projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix minor coding style issue in hci_core.c
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
f14d8f64
MH		 539static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
540{
7a5f4990
MH		 541 u8 ad_len = 0;
542 size_t name_len;
543
544 name_len = strlen(hdev->dev_name);
545 if (name_len > 0) {
546 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
547
548 if (name_len > max_len) {
549 name_len = max_len;
550 ptr[1] = EIR_NAME_SHORT;
551 } else
552 ptr[1] = EIR_NAME_COMPLETE;
553
554 ptr[0] = name_len + 1;
555
556 memcpy(ptr + 2, hdev->dev_name, name_len);
557
558 ad_len += (name_len + 2);
559 ptr += (name_len + 2);
560 }
561
562 return ad_len;
f14d8f64
MH		 563}
564
565static void update_scan_rsp_data(struct hci_request *req)
566{
567 struct hci_dev *hdev = req->hdev;
568 struct hci_cp_le_set_scan_rsp_data cp;
569 u8 len;
570
571 if (!lmp_le_capable(hdev))
572 return;
573
574 memset(&cp, 0, sizeof(cp));
575
576 len = create_scan_rsp_data(hdev, cp.data);
577
eb438b5f
JH		 578 if (hdev->scan_rsp_data_len == len &&
579 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 580 return;
581
eb438b5f
JH		 582 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
583 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 584
585 cp.length = len;
586
587 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
588}
589
46cad2ed 590static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 591{
592 u8 ad_len = 0, flags = 0;
441ad2d0
MH		 593
594 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
595 flags |= LE_AD_GENERAL;
596
597 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
598 if (lmp_le_br_capable(hdev))
599 flags |= LE_AD_SIM_LE_BREDR_CTRL;
600 if (lmp_host_le_br_capable(hdev))
601 flags |= LE_AD_SIM_LE_BREDR_HOST;
602 } else {
603 flags |= LE_AD_NO_BREDR;
604 }
605
606 if (flags) {
607 BT_DBG("adv flags 0x%02x", flags);
608
609 ptr[0] = 2;
610 ptr[1] = EIR_FLAGS;
611 ptr[2] = flags;
612
613 ad_len += 3;
614 ptr += 3;
615 }
616
617 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
618 ptr[0] = 2;
619 ptr[1] = EIR_TX_POWER;
620 ptr[2] = (u8) hdev->adv_tx_power;
621
622 ad_len += 3;
623 ptr += 3;
624 }
625
441ad2d0
MH		 626 return ad_len;
627}
628
5947f4bc 629static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 630{
631 struct hci_dev *hdev = req->hdev;
632 struct hci_cp_le_set_adv_data cp;
633 u8 len;
634
635 if (!lmp_le_capable(hdev))
636 return;
637
638 memset(&cp, 0, sizeof(cp));
639
46cad2ed 640 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 641
642 if (hdev->adv_data_len == len &&
643 memcmp(cp.data, hdev->adv_data, len) == 0)
644 return;
645
646 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
647 hdev->adv_data_len = len;
648
649 cp.length = len;
650
651 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
652}
653
ef580372
JH		 654static void create_eir(struct hci_dev *hdev, u8 *data)
655{
656 u8 *ptr = data;
ef580372
JH		 657 size_t name_len;
658
659 name_len = strlen(hdev->dev_name);
660
661 if (name_len > 0) {
662 /* EIR Data type */
663 if (name_len > 48) {
664 name_len = 48;
665 ptr[1] = EIR_NAME_SHORT;
666 } else
667 ptr[1] = EIR_NAME_COMPLETE;
668
669 /* EIR Data length */
670 ptr[0] = name_len + 1;
671
672 memcpy(ptr + 2, hdev->dev_name, name_len);
673
ef580372
JH		 674 ptr += (name_len + 2);
675 }
676
bbaf444a 677 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 678 ptr[0] = 2;
679 ptr[1] = EIR_TX_POWER;
680 ptr[2] = (u8) hdev->inq_tx_power;
681
91c4e9b1
MH		 682 ptr += 3;
683 }
684
2b9be137
MH		 685 if (hdev->devid_source > 0) {
686 ptr[0] = 9;
687 ptr[1] = EIR_DEVICE_ID;
688
689 put_unaligned_le16(hdev->devid_source, ptr + 2);
690 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
691 put_unaligned_le16(hdev->devid_product, ptr + 6);
692 put_unaligned_le16(hdev->devid_version, ptr + 8);
693
2b9be137
MH		 694 ptr += 10;
695 }
696
213202ed 697 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 698 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 699 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 700}
701
890ea898 702static void update_eir(struct hci_request *req)
ef580372 703{
890ea898 704 struct hci_dev *hdev = req->hdev;
ef580372
JH		 705 struct hci_cp_write_eir cp;
706
504c8dcd 707 if (!hdev_is_powered(hdev))
890ea898 708 return;
7770c4aa 709
976eb20e 710 if (!lmp_ext_inq_capable(hdev))
890ea898 711 return;
ef580372 712
84bde9d6 713 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 714 return;
ef580372 715
a8b2d5c2 716 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 717 return;
ef580372
JH		 718
719 memset(&cp, 0, sizeof(cp));
720
721 create_eir(hdev, cp.data);
722
723 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 724 return;
ef580372
JH		 725
726 memcpy(hdev->eir, cp.data, sizeof(cp.data));
727
890ea898 728 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 729}
730
731static u8 get_service_classes(struct hci_dev *hdev)
732{
733 struct bt_uuid *uuid;
734 u8 val = 0;
735
736 list_for_each_entry(uuid, &hdev->uuids, list)
737 val |= uuid->svc_hint;
738
739 return val;
740}
741
890ea898 742static void update_class(struct hci_request *req)
ef580372 743{
890ea898 744 struct hci_dev *hdev = req->hdev;
ef580372
JH		 745 u8 cod[3];
746
747 BT_DBG("%s", hdev->name);
748
504c8dcd 749 if (!hdev_is_powered(hdev))
890ea898 750 return;
7770c4aa 751
a8b2d5c2 752 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 753 return;
ef580372
JH		 754
755 cod[0] = hdev->minor_class;
756 cod[1] = hdev->major_class;
757 cod[2] = get_service_classes(hdev);
758
6acd7db4
MH		 759 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
760 cod[1] |= 0x20;
761
ef580372 762 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 763 return;
ef580372 764
890ea898 765 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 766}
767
7d78525d
JH		 768static void service_cache_off(struct work_struct *work)
769{
770 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 771 service_cache.work);
890ea898 772 struct hci_request req;
7d78525d 773
a8b2d5c2 774 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 775 return;
776
890ea898
JH		 777 hci_req_init(&req, hdev);
778
7d78525d
JH		 779 hci_dev_lock(hdev);
780
890ea898
JH		 781 update_eir(&req);
782 update_class(&req);
7d78525d
JH		 783
784 hci_dev_unlock(hdev);
890ea898
JH		 785
786 hci_req_run(&req, NULL);
7d78525d
JH		 787}
788
6a919082 789static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 790{
4f87da80 791 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 792 return;
793
4f87da80 794 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 795
4f87da80
JH		 796 /* Non-mgmt controlled devices get this bit set
797 * implicitly so that pairing works for them, however
798 * for mgmt we require user-space to explicitly enable
799 * it
800 */
801 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 802}
803
0f4e68cf 804static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 805 void *data, u16 data_len)
0381101f 806{
a38528f1 807 struct mgmt_rp_read_info rp;
f7b64e69 808
bdb6d971 809 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 810
09fd0de5 811 hci_dev_lock(hdev);
f7b64e69 812
dc4fe30b
JH		 813 memset(&rp, 0, sizeof(rp));
814
69ab39ea 815 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 816
69ab39ea 817 rp.version = hdev->hci_ver;
eb55ef07 818 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 819
820 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
821 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 822
a38528f1 823 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 824
dc4fe30b 825 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 826 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 827
09fd0de5 828 hci_dev_unlock(hdev);
0381101f 829
bdb6d971 830 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 831 sizeof(rp));
0381101f
JH		 832}
833
eec8d2bc
JH		 834static void mgmt_pending_free(struct pending_cmd *cmd)
835{
836 sock_put(cmd->sk);
c68fb7ff 837 kfree(cmd->param);
eec8d2bc
JH		 838 kfree(cmd);
839}
840
366a0336 841static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 842 struct hci_dev *hdev, void *data,
843 u16 len)
eec8d2bc
JH		 844{
845 struct pending_cmd *cmd;
846
12b94565 847 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 848 if (!cmd)
366a0336 849 return NULL;
eec8d2bc
JH		 850
851 cmd->opcode = opcode;
2e58ef3e 852 cmd->index = hdev->id;
eec8d2bc 853
12b94565 854 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 855 if (!cmd->param) {
eec8d2bc 856 kfree(cmd);
366a0336 857 return NULL;
eec8d2bc
JH		 858 }
859
8fce6357
SJ		 860 if (data)
861 memcpy(cmd->param, data, len);
eec8d2bc
JH		 862
863 cmd->sk = sk;
864 sock_hold(sk);
865
2e58ef3e 866 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 867
366a0336 868 return cmd;
eec8d2bc
JH		 869}
870
744cf19e 871static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 872 void (*cb)(struct pending_cmd *cmd,
873 void *data),
04124681 874 void *data)
eec8d2bc 875{
a3d09356 876 struct pending_cmd *cmd, *tmp;
eec8d2bc 877
a3d09356 878 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 879 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 880 continue;
881
eec8d2bc
JH		 882 cb(cmd, data);
883 }
884}
885
2e58ef3e 886static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 887{
8035ded4 888 struct pending_cmd *cmd;
eec8d2bc 889
2e58ef3e 890 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 891 if (cmd->opcode == opcode)
892 return cmd;
eec8d2bc
JH		 893 }
894
895 return NULL;
896}
897
a664b5bc 898static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 899{
73f22f62
JH		 900 list_del(&cmd->list);
901 mgmt_pending_free(cmd);
902}
903
69ab39ea 904static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 905{
69ab39ea 906 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 907
aee9b218 908 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 909 sizeof(settings));
8680570b
JH		 910}
911
bdb6d971 912static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 913 u16 len)
eec8d2bc 914{
650f726d 915 struct mgmt_mode *cp = data;
366a0336 916 struct pending_cmd *cmd;
4b34ee78 917 int err;
eec8d2bc 918
bdb6d971 919 BT_DBG("request for %s", hdev->name);
eec8d2bc 920
a7e80f25
JH		 921 if (cp->val != 0x00 && cp->val != 0x01)
922 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
923 MGMT_STATUS_INVALID_PARAMS);
924
09fd0de5 925 hci_dev_lock(hdev);
eec8d2bc 926
87b95ba6
JH		 927 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
928 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
929 MGMT_STATUS_BUSY);
930 goto failed;
931 }
932
f0d4b78a
MH		 933 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
934 cancel_delayed_work(&hdev->power_off);
935
936 if (cp->val) {
a1d70450
JH		 937 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
938 data, len);
939 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 940 goto failed;
941 }
942 }
943
4b34ee78 944 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 945 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 946 goto failed;
947 }
948
2e58ef3e 949 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 950 if (!cmd) {
951 err = -ENOMEM;
eec8d2bc 952 goto failed;
366a0336 953 }
eec8d2bc 954
72a734ec 955 if (cp->val)
19202573 956 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 957 else
19202573 958 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 959
366a0336 960 err = 0;
eec8d2bc
JH		 961
962failed:
09fd0de5 963 hci_dev_unlock(hdev);
366a0336 964 return err;
eec8d2bc
JH		 965}
966
04124681
GP		 967static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
968 struct sock *skip_sk)
beadb2bd
JH		 969{
970 struct sk_buff *skb;
971 struct mgmt_hdr *hdr;
972
790eff44 973 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 974 if (!skb)
975 return -ENOMEM;
976
977 hdr = (void *) skb_put(skb, sizeof(*hdr));
978 hdr->opcode = cpu_to_le16(event);
979 if (hdev)
980 hdr->index = cpu_to_le16(hdev->id);
981 else
612dfce9 982 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 983 hdr->len = cpu_to_le16(data_len);
984
985 if (data)
986 memcpy(skb_put(skb, data_len), data, data_len);
987
97e0bdeb
MH		 988 /* Time stamp */
989 __net_timestamp(skb);
990
beadb2bd
JH		 991 hci_send_to_control(skb, skip_sk);
992 kfree_skb(skb);
993
994 return 0;
995}
996
997static int new_settings(struct hci_dev *hdev, struct sock *skip)
998{
999 __le32 ev;
1000
1001 ev = cpu_to_le32(get_current_settings(hdev));
1002
1003 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1004}
1005
bd99abdd
JH		 1006struct cmd_lookup {
1007 struct sock *sk;
1008 struct hci_dev *hdev;
1009 u8 mgmt_status;
1010};
1011
1012static void settings_rsp(struct pending_cmd *cmd, void *data)
1013{
1014 struct cmd_lookup *match = data;
1015
1016 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1017
1018 list_del(&cmd->list);
1019
1020 if (match->sk == NULL) {
1021 match->sk = cmd->sk;
1022 sock_hold(match->sk);
1023 }
1024
1025 mgmt_pending_free(cmd);
1026}
1027
1028static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1029{
1030 u8 *status = data;
1031
1032 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1033 mgmt_pending_remove(cmd);
1034}
1035
e6fe7986
JH		 1036static u8 mgmt_bredr_support(struct hci_dev *hdev)
1037{
1038 if (!lmp_bredr_capable(hdev))
1039 return MGMT_STATUS_NOT_SUPPORTED;
1040 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1041 return MGMT_STATUS_REJECTED;
1042 else
1043 return MGMT_STATUS_SUCCESS;
1044}
1045
1046static u8 mgmt_le_support(struct hci_dev *hdev)
1047{
1048 if (!lmp_le_capable(hdev))
1049 return MGMT_STATUS_NOT_SUPPORTED;
1050 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1051 return MGMT_STATUS_REJECTED;
1052 else
1053 return MGMT_STATUS_SUCCESS;
1054}
1055
bfaf8c9f
JH		 1056static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1057{
1058 struct pending_cmd *cmd;
1059 struct mgmt_mode *cp;
970ba524 1060 struct hci_request req;
bfaf8c9f
JH		 1061 bool changed;
1062
1063 BT_DBG("status 0x%02x", status);
1064
1065 hci_dev_lock(hdev);
1066
1067 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1068 if (!cmd)
1069 goto unlock;
1070
1071 if (status) {
1072 u8 mgmt_err = mgmt_status(status);
1073 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1074 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1075 goto remove_cmd;
1076 }
1077
1078 cp = cmd->param;
d4462a07 1079 if (cp->val) {
bfaf8c9f
JH		 1080 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1081 &hdev->dev_flags);
d4462a07
MH		 1082
1083 if (hdev->discov_timeout > 0) {
1084 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1085 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1086 to);
1087 }
1088 } else {
bfaf8c9f
JH		 1089 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1090 &hdev->dev_flags);
d4462a07 1091 }
bfaf8c9f
JH		 1092
1093 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1094
1095 if (changed)
1096 new_settings(hdev, cmd->sk);
1097
970ba524
MH		 1098 /* When the discoverable mode gets changed, make sure
1099 * that class of device has the limited discoverable
1100 * bit correctly set.
1101 */
1102 hci_req_init(&req, hdev);
1103 update_class(&req);
1104 hci_req_run(&req, NULL);
1105
bfaf8c9f
JH		 1106remove_cmd:
1107 mgmt_pending_remove(cmd);
1108
1109unlock:
1110 hci_dev_unlock(hdev);
1111}
1112
bdb6d971 1113static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1114 u16 len)
73f22f62 1115{
650f726d 1116 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1117 struct pending_cmd *cmd;
bfaf8c9f 1118 struct hci_request req;
5e5282bb 1119 u16 timeout;
e6fe7986 1120 u8 scan, status;
73f22f62
JH		 1121 int err;
1122
bdb6d971 1123 BT_DBG("request for %s", hdev->name);
73f22f62 1124
e6fe7986
JH		 1125 status = mgmt_bredr_support(hdev);
1126 if (status)
33c525c0 1127 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 1128 status);
33c525c0 1129
310a3d48 1130 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1131 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1132 MGMT_STATUS_INVALID_PARAMS);
1133
1f350c87 1134 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1135
1136 /* Disabling discoverable requires that no timeout is set,
1137 * and enabling limited discoverable requires a timeout.
1138 */
1139 if ((cp->val == 0x00 && timeout > 0) ||
1140 (cp->val == 0x02 && timeout == 0))
bdb6d971 1141 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1142 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1143
09fd0de5 1144 hci_dev_lock(hdev);
73f22f62 1145
5e5282bb 1146 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1148 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1149 goto failed;
1150 }
1151
2e58ef3e 1152 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1153 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1154 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1155 MGMT_STATUS_BUSY);
73f22f62
JH		 1156 goto failed;
1157 }
1158
5e5282bb 1159 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1160 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1161 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1162 goto failed;
1163 }
1164
1165 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1166 bool changed = false;
1167
310a3d48
MH		 1168 /* Setting limited discoverable when powered off is
1169 * not a valid operation since it requires a timeout
1170 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1171 */
0224d2fa
JH		 1172 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1173 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1174 changed = true;
1175 }
1176
5e5282bb 1177 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1178 if (err < 0)
1179 goto failed;
1180
1181 if (changed)
1182 err = new_settings(hdev, sk);
1183
5e5282bb
JH		 1184 goto failed;
1185 }
1186
310a3d48
MH		 1187 /* If the current mode is the same, then just update the timeout
1188 * value with the new value. And if only the timeout gets updated,
1189 * then no need for any HCI transactions.
1190 */
1191 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1192 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1193 &hdev->dev_flags)) {
36261547
MH		 1194 cancel_delayed_work(&hdev->discov_off);
1195 hdev->discov_timeout = timeout;
955638ec 1196
36261547
MH		 1197 if (cp->val && hdev->discov_timeout > 0) {
1198 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1199 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1200 to);
955638ec
MH		 1201 }
1202
69ab39ea 1203 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1204 goto failed;
1205 }
1206
2e58ef3e 1207 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1208 if (!cmd) {
1209 err = -ENOMEM;
73f22f62 1210 goto failed;
366a0336 1211 }
73f22f62 1212
310a3d48
MH		 1213 /* Cancel any potential discoverable timeout that might be
1214 * still active and store new timeout value. The arming of
1215 * the timeout happens in the complete handler.
1216 */
1217 cancel_delayed_work(&hdev->discov_off);
1218 hdev->discov_timeout = timeout;
1219
bfaf8c9f
JH		 1220 hci_req_init(&req, hdev);
1221
73f22f62
JH		 1222 scan = SCAN_PAGE;
1223
310a3d48
MH		 1224 if (cp->val) {
1225 struct hci_cp_write_current_iac_lap hci_cp;
1226
1227 if (cp->val == 0x02) {
1228 /* Limited discoverable mode */
1229 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1230
1231 hci_cp.num_iac = 2;
1232 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1233 hci_cp.iac_lap[1] = 0x8b;
1234 hci_cp.iac_lap[2] = 0x9e;
1235 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1236 hci_cp.iac_lap[4] = 0x8b;
1237 hci_cp.iac_lap[5] = 0x9e;
1238 } else {
1239 /* General discoverable mode */
1240 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1241
1242 hci_cp.num_iac = 1;
1243 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1244 hci_cp.iac_lap[1] = 0x8b;
1245 hci_cp.iac_lap[2] = 0x9e;
1246 }
1247
1248 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1249 (hci_cp.num_iac * 3) + 1, &hci_cp);
1250
73f22f62 1251 scan |= SCAN_INQUIRY;
310a3d48
MH		 1252 } else {
1253 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1254 }
73f22f62 1255
310a3d48 1256 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f
JH		 1257
1258 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1259 if (err < 0)
a664b5bc 1260 mgmt_pending_remove(cmd);
73f22f62
JH		 1261
1262failed:
09fd0de5 1263 hci_dev_unlock(hdev);
73f22f62
JH		 1264 return err;
1265}
1266
406d7804
JH		 1267static void write_fast_connectable(struct hci_request *req, bool enable)
1268{
bd98b996 1269 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1270 struct hci_cp_write_page_scan_activity acp;
1271 u8 type;
1272
4c01f8b8
JH		 1273 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1274 return;
1275
406d7804
JH		 1276 if (enable) {
1277 type = PAGE_SCAN_TYPE_INTERLACED;
1278
1279 /* 160 msec page scan interval */
1280 acp.interval = __constant_cpu_to_le16(0x0100);
1281 } else {
1282 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1283
1284 /* default 1.28 sec page scan */
1285 acp.interval = __constant_cpu_to_le16(0x0800);
1286 }
1287
1288 acp.window = __constant_cpu_to_le16(0x0012);
1289
bd98b996
JH		 1290 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1291 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1292 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1293 sizeof(acp), &acp);
1294
1295 if (hdev->page_scan_type != type)
1296 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1297}
1298
1987fdc7
JH		 1299static u8 get_adv_type(struct hci_dev *hdev)
1300{
1301 struct pending_cmd *cmd;
1302 bool connectable;
1303
1304 /* If there's a pending mgmt command the flag will not yet have
1305 * it's final value, so check for this first.
1306 */
1307 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1308 if (cmd) {
1309 struct mgmt_mode *cp = cmd->param;
1310 connectable = !!cp->val;
1311 } else {
1312 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1313 }
1314
1315 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1316}
1317
95c66e75
JH		 1318static void enable_advertising(struct hci_request *req)
1319{
1320 struct hci_dev *hdev = req->hdev;
1321 struct hci_cp_le_set_adv_param cp;
1322 u8 enable = 0x01;
1323
1324 memset(&cp, 0, sizeof(cp));
1325 cp.min_interval = __constant_cpu_to_le16(0x0800);
1326 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1327 cp.type = get_adv_type(hdev);
79830f66 1328 cp.own_address_type = hdev->own_addr_type;
95c66e75
JH		 1329 cp.channel_map = 0x07;
1330
1331 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1332
1333 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1334}
1335
1336static void disable_advertising(struct hci_request *req)
1337{
1338 u8 enable = 0x00;
1339
1340 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1341}
1342
2b76f453
JH		 1343static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1344{
1345 struct pending_cmd *cmd;
d7b856f9
JH		 1346 struct mgmt_mode *cp;
1347 bool changed;
2b76f453
JH		 1348
1349 BT_DBG("status 0x%02x", status);
1350
1351 hci_dev_lock(hdev);
1352
1353 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1354 if (!cmd)
1355 goto unlock;
1356
37438c1f
JH		 1357 if (status) {
1358 u8 mgmt_err = mgmt_status(status);
1359 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1360 goto remove_cmd;
1361 }
1362
d7b856f9
JH		 1363 cp = cmd->param;
1364 if (cp->val)
1365 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1366 else
1367 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1368
2b76f453
JH		 1369 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1370
d7b856f9
JH		 1371 if (changed)
1372 new_settings(hdev, cmd->sk);
1373
37438c1f 1374remove_cmd:
2b76f453
JH		 1375 mgmt_pending_remove(cmd);
1376
1377unlock:
1378 hci_dev_unlock(hdev);
1379}
1380
bdb6d971 1381static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1382 u16 len)
9fbcbb45 1383{
650f726d 1384 struct mgmt_mode *cp = data;
366a0336 1385 struct pending_cmd *cmd;
2b76f453 1386 struct hci_request req;
1987fdc7 1387 u8 scan;
9fbcbb45
JH		 1388 int err;
1389
bdb6d971 1390 BT_DBG("request for %s", hdev->name);
9fbcbb45 1391
1987fdc7
JH		 1392 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1393 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1394 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1395 MGMT_STATUS_REJECTED);
33c525c0 1396
a7e80f25
JH		 1397 if (cp->val != 0x00 && cp->val != 0x01)
1398 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1399 MGMT_STATUS_INVALID_PARAMS);
1400
09fd0de5 1401 hci_dev_lock(hdev);
9fbcbb45 1402
4b34ee78 1403 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1404 bool changed = false;
1405
1406 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1407 changed = true;
1408
6bf0e469 1409 if (cp->val) {
5e5282bb 1410 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1411 } else {
5e5282bb
JH		 1412 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1413 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1414 }
0224d2fa 1415
5e5282bb 1416 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1417 if (err < 0)
1418 goto failed;
1419
1420 if (changed)
1421 err = new_settings(hdev, sk);
1422
9fbcbb45
JH		 1423 goto failed;
1424 }
1425
2e58ef3e 1426 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1427 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1428 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1429 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1430 goto failed;
1431 }
1432
2e58ef3e 1433 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1434 if (!cmd) {
1435 err = -ENOMEM;
9fbcbb45 1436 goto failed;
366a0336 1437 }
9fbcbb45 1438
9b74246f 1439 hci_req_init(&req, hdev);
9fbcbb45 1440
9b74246f
JH		 1441 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1442 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1443 if (cp->val) {
1444 scan = SCAN_PAGE;
1445 } else {
1446 scan = 0;
1447
1448 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1449 hdev->discov_timeout > 0)
9b74246f
JH		 1450 cancel_delayed_work(&hdev->discov_off);
1451 }
2b76f453 1452
9b74246f
JH		 1453 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1454 }
2b76f453 1455
4c01f8b8
JH		 1456 /* If we're going from non-connectable to connectable or
1457 * vice-versa when fast connectable is enabled ensure that fast
1458 * connectable gets disabled. write_fast_connectable won't do
1459 * anything if the page scan parameters are already what they
1460 * should be.
1461 */
1462 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1463 write_fast_connectable(&req, false);
1464
1987fdc7
JH		 1465 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1466 hci_conn_num(hdev, LE_LINK) == 0) {
1467 disable_advertising(&req);
1468 enable_advertising(&req);
1469 }
1470
2b76f453 1471 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1472 if (err < 0) {
a664b5bc 1473 mgmt_pending_remove(cmd);
9b74246f
JH		 1474 if (err == -ENODATA)
1475 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1476 hdev);
1477 goto failed;
1478 }
9fbcbb45
JH		 1479
1480failed:
09fd0de5 1481 hci_dev_unlock(hdev);
9fbcbb45
JH		 1482 return err;
1483}
1484
bdb6d971 1485static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1486 u16 len)
c542a06c 1487{
650f726d 1488 struct mgmt_mode *cp = data;
55594356 1489 bool changed;
c542a06c
JH		 1490 int err;
1491
bdb6d971 1492 BT_DBG("request for %s", hdev->name);
c542a06c 1493
a7e80f25
JH		 1494 if (cp->val != 0x00 && cp->val != 0x01)
1495 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1496 MGMT_STATUS_INVALID_PARAMS);
1497
09fd0de5 1498 hci_dev_lock(hdev);
c542a06c
JH		 1499
1500 if (cp->val)
55594356 1501 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1502 else
55594356 1503 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1504
69ab39ea 1505 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1506 if (err < 0)
55594356 1507 goto unlock;
c542a06c 1508
55594356
MH		 1509 if (changed)
1510 err = new_settings(hdev, sk);
c542a06c 1511
55594356 1512unlock:
09fd0de5 1513 hci_dev_unlock(hdev);
c542a06c
JH		 1514 return err;
1515}
1516
04124681
GP		 1517static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1518 u16 len)
33ef95ed
JH		 1519{
1520 struct mgmt_mode *cp = data;
1521 struct pending_cmd *cmd;
e6fe7986 1522 u8 val, status;
33ef95ed
JH		 1523 int err;
1524
bdb6d971 1525 BT_DBG("request for %s", hdev->name);
33ef95ed 1526
e6fe7986
JH		 1527 status = mgmt_bredr_support(hdev);
1528 if (status)
33c525c0 1529 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1530 status);
33c525c0 1531
a7e80f25
JH		 1532 if (cp->val != 0x00 && cp->val != 0x01)
1533 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1534 MGMT_STATUS_INVALID_PARAMS);
1535
33ef95ed
JH		 1536 hci_dev_lock(hdev);
1537
4b34ee78 1538 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1539 bool changed = false;
1540
1541 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1542 &hdev->dev_flags)) {
47990ea0
JH		 1543 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1544 changed = true;
1545 }
1546
1547 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1548 if (err < 0)
1549 goto failed;
1550
1551 if (changed)
1552 err = new_settings(hdev, sk);
1553
33ef95ed
JH		 1554 goto failed;
1555 }
1556
1557 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1558 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1559 MGMT_STATUS_BUSY);
33ef95ed
JH		 1560 goto failed;
1561 }
1562
1563 val = !!cp->val;
1564
1565 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1566 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1567 goto failed;
1568 }
1569
1570 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1571 if (!cmd) {
1572 err = -ENOMEM;
1573 goto failed;
1574 }
1575
1576 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1577 if (err < 0) {
1578 mgmt_pending_remove(cmd);
1579 goto failed;
1580 }
1581
1582failed:
1583 hci_dev_unlock(hdev);
33ef95ed
JH		 1584 return err;
1585}
1586
bdb6d971 1587static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1588{
1589 struct mgmt_mode *cp = data;
1590 struct pending_cmd *cmd;
72ef0c1a 1591 u8 status;
ed2c4ee3
JH		 1592 int err;
1593
bdb6d971 1594 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1595
cdba5281
MH		 1596 status = mgmt_bredr_support(hdev);
1597 if (status)
1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1599
13ecd8b6
JH		 1600 if (!lmp_ssp_capable(hdev))
1601 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1602 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1603
a7e80f25
JH		 1604 if (cp->val != 0x00 && cp->val != 0x01)
1605 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1606 MGMT_STATUS_INVALID_PARAMS);
1607
13ecd8b6 1608 hci_dev_lock(hdev);
6c8f12c1 1609
4b34ee78 1610 if (!hdev_is_powered(hdev)) {
9ecb3e24 1611 bool changed;
c0ecddc2 1612
9ecb3e24
MH		 1613 if (cp->val) {
1614 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1615 &hdev->dev_flags);
1616 } else {
1617 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1618 &hdev->dev_flags);
1619 if (!changed)
1620 changed = test_and_clear_bit(HCI_HS_ENABLED,
1621 &hdev->dev_flags);
1622 else
1623 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1624 }
1625
1626 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1627 if (err < 0)
1628 goto failed;
1629
1630 if (changed)
1631 err = new_settings(hdev, sk);
1632
ed2c4ee3
JH		 1633 goto failed;
1634 }
1635
9ecb3e24
MH		 1636 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1637 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1638 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1639 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1640 goto failed;
1641 }
1642
72ef0c1a 1643 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1644 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1645 goto failed;
1646 }
1647
1648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1649 if (!cmd) {
1650 err = -ENOMEM;
1651 goto failed;
1652 }
1653
72ef0c1a 1654 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1655 if (err < 0) {
1656 mgmt_pending_remove(cmd);
1657 goto failed;
1658 }
1659
1660failed:
1661 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1662 return err;
1663}
1664
bdb6d971 1665static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1666{
1667 struct mgmt_mode *cp = data;
ee392693 1668 bool changed;
e6fe7986 1669 u8 status;
ee392693 1670 int err;
6d80dfd0 1671
bdb6d971 1672 BT_DBG("request for %s", hdev->name);
6d80dfd0 1673
e6fe7986
JH		 1674 status = mgmt_bredr_support(hdev);
1675 if (status)
1676 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1677
9ecb3e24
MH		 1678 if (!lmp_ssp_capable(hdev))
1679 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1680 MGMT_STATUS_NOT_SUPPORTED);
1681
1682 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1683 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1684 MGMT_STATUS_REJECTED);
1685
a7e80f25
JH		 1686 if (cp->val != 0x00 && cp->val != 0x01)
1687 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1688 MGMT_STATUS_INVALID_PARAMS);
1689
ee392693
MH		 1690 hci_dev_lock(hdev);
1691
a0cdf960 1692 if (cp->val) {
ee392693 1693 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1694 } else {
1695 if (hdev_is_powered(hdev)) {
1696 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1697 MGMT_STATUS_REJECTED);
1698 goto unlock;
1699 }
1700
ee392693 1701 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1702 }
ee392693
MH		 1703
1704 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1705 if (err < 0)
1706 goto unlock;
1707
1708 if (changed)
1709 err = new_settings(hdev, sk);
6d80dfd0 1710
ee392693
MH		 1711unlock:
1712 hci_dev_unlock(hdev);
1713 return err;
6d80dfd0
JH		 1714}
1715
416a4ae5
JH		 1716static void le_enable_complete(struct hci_dev *hdev, u8 status)
1717{
1718 struct cmd_lookup match = { NULL, hdev };
1719
1720 if (status) {
1721 u8 mgmt_err = mgmt_status(status);
1722
1723 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1724 &mgmt_err);
1725 return;
1726 }
1727
1728 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1729
1730 new_settings(hdev, match.sk);
1731
1732 if (match.sk)
1733 sock_put(match.sk);
441ad2d0
MH		 1734
1735 /* Make sure the controller has a good default for
1736 * advertising data. Restrict the update to when LE
1737 * has actually been enabled. During power on, the
1738 * update in powered_update_hci will take care of it.
1739 */
1740 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1741 struct hci_request req;
1742
1743 hci_dev_lock(hdev);
1744
1745 hci_req_init(&req, hdev);
5947f4bc 1746 update_adv_data(&req);
f14d8f64 1747 update_scan_rsp_data(&req);
441ad2d0
MH		 1748 hci_req_run(&req, NULL);
1749
1750 hci_dev_unlock(hdev);
1751 }
416a4ae5
JH		 1752}
1753
bdb6d971 1754static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1755{
1756 struct mgmt_mode *cp = data;
1757 struct hci_cp_write_le_host_supported hci_cp;
1758 struct pending_cmd *cmd;
416a4ae5 1759 struct hci_request req;
06199cf8 1760 int err;
0b60eba1 1761 u8 val, enabled;
06199cf8 1762
bdb6d971 1763 BT_DBG("request for %s", hdev->name);
06199cf8 1764
13ecd8b6
JH		 1765 if (!lmp_le_capable(hdev))
1766 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1767 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1768
a7e80f25
JH		 1769 if (cp->val != 0x00 && cp->val != 0x01)
1770 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1771 MGMT_STATUS_INVALID_PARAMS);
1772
c73eee91 1773 /* LE-only devices do not allow toggling LE on/off */
56f87901 1774 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1775 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1776 MGMT_STATUS_REJECTED);
1777
13ecd8b6 1778 hci_dev_lock(hdev);
06199cf8
JH		 1779
1780 val = !!cp->val;
ffa88e02 1781 enabled = lmp_host_le_capable(hdev);
06199cf8 1782
0b60eba1 1783 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1784 bool changed = false;
1785
1786 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1787 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1788 changed = true;
1789 }
1790
f3d3444a
JH		 1791 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1792 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1793 changed = true;
1794 }
1795
06199cf8
JH		 1796 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1797 if (err < 0)
1de028ce 1798 goto unlock;
06199cf8
JH		 1799
1800 if (changed)
1801 err = new_settings(hdev, sk);
1802
1de028ce 1803 goto unlock;
06199cf8
JH		 1804 }
1805
4375f103
JH		 1806 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1807 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1808 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1809 MGMT_STATUS_BUSY);
1de028ce 1810 goto unlock;
06199cf8
JH		 1811 }
1812
1813 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1814 if (!cmd) {
1815 err = -ENOMEM;
1de028ce 1816 goto unlock;
06199cf8
JH		 1817 }
1818
441ad2d0
MH		 1819 hci_req_init(&req, hdev);
1820
06199cf8
JH		 1821 memset(&hci_cp, 0, sizeof(hci_cp));
1822
1823 if (val) {
1824 hci_cp.le = val;
ffa88e02 1825 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1826 } else {
1827 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1828 disable_advertising(&req);
06199cf8
JH		 1829 }
1830
416a4ae5
JH		 1831 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1832 &hci_cp);
1833
1834 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1835 if (err < 0)
06199cf8 1836 mgmt_pending_remove(cmd);
06199cf8 1837
1de028ce
JH		 1838unlock:
1839 hci_dev_unlock(hdev);
06199cf8
JH		 1840 return err;
1841}
1842
0cab9c80
JH		 1843/* This is a helper function to test for pending mgmt commands that can
1844 * cause CoD or EIR HCI commands. We can only allow one such pending
1845 * mgmt command at a time since otherwise we cannot easily track what
1846 * the current values are, will be, and based on that calculate if a new
1847 * HCI command needs to be sent and if yes with what value.
1848 */
1849static bool pending_eir_or_class(struct hci_dev *hdev)
1850{
1851 struct pending_cmd *cmd;
1852
1853 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1854 switch (cmd->opcode) {
1855 case MGMT_OP_ADD_UUID:
1856 case MGMT_OP_REMOVE_UUID:
1857 case MGMT_OP_SET_DEV_CLASS:
1858 case MGMT_OP_SET_POWERED:
1859 return true;
1860 }
1861 }
1862
1863 return false;
1864}
1865
83be8eca
JH		 1866static const u8 bluetooth_base_uuid[] = {
1867 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1868 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1869};
1870
1871static u8 get_uuid_size(const u8 *uuid)
1872{
1873 u32 val;
1874
1875 if (memcmp(uuid, bluetooth_base_uuid, 12))
1876 return 128;
1877
1878 val = get_unaligned_le32(&uuid[12]);
1879 if (val > 0xffff)
1880 return 32;
1881
1882 return 16;
1883}
1884
92da6097
JH		 1885static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1886{
1887 struct pending_cmd *cmd;
1888
1889 hci_dev_lock(hdev);
1890
1891 cmd = mgmt_pending_find(mgmt_op, hdev);
1892 if (!cmd)
1893 goto unlock;
1894
1895 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1896 hdev->dev_class, 3);
1897
1898 mgmt_pending_remove(cmd);
1899
1900unlock:
1901 hci_dev_unlock(hdev);
1902}
1903
1904static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1905{
1906 BT_DBG("status 0x%02x", status);
1907
1908 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1909}
1910
bdb6d971 1911static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1912{
650f726d 1913 struct mgmt_cp_add_uuid *cp = data;
90e70454 1914 struct pending_cmd *cmd;
890ea898 1915 struct hci_request req;
2aeb9a1a 1916 struct bt_uuid *uuid;
2aeb9a1a
JH		 1917 int err;
1918
bdb6d971 1919 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1920
09fd0de5 1921 hci_dev_lock(hdev);
2aeb9a1a 1922
0cab9c80 1923 if (pending_eir_or_class(hdev)) {
bdb6d971 1924 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1925 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1926 goto failed;
1927 }
1928
92c4c204 1929 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1930 if (!uuid) {
1931 err = -ENOMEM;
1932 goto failed;
1933 }
1934
1935 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1936 uuid->svc_hint = cp->svc_hint;
83be8eca 1937 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1938
de66aa63 1939 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1940
890ea898 1941 hci_req_init(&req, hdev);
1aff6f09 1942
890ea898
JH		 1943 update_class(&req);
1944 update_eir(&req);
1945
92da6097
JH		 1946 err = hci_req_run(&req, add_uuid_complete);
1947 if (err < 0) {
1948 if (err != -ENODATA)
1949 goto failed;
80a1e1db 1950
bdb6d971 1951 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1952 hdev->dev_class, 3);
90e70454
JH		 1953 goto failed;
1954 }
1955
1956 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1957 if (!cmd) {
90e70454 1958 err = -ENOMEM;
890ea898
JH		 1959 goto failed;
1960 }
1961
1962 err = 0;
2aeb9a1a
JH		 1963
1964failed:
09fd0de5 1965 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1966 return err;
1967}
1968
24b78d0f
JH		 1969static bool enable_service_cache(struct hci_dev *hdev)
1970{
1971 if (!hdev_is_powered(hdev))
1972 return false;
1973
1974 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1975 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1976 CACHE_TIMEOUT);
24b78d0f
JH		 1977 return true;
1978 }
1979
1980 return false;
1981}
1982
92da6097
JH		 1983static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1984{
1985 BT_DBG("status 0x%02x", status);
1986
1987 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1988}
1989
bdb6d971 1990static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1991 u16 len)
2aeb9a1a 1992{
650f726d 1993 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1994 struct pending_cmd *cmd;
056341c8 1995 struct bt_uuid *match, *tmp;
2aeb9a1a 1996 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1997 struct hci_request req;
2aeb9a1a
JH		 1998 int err, found;
1999
bdb6d971 2000 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2001
09fd0de5 2002 hci_dev_lock(hdev);
2aeb9a1a 2003
0cab9c80 2004 if (pending_eir_or_class(hdev)) {
bdb6d971 2005 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2006 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2007 goto unlock;
2008 }
2009
2aeb9a1a
JH		 2010 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2011 err = hci_uuids_clear(hdev);
4004b6d9 2012
24b78d0f 2013 if (enable_service_cache(hdev)) {
bdb6d971 2014 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2015 0, hdev->dev_class, 3);
24b78d0f
JH		 2016 goto unlock;
2017 }
4004b6d9 2018
9246a869 2019 goto update_class;
2aeb9a1a
JH		 2020 }
2021
2022 found = 0;
2023
056341c8 2024 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2025 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2026 continue;
2027
2028 list_del(&match->list);
482049f7 2029 kfree(match);
2aeb9a1a
JH		 2030 found++;
2031 }
2032
2033 if (found == 0) {
bdb6d971 2034 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2035 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2036 goto unlock;
2037 }
2038
9246a869 2039update_class:
890ea898 2040 hci_req_init(&req, hdev);
1aff6f09 2041
890ea898
JH		 2042 update_class(&req);
2043 update_eir(&req);
2044
92da6097
JH		 2045 err = hci_req_run(&req, remove_uuid_complete);
2046 if (err < 0) {
2047 if (err != -ENODATA)
2048 goto unlock;
80a1e1db 2049
bdb6d971 2050 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2051 hdev->dev_class, 3);
90e70454
JH		 2052 goto unlock;
2053 }
2054
2055 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2056 if (!cmd) {
90e70454 2057 err = -ENOMEM;
890ea898
JH		 2058 goto unlock;
2059 }
2060
2061 err = 0;
2aeb9a1a
JH		 2062
2063unlock:
09fd0de5 2064 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2065 return err;
2066}
2067
92da6097
JH		 2068static void set_class_complete(struct hci_dev *hdev, u8 status)
2069{
2070 BT_DBG("status 0x%02x", status);
2071
2072 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2073}
2074
bdb6d971 2075static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2076 u16 len)
1aff6f09 2077{
650f726d 2078 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2079 struct pending_cmd *cmd;
890ea898 2080 struct hci_request req;
1aff6f09
JH		 2081 int err;
2082
bdb6d971 2083 BT_DBG("request for %s", hdev->name);
1aff6f09 2084
6203fc98 2085 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2086 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2087 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2088
0cab9c80 2089 hci_dev_lock(hdev);
ee98f473 2090
0cab9c80
JH		 2091 if (pending_eir_or_class(hdev)) {
2092 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2093 MGMT_STATUS_BUSY);
2094 goto unlock;
2095 }
c95f0ba7 2096
0cab9c80
JH		 2097 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2098 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2099 MGMT_STATUS_INVALID_PARAMS);
2100 goto unlock;
2101 }
575b3a02 2102
932f5ff5
JH		 2103 hdev->major_class = cp->major;
2104 hdev->minor_class = cp->minor;
2105
b5235a65 2106 if (!hdev_is_powered(hdev)) {
bdb6d971 2107 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2108 hdev->dev_class, 3);
b5235a65
JH		 2109 goto unlock;
2110 }
2111
890ea898
JH		 2112 hci_req_init(&req, hdev);
2113
a8b2d5c2 2114 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2115 hci_dev_unlock(hdev);
2116 cancel_delayed_work_sync(&hdev->service_cache);
2117 hci_dev_lock(hdev);
890ea898 2118 update_eir(&req);
7d78525d 2119 }
14c0b608 2120
890ea898
JH		 2121 update_class(&req);
2122
92da6097
JH		 2123 err = hci_req_run(&req, set_class_complete);
2124 if (err < 0) {
2125 if (err != -ENODATA)
2126 goto unlock;
1aff6f09 2127
bdb6d971 2128 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2129 hdev->dev_class, 3);
90e70454
JH		 2130 goto unlock;
2131 }
2132
2133 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2134 if (!cmd) {
90e70454 2135 err = -ENOMEM;
890ea898
JH		 2136 goto unlock;
2137 }
2138
2139 err = 0;
1aff6f09 2140
b5235a65 2141unlock:
09fd0de5 2142 hci_dev_unlock(hdev);
1aff6f09
JH		 2143 return err;
2144}
2145
bdb6d971 2146static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2147 u16 len)
55ed8ca1 2148{
650f726d 2149 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2150 u16 key_count, expected_len;
a492cd52 2151 int i;
55ed8ca1 2152
9060d5cf
MH		 2153 BT_DBG("request for %s", hdev->name);
2154
2155 if (!lmp_bredr_capable(hdev))
2156 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2157 MGMT_STATUS_NOT_SUPPORTED);
2158
1f350c87 2159 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2160
86742e1e
JH		 2161 expected_len = sizeof(*cp) + key_count *
2162 sizeof(struct mgmt_link_key_info);
a492cd52 2163 if (expected_len != len) {
86742e1e 2164 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2165 len, expected_len);
bdb6d971 2166 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2167 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2168 }
2169
4ae14301
JH		 2170 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2171 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2172 MGMT_STATUS_INVALID_PARAMS);
2173
bdb6d971 2174 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2175 key_count);
55ed8ca1 2176
4ee71b20
JH		 2177 for (i = 0; i < key_count; i++) {
2178 struct mgmt_link_key_info *key = &cp->keys[i];
2179
2180 if (key->addr.type != BDADDR_BREDR)
2181 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2182 MGMT_STATUS_INVALID_PARAMS);
2183 }
2184
09fd0de5 2185 hci_dev_lock(hdev);
55ed8ca1
JH		 2186
2187 hci_link_keys_clear(hdev);
2188
55ed8ca1 2189 if (cp->debug_keys)
a8b2d5c2 2190 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2191 else
a8b2d5c2 2192 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2193
a492cd52 2194 for (i = 0; i < key_count; i++) {
86742e1e 2195 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2196
d753fdc4 2197 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2198 key->type, key->pin_len);
55ed8ca1
JH		 2199 }
2200
bdb6d971 2201 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2202
09fd0de5 2203 hci_dev_unlock(hdev);
55ed8ca1 2204
a492cd52 2205 return 0;
55ed8ca1
JH		 2206}
2207
b1078ad0 2208static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2209 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2210{
2211 struct mgmt_ev_device_unpaired ev;
2212
2213 bacpy(&ev.addr.bdaddr, bdaddr);
2214 ev.addr.type = addr_type;
2215
2216 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2217 skip_sk);
b1078ad0
JH		 2218}
2219
bdb6d971 2220static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2221 u16 len)
55ed8ca1 2222{
124f6e35
JH		 2223 struct mgmt_cp_unpair_device *cp = data;
2224 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2225 struct hci_cp_disconnect dc;
2226 struct pending_cmd *cmd;
55ed8ca1 2227 struct hci_conn *conn;
55ed8ca1
JH		 2228 int err;
2229
a8a1d19e 2230 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2231 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2232 rp.addr.type = cp->addr.type;
a8a1d19e 2233
4ee71b20
JH		 2234 if (!bdaddr_type_is_valid(cp->addr.type))
2235 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2236 MGMT_STATUS_INVALID_PARAMS,
2237 &rp, sizeof(rp));
2238
118da70b
JH		 2239 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2240 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2241 MGMT_STATUS_INVALID_PARAMS,
2242 &rp, sizeof(rp));
2243
4ee71b20
JH		 2244 hci_dev_lock(hdev);
2245
86a8cfc6 2246 if (!hdev_is_powered(hdev)) {
bdb6d971 2247 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2248 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2249 goto unlock;
2250 }
2251
591f47f3 2252 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2253 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2254 else
2255 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2256
55ed8ca1 2257 if (err < 0) {
bdb6d971 2258 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2259 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2260 goto unlock;
2261 }
2262
86a8cfc6 2263 if (cp->disconnect) {
591f47f3 2264 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2265 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2266 &cp->addr.bdaddr);
86a8cfc6
JH		 2267 else
2268 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2269 &cp->addr.bdaddr);
86a8cfc6
JH		 2270 } else {
2271 conn = NULL;
2272 }
124f6e35 2273
a8a1d19e 2274 if (!conn) {
bdb6d971 2275 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2276 &rp, sizeof(rp));
b1078ad0 2277 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2278 goto unlock;
2279 }
55ed8ca1 2280
124f6e35 2281 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2282 sizeof(*cp));
a8a1d19e
JH		 2283 if (!cmd) {
2284 err = -ENOMEM;
2285 goto unlock;
55ed8ca1
JH		 2286 }
2287
eb55ef07 2288 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2289 dc.reason = 0x13; /* Remote User Terminated Connection */
2290 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2291 if (err < 0)
2292 mgmt_pending_remove(cmd);
2293
55ed8ca1 2294unlock:
09fd0de5 2295 hci_dev_unlock(hdev);
55ed8ca1
JH		 2296 return err;
2297}
2298
bdb6d971 2299static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2300 u16 len)
8962ee74 2301{
650f726d 2302 struct mgmt_cp_disconnect *cp = data;
06a63b19 2303 struct mgmt_rp_disconnect rp;
8962ee74 2304 struct hci_cp_disconnect dc;
366a0336 2305 struct pending_cmd *cmd;
8962ee74 2306 struct hci_conn *conn;
8962ee74
JH		 2307 int err;
2308
2309 BT_DBG("");
2310
06a63b19
JH		 2311 memset(&rp, 0, sizeof(rp));
2312 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2313 rp.addr.type = cp->addr.type;
2314
4ee71b20 2315 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2316 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2317 MGMT_STATUS_INVALID_PARAMS,
2318 &rp, sizeof(rp));
4ee71b20 2319
09fd0de5 2320 hci_dev_lock(hdev);
8962ee74
JH		 2321
2322 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2323 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2324 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2325 goto failed;
2326 }
2327
2e58ef3e 2328 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2329 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2330 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2331 goto failed;
2332 }
2333
591f47f3 2334 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2335 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2336 &cp->addr.bdaddr);
88c3df13
JH		 2337 else
2338 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2339
f960727e 2340 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2341 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2342 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2343 goto failed;
2344 }
2345
2e58ef3e 2346 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2347 if (!cmd) {
2348 err = -ENOMEM;
8962ee74 2349 goto failed;
366a0336 2350 }
8962ee74 2351
eb55ef07 2352 dc.handle = cpu_to_le16(conn->handle);
3701f944 2353 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2354
2355 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2356 if (err < 0)
a664b5bc 2357 mgmt_pending_remove(cmd);
8962ee74
JH		 2358
2359failed:
09fd0de5 2360 hci_dev_unlock(hdev);
8962ee74
JH		 2361 return err;
2362}
2363
57c1477c 2364static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2365{
2366 switch (link_type) {
2367 case LE_LINK:
48264f06
JH		 2368 switch (addr_type) {
2369 case ADDR_LE_DEV_PUBLIC:
591f47f3 2370 return BDADDR_LE_PUBLIC;
0ed09148 2371
48264f06 2372 default:
0ed09148 2373 /* Fallback to LE Random address type */
591f47f3 2374 return BDADDR_LE_RANDOM;
48264f06 2375 }
0ed09148 2376
4c659c39 2377 default:
0ed09148 2378 /* Fallback to BR/EDR type */
591f47f3 2379 return BDADDR_BREDR;
4c659c39
JH		 2380 }
2381}
2382
04124681
GP		 2383static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2384 u16 data_len)
2784eb41 2385{
2784eb41 2386 struct mgmt_rp_get_connections *rp;
8035ded4 2387 struct hci_conn *c;
a38528f1 2388 size_t rp_len;
60fc5fb6
JH		 2389 int err;
2390 u16 i;
2784eb41
JH		 2391
2392 BT_DBG("");
2393
09fd0de5 2394 hci_dev_lock(hdev);
2784eb41 2395
5f97c1df 2396 if (!hdev_is_powered(hdev)) {
bdb6d971 2397 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2398 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2399 goto unlock;
2400 }
2401
60fc5fb6 2402 i = 0;
b644ba33
JH		 2403 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2404 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2405 i++;
2784eb41
JH		 2406 }
2407
60fc5fb6 2408 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2409 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2410 if (!rp) {
2784eb41
JH		 2411 err = -ENOMEM;
2412 goto unlock;
2413 }
2414
2784eb41 2415 i = 0;
4c659c39 2416 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2417 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2418 continue;
4c659c39 2419 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2420 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2421 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2422 continue;
2423 i++;
2424 }
2425
eb55ef07 2426 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2427
4c659c39
JH		 2428 /* Recalculate length in case of filtered SCO connections, etc */
2429 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2430
bdb6d971 2431 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2432 rp_len);
2784eb41 2433
a38528f1 2434 kfree(rp);
5f97c1df
JH		 2435
2436unlock:
09fd0de5 2437 hci_dev_unlock(hdev);
2784eb41
JH		 2438 return err;
2439}
2440
bdb6d971 2441static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2442 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2443{
2444 struct pending_cmd *cmd;
2445 int err;
2446
2e58ef3e 2447 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2448 sizeof(*cp));
96d97a67
WR		 2449 if (!cmd)
2450 return -ENOMEM;
2451
d8457698 2452 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2453 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2454 if (err < 0)
2455 mgmt_pending_remove(cmd);
2456
2457 return err;
2458}
2459
bdb6d971 2460static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2461 u16 len)
980e1a53 2462{
96d97a67 2463 struct hci_conn *conn;
650f726d 2464 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2465 struct hci_cp_pin_code_reply reply;
366a0336 2466 struct pending_cmd *cmd;
980e1a53
JH		 2467 int err;
2468
2469 BT_DBG("");
2470
09fd0de5 2471 hci_dev_lock(hdev);
980e1a53 2472
4b34ee78 2473 if (!hdev_is_powered(hdev)) {
bdb6d971 2474 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2475 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2476 goto failed;
2477 }
2478
d8457698 2479 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2480 if (!conn) {
bdb6d971 2481 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2482 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2483 goto failed;
2484 }
2485
2486 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2487 struct mgmt_cp_pin_code_neg_reply ncp;
2488
2489 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2490
2491 BT_ERR("PIN code is not 16 bytes long");
2492
bdb6d971 2493 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2494 if (err >= 0)
bdb6d971 2495 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2496 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2497
2498 goto failed;
2499 }
2500
00abfe44 2501 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2502 if (!cmd) {
2503 err = -ENOMEM;
980e1a53 2504 goto failed;
366a0336 2505 }
980e1a53 2506
d8457698 2507 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2508 reply.pin_len = cp->pin_len;
24718ca5 2509 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2510
2511 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2512 if (err < 0)
a664b5bc 2513 mgmt_pending_remove(cmd);
980e1a53
JH		 2514
2515failed:
09fd0de5 2516 hci_dev_unlock(hdev);
980e1a53
JH		 2517 return err;
2518}
2519
04124681
GP		 2520static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2521 u16 len)
17fa4b9d 2522{
650f726d 2523 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2524
2525 BT_DBG("");
2526
09fd0de5 2527 hci_dev_lock(hdev);
17fa4b9d
JH		 2528
2529 hdev->io_capability = cp->io_capability;
2530
2531 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2532 hdev->io_capability);
17fa4b9d 2533
09fd0de5 2534 hci_dev_unlock(hdev);
17fa4b9d 2535
04124681
GP		 2536 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2537 0);
17fa4b9d
JH		 2538}
2539
6039aa73 2540static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2541{
2542 struct hci_dev *hdev = conn->hdev;
8035ded4 2543 struct pending_cmd *cmd;
e9a416b5 2544
2e58ef3e 2545 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2546 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2547 continue;
2548
e9a416b5
JH		 2549 if (cmd->user_data != conn)
2550 continue;
2551
2552 return cmd;
2553 }
2554
2555 return NULL;
2556}
2557
2558static void pairing_complete(struct pending_cmd *cmd, u8 status)
2559{
2560 struct mgmt_rp_pair_device rp;
2561 struct hci_conn *conn = cmd->user_data;
2562
ba4e564f 2563 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2564 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2565
aee9b218 2566 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2567 &rp, sizeof(rp));
e9a416b5
JH		 2568
2569 /* So we don't get further callbacks for this connection */
2570 conn->connect_cfm_cb = NULL;
2571 conn->security_cfm_cb = NULL;
2572 conn->disconn_cfm_cb = NULL;
2573
76a68ba0 2574 hci_conn_drop(conn);
e9a416b5 2575
a664b5bc 2576 mgmt_pending_remove(cmd);
e9a416b5
JH		 2577}
2578
2579static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2580{
2581 struct pending_cmd *cmd;
2582
2583 BT_DBG("status %u", status);
2584
2585 cmd = find_pairing(conn);
56e5cb86 2586 if (!cmd)
e9a416b5 2587 BT_DBG("Unable to find a pending command");
56e5cb86 2588 else
e211326c 2589 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2590}
2591
4c47d739
VA		 2592static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2593{
2594 struct pending_cmd *cmd;
2595
2596 BT_DBG("status %u", status);
2597
2598 if (!status)
2599 return;
2600
2601 cmd = find_pairing(conn);
2602 if (!cmd)
2603 BT_DBG("Unable to find a pending command");
2604 else
2605 pairing_complete(cmd, mgmt_status(status));
2606}
2607
bdb6d971 2608static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2609 u16 len)
e9a416b5 2610{
650f726d 2611 struct mgmt_cp_pair_device *cp = data;
1425acb7 2612 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2613 struct pending_cmd *cmd;
2614 u8 sec_level, auth_type;
2615 struct hci_conn *conn;
e9a416b5
JH		 2616 int err;
2617
2618 BT_DBG("");
2619
f950a30e
SJ		 2620 memset(&rp, 0, sizeof(rp));
2621 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2622 rp.addr.type = cp->addr.type;
2623
4ee71b20
JH		 2624 if (!bdaddr_type_is_valid(cp->addr.type))
2625 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2626 MGMT_STATUS_INVALID_PARAMS,
2627 &rp, sizeof(rp));
2628
09fd0de5 2629 hci_dev_lock(hdev);
e9a416b5 2630
5f97c1df 2631 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2632 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2633 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2634 goto unlock;
2635 }
2636
c908df36
VCG		 2637 sec_level = BT_SECURITY_MEDIUM;
2638 if (cp->io_cap == 0x03)
e9a416b5 2639 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2640 else
e9a416b5 2641 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2642
591f47f3 2643 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2644 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2645 cp->addr.type, sec_level, auth_type);
7a512d01 2646 else
b12f62cf
AG		 2647 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2648 cp->addr.type, sec_level, auth_type);
7a512d01 2649
30e76272 2650 if (IS_ERR(conn)) {
489dc48e
AK		 2651 int status;
2652
2653 if (PTR_ERR(conn) == -EBUSY)
2654 status = MGMT_STATUS_BUSY;
2655 else
2656 status = MGMT_STATUS_CONNECT_FAILED;
2657
bdb6d971 2658 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2659 status, &rp,
04124681 2660 sizeof(rp));
e9a416b5
JH		 2661 goto unlock;
2662 }
2663
2664 if (conn->connect_cfm_cb) {
76a68ba0 2665 hci_conn_drop(conn);
bdb6d971 2666 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2667 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2668 goto unlock;
2669 }
2670
2e58ef3e 2671 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2672 if (!cmd) {
2673 err = -ENOMEM;
76a68ba0 2674 hci_conn_drop(conn);
e9a416b5
JH		 2675 goto unlock;
2676 }
2677
7a512d01 2678 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2679 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2680 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2681 else
2682 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2683
e9a416b5
JH		 2684 conn->security_cfm_cb = pairing_complete_cb;
2685 conn->disconn_cfm_cb = pairing_complete_cb;
2686 conn->io_capability = cp->io_cap;
2687 cmd->user_data = conn;
2688
2689 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2690 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2691 pairing_complete(cmd, 0);
2692
2693 err = 0;
2694
2695unlock:
09fd0de5 2696 hci_dev_unlock(hdev);
e9a416b5
JH		 2697 return err;
2698}
2699
04124681
GP		 2700static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2701 u16 len)
28424707 2702{
0f4e68cf 2703 struct mgmt_addr_info *addr = data;
28424707
JH		 2704 struct pending_cmd *cmd;
2705 struct hci_conn *conn;
2706 int err;
2707
2708 BT_DBG("");
2709
28424707
JH		 2710 hci_dev_lock(hdev);
2711
5f97c1df 2712 if (!hdev_is_powered(hdev)) {
bdb6d971 2713 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2714 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2715 goto unlock;
2716 }
2717
28424707
JH		 2718 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2719 if (!cmd) {
bdb6d971 2720 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2721 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2722 goto unlock;
2723 }
2724
2725 conn = cmd->user_data;
2726
2727 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2728 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2729 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2730 goto unlock;
2731 }
2732
2733 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2734
bdb6d971 2735 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2736 addr, sizeof(*addr));
28424707
JH		 2737unlock:
2738 hci_dev_unlock(hdev);
28424707
JH		 2739 return err;
2740}
2741
bdb6d971 2742static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2743 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2744 u16 hci_op, __le32 passkey)
a5c29683 2745{
a5c29683 2746 struct pending_cmd *cmd;
0df4c185 2747 struct hci_conn *conn;
a5c29683
JH		 2748 int err;
2749
09fd0de5 2750 hci_dev_lock(hdev);
08ba5382 2751
4b34ee78 2752 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2753 err = cmd_complete(sk, hdev->id, mgmt_op,
2754 MGMT_STATUS_NOT_POWERED, addr,
2755 sizeof(*addr));
0df4c185 2756 goto done;
a5c29683
JH		 2757 }
2758
1707c60e
JH		 2759 if (addr->type == BDADDR_BREDR)
2760 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2761 else
1707c60e 2762 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2763
2764 if (!conn) {
feb94d3d
JH		 2765 err = cmd_complete(sk, hdev->id, mgmt_op,
2766 MGMT_STATUS_NOT_CONNECTED, addr,
2767 sizeof(*addr));
272d90df
JH		 2768 goto done;
2769 }
47c15e2b 2770
1707c60e 2771 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2772 /* Continue with pairing via SMP */
5fe57d9e
BG		 2773 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2774
2775 if (!err)
feb94d3d
JH		 2776 err = cmd_complete(sk, hdev->id, mgmt_op,
2777 MGMT_STATUS_SUCCESS, addr,
2778 sizeof(*addr));
5fe57d9e 2779 else
feb94d3d
JH		 2780 err = cmd_complete(sk, hdev->id, mgmt_op,
2781 MGMT_STATUS_FAILED, addr,
2782 sizeof(*addr));
47c15e2b 2783
47c15e2b
BG		 2784 goto done;
2785 }
2786
1707c60e 2787 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2788 if (!cmd) {
2789 err = -ENOMEM;
0df4c185 2790 goto done;
a5c29683
JH		 2791 }
2792
0df4c185 2793 /* Continue with pairing via HCI */
604086b7
BG		 2794 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2795 struct hci_cp_user_passkey_reply cp;
2796
1707c60e 2797 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2798 cp.passkey = passkey;
2799 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2800 } else
1707c60e
JH		 2801 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2802 &addr->bdaddr);
604086b7 2803
a664b5bc
JH		 2804 if (err < 0)
2805 mgmt_pending_remove(cmd);
a5c29683 2806
0df4c185 2807done:
09fd0de5 2808 hci_dev_unlock(hdev);
a5c29683
JH		 2809 return err;
2810}
2811
afeb019d
JK		 2812static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2813 void *data, u16 len)
2814{
2815 struct mgmt_cp_pin_code_neg_reply *cp = data;
2816
2817 BT_DBG("");
2818
1707c60e 2819 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2820 MGMT_OP_PIN_CODE_NEG_REPLY,
2821 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2822}
2823
04124681
GP		 2824static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2825 u16 len)
0df4c185 2826{
650f726d 2827 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2828
2829 BT_DBG("");
2830
2831 if (len != sizeof(*cp))
bdb6d971 2832 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2833 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2834
1707c60e 2835 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2836 MGMT_OP_USER_CONFIRM_REPLY,
2837 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2838}
2839
bdb6d971 2840static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2841 void *data, u16 len)
0df4c185 2842{
c9c2659f 2843 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2844
2845 BT_DBG("");
2846
1707c60e 2847 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2848 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2849 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2850}
2851
04124681
GP		 2852static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2853 u16 len)
604086b7 2854{
650f726d 2855 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2856
2857 BT_DBG("");
2858
1707c60e 2859 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2860 MGMT_OP_USER_PASSKEY_REPLY,
2861 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2862}
2863
bdb6d971 2864static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2865 void *data, u16 len)
604086b7 2866{
650f726d 2867 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2868
2869 BT_DBG("");
2870
1707c60e 2871 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2872 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2873 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2874}
2875
13928971 2876static void update_name(struct hci_request *req)
2b4bf397 2877{
13928971 2878 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2879 struct hci_cp_write_local_name cp;
2880
13928971 2881 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2882
890ea898 2883 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2884}
2885
13928971
JH		 2886static void set_name_complete(struct hci_dev *hdev, u8 status)
2887{
2888 struct mgmt_cp_set_local_name *cp;
2889 struct pending_cmd *cmd;
2890
2891 BT_DBG("status 0x%02x", status);
2892
2893 hci_dev_lock(hdev);
2894
2895 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2896 if (!cmd)
2897 goto unlock;
2898
2899 cp = cmd->param;
2900
2901 if (status)
2902 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2903 mgmt_status(status));
2904 else
2905 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2906 cp, sizeof(*cp));
2907
2908 mgmt_pending_remove(cmd);
2909
2910unlock:
2911 hci_dev_unlock(hdev);
2912}
2913
bdb6d971 2914static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2915 u16 len)
b312b161 2916{
2b4bf397 2917 struct mgmt_cp_set_local_name *cp = data;
b312b161 2918 struct pending_cmd *cmd;
890ea898 2919 struct hci_request req;
b312b161
JH		 2920 int err;
2921
2922 BT_DBG("");
2923
09fd0de5 2924 hci_dev_lock(hdev);
b312b161 2925
b3f2ca94
JH		 2926 /* If the old values are the same as the new ones just return a
2927 * direct command complete event.
2928 */
2929 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2930 !memcmp(hdev->short_name, cp->short_name,
2931 sizeof(hdev->short_name))) {
2932 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2933 data, len);
2934 goto failed;
2935 }
2936
2b4bf397 2937 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2938
b5235a65 2939 if (!hdev_is_powered(hdev)) {
2b4bf397 2940 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2941
2942 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2943 data, len);
28cc7bde
JH		 2944 if (err < 0)
2945 goto failed;
2946
2947 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2948 sk);
28cc7bde 2949
b5235a65
JH		 2950 goto failed;
2951 }
2952
28cc7bde 2953 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2954 if (!cmd) {
2955 err = -ENOMEM;
2956 goto failed;
2957 }
2958
13928971
JH		 2959 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2960
890ea898 2961 hci_req_init(&req, hdev);
3f985050
JH		 2962
2963 if (lmp_bredr_capable(hdev)) {
2964 update_name(&req);
2965 update_eir(&req);
2966 }
2967
7a5f4990
MH		 2968 /* The name is stored in the scan response data and so
2969 * no need to udpate the advertising data here.
2970 */
3f985050 2971 if (lmp_le_capable(hdev))
7a5f4990 2972 update_scan_rsp_data(&req);
3f985050 2973
13928971 2974 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2975 if (err < 0)
2976 mgmt_pending_remove(cmd);
2977
2978failed:
09fd0de5 2979 hci_dev_unlock(hdev);
b312b161
JH		 2980 return err;
2981}
2982
0f4e68cf 2983static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2984 void *data, u16 data_len)
c35938b2 2985{
c35938b2
SJ		 2986 struct pending_cmd *cmd;
2987 int err;
2988
bdb6d971 2989 BT_DBG("%s", hdev->name);
c35938b2 2990
09fd0de5 2991 hci_dev_lock(hdev);
c35938b2 2992
4b34ee78 2993 if (!hdev_is_powered(hdev)) {
bdb6d971 2994 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2995 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2996 goto unlock;
2997 }
2998
9a1a1996 2999 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3000 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3001 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3002 goto unlock;
3003 }
3004
2e58ef3e 3005 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3006 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3007 MGMT_STATUS_BUSY);
c35938b2
SJ		 3008 goto unlock;
3009 }
3010
2e58ef3e 3011 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3012 if (!cmd) {
3013 err = -ENOMEM;
3014 goto unlock;
3015 }
3016
3017 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3018 if (err < 0)
3019 mgmt_pending_remove(cmd);
3020
3021unlock:
09fd0de5 3022 hci_dev_unlock(hdev);
c35938b2
SJ		 3023 return err;
3024}
3025
bdb6d971 3026static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3027 void *data, u16 len)
2763eda6 3028{
650f726d 3029 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 3030 u8 status;
2763eda6
SJ		 3031 int err;
3032
bdb6d971 3033 BT_DBG("%s ", hdev->name);
2763eda6 3034
09fd0de5 3035 hci_dev_lock(hdev);
2763eda6 3036
664ce4cc 3037 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 3038 cp->randomizer);
2763eda6 3039 if (err < 0)
bf1e3541 3040 status = MGMT_STATUS_FAILED;
2763eda6 3041 else
a6785be2 3042 status = MGMT_STATUS_SUCCESS;
bf1e3541 3043
bdb6d971 3044 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 3045 &cp->addr, sizeof(cp->addr));
2763eda6 3046
09fd0de5 3047 hci_dev_unlock(hdev);
2763eda6
SJ		 3048 return err;
3049}
3050
bdb6d971 3051static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3052 void *data, u16 len)
2763eda6 3053{
650f726d 3054 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3055 u8 status;
2763eda6
SJ		 3056 int err;
3057
bdb6d971 3058 BT_DBG("%s", hdev->name);
2763eda6 3059
09fd0de5 3060 hci_dev_lock(hdev);
2763eda6 3061
664ce4cc 3062 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3063 if (err < 0)
bf1e3541 3064 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3065 else
a6785be2 3066 status = MGMT_STATUS_SUCCESS;
bf1e3541 3067
bdb6d971 3068 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3069 status, &cp->addr, sizeof(cp->addr));
2763eda6 3070
09fd0de5 3071 hci_dev_unlock(hdev);
2763eda6
SJ		 3072 return err;
3073}
3074
41dc2bd6
AG		 3075static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3076{
3077 struct pending_cmd *cmd;
3078 u8 type;
3079 int err;
3080
3081 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3082
3083 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3084 if (!cmd)
3085 return -ENOENT;
3086
3087 type = hdev->discovery.type;
3088
3089 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3090 &type, sizeof(type));
3091 mgmt_pending_remove(cmd);
3092
3093 return err;
3094}
3095
7c307720
AG		 3096static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3097{
3098 BT_DBG("status %d", status);
3099
3100 if (status) {
3101 hci_dev_lock(hdev);
3102 mgmt_start_discovery_failed(hdev, status);
3103 hci_dev_unlock(hdev);
3104 return;
3105 }
3106
3107 hci_dev_lock(hdev);
3108 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3109 hci_dev_unlock(hdev);
3110
3111 switch (hdev->discovery.type) {
3112 case DISCOV_TYPE_LE:
3113 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3114 DISCOV_LE_TIMEOUT);
7c307720
AG		 3115 break;
3116
3117 case DISCOV_TYPE_INTERLEAVED:
3118 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3119 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3120 break;
3121
3122 case DISCOV_TYPE_BREDR:
3123 break;
3124
3125 default:
3126 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3127 }
3128}
3129
bdb6d971 3130static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3131 void *data, u16 len)
14a53664 3132{
650f726d 3133 struct mgmt_cp_start_discovery *cp = data;
14a53664 3134 struct pending_cmd *cmd;
7c307720
AG		 3135 struct hci_cp_le_set_scan_param param_cp;
3136 struct hci_cp_le_set_scan_enable enable_cp;
3137 struct hci_cp_inquiry inq_cp;
3138 struct hci_request req;
3139 /* General inquiry access code (GIAC) */
3140 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3141 u8 status;
14a53664
JH		 3142 int err;
3143
bdb6d971 3144 BT_DBG("%s", hdev->name);
14a53664 3145
09fd0de5 3146 hci_dev_lock(hdev);
14a53664 3147
4b34ee78 3148 if (!hdev_is_powered(hdev)) {
bdb6d971 3149 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3150 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3151 goto failed;
3152 }
3153
642be6c7
AG		 3154 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3155 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3156 MGMT_STATUS_BUSY);
3157 goto failed;
3158 }
3159
ff9ef578 3160 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3161 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3162 MGMT_STATUS_BUSY);
ff9ef578
JH		 3163 goto failed;
3164 }
3165
2e58ef3e 3166 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3167 if (!cmd) {
3168 err = -ENOMEM;
3169 goto failed;
3170 }
3171
4aab14e5
AG		 3172 hdev->discovery.type = cp->type;
3173
7c307720
AG		 3174 hci_req_init(&req, hdev);
3175
4aab14e5 3176 switch (hdev->discovery.type) {
f39799f5 3177 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3178 status = mgmt_bredr_support(hdev);
3179 if (status) {
04106755 3180 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3181 status);
04106755
JH		 3182 mgmt_pending_remove(cmd);
3183 goto failed;
3184 }
3185
7c307720
AG		 3186 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3187 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3188 MGMT_STATUS_BUSY);
3189 mgmt_pending_remove(cmd);
3190 goto failed;
3191 }
3192
3193 hci_inquiry_cache_flush(hdev);
3194
3195 memset(&inq_cp, 0, sizeof(inq_cp));
3196 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3197 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3198 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3199 break;
3200
3201 case DISCOV_TYPE_LE:
7c307720 3202 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3203 status = mgmt_le_support(hdev);
3204 if (status) {
04106755 3205 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3206 status);
04106755
JH		 3207 mgmt_pending_remove(cmd);
3208 goto failed;
3209 }
3210
7c307720 3211 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3212 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3213 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3214 MGMT_STATUS_NOT_SUPPORTED);
3215 mgmt_pending_remove(cmd);
3216 goto failed;
3217 }
3218
f3d3444a 3219 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3220 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3221 MGMT_STATUS_REJECTED);
3222 mgmt_pending_remove(cmd);
3223 goto failed;
3224 }
3225
3226 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3227 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3228 MGMT_STATUS_BUSY);
3229 mgmt_pending_remove(cmd);
3230 goto failed;
3231 }
3232
3233 memset(&param_cp, 0, sizeof(param_cp));
3234 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3235 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3236 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3237 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3238 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3239 &param_cp);
3240
3241 memset(&enable_cp, 0, sizeof(enable_cp));
3242 enable_cp.enable = LE_SCAN_ENABLE;
3243 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3244 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3245 &enable_cp);
5e0452c0
AG		 3246 break;
3247
f39799f5 3248 default:
04106755
JH		 3249 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3250 MGMT_STATUS_INVALID_PARAMS);
3251 mgmt_pending_remove(cmd);
3252 goto failed;
f39799f5 3253 }
3fd24153 3254
7c307720 3255 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3256 if (err < 0)
3257 mgmt_pending_remove(cmd);
ff9ef578
JH		 3258 else
3259 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3260
3261failed:
09fd0de5 3262 hci_dev_unlock(hdev);
14a53664
JH		 3263 return err;
3264}
3265
1183fdca
AG		 3266static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3267{
3268 struct pending_cmd *cmd;
3269 int err;
3270
3271 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3272 if (!cmd)
3273 return -ENOENT;
3274
3275 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3276 &hdev->discovery.type, sizeof(hdev->discovery.type));
3277 mgmt_pending_remove(cmd);
3278
3279 return err;
3280}
3281
0e05bba6
AG		 3282static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3283{
3284 BT_DBG("status %d", status);
3285
3286 hci_dev_lock(hdev);
3287
3288 if (status) {
3289 mgmt_stop_discovery_failed(hdev, status);
3290 goto unlock;
3291 }
3292
3293 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3294
3295unlock:
3296 hci_dev_unlock(hdev);
3297}
3298
bdb6d971 3299static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3300 u16 len)
14a53664 3301{
d930650b 3302 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3303 struct pending_cmd *cmd;
30dc78e1
JH		 3304 struct hci_cp_remote_name_req_cancel cp;
3305 struct inquiry_entry *e;
0e05bba6
AG		 3306 struct hci_request req;
3307 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3308 int err;
3309
bdb6d971 3310 BT_DBG("%s", hdev->name);
14a53664 3311
09fd0de5 3312 hci_dev_lock(hdev);
14a53664 3313
30dc78e1 3314 if (!hci_discovery_active(hdev)) {
bdb6d971 3315 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3316 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3317 sizeof(mgmt_cp->type));
d930650b
JH		 3318 goto unlock;
3319 }
3320
3321 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3322 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3323 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3324 sizeof(mgmt_cp->type));
30dc78e1 3325 goto unlock;
ff9ef578
JH		 3326 }
3327
2e58ef3e 3328 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3329 if (!cmd) {
3330 err = -ENOMEM;
30dc78e1
JH		 3331 goto unlock;
3332 }
3333
0e05bba6
AG		 3334 hci_req_init(&req, hdev);
3335
e0d9727e
AG		 3336 switch (hdev->discovery.state) {
3337 case DISCOVERY_FINDING:
0e05bba6
AG		 3338 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3339 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3340 } else {
3341 cancel_delayed_work(&hdev->le_scan_disable);
3342
3343 memset(&enable_cp, 0, sizeof(enable_cp));
3344 enable_cp.enable = LE_SCAN_DISABLE;
3345 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3346 sizeof(enable_cp), &enable_cp);
3347 }
c9ecc48e 3348
e0d9727e
AG		 3349 break;
3350
3351 case DISCOVERY_RESOLVING:
3352 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3353 NAME_PENDING);
e0d9727e 3354 if (!e) {
30dc78e1 3355 mgmt_pending_remove(cmd);
e0d9727e
AG		 3356 err = cmd_complete(sk, hdev->id,
3357 MGMT_OP_STOP_DISCOVERY, 0,
3358 &mgmt_cp->type,
3359 sizeof(mgmt_cp->type));
3360 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3361 goto unlock;
3362 }
30dc78e1 3363
e0d9727e 3364 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3365 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3366 &cp);
e0d9727e
AG		 3367
3368 break;
3369
3370 default:
3371 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3372
3373 mgmt_pending_remove(cmd);
3374 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3375 MGMT_STATUS_FAILED, &mgmt_cp->type,
3376 sizeof(mgmt_cp->type));
3377 goto unlock;
14a53664
JH		 3378 }
3379
0e05bba6 3380 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3381 if (err < 0)
3382 mgmt_pending_remove(cmd);
ff9ef578
JH		 3383 else
3384 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3385
30dc78e1 3386unlock:
09fd0de5 3387 hci_dev_unlock(hdev);
14a53664
JH		 3388 return err;
3389}
3390
bdb6d971 3391static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3392 u16 len)
561aafbc 3393{
650f726d 3394 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3395 struct inquiry_entry *e;
561aafbc
JH		 3396 int err;
3397
bdb6d971 3398 BT_DBG("%s", hdev->name);
561aafbc 3399
561aafbc
JH		 3400 hci_dev_lock(hdev);
3401
30dc78e1 3402 if (!hci_discovery_active(hdev)) {
bdb6d971 3403 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3404 MGMT_STATUS_FAILED);
30dc78e1
JH		 3405 goto failed;
3406 }
3407
a198e7b1 3408 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3409 if (!e) {
bdb6d971 3410 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3411 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3412 goto failed;
3413 }
3414
3415 if (cp->name_known) {
3416 e->name_state = NAME_KNOWN;
3417 list_del(&e->list);
3418 } else {
3419 e->name_state = NAME_NEEDED;
a3d4e20a 3420 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3421 }
3422
e384662b
JH		 3423 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3424 sizeof(cp->addr));
561aafbc
JH		 3425
3426failed:
3427 hci_dev_unlock(hdev);
561aafbc
JH		 3428 return err;
3429}
3430
bdb6d971 3431static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3432 u16 len)
7fbec224 3433{
650f726d 3434 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3435 u8 status;
7fbec224
AJ		 3436 int err;
3437
bdb6d971 3438 BT_DBG("%s", hdev->name);
7fbec224 3439
4ee71b20 3440 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3441 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3442 MGMT_STATUS_INVALID_PARAMS,
3443 &cp->addr, sizeof(cp->addr));
4ee71b20 3444
09fd0de5 3445 hci_dev_lock(hdev);
5e762444 3446
88c1fe4b 3447 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3448 if (err < 0)
f0eeea8b 3449 status = MGMT_STATUS_FAILED;
7fbec224 3450 else
a6785be2 3451 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3452
bdb6d971 3453 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3454 &cp->addr, sizeof(cp->addr));
5e762444 3455
09fd0de5 3456 hci_dev_unlock(hdev);
7fbec224
AJ		 3457
3458 return err;
3459}
3460
bdb6d971 3461static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3462 u16 len)
7fbec224 3463{
650f726d 3464 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3465 u8 status;
7fbec224
AJ		 3466 int err;
3467
bdb6d971 3468 BT_DBG("%s", hdev->name);
7fbec224 3469
4ee71b20 3470 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3471 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3472 MGMT_STATUS_INVALID_PARAMS,
3473 &cp->addr, sizeof(cp->addr));
4ee71b20 3474
09fd0de5 3475 hci_dev_lock(hdev);
5e762444 3476
88c1fe4b 3477 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3478 if (err < 0)
f0eeea8b 3479 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3480 else
a6785be2 3481 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3482
bdb6d971 3483 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3484 &cp->addr, sizeof(cp->addr));
5e762444 3485
09fd0de5 3486 hci_dev_unlock(hdev);
7fbec224
AJ		 3487
3488 return err;
3489}
3490
cdbaccca
MH		 3491static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3492 u16 len)
3493{
3494 struct mgmt_cp_set_device_id *cp = data;
890ea898 3495 struct hci_request req;
cdbaccca 3496 int err;
c72d4b8a 3497 __u16 source;
cdbaccca
MH		 3498
3499 BT_DBG("%s", hdev->name);
3500
c72d4b8a
SJ		 3501 source = __le16_to_cpu(cp->source);
3502
3503 if (source > 0x0002)
3504 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3505 MGMT_STATUS_INVALID_PARAMS);
3506
cdbaccca
MH		 3507 hci_dev_lock(hdev);
3508
c72d4b8a 3509 hdev->devid_source = source;
cdbaccca
MH		 3510 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3511 hdev->devid_product = __le16_to_cpu(cp->product);
3512 hdev->devid_version = __le16_to_cpu(cp->version);
3513
3514 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3515
890ea898
JH		 3516 hci_req_init(&req, hdev);
3517 update_eir(&req);
3518 hci_req_run(&req, NULL);
cdbaccca
MH		 3519
3520 hci_dev_unlock(hdev);
3521
3522 return err;
3523}
3524
4375f103
JH		 3525static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3526{
3527 struct cmd_lookup match = { NULL, hdev };
3528
3529 if (status) {
3530 u8 mgmt_err = mgmt_status(status);
3531
3532 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3533 cmd_status_rsp, &mgmt_err);
3534 return;
3535 }
3536
3537 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3538 &match);
3539
3540 new_settings(hdev, match.sk);
3541
3542 if (match.sk)
3543 sock_put(match.sk);
3544}
3545
21b5187f
MH		 3546static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3547 u16 len)
4375f103
JH		 3548{
3549 struct mgmt_mode *cp = data;
3550 struct pending_cmd *cmd;
3551 struct hci_request req;
e6fe7986 3552 u8 val, enabled, status;
4375f103
JH		 3553 int err;
3554
3555 BT_DBG("request for %s", hdev->name);
3556
e6fe7986
JH		 3557 status = mgmt_le_support(hdev);
3558 if (status)
4375f103 3559 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3560 status);
4375f103
JH		 3561
3562 if (cp->val != 0x00 && cp->val != 0x01)
3563 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3564 MGMT_STATUS_INVALID_PARAMS);
3565
3566 hci_dev_lock(hdev);
3567
3568 val = !!cp->val;
f3d3444a 3569 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3570
f74ca9b8
JH		 3571 /* The following conditions are ones which mean that we should
3572 * not do any HCI communication but directly send a mgmt
3573 * response to user space (after toggling the flag if
3574 * necessary).
3575 */
3576 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3577 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3578 bool changed = false;
3579
f3d3444a
JH		 3580 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3581 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3582 changed = true;
3583 }
3584
3585 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3586 if (err < 0)
3587 goto unlock;
3588
3589 if (changed)
3590 err = new_settings(hdev, sk);
3591
3592 goto unlock;
3593 }
3594
3595 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3596 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3597 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3598 MGMT_STATUS_BUSY);
3599 goto unlock;
3600 }
3601
3602 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3603 if (!cmd) {
3604 err = -ENOMEM;
3605 goto unlock;
3606 }
3607
3608 hci_req_init(&req, hdev);
3609
bba3aa55
MH		 3610 if (val)
3611 enable_advertising(&req);
3612 else
3613 disable_advertising(&req);
4375f103
JH		 3614
3615 err = hci_req_run(&req, set_advertising_complete);
3616 if (err < 0)
3617 mgmt_pending_remove(cmd);
3618
3619unlock:
3620 hci_dev_unlock(hdev);
3621 return err;
3622}
3623
d13eafce
MH		 3624static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3625 void *data, u16 len)
3626{
3627 struct mgmt_cp_set_static_address *cp = data;
3628 int err;
3629
3630 BT_DBG("%s", hdev->name);
3631
62af4443 3632 if (!lmp_le_capable(hdev))
d13eafce 3633 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3634 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3635
3636 if (hdev_is_powered(hdev))
3637 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3638 MGMT_STATUS_REJECTED);
3639
3640 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3641 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3642 return cmd_status(sk, hdev->id,
3643 MGMT_OP_SET_STATIC_ADDRESS,
3644 MGMT_STATUS_INVALID_PARAMS);
3645
3646 /* Two most significant bits shall be set */
3647 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3648 return cmd_status(sk, hdev->id,
3649 MGMT_OP_SET_STATIC_ADDRESS,
3650 MGMT_STATUS_INVALID_PARAMS);
3651 }
3652
3653 hci_dev_lock(hdev);
3654
3655 bacpy(&hdev->static_addr, &cp->bdaddr);
3656
3657 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3658
3659 hci_dev_unlock(hdev);
3660
3661 return err;
3662}
3663
14b49b9a
MH		 3664static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3665 void *data, u16 len)
3666{
3667 struct mgmt_cp_set_scan_params *cp = data;
3668 __u16 interval, window;
3669 int err;
3670
3671 BT_DBG("%s", hdev->name);
3672
3673 if (!lmp_le_capable(hdev))
3674 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3675 MGMT_STATUS_NOT_SUPPORTED);
3676
3677 interval = __le16_to_cpu(cp->interval);
3678
3679 if (interval < 0x0004 || interval > 0x4000)
3680 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3681 MGMT_STATUS_INVALID_PARAMS);
3682
3683 window = __le16_to_cpu(cp->window);
3684
3685 if (window < 0x0004 || window > 0x4000)
3686 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3687 MGMT_STATUS_INVALID_PARAMS);
3688
899e1075
MH		 3689 if (window > interval)
3690 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3691 MGMT_STATUS_INVALID_PARAMS);
3692
14b49b9a
MH		 3693 hci_dev_lock(hdev);
3694
3695 hdev->le_scan_interval = interval;
3696 hdev->le_scan_window = window;
3697
3698 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3699
3700 hci_dev_unlock(hdev);
3701
3702 return err;
3703}
3704
33e38b3e
JH		 3705static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3706{
3707 struct pending_cmd *cmd;
3708
3709 BT_DBG("status 0x%02x", status);
3710
3711 hci_dev_lock(hdev);
3712
3713 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3714 if (!cmd)
3715 goto unlock;
3716
3717 if (status) {
3718 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3719 mgmt_status(status));
3720 } else {
1a4d3c4b
JH		 3721 struct mgmt_mode *cp = cmd->param;
3722
3723 if (cp->val)
3724 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3725 else
3726 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3727
33e38b3e
JH		 3728 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3729 new_settings(hdev, cmd->sk);
3730 }
3731
3732 mgmt_pending_remove(cmd);
3733
3734unlock:
3735 hci_dev_unlock(hdev);
3736}
3737
bdb6d971 3738static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3739 void *data, u16 len)
f6422ec6 3740{
650f726d 3741 struct mgmt_mode *cp = data;
33e38b3e
JH		 3742 struct pending_cmd *cmd;
3743 struct hci_request req;
f6422ec6
AJ		 3744 int err;
3745
bdb6d971 3746 BT_DBG("%s", hdev->name);
f6422ec6 3747
56f87901
JH		 3748 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3749 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3750 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3751 MGMT_STATUS_NOT_SUPPORTED);
3752
a7e80f25
JH		 3753 if (cp->val != 0x00 && cp->val != 0x01)
3754 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3755 MGMT_STATUS_INVALID_PARAMS);
3756
5400c044 3757 if (!hdev_is_powered(hdev))
bdb6d971 3758 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3759 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3760
3761 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3762 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3763 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3764
3765 hci_dev_lock(hdev);
3766
05cbf29f
JH		 3767 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3768 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3769 MGMT_STATUS_BUSY);
3770 goto unlock;
3771 }
3772
1a4d3c4b
JH		 3773 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3774 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3775 hdev);
3776 goto unlock;
3777 }
3778
33e38b3e
JH		 3779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3780 data, len);
3781 if (!cmd) {
3782 err = -ENOMEM;
3783 goto unlock;
f6422ec6
AJ		 3784 }
3785
33e38b3e
JH		 3786 hci_req_init(&req, hdev);
3787
406d7804 3788 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3789
3790 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3791 if (err < 0) {
bdb6d971 3792 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3793 MGMT_STATUS_FAILED);
33e38b3e 3794 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3795 }
3796
33e38b3e 3797unlock:
f6422ec6 3798 hci_dev_unlock(hdev);
33e38b3e 3799
f6422ec6
AJ		 3800 return err;
3801}
3802
67e5a7a3
JH		 3803static void set_bredr_scan(struct hci_request *req)
3804{
3805 struct hci_dev *hdev = req->hdev;
3806 u8 scan = 0;
3807
3808 /* Ensure that fast connectable is disabled. This function will
3809 * not do anything if the page scan parameters are already what
3810 * they should be.
3811 */
3812 write_fast_connectable(req, false);
3813
3814 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3815 scan |= SCAN_PAGE;
3816 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3817 scan |= SCAN_INQUIRY;
3818
3819 if (scan)
3820 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3821}
3822
0663ca2a
JH		 3823static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3824{
3825 struct pending_cmd *cmd;
3826
3827 BT_DBG("status 0x%02x", status);
3828
3829 hci_dev_lock(hdev);
3830
3831 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3832 if (!cmd)
3833 goto unlock;
3834
3835 if (status) {
3836 u8 mgmt_err = mgmt_status(status);
3837
3838 /* We need to restore the flag if related HCI commands
3839 * failed.
3840 */
3841 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3842
3843 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3844 } else {
3845 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3846 new_settings(hdev, cmd->sk);
3847 }
3848
3849 mgmt_pending_remove(cmd);
3850
3851unlock:
3852 hci_dev_unlock(hdev);
3853}
3854
3855static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3856{
3857 struct mgmt_mode *cp = data;
3858 struct pending_cmd *cmd;
3859 struct hci_request req;
3860 int err;
3861
3862 BT_DBG("request for %s", hdev->name);
3863
3864 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3865 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3866 MGMT_STATUS_NOT_SUPPORTED);
3867
3868 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3869 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3870 MGMT_STATUS_REJECTED);
3871
3872 if (cp->val != 0x00 && cp->val != 0x01)
3873 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3874 MGMT_STATUS_INVALID_PARAMS);
3875
3876 hci_dev_lock(hdev);
3877
3878 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3879 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3880 goto unlock;
3881 }
3882
3883 if (!hdev_is_powered(hdev)) {
3884 if (!cp->val) {
0663ca2a
JH		 3885 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3886 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3887 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3888 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3889 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3890 }
3891
3892 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3893
3894 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3895 if (err < 0)
3896 goto unlock;
3897
3898 err = new_settings(hdev, sk);
3899 goto unlock;
3900 }
3901
3902 /* Reject disabling when powered on */
3903 if (!cp->val) {
3904 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3905 MGMT_STATUS_REJECTED);
3906 goto unlock;
3907 }
3908
3909 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3910 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3911 MGMT_STATUS_BUSY);
3912 goto unlock;
3913 }
3914
3915 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3916 if (!cmd) {
3917 err = -ENOMEM;
3918 goto unlock;
3919 }
3920
5947f4bc 3921 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 3922 * generates the correct flags.
3923 */
3924 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3925
3926 hci_req_init(&req, hdev);
aa8af46e
JH		 3927
3928 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3929 set_bredr_scan(&req);
3930
f14d8f64
MH		 3931 /* Since only the advertising data flags will change, there
3932 * is no need to update the scan response data.
3933 */
5947f4bc 3934 update_adv_data(&req);
aa8af46e 3935
0663ca2a
JH		 3936 err = hci_req_run(&req, set_bredr_complete);
3937 if (err < 0)
3938 mgmt_pending_remove(cmd);
3939
3940unlock:
3941 hci_dev_unlock(hdev);
3942 return err;
3943}
3944
3f706b72
JH		 3945static bool ltk_is_valid(struct mgmt_ltk_info *key)
3946{
44b20d33
JH		 3947 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3948 return false;
3f706b72
JH		 3949 if (key->master != 0x00 && key->master != 0x01)
3950 return false;
4ee71b20
JH		 3951 if (!bdaddr_type_is_le(key->addr.type))
3952 return false;
3f706b72
JH		 3953 return true;
3954}
3955
bdb6d971 3956static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3957 void *cp_data, u16 len)
346af67b 3958{
346af67b
VCG		 3959 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3960 u16 key_count, expected_len;
715a5bf2 3961 int i, err;
346af67b 3962
cf99ba13
MH		 3963 BT_DBG("request for %s", hdev->name);
3964
3965 if (!lmp_le_capable(hdev))
3966 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3967 MGMT_STATUS_NOT_SUPPORTED);
3968
1f350c87 3969 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3970
3971 expected_len = sizeof(*cp) + key_count *
3972 sizeof(struct mgmt_ltk_info);
3973 if (expected_len != len) {
3974 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3975 len, expected_len);
bdb6d971 3976 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3977 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3978 }
3979
bdb6d971 3980 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3981
54ad6d8a
JH		 3982 for (i = 0; i < key_count; i++) {
3983 struct mgmt_ltk_info *key = &cp->keys[i];
3984
3f706b72 3985 if (!ltk_is_valid(key))
54ad6d8a
JH		 3986 return cmd_status(sk, hdev->id,
3987 MGMT_OP_LOAD_LONG_TERM_KEYS,
3988 MGMT_STATUS_INVALID_PARAMS);
3989 }
3990
346af67b
VCG		 3991 hci_dev_lock(hdev);
3992
3993 hci_smp_ltks_clear(hdev);
3994
3995 for (i = 0; i < key_count; i++) {
3996 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 3997 u8 type, addr_type;
3998
3999 if (key->addr.type == BDADDR_LE_PUBLIC)
4000 addr_type = ADDR_LE_DEV_PUBLIC;
4001 else
4002 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4003
4004 if (key->master)
4005 type = HCI_SMP_LTK;
4006 else
4007 type = HCI_SMP_LTK_SLAVE;
4008
79d95a19 4009 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 4010 type, 0, key->authenticated, key->val,
4011 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4012 }
4013
715a5bf2
JH		 4014 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4015 NULL, 0);
4016
346af67b 4017 hci_dev_unlock(hdev);
346af67b 4018
715a5bf2 4019 return err;
346af67b
VCG		 4020}
4021
2e3c35ea 4022static const struct mgmt_handler {
04124681
GP		 4023 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4024 u16 data_len);
be22b54e
JH		 4025 bool var_len;
4026 size_t data_len;
0f4e68cf
JH		 4027} mgmt_handlers[] = {
4028 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4029 { read_version, false, MGMT_READ_VERSION_SIZE },
4030 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4031 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4032 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4033 { set_powered, false, MGMT_SETTING_SIZE },
4034 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4035 { set_connectable, false, MGMT_SETTING_SIZE },
4036 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4037 { set_pairable, false, MGMT_SETTING_SIZE },
4038 { set_link_security, false, MGMT_SETTING_SIZE },
4039 { set_ssp, false, MGMT_SETTING_SIZE },
4040 { set_hs, false, MGMT_SETTING_SIZE },
4041 { set_le, false, MGMT_SETTING_SIZE },
4042 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4043 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4044 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4045 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4046 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4047 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4048 { disconnect, false, MGMT_DISCONNECT_SIZE },
4049 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4050 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4051 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4052 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4053 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4054 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4055 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4056 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4057 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4058 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4059 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4060 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4061 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4062 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4063 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4064 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4065 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4066 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4067 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4068 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4069 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4070 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4071 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4072 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 4073};
4074
4075
0381101f
JH		 4076int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4077{
650f726d
VCG		 4078 void *buf;
4079 u8 *cp;
0381101f 4080 struct mgmt_hdr *hdr;
4e51eae9 4081 u16 opcode, index, len;
bdb6d971 4082 struct hci_dev *hdev = NULL;
2e3c35ea 4083 const struct mgmt_handler *handler;
0381101f
JH		 4084 int err;
4085
4086 BT_DBG("got %zu bytes", msglen);
4087
4088 if (msglen < sizeof(*hdr))
4089 return -EINVAL;
4090
e63a15ec 4091 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4092 if (!buf)
4093 return -ENOMEM;
4094
4095 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4096 err = -EFAULT;
4097 goto done;
4098 }
4099
650f726d 4100 hdr = buf;
1f350c87
MH		 4101 opcode = __le16_to_cpu(hdr->opcode);
4102 index = __le16_to_cpu(hdr->index);
4103 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4104
4105 if (len != msglen - sizeof(*hdr)) {
4106 err = -EINVAL;
4107 goto done;
4108 }
4109
0f4e68cf 4110 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4111 hdev = hci_dev_get(index);
4112 if (!hdev) {
4113 err = cmd_status(sk, index, opcode,
04124681 4114 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4115 goto done;
4116 }
0736cfa8 4117
cebf4cfd
JH		 4118 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4119 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4120 err = cmd_status(sk, index, opcode,
4121 MGMT_STATUS_INVALID_INDEX);
4122 goto done;
4123 }
bdb6d971
JH		 4124 }
4125
0f4e68cf 4126 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4127 mgmt_handlers[opcode].func == NULL) {
0381101f 4128 BT_DBG("Unknown op %u", opcode);
ca69b795 4129 err = cmd_status(sk, index, opcode,
04124681 4130 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4131 goto done;
4132 }
4133
4134 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4135 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4136 err = cmd_status(sk, index, opcode,
04124681 4137 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4138 goto done;
0381101f
JH		 4139 }
4140
be22b54e
JH		 4141 handler = &mgmt_handlers[opcode];
4142
4143 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4144 (!handler->var_len && len != handler->data_len)) {
be22b54e 4145 err = cmd_status(sk, index, opcode,
04124681 4146 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4147 goto done;
4148 }
4149
0f4e68cf
JH		 4150 if (hdev)
4151 mgmt_init_hdev(sk, hdev);
4152
4153 cp = buf + sizeof(*hdr);
4154
be22b54e 4155 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4156 if (err < 0)
4157 goto done;
4158
0381101f
JH		 4159 err = msglen;
4160
4161done:
bdb6d971
JH		 4162 if (hdev)
4163 hci_dev_put(hdev);
4164
0381101f
JH		 4165 kfree(buf);
4166 return err;
4167}
c71e97bf 4168
bf6b56db 4169void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4170{
1514b892 4171 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4172 return;
bb4b2a9a 4173
bf6b56db 4174 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4175}
4176
bf6b56db 4177void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4178{
5f159032 4179 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4180
1514b892 4181 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4182 return;
bb4b2a9a 4183
744cf19e 4184 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4185
bf6b56db 4186 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4187}
4188
229ab39c
JH		 4189static void powered_complete(struct hci_dev *hdev, u8 status)
4190{
4191 struct cmd_lookup match = { NULL, hdev };
4192
4193 BT_DBG("status 0x%02x", status);
4194
4195 hci_dev_lock(hdev);
4196
4197 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4198
4199 new_settings(hdev, match.sk);
4200
4201 hci_dev_unlock(hdev);
4202
4203 if (match.sk)
4204 sock_put(match.sk);
4205}
4206
70da6243 4207static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4208{
890ea898 4209 struct hci_request req;
70da6243 4210 u8 link_sec;
5add6af8 4211
890ea898
JH		 4212 hci_req_init(&req, hdev);
4213
70da6243
JH		 4214 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4215 !lmp_host_ssp_capable(hdev)) {
4216 u8 ssp = 1;
5e5282bb 4217
890ea898 4218 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4219 }
5add6af8 4220
c73eee91
JH		 4221 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4222 lmp_bredr_capable(hdev)) {
70da6243 4223 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4224
70da6243
JH		 4225 cp.le = 1;
4226 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4227
70da6243
JH		 4228 /* Check first if we already have the right
4229 * host state (host features set)
4230 */
4231 if (cp.le != lmp_host_le_capable(hdev) ||
4232 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4233 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4234 sizeof(cp), &cp);
70da6243 4235 }
3d1cbdd6 4236
d13eafce
MH		 4237 if (lmp_le_capable(hdev)) {
4238 /* Set random address to static address if configured */
4239 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4240 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4241 &hdev->static_addr);
eeca6f89 4242
441ad2d0
MH		 4243 /* Make sure the controller has a good default for
4244 * advertising data. This also applies to the case
4245 * where BR/EDR was toggled during the AUTO_OFF phase.
4246 */
f14d8f64 4247 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4248 update_adv_data(&req);
f14d8f64
MH		 4249 update_scan_rsp_data(&req);
4250 }
441ad2d0 4251
bba3aa55
MH		 4252 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4253 enable_advertising(&req);
eeca6f89
JH		 4254 }
4255
70da6243
JH		 4256 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4257 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4258 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4259 sizeof(link_sec), &link_sec);
562fcc24 4260
70da6243 4261 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4262 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4263 set_bredr_scan(&req);
890ea898 4264 update_class(&req);
13928971 4265 update_name(&req);
890ea898 4266 update_eir(&req);
70da6243 4267 }
562fcc24 4268
229ab39c 4269 return hci_req_run(&req, powered_complete);
70da6243 4270}
562fcc24 4271
70da6243
JH		 4272int mgmt_powered(struct hci_dev *hdev, u8 powered)
4273{
4274 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4275 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4276 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4277 int err;
f0ff92fb 4278
70da6243
JH		 4279 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4280 return 0;
4281
70da6243 4282 if (powered) {
229ab39c
JH		 4283 if (powered_update_hci(hdev) == 0)
4284 return 0;
fe038884 4285
229ab39c
JH		 4286 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4287 &match);
4288 goto new_settings;
b24752fe
JH		 4289 }
4290
229ab39c
JH		 4291 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4292 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4293
4294 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4295 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4296 zero_cod, sizeof(zero_cod), NULL);
4297
4298new_settings:
beadb2bd 4299 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4300
4301 if (match.sk)
4302 sock_put(match.sk);
4303
7bb895d6 4304 return err;
5add6af8 4305}
73f22f62 4306
3eec705e 4307void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4308{
4309 struct pending_cmd *cmd;
4310 u8 status;
4311
4312 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4313 if (!cmd)
3eec705e 4314 return;
96570ffc
JH		 4315
4316 if (err == -ERFKILL)
4317 status = MGMT_STATUS_RFKILLED;
4318 else
4319 status = MGMT_STATUS_FAILED;
4320
3eec705e 4321 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4322
4323 mgmt_pending_remove(cmd);
96570ffc
JH		 4324}
4325
d1967ff8
MH		 4326void mgmt_discoverable_timeout(struct hci_dev *hdev)
4327{
4328 struct hci_request req;
4329 u8 scan = SCAN_PAGE;
4330
4331 hci_dev_lock(hdev);
4332
4333 /* When discoverable timeout triggers, then just make sure
4334 * the limited discoverable flag is cleared. Even in the case
4335 * of a timeout triggered from general discoverable, it is
4336 * safe to unconditionally clear the flag.
4337 */
4338 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4339
4340 hci_req_init(&req, hdev);
4341 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
4342 update_class(&req);
4343 hci_req_run(&req, NULL);
4344
4345 hdev->discov_timeout = 0;
4346
4347 hci_dev_unlock(hdev);
4348}
4349
86a75645 4350void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4351{
86a75645 4352 bool changed;
73f22f62 4353
bfaf8c9f
JH		 4354 /* Nothing needed here if there's a pending command since that
4355 * commands request completion callback takes care of everything
4356 * necessary.
4357 */
4358 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4359 return;
bfaf8c9f 4360
86a75645
MH		 4361 if (discoverable)
4362 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4363 else
4364 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
73f22f62 4365
beadb2bd 4366 if (changed)
86a75645 4367 new_settings(hdev, NULL);
73f22f62 4368}
9fbcbb45 4369
a330916c 4370void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4371{
a330916c 4372 bool changed;
9fbcbb45 4373
d7b856f9
JH		 4374 /* Nothing needed here if there's a pending command since that
4375 * commands request completion callback takes care of everything
4376 * necessary.
4377 */
4378 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4379 return;
d7b856f9 4380
a330916c
MH		 4381 if (connectable)
4382 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4383 else
4384 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4385
beadb2bd 4386 if (changed)
a330916c 4387 new_settings(hdev, NULL);
9fbcbb45 4388}
55ed8ca1 4389
4796e8af 4390void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4391{
ca69b795
JH		 4392 u8 mgmt_err = mgmt_status(status);
4393
2d7cee58 4394 if (scan & SCAN_PAGE)
744cf19e 4395 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4396 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4397
4398 if (scan & SCAN_INQUIRY)
744cf19e 4399 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4400 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4401}
4402
dc4a5ee2
MH		 4403void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4404 bool persistent)
55ed8ca1 4405{
86742e1e 4406 struct mgmt_ev_new_link_key ev;
55ed8ca1 4407
a492cd52 4408 memset(&ev, 0, sizeof(ev));
55ed8ca1 4409
a492cd52 4410 ev.store_hint = persistent;
d753fdc4 4411 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4412 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4413 ev.key.type = key->type;
9b3b4460 4414 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4415 ev.key.pin_len = key->pin_len;
55ed8ca1 4416
dc4a5ee2 4417 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4418}
f7520543 4419
083368f7 4420void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
346af67b
VCG		 4421{
4422 struct mgmt_ev_new_long_term_key ev;
4423
4424 memset(&ev, 0, sizeof(ev));
4425
4426 ev.store_hint = persistent;
4427 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4428 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4429 ev.key.authenticated = key->authenticated;
4430 ev.key.enc_size = key->enc_size;
4431 ev.key.ediv = key->ediv;
4432
4433 if (key->type == HCI_SMP_LTK)
4434 ev.key.master = 1;
4435
4436 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4437 memcpy(ev.key.val, key->val, sizeof(key->val));
4438
083368f7 4439 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4440}
4441
94933991
MH		 4442static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4443 u8 data_len)
4444{
4445 eir[eir_len++] = sizeof(type) + data_len;
4446 eir[eir_len++] = type;
4447 memcpy(&eir[eir_len], data, data_len);
4448 eir_len += data_len;
4449
4450 return eir_len;
4451}
4452
ecd90ae7
MH		 4453void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4454 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4455 u8 *dev_class)
f7520543 4456{
b644ba33
JH		 4457 char buf[512];
4458 struct mgmt_ev_device_connected *ev = (void *) buf;
4459 u16 eir_len = 0;
f7520543 4460
b644ba33 4461 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4462 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4463
c95f0ba7 4464 ev->flags = __cpu_to_le32(flags);
08c79b61 4465
b644ba33
JH		 4466 if (name_len > 0)
4467 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4468 name, name_len);
b644ba33
JH		 4469
4470 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4471 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4472 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4473
eb55ef07 4474 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4475
ecd90ae7
MH		 4476 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4477 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4478}
4479
8962ee74
JH		 4480static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4481{
c68fb7ff 4482 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4483 struct sock **sk = data;
a38528f1 4484 struct mgmt_rp_disconnect rp;
8962ee74 4485
88c3df13
JH		 4486 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4487 rp.addr.type = cp->addr.type;
8962ee74 4488
aee9b218 4489 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4490 sizeof(rp));
8962ee74
JH		 4491
4492 *sk = cmd->sk;
4493 sock_hold(*sk);
4494
a664b5bc 4495 mgmt_pending_remove(cmd);
8962ee74
JH		 4496}
4497
124f6e35 4498static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4499{
b1078ad0 4500 struct hci_dev *hdev = data;
124f6e35
JH		 4501 struct mgmt_cp_unpair_device *cp = cmd->param;
4502 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4503
4504 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4505 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4506 rp.addr.type = cp->addr.type;
a8a1d19e 4507
b1078ad0
JH		 4508 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4509
aee9b218 4510 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4511
4512 mgmt_pending_remove(cmd);
4513}
4514
9b80ec5e
MH		 4515void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4516 u8 link_type, u8 addr_type, u8 reason)
f7520543 4517{
f0d6a0ea 4518 struct mgmt_ev_device_disconnected ev;
8962ee74 4519 struct sock *sk = NULL;
8962ee74 4520
744cf19e 4521 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4522
f0d6a0ea
MA		 4523 bacpy(&ev.addr.bdaddr, bdaddr);
4524 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4525 ev.reason = reason;
f7520543 4526
9b80ec5e 4527 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4528
4529 if (sk)
d97dcb66 4530 sock_put(sk);
8962ee74 4531
124f6e35 4532 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4533 hdev);
8962ee74
JH		 4534}
4535
7892924c
MH		 4536void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4537 u8 link_type, u8 addr_type, u8 status)
8962ee74 4538{
88c3df13 4539 struct mgmt_rp_disconnect rp;
8962ee74 4540 struct pending_cmd *cmd;
8962ee74 4541
36a75f1b
JD		 4542 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4543 hdev);
4544
2e58ef3e 4545 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4546 if (!cmd)
7892924c 4547 return;
8962ee74 4548
88c3df13 4549 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4550 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4551
7892924c
MH		 4552 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4553 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4554
a664b5bc 4555 mgmt_pending_remove(cmd);
f7520543 4556}
17d5c04c 4557
445608d0
MH		 4558void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4559 u8 addr_type, u8 status)
17d5c04c
JH		 4560{
4561 struct mgmt_ev_connect_failed ev;
4562
4c659c39 4563 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4564 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4565 ev.status = mgmt_status(status);
17d5c04c 4566
445608d0 4567 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4568}
980e1a53 4569
ce0e4a0d 4570void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4571{
4572 struct mgmt_ev_pin_code_request ev;
4573
d8457698 4574 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4575 ev.addr.type = BDADDR_BREDR;
a770bb5a 4576 ev.secure = secure;
980e1a53 4577
ce0e4a0d 4578 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4579}
4580
e669cf80
MH		 4581void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4582 u8 status)
980e1a53
JH		 4583{
4584 struct pending_cmd *cmd;
ac56fb13 4585 struct mgmt_rp_pin_code_reply rp;
980e1a53 4586
2e58ef3e 4587 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4588 if (!cmd)
e669cf80 4589 return;
980e1a53 4590
d8457698 4591 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4592 rp.addr.type = BDADDR_BREDR;
ac56fb13 4593
e669cf80
MH		 4594 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4595 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4596
a664b5bc 4597 mgmt_pending_remove(cmd);
980e1a53
JH		 4598}
4599
3eb38528
MH		 4600void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4601 u8 status)
980e1a53
JH		 4602{
4603 struct pending_cmd *cmd;
ac56fb13 4604 struct mgmt_rp_pin_code_reply rp;
980e1a53 4605
2e58ef3e 4606 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 4607 if (!cmd)
3eb38528 4608 return;
980e1a53 4609
d8457698 4610 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4611 rp.addr.type = BDADDR_BREDR;
ac56fb13 4612
3eb38528
MH		 4613 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4614 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4615
a664b5bc 4616 mgmt_pending_remove(cmd);
980e1a53 4617}
a5c29683 4618
744cf19e 4619int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4620 u8 link_type, u8 addr_type, __le32 value,
4621 u8 confirm_hint)
a5c29683
JH		 4622{
4623 struct mgmt_ev_user_confirm_request ev;
4624
744cf19e 4625 BT_DBG("%s", hdev->name);
a5c29683 4626
272d90df 4627 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4628 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4629 ev.confirm_hint = confirm_hint;
78e8098e 4630 ev.value = value;
a5c29683 4631
744cf19e 4632 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4633 NULL);
a5c29683
JH		 4634}
4635
272d90df 4636int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4637 u8 link_type, u8 addr_type)
604086b7
BG		 4638{
4639 struct mgmt_ev_user_passkey_request ev;
4640
4641 BT_DBG("%s", hdev->name);
4642
272d90df 4643 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4644 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4645
4646 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4647 NULL);
604086b7
BG		 4648}
4649
0df4c185 4650static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4651 u8 link_type, u8 addr_type, u8 status,
4652 u8 opcode)
a5c29683
JH		 4653{
4654 struct pending_cmd *cmd;
4655 struct mgmt_rp_user_confirm_reply rp;
4656 int err;
4657
2e58ef3e 4658 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4659 if (!cmd)
4660 return -ENOENT;
4661
272d90df 4662 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4663 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4664 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4665 &rp, sizeof(rp));
a5c29683 4666
a664b5bc 4667 mgmt_pending_remove(cmd);
a5c29683
JH		 4668
4669 return err;
4670}
4671
744cf19e 4672int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4673 u8 link_type, u8 addr_type, u8 status)
a5c29683 4674{
272d90df 4675 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4676 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4677}
4678
272d90df 4679int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4680 u8 link_type, u8 addr_type, u8 status)
a5c29683 4681{
272d90df 4682 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4683 status,
4684 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4685}
2a611692 4686
604086b7 4687int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4688 u8 link_type, u8 addr_type, u8 status)
604086b7 4689{
272d90df 4690 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4691 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4692}
4693
272d90df 4694int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4695 u8 link_type, u8 addr_type, u8 status)
604086b7 4696{
272d90df 4697 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4698 status,
4699 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4700}
4701
92a25256
JH		 4702int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4703 u8 link_type, u8 addr_type, u32 passkey,
4704 u8 entered)
4705{
4706 struct mgmt_ev_passkey_notify ev;
4707
4708 BT_DBG("%s", hdev->name);
4709
4710 bacpy(&ev.addr.bdaddr, bdaddr);
4711 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4712 ev.passkey = __cpu_to_le32(passkey);
4713 ev.entered = entered;
4714
4715 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4716}
4717
e546099c
MH		 4718void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4719 u8 addr_type, u8 status)
2a611692
JH		 4720{
4721 struct mgmt_ev_auth_failed ev;
4722
bab73cb6 4723 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4724 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4725 ev.status = mgmt_status(status);
2a611692 4726
e546099c 4727 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4728}
b312b161 4729
464996ae 4730void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 4731{
4732 struct cmd_lookup match = { NULL, hdev };
464996ae 4733 bool changed;
33ef95ed
JH		 4734
4735 if (status) {
4736 u8 mgmt_err = mgmt_status(status);
4737 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4738 cmd_status_rsp, &mgmt_err);
464996ae 4739 return;
33ef95ed
JH		 4740 }
4741
464996ae
MH		 4742 if (test_bit(HCI_AUTH, &hdev->flags))
4743 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4744 &hdev->dev_flags);
4745 else
4746 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4747 &hdev->dev_flags);
47990ea0 4748
33ef95ed 4749 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4750 &match);
33ef95ed 4751
47990ea0 4752 if (changed)
464996ae 4753 new_settings(hdev, match.sk);
33ef95ed
JH		 4754
4755 if (match.sk)
4756 sock_put(match.sk);
33ef95ed
JH		 4757}
4758
890ea898 4759static void clear_eir(struct hci_request *req)
cacaf52f 4760{
890ea898 4761 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4762 struct hci_cp_write_eir cp;
4763
976eb20e 4764 if (!lmp_ext_inq_capable(hdev))
890ea898 4765 return;
cacaf52f 4766
c80da27e
JH		 4767 memset(hdev->eir, 0, sizeof(hdev->eir));
4768
cacaf52f
JH		 4769 memset(&cp, 0, sizeof(cp));
4770
890ea898 4771 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4772}
4773
3e248560 4774void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4775{
4776 struct cmd_lookup match = { NULL, hdev };
890ea898 4777 struct hci_request req;
c0ecddc2 4778 bool changed = false;
ed2c4ee3
JH		 4779
4780 if (status) {
4781 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4782
4783 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4784 &hdev->dev_flags)) {
4785 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 4786 new_settings(hdev, NULL);
9ecb3e24 4787 }
c0ecddc2 4788
04124681
GP		 4789 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4790 &mgmt_err);
3e248560 4791 return;
c0ecddc2
JH		 4792 }
4793
4794 if (enable) {
9ecb3e24 4795 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4796 } else {
9ecb3e24
MH		 4797 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4798 if (!changed)
4799 changed = test_and_clear_bit(HCI_HS_ENABLED,
4800 &hdev->dev_flags);
4801 else
4802 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4803 }
4804
4805 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4806
c0ecddc2 4807 if (changed)
3e248560 4808 new_settings(hdev, match.sk);
ed2c4ee3 4809
5fc6ebb1 4810 if (match.sk)
ed2c4ee3
JH		 4811 sock_put(match.sk);
4812
890ea898
JH		 4813 hci_req_init(&req, hdev);
4814
5fc6ebb1 4815 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4816 update_eir(&req);
5fc6ebb1 4817 else
890ea898
JH		 4818 clear_eir(&req);
4819
4820 hci_req_run(&req, NULL);
ed2c4ee3
JH		 4821}
4822
92da6097 4823static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4824{
4825 struct cmd_lookup *match = data;
4826
90e70454
JH		 4827 if (match->sk == NULL) {
4828 match->sk = cmd->sk;
4829 sock_hold(match->sk);
4830 }
90e70454
JH		 4831}
4832
4e1b0245
MH		 4833void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4834 u8 status)
7f9a903c 4835{
90e70454 4836 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 4837
92da6097
JH		 4838 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4839 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4840 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4841
4842 if (!status)
4e1b0245
MH		 4843 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
4844 NULL);
90e70454
JH		 4845
4846 if (match.sk)
4847 sock_put(match.sk);
7f9a903c
MH		 4848}
4849
7667da34 4850void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4851{
b312b161 4852 struct mgmt_cp_set_local_name ev;
13928971 4853 struct pending_cmd *cmd;
28cc7bde 4854
13928971 4855 if (status)
7667da34 4856 return;
b312b161
JH		 4857
4858 memset(&ev, 0, sizeof(ev));
4859 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4860 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4861
2e58ef3e 4862 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4863 if (!cmd) {
4864 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4865
13928971
JH		 4866 /* If this is a HCI command related to powering on the
4867 * HCI dev don't send any mgmt signals.
4868 */
4869 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 4870 return;
890ea898 4871 }
b312b161 4872
7667da34
MH		 4873 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4874 cmd ? cmd->sk : NULL);
b312b161 4875}
c35938b2 4876
3edaf092
MH		 4877void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4878 u8 *randomizer, u8 status)
c35938b2
SJ		 4879{
4880 struct pending_cmd *cmd;
c35938b2 4881
744cf19e 4882 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4883
2e58ef3e 4884 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 4885 if (!cmd)
3edaf092 4886 return;
c35938b2
SJ		 4887
4888 if (status) {
3edaf092
MH		 4889 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4890 mgmt_status(status));
c35938b2
SJ		 4891 } else {
4892 struct mgmt_rp_read_local_oob_data rp;
4893
4894 memcpy(rp.hash, hash, sizeof(rp.hash));
4895 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4896
3edaf092
MH		 4897 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4898 0, &rp, sizeof(rp));
c35938b2
SJ		 4899 }
4900
4901 mgmt_pending_remove(cmd);
c35938b2 4902}
e17acd40 4903
901801b9
MH		 4904void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4905 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4906 ssp, u8 *eir, u16 eir_len)
e17acd40 4907{
e319d2e7
JH		 4908 char buf[512];
4909 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4910 size_t ev_size;
e17acd40 4911
12602d0c 4912 if (!hci_discovery_active(hdev))
901801b9 4913 return;
12602d0c 4914
1dc06093
JH		 4915 /* Leave 5 bytes for a potential CoD field */
4916 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4917 return;
7d262f86 4918
1dc06093
JH		 4919 memset(buf, 0, sizeof(buf));
4920
e319d2e7 4921 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4922 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4923 ev->rssi = rssi;
9a395a80 4924 if (cfm_name)
612dfce9 4925 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4926 if (!ssp)
612dfce9 4927 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4928
1dc06093 4929 if (eir_len > 0)
e319d2e7 4930 memcpy(ev->eir, eir, eir_len);
e17acd40 4931
1dc06093
JH		 4932 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4933 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4934 dev_class, 3);
1dc06093 4935
eb55ef07 4936 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4937 ev_size = sizeof(*ev) + eir_len;
f8523598 4938
901801b9 4939 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4940}
a88a9652 4941
9cf12aee
MH		 4942void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4943 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4944{
b644ba33
JH		 4945 struct mgmt_ev_device_found *ev;
4946 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4947 u16 eir_len;
a88a9652 4948
b644ba33 4949 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4950
b644ba33
JH		 4951 memset(buf, 0, sizeof(buf));
4952
4953 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4954 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4955 ev->rssi = rssi;
4956
4957 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4958 name_len);
b644ba33 4959
eb55ef07 4960 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4961
9cf12aee 4962 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4963}
314b2381 4964
2f1e063b 4965void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4966{
f963e8e9 4967 struct mgmt_ev_discovering ev;
164a6e78
JH		 4968 struct pending_cmd *cmd;
4969
343fb145
AG		 4970 BT_DBG("%s discovering %u", hdev->name, discovering);
4971
164a6e78 4972 if (discovering)
2e58ef3e 4973 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4974 else
2e58ef3e 4975 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4976
4977 if (cmd != NULL) {
f808e166
JH		 4978 u8 type = hdev->discovery.type;
4979
04124681
GP		 4980 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4981 sizeof(type));
164a6e78
JH		 4982 mgmt_pending_remove(cmd);
4983 }
4984
f963e8e9
JH		 4985 memset(&ev, 0, sizeof(ev));
4986 ev.type = hdev->discovery.type;
4987 ev.discovering = discovering;
4988
2f1e063b 4989 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4990}
5e762444 4991
88c1fe4b 4992int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4993{
4994 struct pending_cmd *cmd;
4995 struct mgmt_ev_device_blocked ev;
4996
2e58ef3e 4997 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4998
88c1fe4b
JH		 4999 bacpy(&ev.addr.bdaddr, bdaddr);
5000 ev.addr.type = type;
5e762444 5001
744cf19e 5002 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5003 cmd ? cmd->sk : NULL);
5e762444
AJ		 5004}
5005
88c1fe4b 5006int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5007{
5008 struct pending_cmd *cmd;
5009 struct mgmt_ev_device_unblocked ev;
5010
2e58ef3e 5011 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5012
88c1fe4b
JH		 5013 bacpy(&ev.addr.bdaddr, bdaddr);
5014 ev.addr.type = type;
5e762444 5015
744cf19e 5016 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5017 cmd ? cmd->sk : NULL);
5e762444 5018}
5976e608
MH		 5019
5020static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5021{
5022 BT_DBG("%s status %u", hdev->name, status);
5023
5024 /* Clear the advertising mgmt setting if we failed to re-enable it */
5025 if (status) {
5026 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5027 new_settings(hdev, NULL);
5976e608
MH		 5028 }
5029}
5030
5031void mgmt_reenable_advertising(struct hci_dev *hdev)
5032{
5033 struct hci_request req;
5034
b145edcd 5035 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5036 return;
5037
5038 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5039 return;
5040
5041 hci_req_init(&req, hdev);
5042 enable_advertising(&req);
5043
5044 /* If this fails we have no option but to let user space know
5045 * that we've disabled advertising.
5046 */
5047 if (hci_req_run(&req, adv_enable_complete) < 0) {
5048 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5049 new_settings(hdev, NULL);
5976e608
MH		 5050 }
5051}
Linux kernel - Deliverables
This page took 0.696766 seconds and 5 git commands to generate.