connect_cfm_cb) {
1934 hci_conn_put(conn);
bdb6d971 1935 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1936 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1937 goto unlock;
1938 }
1939
2e58ef3e 1940 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1941 if (!cmd) {
1942 err = -ENOMEM;
1943 hci_conn_put(conn);
1944 goto unlock;
1945 }
1946
7a512d01 1947 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1948 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1949 conn->connect_cfm_cb = pairing_complete_cb;
1950
e9a416b5
JH		 1951 conn->security_cfm_cb = pairing_complete_cb;
1952 conn->disconn_cfm_cb = pairing_complete_cb;
1953 conn->io_capability = cp->io_cap;
1954 cmd->user_data = conn;
1955
1956 if (conn->state == BT_CONNECTED &&
1957 hci_conn_security(conn, sec_level, auth_type))
1958 pairing_complete(cmd, 0);
1959
1960 err = 0;
1961
1962unlock:
09fd0de5 1963 hci_dev_unlock(hdev);
e9a416b5
JH		 1964 return err;
1965}
1966
04124681
GP		 1967static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1968 u16 len)
28424707 1969{
0f4e68cf 1970 struct mgmt_addr_info *addr = data;
28424707
JH		 1971 struct pending_cmd *cmd;
1972 struct hci_conn *conn;
1973 int err;
1974
1975 BT_DBG("");
1976
28424707
JH		 1977 hci_dev_lock(hdev);
1978
5f97c1df 1979 if (!hdev_is_powered(hdev)) {
bdb6d971 1980 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1981 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1982 goto unlock;
1983 }
1984
28424707
JH		 1985 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1986 if (!cmd) {
bdb6d971 1987 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1988 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1989 goto unlock;
1990 }
1991
1992 conn = cmd->user_data;
1993
1994 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1995 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1996 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1997 goto unlock;
1998 }
1999
2000 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2001
bdb6d971 2002 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2003 addr, sizeof(*addr));
28424707
JH		 2004unlock:
2005 hci_dev_unlock(hdev);
28424707
JH		 2006 return err;
2007}
2008
bdb6d971 2009static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2010 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2011 u16 hci_op, __le32 passkey)
a5c29683 2012{
a5c29683 2013 struct pending_cmd *cmd;
0df4c185 2014 struct hci_conn *conn;
a5c29683
JH		 2015 int err;
2016
09fd0de5 2017 hci_dev_lock(hdev);
08ba5382 2018
4b34ee78 2019 if (!hdev_is_powered(hdev)) {
bdb6d971 2020 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2021 MGMT_STATUS_NOT_POWERED);
0df4c185 2022 goto done;
a5c29683
JH		 2023 }
2024
272d90df
JH		 2025 if (type == MGMT_ADDR_BREDR)
2026 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2027 else
47c15e2b 2028 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2029
2030 if (!conn) {
bdb6d971 2031 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2032 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2033 goto done;
2034 }
47c15e2b 2035
272d90df 2036 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2037 /* Continue with pairing via SMP */
5fe57d9e
BG		 2038 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2039
2040 if (!err)
bdb6d971 2041 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2042 MGMT_STATUS_SUCCESS);
5fe57d9e 2043 else
bdb6d971 2044 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2045 MGMT_STATUS_FAILED);
47c15e2b 2046
47c15e2b
BG		 2047 goto done;
2048 }
2049
0df4c185 2050 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2051 if (!cmd) {
2052 err = -ENOMEM;
0df4c185 2053 goto done;
a5c29683
JH		 2054 }
2055
0df4c185 2056 /* Continue with pairing via HCI */
604086b7
BG		 2057 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2058 struct hci_cp_user_passkey_reply cp;
2059
2060 bacpy(&cp.bdaddr, bdaddr);
2061 cp.passkey = passkey;
2062 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2063 } else
2064 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2065
a664b5bc
JH		 2066 if (err < 0)
2067 mgmt_pending_remove(cmd);
a5c29683 2068
0df4c185 2069done:
09fd0de5 2070 hci_dev_unlock(hdev);
a5c29683
JH		 2071 return err;
2072}
2073
04124681
GP		 2074static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2075 u16 len)
0df4c185 2076{
650f726d 2077 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2078
2079 BT_DBG("");
2080
2081 if (len != sizeof(*cp))
bdb6d971 2082 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2083 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2084
bdb6d971 2085 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2086 MGMT_OP_USER_CONFIRM_REPLY,
2087 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2088}
2089
bdb6d971 2090static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2091 void *data, u16 len)
0df4c185 2092{
c9c2659f 2093 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2094
2095 BT_DBG("");
2096
bdb6d971 2097 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2098 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2099 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2100}
2101
04124681
GP		 2102static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2103 u16 len)
604086b7 2104{
650f726d 2105 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2106
2107 BT_DBG("");
2108
bdb6d971 2109 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2110 MGMT_OP_USER_PASSKEY_REPLY,
2111 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2112}
2113
bdb6d971 2114static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2115 void *data, u16 len)
604086b7 2116{
650f726d 2117 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2118
2119 BT_DBG("");
2120
bdb6d971 2121 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2122 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2123 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2124}
2125
2b4bf397
JH		 2126static int update_name(struct hci_dev *hdev, const char *name)
2127{
2128 struct hci_cp_write_local_name cp;
2129
2130 memcpy(cp.name, name, sizeof(cp.name));
2131
2132 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2133}
2134
bdb6d971 2135static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2136 u16 len)
b312b161 2137{
2b4bf397 2138 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2139 struct pending_cmd *cmd;
2140 int err;
2141
2142 BT_DBG("");
2143
09fd0de5 2144 hci_dev_lock(hdev);
b312b161 2145
2b4bf397 2146 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2147
b5235a65 2148 if (!hdev_is_powered(hdev)) {
2b4bf397 2149 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2150
2151 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2152 data, len);
28cc7bde
JH		 2153 if (err < 0)
2154 goto failed;
2155
2156 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2157 sk);
28cc7bde 2158
b5235a65
JH		 2159 goto failed;
2160 }
2161
28cc7bde 2162 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2163 if (!cmd) {
2164 err = -ENOMEM;
2165 goto failed;
2166 }
2167
2b4bf397 2168 err = update_name(hdev, cp->name);
b312b161
JH		 2169 if (err < 0)
2170 mgmt_pending_remove(cmd);
2171
2172failed:
09fd0de5 2173 hci_dev_unlock(hdev);
b312b161
JH		 2174 return err;
2175}
2176
0f4e68cf 2177static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2178 void *data, u16 data_len)
c35938b2 2179{
c35938b2
SJ		 2180 struct pending_cmd *cmd;
2181 int err;
2182
bdb6d971 2183 BT_DBG("%s", hdev->name);
c35938b2 2184
09fd0de5 2185 hci_dev_lock(hdev);
c35938b2 2186
4b34ee78 2187 if (!hdev_is_powered(hdev)) {
bdb6d971 2188 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2189 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2190 goto unlock;
2191 }
2192
2193 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2194 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2195 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2196 goto unlock;
2197 }
2198
2e58ef3e 2199 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2200 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2201 MGMT_STATUS_BUSY);
c35938b2
SJ		 2202 goto unlock;
2203 }
2204
2e58ef3e 2205 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2206 if (!cmd) {
2207 err = -ENOMEM;
2208 goto unlock;
2209 }
2210
2211 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2212 if (err < 0)
2213 mgmt_pending_remove(cmd);
2214
2215unlock:
09fd0de5 2216 hci_dev_unlock(hdev);
c35938b2
SJ		 2217 return err;
2218}
2219
bdb6d971 2220static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2221 void *data, u16 len)
2763eda6 2222{
650f726d 2223 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2224 u8 status;
2763eda6
SJ		 2225 int err;
2226
bdb6d971 2227 BT_DBG("%s ", hdev->name);
2763eda6 2228
09fd0de5 2229 hci_dev_lock(hdev);
2763eda6 2230
5f97c1df 2231 if (!hdev_is_powered(hdev)) {
bdb6d971 2232 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2233 MGMT_STATUS_NOT_POWERED, &cp->addr,
2234 sizeof(cp->addr));
5f97c1df
JH		 2235 goto unlock;
2236 }
2237
664ce4cc 2238 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2239 cp->randomizer);
2763eda6 2240 if (err < 0)
bf1e3541 2241 status = MGMT_STATUS_FAILED;
2763eda6 2242 else
bf1e3541
JH		 2243 status = 0;
2244
bdb6d971 2245 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2246 &cp->addr, sizeof(cp->addr));
2763eda6 2247
5f97c1df 2248unlock:
09fd0de5 2249 hci_dev_unlock(hdev);
2763eda6
SJ		 2250 return err;
2251}
2252
bdb6d971 2253static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2254 void *data, u16 len)
2763eda6 2255{
650f726d 2256 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2257 u8 status;
2763eda6
SJ		 2258 int err;
2259
bdb6d971 2260 BT_DBG("%s", hdev->name);
2763eda6 2261
09fd0de5 2262 hci_dev_lock(hdev);
2763eda6 2263
5f97c1df 2264 if (!hdev_is_powered(hdev)) {
bdb6d971 2265 err = cmd_complete(sk, hdev->id,
04124681
GP		 2266 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2267 MGMT_STATUS_NOT_POWERED, &cp->addr,
2268 sizeof(cp->addr));
5f97c1df
JH		 2269 goto unlock;
2270 }
2271
664ce4cc 2272 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2273 if (err < 0)
bf1e3541 2274 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2275 else
bf1e3541
JH		 2276 status = 0;
2277
bdb6d971 2278 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2279 status, &cp->addr, sizeof(cp->addr));
2763eda6 2280
5f97c1df 2281unlock:
09fd0de5 2282 hci_dev_unlock(hdev);
2763eda6
SJ		 2283 return err;
2284}
2285
5e0452c0
AG		 2286int mgmt_interleaved_discovery(struct hci_dev *hdev)
2287{
2288 int err;
2289
2290 BT_DBG("%s", hdev->name);
2291
2292 hci_dev_lock(hdev);
2293
2294 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2295 if (err < 0)
2296 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2297
2298 hci_dev_unlock(hdev);
2299
2300 return err;
2301}
2302
bdb6d971 2303static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2304 void *data, u16 len)
14a53664 2305{
650f726d 2306 struct mgmt_cp_start_discovery *cp = data;
14a53664 2307 struct pending_cmd *cmd;
14a53664
JH		 2308 int err;
2309
bdb6d971 2310 BT_DBG("%s", hdev->name);
14a53664 2311
09fd0de5 2312 hci_dev_lock(hdev);
14a53664 2313
4b34ee78 2314 if (!hdev_is_powered(hdev)) {
bdb6d971 2315 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2316 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2317 goto failed;
2318 }
2319
ff9ef578 2320 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2321 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2322 MGMT_STATUS_BUSY);
ff9ef578
JH		 2323 goto failed;
2324 }
2325
2e58ef3e 2326 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2327 if (!cmd) {
2328 err = -ENOMEM;
2329 goto failed;
2330 }
2331
4aab14e5
AG		 2332 hdev->discovery.type = cp->type;
2333
2334 switch (hdev->discovery.type) {
f39799f5 2335 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2336 if (lmp_bredr_capable(hdev))
2337 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2338 else
2339 err = -ENOTSUPP;
f39799f5
AG		 2340 break;
2341
2342 case DISCOV_TYPE_LE:
8b90129c
AG		 2343 if (lmp_host_le_capable(hdev))
2344 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2345 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2346 else
2347 err = -ENOTSUPP;
f39799f5
AG		 2348 break;
2349
5e0452c0 2350 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2351 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2352 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2353 LE_SCAN_WIN,
2354 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2355 else
2356 err = -ENOTSUPP;
5e0452c0
AG		 2357 break;
2358
f39799f5 2359 default:
3fd24153 2360 err = -EINVAL;
f39799f5 2361 }
3fd24153 2362
14a53664
JH		 2363 if (err < 0)
2364 mgmt_pending_remove(cmd);
ff9ef578
JH		 2365 else
2366 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2367
2368failed:
09fd0de5 2369 hci_dev_unlock(hdev);
14a53664
JH		 2370 return err;
2371}
2372
bdb6d971 2373static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2374 u16 len)
14a53664 2375{
d930650b 2376 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2377 struct pending_cmd *cmd;
30dc78e1
JH		 2378 struct hci_cp_remote_name_req_cancel cp;
2379 struct inquiry_entry *e;
14a53664
JH		 2380 int err;
2381
bdb6d971 2382 BT_DBG("%s", hdev->name);
14a53664 2383
09fd0de5 2384 hci_dev_lock(hdev);
14a53664 2385
30dc78e1 2386 if (!hci_discovery_active(hdev)) {
bdb6d971 2387 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2388 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2389 sizeof(mgmt_cp->type));
d930650b
JH		 2390 goto unlock;
2391 }
2392
2393 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2394 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2395 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2396 sizeof(mgmt_cp->type));
30dc78e1 2397 goto unlock;
ff9ef578
JH		 2398 }
2399
2e58ef3e 2400 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2401 if (!cmd) {
2402 err = -ENOMEM;
30dc78e1
JH		 2403 goto unlock;
2404 }
2405
343f935b 2406 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2407 err = hci_cancel_inquiry(hdev);
2408 if (err < 0)
2409 mgmt_pending_remove(cmd);
2410 else
2411 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2412 goto unlock;
2413 }
2414
2415 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2416 if (!e) {
2417 mgmt_pending_remove(cmd);
bdb6d971 2418 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
04124681 2419 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2420 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2421 goto unlock;
14a53664
JH		 2422 }
2423
30dc78e1 2424 bacpy(&cp.bdaddr, &e->data.bdaddr);
04124681
GP		 2425 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2426 &cp);
14a53664
JH		 2427 if (err < 0)
2428 mgmt_pending_remove(cmd);
ff9ef578
JH		 2429 else
2430 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2431
30dc78e1 2432unlock:
09fd0de5 2433 hci_dev_unlock(hdev);
14a53664
JH		 2434 return err;
2435}
2436
bdb6d971 2437static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2438 u16 len)
561aafbc 2439{
650f726d 2440 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2441 struct inquiry_entry *e;
561aafbc
JH		 2442 int err;
2443
bdb6d971 2444 BT_DBG("%s", hdev->name);
561aafbc 2445
561aafbc
JH		 2446 hci_dev_lock(hdev);
2447
30dc78e1 2448 if (!hci_discovery_active(hdev)) {
bdb6d971 2449 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2450 MGMT_STATUS_FAILED);
30dc78e1
JH		 2451 goto failed;
2452 }
2453
a198e7b1 2454 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2455 if (!e) {
bdb6d971 2456 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2457 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2458 goto failed;
2459 }
2460
2461 if (cp->name_known) {
2462 e->name_state = NAME_KNOWN;
2463 list_del(&e->list);
2464 } else {
2465 e->name_state = NAME_NEEDED;
a3d4e20a 2466 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2467 }
2468
2469 err = 0;
2470
2471failed:
2472 hci_dev_unlock(hdev);
561aafbc
JH		 2473 return err;
2474}
2475
bdb6d971 2476static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2477 u16 len)
7fbec224 2478{
650f726d 2479 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2480 u8 status;
7fbec224
AJ		 2481 int err;
2482
bdb6d971 2483 BT_DBG("%s", hdev->name);
7fbec224 2484
09fd0de5 2485 hci_dev_lock(hdev);
5e762444 2486
88c1fe4b 2487 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2488 if (err < 0)
f0eeea8b 2489 status = MGMT_STATUS_FAILED;
7fbec224 2490 else
f0eeea8b
JH		 2491 status = 0;
2492
bdb6d971 2493 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2494 &cp->addr, sizeof(cp->addr));
5e762444 2495
09fd0de5 2496 hci_dev_unlock(hdev);
7fbec224
AJ		 2497
2498 return err;
2499}
2500
bdb6d971 2501static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2502 u16 len)
7fbec224 2503{
650f726d 2504 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2505 u8 status;
7fbec224
AJ		 2506 int err;
2507
bdb6d971 2508 BT_DBG("%s", hdev->name);
7fbec224 2509
09fd0de5 2510 hci_dev_lock(hdev);
5e762444 2511
88c1fe4b 2512 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2513 if (err < 0)
f0eeea8b 2514 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2515 else
f0eeea8b
JH		 2516 status = 0;
2517
bdb6d971 2518 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2519 &cp->addr, sizeof(cp->addr));
5e762444 2520
09fd0de5 2521 hci_dev_unlock(hdev);
7fbec224
AJ		 2522
2523 return err;
2524}
2525
bdb6d971 2526static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2527 void *data, u16 len)
f6422ec6 2528{
650f726d 2529 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2530 struct hci_cp_write_page_scan_activity acp;
2531 u8 type;
2532 int err;
2533
bdb6d971 2534 BT_DBG("%s", hdev->name);
f6422ec6 2535
5400c044 2536 if (!hdev_is_powered(hdev))
bdb6d971 2537 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2538 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2539
2540 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2541 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2542 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2543
2544 hci_dev_lock(hdev);
2545
f7c6869c 2546 if (cp->val) {
f6422ec6 2547 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8
AE		 2548
2549 /* 22.5 msec page scan interval */
2550 acp.interval = __constant_cpu_to_le16(0x0024);
f6422ec6
AJ		 2551 } else {
2552 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2553
2554 /* default 1.28 sec page scan */
2555 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2556 }
2557
76ec9de8
AE		 2558 /* default 11.25 msec page scan window */
2559 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2560
04124681
GP		 2561 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2562 &acp);
f6422ec6 2563 if (err < 0) {
bdb6d971 2564 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2565 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2566 goto done;
2567 }
2568
2569 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2570 if (err < 0) {
bdb6d971 2571 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2572 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2573 goto done;
2574 }
2575
bdb6d971 2576 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2577 NULL, 0);
f6422ec6
AJ		 2578done:
2579 hci_dev_unlock(hdev);
f6422ec6
AJ		 2580 return err;
2581}
2582
bdb6d971 2583static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2584 void *cp_data, u16 len)
346af67b 2585{
346af67b
VCG		 2586 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2587 u16 key_count, expected_len;
2588 int i;
2589
346af67b
VCG		 2590 key_count = get_unaligned_le16(&cp->key_count);
2591
2592 expected_len = sizeof(*cp) + key_count *
2593 sizeof(struct mgmt_ltk_info);
2594 if (expected_len != len) {
2595 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2596 len, expected_len);
bdb6d971 2597 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2598 EINVAL);
346af67b
VCG		 2599 }
2600
bdb6d971 2601 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2602
2603 hci_dev_lock(hdev);
2604
2605 hci_smp_ltks_clear(hdev);
2606
2607 for (i = 0; i < key_count; i++) {
2608 struct mgmt_ltk_info *key = &cp->keys[i];
2609 u8 type;
2610
2611 if (key->master)
2612 type = HCI_SMP_LTK;
2613 else
2614 type = HCI_SMP_LTK_SLAVE;
2615
2616 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
04124681
GP		 2617 type, 0, key->authenticated, key->val,
2618 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2619 }
2620
2621 hci_dev_unlock(hdev);
346af67b
VCG		 2622
2623 return 0;
2624}
2625
0f4e68cf 2626struct mgmt_handler {
04124681
GP		 2627 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2628 u16 data_len);
be22b54e
JH		 2629 bool var_len;
2630 size_t data_len;
0f4e68cf
JH		 2631} mgmt_handlers[] = {
2632 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2633 { read_version, false, MGMT_READ_VERSION_SIZE },
2634 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2635 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2636 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2637 { set_powered, false, MGMT_SETTING_SIZE },
2638 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2639 { set_connectable, false, MGMT_SETTING_SIZE },
2640 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2641 { set_pairable, false, MGMT_SETTING_SIZE },
2642 { set_link_security, false, MGMT_SETTING_SIZE },
2643 { set_ssp, false, MGMT_SETTING_SIZE },
2644 { set_hs, false, MGMT_SETTING_SIZE },
2645 { set_le, false, MGMT_SETTING_SIZE },
2646 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2647 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2648 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2649 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2650 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2651 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2652 { disconnect, false, MGMT_DISCONNECT_SIZE },
2653 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2654 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2655 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2656 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2657 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2658 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2659 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2660 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2661 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2662 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2663 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2664 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2665 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2666 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2667 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2668 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2669 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2670 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2671 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
0f4e68cf
JH		 2672};
2673
2674
0381101f
JH		 2675int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2676{
650f726d
VCG		 2677 void *buf;
2678 u8 *cp;
0381101f 2679 struct mgmt_hdr *hdr;
4e51eae9 2680 u16 opcode, index, len;
bdb6d971 2681 struct hci_dev *hdev = NULL;
be22b54e 2682 struct mgmt_handler *handler;
0381101f
JH		 2683 int err;
2684
2685 BT_DBG("got %zu bytes", msglen);
2686
2687 if (msglen < sizeof(*hdr))
2688 return -EINVAL;
2689
e63a15ec 2690 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2691 if (!buf)
2692 return -ENOMEM;
2693
2694 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2695 err = -EFAULT;
2696 goto done;
2697 }
2698
650f726d 2699 hdr = buf;
0381101f 2700 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2701 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2702 len = get_unaligned_le16(&hdr->len);
2703
2704 if (len != msglen - sizeof(*hdr)) {
2705 err = -EINVAL;
2706 goto done;
2707 }
2708
0f4e68cf 2709 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2710 hdev = hci_dev_get(index);
2711 if (!hdev) {
2712 err = cmd_status(sk, index, opcode,
04124681 2713 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2714 goto done;
2715 }
2716 }
2717
0f4e68cf
JH		 2718 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2719 mgmt_handlers[opcode].func == NULL) {
0381101f 2720 BT_DBG("Unknown op %u", opcode);
ca69b795 2721 err = cmd_status(sk, index, opcode,
04124681 2722 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2723 goto done;
2724 }
2725
2726 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2727 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2728 err = cmd_status(sk, index, opcode,
04124681 2729 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2730 goto done;
0381101f
JH		 2731 }
2732
be22b54e
JH		 2733 handler = &mgmt_handlers[opcode];
2734
2735 if ((handler->var_len && len < handler->data_len) ||
2736 (!handler->var_len && len != handler->data_len)) {
2737 err = cmd_status(sk, index, opcode,
04124681 2738 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2739 goto done;
2740 }
2741
0f4e68cf
JH		 2742 if (hdev)
2743 mgmt_init_hdev(sk, hdev);
2744
2745 cp = buf + sizeof(*hdr);
2746
be22b54e 2747 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2748 if (err < 0)
2749 goto done;
2750
0381101f
JH		 2751 err = msglen;
2752
2753done:
bdb6d971
JH		 2754 if (hdev)
2755 hci_dev_put(hdev);
2756
0381101f
JH		 2757 kfree(buf);
2758 return err;
2759}
c71e97bf 2760
b24752fe
JH		 2761static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2762{
2763 u8 *status = data;
2764
2765 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2766 mgmt_pending_remove(cmd);
2767}
2768
744cf19e 2769int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2770{
744cf19e 2771 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2772}
2773
744cf19e 2774int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2775{
5f159032 2776 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2777
744cf19e 2778 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2779
744cf19e 2780 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2781}
2782
73f22f62 2783struct cmd_lookup {
eec8d2bc 2784 struct sock *sk;
69ab39ea 2785 struct hci_dev *hdev;
90e70454 2786 u8 mgmt_status;
eec8d2bc
JH		 2787};
2788
69ab39ea 2789static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2790{
73f22f62 2791 struct cmd_lookup *match = data;
eec8d2bc 2792
69ab39ea 2793 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2794
2795 list_del(&cmd->list);
2796
2797 if (match->sk == NULL) {
2798 match->sk = cmd->sk;
2799 sock_hold(match->sk);
2800 }
2801
2802 mgmt_pending_free(cmd);
c71e97bf 2803}
5add6af8 2804
744cf19e 2805int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2806{
76a7f3a4 2807 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2808 int err;
5add6af8 2809
5e5282bb
JH		 2810 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2811 return 0;
2812
69ab39ea 2813 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2814
5e5282bb
JH		 2815 if (powered) {
2816 u8 scan = 0;
2817
2818 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2819 scan |= SCAN_PAGE;
2820 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2821 scan |= SCAN_INQUIRY;
2822
2823 if (scan)
2824 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2825
2826 update_class(hdev);
2b4bf397 2827 update_name(hdev, hdev->dev_name);
504c8dcd 2828 update_eir(hdev);
5e5282bb 2829 } else {
d4f68526 2830 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2831 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2832 }
2833
beadb2bd 2834 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2835
2836 if (match.sk)
2837 sock_put(match.sk);
2838
7bb895d6 2839 return err;
5add6af8 2840}
73f22f62 2841
744cf19e 2842int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2843{
76a7f3a4 2844 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2845 bool changed = false;
2846 int err = 0;
73f22f62 2847
5e5282bb
JH		 2848 if (discoverable) {
2849 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2850 changed = true;
2851 } else {
2852 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2853 changed = true;
2854 }
73f22f62 2855
ed9b5f2f 2856 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2857 &match);
ed9b5f2f 2858
beadb2bd
JH		 2859 if (changed)
2860 err = new_settings(hdev, match.sk);
5e5282bb 2861
73f22f62
JH		 2862 if (match.sk)
2863 sock_put(match.sk);
2864
7bb895d6 2865 return err;
73f22f62 2866}
9fbcbb45 2867
744cf19e 2868int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2869{
76a7f3a4 2870 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2871 bool changed = false;
2872 int err = 0;
9fbcbb45 2873
5e5282bb
JH		 2874 if (connectable) {
2875 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2876 changed = true;
2877 } else {
2878 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2879 changed = true;
2880 }
9fbcbb45 2881
ed9b5f2f 2882 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2883 &match);
ed9b5f2f 2884
beadb2bd
JH		 2885 if (changed)
2886 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2887
2888 if (match.sk)
2889 sock_put(match.sk);
2890
7bb895d6 2891 return err;
9fbcbb45 2892}
55ed8ca1 2893
744cf19e 2894int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2895{
ca69b795
JH		 2896 u8 mgmt_err = mgmt_status(status);
2897
2d7cee58 2898 if (scan & SCAN_PAGE)
744cf19e 2899 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2900 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2901
2902 if (scan & SCAN_INQUIRY)
744cf19e 2903 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2904 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2905
2906 return 0;
2907}
2908
745c0ce3 2909int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
55ed8ca1 2910{
86742e1e 2911 struct mgmt_ev_new_link_key ev;
55ed8ca1 2912
a492cd52 2913 memset(&ev, 0, sizeof(ev));
55ed8ca1 2914
a492cd52 2915 ev.store_hint = persistent;
d753fdc4
JH		 2916 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2917 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2918 ev.key.type = key->type;
2919 memcpy(ev.key.val, key->val, 16);
2920 ev.key.pin_len = key->pin_len;
55ed8ca1 2921
744cf19e 2922 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2923}
f7520543 2924
346af67b
VCG		 2925int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2926{
2927 struct mgmt_ev_new_long_term_key ev;
2928
2929 memset(&ev, 0, sizeof(ev));
2930
2931 ev.store_hint = persistent;
2932 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2933 ev.key.addr.type = key->bdaddr_type;
2934 ev.key.authenticated = key->authenticated;
2935 ev.key.enc_size = key->enc_size;
2936 ev.key.ediv = key->ediv;
2937
2938 if (key->type == HCI_SMP_LTK)
2939 ev.key.master = 1;
2940
2941 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2942 memcpy(ev.key.val, key->val, sizeof(key->val));
2943
04124681
GP		 2944 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2945 NULL);
346af67b
VCG		 2946}
2947
afc747a6 2948int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 2949 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2950 u8 *dev_class)
f7520543 2951{
b644ba33
JH		 2952 char buf[512];
2953 struct mgmt_ev_device_connected *ev = (void *) buf;
2954 u16 eir_len = 0;
f7520543 2955
b644ba33
JH		 2956 bacpy(&ev->addr.bdaddr, bdaddr);
2957 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2958
c95f0ba7 2959 ev->flags = __cpu_to_le32(flags);
08c79b61 2960
b644ba33
JH		 2961 if (name_len > 0)
2962 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 2963 name, name_len);
b644ba33
JH		 2964
2965 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 2966 eir_len = eir_append_data(ev->eir, eir_len,
04124681 2967 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33
JH		 2968
2969 put_unaligned_le16(eir_len, &ev->eir_len);
2970
2971 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 2972 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2973}
2974
8962ee74
JH		 2975static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2976{
c68fb7ff 2977 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2978 struct sock **sk = data;
a38528f1 2979 struct mgmt_rp_disconnect rp;
8962ee74 2980
88c3df13
JH		 2981 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2982 rp.addr.type = cp->addr.type;
8962ee74 2983
aee9b218 2984 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 2985 sizeof(rp));
8962ee74
JH		 2986
2987 *sk = cmd->sk;
2988 sock_hold(*sk);
2989
a664b5bc 2990 mgmt_pending_remove(cmd);
8962ee74
JH		 2991}
2992
124f6e35 2993static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 2994{
b1078ad0 2995 struct hci_dev *hdev = data;
124f6e35
JH		 2996 struct mgmt_cp_unpair_device *cp = cmd->param;
2997 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2998
2999 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3000 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3001 rp.addr.type = cp->addr.type;
a8a1d19e 3002
b1078ad0
JH		 3003 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3004
aee9b218 3005 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3006
3007 mgmt_pending_remove(cmd);
3008}
3009
afc747a6 3010int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3011 u8 link_type, u8 addr_type)
f7520543 3012{
4c659c39 3013 struct mgmt_addr_info ev;
8962ee74
JH		 3014 struct sock *sk = NULL;
3015 int err;
3016
744cf19e 3017 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3018
f7520543 3019 bacpy(&ev.bdaddr, bdaddr);
48264f06 3020 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3021
afc747a6 3022 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3023 sk);
8962ee74
JH		 3024
3025 if (sk)
04124681 3026 sock_put(sk);
8962ee74 3027
124f6e35 3028 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3029 hdev);
a8a1d19e 3030
8962ee74
JH		 3031 return err;
3032}
3033
88c3df13 3034int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3035 u8 link_type, u8 addr_type, u8 status)
8962ee74 3036{
88c3df13 3037 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3038 struct pending_cmd *cmd;
3039 int err;
3040
2e58ef3e 3041 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3042 if (!cmd)
3043 return -ENOENT;
3044
88c3df13
JH		 3045 bacpy(&rp.addr.bdaddr, bdaddr);
3046 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3047
88c3df13 3048 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3049 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3050
a664b5bc 3051 mgmt_pending_remove(cmd);
8962ee74 3052
b1078ad0
JH		 3053 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3054 hdev);
8962ee74 3055 return err;
f7520543 3056}
17d5c04c 3057
48264f06 3058int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3059 u8 addr_type, u8 status)
17d5c04c
JH		 3060{
3061 struct mgmt_ev_connect_failed ev;
3062
4c659c39 3063 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3064 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3065 ev.status = mgmt_status(status);
17d5c04c 3066
744cf19e 3067 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3068}
980e1a53 3069
744cf19e 3070int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3071{
3072 struct mgmt_ev_pin_code_request ev;
3073
d8457698
JH		 3074 bacpy(&ev.addr.bdaddr, bdaddr);
3075 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3076 ev.secure = secure;
980e1a53 3077
744cf19e 3078 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3079 NULL);
980e1a53
JH		 3080}
3081
744cf19e 3082int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3083 u8 status)
980e1a53
JH		 3084{
3085 struct pending_cmd *cmd;
ac56fb13 3086 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3087 int err;
3088
2e58ef3e 3089 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3090 if (!cmd)
3091 return -ENOENT;
3092
d8457698
JH		 3093 bacpy(&rp.addr.bdaddr, bdaddr);
3094 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3095
aee9b218 3096 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3097 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3098
a664b5bc 3099 mgmt_pending_remove(cmd);
980e1a53
JH		 3100
3101 return err;
3102}
3103
744cf19e 3104int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3105 u8 status)
980e1a53
JH		 3106{
3107 struct pending_cmd *cmd;
ac56fb13 3108 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3109 int err;
3110
2e58ef3e 3111 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3112 if (!cmd)
3113 return -ENOENT;
3114
d8457698
JH		 3115 bacpy(&rp.addr.bdaddr, bdaddr);
3116 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3117
aee9b218 3118 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3119 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3120
a664b5bc 3121 mgmt_pending_remove(cmd);
980e1a53
JH		 3122
3123 return err;
3124}
a5c29683 3125
744cf19e 3126int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3127 u8 link_type, u8 addr_type, __le32 value,
3128 u8 confirm_hint)
a5c29683
JH		 3129{
3130 struct mgmt_ev_user_confirm_request ev;
3131
744cf19e 3132 BT_DBG("%s", hdev->name);
a5c29683 3133
272d90df
JH		 3134 bacpy(&ev.addr.bdaddr, bdaddr);
3135 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3136 ev.confirm_hint = confirm_hint;
78e8098e 3137 ev.value = value;
a5c29683 3138
744cf19e 3139 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3140 NULL);
a5c29683
JH		 3141}
3142
272d90df
JH		 3143int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3144 u8 link_type, u8 addr_type)
604086b7
BG		 3145{
3146 struct mgmt_ev_user_passkey_request ev;
3147
3148 BT_DBG("%s", hdev->name);
3149
272d90df
JH		 3150 bacpy(&ev.addr.bdaddr, bdaddr);
3151 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3152
3153 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3154 NULL);
604086b7
BG		 3155}
3156
0df4c185 3157static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3158 u8 link_type, u8 addr_type, u8 status,
3159 u8 opcode)
a5c29683
JH		 3160{
3161 struct pending_cmd *cmd;
3162 struct mgmt_rp_user_confirm_reply rp;
3163 int err;
3164
2e58ef3e 3165 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3166 if (!cmd)
3167 return -ENOENT;
3168
272d90df
JH		 3169 bacpy(&rp.addr.bdaddr, bdaddr);
3170 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218 3171 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3172 &rp, sizeof(rp));
a5c29683 3173
a664b5bc 3174 mgmt_pending_remove(cmd);
a5c29683
JH		 3175
3176 return err;
3177}
3178
744cf19e 3179int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3180 u8 link_type, u8 addr_type, u8 status)
a5c29683 3181{
272d90df 3182 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3183 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3184}
3185
272d90df 3186int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3187 u8 link_type, u8 addr_type, u8 status)
a5c29683 3188{
272d90df 3189 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3190 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3191}
2a611692 3192
604086b7 3193int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3194 u8 link_type, u8 addr_type, u8 status)
604086b7 3195{
272d90df 3196 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3197 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3198}
3199
272d90df 3200int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3201 u8 link_type, u8 addr_type, u8 status)
604086b7 3202{
272d90df 3203 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3204 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3205}
3206
bab73cb6 3207int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3208 u8 addr_type, u8 status)
2a611692
JH		 3209{
3210 struct mgmt_ev_auth_failed ev;
3211
bab73cb6
JH		 3212 bacpy(&ev.addr.bdaddr, bdaddr);
3213 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3214 ev.status = mgmt_status(status);
2a611692 3215
744cf19e 3216 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3217}
b312b161 3218
33ef95ed
JH		 3219int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3220{
3221 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3222 bool changed = false;
3223 int err = 0;
33ef95ed
JH		 3224
3225 if (status) {
3226 u8 mgmt_err = mgmt_status(status);
3227 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3228 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3229 return 0;
3230 }
3231
47990ea0
JH		 3232 if (test_bit(HCI_AUTH, &hdev->flags)) {
3233 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3234 changed = true;
3235 } else {
3236 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3237 changed = true;
3238 }
3239
33ef95ed 3240 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3241 &match);
33ef95ed 3242
47990ea0
JH		 3243 if (changed)
3244 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3245
3246 if (match.sk)
3247 sock_put(match.sk);
3248
3249 return err;
3250}
3251
cacaf52f
JH		 3252static int clear_eir(struct hci_dev *hdev)
3253{
3254 struct hci_cp_write_eir cp;
3255
3256 if (!(hdev->features[6] & LMP_EXT_INQ))
3257 return 0;
3258
c80da27e
JH		 3259 memset(hdev->eir, 0, sizeof(hdev->eir));
3260
cacaf52f
JH		 3261 memset(&cp, 0, sizeof(cp));
3262
3263 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3264}
3265
c0ecddc2 3266int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3267{
3268 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3269 bool changed = false;
3270 int err = 0;
ed2c4ee3
JH		 3271
3272 if (status) {
3273 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3274
3275 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3276 &hdev->dev_flags))
c0ecddc2
JH		 3277 err = new_settings(hdev, NULL);
3278
04124681
GP		 3279 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3280 &mgmt_err);
c0ecddc2
JH		 3281
3282 return err;
3283 }
3284
3285 if (enable) {
3286 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3287 changed = true;
3288 } else {
3289 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3290 changed = true;
ed2c4ee3
JH		 3291 }
3292
3293 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3294
c0ecddc2
JH		 3295 if (changed)
3296 err = new_settings(hdev, match.sk);
ed2c4ee3 3297
5fc6ebb1 3298 if (match.sk)
ed2c4ee3
JH		 3299 sock_put(match.sk);
3300
5fc6ebb1
JH		 3301 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3302 update_eir(hdev);
3303 else
3304 clear_eir(hdev);
cacaf52f 3305
ed2c4ee3
JH		 3306 return err;
3307}
3308
90e70454
JH		 3309static void class_rsp(struct pending_cmd *cmd, void *data)
3310{
3311 struct cmd_lookup *match = data;
3312
3313 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3314 match->hdev->dev_class, 3);
90e70454
JH		 3315
3316 list_del(&cmd->list);
3317
3318 if (match->sk == NULL) {
3319 match->sk = cmd->sk;
3320 sock_hold(match->sk);
3321 }
3322
3323 mgmt_pending_free(cmd);
3324}
3325
7f9a903c 3326int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3327 u8 status)
7f9a903c 3328{
90e70454
JH		 3329 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3330 int err = 0;
7f9a903c 3331
c95f0ba7
JH		 3332 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3333
90e70454
JH		 3334 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3335 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3336 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3337
3338 if (!status)
04124681
GP		 3339 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3340 3, NULL);
90e70454
JH		 3341
3342 if (match.sk)
3343 sock_put(match.sk);
7f9a903c
MH		 3344
3345 return err;
3346}
3347
744cf19e 3348int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3349{
3350 struct pending_cmd *cmd;
3351 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3352 bool changed = false;
3353 int err = 0;
3354
3355 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3356 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3357 changed = true;
3358 }
b312b161
JH		 3359
3360 memset(&ev, 0, sizeof(ev));
3361 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3362 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3363
2e58ef3e 3364 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3365 if (!cmd)
3366 goto send_event;
3367
7bdaae4a
JH		 3368 /* Always assume that either the short or the complete name has
3369 * changed if there was a pending mgmt command */
3370 changed = true;
3371
b312b161 3372 if (status) {
744cf19e 3373 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3374 mgmt_status(status));
b312b161
JH		 3375 goto failed;
3376 }
3377
aee9b218 3378 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3379 sizeof(ev));
b312b161
JH		 3380 if (err < 0)
3381 goto failed;
3382
3383send_event:
28cc7bde
JH		 3384 if (changed)
3385 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3386 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3387
f51d5b24 3388 update_eir(hdev);
b312b161
JH		 3389
3390failed:
3391 if (cmd)
3392 mgmt_pending_remove(cmd);
3393 return err;
3394}
c35938b2 3395
744cf19e 3396int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3397 u8 *randomizer, u8 status)
c35938b2
SJ		 3398{
3399 struct pending_cmd *cmd;
3400 int err;
3401
744cf19e 3402 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3403
2e58ef3e 3404 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3405 if (!cmd)
3406 return -ENOENT;
3407
3408 if (status) {
04124681
GP		 3409 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3410 mgmt_status(status));
c35938b2
SJ		 3411 } else {
3412 struct mgmt_rp_read_local_oob_data rp;
3413
3414 memcpy(rp.hash, hash, sizeof(rp.hash));
3415 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3416
744cf19e 3417 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3418 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3419 sizeof(rp));
c35938b2
SJ		 3420 }
3421
3422 mgmt_pending_remove(cmd);
3423
3424 return err;
3425}
e17acd40 3426
06199cf8
JH		 3427int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3428{
3429 struct cmd_lookup match = { NULL, hdev };
3430 bool changed = false;
3431 int err = 0;
3432
3433 if (status) {
3434 u8 mgmt_err = mgmt_status(status);
3435
3436 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681
GP		 3437 &hdev->dev_flags))
3438 err = new_settings(hdev, NULL);
06199cf8
JH		 3439
3440 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
04124681 3441 cmd_status_rsp, &mgmt_err);
06199cf8
JH		 3442
3443 return err;
3444 }
3445
3446 if (enable) {
3447 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3448 changed = true;
3449 } else {
3450 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3451 changed = true;
3452 }
3453
3454 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3455
3456 if (changed)
3457 err = new_settings(hdev, match.sk);
3458
3459 if (match.sk)
3460 sock_put(match.sk);
3461
3462 return err;
3463}
3464
48264f06 3465int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3466 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3467 ssp, u8 *eir, u16 eir_len)
e17acd40 3468{
e319d2e7
JH		 3469 char buf[512];
3470 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3471 size_t ev_size;
e17acd40 3472
1dc06093
JH		 3473 /* Leave 5 bytes for a potential CoD field */
3474 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3475 return -EINVAL;
3476
1dc06093
JH		 3477 memset(buf, 0, sizeof(buf));
3478
e319d2e7
JH		 3479 bacpy(&ev->addr.bdaddr, bdaddr);
3480 ev->addr.type = link_to_mgmt(link_type, addr_type);
3481 ev->rssi = rssi;
9a395a80
JH		 3482 if (cfm_name)
3483 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3484 if (!ssp)
3485 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3486
1dc06093 3487 if (eir_len > 0)
e319d2e7 3488 memcpy(ev->eir, eir, eir_len);
e17acd40 3489
1dc06093
JH		 3490 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3491 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3492 dev_class, 3);
1dc06093
JH		 3493
3494 put_unaligned_le16(eir_len, &ev->eir_len);
3495
3496 ev_size = sizeof(*ev) + eir_len;
f8523598 3497
e319d2e7 3498 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3499}
a88a9652 3500
b644ba33 3501int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3502 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3503{
b644ba33
JH		 3504 struct mgmt_ev_device_found *ev;
3505 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3506 u16 eir_len;
a88a9652 3507
b644ba33 3508 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3509
b644ba33
JH		 3510 memset(buf, 0, sizeof(buf));
3511
3512 bacpy(&ev->addr.bdaddr, bdaddr);
3513 ev->addr.type = link_to_mgmt(link_type, addr_type);
3514 ev->rssi = rssi;
3515
3516 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3517 name_len);
b644ba33
JH		 3518
3519 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3520
053c7e0c 3521 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3522 sizeof(*ev) + eir_len, NULL);
a88a9652 3523}
314b2381 3524
7a135109 3525int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3526{
3527 struct pending_cmd *cmd;
f808e166 3528 u8 type;
164a6e78
JH		 3529 int err;
3530
203159d4
AG		 3531 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3532
2e58ef3e 3533 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3534 if (!cmd)
3535 return -ENOENT;
3536
f808e166
JH		 3537 type = hdev->discovery.type;
3538
3539 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3540 &type, sizeof(type));
164a6e78
JH		 3541 mgmt_pending_remove(cmd);
3542
3543 return err;
3544}
3545
e6d465cb
AG		 3546int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3547{
3548 struct pending_cmd *cmd;
3549 int err;
3550
3551 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3552 if (!cmd)
3553 return -ENOENT;
3554
d930650b 3555 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3556 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3557 mgmt_pending_remove(cmd);
3558
3559 return err;
3560}
3561
744cf19e 3562int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3563{
f963e8e9 3564 struct mgmt_ev_discovering ev;
164a6e78
JH		 3565 struct pending_cmd *cmd;
3566
343fb145
AG		 3567 BT_DBG("%s discovering %u", hdev->name, discovering);
3568
164a6e78 3569 if (discovering)
2e58ef3e 3570 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3571 else
2e58ef3e 3572 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3573
3574 if (cmd != NULL) {
f808e166
JH		 3575 u8 type = hdev->discovery.type;
3576
04124681
GP		 3577 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3578 sizeof(type));
164a6e78
JH		 3579 mgmt_pending_remove(cmd);
3580 }
3581
f963e8e9
JH		 3582 memset(&ev, 0, sizeof(ev));
3583 ev.type = hdev->discovery.type;
3584 ev.discovering = discovering;
3585
3586 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3587}
5e762444 3588
88c1fe4b 3589int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3590{
3591 struct pending_cmd *cmd;
3592 struct mgmt_ev_device_blocked ev;
3593
2e58ef3e 3594 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3595
88c1fe4b
JH		 3596 bacpy(&ev.addr.bdaddr, bdaddr);
3597 ev.addr.type = type;
5e762444 3598
744cf19e 3599 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3600 cmd ? cmd->sk : NULL);
5e762444
AJ		 3601}
3602
88c1fe4b 3603int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3604{
3605 struct pending_cmd *cmd;
3606 struct mgmt_ev_device_unblocked ev;
3607
2e58ef3e 3608 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3609
88c1fe4b
JH		 3610 bacpy(&ev.addr.bdaddr, bdaddr);
3611 ev.addr.type = type;
5e762444 3612
744cf19e 3613 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3614 cmd ? cmd->sk : NULL);
5e762444 3615}
d7b7e796
MH		 3616
3617module_param(enable_hs, bool, 0644);
3618MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3619
3620module_param(enable_le, bool, 0644);
3621MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux kernel - Deliverables
This page took 0.392911 seconds and 5 git commands to generate.