projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: trivial: Remove empty line
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c 40#define MGMT_VERSION 1
053262dc 41#define MGMT_REVISION 1
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105};
106
3fd24153
AG		 107/*
108 * These LE scan and inquiry parameters were chosen according to LE General
109 * Discovery Procedure specification.
110 */
111#define LE_SCAN_TYPE 0x01
112#define LE_SCAN_WIN 0x12
113#define LE_SCAN_INT 0x12
114#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 115#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 116
e8777525 117#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 118#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 119
17b02e62 120#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 121
4b34ee78
JH		 122#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
123 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124
eec8d2bc
JH		 125struct pending_cmd {
126 struct list_head list;
fc2f4b13 127 u16 opcode;
eec8d2bc 128 int index;
c68fb7ff 129 void *param;
eec8d2bc 130 struct sock *sk;
e9a416b5 131 void *user_data;
eec8d2bc
JH		 132};
133
ca69b795
JH		 134/* HCI to MGMT error code conversion table */
135static u8 mgmt_status_table[] = {
136 MGMT_STATUS_SUCCESS,
137 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
138 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
139 MGMT_STATUS_FAILED, /* Hardware Failure */
140 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
141 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
142 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
143 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
144 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
146 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
147 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
148 MGMT_STATUS_BUSY, /* Command Disallowed */
149 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
150 MGMT_STATUS_REJECTED, /* Rejected Security */
151 MGMT_STATUS_REJECTED, /* Rejected Personal */
152 MGMT_STATUS_TIMEOUT, /* Host Timeout */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
155 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
156 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
157 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
158 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
159 MGMT_STATUS_BUSY, /* Repeated Attempts */
160 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
161 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
163 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
164 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
165 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
166 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
167 MGMT_STATUS_FAILED, /* Unspecified Error */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
169 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
170 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
171 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
172 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
173 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
174 MGMT_STATUS_FAILED, /* Unit Link Key Used */
175 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
176 MGMT_STATUS_TIMEOUT, /* Instant Passed */
177 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
178 MGMT_STATUS_FAILED, /* Transaction Collision */
179 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
180 MGMT_STATUS_REJECTED, /* QoS Rejected */
181 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
182 MGMT_STATUS_REJECTED, /* Insufficient Security */
183 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
184 MGMT_STATUS_BUSY, /* Role Switch Pending */
185 MGMT_STATUS_FAILED, /* Slot Violation */
186 MGMT_STATUS_FAILED, /* Role Switch Failed */
187 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
188 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
189 MGMT_STATUS_BUSY, /* Host Busy Pairing */
190 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
191 MGMT_STATUS_BUSY, /* Controller Busy */
192 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
193 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
194 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
195 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
196 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197};
198
199static u8 mgmt_status(u8 hci_status)
200{
201 if (hci_status < ARRAY_SIZE(mgmt_status_table))
202 return mgmt_status_table[hci_status];
203
204 return MGMT_STATUS_FAILED;
205}
206
4e51eae9 207static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 208{
209 struct sk_buff *skb;
210 struct mgmt_hdr *hdr;
211 struct mgmt_ev_cmd_status *ev;
56b7d137 212 int err;
f7b64e69 213
34eb525c 214 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 215
216 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
217 if (!skb)
218 return -ENOMEM;
219
220 hdr = (void *) skb_put(skb, sizeof(*hdr));
221
222 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 223 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 224 hdr->len = cpu_to_le16(sizeof(*ev));
225
226 ev = (void *) skb_put(skb, sizeof(*ev));
227 ev->status = status;
eb55ef07 228 ev->opcode = cpu_to_le16(cmd);
f7b64e69 229
56b7d137
GP		 230 err = sock_queue_rcv_skb(sk, skb);
231 if (err < 0)
f7b64e69
JH		 232 kfree_skb(skb);
233
56b7d137 234 return err;
f7b64e69
JH		 235}
236
aee9b218 237static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 238 void *rp, size_t rp_len)
02d98129
JH		 239{
240 struct sk_buff *skb;
241 struct mgmt_hdr *hdr;
242 struct mgmt_ev_cmd_complete *ev;
56b7d137 243 int err;
02d98129
JH		 244
245 BT_DBG("sock %p", sk);
246
a38528f1 247 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 248 if (!skb)
249 return -ENOMEM;
250
251 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 252
a38528f1 253 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 254 hdr->index = cpu_to_le16(index);
a38528f1 255 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 256
a38528f1 257 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 258 ev->opcode = cpu_to_le16(cmd);
aee9b218 259 ev->status = status;
8020c16a
SJ		 260
261 if (rp)
262 memcpy(ev->data, rp, rp_len);
02d98129 263
56b7d137
GP		 264 err = sock_queue_rcv_skb(sk, skb);
265 if (err < 0)
02d98129
JH		 266 kfree_skb(skb);
267
e5f0e151 268 return err;
02d98129
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
eb55ef07 279 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 280
aee9b218 281 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 282 sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 289 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
290 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 291 __le16 *opcode;
e70bb2e8
JH		 292 size_t rp_size;
293 int i, err;
294
295 BT_DBG("sock %p", sk);
296
297 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
298
299 rp = kmalloc(rp_size, GFP_KERNEL);
300 if (!rp)
301 return -ENOMEM;
302
eb55ef07
MH		 303 rp->num_commands = __constant_cpu_to_le16(num_commands);
304 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 305
306 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
307 put_unaligned_le16(mgmt_commands[i], opcode);
308
309 for (i = 0; i < num_events; i++, opcode++)
310 put_unaligned_le16(mgmt_events[i], opcode);
311
aee9b218 312 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 313 rp_size);
e70bb2e8
JH		 314 kfree(rp);
315
316 return err;
317}
318
04124681
GP		 319static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
320 u16 data_len)
faba42eb 321{
faba42eb
JH		 322 struct mgmt_rp_read_index_list *rp;
323 struct list_head *p;
8035ded4 324 struct hci_dev *d;
a38528f1 325 size_t rp_len;
faba42eb 326 u16 count;
a38528f1 327 int i, err;
faba42eb
JH		 328
329 BT_DBG("sock %p", sk);
330
331 read_lock(&hci_dev_list_lock);
332
333 count = 0;
334 list_for_each(p, &hci_dev_list) {
335 count++;
336 }
337
a38528f1
JH		 338 rp_len = sizeof(*rp) + (2 * count);
339 rp = kmalloc(rp_len, GFP_ATOMIC);
340 if (!rp) {
b2c60d42 341 read_unlock(&hci_dev_list_lock);
faba42eb 342 return -ENOMEM;
b2c60d42 343 }
faba42eb 344
eb55ef07 345 rp->num_controllers = cpu_to_le16(count);
faba42eb
JH		 346
347 i = 0;
8035ded4 348 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 349 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 350 continue;
351
eb55ef07 352 rp->index[i++] = cpu_to_le16(d->id);
faba42eb
JH		 353 BT_DBG("Added hci%u", d->id);
354 }
355
356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_CONNECTABLE;
372 settings |= MGMT_SETTING_FAST_CONNECTABLE;
373 settings |= MGMT_SETTING_DISCOVERABLE;
374 settings |= MGMT_SETTING_PAIRABLE;
375
376 if (hdev->features[6] & LMP_SIMPLE_PAIR)
377 settings |= MGMT_SETTING_SSP;
378
379 if (!(hdev->features[4] & LMP_NO_BREDR)) {
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
387 if (enable_le) {
388 if (hdev->features[4] & LMP_LE)
389 settings |= MGMT_SETTING_LE;
390 }
69ab39ea
JH		 391
392 return settings;
393}
394
395static u32 get_current_settings(struct hci_dev *hdev)
396{
397 u32 settings = 0;
398
f1f0eb02 399 if (hdev_is_powered(hdev))
f0d4b78a
MH		 400 settings |= MGMT_SETTING_POWERED;
401
5e5282bb 402 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_CONNECTABLE;
404
5e5282bb 405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_DISCOVERABLE;
407
a8b2d5c2 408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_PAIRABLE;
410
411 if (!(hdev->features[4] & LMP_NO_BREDR))
412 settings |= MGMT_SETTING_BREDR;
413
06199cf8 414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LE;
416
47990ea0 417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LINK_SECURITY;
419
84bde9d6 420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_SSP;
422
6d80dfd0
JH		 423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
431static u8 bluetooth_base_uuid[] = {
432 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
433 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
434};
435
436static u16 get_uuid16(u8 *uuid128)
437{
438 u32 val;
439 int i;
440
441 for (i = 0; i < 12; i++) {
442 if (bluetooth_base_uuid[i] != uuid128[i])
443 return 0;
444 }
445
3e9fb6d8 446 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 447 if (val > 0xffff)
448 return 0;
449
450 return (u16) val;
451}
452
453static void create_eir(struct hci_dev *hdev, u8 *data)
454{
455 u8 *ptr = data;
456 u16 eir_len = 0;
457 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
458 int i, truncated = 0;
459 struct bt_uuid *uuid;
460 size_t name_len;
461
462 name_len = strlen(hdev->dev_name);
463
464 if (name_len > 0) {
465 /* EIR Data type */
466 if (name_len > 48) {
467 name_len = 48;
468 ptr[1] = EIR_NAME_SHORT;
469 } else
470 ptr[1] = EIR_NAME_COMPLETE;
471
472 /* EIR Data length */
473 ptr[0] = name_len + 1;
474
475 memcpy(ptr + 2, hdev->dev_name, name_len);
476
477 eir_len += (name_len + 2);
478 ptr += (name_len + 2);
479 }
480
91c4e9b1
MH		 481 if (hdev->inq_tx_power) {
482 ptr[0] = 2;
483 ptr[1] = EIR_TX_POWER;
484 ptr[2] = (u8) hdev->inq_tx_power;
485
486 eir_len += 3;
487 ptr += 3;
488 }
489
2b9be137
MH		 490 if (hdev->devid_source > 0) {
491 ptr[0] = 9;
492 ptr[1] = EIR_DEVICE_ID;
493
494 put_unaligned_le16(hdev->devid_source, ptr + 2);
495 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
496 put_unaligned_le16(hdev->devid_product, ptr + 6);
497 put_unaligned_le16(hdev->devid_version, ptr + 8);
498
499 eir_len += 10;
500 ptr += 10;
501 }
502
ef580372
JH		 503 memset(uuid16_list, 0, sizeof(uuid16_list));
504
505 /* Group all UUID16 types */
506 list_for_each_entry(uuid, &hdev->uuids, list) {
507 u16 uuid16;
508
509 uuid16 = get_uuid16(uuid->uuid);
510 if (uuid16 == 0)
511 return;
512
513 if (uuid16 < 0x1100)
514 continue;
515
516 if (uuid16 == PNP_INFO_SVCLASS_ID)
517 continue;
518
519 /* Stop if not enough space to put next UUID */
520 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
521 truncated = 1;
522 break;
523 }
524
525 /* Check for duplicates */
526 for (i = 0; uuid16_list[i] != 0; i++)
527 if (uuid16_list[i] == uuid16)
528 break;
529
530 if (uuid16_list[i] == 0) {
531 uuid16_list[i] = uuid16;
532 eir_len += sizeof(u16);
533 }
534 }
535
536 if (uuid16_list[0] != 0) {
537 u8 *length = ptr;
538
539 /* EIR Data type */
540 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
541
542 ptr += 2;
543 eir_len += 2;
544
545 for (i = 0; uuid16_list[i] != 0; i++) {
546 *ptr++ = (uuid16_list[i] & 0x00ff);
547 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
548 }
549
550 /* EIR Data length */
551 *length = (i * sizeof(u16)) + 1;
552 }
553}
554
555static int update_eir(struct hci_dev *hdev)
556{
557 struct hci_cp_write_eir cp;
558
504c8dcd 559 if (!hdev_is_powered(hdev))
7770c4aa
JH		 560 return 0;
561
ef580372
JH		 562 if (!(hdev->features[6] & LMP_EXT_INQ))
563 return 0;
564
84bde9d6 565 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 566 return 0;
567
a8b2d5c2 568 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 569 return 0;
570
571 memset(&cp, 0, sizeof(cp));
572
573 create_eir(hdev, cp.data);
574
575 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
576 return 0;
577
578 memcpy(hdev->eir, cp.data, sizeof(cp.data));
579
580 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
581}
582
583static u8 get_service_classes(struct hci_dev *hdev)
584{
585 struct bt_uuid *uuid;
586 u8 val = 0;
587
588 list_for_each_entry(uuid, &hdev->uuids, list)
589 val |= uuid->svc_hint;
590
591 return val;
592}
593
594static int update_class(struct hci_dev *hdev)
595{
596 u8 cod[3];
c95f0ba7 597 int err;
ef580372
JH		 598
599 BT_DBG("%s", hdev->name);
600
504c8dcd 601 if (!hdev_is_powered(hdev))
7770c4aa
JH		 602 return 0;
603
a8b2d5c2 604 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 605 return 0;
606
607 cod[0] = hdev->minor_class;
608 cod[1] = hdev->major_class;
609 cod[2] = get_service_classes(hdev);
610
611 if (memcmp(cod, hdev->dev_class, 3) == 0)
612 return 0;
613
c95f0ba7
JH		 614 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
615 if (err == 0)
616 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
617
618 return err;
ef580372
JH		 619}
620
7d78525d
JH		 621static void service_cache_off(struct work_struct *work)
622{
623 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 624 service_cache.work);
7d78525d 625
a8b2d5c2 626 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 627 return;
628
629 hci_dev_lock(hdev);
630
631 update_eir(hdev);
632 update_class(hdev);
633
634 hci_dev_unlock(hdev);
635}
636
6a919082 637static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 638{
4f87da80 639 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 640 return;
641
4f87da80 642 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 643
4f87da80
JH		 644 /* Non-mgmt controlled devices get this bit set
645 * implicitly so that pairing works for them, however
646 * for mgmt we require user-space to explicitly enable
647 * it
648 */
649 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 650}
651
0f4e68cf 652static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 653 void *data, u16 data_len)
0381101f 654{
a38528f1 655 struct mgmt_rp_read_info rp;
f7b64e69 656
bdb6d971 657 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 658
09fd0de5 659 hci_dev_lock(hdev);
f7b64e69 660
dc4fe30b
JH		 661 memset(&rp, 0, sizeof(rp));
662
69ab39ea 663 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 664
69ab39ea 665 rp.version = hdev->hci_ver;
eb55ef07 666 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 667
668 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
669 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 670
a38528f1 671 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 672
dc4fe30b 673 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 674 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 675
09fd0de5 676 hci_dev_unlock(hdev);
0381101f 677
bdb6d971 678 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 679 sizeof(rp));
0381101f
JH		 680}
681
eec8d2bc
JH		 682static void mgmt_pending_free(struct pending_cmd *cmd)
683{
684 sock_put(cmd->sk);
c68fb7ff 685 kfree(cmd->param);
eec8d2bc
JH		 686 kfree(cmd);
687}
688
366a0336 689static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 690 struct hci_dev *hdev, void *data,
691 u16 len)
eec8d2bc
JH		 692{
693 struct pending_cmd *cmd;
694
695 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
696 if (!cmd)
366a0336 697 return NULL;
eec8d2bc
JH		 698
699 cmd->opcode = opcode;
2e58ef3e 700 cmd->index = hdev->id;
eec8d2bc 701
c68fb7ff
SJ		 702 cmd->param = kmalloc(len, GFP_ATOMIC);
703 if (!cmd->param) {
eec8d2bc 704 kfree(cmd);
366a0336 705 return NULL;
eec8d2bc
JH		 706 }
707
8fce6357
SJ		 708 if (data)
709 memcpy(cmd->param, data, len);
eec8d2bc
JH		 710
711 cmd->sk = sk;
712 sock_hold(sk);
713
2e58ef3e 714 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 715
366a0336 716 return cmd;
eec8d2bc
JH		 717}
718
744cf19e 719static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
04124681
GP		 720 void (*cb)(struct pending_cmd *cmd, void *data),
721 void *data)
eec8d2bc
JH		 722{
723 struct list_head *p, *n;
724
2e58ef3e 725 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 726 struct pending_cmd *cmd;
727
728 cmd = list_entry(p, struct pending_cmd, list);
729
b24752fe 730 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 731 continue;
732
eec8d2bc
JH		 733 cb(cmd, data);
734 }
735}
736
2e58ef3e 737static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 738{
8035ded4 739 struct pending_cmd *cmd;
eec8d2bc 740
2e58ef3e 741 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 742 if (cmd->opcode == opcode)
743 return cmd;
eec8d2bc
JH		 744 }
745
746 return NULL;
747}
748
a664b5bc 749static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 750{
73f22f62
JH		 751 list_del(&cmd->list);
752 mgmt_pending_free(cmd);
753}
754
69ab39ea 755static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 756{
69ab39ea 757 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 758
aee9b218 759 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 760 sizeof(settings));
8680570b
JH		 761}
762
bdb6d971 763static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 764 u16 len)
eec8d2bc 765{
650f726d 766 struct mgmt_mode *cp = data;
366a0336 767 struct pending_cmd *cmd;
4b34ee78 768 int err;
eec8d2bc 769
bdb6d971 770 BT_DBG("request for %s", hdev->name);
eec8d2bc 771
09fd0de5 772 hci_dev_lock(hdev);
eec8d2bc 773
f0d4b78a
MH		 774 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
775 cancel_delayed_work(&hdev->power_off);
776
777 if (cp->val) {
778 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
779 mgmt_powered(hdev, 1);
780 goto failed;
781 }
782 }
783
4b34ee78 784 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 785 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 786 goto failed;
787 }
788
2e58ef3e 789 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 790 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 791 MGMT_STATUS_BUSY);
eec8d2bc
JH		 792 goto failed;
793 }
794
2e58ef3e 795 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 796 if (!cmd) {
797 err = -ENOMEM;
eec8d2bc 798 goto failed;
366a0336 799 }
eec8d2bc 800
72a734ec 801 if (cp->val)
7f971041 802 schedule_work(&hdev->power_on);
eec8d2bc 803 else
80b7ab33 804 schedule_work(&hdev->power_off.work);
eec8d2bc 805
366a0336 806 err = 0;
eec8d2bc
JH		 807
808failed:
09fd0de5 809 hci_dev_unlock(hdev);
366a0336 810 return err;
eec8d2bc
JH		 811}
812
04124681
GP		 813static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
814 struct sock *skip_sk)
beadb2bd
JH		 815{
816 struct sk_buff *skb;
817 struct mgmt_hdr *hdr;
818
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
820 if (!skb)
821 return -ENOMEM;
822
823 hdr = (void *) skb_put(skb, sizeof(*hdr));
824 hdr->opcode = cpu_to_le16(event);
825 if (hdev)
826 hdr->index = cpu_to_le16(hdev->id);
827 else
828 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
829 hdr->len = cpu_to_le16(data_len);
830
831 if (data)
832 memcpy(skb_put(skb, data_len), data, data_len);
833
97e0bdeb
MH		 834 /* Time stamp */
835 __net_timestamp(skb);
836
beadb2bd
JH		 837 hci_send_to_control(skb, skip_sk);
838 kfree_skb(skb);
839
840 return 0;
841}
842
843static int new_settings(struct hci_dev *hdev, struct sock *skip)
844{
845 __le32 ev;
846
847 ev = cpu_to_le32(get_current_settings(hdev));
848
849 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
850}
851
bdb6d971 852static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 853 u16 len)
73f22f62 854{
650f726d 855 struct mgmt_cp_set_discoverable *cp = data;
366a0336 856 struct pending_cmd *cmd;
5e5282bb 857 u16 timeout;
73f22f62
JH		 858 u8 scan;
859 int err;
860
bdb6d971 861 BT_DBG("request for %s", hdev->name);
73f22f62 862
1f350c87 863 timeout = __le16_to_cpu(cp->timeout);
24c54a90 864 if (!cp->val && timeout > 0)
bdb6d971 865 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 866 MGMT_STATUS_INVALID_PARAMS);
73f22f62 867
09fd0de5 868 hci_dev_lock(hdev);
73f22f62 869
5e5282bb 870 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 871 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 872 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 873 goto failed;
874 }
875
2e58ef3e
JH		 876 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
877 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 878 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 879 MGMT_STATUS_BUSY);
73f22f62
JH		 880 goto failed;
881 }
882
5e5282bb 883 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 885 MGMT_STATUS_REJECTED);
5e5282bb
JH		 886 goto failed;
887 }
888
889 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 890 bool changed = false;
891
892 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
893 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
894 changed = true;
895 }
896
5e5282bb 897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 898 if (err < 0)
899 goto failed;
900
901 if (changed)
902 err = new_settings(hdev, sk);
903
5e5282bb
JH		 904 goto failed;
905 }
906
907 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 908 if (hdev->discov_timeout > 0) {
909 cancel_delayed_work(&hdev->discov_off);
910 hdev->discov_timeout = 0;
911 }
912
913 if (cp->val && timeout > 0) {
914 hdev->discov_timeout = timeout;
915 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
916 msecs_to_jiffies(hdev->discov_timeout * 1000));
917 }
918
69ab39ea 919 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 920 goto failed;
921 }
922
2e58ef3e 923 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 924 if (!cmd) {
925 err = -ENOMEM;
73f22f62 926 goto failed;
366a0336 927 }
73f22f62
JH		 928
929 scan = SCAN_PAGE;
930
72a734ec 931 if (cp->val)
73f22f62 932 scan |= SCAN_INQUIRY;
16ab91ab 933 else
e0f9309f 934 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 935
936 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
937 if (err < 0)
a664b5bc 938 mgmt_pending_remove(cmd);
73f22f62 939
16ab91ab 940 if (cp->val)
5e5282bb 941 hdev->discov_timeout = timeout;
16ab91ab 942
73f22f62 943failed:
09fd0de5 944 hci_dev_unlock(hdev);
73f22f62
JH		 945 return err;
946}
947
bdb6d971 948static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 949 u16 len)
9fbcbb45 950{
650f726d 951 struct mgmt_mode *cp = data;
366a0336 952 struct pending_cmd *cmd;
9fbcbb45
JH		 953 u8 scan;
954 int err;
955
bdb6d971 956 BT_DBG("request for %s", hdev->name);
9fbcbb45 957
09fd0de5 958 hci_dev_lock(hdev);
9fbcbb45 959
4b34ee78 960 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 961 bool changed = false;
962
963 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
964 changed = true;
965
6bf0e469 966 if (cp->val) {
5e5282bb 967 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 968 } else {
5e5282bb
JH		 969 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
970 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
971 }
0224d2fa 972
5e5282bb 973 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 974 if (err < 0)
975 goto failed;
976
977 if (changed)
978 err = new_settings(hdev, sk);
979
9fbcbb45
JH		 980 goto failed;
981 }
982
2e58ef3e
JH		 983 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
984 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 985 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 986 MGMT_STATUS_BUSY);
9fbcbb45
JH		 987 goto failed;
988 }
989
5e5282bb 990 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 991 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 992 goto failed;
993 }
994
2e58ef3e 995 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 996 if (!cmd) {
997 err = -ENOMEM;
9fbcbb45 998 goto failed;
366a0336 999 }
9fbcbb45 1000
6bf0e469 1001 if (cp->val) {
9fbcbb45 1002 scan = SCAN_PAGE;
6bf0e469 1003 } else {
9fbcbb45
JH		 1004 scan = 0;
1005
df2c6c5e
JH		 1006 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1007 hdev->discov_timeout > 0)
1008 cancel_delayed_work(&hdev->discov_off);
1009 }
1010
9fbcbb45
JH		 1011 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1012 if (err < 0)
a664b5bc 1013 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1014
1015failed:
09fd0de5 1016 hci_dev_unlock(hdev);
9fbcbb45
JH		 1017 return err;
1018}
1019
bdb6d971 1020static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1021 u16 len)
c542a06c 1022{
650f726d 1023 struct mgmt_mode *cp = data;
c542a06c
JH		 1024 int err;
1025
bdb6d971 1026 BT_DBG("request for %s", hdev->name);
c542a06c 1027
09fd0de5 1028 hci_dev_lock(hdev);
c542a06c
JH		 1029
1030 if (cp->val)
a8b2d5c2 1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1032 else
a8b2d5c2 1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1034
69ab39ea 1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1036 if (err < 0)
1037 goto failed;
1038
beadb2bd 1039 err = new_settings(hdev, sk);
c542a06c
JH		 1040
1041failed:
09fd0de5 1042 hci_dev_unlock(hdev);
c542a06c
JH		 1043 return err;
1044}
1045
04124681
GP		 1046static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1047 u16 len)
33ef95ed
JH		 1048{
1049 struct mgmt_mode *cp = data;
1050 struct pending_cmd *cmd;
816a11d5 1051 u8 val;
33ef95ed
JH		 1052 int err;
1053
bdb6d971 1054 BT_DBG("request for %s", hdev->name);
33ef95ed 1055
33ef95ed
JH		 1056 hci_dev_lock(hdev);
1057
4b34ee78 1058 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1059 bool changed = false;
1060
1061 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1062 &hdev->dev_flags)) {
1063 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1064 changed = true;
1065 }
1066
1067 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1068 if (err < 0)
1069 goto failed;
1070
1071 if (changed)
1072 err = new_settings(hdev, sk);
1073
33ef95ed
JH		 1074 goto failed;
1075 }
1076
1077 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1078 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1079 MGMT_STATUS_BUSY);
33ef95ed
JH		 1080 goto failed;
1081 }
1082
1083 val = !!cp->val;
1084
1085 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1086 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1087 goto failed;
1088 }
1089
1090 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1091 if (!cmd) {
1092 err = -ENOMEM;
1093 goto failed;
1094 }
1095
1096 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1097 if (err < 0) {
1098 mgmt_pending_remove(cmd);
1099 goto failed;
1100 }
1101
1102failed:
1103 hci_dev_unlock(hdev);
33ef95ed
JH		 1104 return err;
1105}
1106
bdb6d971 1107static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1108{
1109 struct mgmt_mode *cp = data;
1110 struct pending_cmd *cmd;
816a11d5 1111 u8 val;
ed2c4ee3
JH		 1112 int err;
1113
bdb6d971 1114 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1115
ed2c4ee3
JH		 1116 hci_dev_lock(hdev);
1117
6c8f12c1 1118 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1120 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1121 goto failed;
1122 }
1123
c0ecddc2
JH		 1124 val = !!cp->val;
1125
4b34ee78 1126 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1127 bool changed = false;
1128
1129 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1130 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1131 changed = true;
1132 }
1133
1134 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1135 if (err < 0)
1136 goto failed;
1137
1138 if (changed)
1139 err = new_settings(hdev, sk);
1140
ed2c4ee3
JH		 1141 goto failed;
1142 }
1143
1144 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1145 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1146 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1147 goto failed;
1148 }
1149
ed2c4ee3
JH		 1150 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1151 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1152 goto failed;
1153 }
1154
1155 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1156 if (!cmd) {
1157 err = -ENOMEM;
1158 goto failed;
1159 }
1160
1161 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1162 if (err < 0) {
1163 mgmt_pending_remove(cmd);
1164 goto failed;
1165 }
1166
1167failed:
1168 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1169 return err;
1170}
1171
bdb6d971 1172static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1173{
1174 struct mgmt_mode *cp = data;
6d80dfd0 1175
bdb6d971 1176 BT_DBG("request for %s", hdev->name);
6d80dfd0 1177
bdb6d971
JH		 1178 if (!enable_hs)
1179 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1180 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1181
1182 if (cp->val)
1183 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1184 else
1185 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1186
bdb6d971 1187 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1188}
1189
bdb6d971 1190static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1191{
1192 struct mgmt_mode *cp = data;
1193 struct hci_cp_write_le_host_supported hci_cp;
1194 struct pending_cmd *cmd;
06199cf8 1195 int err;
0b60eba1 1196 u8 val, enabled;
06199cf8 1197
bdb6d971 1198 BT_DBG("request for %s", hdev->name);
06199cf8 1199
1de028ce
JH		 1200 hci_dev_lock(hdev);
1201
06199cf8 1202 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1203 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1204 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1205 goto unlock;
06199cf8
JH		 1206 }
1207
1208 val = !!cp->val;
0b60eba1 1209 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1210
0b60eba1 1211 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1212 bool changed = false;
1213
1214 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1215 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1216 changed = true;
1217 }
1218
1219 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1220 if (err < 0)
1de028ce 1221 goto unlock;
06199cf8
JH		 1222
1223 if (changed)
1224 err = new_settings(hdev, sk);
1225
1de028ce 1226 goto unlock;
06199cf8
JH		 1227 }
1228
1229 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1230 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1231 MGMT_STATUS_BUSY);
1de028ce 1232 goto unlock;
06199cf8
JH		 1233 }
1234
1235 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1236 if (!cmd) {
1237 err = -ENOMEM;
1de028ce 1238 goto unlock;
06199cf8
JH		 1239 }
1240
1241 memset(&hci_cp, 0, sizeof(hci_cp));
1242
1243 if (val) {
1244 hci_cp.le = val;
1245 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1246 }
1247
04124681
GP		 1248 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1249 &hci_cp);
0c01bc48 1250 if (err < 0)
06199cf8 1251 mgmt_pending_remove(cmd);
06199cf8 1252
1de028ce
JH		 1253unlock:
1254 hci_dev_unlock(hdev);
06199cf8
JH		 1255 return err;
1256}
1257
bdb6d971 1258static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1259{
650f726d 1260 struct mgmt_cp_add_uuid *cp = data;
90e70454 1261 struct pending_cmd *cmd;
2aeb9a1a 1262 struct bt_uuid *uuid;
2aeb9a1a
JH		 1263 int err;
1264
bdb6d971 1265 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1266
09fd0de5 1267 hci_dev_lock(hdev);
2aeb9a1a 1268
c95f0ba7 1269 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1270 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1271 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1272 goto failed;
1273 }
1274
2aeb9a1a
JH		 1275 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1276 if (!uuid) {
1277 err = -ENOMEM;
1278 goto failed;
1279 }
1280
1281 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1282 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1283
1284 list_add(&uuid->list, &hdev->uuids);
1285
1aff6f09
JH		 1286 err = update_class(hdev);
1287 if (err < 0)
1288 goto failed;
1289
80a1e1db
JH		 1290 err = update_eir(hdev);
1291 if (err < 0)
1292 goto failed;
1293
90e70454 1294 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1295 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1296 hdev->dev_class, 3);
90e70454
JH		 1297 goto failed;
1298 }
1299
1300 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1301 if (!cmd)
90e70454 1302 err = -ENOMEM;
2aeb9a1a
JH		 1303
1304failed:
09fd0de5 1305 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1306 return err;
1307}
1308
24b78d0f
JH		 1309static bool enable_service_cache(struct hci_dev *hdev)
1310{
1311 if (!hdev_is_powered(hdev))
1312 return false;
1313
1314 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1315 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1316 return true;
1317 }
1318
1319 return false;
1320}
1321
bdb6d971
JH		 1322static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1323 u16 len)
2aeb9a1a 1324{
650f726d 1325 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1326 struct pending_cmd *cmd;
2aeb9a1a 1327 struct list_head *p, *n;
2aeb9a1a 1328 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1329 int err, found;
1330
bdb6d971 1331 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1332
09fd0de5 1333 hci_dev_lock(hdev);
2aeb9a1a 1334
c95f0ba7 1335 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1336 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1337 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1338 goto unlock;
1339 }
1340
2aeb9a1a
JH		 1341 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1342 err = hci_uuids_clear(hdev);
4004b6d9 1343
24b78d0f 1344 if (enable_service_cache(hdev)) {
bdb6d971 1345 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1346 0, hdev->dev_class, 3);
24b78d0f
JH		 1347 goto unlock;
1348 }
4004b6d9 1349
9246a869 1350 goto update_class;
2aeb9a1a
JH		 1351 }
1352
1353 found = 0;
1354
1355 list_for_each_safe(p, n, &hdev->uuids) {
1356 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1357
1358 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1359 continue;
1360
1361 list_del(&match->list);
1362 found++;
1363 }
1364
1365 if (found == 0) {
bdb6d971 1366 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1367 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1368 goto unlock;
1369 }
1370
9246a869 1371update_class:
1aff6f09
JH		 1372 err = update_class(hdev);
1373 if (err < 0)
1374 goto unlock;
1375
80a1e1db
JH		 1376 err = update_eir(hdev);
1377 if (err < 0)
1378 goto unlock;
1379
90e70454 1380 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1381 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1382 hdev->dev_class, 3);
90e70454
JH		 1383 goto unlock;
1384 }
1385
1386 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1387 if (!cmd)
90e70454 1388 err = -ENOMEM;
2aeb9a1a
JH		 1389
1390unlock:
09fd0de5 1391 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1392 return err;
1393}
1394
bdb6d971 1395static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1396 u16 len)
1aff6f09 1397{
650f726d 1398 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1399 struct pending_cmd *cmd;
1aff6f09
JH		 1400 int err;
1401
bdb6d971 1402 BT_DBG("request for %s", hdev->name);
1aff6f09 1403
09fd0de5 1404 hci_dev_lock(hdev);
1aff6f09 1405
c95f0ba7 1406 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1407 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1408 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1409 goto unlock;
1410 }
1411
932f5ff5
JH		 1412 hdev->major_class = cp->major;
1413 hdev->minor_class = cp->minor;
1414
b5235a65 1415 if (!hdev_is_powered(hdev)) {
bdb6d971 1416 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1417 hdev->dev_class, 3);
b5235a65
JH		 1418 goto unlock;
1419 }
1420
a8b2d5c2 1421 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1422 hci_dev_unlock(hdev);
1423 cancel_delayed_work_sync(&hdev->service_cache);
1424 hci_dev_lock(hdev);
14c0b608 1425 update_eir(hdev);
7d78525d 1426 }
14c0b608 1427
1aff6f09 1428 err = update_class(hdev);
90e70454
JH		 1429 if (err < 0)
1430 goto unlock;
1aff6f09 1431
90e70454 1432 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1433 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1434 hdev->dev_class, 3);
90e70454
JH		 1435 goto unlock;
1436 }
1437
1438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1439 if (!cmd)
90e70454 1440 err = -ENOMEM;
1aff6f09 1441
b5235a65 1442unlock:
09fd0de5 1443 hci_dev_unlock(hdev);
1aff6f09
JH		 1444 return err;
1445}
1446
bdb6d971
JH		 1447static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1448 u16 len)
55ed8ca1 1449{
650f726d 1450 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1451 u16 key_count, expected_len;
a492cd52 1452 int i;
55ed8ca1 1453
1f350c87 1454 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1455
86742e1e
JH		 1456 expected_len = sizeof(*cp) + key_count *
1457 sizeof(struct mgmt_link_key_info);
a492cd52 1458 if (expected_len != len) {
86742e1e 1459 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1460 len, expected_len);
bdb6d971 1461 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1462 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1463 }
1464
bdb6d971 1465 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1466 key_count);
1467
09fd0de5 1468 hci_dev_lock(hdev);
55ed8ca1
JH		 1469
1470 hci_link_keys_clear(hdev);
1471
a8b2d5c2 1472 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1473
1474 if (cp->debug_keys)
a8b2d5c2 1475 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1476 else
a8b2d5c2 1477 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1478
a492cd52 1479 for (i = 0; i < key_count; i++) {
86742e1e 1480 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1481
d753fdc4 1482 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1483 key->type, key->pin_len);
55ed8ca1
JH		 1484 }
1485
bdb6d971 1486 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1487
09fd0de5 1488 hci_dev_unlock(hdev);
55ed8ca1 1489
a492cd52 1490 return 0;
55ed8ca1
JH		 1491}
1492
b1078ad0 1493static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1494 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1495{
1496 struct mgmt_ev_device_unpaired ev;
1497
1498 bacpy(&ev.addr.bdaddr, bdaddr);
1499 ev.addr.type = addr_type;
1500
1501 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1502 skip_sk);
b1078ad0
JH		 1503}
1504
bdb6d971 1505static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1506 u16 len)
55ed8ca1 1507{
124f6e35
JH		 1508 struct mgmt_cp_unpair_device *cp = data;
1509 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1510 struct hci_cp_disconnect dc;
1511 struct pending_cmd *cmd;
55ed8ca1 1512 struct hci_conn *conn;
55ed8ca1
JH		 1513 int err;
1514
09fd0de5 1515 hci_dev_lock(hdev);
55ed8ca1 1516
a8a1d19e 1517 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1518 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1519 rp.addr.type = cp->addr.type;
a8a1d19e 1520
86a8cfc6 1521 if (!hdev_is_powered(hdev)) {
bdb6d971 1522 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1523 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1524 goto unlock;
1525 }
1526
124f6e35
JH		 1527 if (cp->addr.type == MGMT_ADDR_BREDR)
1528 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1529 else
1530 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1531
55ed8ca1 1532 if (err < 0) {
bdb6d971 1533 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1534 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1535 goto unlock;
1536 }
1537
86a8cfc6
JH		 1538 if (cp->disconnect) {
1539 if (cp->addr.type == MGMT_ADDR_BREDR)
1540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1541 &cp->addr.bdaddr);
86a8cfc6
JH		 1542 else
1543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1544 &cp->addr.bdaddr);
86a8cfc6
JH		 1545 } else {
1546 conn = NULL;
1547 }
124f6e35 1548
a8a1d19e 1549 if (!conn) {
bdb6d971 1550 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1551 &rp, sizeof(rp));
b1078ad0 1552 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1553 goto unlock;
1554 }
55ed8ca1 1555
124f6e35 1556 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1557 sizeof(*cp));
a8a1d19e
JH		 1558 if (!cmd) {
1559 err = -ENOMEM;
1560 goto unlock;
55ed8ca1
JH		 1561 }
1562
eb55ef07 1563 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1564 dc.reason = 0x13; /* Remote User Terminated Connection */
1565 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1566 if (err < 0)
1567 mgmt_pending_remove(cmd);
1568
55ed8ca1 1569unlock:
09fd0de5 1570 hci_dev_unlock(hdev);
55ed8ca1
JH		 1571 return err;
1572}
1573
bdb6d971 1574static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1575 u16 len)
8962ee74 1576{
650f726d 1577 struct mgmt_cp_disconnect *cp = data;
8962ee74 1578 struct hci_cp_disconnect dc;
366a0336 1579 struct pending_cmd *cmd;
8962ee74 1580 struct hci_conn *conn;
8962ee74
JH		 1581 int err;
1582
1583 BT_DBG("");
1584
09fd0de5 1585 hci_dev_lock(hdev);
8962ee74
JH		 1586
1587 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1588 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1589 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1590 goto failed;
1591 }
1592
2e58ef3e 1593 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1594 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1595 MGMT_STATUS_BUSY);
8962ee74
JH		 1596 goto failed;
1597 }
1598
88c3df13
JH		 1599 if (cp->addr.type == MGMT_ADDR_BREDR)
1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1601 else
1602 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1603
8962ee74 1604 if (!conn) {
bdb6d971 1605 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1606 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1607 goto failed;
1608 }
1609
2e58ef3e 1610 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1611 if (!cmd) {
1612 err = -ENOMEM;
8962ee74 1613 goto failed;
366a0336 1614 }
8962ee74 1615
eb55ef07 1616 dc.handle = cpu_to_le16(conn->handle);
8962ee74
JH		 1617 dc.reason = 0x13; /* Remote User Terminated Connection */
1618
1619 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1620 if (err < 0)
a664b5bc 1621 mgmt_pending_remove(cmd);
8962ee74
JH		 1622
1623failed:
09fd0de5 1624 hci_dev_unlock(hdev);
8962ee74
JH		 1625 return err;
1626}
1627
48264f06 1628static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1629{
1630 switch (link_type) {
1631 case LE_LINK:
48264f06
JH		 1632 switch (addr_type) {
1633 case ADDR_LE_DEV_PUBLIC:
1634 return MGMT_ADDR_LE_PUBLIC;
0ed09148 1635
48264f06 1636 default:
0ed09148
AG		 1637 /* Fallback to LE Random address type */
1638 return MGMT_ADDR_LE_RANDOM;
48264f06 1639 }
0ed09148 1640
4c659c39 1641 default:
0ed09148
AG		 1642 /* Fallback to BR/EDR type */
1643 return MGMT_ADDR_BREDR;
4c659c39
JH		 1644 }
1645}
1646
4596fde5
HG		 1647static u8 mgmt_to_le(u8 mgmt_type)
1648{
1649 switch (mgmt_type) {
1650 case MGMT_ADDR_LE_PUBLIC:
1651 return ADDR_LE_DEV_PUBLIC;
1652
1653 default:
1654 /* Fallback to LE Random address type */
1655 return ADDR_LE_DEV_RANDOM;
1656 }
1657}
1658
04124681
GP		 1659static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1660 u16 data_len)
2784eb41 1661{
2784eb41 1662 struct mgmt_rp_get_connections *rp;
8035ded4 1663 struct hci_conn *c;
a38528f1 1664 size_t rp_len;
60fc5fb6
JH		 1665 int err;
1666 u16 i;
2784eb41
JH		 1667
1668 BT_DBG("");
1669
09fd0de5 1670 hci_dev_lock(hdev);
2784eb41 1671
5f97c1df 1672 if (!hdev_is_powered(hdev)) {
bdb6d971 1673 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1674 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1675 goto unlock;
1676 }
1677
60fc5fb6 1678 i = 0;
b644ba33
JH		 1679 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1680 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1681 i++;
2784eb41
JH		 1682 }
1683
60fc5fb6 1684 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1685 rp = kmalloc(rp_len, GFP_ATOMIC);
1686 if (!rp) {
2784eb41
JH		 1687 err = -ENOMEM;
1688 goto unlock;
1689 }
1690
2784eb41 1691 i = 0;
4c659c39 1692 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1693 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1694 continue;
4c659c39 1695 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1696 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
0ed09148 1697 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1698 continue;
1699 i++;
1700 }
1701
eb55ef07 1702 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1703
4c659c39
JH		 1704 /* Recalculate length in case of filtered SCO connections, etc */
1705 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1706
bdb6d971 1707 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1708 rp_len);
2784eb41 1709
a38528f1 1710 kfree(rp);
5f97c1df
JH		 1711
1712unlock:
09fd0de5 1713 hci_dev_unlock(hdev);
2784eb41
JH		 1714 return err;
1715}
1716
bdb6d971 1717static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1718 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1719{
1720 struct pending_cmd *cmd;
1721 int err;
1722
2e58ef3e 1723 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1724 sizeof(*cp));
96d97a67
WR		 1725 if (!cmd)
1726 return -ENOMEM;
1727
d8457698 1728 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1729 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1730 if (err < 0)
1731 mgmt_pending_remove(cmd);
1732
1733 return err;
1734}
1735
bdb6d971 1736static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1737 u16 len)
980e1a53 1738{
96d97a67 1739 struct hci_conn *conn;
650f726d 1740 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1741 struct hci_cp_pin_code_reply reply;
366a0336 1742 struct pending_cmd *cmd;
980e1a53
JH		 1743 int err;
1744
1745 BT_DBG("");
1746
09fd0de5 1747 hci_dev_lock(hdev);
980e1a53 1748
4b34ee78 1749 if (!hdev_is_powered(hdev)) {
bdb6d971 1750 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1751 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1752 goto failed;
1753 }
1754
d8457698 1755 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1756 if (!conn) {
bdb6d971 1757 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1758 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1759 goto failed;
1760 }
1761
1762 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1763 struct mgmt_cp_pin_code_neg_reply ncp;
1764
1765 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1766
1767 BT_ERR("PIN code is not 16 bytes long");
1768
bdb6d971 1769 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1770 if (err >= 0)
bdb6d971 1771 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1772 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1773
1774 goto failed;
1775 }
1776
00abfe44 1777 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1778 if (!cmd) {
1779 err = -ENOMEM;
980e1a53 1780 goto failed;
366a0336 1781 }
980e1a53 1782
d8457698 1783 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1784 reply.pin_len = cp->pin_len;
24718ca5 1785 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1786
1787 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1788 if (err < 0)
a664b5bc 1789 mgmt_pending_remove(cmd);
980e1a53
JH		 1790
1791failed:
09fd0de5 1792 hci_dev_unlock(hdev);
980e1a53
JH		 1793 return err;
1794}
1795
bdb6d971 1796static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1797 void *data, u16 len)
980e1a53 1798{
650f726d 1799 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1800 int err;
1801
1802 BT_DBG("");
1803
09fd0de5 1804 hci_dev_lock(hdev);
980e1a53 1805
4b34ee78 1806 if (!hdev_is_powered(hdev)) {
bdb6d971 1807 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 1808 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1809 goto failed;
1810 }
1811
bdb6d971 1812 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1813
1814failed:
09fd0de5 1815 hci_dev_unlock(hdev);
980e1a53
JH		 1816 return err;
1817}
1818
04124681
GP		 1819static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1820 u16 len)
17fa4b9d 1821{
650f726d 1822 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1823
1824 BT_DBG("");
1825
09fd0de5 1826 hci_dev_lock(hdev);
17fa4b9d
JH		 1827
1828 hdev->io_capability = cp->io_capability;
1829
1830 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1831 hdev->io_capability);
17fa4b9d 1832
09fd0de5 1833 hci_dev_unlock(hdev);
17fa4b9d 1834
04124681
GP		 1835 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1836 0);
17fa4b9d
JH		 1837}
1838
e9a416b5
JH		 1839static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1840{
1841 struct hci_dev *hdev = conn->hdev;
8035ded4 1842 struct pending_cmd *cmd;
e9a416b5 1843
2e58ef3e 1844 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1845 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1846 continue;
1847
e9a416b5
JH		 1848 if (cmd->user_data != conn)
1849 continue;
1850
1851 return cmd;
1852 }
1853
1854 return NULL;
1855}
1856
1857static void pairing_complete(struct pending_cmd *cmd, u8 status)
1858{
1859 struct mgmt_rp_pair_device rp;
1860 struct hci_conn *conn = cmd->user_data;
1861
ba4e564f
JH		 1862 bacpy(&rp.addr.bdaddr, &conn->dst);
1863 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1864
aee9b218 1865 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1866 &rp, sizeof(rp));
e9a416b5
JH		 1867
1868 /* So we don't get further callbacks for this connection */
1869 conn->connect_cfm_cb = NULL;
1870 conn->security_cfm_cb = NULL;
1871 conn->disconn_cfm_cb = NULL;
1872
1873 hci_conn_put(conn);
1874
a664b5bc 1875 mgmt_pending_remove(cmd);
e9a416b5
JH		 1876}
1877
1878static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1879{
1880 struct pending_cmd *cmd;
1881
1882 BT_DBG("status %u", status);
1883
1884 cmd = find_pairing(conn);
56e5cb86 1885 if (!cmd)
e9a416b5 1886 BT_DBG("Unable to find a pending command");
56e5cb86 1887 else
e211326c 1888 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1889}
1890
bdb6d971 1891static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1892 u16 len)
e9a416b5 1893{
650f726d 1894 struct mgmt_cp_pair_device *cp = data;
1425acb7 1895 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1896 struct pending_cmd *cmd;
1897 u8 sec_level, auth_type;
1898 struct hci_conn *conn;
e9a416b5
JH		 1899 int err;
1900
1901 BT_DBG("");
1902
09fd0de5 1903 hci_dev_lock(hdev);
e9a416b5 1904
5f97c1df 1905 if (!hdev_is_powered(hdev)) {
bdb6d971 1906 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1907 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1908 goto unlock;
1909 }
1910
c908df36
VCG		 1911 sec_level = BT_SECURITY_MEDIUM;
1912 if (cp->io_cap == 0x03)
e9a416b5 1913 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1914 else
e9a416b5 1915 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1916
ba4e564f
JH		 1917 if (cp->addr.type == MGMT_ADDR_BREDR)
1918 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
04124681 1919 auth_type);
7a512d01 1920 else
ba4e564f 1921 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
04124681 1922 auth_type);
7a512d01 1923
1425acb7
JH		 1924 memset(&rp, 0, sizeof(rp));
1925 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1926 rp.addr.type = cp->addr.type;
1927
30e76272 1928 if (IS_ERR(conn)) {
bdb6d971 1929 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681
GP		 1930 MGMT_STATUS_CONNECT_FAILED, &rp,
1931 sizeof(rp));
e9a416b5
JH		 1932 goto unlock;
1933 }
1934
1935 if (conn->connect_cfm_cb) {
1936 hci_conn_put(conn);
bdb6d971 1937 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1938 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1939 goto unlock;
1940 }
1941
2e58ef3e 1942 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1943 if (!cmd) {
1944 err = -ENOMEM;
1945 hci_conn_put(conn);
1946 goto unlock;
1947 }
1948
7a512d01 1949 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1950 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1951 conn->connect_cfm_cb = pairing_complete_cb;
1952
e9a416b5
JH		 1953 conn->security_cfm_cb = pairing_complete_cb;
1954 conn->disconn_cfm_cb = pairing_complete_cb;
1955 conn->io_capability = cp->io_cap;
1956 cmd->user_data = conn;
1957
1958 if (conn->state == BT_CONNECTED &&
1959 hci_conn_security(conn, sec_level, auth_type))
1960 pairing_complete(cmd, 0);
1961
1962 err = 0;
1963
1964unlock:
09fd0de5 1965 hci_dev_unlock(hdev);
e9a416b5
JH		 1966 return err;
1967}
1968
04124681
GP		 1969static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1970 u16 len)
28424707 1971{
0f4e68cf 1972 struct mgmt_addr_info *addr = data;
28424707
JH		 1973 struct pending_cmd *cmd;
1974 struct hci_conn *conn;
1975 int err;
1976
1977 BT_DBG("");
1978
28424707
JH		 1979 hci_dev_lock(hdev);
1980
5f97c1df 1981 if (!hdev_is_powered(hdev)) {
bdb6d971 1982 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1983 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1984 goto unlock;
1985 }
1986
28424707
JH		 1987 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1988 if (!cmd) {
bdb6d971 1989 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1990 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1991 goto unlock;
1992 }
1993
1994 conn = cmd->user_data;
1995
1996 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1997 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1998 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1999 goto unlock;
2000 }
2001
2002 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2003
bdb6d971 2004 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2005 addr, sizeof(*addr));
28424707
JH		 2006unlock:
2007 hci_dev_unlock(hdev);
28424707
JH		 2008 return err;
2009}
2010
bdb6d971 2011static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2012 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2013 u16 hci_op, __le32 passkey)
a5c29683 2014{
a5c29683 2015 struct pending_cmd *cmd;
0df4c185 2016 struct hci_conn *conn;
a5c29683
JH		 2017 int err;
2018
09fd0de5 2019 hci_dev_lock(hdev);
08ba5382 2020
4b34ee78 2021 if (!hdev_is_powered(hdev)) {
bdb6d971 2022 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2023 MGMT_STATUS_NOT_POWERED);
0df4c185 2024 goto done;
a5c29683
JH		 2025 }
2026
272d90df
JH		 2027 if (type == MGMT_ADDR_BREDR)
2028 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2029 else
47c15e2b 2030 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2031
2032 if (!conn) {
bdb6d971 2033 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2034 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2035 goto done;
2036 }
47c15e2b 2037
272d90df 2038 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2039 /* Continue with pairing via SMP */
5fe57d9e
BG		 2040 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2041
2042 if (!err)
bdb6d971 2043 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2044 MGMT_STATUS_SUCCESS);
5fe57d9e 2045 else
bdb6d971 2046 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2047 MGMT_STATUS_FAILED);
47c15e2b 2048
47c15e2b
BG		 2049 goto done;
2050 }
2051
0df4c185 2052 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2053 if (!cmd) {
2054 err = -ENOMEM;
0df4c185 2055 goto done;
a5c29683
JH		 2056 }
2057
0df4c185 2058 /* Continue with pairing via HCI */
604086b7
BG		 2059 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2060 struct hci_cp_user_passkey_reply cp;
2061
2062 bacpy(&cp.bdaddr, bdaddr);
2063 cp.passkey = passkey;
2064 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2065 } else
2066 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2067
a664b5bc
JH		 2068 if (err < 0)
2069 mgmt_pending_remove(cmd);
a5c29683 2070
0df4c185 2071done:
09fd0de5 2072 hci_dev_unlock(hdev);
a5c29683
JH		 2073 return err;
2074}
2075
04124681
GP		 2076static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2077 u16 len)
0df4c185 2078{
650f726d 2079 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2080
2081 BT_DBG("");
2082
2083 if (len != sizeof(*cp))
bdb6d971 2084 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2085 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2086
bdb6d971 2087 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2088 MGMT_OP_USER_CONFIRM_REPLY,
2089 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2090}
2091
bdb6d971 2092static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2093 void *data, u16 len)
0df4c185 2094{
c9c2659f 2095 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2096
2097 BT_DBG("");
2098
bdb6d971 2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2100 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2101 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2102}
2103
04124681
GP		 2104static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2105 u16 len)
604086b7 2106{
650f726d 2107 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2108
2109 BT_DBG("");
2110
bdb6d971 2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2112 MGMT_OP_USER_PASSKEY_REPLY,
2113 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2114}
2115
bdb6d971 2116static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2117 void *data, u16 len)
604086b7 2118{
650f726d 2119 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2120
2121 BT_DBG("");
2122
bdb6d971 2123 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2124 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2125 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2126}
2127
2b4bf397
JH		 2128static int update_name(struct hci_dev *hdev, const char *name)
2129{
2130 struct hci_cp_write_local_name cp;
2131
2132 memcpy(cp.name, name, sizeof(cp.name));
2133
2134 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2135}
2136
bdb6d971 2137static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2138 u16 len)
b312b161 2139{
2b4bf397 2140 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2141 struct pending_cmd *cmd;
2142 int err;
2143
2144 BT_DBG("");
2145
09fd0de5 2146 hci_dev_lock(hdev);
b312b161 2147
2b4bf397 2148 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2149
b5235a65 2150 if (!hdev_is_powered(hdev)) {
2b4bf397 2151 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2152
2153 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2154 data, len);
28cc7bde
JH		 2155 if (err < 0)
2156 goto failed;
2157
2158 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2159 sk);
28cc7bde 2160
b5235a65
JH		 2161 goto failed;
2162 }
2163
28cc7bde 2164 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2165 if (!cmd) {
2166 err = -ENOMEM;
2167 goto failed;
2168 }
2169
2b4bf397 2170 err = update_name(hdev, cp->name);
b312b161
JH		 2171 if (err < 0)
2172 mgmt_pending_remove(cmd);
2173
2174failed:
09fd0de5 2175 hci_dev_unlock(hdev);
b312b161
JH		 2176 return err;
2177}
2178
0f4e68cf 2179static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2180 void *data, u16 data_len)
c35938b2 2181{
c35938b2
SJ		 2182 struct pending_cmd *cmd;
2183 int err;
2184
bdb6d971 2185 BT_DBG("%s", hdev->name);
c35938b2 2186
09fd0de5 2187 hci_dev_lock(hdev);
c35938b2 2188
4b34ee78 2189 if (!hdev_is_powered(hdev)) {
bdb6d971 2190 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2191 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2192 goto unlock;
2193 }
2194
2195 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2196 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2197 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2198 goto unlock;
2199 }
2200
2e58ef3e 2201 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2202 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2203 MGMT_STATUS_BUSY);
c35938b2
SJ		 2204 goto unlock;
2205 }
2206
2e58ef3e 2207 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2208 if (!cmd) {
2209 err = -ENOMEM;
2210 goto unlock;
2211 }
2212
2213 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2214 if (err < 0)
2215 mgmt_pending_remove(cmd);
2216
2217unlock:
09fd0de5 2218 hci_dev_unlock(hdev);
c35938b2
SJ		 2219 return err;
2220}
2221
bdb6d971 2222static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2223 void *data, u16 len)
2763eda6 2224{
650f726d 2225 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2226 u8 status;
2763eda6
SJ		 2227 int err;
2228
bdb6d971 2229 BT_DBG("%s ", hdev->name);
2763eda6 2230
09fd0de5 2231 hci_dev_lock(hdev);
2763eda6 2232
5f97c1df 2233 if (!hdev_is_powered(hdev)) {
bdb6d971 2234 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2235 MGMT_STATUS_NOT_POWERED, &cp->addr,
2236 sizeof(cp->addr));
5f97c1df
JH		 2237 goto unlock;
2238 }
2239
664ce4cc 2240 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2241 cp->randomizer);
2763eda6 2242 if (err < 0)
bf1e3541 2243 status = MGMT_STATUS_FAILED;
2763eda6 2244 else
bf1e3541
JH		 2245 status = 0;
2246
bdb6d971 2247 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2248 &cp->addr, sizeof(cp->addr));
2763eda6 2249
5f97c1df 2250unlock:
09fd0de5 2251 hci_dev_unlock(hdev);
2763eda6
SJ		 2252 return err;
2253}
2254
bdb6d971 2255static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2256 void *data, u16 len)
2763eda6 2257{
650f726d 2258 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2259 u8 status;
2763eda6
SJ		 2260 int err;
2261
bdb6d971 2262 BT_DBG("%s", hdev->name);
2763eda6 2263
09fd0de5 2264 hci_dev_lock(hdev);
2763eda6 2265
5f97c1df 2266 if (!hdev_is_powered(hdev)) {
bdb6d971 2267 err = cmd_complete(sk, hdev->id,
04124681
GP		 2268 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2269 MGMT_STATUS_NOT_POWERED, &cp->addr,
2270 sizeof(cp->addr));
5f97c1df
JH		 2271 goto unlock;
2272 }
2273
664ce4cc 2274 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2275 if (err < 0)
bf1e3541 2276 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2277 else
bf1e3541
JH		 2278 status = 0;
2279
bdb6d971 2280 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2281 status, &cp->addr, sizeof(cp->addr));
2763eda6 2282
5f97c1df 2283unlock:
09fd0de5 2284 hci_dev_unlock(hdev);
2763eda6
SJ		 2285 return err;
2286}
2287
5e0452c0
AG		 2288int mgmt_interleaved_discovery(struct hci_dev *hdev)
2289{
2290 int err;
2291
2292 BT_DBG("%s", hdev->name);
2293
2294 hci_dev_lock(hdev);
2295
2296 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2297 if (err < 0)
2298 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2299
2300 hci_dev_unlock(hdev);
2301
2302 return err;
2303}
2304
bdb6d971 2305static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2306 void *data, u16 len)
14a53664 2307{
650f726d 2308 struct mgmt_cp_start_discovery *cp = data;
14a53664 2309 struct pending_cmd *cmd;
14a53664
JH		 2310 int err;
2311
bdb6d971 2312 BT_DBG("%s", hdev->name);
14a53664 2313
09fd0de5 2314 hci_dev_lock(hdev);
14a53664 2315
4b34ee78 2316 if (!hdev_is_powered(hdev)) {
bdb6d971 2317 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2318 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2319 goto failed;
2320 }
2321
642be6c7
AG		 2322 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2323 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2324 MGMT_STATUS_BUSY);
2325 goto failed;
2326 }
2327
ff9ef578 2328 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2329 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2330 MGMT_STATUS_BUSY);
ff9ef578
JH		 2331 goto failed;
2332 }
2333
2e58ef3e 2334 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2335 if (!cmd) {
2336 err = -ENOMEM;
2337 goto failed;
2338 }
2339
4aab14e5
AG		 2340 hdev->discovery.type = cp->type;
2341
2342 switch (hdev->discovery.type) {
f39799f5 2343 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2344 if (lmp_bredr_capable(hdev))
2345 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2346 else
2347 err = -ENOTSUPP;
f39799f5
AG		 2348 break;
2349
2350 case DISCOV_TYPE_LE:
8b90129c
AG		 2351 if (lmp_host_le_capable(hdev))
2352 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2353 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2354 else
2355 err = -ENOTSUPP;
f39799f5
AG		 2356 break;
2357
5e0452c0 2358 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2359 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2360 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2361 LE_SCAN_WIN,
2362 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2363 else
2364 err = -ENOTSUPP;
5e0452c0
AG		 2365 break;
2366
f39799f5 2367 default:
3fd24153 2368 err = -EINVAL;
f39799f5 2369 }
3fd24153 2370
14a53664
JH		 2371 if (err < 0)
2372 mgmt_pending_remove(cmd);
ff9ef578
JH		 2373 else
2374 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2375
2376failed:
09fd0de5 2377 hci_dev_unlock(hdev);
14a53664
JH		 2378 return err;
2379}
2380
bdb6d971 2381static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2382 u16 len)
14a53664 2383{
d930650b 2384 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2385 struct pending_cmd *cmd;
30dc78e1
JH		 2386 struct hci_cp_remote_name_req_cancel cp;
2387 struct inquiry_entry *e;
14a53664
JH		 2388 int err;
2389
bdb6d971 2390 BT_DBG("%s", hdev->name);
14a53664 2391
09fd0de5 2392 hci_dev_lock(hdev);
14a53664 2393
30dc78e1 2394 if (!hci_discovery_active(hdev)) {
bdb6d971 2395 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2396 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2397 sizeof(mgmt_cp->type));
d930650b
JH		 2398 goto unlock;
2399 }
2400
2401 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2402 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2403 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2404 sizeof(mgmt_cp->type));
30dc78e1 2405 goto unlock;
ff9ef578
JH		 2406 }
2407
2e58ef3e 2408 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2409 if (!cmd) {
2410 err = -ENOMEM;
30dc78e1
JH		 2411 goto unlock;
2412 }
2413
e0d9727e
AG		 2414 switch (hdev->discovery.state) {
2415 case DISCOVERY_FINDING:
c9ecc48e
AG		 2416 if (test_bit(HCI_INQUIRY, &hdev->flags))
2417 err = hci_cancel_inquiry(hdev);
2418 else
2419 err = hci_cancel_le_scan(hdev);
2420
e0d9727e
AG		 2421 break;
2422
2423 case DISCOVERY_RESOLVING:
2424 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2425 NAME_PENDING);
2426 if (!e) {
30dc78e1 2427 mgmt_pending_remove(cmd);
e0d9727e
AG		 2428 err = cmd_complete(sk, hdev->id,
2429 MGMT_OP_STOP_DISCOVERY, 0,
2430 &mgmt_cp->type,
2431 sizeof(mgmt_cp->type));
2432 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2433 goto unlock;
2434 }
30dc78e1 2435
e0d9727e
AG		 2436 bacpy(&cp.bdaddr, &e->data.bdaddr);
2437 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2438 sizeof(cp), &cp);
2439
2440 break;
2441
2442 default:
2443 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2444 err = -EFAULT;
14a53664
JH		 2445 }
2446
14a53664
JH		 2447 if (err < 0)
2448 mgmt_pending_remove(cmd);
ff9ef578
JH		 2449 else
2450 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2451
30dc78e1 2452unlock:
09fd0de5 2453 hci_dev_unlock(hdev);
14a53664
JH		 2454 return err;
2455}
2456
bdb6d971 2457static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2458 u16 len)
561aafbc 2459{
650f726d 2460 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2461 struct inquiry_entry *e;
561aafbc
JH		 2462 int err;
2463
bdb6d971 2464 BT_DBG("%s", hdev->name);
561aafbc 2465
561aafbc
JH		 2466 hci_dev_lock(hdev);
2467
30dc78e1 2468 if (!hci_discovery_active(hdev)) {
bdb6d971 2469 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2470 MGMT_STATUS_FAILED);
30dc78e1
JH		 2471 goto failed;
2472 }
2473
a198e7b1 2474 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2475 if (!e) {
bdb6d971 2476 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2477 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2478 goto failed;
2479 }
2480
2481 if (cp->name_known) {
2482 e->name_state = NAME_KNOWN;
2483 list_del(&e->list);
2484 } else {
2485 e->name_state = NAME_NEEDED;
a3d4e20a 2486 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2487 }
2488
2489 err = 0;
2490
2491failed:
2492 hci_dev_unlock(hdev);
561aafbc
JH		 2493 return err;
2494}
2495
bdb6d971 2496static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2497 u16 len)
7fbec224 2498{
650f726d 2499 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2500 u8 status;
7fbec224
AJ		 2501 int err;
2502
bdb6d971 2503 BT_DBG("%s", hdev->name);
7fbec224 2504
09fd0de5 2505 hci_dev_lock(hdev);
5e762444 2506
88c1fe4b 2507 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2508 if (err < 0)
f0eeea8b 2509 status = MGMT_STATUS_FAILED;
7fbec224 2510 else
f0eeea8b
JH		 2511 status = 0;
2512
bdb6d971 2513 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2514 &cp->addr, sizeof(cp->addr));
5e762444 2515
09fd0de5 2516 hci_dev_unlock(hdev);
7fbec224
AJ		 2517
2518 return err;
2519}
2520
bdb6d971 2521static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2522 u16 len)
7fbec224 2523{
650f726d 2524 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2525 u8 status;
7fbec224
AJ		 2526 int err;
2527
bdb6d971 2528 BT_DBG("%s", hdev->name);
7fbec224 2529
09fd0de5 2530 hci_dev_lock(hdev);
5e762444 2531
88c1fe4b 2532 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2533 if (err < 0)
f0eeea8b 2534 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2535 else
f0eeea8b
JH		 2536 status = 0;
2537
bdb6d971 2538 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2539 &cp->addr, sizeof(cp->addr));
5e762444 2540
09fd0de5 2541 hci_dev_unlock(hdev);
7fbec224
AJ		 2542
2543 return err;
2544}
2545
cdbaccca
MH		 2546static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2547 u16 len)
2548{
2549 struct mgmt_cp_set_device_id *cp = data;
2550 int err;
c72d4b8a 2551 __u16 source;
cdbaccca
MH		 2552
2553 BT_DBG("%s", hdev->name);
2554
c72d4b8a
SJ		 2555 source = __le16_to_cpu(cp->source);
2556
2557 if (source > 0x0002)
2558 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2559 MGMT_STATUS_INVALID_PARAMS);
2560
cdbaccca
MH		 2561 hci_dev_lock(hdev);
2562
c72d4b8a 2563 hdev->devid_source = source;
cdbaccca
MH		 2564 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2565 hdev->devid_product = __le16_to_cpu(cp->product);
2566 hdev->devid_version = __le16_to_cpu(cp->version);
2567
2568 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2569
2570 update_eir(hdev);
2571
2572 hci_dev_unlock(hdev);
2573
2574 return err;
2575}
2576
bdb6d971 2577static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2578 void *data, u16 len)
f6422ec6 2579{
650f726d 2580 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2581 struct hci_cp_write_page_scan_activity acp;
2582 u8 type;
2583 int err;
2584
bdb6d971 2585 BT_DBG("%s", hdev->name);
f6422ec6 2586
5400c044 2587 if (!hdev_is_powered(hdev))
bdb6d971 2588 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2589 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2590
2591 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2592 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2593 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2594
2595 hci_dev_lock(hdev);
2596
f7c6869c 2597 if (cp->val) {
f6422ec6 2598 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8
AE		 2599
2600 /* 22.5 msec page scan interval */
2601 acp.interval = __constant_cpu_to_le16(0x0024);
f6422ec6
AJ		 2602 } else {
2603 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2604
2605 /* default 1.28 sec page scan */
2606 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2607 }
2608
76ec9de8
AE		 2609 /* default 11.25 msec page scan window */
2610 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2611
04124681
GP		 2612 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2613 &acp);
f6422ec6 2614 if (err < 0) {
bdb6d971 2615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2616 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2617 goto done;
2618 }
2619
2620 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2621 if (err < 0) {
bdb6d971 2622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2623 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2624 goto done;
2625 }
2626
bdb6d971 2627 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2628 NULL, 0);
f6422ec6
AJ		 2629done:
2630 hci_dev_unlock(hdev);
f6422ec6
AJ		 2631 return err;
2632}
2633
bdb6d971 2634static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2635 void *cp_data, u16 len)
346af67b 2636{
346af67b
VCG		 2637 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2638 u16 key_count, expected_len;
2639 int i;
2640
1f350c87 2641 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2642
2643 expected_len = sizeof(*cp) + key_count *
2644 sizeof(struct mgmt_ltk_info);
2645 if (expected_len != len) {
2646 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2647 len, expected_len);
bdb6d971 2648 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2649 EINVAL);
346af67b
VCG		 2650 }
2651
bdb6d971 2652 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2653
2654 hci_dev_lock(hdev);
2655
2656 hci_smp_ltks_clear(hdev);
2657
2658 for (i = 0; i < key_count; i++) {
2659 struct mgmt_ltk_info *key = &cp->keys[i];
2660 u8 type;
2661
2662 if (key->master)
2663 type = HCI_SMP_LTK;
2664 else
2665 type = HCI_SMP_LTK_SLAVE;
2666
4596fde5
HG		 2667 hci_add_ltk(hdev, &key->addr.bdaddr,
2668 mgmt_to_le(key->addr.type),
04124681
GP		 2669 type, 0, key->authenticated, key->val,
2670 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2671 }
2672
2673 hci_dev_unlock(hdev);
346af67b
VCG		 2674
2675 return 0;
2676}
2677
2e3c35ea 2678static const struct mgmt_handler {
04124681
GP		 2679 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2680 u16 data_len);
be22b54e
JH		 2681 bool var_len;
2682 size_t data_len;
0f4e68cf
JH		 2683} mgmt_handlers[] = {
2684 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2685 { read_version, false, MGMT_READ_VERSION_SIZE },
2686 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2687 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2688 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2689 { set_powered, false, MGMT_SETTING_SIZE },
2690 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2691 { set_connectable, false, MGMT_SETTING_SIZE },
2692 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2693 { set_pairable, false, MGMT_SETTING_SIZE },
2694 { set_link_security, false, MGMT_SETTING_SIZE },
2695 { set_ssp, false, MGMT_SETTING_SIZE },
2696 { set_hs, false, MGMT_SETTING_SIZE },
2697 { set_le, false, MGMT_SETTING_SIZE },
2698 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2699 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2700 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2701 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2702 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2703 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2704 { disconnect, false, MGMT_DISCONNECT_SIZE },
2705 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2706 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2707 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2708 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2709 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2710 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2711 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2712 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2713 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2714 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2715 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2716 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2717 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2718 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2719 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2720 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2721 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2722 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2723 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2724 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2725};
2726
2727
0381101f
JH		 2728int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2729{
650f726d
VCG		 2730 void *buf;
2731 u8 *cp;
0381101f 2732 struct mgmt_hdr *hdr;
4e51eae9 2733 u16 opcode, index, len;
bdb6d971 2734 struct hci_dev *hdev = NULL;
2e3c35ea 2735 const struct mgmt_handler *handler;
0381101f
JH		 2736 int err;
2737
2738 BT_DBG("got %zu bytes", msglen);
2739
2740 if (msglen < sizeof(*hdr))
2741 return -EINVAL;
2742
e63a15ec 2743 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2744 if (!buf)
2745 return -ENOMEM;
2746
2747 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2748 err = -EFAULT;
2749 goto done;
2750 }
2751
650f726d 2752 hdr = buf;
1f350c87
MH		 2753 opcode = __le16_to_cpu(hdr->opcode);
2754 index = __le16_to_cpu(hdr->index);
2755 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2756
2757 if (len != msglen - sizeof(*hdr)) {
2758 err = -EINVAL;
2759 goto done;
2760 }
2761
0f4e68cf 2762 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2763 hdev = hci_dev_get(index);
2764 if (!hdev) {
2765 err = cmd_status(sk, index, opcode,
04124681 2766 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2767 goto done;
2768 }
2769 }
2770
0f4e68cf
JH		 2771 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2772 mgmt_handlers[opcode].func == NULL) {
0381101f 2773 BT_DBG("Unknown op %u", opcode);
ca69b795 2774 err = cmd_status(sk, index, opcode,
04124681 2775 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2776 goto done;
2777 }
2778
2779 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2780 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2781 err = cmd_status(sk, index, opcode,
04124681 2782 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2783 goto done;
0381101f
JH		 2784 }
2785
be22b54e
JH		 2786 handler = &mgmt_handlers[opcode];
2787
2788 if ((handler->var_len && len < handler->data_len) ||
2789 (!handler->var_len && len != handler->data_len)) {
2790 err = cmd_status(sk, index, opcode,
04124681 2791 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2792 goto done;
2793 }
2794
0f4e68cf
JH		 2795 if (hdev)
2796 mgmt_init_hdev(sk, hdev);
2797
2798 cp = buf + sizeof(*hdr);
2799
be22b54e 2800 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2801 if (err < 0)
2802 goto done;
2803
0381101f
JH		 2804 err = msglen;
2805
2806done:
bdb6d971
JH		 2807 if (hdev)
2808 hci_dev_put(hdev);
2809
0381101f
JH		 2810 kfree(buf);
2811 return err;
2812}
c71e97bf 2813
b24752fe
JH		 2814static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2815{
2816 u8 *status = data;
2817
2818 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2819 mgmt_pending_remove(cmd);
2820}
2821
744cf19e 2822int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2823{
744cf19e 2824 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2825}
2826
744cf19e 2827int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2828{
5f159032 2829 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2830
744cf19e 2831 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2832
744cf19e 2833 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2834}
2835
73f22f62 2836struct cmd_lookup {
eec8d2bc 2837 struct sock *sk;
69ab39ea 2838 struct hci_dev *hdev;
90e70454 2839 u8 mgmt_status;
eec8d2bc
JH		 2840};
2841
69ab39ea 2842static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2843{
73f22f62 2844 struct cmd_lookup *match = data;
eec8d2bc 2845
69ab39ea 2846 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2847
2848 list_del(&cmd->list);
2849
2850 if (match->sk == NULL) {
2851 match->sk = cmd->sk;
2852 sock_hold(match->sk);
2853 }
2854
2855 mgmt_pending_free(cmd);
c71e97bf 2856}
5add6af8 2857
744cf19e 2858int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2859{
76a7f3a4 2860 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2861 int err;
5add6af8 2862
5e5282bb
JH		 2863 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2864 return 0;
2865
69ab39ea 2866 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2867
5e5282bb
JH		 2868 if (powered) {
2869 u8 scan = 0;
2870
2871 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2872 scan |= SCAN_PAGE;
2873 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2874 scan |= SCAN_INQUIRY;
2875
2876 if (scan)
2877 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2878
2879 update_class(hdev);
2b4bf397 2880 update_name(hdev, hdev->dev_name);
504c8dcd 2881 update_eir(hdev);
5e5282bb 2882 } else {
d4f68526 2883 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2884 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2885 }
2886
beadb2bd 2887 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2888
2889 if (match.sk)
2890 sock_put(match.sk);
2891
7bb895d6 2892 return err;
5add6af8 2893}
73f22f62 2894
744cf19e 2895int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2896{
76a7f3a4 2897 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2898 bool changed = false;
2899 int err = 0;
73f22f62 2900
5e5282bb
JH		 2901 if (discoverable) {
2902 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2903 changed = true;
2904 } else {
2905 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2906 changed = true;
2907 }
73f22f62 2908
ed9b5f2f 2909 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2910 &match);
ed9b5f2f 2911
beadb2bd
JH		 2912 if (changed)
2913 err = new_settings(hdev, match.sk);
5e5282bb 2914
73f22f62
JH		 2915 if (match.sk)
2916 sock_put(match.sk);
2917
7bb895d6 2918 return err;
73f22f62 2919}
9fbcbb45 2920
744cf19e 2921int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2922{
76a7f3a4 2923 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2924 bool changed = false;
2925 int err = 0;
9fbcbb45 2926
5e5282bb
JH		 2927 if (connectable) {
2928 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2929 changed = true;
2930 } else {
2931 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2932 changed = true;
2933 }
9fbcbb45 2934
ed9b5f2f 2935 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2936 &match);
ed9b5f2f 2937
beadb2bd
JH		 2938 if (changed)
2939 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2940
2941 if (match.sk)
2942 sock_put(match.sk);
2943
7bb895d6 2944 return err;
9fbcbb45 2945}
55ed8ca1 2946
744cf19e 2947int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2948{
ca69b795
JH		 2949 u8 mgmt_err = mgmt_status(status);
2950
2d7cee58 2951 if (scan & SCAN_PAGE)
744cf19e 2952 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2953 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2954
2955 if (scan & SCAN_INQUIRY)
744cf19e 2956 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2957 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2958
2959 return 0;
2960}
2961
745c0ce3 2962int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
55ed8ca1 2963{
86742e1e 2964 struct mgmt_ev_new_link_key ev;
55ed8ca1 2965
a492cd52 2966 memset(&ev, 0, sizeof(ev));
55ed8ca1 2967
a492cd52 2968 ev.store_hint = persistent;
d753fdc4
JH		 2969 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2970 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2971 ev.key.type = key->type;
2972 memcpy(ev.key.val, key->val, 16);
2973 ev.key.pin_len = key->pin_len;
55ed8ca1 2974
744cf19e 2975 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2976}
f7520543 2977
346af67b
VCG		 2978int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2979{
2980 struct mgmt_ev_new_long_term_key ev;
2981
2982 memset(&ev, 0, sizeof(ev));
2983
2984 ev.store_hint = persistent;
2985 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
eb19aaac 2986 ev.key.addr.type = link_to_mgmt(LE_LINK, key->bdaddr_type);
346af67b
VCG		 2987 ev.key.authenticated = key->authenticated;
2988 ev.key.enc_size = key->enc_size;
2989 ev.key.ediv = key->ediv;
2990
2991 if (key->type == HCI_SMP_LTK)
2992 ev.key.master = 1;
2993
2994 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2995 memcpy(ev.key.val, key->val, sizeof(key->val));
2996
04124681
GP		 2997 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2998 NULL);
346af67b
VCG		 2999}
3000
afc747a6 3001int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3002 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3003 u8 *dev_class)
f7520543 3004{
b644ba33
JH		 3005 char buf[512];
3006 struct mgmt_ev_device_connected *ev = (void *) buf;
3007 u16 eir_len = 0;
f7520543 3008
b644ba33
JH		 3009 bacpy(&ev->addr.bdaddr, bdaddr);
3010 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3011
c95f0ba7 3012 ev->flags = __cpu_to_le32(flags);
08c79b61 3013
b644ba33
JH		 3014 if (name_len > 0)
3015 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3016 name, name_len);
b644ba33
JH		 3017
3018 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3019 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3020 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3021
eb55ef07 3022 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3023
3024 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3025 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3026}
3027
8962ee74
JH		 3028static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3029{
c68fb7ff 3030 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3031 struct sock **sk = data;
a38528f1 3032 struct mgmt_rp_disconnect rp;
8962ee74 3033
88c3df13
JH		 3034 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3035 rp.addr.type = cp->addr.type;
8962ee74 3036
aee9b218 3037 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3038 sizeof(rp));
8962ee74
JH		 3039
3040 *sk = cmd->sk;
3041 sock_hold(*sk);
3042
a664b5bc 3043 mgmt_pending_remove(cmd);
8962ee74
JH		 3044}
3045
124f6e35 3046static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3047{
b1078ad0 3048 struct hci_dev *hdev = data;
124f6e35
JH		 3049 struct mgmt_cp_unpair_device *cp = cmd->param;
3050 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3051
3052 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3053 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3054 rp.addr.type = cp->addr.type;
a8a1d19e 3055
b1078ad0
JH		 3056 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3057
aee9b218 3058 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3059
3060 mgmt_pending_remove(cmd);
3061}
3062
afc747a6 3063int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3064 u8 link_type, u8 addr_type)
f7520543 3065{
4c659c39 3066 struct mgmt_addr_info ev;
8962ee74
JH		 3067 struct sock *sk = NULL;
3068 int err;
3069
744cf19e 3070 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3071
f7520543 3072 bacpy(&ev.bdaddr, bdaddr);
48264f06 3073 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3074
afc747a6 3075 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3076 sk);
8962ee74
JH		 3077
3078 if (sk)
d97dcb66 3079 sock_put(sk);
8962ee74 3080
124f6e35 3081 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3082 hdev);
a8a1d19e 3083
8962ee74
JH		 3084 return err;
3085}
3086
88c3df13 3087int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3088 u8 link_type, u8 addr_type, u8 status)
8962ee74 3089{
88c3df13 3090 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3091 struct pending_cmd *cmd;
3092 int err;
3093
2e58ef3e 3094 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3095 if (!cmd)
3096 return -ENOENT;
3097
88c3df13
JH		 3098 bacpy(&rp.addr.bdaddr, bdaddr);
3099 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3100
88c3df13 3101 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3102 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3103
a664b5bc 3104 mgmt_pending_remove(cmd);
8962ee74 3105
b1078ad0
JH		 3106 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3107 hdev);
8962ee74 3108 return err;
f7520543 3109}
17d5c04c 3110
48264f06 3111int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3112 u8 addr_type, u8 status)
17d5c04c
JH		 3113{
3114 struct mgmt_ev_connect_failed ev;
3115
4c659c39 3116 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3117 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3118 ev.status = mgmt_status(status);
17d5c04c 3119
744cf19e 3120 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3121}
980e1a53 3122
744cf19e 3123int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3124{
3125 struct mgmt_ev_pin_code_request ev;
3126
d8457698
JH		 3127 bacpy(&ev.addr.bdaddr, bdaddr);
3128 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3129 ev.secure = secure;
980e1a53 3130
744cf19e 3131 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3132 NULL);
980e1a53
JH		 3133}
3134
744cf19e 3135int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3136 u8 status)
980e1a53
JH		 3137{
3138 struct pending_cmd *cmd;
ac56fb13 3139 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3140 int err;
3141
2e58ef3e 3142 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3143 if (!cmd)
3144 return -ENOENT;
3145
d8457698
JH		 3146 bacpy(&rp.addr.bdaddr, bdaddr);
3147 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3148
aee9b218 3149 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3150 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3151
a664b5bc 3152 mgmt_pending_remove(cmd);
980e1a53
JH		 3153
3154 return err;
3155}
3156
744cf19e 3157int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3158 u8 status)
980e1a53
JH		 3159{
3160 struct pending_cmd *cmd;
ac56fb13 3161 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3162 int err;
3163
2e58ef3e 3164 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3165 if (!cmd)
3166 return -ENOENT;
3167
d8457698
JH		 3168 bacpy(&rp.addr.bdaddr, bdaddr);
3169 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3170
aee9b218 3171 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3172 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3173
a664b5bc 3174 mgmt_pending_remove(cmd);
980e1a53
JH		 3175
3176 return err;
3177}
a5c29683 3178
744cf19e 3179int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3180 u8 link_type, u8 addr_type, __le32 value,
3181 u8 confirm_hint)
a5c29683
JH		 3182{
3183 struct mgmt_ev_user_confirm_request ev;
3184
744cf19e 3185 BT_DBG("%s", hdev->name);
a5c29683 3186
272d90df
JH		 3187 bacpy(&ev.addr.bdaddr, bdaddr);
3188 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3189 ev.confirm_hint = confirm_hint;
78e8098e 3190 ev.value = value;
a5c29683 3191
744cf19e 3192 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3193 NULL);
a5c29683
JH		 3194}
3195
272d90df
JH		 3196int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3197 u8 link_type, u8 addr_type)
604086b7
BG		 3198{
3199 struct mgmt_ev_user_passkey_request ev;
3200
3201 BT_DBG("%s", hdev->name);
3202
272d90df
JH		 3203 bacpy(&ev.addr.bdaddr, bdaddr);
3204 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3205
3206 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3207 NULL);
604086b7
BG		 3208}
3209
0df4c185 3210static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3211 u8 link_type, u8 addr_type, u8 status,
3212 u8 opcode)
a5c29683
JH		 3213{
3214 struct pending_cmd *cmd;
3215 struct mgmt_rp_user_confirm_reply rp;
3216 int err;
3217
2e58ef3e 3218 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3219 if (!cmd)
3220 return -ENOENT;
3221
272d90df
JH		 3222 bacpy(&rp.addr.bdaddr, bdaddr);
3223 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218 3224 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3225 &rp, sizeof(rp));
a5c29683 3226
a664b5bc 3227 mgmt_pending_remove(cmd);
a5c29683
JH		 3228
3229 return err;
3230}
3231
744cf19e 3232int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3233 u8 link_type, u8 addr_type, u8 status)
a5c29683 3234{
272d90df 3235 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3236 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3237}
3238
272d90df 3239int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3240 u8 link_type, u8 addr_type, u8 status)
a5c29683 3241{
272d90df 3242 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3243 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3244}
2a611692 3245
604086b7 3246int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3247 u8 link_type, u8 addr_type, u8 status)
604086b7 3248{
272d90df 3249 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3250 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3251}
3252
272d90df 3253int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3254 u8 link_type, u8 addr_type, u8 status)
604086b7 3255{
272d90df 3256 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3257 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3258}
3259
bab73cb6 3260int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3261 u8 addr_type, u8 status)
2a611692
JH		 3262{
3263 struct mgmt_ev_auth_failed ev;
3264
bab73cb6
JH		 3265 bacpy(&ev.addr.bdaddr, bdaddr);
3266 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3267 ev.status = mgmt_status(status);
2a611692 3268
744cf19e 3269 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3270}
b312b161 3271
33ef95ed
JH		 3272int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3273{
3274 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3275 bool changed = false;
3276 int err = 0;
33ef95ed
JH		 3277
3278 if (status) {
3279 u8 mgmt_err = mgmt_status(status);
3280 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3281 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3282 return 0;
3283 }
3284
47990ea0
JH		 3285 if (test_bit(HCI_AUTH, &hdev->flags)) {
3286 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3287 changed = true;
3288 } else {
3289 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3290 changed = true;
3291 }
3292
33ef95ed 3293 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3294 &match);
33ef95ed 3295
47990ea0
JH		 3296 if (changed)
3297 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3298
3299 if (match.sk)
3300 sock_put(match.sk);
3301
3302 return err;
3303}
3304
cacaf52f
JH		 3305static int clear_eir(struct hci_dev *hdev)
3306{
3307 struct hci_cp_write_eir cp;
3308
3309 if (!(hdev->features[6] & LMP_EXT_INQ))
3310 return 0;
3311
c80da27e
JH		 3312 memset(hdev->eir, 0, sizeof(hdev->eir));
3313
cacaf52f
JH		 3314 memset(&cp, 0, sizeof(cp));
3315
3316 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3317}
3318
c0ecddc2 3319int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3320{
3321 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3322 bool changed = false;
3323 int err = 0;
ed2c4ee3
JH		 3324
3325 if (status) {
3326 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3327
3328 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3329 &hdev->dev_flags))
c0ecddc2
JH		 3330 err = new_settings(hdev, NULL);
3331
04124681
GP		 3332 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3333 &mgmt_err);
c0ecddc2
JH		 3334
3335 return err;
3336 }
3337
3338 if (enable) {
3339 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3340 changed = true;
3341 } else {
3342 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3343 changed = true;
ed2c4ee3
JH		 3344 }
3345
3346 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3347
c0ecddc2
JH		 3348 if (changed)
3349 err = new_settings(hdev, match.sk);
ed2c4ee3 3350
5fc6ebb1 3351 if (match.sk)
ed2c4ee3
JH		 3352 sock_put(match.sk);
3353
5fc6ebb1
JH		 3354 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3355 update_eir(hdev);
3356 else
3357 clear_eir(hdev);
cacaf52f 3358
ed2c4ee3
JH		 3359 return err;
3360}
3361
90e70454
JH		 3362static void class_rsp(struct pending_cmd *cmd, void *data)
3363{
3364 struct cmd_lookup *match = data;
3365
3366 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3367 match->hdev->dev_class, 3);
90e70454
JH		 3368
3369 list_del(&cmd->list);
3370
3371 if (match->sk == NULL) {
3372 match->sk = cmd->sk;
3373 sock_hold(match->sk);
3374 }
3375
3376 mgmt_pending_free(cmd);
3377}
3378
7f9a903c 3379int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3380 u8 status)
7f9a903c 3381{
90e70454
JH		 3382 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3383 int err = 0;
7f9a903c 3384
c95f0ba7
JH		 3385 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3386
90e70454
JH		 3387 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3388 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3389 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3390
3391 if (!status)
04124681
GP		 3392 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3393 3, NULL);
90e70454
JH		 3394
3395 if (match.sk)
3396 sock_put(match.sk);
7f9a903c
MH		 3397
3398 return err;
3399}
3400
744cf19e 3401int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3402{
3403 struct pending_cmd *cmd;
3404 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3405 bool changed = false;
3406 int err = 0;
3407
3408 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3409 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3410 changed = true;
3411 }
b312b161
JH		 3412
3413 memset(&ev, 0, sizeof(ev));
3414 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3415 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3416
2e58ef3e 3417 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3418 if (!cmd)
3419 goto send_event;
3420
7bdaae4a
JH		 3421 /* Always assume that either the short or the complete name has
3422 * changed if there was a pending mgmt command */
3423 changed = true;
3424
b312b161 3425 if (status) {
744cf19e 3426 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3427 mgmt_status(status));
b312b161
JH		 3428 goto failed;
3429 }
3430
aee9b218 3431 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3432 sizeof(ev));
b312b161
JH		 3433 if (err < 0)
3434 goto failed;
3435
3436send_event:
28cc7bde
JH		 3437 if (changed)
3438 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3439 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3440
f51d5b24 3441 update_eir(hdev);
b312b161
JH		 3442
3443failed:
3444 if (cmd)
3445 mgmt_pending_remove(cmd);
3446 return err;
3447}
c35938b2 3448
744cf19e 3449int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3450 u8 *randomizer, u8 status)
c35938b2
SJ		 3451{
3452 struct pending_cmd *cmd;
3453 int err;
3454
744cf19e 3455 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3456
2e58ef3e 3457 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3458 if (!cmd)
3459 return -ENOENT;
3460
3461 if (status) {
04124681
GP		 3462 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3463 mgmt_status(status));
c35938b2
SJ		 3464 } else {
3465 struct mgmt_rp_read_local_oob_data rp;
3466
3467 memcpy(rp.hash, hash, sizeof(rp.hash));
3468 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3469
744cf19e 3470 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3471 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3472 sizeof(rp));
c35938b2
SJ		 3473 }
3474
3475 mgmt_pending_remove(cmd);
3476
3477 return err;
3478}
e17acd40 3479
06199cf8
JH		 3480int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3481{
3482 struct cmd_lookup match = { NULL, hdev };
3483 bool changed = false;
3484 int err = 0;
3485
3486 if (status) {
3487 u8 mgmt_err = mgmt_status(status);
3488
3489 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3490 &hdev->dev_flags))
d97dcb66 3491 err = new_settings(hdev, NULL);
06199cf8 3492
d97dcb66
SJ		 3493 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3494 &mgmt_err);
06199cf8
JH		 3495
3496 return err;
3497 }
3498
3499 if (enable) {
3500 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3501 changed = true;
3502 } else {
3503 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3504 changed = true;
3505 }
3506
3507 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3508
3509 if (changed)
3510 err = new_settings(hdev, match.sk);
3511
3512 if (match.sk)
3513 sock_put(match.sk);
3514
3515 return err;
3516}
3517
48264f06 3518int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3519 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3520 ssp, u8 *eir, u16 eir_len)
e17acd40 3521{
e319d2e7
JH		 3522 char buf[512];
3523 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3524 size_t ev_size;
e17acd40 3525
1dc06093
JH		 3526 /* Leave 5 bytes for a potential CoD field */
3527 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3528 return -EINVAL;
3529
1dc06093
JH		 3530 memset(buf, 0, sizeof(buf));
3531
e319d2e7
JH		 3532 bacpy(&ev->addr.bdaddr, bdaddr);
3533 ev->addr.type = link_to_mgmt(link_type, addr_type);
3534 ev->rssi = rssi;
9a395a80
JH		 3535 if (cfm_name)
3536 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3537 if (!ssp)
3538 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3539
1dc06093 3540 if (eir_len > 0)
e319d2e7 3541 memcpy(ev->eir, eir, eir_len);
e17acd40 3542
1dc06093
JH		 3543 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3544 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3545 dev_class, 3);
1dc06093 3546
eb55ef07 3547 ev->eir_len = cpu_to_le16(eir_len);
1dc06093
JH		 3548
3549 ev_size = sizeof(*ev) + eir_len;
f8523598 3550
e319d2e7 3551 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3552}
a88a9652 3553
b644ba33 3554int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3555 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3556{
b644ba33
JH		 3557 struct mgmt_ev_device_found *ev;
3558 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3559 u16 eir_len;
a88a9652 3560
b644ba33 3561 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3562
b644ba33
JH		 3563 memset(buf, 0, sizeof(buf));
3564
3565 bacpy(&ev->addr.bdaddr, bdaddr);
3566 ev->addr.type = link_to_mgmt(link_type, addr_type);
3567 ev->rssi = rssi;
3568
3569 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3570 name_len);
b644ba33 3571
eb55ef07 3572 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3573
053c7e0c 3574 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3575 sizeof(*ev) + eir_len, NULL);
a88a9652 3576}
314b2381 3577
7a135109 3578int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3579{
3580 struct pending_cmd *cmd;
f808e166 3581 u8 type;
164a6e78
JH		 3582 int err;
3583
203159d4
AG		 3584 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3585
2e58ef3e 3586 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3587 if (!cmd)
3588 return -ENOENT;
3589
f808e166
JH		 3590 type = hdev->discovery.type;
3591
3592 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3593 &type, sizeof(type));
164a6e78
JH		 3594 mgmt_pending_remove(cmd);
3595
3596 return err;
3597}
3598
e6d465cb
AG		 3599int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3600{
3601 struct pending_cmd *cmd;
3602 int err;
3603
3604 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3605 if (!cmd)
3606 return -ENOENT;
3607
d930650b 3608 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3609 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3610 mgmt_pending_remove(cmd);
3611
3612 return err;
3613}
3614
744cf19e 3615int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3616{
f963e8e9 3617 struct mgmt_ev_discovering ev;
164a6e78
JH		 3618 struct pending_cmd *cmd;
3619
343fb145
AG		 3620 BT_DBG("%s discovering %u", hdev->name, discovering);
3621
164a6e78 3622 if (discovering)
2e58ef3e 3623 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3624 else
2e58ef3e 3625 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3626
3627 if (cmd != NULL) {
f808e166
JH		 3628 u8 type = hdev->discovery.type;
3629
04124681
GP		 3630 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3631 sizeof(type));
164a6e78
JH		 3632 mgmt_pending_remove(cmd);
3633 }
3634
f963e8e9
JH		 3635 memset(&ev, 0, sizeof(ev));
3636 ev.type = hdev->discovery.type;
3637 ev.discovering = discovering;
3638
3639 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3640}
5e762444 3641
88c1fe4b 3642int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3643{
3644 struct pending_cmd *cmd;
3645 struct mgmt_ev_device_blocked ev;
3646
2e58ef3e 3647 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3648
88c1fe4b
JH		 3649 bacpy(&ev.addr.bdaddr, bdaddr);
3650 ev.addr.type = type;
5e762444 3651
744cf19e 3652 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3653 cmd ? cmd->sk : NULL);
5e762444
AJ		 3654}
3655
88c1fe4b 3656int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3657{
3658 struct pending_cmd *cmd;
3659 struct mgmt_ev_device_unblocked ev;
3660
2e58ef3e 3661 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3662
88c1fe4b
JH		 3663 bacpy(&ev.addr.bdaddr, bdaddr);
3664 ev.addr.type = type;
5e762444 3665
744cf19e 3666 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3667 cmd ? cmd->sk : NULL);
5e762444 3668}
d7b7e796
MH		 3669
3670module_param(enable_hs, bool, 0644);
3671MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3672
3673module_param(enable_le, bool, 0644);
3674MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux kernel - Deliverables
This page took 0.490239 seconds and 5 git commands to generate.