projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix endless loop with HCI_QUIRK_RESET_ON_CLOSE
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
92a25256 104 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 105};
106
17b02e62 107#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 108
4b34ee78
JH		 109#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
110 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
111
eec8d2bc
JH		 112struct pending_cmd {
113 struct list_head list;
fc2f4b13 114 u16 opcode;
eec8d2bc 115 int index;
c68fb7ff 116 void *param;
eec8d2bc 117 struct sock *sk;
e9a416b5 118 void *user_data;
eec8d2bc
JH		 119};
120
ca69b795
JH		 121/* HCI to MGMT error code conversion table */
122static u8 mgmt_status_table[] = {
123 MGMT_STATUS_SUCCESS,
124 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
125 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
126 MGMT_STATUS_FAILED, /* Hardware Failure */
127 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
128 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
129 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
130 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
131 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
134 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
135 MGMT_STATUS_BUSY, /* Command Disallowed */
136 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
137 MGMT_STATUS_REJECTED, /* Rejected Security */
138 MGMT_STATUS_REJECTED, /* Rejected Personal */
139 MGMT_STATUS_TIMEOUT, /* Host Timeout */
140 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
141 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
142 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
143 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
144 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
145 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
146 MGMT_STATUS_BUSY, /* Repeated Attempts */
147 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
148 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
149 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
150 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
151 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
152 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
154 MGMT_STATUS_FAILED, /* Unspecified Error */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
156 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
157 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
158 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
159 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
160 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
161 MGMT_STATUS_FAILED, /* Unit Link Key Used */
162 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
163 MGMT_STATUS_TIMEOUT, /* Instant Passed */
164 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
165 MGMT_STATUS_FAILED, /* Transaction Collision */
166 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
167 MGMT_STATUS_REJECTED, /* QoS Rejected */
168 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
169 MGMT_STATUS_REJECTED, /* Insufficient Security */
170 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
171 MGMT_STATUS_BUSY, /* Role Switch Pending */
172 MGMT_STATUS_FAILED, /* Slot Violation */
173 MGMT_STATUS_FAILED, /* Role Switch Failed */
174 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
175 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
176 MGMT_STATUS_BUSY, /* Host Busy Pairing */
177 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
178 MGMT_STATUS_BUSY, /* Controller Busy */
179 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
180 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
181 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
182 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
183 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
184};
185
186static u8 mgmt_status(u8 hci_status)
187{
188 if (hci_status < ARRAY_SIZE(mgmt_status_table))
189 return mgmt_status_table[hci_status];
190
191 return MGMT_STATUS_FAILED;
192}
193
4e51eae9 194static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 195{
196 struct sk_buff *skb;
197 struct mgmt_hdr *hdr;
198 struct mgmt_ev_cmd_status *ev;
56b7d137 199 int err;
f7b64e69 200
34eb525c 201 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 202
790eff44 203 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 204 if (!skb)
205 return -ENOMEM;
206
207 hdr = (void *) skb_put(skb, sizeof(*hdr));
208
612dfce9 209 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 210 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 211 hdr->len = cpu_to_le16(sizeof(*ev));
212
213 ev = (void *) skb_put(skb, sizeof(*ev));
214 ev->status = status;
eb55ef07 215 ev->opcode = cpu_to_le16(cmd);
f7b64e69 216
56b7d137
GP		 217 err = sock_queue_rcv_skb(sk, skb);
218 if (err < 0)
f7b64e69
JH		 219 kfree_skb(skb);
220
56b7d137 221 return err;
f7b64e69
JH		 222}
223
aee9b218 224static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 225 void *rp, size_t rp_len)
02d98129
JH		 226{
227 struct sk_buff *skb;
228 struct mgmt_hdr *hdr;
229 struct mgmt_ev_cmd_complete *ev;
56b7d137 230 int err;
02d98129
JH		 231
232 BT_DBG("sock %p", sk);
233
790eff44 234 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 235 if (!skb)
236 return -ENOMEM;
237
238 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 239
612dfce9 240 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 241 hdr->index = cpu_to_le16(index);
a38528f1 242 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 243
a38528f1 244 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 245 ev->opcode = cpu_to_le16(cmd);
aee9b218 246 ev->status = status;
8020c16a
SJ		 247
248 if (rp)
249 memcpy(ev->data, rp, rp_len);
02d98129 250
56b7d137
GP		 251 err = sock_queue_rcv_skb(sk, skb);
252 if (err < 0)
02d98129
JH		 253 kfree_skb(skb);
254
e5f0e151 255 return err;
02d98129
JH		 256}
257
04124681
GP		 258static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
259 u16 data_len)
a38528f1
JH		 260{
261 struct mgmt_rp_read_version rp;
262
263 BT_DBG("sock %p", sk);
264
265 rp.version = MGMT_VERSION;
eb55ef07 266 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 267
aee9b218 268 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 269 sizeof(rp));
a38528f1
JH		 270}
271
04124681
GP		 272static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
273 u16 data_len)
e70bb2e8
JH		 274{
275 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 276 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
277 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 278 __le16 *opcode;
e70bb2e8
JH		 279 size_t rp_size;
280 int i, err;
281
282 BT_DBG("sock %p", sk);
283
284 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
285
286 rp = kmalloc(rp_size, GFP_KERNEL);
287 if (!rp)
288 return -ENOMEM;
289
eb55ef07
MH		 290 rp->num_commands = __constant_cpu_to_le16(num_commands);
291 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 292
293 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
294 put_unaligned_le16(mgmt_commands[i], opcode);
295
296 for (i = 0; i < num_events; i++, opcode++)
297 put_unaligned_le16(mgmt_events[i], opcode);
298
aee9b218 299 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 300 rp_size);
e70bb2e8
JH		 301 kfree(rp);
302
303 return err;
304}
305
04124681
GP		 306static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
307 u16 data_len)
faba42eb 308{
faba42eb 309 struct mgmt_rp_read_index_list *rp;
8035ded4 310 struct hci_dev *d;
a38528f1 311 size_t rp_len;
faba42eb 312 u16 count;
476e44cb 313 int err;
faba42eb
JH		 314
315 BT_DBG("sock %p", sk);
316
317 read_lock(&hci_dev_list_lock);
318
319 count = 0;
bb4b2a9a 320 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 321 if (d->dev_type == HCI_BREDR)
322 count++;
faba42eb
JH		 323 }
324
a38528f1
JH		 325 rp_len = sizeof(*rp) + (2 * count);
326 rp = kmalloc(rp_len, GFP_ATOMIC);
327 if (!rp) {
b2c60d42 328 read_unlock(&hci_dev_list_lock);
faba42eb 329 return -ENOMEM;
b2c60d42 330 }
faba42eb 331
476e44cb 332 count = 0;
8035ded4 333 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 334 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 335 continue;
336
0736cfa8
MH		 337 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
338 continue;
339
1514b892
MH		 340 if (d->dev_type == HCI_BREDR) {
341 rp->index[count++] = cpu_to_le16(d->id);
342 BT_DBG("Added hci%u", d->id);
343 }
faba42eb
JH		 344 }
345
476e44cb
JH		 346 rp->num_controllers = cpu_to_le16(count);
347 rp_len = sizeof(*rp) + (2 * count);
348
faba42eb
JH		 349 read_unlock(&hci_dev_list_lock);
350
aee9b218 351 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 352 rp_len);
faba42eb 353
a38528f1
JH		 354 kfree(rp);
355
356 return err;
faba42eb
JH		 357}
358
69ab39ea
JH		 359static u32 get_supported_settings(struct hci_dev *hdev)
360{
361 u32 settings = 0;
362
363 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 364 settings |= MGMT_SETTING_PAIRABLE;
365
9a1a1996 366 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 367 settings |= MGMT_SETTING_SSP;
368
ed3fa31f 369 if (lmp_bredr_capable(hdev)) {
33c525c0 370 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 371 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
372 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 373 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 374 settings |= MGMT_SETTING_BREDR;
375 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 376 settings |= MGMT_SETTING_HS;
848566b3 377 }
d7b7e796 378
eeca6f89 379 if (lmp_le_capable(hdev)) {
9d42820f 380 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 381 settings |= MGMT_SETTING_ADVERTISING;
382 }
69ab39ea
JH		 383
384 return settings;
385}
386
387static u32 get_current_settings(struct hci_dev *hdev)
388{
389 u32 settings = 0;
390
f1f0eb02 391 if (hdev_is_powered(hdev))
f0d4b78a
MH		 392 settings |= MGMT_SETTING_POWERED;
393
5e5282bb 394 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 395 settings |= MGMT_SETTING_CONNECTABLE;
396
1a4d3c4b
JH		 397 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
398 settings |= MGMT_SETTING_FAST_CONNECTABLE;
399
5e5282bb 400 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 401 settings |= MGMT_SETTING_DISCOVERABLE;
402
a8b2d5c2 403 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 404 settings |= MGMT_SETTING_PAIRABLE;
405
56f87901 406 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_BREDR;
408
06199cf8 409 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_LE;
411
47990ea0 412 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_LINK_SECURITY;
414
84bde9d6 415 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_SSP;
417
6d80dfd0
JH		 418 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
419 settings |= MGMT_SETTING_HS;
420
f3d3444a 421 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 422 settings |= MGMT_SETTING_ADVERTISING;
423
69ab39ea
JH		 424 return settings;
425}
426
ef580372
JH		 427#define PNP_INFO_SVCLASS_ID 0x1200
428
213202ed
JH		 429static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
430{
431 u8 *ptr = data, *uuids_start = NULL;
432 struct bt_uuid *uuid;
433
434 if (len < 4)
435 return ptr;
436
437 list_for_each_entry(uuid, &hdev->uuids, list) {
438 u16 uuid16;
439
440 if (uuid->size != 16)
441 continue;
442
443 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
444 if (uuid16 < 0x1100)
445 continue;
446
447 if (uuid16 == PNP_INFO_SVCLASS_ID)
448 continue;
449
450 if (!uuids_start) {
451 uuids_start = ptr;
452 uuids_start[0] = 1;
453 uuids_start[1] = EIR_UUID16_ALL;
454 ptr += 2;
455 }
456
457 /* Stop if not enough space to put next UUID */
458 if ((ptr - data) + sizeof(u16) > len) {
459 uuids_start[1] = EIR_UUID16_SOME;
460 break;
461 }
462
463 *ptr++ = (uuid16 & 0x00ff);
464 *ptr++ = (uuid16 & 0xff00) >> 8;
465 uuids_start[0] += sizeof(uuid16);
466 }
467
468 return ptr;
469}
470
cdf1963f
JH		 471static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
472{
473 u8 *ptr = data, *uuids_start = NULL;
474 struct bt_uuid *uuid;
475
476 if (len < 6)
477 return ptr;
478
479 list_for_each_entry(uuid, &hdev->uuids, list) {
480 if (uuid->size != 32)
481 continue;
482
483 if (!uuids_start) {
484 uuids_start = ptr;
485 uuids_start[0] = 1;
486 uuids_start[1] = EIR_UUID32_ALL;
487 ptr += 2;
488 }
489
490 /* Stop if not enough space to put next UUID */
491 if ((ptr - data) + sizeof(u32) > len) {
492 uuids_start[1] = EIR_UUID32_SOME;
493 break;
494 }
495
496 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
497 ptr += sizeof(u32);
498 uuids_start[0] += sizeof(u32);
499 }
500
501 return ptr;
502}
503
c00d575b
JH		 504static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
505{
506 u8 *ptr = data, *uuids_start = NULL;
507 struct bt_uuid *uuid;
508
509 if (len < 18)
510 return ptr;
511
512 list_for_each_entry(uuid, &hdev->uuids, list) {
513 if (uuid->size != 128)
514 continue;
515
516 if (!uuids_start) {
517 uuids_start = ptr;
518 uuids_start[0] = 1;
519 uuids_start[1] = EIR_UUID128_ALL;
520 ptr += 2;
521 }
522
523 /* Stop if not enough space to put next UUID */
524 if ((ptr - data) + 16 > len) {
525 uuids_start[1] = EIR_UUID128_SOME;
526 break;
527 }
528
529 memcpy(ptr, uuid->uuid, 16);
530 ptr += 16;
531 uuids_start[0] += 16;
532 }
533
534 return ptr;
535}
536
ef580372
JH		 537static void create_eir(struct hci_dev *hdev, u8 *data)
538{
539 u8 *ptr = data;
ef580372
JH		 540 size_t name_len;
541
542 name_len = strlen(hdev->dev_name);
543
544 if (name_len > 0) {
545 /* EIR Data type */
546 if (name_len > 48) {
547 name_len = 48;
548 ptr[1] = EIR_NAME_SHORT;
549 } else
550 ptr[1] = EIR_NAME_COMPLETE;
551
552 /* EIR Data length */
553 ptr[0] = name_len + 1;
554
555 memcpy(ptr + 2, hdev->dev_name, name_len);
556
ef580372
JH		 557 ptr += (name_len + 2);
558 }
559
bbaf444a 560 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 561 ptr[0] = 2;
562 ptr[1] = EIR_TX_POWER;
563 ptr[2] = (u8) hdev->inq_tx_power;
564
91c4e9b1
MH		 565 ptr += 3;
566 }
567
2b9be137
MH		 568 if (hdev->devid_source > 0) {
569 ptr[0] = 9;
570 ptr[1] = EIR_DEVICE_ID;
571
572 put_unaligned_le16(hdev->devid_source, ptr + 2);
573 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
574 put_unaligned_le16(hdev->devid_product, ptr + 6);
575 put_unaligned_le16(hdev->devid_version, ptr + 8);
576
2b9be137
MH		 577 ptr += 10;
578 }
579
213202ed 580 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 581 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 582 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 583}
584
890ea898 585static void update_eir(struct hci_request *req)
ef580372 586{
890ea898 587 struct hci_dev *hdev = req->hdev;
ef580372
JH		 588 struct hci_cp_write_eir cp;
589
504c8dcd 590 if (!hdev_is_powered(hdev))
890ea898 591 return;
7770c4aa 592
976eb20e 593 if (!lmp_ext_inq_capable(hdev))
890ea898 594 return;
ef580372 595
84bde9d6 596 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 597 return;
ef580372 598
a8b2d5c2 599 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 600 return;
ef580372
JH		 601
602 memset(&cp, 0, sizeof(cp));
603
604 create_eir(hdev, cp.data);
605
606 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 607 return;
ef580372
JH		 608
609 memcpy(hdev->eir, cp.data, sizeof(cp.data));
610
890ea898 611 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 612}
613
614static u8 get_service_classes(struct hci_dev *hdev)
615{
616 struct bt_uuid *uuid;
617 u8 val = 0;
618
619 list_for_each_entry(uuid, &hdev->uuids, list)
620 val |= uuid->svc_hint;
621
622 return val;
623}
624
890ea898 625static void update_class(struct hci_request *req)
ef580372 626{
890ea898 627 struct hci_dev *hdev = req->hdev;
ef580372
JH		 628 u8 cod[3];
629
630 BT_DBG("%s", hdev->name);
631
504c8dcd 632 if (!hdev_is_powered(hdev))
890ea898 633 return;
7770c4aa 634
a8b2d5c2 635 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 636 return;
ef580372
JH		 637
638 cod[0] = hdev->minor_class;
639 cod[1] = hdev->major_class;
640 cod[2] = get_service_classes(hdev);
641
642 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 643 return;
ef580372 644
890ea898 645 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 646}
647
7d78525d
JH		 648static void service_cache_off(struct work_struct *work)
649{
650 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 651 service_cache.work);
890ea898 652 struct hci_request req;
7d78525d 653
a8b2d5c2 654 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 655 return;
656
890ea898
JH		 657 hci_req_init(&req, hdev);
658
7d78525d
JH		 659 hci_dev_lock(hdev);
660
890ea898
JH		 661 update_eir(&req);
662 update_class(&req);
7d78525d
JH		 663
664 hci_dev_unlock(hdev);
890ea898
JH		 665
666 hci_req_run(&req, NULL);
7d78525d
JH		 667}
668
6a919082 669static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 670{
4f87da80 671 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 672 return;
673
4f87da80 674 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 675
4f87da80
JH		 676 /* Non-mgmt controlled devices get this bit set
677 * implicitly so that pairing works for them, however
678 * for mgmt we require user-space to explicitly enable
679 * it
680 */
681 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 682}
683
0f4e68cf 684static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 685 void *data, u16 data_len)
0381101f 686{
a38528f1 687 struct mgmt_rp_read_info rp;
f7b64e69 688
bdb6d971 689 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 690
09fd0de5 691 hci_dev_lock(hdev);
f7b64e69 692
dc4fe30b
JH		 693 memset(&rp, 0, sizeof(rp));
694
69ab39ea 695 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 696
69ab39ea 697 rp.version = hdev->hci_ver;
eb55ef07 698 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 699
700 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
701 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 702
a38528f1 703 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 704
dc4fe30b 705 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 706 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 707
09fd0de5 708 hci_dev_unlock(hdev);
0381101f 709
bdb6d971 710 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 711 sizeof(rp));
0381101f
JH		 712}
713
eec8d2bc
JH		 714static void mgmt_pending_free(struct pending_cmd *cmd)
715{
716 sock_put(cmd->sk);
c68fb7ff 717 kfree(cmd->param);
eec8d2bc
JH		 718 kfree(cmd);
719}
720
366a0336 721static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 722 struct hci_dev *hdev, void *data,
723 u16 len)
eec8d2bc
JH		 724{
725 struct pending_cmd *cmd;
726
12b94565 727 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 728 if (!cmd)
366a0336 729 return NULL;
eec8d2bc
JH		 730
731 cmd->opcode = opcode;
2e58ef3e 732 cmd->index = hdev->id;
eec8d2bc 733
12b94565 734 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 735 if (!cmd->param) {
eec8d2bc 736 kfree(cmd);
366a0336 737 return NULL;
eec8d2bc
JH		 738 }
739
8fce6357
SJ		 740 if (data)
741 memcpy(cmd->param, data, len);
eec8d2bc
JH		 742
743 cmd->sk = sk;
744 sock_hold(sk);
745
2e58ef3e 746 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 747
366a0336 748 return cmd;
eec8d2bc
JH		 749}
750
744cf19e 751static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 752 void (*cb)(struct pending_cmd *cmd,
753 void *data),
04124681 754 void *data)
eec8d2bc 755{
a3d09356 756 struct pending_cmd *cmd, *tmp;
eec8d2bc 757
a3d09356 758 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 759 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 760 continue;
761
eec8d2bc
JH		 762 cb(cmd, data);
763 }
764}
765
2e58ef3e 766static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 767{
8035ded4 768 struct pending_cmd *cmd;
eec8d2bc 769
2e58ef3e 770 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 771 if (cmd->opcode == opcode)
772 return cmd;
eec8d2bc
JH		 773 }
774
775 return NULL;
776}
777
a664b5bc 778static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 779{
73f22f62
JH		 780 list_del(&cmd->list);
781 mgmt_pending_free(cmd);
782}
783
69ab39ea 784static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 785{
69ab39ea 786 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 787
aee9b218 788 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 789 sizeof(settings));
8680570b
JH		 790}
791
bdb6d971 792static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 793 u16 len)
eec8d2bc 794{
650f726d 795 struct mgmt_mode *cp = data;
366a0336 796 struct pending_cmd *cmd;
4b34ee78 797 int err;
eec8d2bc 798
bdb6d971 799 BT_DBG("request for %s", hdev->name);
eec8d2bc 800
a7e80f25
JH		 801 if (cp->val != 0x00 && cp->val != 0x01)
802 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
803 MGMT_STATUS_INVALID_PARAMS);
804
09fd0de5 805 hci_dev_lock(hdev);
eec8d2bc 806
87b95ba6
JH		 807 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
808 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
809 MGMT_STATUS_BUSY);
810 goto failed;
811 }
812
f0d4b78a
MH		 813 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
814 cancel_delayed_work(&hdev->power_off);
815
816 if (cp->val) {
a1d70450
JH		 817 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
818 data, len);
819 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 820 goto failed;
821 }
822 }
823
4b34ee78 824 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 825 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 826 goto failed;
827 }
828
2e58ef3e 829 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 830 if (!cmd) {
831 err = -ENOMEM;
eec8d2bc 832 goto failed;
366a0336 833 }
eec8d2bc 834
72a734ec 835 if (cp->val)
19202573 836 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 837 else
19202573 838 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 839
366a0336 840 err = 0;
eec8d2bc
JH		 841
842failed:
09fd0de5 843 hci_dev_unlock(hdev);
366a0336 844 return err;
eec8d2bc
JH		 845}
846
04124681
GP		 847static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
848 struct sock *skip_sk)
beadb2bd
JH		 849{
850 struct sk_buff *skb;
851 struct mgmt_hdr *hdr;
852
790eff44 853 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 854 if (!skb)
855 return -ENOMEM;
856
857 hdr = (void *) skb_put(skb, sizeof(*hdr));
858 hdr->opcode = cpu_to_le16(event);
859 if (hdev)
860 hdr->index = cpu_to_le16(hdev->id);
861 else
612dfce9 862 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 863 hdr->len = cpu_to_le16(data_len);
864
865 if (data)
866 memcpy(skb_put(skb, data_len), data, data_len);
867
97e0bdeb
MH		 868 /* Time stamp */
869 __net_timestamp(skb);
870
beadb2bd
JH		 871 hci_send_to_control(skb, skip_sk);
872 kfree_skb(skb);
873
874 return 0;
875}
876
877static int new_settings(struct hci_dev *hdev, struct sock *skip)
878{
879 __le32 ev;
880
881 ev = cpu_to_le32(get_current_settings(hdev));
882
883 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
884}
885
bd99abdd
JH		 886struct cmd_lookup {
887 struct sock *sk;
888 struct hci_dev *hdev;
889 u8 mgmt_status;
890};
891
892static void settings_rsp(struct pending_cmd *cmd, void *data)
893{
894 struct cmd_lookup *match = data;
895
896 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
897
898 list_del(&cmd->list);
899
900 if (match->sk == NULL) {
901 match->sk = cmd->sk;
902 sock_hold(match->sk);
903 }
904
905 mgmt_pending_free(cmd);
906}
907
908static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
909{
910 u8 *status = data;
911
912 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
913 mgmt_pending_remove(cmd);
914}
915
e6fe7986
JH		 916static u8 mgmt_bredr_support(struct hci_dev *hdev)
917{
918 if (!lmp_bredr_capable(hdev))
919 return MGMT_STATUS_NOT_SUPPORTED;
920 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
921 return MGMT_STATUS_REJECTED;
922 else
923 return MGMT_STATUS_SUCCESS;
924}
925
926static u8 mgmt_le_support(struct hci_dev *hdev)
927{
928 if (!lmp_le_capable(hdev))
929 return MGMT_STATUS_NOT_SUPPORTED;
930 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
931 return MGMT_STATUS_REJECTED;
932 else
933 return MGMT_STATUS_SUCCESS;
934}
935
bdb6d971 936static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 937 u16 len)
73f22f62 938{
650f726d 939 struct mgmt_cp_set_discoverable *cp = data;
366a0336 940 struct pending_cmd *cmd;
5e5282bb 941 u16 timeout;
e6fe7986 942 u8 scan, status;
73f22f62
JH		 943 int err;
944
bdb6d971 945 BT_DBG("request for %s", hdev->name);
73f22f62 946
e6fe7986
JH		 947 status = mgmt_bredr_support(hdev);
948 if (status)
33c525c0 949 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 950 status);
33c525c0 951
a7e80f25
JH		 952 if (cp->val != 0x00 && cp->val != 0x01)
953 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
954 MGMT_STATUS_INVALID_PARAMS);
955
1f350c87 956 timeout = __le16_to_cpu(cp->timeout);
24c54a90 957 if (!cp->val && timeout > 0)
bdb6d971 958 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 959 MGMT_STATUS_INVALID_PARAMS);
73f22f62 960
09fd0de5 961 hci_dev_lock(hdev);
73f22f62 962
5e5282bb 963 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 964 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 965 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 966 goto failed;
967 }
968
2e58ef3e 969 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 970 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 972 MGMT_STATUS_BUSY);
73f22f62
JH		 973 goto failed;
974 }
975
5e5282bb 976 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 977 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 978 MGMT_STATUS_REJECTED);
5e5282bb
JH		 979 goto failed;
980 }
981
982 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 983 bool changed = false;
984
985 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
986 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
987 changed = true;
988 }
989
5e5282bb 990 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 991 if (err < 0)
992 goto failed;
993
994 if (changed)
995 err = new_settings(hdev, sk);
996
5e5282bb
JH		 997 goto failed;
998 }
999
1000 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1001 if (hdev->discov_timeout > 0) {
1002 cancel_delayed_work(&hdev->discov_off);
1003 hdev->discov_timeout = 0;
1004 }
1005
1006 if (cp->val && timeout > 0) {
1007 hdev->discov_timeout = timeout;
1008 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1009 msecs_to_jiffies(hdev->discov_timeout * 1000));
1010 }
1011
69ab39ea 1012 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1013 goto failed;
1014 }
1015
2e58ef3e 1016 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1017 if (!cmd) {
1018 err = -ENOMEM;
73f22f62 1019 goto failed;
366a0336 1020 }
73f22f62
JH		 1021
1022 scan = SCAN_PAGE;
1023
72a734ec 1024 if (cp->val)
73f22f62 1025 scan |= SCAN_INQUIRY;
16ab91ab 1026 else
e0f9309f 1027 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1028
1029 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1030 if (err < 0)
a664b5bc 1031 mgmt_pending_remove(cmd);
73f22f62 1032
16ab91ab 1033 if (cp->val)
5e5282bb 1034 hdev->discov_timeout = timeout;
16ab91ab 1035
73f22f62 1036failed:
09fd0de5 1037 hci_dev_unlock(hdev);
73f22f62
JH		 1038 return err;
1039}
1040
406d7804
JH		 1041static void write_fast_connectable(struct hci_request *req, bool enable)
1042{
bd98b996 1043 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1044 struct hci_cp_write_page_scan_activity acp;
1045 u8 type;
1046
4c01f8b8
JH		 1047 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1048 return;
1049
406d7804
JH		 1050 if (enable) {
1051 type = PAGE_SCAN_TYPE_INTERLACED;
1052
1053 /* 160 msec page scan interval */
1054 acp.interval = __constant_cpu_to_le16(0x0100);
1055 } else {
1056 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1057
1058 /* default 1.28 sec page scan */
1059 acp.interval = __constant_cpu_to_le16(0x0800);
1060 }
1061
1062 acp.window = __constant_cpu_to_le16(0x0012);
1063
bd98b996
JH		 1064 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1065 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1066 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1067 sizeof(acp), &acp);
1068
1069 if (hdev->page_scan_type != type)
1070 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1071}
1072
2b76f453
JH		 1073static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1074{
1075 struct pending_cmd *cmd;
1076
1077 BT_DBG("status 0x%02x", status);
1078
1079 hci_dev_lock(hdev);
1080
1081 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1082 if (!cmd)
1083 goto unlock;
1084
1085 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1086
1087 mgmt_pending_remove(cmd);
1088
1089unlock:
1090 hci_dev_unlock(hdev);
1091}
1092
bdb6d971 1093static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1094 u16 len)
9fbcbb45 1095{
650f726d 1096 struct mgmt_mode *cp = data;
366a0336 1097 struct pending_cmd *cmd;
2b76f453 1098 struct hci_request req;
e6fe7986 1099 u8 scan, status;
9fbcbb45
JH		 1100 int err;
1101
bdb6d971 1102 BT_DBG("request for %s", hdev->name);
9fbcbb45 1103
e6fe7986
JH		 1104 status = mgmt_bredr_support(hdev);
1105 if (status)
33c525c0 1106 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1107 status);
33c525c0 1108
a7e80f25
JH		 1109 if (cp->val != 0x00 && cp->val != 0x01)
1110 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1111 MGMT_STATUS_INVALID_PARAMS);
1112
09fd0de5 1113 hci_dev_lock(hdev);
9fbcbb45 1114
4b34ee78 1115 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1116 bool changed = false;
1117
1118 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1119 changed = true;
1120
6bf0e469 1121 if (cp->val) {
5e5282bb 1122 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1123 } else {
5e5282bb
JH		 1124 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1125 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1126 }
0224d2fa 1127
5e5282bb 1128 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1129 if (err < 0)
1130 goto failed;
1131
1132 if (changed)
1133 err = new_settings(hdev, sk);
1134
9fbcbb45
JH		 1135 goto failed;
1136 }
1137
2e58ef3e 1138 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1139 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1140 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1141 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1142 goto failed;
1143 }
1144
5e5282bb 1145 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1146 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1147 goto failed;
1148 }
1149
2e58ef3e 1150 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1151 if (!cmd) {
1152 err = -ENOMEM;
9fbcbb45 1153 goto failed;
366a0336 1154 }
9fbcbb45 1155
6bf0e469 1156 if (cp->val) {
9fbcbb45 1157 scan = SCAN_PAGE;
6bf0e469 1158 } else {
9fbcbb45
JH		 1159 scan = 0;
1160
df2c6c5e 1161 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1162 hdev->discov_timeout > 0)
df2c6c5e
JH		 1163 cancel_delayed_work(&hdev->discov_off);
1164 }
1165
2b76f453
JH		 1166 hci_req_init(&req, hdev);
1167
1168 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1169
4c01f8b8
JH		 1170 /* If we're going from non-connectable to connectable or
1171 * vice-versa when fast connectable is enabled ensure that fast
1172 * connectable gets disabled. write_fast_connectable won't do
1173 * anything if the page scan parameters are already what they
1174 * should be.
1175 */
1176 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1177 write_fast_connectable(&req, false);
1178
2b76f453 1179 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1180 if (err < 0)
a664b5bc 1181 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1182
1183failed:
09fd0de5 1184 hci_dev_unlock(hdev);
9fbcbb45
JH		 1185 return err;
1186}
1187
bdb6d971 1188static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1189 u16 len)
c542a06c 1190{
650f726d 1191 struct mgmt_mode *cp = data;
55594356 1192 bool changed;
c542a06c
JH		 1193 int err;
1194
bdb6d971 1195 BT_DBG("request for %s", hdev->name);
c542a06c 1196
a7e80f25
JH		 1197 if (cp->val != 0x00 && cp->val != 0x01)
1198 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1199 MGMT_STATUS_INVALID_PARAMS);
1200
09fd0de5 1201 hci_dev_lock(hdev);
c542a06c
JH		 1202
1203 if (cp->val)
55594356 1204 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1205 else
55594356 1206 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1207
69ab39ea 1208 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1209 if (err < 0)
55594356 1210 goto unlock;
c542a06c 1211
55594356
MH		 1212 if (changed)
1213 err = new_settings(hdev, sk);
c542a06c 1214
55594356 1215unlock:
09fd0de5 1216 hci_dev_unlock(hdev);
c542a06c
JH		 1217 return err;
1218}
1219
04124681
GP		 1220static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1221 u16 len)
33ef95ed
JH		 1222{
1223 struct mgmt_mode *cp = data;
1224 struct pending_cmd *cmd;
e6fe7986 1225 u8 val, status;
33ef95ed
JH		 1226 int err;
1227
bdb6d971 1228 BT_DBG("request for %s", hdev->name);
33ef95ed 1229
e6fe7986
JH		 1230 status = mgmt_bredr_support(hdev);
1231 if (status)
33c525c0 1232 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1233 status);
33c525c0 1234
a7e80f25
JH		 1235 if (cp->val != 0x00 && cp->val != 0x01)
1236 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1237 MGMT_STATUS_INVALID_PARAMS);
1238
33ef95ed
JH		 1239 hci_dev_lock(hdev);
1240
4b34ee78 1241 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1242 bool changed = false;
1243
1244 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1245 &hdev->dev_flags)) {
47990ea0
JH		 1246 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1247 changed = true;
1248 }
1249
1250 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1251 if (err < 0)
1252 goto failed;
1253
1254 if (changed)
1255 err = new_settings(hdev, sk);
1256
33ef95ed
JH		 1257 goto failed;
1258 }
1259
1260 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1261 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1262 MGMT_STATUS_BUSY);
33ef95ed
JH		 1263 goto failed;
1264 }
1265
1266 val = !!cp->val;
1267
1268 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1269 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1270 goto failed;
1271 }
1272
1273 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1274 if (!cmd) {
1275 err = -ENOMEM;
1276 goto failed;
1277 }
1278
1279 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1280 if (err < 0) {
1281 mgmt_pending_remove(cmd);
1282 goto failed;
1283 }
1284
1285failed:
1286 hci_dev_unlock(hdev);
33ef95ed
JH		 1287 return err;
1288}
1289
bdb6d971 1290static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1291{
1292 struct mgmt_mode *cp = data;
1293 struct pending_cmd *cmd;
72ef0c1a 1294 u8 status;
ed2c4ee3
JH		 1295 int err;
1296
bdb6d971 1297 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1298
cdba5281
MH		 1299 status = mgmt_bredr_support(hdev);
1300 if (status)
1301 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1302
13ecd8b6
JH		 1303 if (!lmp_ssp_capable(hdev))
1304 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1305 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1306
a7e80f25
JH		 1307 if (cp->val != 0x00 && cp->val != 0x01)
1308 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1309 MGMT_STATUS_INVALID_PARAMS);
1310
13ecd8b6 1311 hci_dev_lock(hdev);
6c8f12c1 1312
4b34ee78 1313 if (!hdev_is_powered(hdev)) {
9ecb3e24 1314 bool changed;
c0ecddc2 1315
9ecb3e24
MH		 1316 if (cp->val) {
1317 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1318 &hdev->dev_flags);
1319 } else {
1320 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1321 &hdev->dev_flags);
1322 if (!changed)
1323 changed = test_and_clear_bit(HCI_HS_ENABLED,
1324 &hdev->dev_flags);
1325 else
1326 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1327 }
1328
1329 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1330 if (err < 0)
1331 goto failed;
1332
1333 if (changed)
1334 err = new_settings(hdev, sk);
1335
ed2c4ee3
JH		 1336 goto failed;
1337 }
1338
9ecb3e24
MH		 1339 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1340 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1341 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1342 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1343 goto failed;
1344 }
1345
72ef0c1a 1346 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1347 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1348 goto failed;
1349 }
1350
1351 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1352 if (!cmd) {
1353 err = -ENOMEM;
1354 goto failed;
1355 }
1356
72ef0c1a 1357 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1358 if (err < 0) {
1359 mgmt_pending_remove(cmd);
1360 goto failed;
1361 }
1362
1363failed:
1364 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1365 return err;
1366}
1367
bdb6d971 1368static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1369{
1370 struct mgmt_mode *cp = data;
ee392693 1371 bool changed;
e6fe7986 1372 u8 status;
ee392693 1373 int err;
6d80dfd0 1374
bdb6d971 1375 BT_DBG("request for %s", hdev->name);
6d80dfd0 1376
e6fe7986
JH		 1377 status = mgmt_bredr_support(hdev);
1378 if (status)
1379 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1380
9ecb3e24
MH		 1381 if (!lmp_ssp_capable(hdev))
1382 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1383 MGMT_STATUS_NOT_SUPPORTED);
1384
1385 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1386 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1387 MGMT_STATUS_REJECTED);
1388
a7e80f25
JH		 1389 if (cp->val != 0x00 && cp->val != 0x01)
1390 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1391 MGMT_STATUS_INVALID_PARAMS);
1392
ee392693
MH		 1393 hci_dev_lock(hdev);
1394
a0cdf960 1395 if (cp->val) {
ee392693 1396 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1397 } else {
1398 if (hdev_is_powered(hdev)) {
1399 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1400 MGMT_STATUS_REJECTED);
1401 goto unlock;
1402 }
1403
ee392693 1404 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1405 }
ee392693
MH		 1406
1407 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1408 if (err < 0)
1409 goto unlock;
1410
1411 if (changed)
1412 err = new_settings(hdev, sk);
6d80dfd0 1413
ee392693
MH		 1414unlock:
1415 hci_dev_unlock(hdev);
1416 return err;
6d80dfd0
JH		 1417}
1418
bba3aa55
MH		 1419static void enable_advertising(struct hci_request *req)
1420{
b4faf300
MH		 1421 struct hci_dev *hdev = req->hdev;
1422 struct hci_cp_le_set_adv_param cp;
1423 u8 enable = 0x01;
1424
1425 memset(&cp, 0, sizeof(cp));
1426 cp.min_interval = __constant_cpu_to_le16(0x0800);
1427 cp.max_interval = __constant_cpu_to_le16(0x0800);
1428 cp.type = LE_ADV_IND;
1429 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1430 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1431 else
1432 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1433 cp.channel_map = 0x07;
1434
1435 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
bba3aa55 1436
b4faf300 1437 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1438}
1439
1440static void disable_advertising(struct hci_request *req)
1441{
b4faf300 1442 u8 enable = 0x00;
bba3aa55 1443
b4faf300 1444 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1445}
1446
416a4ae5
JH		 1447static void le_enable_complete(struct hci_dev *hdev, u8 status)
1448{
1449 struct cmd_lookup match = { NULL, hdev };
1450
1451 if (status) {
1452 u8 mgmt_err = mgmt_status(status);
1453
1454 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1455 &mgmt_err);
1456 return;
1457 }
1458
1459 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1460
1461 new_settings(hdev, match.sk);
1462
1463 if (match.sk)
1464 sock_put(match.sk);
1465}
1466
bdb6d971 1467static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1468{
1469 struct mgmt_mode *cp = data;
1470 struct hci_cp_write_le_host_supported hci_cp;
1471 struct pending_cmd *cmd;
416a4ae5 1472 struct hci_request req;
06199cf8 1473 int err;
0b60eba1 1474 u8 val, enabled;
06199cf8 1475
bdb6d971 1476 BT_DBG("request for %s", hdev->name);
06199cf8 1477
13ecd8b6
JH		 1478 if (!lmp_le_capable(hdev))
1479 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1480 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1481
a7e80f25
JH		 1482 if (cp->val != 0x00 && cp->val != 0x01)
1483 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1484 MGMT_STATUS_INVALID_PARAMS);
1485
c73eee91 1486 /* LE-only devices do not allow toggling LE on/off */
56f87901 1487 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1488 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1489 MGMT_STATUS_REJECTED);
1490
13ecd8b6 1491 hci_dev_lock(hdev);
06199cf8
JH		 1492
1493 val = !!cp->val;
ffa88e02 1494 enabled = lmp_host_le_capable(hdev);
06199cf8 1495
0b60eba1 1496 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1497 bool changed = false;
1498
1499 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1500 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1501 changed = true;
1502 }
1503
f3d3444a
JH		 1504 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1505 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1506 changed = true;
1507 }
1508
06199cf8
JH		 1509 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1510 if (err < 0)
1de028ce 1511 goto unlock;
06199cf8
JH		 1512
1513 if (changed)
1514 err = new_settings(hdev, sk);
1515
1de028ce 1516 goto unlock;
06199cf8
JH		 1517 }
1518
4375f103
JH		 1519 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1520 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1521 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1522 MGMT_STATUS_BUSY);
1de028ce 1523 goto unlock;
06199cf8
JH		 1524 }
1525
1526 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1527 if (!cmd) {
1528 err = -ENOMEM;
1de028ce 1529 goto unlock;
06199cf8
JH		 1530 }
1531
1532 memset(&hci_cp, 0, sizeof(hci_cp));
1533
1534 if (val) {
1535 hci_cp.le = val;
ffa88e02 1536 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1537 }
1538
416a4ae5
JH		 1539 hci_req_init(&req, hdev);
1540
bba3aa55
MH		 1541 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1542 disable_advertising(&req);
eeca6f89 1543
416a4ae5
JH		 1544 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1545 &hci_cp);
1546
1547 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1548 if (err < 0)
06199cf8 1549 mgmt_pending_remove(cmd);
06199cf8 1550
1de028ce
JH		 1551unlock:
1552 hci_dev_unlock(hdev);
06199cf8
JH		 1553 return err;
1554}
1555
0cab9c80
JH		 1556/* This is a helper function to test for pending mgmt commands that can
1557 * cause CoD or EIR HCI commands. We can only allow one such pending
1558 * mgmt command at a time since otherwise we cannot easily track what
1559 * the current values are, will be, and based on that calculate if a new
1560 * HCI command needs to be sent and if yes with what value.
1561 */
1562static bool pending_eir_or_class(struct hci_dev *hdev)
1563{
1564 struct pending_cmd *cmd;
1565
1566 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1567 switch (cmd->opcode) {
1568 case MGMT_OP_ADD_UUID:
1569 case MGMT_OP_REMOVE_UUID:
1570 case MGMT_OP_SET_DEV_CLASS:
1571 case MGMT_OP_SET_POWERED:
1572 return true;
1573 }
1574 }
1575
1576 return false;
1577}
1578
83be8eca
JH		 1579static const u8 bluetooth_base_uuid[] = {
1580 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1581 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1582};
1583
1584static u8 get_uuid_size(const u8 *uuid)
1585{
1586 u32 val;
1587
1588 if (memcmp(uuid, bluetooth_base_uuid, 12))
1589 return 128;
1590
1591 val = get_unaligned_le32(&uuid[12]);
1592 if (val > 0xffff)
1593 return 32;
1594
1595 return 16;
1596}
1597
92da6097
JH		 1598static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1599{
1600 struct pending_cmd *cmd;
1601
1602 hci_dev_lock(hdev);
1603
1604 cmd = mgmt_pending_find(mgmt_op, hdev);
1605 if (!cmd)
1606 goto unlock;
1607
1608 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1609 hdev->dev_class, 3);
1610
1611 mgmt_pending_remove(cmd);
1612
1613unlock:
1614 hci_dev_unlock(hdev);
1615}
1616
1617static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1618{
1619 BT_DBG("status 0x%02x", status);
1620
1621 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1622}
1623
bdb6d971 1624static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1625{
650f726d 1626 struct mgmt_cp_add_uuid *cp = data;
90e70454 1627 struct pending_cmd *cmd;
890ea898 1628 struct hci_request req;
2aeb9a1a 1629 struct bt_uuid *uuid;
2aeb9a1a
JH		 1630 int err;
1631
bdb6d971 1632 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1633
09fd0de5 1634 hci_dev_lock(hdev);
2aeb9a1a 1635
0cab9c80 1636 if (pending_eir_or_class(hdev)) {
bdb6d971 1637 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1638 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1639 goto failed;
1640 }
1641
92c4c204 1642 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1643 if (!uuid) {
1644 err = -ENOMEM;
1645 goto failed;
1646 }
1647
1648 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1649 uuid->svc_hint = cp->svc_hint;
83be8eca 1650 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1651
de66aa63 1652 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1653
890ea898 1654 hci_req_init(&req, hdev);
1aff6f09 1655
890ea898
JH		 1656 update_class(&req);
1657 update_eir(&req);
1658
92da6097
JH		 1659 err = hci_req_run(&req, add_uuid_complete);
1660 if (err < 0) {
1661 if (err != -ENODATA)
1662 goto failed;
80a1e1db 1663
bdb6d971 1664 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1665 hdev->dev_class, 3);
90e70454
JH		 1666 goto failed;
1667 }
1668
1669 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1670 if (!cmd) {
90e70454 1671 err = -ENOMEM;
890ea898
JH		 1672 goto failed;
1673 }
1674
1675 err = 0;
2aeb9a1a
JH		 1676
1677failed:
09fd0de5 1678 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1679 return err;
1680}
1681
24b78d0f
JH		 1682static bool enable_service_cache(struct hci_dev *hdev)
1683{
1684 if (!hdev_is_powered(hdev))
1685 return false;
1686
1687 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1688 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1689 CACHE_TIMEOUT);
24b78d0f
JH		 1690 return true;
1691 }
1692
1693 return false;
1694}
1695
92da6097
JH		 1696static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1697{
1698 BT_DBG("status 0x%02x", status);
1699
1700 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1701}
1702
bdb6d971 1703static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1704 u16 len)
2aeb9a1a 1705{
650f726d 1706 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1707 struct pending_cmd *cmd;
056341c8 1708 struct bt_uuid *match, *tmp;
2aeb9a1a 1709 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1710 struct hci_request req;
2aeb9a1a
JH		 1711 int err, found;
1712
bdb6d971 1713 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1714
09fd0de5 1715 hci_dev_lock(hdev);
2aeb9a1a 1716
0cab9c80 1717 if (pending_eir_or_class(hdev)) {
bdb6d971 1718 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1719 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1720 goto unlock;
1721 }
1722
2aeb9a1a
JH		 1723 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1724 err = hci_uuids_clear(hdev);
4004b6d9 1725
24b78d0f 1726 if (enable_service_cache(hdev)) {
bdb6d971 1727 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1728 0, hdev->dev_class, 3);
24b78d0f
JH		 1729 goto unlock;
1730 }
4004b6d9 1731
9246a869 1732 goto update_class;
2aeb9a1a
JH		 1733 }
1734
1735 found = 0;
1736
056341c8 1737 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1738 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1739 continue;
1740
1741 list_del(&match->list);
482049f7 1742 kfree(match);
2aeb9a1a
JH		 1743 found++;
1744 }
1745
1746 if (found == 0) {
bdb6d971 1747 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1748 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1749 goto unlock;
1750 }
1751
9246a869 1752update_class:
890ea898 1753 hci_req_init(&req, hdev);
1aff6f09 1754
890ea898
JH		 1755 update_class(&req);
1756 update_eir(&req);
1757
92da6097
JH		 1758 err = hci_req_run(&req, remove_uuid_complete);
1759 if (err < 0) {
1760 if (err != -ENODATA)
1761 goto unlock;
80a1e1db 1762
bdb6d971 1763 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1764 hdev->dev_class, 3);
90e70454
JH		 1765 goto unlock;
1766 }
1767
1768 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1769 if (!cmd) {
90e70454 1770 err = -ENOMEM;
890ea898
JH		 1771 goto unlock;
1772 }
1773
1774 err = 0;
2aeb9a1a
JH		 1775
1776unlock:
09fd0de5 1777 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1778 return err;
1779}
1780
92da6097
JH		 1781static void set_class_complete(struct hci_dev *hdev, u8 status)
1782{
1783 BT_DBG("status 0x%02x", status);
1784
1785 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1786}
1787
bdb6d971 1788static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1789 u16 len)
1aff6f09 1790{
650f726d 1791 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1792 struct pending_cmd *cmd;
890ea898 1793 struct hci_request req;
1aff6f09
JH		 1794 int err;
1795
bdb6d971 1796 BT_DBG("request for %s", hdev->name);
1aff6f09 1797
6203fc98 1798 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1799 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1800 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1801
0cab9c80 1802 hci_dev_lock(hdev);
ee98f473 1803
0cab9c80
JH		 1804 if (pending_eir_or_class(hdev)) {
1805 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1806 MGMT_STATUS_BUSY);
1807 goto unlock;
1808 }
c95f0ba7 1809
0cab9c80
JH		 1810 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1811 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1812 MGMT_STATUS_INVALID_PARAMS);
1813 goto unlock;
1814 }
575b3a02 1815
932f5ff5
JH		 1816 hdev->major_class = cp->major;
1817 hdev->minor_class = cp->minor;
1818
b5235a65 1819 if (!hdev_is_powered(hdev)) {
bdb6d971 1820 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1821 hdev->dev_class, 3);
b5235a65
JH		 1822 goto unlock;
1823 }
1824
890ea898
JH		 1825 hci_req_init(&req, hdev);
1826
a8b2d5c2 1827 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1828 hci_dev_unlock(hdev);
1829 cancel_delayed_work_sync(&hdev->service_cache);
1830 hci_dev_lock(hdev);
890ea898 1831 update_eir(&req);
7d78525d 1832 }
14c0b608 1833
890ea898
JH		 1834 update_class(&req);
1835
92da6097
JH		 1836 err = hci_req_run(&req, set_class_complete);
1837 if (err < 0) {
1838 if (err != -ENODATA)
1839 goto unlock;
1aff6f09 1840
bdb6d971 1841 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1842 hdev->dev_class, 3);
90e70454
JH		 1843 goto unlock;
1844 }
1845
1846 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1847 if (!cmd) {
90e70454 1848 err = -ENOMEM;
890ea898
JH		 1849 goto unlock;
1850 }
1851
1852 err = 0;
1aff6f09 1853
b5235a65 1854unlock:
09fd0de5 1855 hci_dev_unlock(hdev);
1aff6f09
JH		 1856 return err;
1857}
1858
bdb6d971 1859static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1860 u16 len)
55ed8ca1 1861{
650f726d 1862 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1863 u16 key_count, expected_len;
a492cd52 1864 int i;
55ed8ca1 1865
9060d5cf
MH		 1866 BT_DBG("request for %s", hdev->name);
1867
1868 if (!lmp_bredr_capable(hdev))
1869 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1870 MGMT_STATUS_NOT_SUPPORTED);
1871
1f350c87 1872 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1873
86742e1e
JH		 1874 expected_len = sizeof(*cp) + key_count *
1875 sizeof(struct mgmt_link_key_info);
a492cd52 1876 if (expected_len != len) {
86742e1e 1877 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1878 len, expected_len);
bdb6d971 1879 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1880 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1881 }
1882
4ae14301
JH		 1883 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1884 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1885 MGMT_STATUS_INVALID_PARAMS);
1886
bdb6d971 1887 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1888 key_count);
55ed8ca1 1889
4ee71b20
JH		 1890 for (i = 0; i < key_count; i++) {
1891 struct mgmt_link_key_info *key = &cp->keys[i];
1892
1893 if (key->addr.type != BDADDR_BREDR)
1894 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1895 MGMT_STATUS_INVALID_PARAMS);
1896 }
1897
09fd0de5 1898 hci_dev_lock(hdev);
55ed8ca1
JH		 1899
1900 hci_link_keys_clear(hdev);
1901
55ed8ca1 1902 if (cp->debug_keys)
a8b2d5c2 1903 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1904 else
a8b2d5c2 1905 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1906
a492cd52 1907 for (i = 0; i < key_count; i++) {
86742e1e 1908 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1909
d753fdc4 1910 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1911 key->type, key->pin_len);
55ed8ca1
JH		 1912 }
1913
bdb6d971 1914 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1915
09fd0de5 1916 hci_dev_unlock(hdev);
55ed8ca1 1917
a492cd52 1918 return 0;
55ed8ca1
JH		 1919}
1920
b1078ad0 1921static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1922 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1923{
1924 struct mgmt_ev_device_unpaired ev;
1925
1926 bacpy(&ev.addr.bdaddr, bdaddr);
1927 ev.addr.type = addr_type;
1928
1929 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1930 skip_sk);
b1078ad0
JH		 1931}
1932
bdb6d971 1933static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1934 u16 len)
55ed8ca1 1935{
124f6e35
JH		 1936 struct mgmt_cp_unpair_device *cp = data;
1937 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1938 struct hci_cp_disconnect dc;
1939 struct pending_cmd *cmd;
55ed8ca1 1940 struct hci_conn *conn;
55ed8ca1
JH		 1941 int err;
1942
a8a1d19e 1943 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1944 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1945 rp.addr.type = cp->addr.type;
a8a1d19e 1946
4ee71b20
JH		 1947 if (!bdaddr_type_is_valid(cp->addr.type))
1948 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1949 MGMT_STATUS_INVALID_PARAMS,
1950 &rp, sizeof(rp));
1951
118da70b
JH		 1952 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1953 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1954 MGMT_STATUS_INVALID_PARAMS,
1955 &rp, sizeof(rp));
1956
4ee71b20
JH		 1957 hci_dev_lock(hdev);
1958
86a8cfc6 1959 if (!hdev_is_powered(hdev)) {
bdb6d971 1960 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1961 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1962 goto unlock;
1963 }
1964
591f47f3 1965 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1966 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1967 else
1968 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1969
55ed8ca1 1970 if (err < 0) {
bdb6d971 1971 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1972 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1973 goto unlock;
1974 }
1975
86a8cfc6 1976 if (cp->disconnect) {
591f47f3 1977 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1979 &cp->addr.bdaddr);
86a8cfc6
JH		 1980 else
1981 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1982 &cp->addr.bdaddr);
86a8cfc6
JH		 1983 } else {
1984 conn = NULL;
1985 }
124f6e35 1986
a8a1d19e 1987 if (!conn) {
bdb6d971 1988 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1989 &rp, sizeof(rp));
b1078ad0 1990 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1991 goto unlock;
1992 }
55ed8ca1 1993
124f6e35 1994 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1995 sizeof(*cp));
a8a1d19e
JH		 1996 if (!cmd) {
1997 err = -ENOMEM;
1998 goto unlock;
55ed8ca1
JH		 1999 }
2000
eb55ef07 2001 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2002 dc.reason = 0x13; /* Remote User Terminated Connection */
2003 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2004 if (err < 0)
2005 mgmt_pending_remove(cmd);
2006
55ed8ca1 2007unlock:
09fd0de5 2008 hci_dev_unlock(hdev);
55ed8ca1
JH		 2009 return err;
2010}
2011
bdb6d971 2012static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2013 u16 len)
8962ee74 2014{
650f726d 2015 struct mgmt_cp_disconnect *cp = data;
06a63b19 2016 struct mgmt_rp_disconnect rp;
8962ee74 2017 struct hci_cp_disconnect dc;
366a0336 2018 struct pending_cmd *cmd;
8962ee74 2019 struct hci_conn *conn;
8962ee74
JH		 2020 int err;
2021
2022 BT_DBG("");
2023
06a63b19
JH		 2024 memset(&rp, 0, sizeof(rp));
2025 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2026 rp.addr.type = cp->addr.type;
2027
4ee71b20 2028 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2029 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2030 MGMT_STATUS_INVALID_PARAMS,
2031 &rp, sizeof(rp));
4ee71b20 2032
09fd0de5 2033 hci_dev_lock(hdev);
8962ee74
JH		 2034
2035 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2036 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2037 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2038 goto failed;
2039 }
2040
2e58ef3e 2041 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2042 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2043 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2044 goto failed;
2045 }
2046
591f47f3 2047 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2048 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2049 &cp->addr.bdaddr);
88c3df13
JH		 2050 else
2051 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2052
f960727e 2053 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2054 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2055 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2056 goto failed;
2057 }
2058
2e58ef3e 2059 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2060 if (!cmd) {
2061 err = -ENOMEM;
8962ee74 2062 goto failed;
366a0336 2063 }
8962ee74 2064
eb55ef07 2065 dc.handle = cpu_to_le16(conn->handle);
3701f944 2066 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2067
2068 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2069 if (err < 0)
a664b5bc 2070 mgmt_pending_remove(cmd);
8962ee74
JH		 2071
2072failed:
09fd0de5 2073 hci_dev_unlock(hdev);
8962ee74
JH		 2074 return err;
2075}
2076
57c1477c 2077static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2078{
2079 switch (link_type) {
2080 case LE_LINK:
48264f06
JH		 2081 switch (addr_type) {
2082 case ADDR_LE_DEV_PUBLIC:
591f47f3 2083 return BDADDR_LE_PUBLIC;
0ed09148 2084
48264f06 2085 default:
0ed09148 2086 /* Fallback to LE Random address type */
591f47f3 2087 return BDADDR_LE_RANDOM;
48264f06 2088 }
0ed09148 2089
4c659c39 2090 default:
0ed09148 2091 /* Fallback to BR/EDR type */
591f47f3 2092 return BDADDR_BREDR;
4c659c39
JH		 2093 }
2094}
2095
04124681
GP		 2096static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2097 u16 data_len)
2784eb41 2098{
2784eb41 2099 struct mgmt_rp_get_connections *rp;
8035ded4 2100 struct hci_conn *c;
a38528f1 2101 size_t rp_len;
60fc5fb6
JH		 2102 int err;
2103 u16 i;
2784eb41
JH		 2104
2105 BT_DBG("");
2106
09fd0de5 2107 hci_dev_lock(hdev);
2784eb41 2108
5f97c1df 2109 if (!hdev_is_powered(hdev)) {
bdb6d971 2110 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2111 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2112 goto unlock;
2113 }
2114
60fc5fb6 2115 i = 0;
b644ba33
JH		 2116 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2117 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2118 i++;
2784eb41
JH		 2119 }
2120
60fc5fb6 2121 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2122 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2123 if (!rp) {
2784eb41
JH		 2124 err = -ENOMEM;
2125 goto unlock;
2126 }
2127
2784eb41 2128 i = 0;
4c659c39 2129 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2130 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2131 continue;
4c659c39 2132 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2133 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2134 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2135 continue;
2136 i++;
2137 }
2138
eb55ef07 2139 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2140
4c659c39
JH		 2141 /* Recalculate length in case of filtered SCO connections, etc */
2142 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2143
bdb6d971 2144 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2145 rp_len);
2784eb41 2146
a38528f1 2147 kfree(rp);
5f97c1df
JH		 2148
2149unlock:
09fd0de5 2150 hci_dev_unlock(hdev);
2784eb41
JH		 2151 return err;
2152}
2153
bdb6d971 2154static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2155 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2156{
2157 struct pending_cmd *cmd;
2158 int err;
2159
2e58ef3e 2160 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2161 sizeof(*cp));
96d97a67
WR		 2162 if (!cmd)
2163 return -ENOMEM;
2164
d8457698 2165 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2166 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2167 if (err < 0)
2168 mgmt_pending_remove(cmd);
2169
2170 return err;
2171}
2172
bdb6d971 2173static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2174 u16 len)
980e1a53 2175{
96d97a67 2176 struct hci_conn *conn;
650f726d 2177 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2178 struct hci_cp_pin_code_reply reply;
366a0336 2179 struct pending_cmd *cmd;
980e1a53
JH		 2180 int err;
2181
2182 BT_DBG("");
2183
09fd0de5 2184 hci_dev_lock(hdev);
980e1a53 2185
4b34ee78 2186 if (!hdev_is_powered(hdev)) {
bdb6d971 2187 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2188 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2189 goto failed;
2190 }
2191
d8457698 2192 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2193 if (!conn) {
bdb6d971 2194 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2195 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2196 goto failed;
2197 }
2198
2199 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2200 struct mgmt_cp_pin_code_neg_reply ncp;
2201
2202 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2203
2204 BT_ERR("PIN code is not 16 bytes long");
2205
bdb6d971 2206 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2207 if (err >= 0)
bdb6d971 2208 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2209 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2210
2211 goto failed;
2212 }
2213
00abfe44 2214 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2215 if (!cmd) {
2216 err = -ENOMEM;
980e1a53 2217 goto failed;
366a0336 2218 }
980e1a53 2219
d8457698 2220 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2221 reply.pin_len = cp->pin_len;
24718ca5 2222 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2223
2224 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2225 if (err < 0)
a664b5bc 2226 mgmt_pending_remove(cmd);
980e1a53
JH		 2227
2228failed:
09fd0de5 2229 hci_dev_unlock(hdev);
980e1a53
JH		 2230 return err;
2231}
2232
04124681
GP		 2233static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2234 u16 len)
17fa4b9d 2235{
650f726d 2236 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2237
2238 BT_DBG("");
2239
09fd0de5 2240 hci_dev_lock(hdev);
17fa4b9d
JH		 2241
2242 hdev->io_capability = cp->io_capability;
2243
2244 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2245 hdev->io_capability);
17fa4b9d 2246
09fd0de5 2247 hci_dev_unlock(hdev);
17fa4b9d 2248
04124681
GP		 2249 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2250 0);
17fa4b9d
JH		 2251}
2252
6039aa73 2253static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2254{
2255 struct hci_dev *hdev = conn->hdev;
8035ded4 2256 struct pending_cmd *cmd;
e9a416b5 2257
2e58ef3e 2258 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2259 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2260 continue;
2261
e9a416b5
JH		 2262 if (cmd->user_data != conn)
2263 continue;
2264
2265 return cmd;
2266 }
2267
2268 return NULL;
2269}
2270
2271static void pairing_complete(struct pending_cmd *cmd, u8 status)
2272{
2273 struct mgmt_rp_pair_device rp;
2274 struct hci_conn *conn = cmd->user_data;
2275
ba4e564f 2276 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2277 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2278
aee9b218 2279 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2280 &rp, sizeof(rp));
e9a416b5
JH		 2281
2282 /* So we don't get further callbacks for this connection */
2283 conn->connect_cfm_cb = NULL;
2284 conn->security_cfm_cb = NULL;
2285 conn->disconn_cfm_cb = NULL;
2286
76a68ba0 2287 hci_conn_drop(conn);
e9a416b5 2288
a664b5bc 2289 mgmt_pending_remove(cmd);
e9a416b5
JH		 2290}
2291
2292static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2293{
2294 struct pending_cmd *cmd;
2295
2296 BT_DBG("status %u", status);
2297
2298 cmd = find_pairing(conn);
56e5cb86 2299 if (!cmd)
e9a416b5 2300 BT_DBG("Unable to find a pending command");
56e5cb86 2301 else
e211326c 2302 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2303}
2304
4c47d739
VA		 2305static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2306{
2307 struct pending_cmd *cmd;
2308
2309 BT_DBG("status %u", status);
2310
2311 if (!status)
2312 return;
2313
2314 cmd = find_pairing(conn);
2315 if (!cmd)
2316 BT_DBG("Unable to find a pending command");
2317 else
2318 pairing_complete(cmd, mgmt_status(status));
2319}
2320
bdb6d971 2321static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2322 u16 len)
e9a416b5 2323{
650f726d 2324 struct mgmt_cp_pair_device *cp = data;
1425acb7 2325 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2326 struct pending_cmd *cmd;
2327 u8 sec_level, auth_type;
2328 struct hci_conn *conn;
e9a416b5
JH		 2329 int err;
2330
2331 BT_DBG("");
2332
f950a30e
SJ		 2333 memset(&rp, 0, sizeof(rp));
2334 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2335 rp.addr.type = cp->addr.type;
2336
4ee71b20
JH		 2337 if (!bdaddr_type_is_valid(cp->addr.type))
2338 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2339 MGMT_STATUS_INVALID_PARAMS,
2340 &rp, sizeof(rp));
2341
09fd0de5 2342 hci_dev_lock(hdev);
e9a416b5 2343
5f97c1df 2344 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2345 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2346 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2347 goto unlock;
2348 }
2349
c908df36
VCG		 2350 sec_level = BT_SECURITY_MEDIUM;
2351 if (cp->io_cap == 0x03)
e9a416b5 2352 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2353 else
e9a416b5 2354 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2355
591f47f3 2356 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2357 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2358 cp->addr.type, sec_level, auth_type);
7a512d01 2359 else
b12f62cf
AG		 2360 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2361 cp->addr.type, sec_level, auth_type);
7a512d01 2362
30e76272 2363 if (IS_ERR(conn)) {
489dc48e
AK		 2364 int status;
2365
2366 if (PTR_ERR(conn) == -EBUSY)
2367 status = MGMT_STATUS_BUSY;
2368 else
2369 status = MGMT_STATUS_CONNECT_FAILED;
2370
bdb6d971 2371 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2372 status, &rp,
04124681 2373 sizeof(rp));
e9a416b5
JH		 2374 goto unlock;
2375 }
2376
2377 if (conn->connect_cfm_cb) {
76a68ba0 2378 hci_conn_drop(conn);
bdb6d971 2379 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2380 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2381 goto unlock;
2382 }
2383
2e58ef3e 2384 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2385 if (!cmd) {
2386 err = -ENOMEM;
76a68ba0 2387 hci_conn_drop(conn);
e9a416b5
JH		 2388 goto unlock;
2389 }
2390
7a512d01 2391 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2392 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2393 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2394 else
2395 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2396
e9a416b5
JH		 2397 conn->security_cfm_cb = pairing_complete_cb;
2398 conn->disconn_cfm_cb = pairing_complete_cb;
2399 conn->io_capability = cp->io_cap;
2400 cmd->user_data = conn;
2401
2402 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2403 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2404 pairing_complete(cmd, 0);
2405
2406 err = 0;
2407
2408unlock:
09fd0de5 2409 hci_dev_unlock(hdev);
e9a416b5
JH		 2410 return err;
2411}
2412
04124681
GP		 2413static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2414 u16 len)
28424707 2415{
0f4e68cf 2416 struct mgmt_addr_info *addr = data;
28424707
JH		 2417 struct pending_cmd *cmd;
2418 struct hci_conn *conn;
2419 int err;
2420
2421 BT_DBG("");
2422
28424707
JH		 2423 hci_dev_lock(hdev);
2424
5f97c1df 2425 if (!hdev_is_powered(hdev)) {
bdb6d971 2426 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2427 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2428 goto unlock;
2429 }
2430
28424707
JH		 2431 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2432 if (!cmd) {
bdb6d971 2433 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2434 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2435 goto unlock;
2436 }
2437
2438 conn = cmd->user_data;
2439
2440 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2441 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2442 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2443 goto unlock;
2444 }
2445
2446 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2447
bdb6d971 2448 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2449 addr, sizeof(*addr));
28424707
JH		 2450unlock:
2451 hci_dev_unlock(hdev);
28424707
JH		 2452 return err;
2453}
2454
bdb6d971 2455static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2456 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2457 u16 hci_op, __le32 passkey)
a5c29683 2458{
a5c29683 2459 struct pending_cmd *cmd;
0df4c185 2460 struct hci_conn *conn;
a5c29683
JH		 2461 int err;
2462
09fd0de5 2463 hci_dev_lock(hdev);
08ba5382 2464
4b34ee78 2465 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2466 err = cmd_complete(sk, hdev->id, mgmt_op,
2467 MGMT_STATUS_NOT_POWERED, addr,
2468 sizeof(*addr));
0df4c185 2469 goto done;
a5c29683
JH		 2470 }
2471
1707c60e
JH		 2472 if (addr->type == BDADDR_BREDR)
2473 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2474 else
1707c60e 2475 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2476
2477 if (!conn) {
feb94d3d
JH		 2478 err = cmd_complete(sk, hdev->id, mgmt_op,
2479 MGMT_STATUS_NOT_CONNECTED, addr,
2480 sizeof(*addr));
272d90df
JH		 2481 goto done;
2482 }
47c15e2b 2483
1707c60e 2484 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2485 /* Continue with pairing via SMP */
5fe57d9e
BG		 2486 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2487
2488 if (!err)
feb94d3d
JH		 2489 err = cmd_complete(sk, hdev->id, mgmt_op,
2490 MGMT_STATUS_SUCCESS, addr,
2491 sizeof(*addr));
5fe57d9e 2492 else
feb94d3d
JH		 2493 err = cmd_complete(sk, hdev->id, mgmt_op,
2494 MGMT_STATUS_FAILED, addr,
2495 sizeof(*addr));
47c15e2b 2496
47c15e2b
BG		 2497 goto done;
2498 }
2499
1707c60e 2500 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2501 if (!cmd) {
2502 err = -ENOMEM;
0df4c185 2503 goto done;
a5c29683
JH		 2504 }
2505
0df4c185 2506 /* Continue with pairing via HCI */
604086b7
BG		 2507 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2508 struct hci_cp_user_passkey_reply cp;
2509
1707c60e 2510 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2511 cp.passkey = passkey;
2512 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2513 } else
1707c60e
JH		 2514 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2515 &addr->bdaddr);
604086b7 2516
a664b5bc
JH		 2517 if (err < 0)
2518 mgmt_pending_remove(cmd);
a5c29683 2519
0df4c185 2520done:
09fd0de5 2521 hci_dev_unlock(hdev);
a5c29683
JH		 2522 return err;
2523}
2524
afeb019d
JK		 2525static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2526 void *data, u16 len)
2527{
2528 struct mgmt_cp_pin_code_neg_reply *cp = data;
2529
2530 BT_DBG("");
2531
1707c60e 2532 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2533 MGMT_OP_PIN_CODE_NEG_REPLY,
2534 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2535}
2536
04124681
GP		 2537static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2538 u16 len)
0df4c185 2539{
650f726d 2540 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2541
2542 BT_DBG("");
2543
2544 if (len != sizeof(*cp))
bdb6d971 2545 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2546 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2547
1707c60e 2548 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2549 MGMT_OP_USER_CONFIRM_REPLY,
2550 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2551}
2552
bdb6d971 2553static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2554 void *data, u16 len)
0df4c185 2555{
c9c2659f 2556 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2557
2558 BT_DBG("");
2559
1707c60e 2560 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2561 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2562 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2563}
2564
04124681
GP		 2565static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2566 u16 len)
604086b7 2567{
650f726d 2568 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2569
2570 BT_DBG("");
2571
1707c60e 2572 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2573 MGMT_OP_USER_PASSKEY_REPLY,
2574 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2575}
2576
bdb6d971 2577static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2578 void *data, u16 len)
604086b7 2579{
650f726d 2580 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2581
2582 BT_DBG("");
2583
1707c60e 2584 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2585 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2586 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2587}
2588
13928971 2589static void update_name(struct hci_request *req)
2b4bf397 2590{
13928971 2591 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2592 struct hci_cp_write_local_name cp;
2593
13928971 2594 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2595
890ea898 2596 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2597}
2598
13928971
JH		 2599static void set_name_complete(struct hci_dev *hdev, u8 status)
2600{
2601 struct mgmt_cp_set_local_name *cp;
2602 struct pending_cmd *cmd;
2603
2604 BT_DBG("status 0x%02x", status);
2605
2606 hci_dev_lock(hdev);
2607
2608 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2609 if (!cmd)
2610 goto unlock;
2611
2612 cp = cmd->param;
2613
2614 if (status)
2615 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2616 mgmt_status(status));
2617 else
2618 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2619 cp, sizeof(*cp));
2620
2621 mgmt_pending_remove(cmd);
2622
2623unlock:
2624 hci_dev_unlock(hdev);
2625}
2626
bdb6d971 2627static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2628 u16 len)
b312b161 2629{
2b4bf397 2630 struct mgmt_cp_set_local_name *cp = data;
b312b161 2631 struct pending_cmd *cmd;
890ea898 2632 struct hci_request req;
b312b161
JH		 2633 int err;
2634
2635 BT_DBG("");
2636
09fd0de5 2637 hci_dev_lock(hdev);
b312b161 2638
b3f2ca94
JH		 2639 /* If the old values are the same as the new ones just return a
2640 * direct command complete event.
2641 */
2642 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2643 !memcmp(hdev->short_name, cp->short_name,
2644 sizeof(hdev->short_name))) {
2645 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2646 data, len);
2647 goto failed;
2648 }
2649
2b4bf397 2650 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2651
b5235a65 2652 if (!hdev_is_powered(hdev)) {
2b4bf397 2653 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2654
2655 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2656 data, len);
28cc7bde
JH		 2657 if (err < 0)
2658 goto failed;
2659
2660 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2661 sk);
28cc7bde 2662
b5235a65
JH		 2663 goto failed;
2664 }
2665
28cc7bde 2666 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2667 if (!cmd) {
2668 err = -ENOMEM;
2669 goto failed;
2670 }
2671
13928971
JH		 2672 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2673
890ea898 2674 hci_req_init(&req, hdev);
3f985050
JH		 2675
2676 if (lmp_bredr_capable(hdev)) {
2677 update_name(&req);
2678 update_eir(&req);
2679 }
2680
2681 if (lmp_le_capable(hdev))
2682 hci_update_ad(&req);
2683
13928971 2684 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2685 if (err < 0)
2686 mgmt_pending_remove(cmd);
2687
2688failed:
09fd0de5 2689 hci_dev_unlock(hdev);
b312b161
JH		 2690 return err;
2691}
2692
0f4e68cf 2693static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2694 void *data, u16 data_len)
c35938b2 2695{
c35938b2
SJ		 2696 struct pending_cmd *cmd;
2697 int err;
2698
bdb6d971 2699 BT_DBG("%s", hdev->name);
c35938b2 2700
09fd0de5 2701 hci_dev_lock(hdev);
c35938b2 2702
4b34ee78 2703 if (!hdev_is_powered(hdev)) {
bdb6d971 2704 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2705 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2706 goto unlock;
2707 }
2708
9a1a1996 2709 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2710 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2711 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2712 goto unlock;
2713 }
2714
2e58ef3e 2715 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2716 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2717 MGMT_STATUS_BUSY);
c35938b2
SJ		 2718 goto unlock;
2719 }
2720
2e58ef3e 2721 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2722 if (!cmd) {
2723 err = -ENOMEM;
2724 goto unlock;
2725 }
2726
2727 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2728 if (err < 0)
2729 mgmt_pending_remove(cmd);
2730
2731unlock:
09fd0de5 2732 hci_dev_unlock(hdev);
c35938b2
SJ		 2733 return err;
2734}
2735
bdb6d971 2736static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2737 void *data, u16 len)
2763eda6 2738{
650f726d 2739 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2740 u8 status;
2763eda6
SJ		 2741 int err;
2742
bdb6d971 2743 BT_DBG("%s ", hdev->name);
2763eda6 2744
09fd0de5 2745 hci_dev_lock(hdev);
2763eda6 2746
664ce4cc 2747 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2748 cp->randomizer);
2763eda6 2749 if (err < 0)
bf1e3541 2750 status = MGMT_STATUS_FAILED;
2763eda6 2751 else
a6785be2 2752 status = MGMT_STATUS_SUCCESS;
bf1e3541 2753
bdb6d971 2754 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2755 &cp->addr, sizeof(cp->addr));
2763eda6 2756
09fd0de5 2757 hci_dev_unlock(hdev);
2763eda6
SJ		 2758 return err;
2759}
2760
bdb6d971 2761static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2762 void *data, u16 len)
2763eda6 2763{
650f726d 2764 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2765 u8 status;
2763eda6
SJ		 2766 int err;
2767
bdb6d971 2768 BT_DBG("%s", hdev->name);
2763eda6 2769
09fd0de5 2770 hci_dev_lock(hdev);
2763eda6 2771
664ce4cc 2772 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2773 if (err < 0)
bf1e3541 2774 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2775 else
a6785be2 2776 status = MGMT_STATUS_SUCCESS;
bf1e3541 2777
bdb6d971 2778 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2779 status, &cp->addr, sizeof(cp->addr));
2763eda6 2780
09fd0de5 2781 hci_dev_unlock(hdev);
2763eda6
SJ		 2782 return err;
2783}
2784
41dc2bd6
AG		 2785static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2786{
2787 struct pending_cmd *cmd;
2788 u8 type;
2789 int err;
2790
2791 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2792
2793 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2794 if (!cmd)
2795 return -ENOENT;
2796
2797 type = hdev->discovery.type;
2798
2799 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2800 &type, sizeof(type));
2801 mgmt_pending_remove(cmd);
2802
2803 return err;
2804}
2805
7c307720
AG		 2806static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2807{
2808 BT_DBG("status %d", status);
2809
2810 if (status) {
2811 hci_dev_lock(hdev);
2812 mgmt_start_discovery_failed(hdev, status);
2813 hci_dev_unlock(hdev);
2814 return;
2815 }
2816
2817 hci_dev_lock(hdev);
2818 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2819 hci_dev_unlock(hdev);
2820
2821 switch (hdev->discovery.type) {
2822 case DISCOV_TYPE_LE:
2823 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2824 DISCOV_LE_TIMEOUT);
7c307720
AG		 2825 break;
2826
2827 case DISCOV_TYPE_INTERLEAVED:
2828 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2829 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2830 break;
2831
2832 case DISCOV_TYPE_BREDR:
2833 break;
2834
2835 default:
2836 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2837 }
2838}
2839
bdb6d971 2840static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2841 void *data, u16 len)
14a53664 2842{
650f726d 2843 struct mgmt_cp_start_discovery *cp = data;
14a53664 2844 struct pending_cmd *cmd;
7c307720
AG		 2845 struct hci_cp_le_set_scan_param param_cp;
2846 struct hci_cp_le_set_scan_enable enable_cp;
2847 struct hci_cp_inquiry inq_cp;
2848 struct hci_request req;
2849 /* General inquiry access code (GIAC) */
2850 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2851 u8 status;
14a53664
JH		 2852 int err;
2853
bdb6d971 2854 BT_DBG("%s", hdev->name);
14a53664 2855
09fd0de5 2856 hci_dev_lock(hdev);
14a53664 2857
4b34ee78 2858 if (!hdev_is_powered(hdev)) {
bdb6d971 2859 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2860 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2861 goto failed;
2862 }
2863
642be6c7
AG		 2864 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2865 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2866 MGMT_STATUS_BUSY);
2867 goto failed;
2868 }
2869
ff9ef578 2870 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2871 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2872 MGMT_STATUS_BUSY);
ff9ef578
JH		 2873 goto failed;
2874 }
2875
2e58ef3e 2876 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2877 if (!cmd) {
2878 err = -ENOMEM;
2879 goto failed;
2880 }
2881
4aab14e5
AG		 2882 hdev->discovery.type = cp->type;
2883
7c307720
AG		 2884 hci_req_init(&req, hdev);
2885
4aab14e5 2886 switch (hdev->discovery.type) {
f39799f5 2887 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2888 status = mgmt_bredr_support(hdev);
2889 if (status) {
04106755 2890 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2891 status);
04106755
JH		 2892 mgmt_pending_remove(cmd);
2893 goto failed;
2894 }
2895
7c307720
AG		 2896 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2897 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2898 MGMT_STATUS_BUSY);
2899 mgmt_pending_remove(cmd);
2900 goto failed;
2901 }
2902
2903 hci_inquiry_cache_flush(hdev);
2904
2905 memset(&inq_cp, 0, sizeof(inq_cp));
2906 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2907 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2908 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2909 break;
2910
2911 case DISCOV_TYPE_LE:
7c307720 2912 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2913 status = mgmt_le_support(hdev);
2914 if (status) {
04106755 2915 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2916 status);
04106755
JH		 2917 mgmt_pending_remove(cmd);
2918 goto failed;
2919 }
2920
7c307720 2921 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2922 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2923 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2924 MGMT_STATUS_NOT_SUPPORTED);
2925 mgmt_pending_remove(cmd);
2926 goto failed;
2927 }
2928
f3d3444a 2929 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2930 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2931 MGMT_STATUS_REJECTED);
2932 mgmt_pending_remove(cmd);
2933 goto failed;
2934 }
2935
2936 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2937 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2938 MGMT_STATUS_BUSY);
2939 mgmt_pending_remove(cmd);
2940 goto failed;
2941 }
2942
2943 memset(&param_cp, 0, sizeof(param_cp));
2944 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2945 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2946 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2947 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2948 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2949 else
2950 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2951 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2952 &param_cp);
2953
2954 memset(&enable_cp, 0, sizeof(enable_cp));
2955 enable_cp.enable = LE_SCAN_ENABLE;
2956 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2957 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2958 &enable_cp);
5e0452c0
AG		 2959 break;
2960
f39799f5 2961 default:
04106755
JH		 2962 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2963 MGMT_STATUS_INVALID_PARAMS);
2964 mgmt_pending_remove(cmd);
2965 goto failed;
f39799f5 2966 }
3fd24153 2967
7c307720 2968 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2969 if (err < 0)
2970 mgmt_pending_remove(cmd);
ff9ef578
JH		 2971 else
2972 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2973
2974failed:
09fd0de5 2975 hci_dev_unlock(hdev);
14a53664
JH		 2976 return err;
2977}
2978
1183fdca
AG		 2979static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2980{
2981 struct pending_cmd *cmd;
2982 int err;
2983
2984 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2985 if (!cmd)
2986 return -ENOENT;
2987
2988 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2989 &hdev->discovery.type, sizeof(hdev->discovery.type));
2990 mgmt_pending_remove(cmd);
2991
2992 return err;
2993}
2994
0e05bba6
AG		 2995static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2996{
2997 BT_DBG("status %d", status);
2998
2999 hci_dev_lock(hdev);
3000
3001 if (status) {
3002 mgmt_stop_discovery_failed(hdev, status);
3003 goto unlock;
3004 }
3005
3006 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3007
3008unlock:
3009 hci_dev_unlock(hdev);
3010}
3011
bdb6d971 3012static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3013 u16 len)
14a53664 3014{
d930650b 3015 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3016 struct pending_cmd *cmd;
30dc78e1
JH		 3017 struct hci_cp_remote_name_req_cancel cp;
3018 struct inquiry_entry *e;
0e05bba6
AG		 3019 struct hci_request req;
3020 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3021 int err;
3022
bdb6d971 3023 BT_DBG("%s", hdev->name);
14a53664 3024
09fd0de5 3025 hci_dev_lock(hdev);
14a53664 3026
30dc78e1 3027 if (!hci_discovery_active(hdev)) {
bdb6d971 3028 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3029 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3030 sizeof(mgmt_cp->type));
d930650b
JH		 3031 goto unlock;
3032 }
3033
3034 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3035 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3036 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3037 sizeof(mgmt_cp->type));
30dc78e1 3038 goto unlock;
ff9ef578
JH		 3039 }
3040
2e58ef3e 3041 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3042 if (!cmd) {
3043 err = -ENOMEM;
30dc78e1
JH		 3044 goto unlock;
3045 }
3046
0e05bba6
AG		 3047 hci_req_init(&req, hdev);
3048
e0d9727e
AG		 3049 switch (hdev->discovery.state) {
3050 case DISCOVERY_FINDING:
0e05bba6
AG		 3051 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3052 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3053 } else {
3054 cancel_delayed_work(&hdev->le_scan_disable);
3055
3056 memset(&enable_cp, 0, sizeof(enable_cp));
3057 enable_cp.enable = LE_SCAN_DISABLE;
3058 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3059 sizeof(enable_cp), &enable_cp);
3060 }
c9ecc48e 3061
e0d9727e
AG		 3062 break;
3063
3064 case DISCOVERY_RESOLVING:
3065 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3066 NAME_PENDING);
e0d9727e 3067 if (!e) {
30dc78e1 3068 mgmt_pending_remove(cmd);
e0d9727e
AG		 3069 err = cmd_complete(sk, hdev->id,
3070 MGMT_OP_STOP_DISCOVERY, 0,
3071 &mgmt_cp->type,
3072 sizeof(mgmt_cp->type));
3073 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3074 goto unlock;
3075 }
30dc78e1 3076
e0d9727e 3077 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3078 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3079 &cp);
e0d9727e
AG		 3080
3081 break;
3082
3083 default:
3084 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3085
3086 mgmt_pending_remove(cmd);
3087 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3088 MGMT_STATUS_FAILED, &mgmt_cp->type,
3089 sizeof(mgmt_cp->type));
3090 goto unlock;
14a53664
JH		 3091 }
3092
0e05bba6 3093 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3094 if (err < 0)
3095 mgmt_pending_remove(cmd);
ff9ef578
JH		 3096 else
3097 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3098
30dc78e1 3099unlock:
09fd0de5 3100 hci_dev_unlock(hdev);
14a53664
JH		 3101 return err;
3102}
3103
bdb6d971 3104static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3105 u16 len)
561aafbc 3106{
650f726d 3107 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3108 struct inquiry_entry *e;
561aafbc
JH		 3109 int err;
3110
bdb6d971 3111 BT_DBG("%s", hdev->name);
561aafbc 3112
561aafbc
JH		 3113 hci_dev_lock(hdev);
3114
30dc78e1 3115 if (!hci_discovery_active(hdev)) {
bdb6d971 3116 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3117 MGMT_STATUS_FAILED);
30dc78e1
JH		 3118 goto failed;
3119 }
3120
a198e7b1 3121 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3122 if (!e) {
bdb6d971 3123 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3124 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3125 goto failed;
3126 }
3127
3128 if (cp->name_known) {
3129 e->name_state = NAME_KNOWN;
3130 list_del(&e->list);
3131 } else {
3132 e->name_state = NAME_NEEDED;
a3d4e20a 3133 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3134 }
3135
e384662b
JH		 3136 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3137 sizeof(cp->addr));
561aafbc
JH		 3138
3139failed:
3140 hci_dev_unlock(hdev);
561aafbc
JH		 3141 return err;
3142}
3143
bdb6d971 3144static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3145 u16 len)
7fbec224 3146{
650f726d 3147 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3148 u8 status;
7fbec224
AJ		 3149 int err;
3150
bdb6d971 3151 BT_DBG("%s", hdev->name);
7fbec224 3152
4ee71b20 3153 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3154 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3155 MGMT_STATUS_INVALID_PARAMS,
3156 &cp->addr, sizeof(cp->addr));
4ee71b20 3157
09fd0de5 3158 hci_dev_lock(hdev);
5e762444 3159
88c1fe4b 3160 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3161 if (err < 0)
f0eeea8b 3162 status = MGMT_STATUS_FAILED;
7fbec224 3163 else
a6785be2 3164 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3165
bdb6d971 3166 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3167 &cp->addr, sizeof(cp->addr));
5e762444 3168
09fd0de5 3169 hci_dev_unlock(hdev);
7fbec224
AJ		 3170
3171 return err;
3172}
3173
bdb6d971 3174static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3175 u16 len)
7fbec224 3176{
650f726d 3177 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3178 u8 status;
7fbec224
AJ		 3179 int err;
3180
bdb6d971 3181 BT_DBG("%s", hdev->name);
7fbec224 3182
4ee71b20 3183 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3184 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3185 MGMT_STATUS_INVALID_PARAMS,
3186 &cp->addr, sizeof(cp->addr));
4ee71b20 3187
09fd0de5 3188 hci_dev_lock(hdev);
5e762444 3189
88c1fe4b 3190 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3191 if (err < 0)
f0eeea8b 3192 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3193 else
a6785be2 3194 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3195
bdb6d971 3196 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3197 &cp->addr, sizeof(cp->addr));
5e762444 3198
09fd0de5 3199 hci_dev_unlock(hdev);
7fbec224
AJ		 3200
3201 return err;
3202}
3203
cdbaccca
MH		 3204static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3205 u16 len)
3206{
3207 struct mgmt_cp_set_device_id *cp = data;
890ea898 3208 struct hci_request req;
cdbaccca 3209 int err;
c72d4b8a 3210 __u16 source;
cdbaccca
MH		 3211
3212 BT_DBG("%s", hdev->name);
3213
c72d4b8a
SJ		 3214 source = __le16_to_cpu(cp->source);
3215
3216 if (source > 0x0002)
3217 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3218 MGMT_STATUS_INVALID_PARAMS);
3219
cdbaccca
MH		 3220 hci_dev_lock(hdev);
3221
c72d4b8a 3222 hdev->devid_source = source;
cdbaccca
MH		 3223 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3224 hdev->devid_product = __le16_to_cpu(cp->product);
3225 hdev->devid_version = __le16_to_cpu(cp->version);
3226
3227 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3228
890ea898
JH		 3229 hci_req_init(&req, hdev);
3230 update_eir(&req);
3231 hci_req_run(&req, NULL);
cdbaccca
MH		 3232
3233 hci_dev_unlock(hdev);
3234
3235 return err;
3236}
3237
4375f103
JH		 3238static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3239{
3240 struct cmd_lookup match = { NULL, hdev };
3241
3242 if (status) {
3243 u8 mgmt_err = mgmt_status(status);
3244
3245 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3246 cmd_status_rsp, &mgmt_err);
3247 return;
3248 }
3249
3250 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3251 &match);
3252
3253 new_settings(hdev, match.sk);
3254
3255 if (match.sk)
3256 sock_put(match.sk);
3257}
3258
21b5187f
MH		 3259static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3260 u16 len)
4375f103
JH		 3261{
3262 struct mgmt_mode *cp = data;
3263 struct pending_cmd *cmd;
3264 struct hci_request req;
e6fe7986 3265 u8 val, enabled, status;
4375f103
JH		 3266 int err;
3267
3268 BT_DBG("request for %s", hdev->name);
3269
e6fe7986
JH		 3270 status = mgmt_le_support(hdev);
3271 if (status)
4375f103 3272 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3273 status);
4375f103
JH		 3274
3275 if (cp->val != 0x00 && cp->val != 0x01)
3276 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3277 MGMT_STATUS_INVALID_PARAMS);
3278
3279 hci_dev_lock(hdev);
3280
3281 val = !!cp->val;
f3d3444a 3282 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3283
f74ca9b8
JH		 3284 /* The following conditions are ones which mean that we should
3285 * not do any HCI communication but directly send a mgmt
3286 * response to user space (after toggling the flag if
3287 * necessary).
3288 */
3289 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3290 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3291 bool changed = false;
3292
f3d3444a
JH		 3293 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3294 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3295 changed = true;
3296 }
3297
3298 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3299 if (err < 0)
3300 goto unlock;
3301
3302 if (changed)
3303 err = new_settings(hdev, sk);
3304
3305 goto unlock;
3306 }
3307
3308 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3309 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3310 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3311 MGMT_STATUS_BUSY);
3312 goto unlock;
3313 }
3314
3315 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3316 if (!cmd) {
3317 err = -ENOMEM;
3318 goto unlock;
3319 }
3320
3321 hci_req_init(&req, hdev);
3322
bba3aa55
MH		 3323 if (val)
3324 enable_advertising(&req);
3325 else
3326 disable_advertising(&req);
4375f103
JH		 3327
3328 err = hci_req_run(&req, set_advertising_complete);
3329 if (err < 0)
3330 mgmt_pending_remove(cmd);
3331
3332unlock:
3333 hci_dev_unlock(hdev);
3334 return err;
3335}
3336
d13eafce
MH		 3337static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3338 void *data, u16 len)
3339{
3340 struct mgmt_cp_set_static_address *cp = data;
3341 int err;
3342
3343 BT_DBG("%s", hdev->name);
3344
62af4443 3345 if (!lmp_le_capable(hdev))
d13eafce 3346 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3347 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3348
3349 if (hdev_is_powered(hdev))
3350 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3351 MGMT_STATUS_REJECTED);
3352
3353 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3354 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3355 return cmd_status(sk, hdev->id,
3356 MGMT_OP_SET_STATIC_ADDRESS,
3357 MGMT_STATUS_INVALID_PARAMS);
3358
3359 /* Two most significant bits shall be set */
3360 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3361 return cmd_status(sk, hdev->id,
3362 MGMT_OP_SET_STATIC_ADDRESS,
3363 MGMT_STATUS_INVALID_PARAMS);
3364 }
3365
3366 hci_dev_lock(hdev);
3367
3368 bacpy(&hdev->static_addr, &cp->bdaddr);
3369
3370 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3371
3372 hci_dev_unlock(hdev);
3373
3374 return err;
3375}
3376
14b49b9a
MH		 3377static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3378 void *data, u16 len)
3379{
3380 struct mgmt_cp_set_scan_params *cp = data;
3381 __u16 interval, window;
3382 int err;
3383
3384 BT_DBG("%s", hdev->name);
3385
3386 if (!lmp_le_capable(hdev))
3387 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3388 MGMT_STATUS_NOT_SUPPORTED);
3389
3390 interval = __le16_to_cpu(cp->interval);
3391
3392 if (interval < 0x0004 || interval > 0x4000)
3393 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3394 MGMT_STATUS_INVALID_PARAMS);
3395
3396 window = __le16_to_cpu(cp->window);
3397
3398 if (window < 0x0004 || window > 0x4000)
3399 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3400 MGMT_STATUS_INVALID_PARAMS);
3401
3402 hci_dev_lock(hdev);
3403
3404 hdev->le_scan_interval = interval;
3405 hdev->le_scan_window = window;
3406
3407 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3408
3409 hci_dev_unlock(hdev);
3410
3411 return err;
3412}
3413
33e38b3e
JH		 3414static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3415{
3416 struct pending_cmd *cmd;
3417
3418 BT_DBG("status 0x%02x", status);
3419
3420 hci_dev_lock(hdev);
3421
3422 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3423 if (!cmd)
3424 goto unlock;
3425
3426 if (status) {
3427 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3428 mgmt_status(status));
3429 } else {
1a4d3c4b
JH		 3430 struct mgmt_mode *cp = cmd->param;
3431
3432 if (cp->val)
3433 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3434 else
3435 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3436
33e38b3e
JH		 3437 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3438 new_settings(hdev, cmd->sk);
3439 }
3440
3441 mgmt_pending_remove(cmd);
3442
3443unlock:
3444 hci_dev_unlock(hdev);
3445}
3446
bdb6d971 3447static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3448 void *data, u16 len)
f6422ec6 3449{
650f726d 3450 struct mgmt_mode *cp = data;
33e38b3e
JH		 3451 struct pending_cmd *cmd;
3452 struct hci_request req;
f6422ec6
AJ		 3453 int err;
3454
bdb6d971 3455 BT_DBG("%s", hdev->name);
f6422ec6 3456
56f87901
JH		 3457 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3458 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3459 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3460 MGMT_STATUS_NOT_SUPPORTED);
3461
a7e80f25
JH		 3462 if (cp->val != 0x00 && cp->val != 0x01)
3463 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3464 MGMT_STATUS_INVALID_PARAMS);
3465
5400c044 3466 if (!hdev_is_powered(hdev))
bdb6d971 3467 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3468 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3469
3470 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3471 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3472 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3473
3474 hci_dev_lock(hdev);
3475
05cbf29f
JH		 3476 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3477 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3478 MGMT_STATUS_BUSY);
3479 goto unlock;
3480 }
3481
1a4d3c4b
JH		 3482 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3483 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3484 hdev);
3485 goto unlock;
3486 }
3487
33e38b3e
JH		 3488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3489 data, len);
3490 if (!cmd) {
3491 err = -ENOMEM;
3492 goto unlock;
f6422ec6
AJ		 3493 }
3494
33e38b3e
JH		 3495 hci_req_init(&req, hdev);
3496
406d7804 3497 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3498
3499 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3500 if (err < 0) {
bdb6d971 3501 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3502 MGMT_STATUS_FAILED);
33e38b3e 3503 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3504 }
3505
33e38b3e 3506unlock:
f6422ec6 3507 hci_dev_unlock(hdev);
33e38b3e 3508
f6422ec6
AJ		 3509 return err;
3510}
3511
0663ca2a
JH		 3512static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3513{
3514 struct pending_cmd *cmd;
3515
3516 BT_DBG("status 0x%02x", status);
3517
3518 hci_dev_lock(hdev);
3519
3520 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3521 if (!cmd)
3522 goto unlock;
3523
3524 if (status) {
3525 u8 mgmt_err = mgmt_status(status);
3526
3527 /* We need to restore the flag if related HCI commands
3528 * failed.
3529 */
3530 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3531
3532 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3533 } else {
3534 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3535 new_settings(hdev, cmd->sk);
3536 }
3537
3538 mgmt_pending_remove(cmd);
3539
3540unlock:
3541 hci_dev_unlock(hdev);
3542}
3543
3544static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3545{
3546 struct mgmt_mode *cp = data;
3547 struct pending_cmd *cmd;
3548 struct hci_request req;
3549 int err;
3550
3551 BT_DBG("request for %s", hdev->name);
3552
3553 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3554 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3555 MGMT_STATUS_NOT_SUPPORTED);
3556
3557 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3558 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3559 MGMT_STATUS_REJECTED);
3560
3561 if (cp->val != 0x00 && cp->val != 0x01)
3562 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3563 MGMT_STATUS_INVALID_PARAMS);
3564
3565 hci_dev_lock(hdev);
3566
3567 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3568 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3569 goto unlock;
3570 }
3571
3572 if (!hdev_is_powered(hdev)) {
3573 if (!cp->val) {
3574 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3575 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3576 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3577 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3578 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3579 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3580 }
3581
3582 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3583
3584 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3585 if (err < 0)
3586 goto unlock;
3587
3588 err = new_settings(hdev, sk);
3589 goto unlock;
3590 }
3591
3592 /* Reject disabling when powered on */
3593 if (!cp->val) {
3594 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3595 MGMT_STATUS_REJECTED);
3596 goto unlock;
3597 }
3598
3599 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3600 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3601 MGMT_STATUS_BUSY);
3602 goto unlock;
3603 }
3604
3605 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3606 if (!cmd) {
3607 err = -ENOMEM;
3608 goto unlock;
3609 }
3610
3611 /* We need to flip the bit already here so that hci_update_ad
3612 * generates the correct flags.
3613 */
3614 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3615
3616 hci_req_init(&req, hdev);
3617 hci_update_ad(&req);
3618 err = hci_req_run(&req, set_bredr_complete);
3619 if (err < 0)
3620 mgmt_pending_remove(cmd);
3621
3622unlock:
3623 hci_dev_unlock(hdev);
3624 return err;
3625}
3626
3f706b72
JH		 3627static bool ltk_is_valid(struct mgmt_ltk_info *key)
3628{
44b20d33
JH		 3629 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3630 return false;
3f706b72
JH		 3631 if (key->master != 0x00 && key->master != 0x01)
3632 return false;
4ee71b20
JH		 3633 if (!bdaddr_type_is_le(key->addr.type))
3634 return false;
3f706b72
JH		 3635 return true;
3636}
3637
bdb6d971 3638static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3639 void *cp_data, u16 len)
346af67b 3640{
346af67b
VCG		 3641 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3642 u16 key_count, expected_len;
715a5bf2 3643 int i, err;
346af67b 3644
cf99ba13
MH		 3645 BT_DBG("request for %s", hdev->name);
3646
3647 if (!lmp_le_capable(hdev))
3648 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3649 MGMT_STATUS_NOT_SUPPORTED);
3650
1f350c87 3651 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3652
3653 expected_len = sizeof(*cp) + key_count *
3654 sizeof(struct mgmt_ltk_info);
3655 if (expected_len != len) {
3656 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3657 len, expected_len);
bdb6d971 3658 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3659 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3660 }
3661
bdb6d971 3662 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3663
54ad6d8a
JH		 3664 for (i = 0; i < key_count; i++) {
3665 struct mgmt_ltk_info *key = &cp->keys[i];
3666
3f706b72 3667 if (!ltk_is_valid(key))
54ad6d8a
JH		 3668 return cmd_status(sk, hdev->id,
3669 MGMT_OP_LOAD_LONG_TERM_KEYS,
3670 MGMT_STATUS_INVALID_PARAMS);
3671 }
3672
346af67b
VCG		 3673 hci_dev_lock(hdev);
3674
3675 hci_smp_ltks_clear(hdev);
3676
3677 for (i = 0; i < key_count; i++) {
3678 struct mgmt_ltk_info *key = &cp->keys[i];
3679 u8 type;
3680
3681 if (key->master)
3682 type = HCI_SMP_LTK;
3683 else
3684 type = HCI_SMP_LTK_SLAVE;
3685
4596fde5 3686 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3687 bdaddr_to_le(key->addr.type),
04124681
GP		 3688 type, 0, key->authenticated, key->val,
3689 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3690 }
3691
715a5bf2
JH		 3692 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3693 NULL, 0);
3694
346af67b 3695 hci_dev_unlock(hdev);
346af67b 3696
715a5bf2 3697 return err;
346af67b
VCG		 3698}
3699
2e3c35ea 3700static const struct mgmt_handler {
04124681
GP		 3701 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3702 u16 data_len);
be22b54e
JH		 3703 bool var_len;
3704 size_t data_len;
0f4e68cf
JH		 3705} mgmt_handlers[] = {
3706 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3707 { read_version, false, MGMT_READ_VERSION_SIZE },
3708 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3709 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3710 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3711 { set_powered, false, MGMT_SETTING_SIZE },
3712 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3713 { set_connectable, false, MGMT_SETTING_SIZE },
3714 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3715 { set_pairable, false, MGMT_SETTING_SIZE },
3716 { set_link_security, false, MGMT_SETTING_SIZE },
3717 { set_ssp, false, MGMT_SETTING_SIZE },
3718 { set_hs, false, MGMT_SETTING_SIZE },
3719 { set_le, false, MGMT_SETTING_SIZE },
3720 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3721 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3722 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3723 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3724 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3725 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3726 { disconnect, false, MGMT_DISCONNECT_SIZE },
3727 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3728 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3729 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3730 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3731 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3732 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3733 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3734 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3735 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3736 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3737 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3738 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3739 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3740 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3741 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3742 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3743 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3744 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3745 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3746 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3747 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3748 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3749 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 3750 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 3751};
3752
3753
0381101f
JH		 3754int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3755{
650f726d
VCG		 3756 void *buf;
3757 u8 *cp;
0381101f 3758 struct mgmt_hdr *hdr;
4e51eae9 3759 u16 opcode, index, len;
bdb6d971 3760 struct hci_dev *hdev = NULL;
2e3c35ea 3761 const struct mgmt_handler *handler;
0381101f
JH		 3762 int err;
3763
3764 BT_DBG("got %zu bytes", msglen);
3765
3766 if (msglen < sizeof(*hdr))
3767 return -EINVAL;
3768
e63a15ec 3769 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3770 if (!buf)
3771 return -ENOMEM;
3772
3773 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3774 err = -EFAULT;
3775 goto done;
3776 }
3777
650f726d 3778 hdr = buf;
1f350c87
MH		 3779 opcode = __le16_to_cpu(hdr->opcode);
3780 index = __le16_to_cpu(hdr->index);
3781 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3782
3783 if (len != msglen - sizeof(*hdr)) {
3784 err = -EINVAL;
3785 goto done;
3786 }
3787
0f4e68cf 3788 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3789 hdev = hci_dev_get(index);
3790 if (!hdev) {
3791 err = cmd_status(sk, index, opcode,
04124681 3792 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3793 goto done;
3794 }
0736cfa8 3795
cebf4cfd
JH		 3796 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3797 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 3798 err = cmd_status(sk, index, opcode,
3799 MGMT_STATUS_INVALID_INDEX);
3800 goto done;
3801 }
bdb6d971
JH		 3802 }
3803
0f4e68cf 3804 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3805 mgmt_handlers[opcode].func == NULL) {
0381101f 3806 BT_DBG("Unknown op %u", opcode);
ca69b795 3807 err = cmd_status(sk, index, opcode,
04124681 3808 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3809 goto done;
3810 }
3811
3812 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3813 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3814 err = cmd_status(sk, index, opcode,
04124681 3815 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3816 goto done;
0381101f
JH		 3817 }
3818
be22b54e
JH		 3819 handler = &mgmt_handlers[opcode];
3820
3821 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3822 (!handler->var_len && len != handler->data_len)) {
be22b54e 3823 err = cmd_status(sk, index, opcode,
04124681 3824 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3825 goto done;
3826 }
3827
0f4e68cf
JH		 3828 if (hdev)
3829 mgmt_init_hdev(sk, hdev);
3830
3831 cp = buf + sizeof(*hdr);
3832
be22b54e 3833 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3834 if (err < 0)
3835 goto done;
3836
0381101f
JH		 3837 err = msglen;
3838
3839done:
bdb6d971
JH		 3840 if (hdev)
3841 hci_dev_put(hdev);
3842
0381101f
JH		 3843 kfree(buf);
3844 return err;
3845}
c71e97bf 3846
bf6b56db 3847void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3848{
1514b892 3849 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3850 return;
bb4b2a9a 3851
bf6b56db 3852 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3853}
3854
bf6b56db 3855void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3856{
5f159032 3857 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3858
1514b892 3859 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3860 return;
bb4b2a9a 3861
744cf19e 3862 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3863
bf6b56db 3864 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3865}
3866
890ea898 3867static void set_bredr_scan(struct hci_request *req)
7f0ae647 3868{
890ea898 3869 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3870 u8 scan = 0;
3871
4c01f8b8
JH		 3872 /* Ensure that fast connectable is disabled. This function will
3873 * not do anything if the page scan parameters are already what
3874 * they should be.
3875 */
3876 write_fast_connectable(req, false);
3877
7f0ae647
JH		 3878 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3879 scan |= SCAN_PAGE;
3880 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3881 scan |= SCAN_INQUIRY;
3882
890ea898
JH		 3883 if (scan)
3884 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3885}
3886
229ab39c
JH		 3887static void powered_complete(struct hci_dev *hdev, u8 status)
3888{
3889 struct cmd_lookup match = { NULL, hdev };
3890
3891 BT_DBG("status 0x%02x", status);
3892
3893 hci_dev_lock(hdev);
3894
3895 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3896
3897 new_settings(hdev, match.sk);
3898
3899 hci_dev_unlock(hdev);
3900
3901 if (match.sk)
3902 sock_put(match.sk);
3903}
3904
70da6243 3905static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3906{
890ea898 3907 struct hci_request req;
70da6243 3908 u8 link_sec;
5add6af8 3909
890ea898
JH		 3910 hci_req_init(&req, hdev);
3911
70da6243
JH		 3912 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3913 !lmp_host_ssp_capable(hdev)) {
3914 u8 ssp = 1;
5e5282bb 3915
890ea898 3916 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3917 }
5add6af8 3918
c73eee91
JH		 3919 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3920 lmp_bredr_capable(hdev)) {
70da6243 3921 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3922
70da6243
JH		 3923 cp.le = 1;
3924 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3925
70da6243
JH		 3926 /* Check first if we already have the right
3927 * host state (host features set)
3928 */
3929 if (cp.le != lmp_host_le_capable(hdev) ||
3930 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3931 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3932 sizeof(cp), &cp);
0663ca2a
JH		 3933
3934 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3935 hci_update_ad(&req);
70da6243 3936 }
3d1cbdd6 3937
d13eafce
MH		 3938 if (lmp_le_capable(hdev)) {
3939 /* Set random address to static address if configured */
3940 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3941 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3942 &hdev->static_addr);
eeca6f89 3943
bba3aa55
MH		 3944 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3945 enable_advertising(&req);
eeca6f89
JH		 3946 }
3947
70da6243
JH		 3948 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3949 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3950 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3951 sizeof(link_sec), &link_sec);
562fcc24 3952
70da6243 3953 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3954 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3955 set_bredr_scan(&req);
890ea898 3956 update_class(&req);
13928971 3957 update_name(&req);
890ea898 3958 update_eir(&req);
70da6243 3959 }
562fcc24 3960
229ab39c 3961 return hci_req_run(&req, powered_complete);
70da6243 3962}
562fcc24 3963
70da6243
JH		 3964int mgmt_powered(struct hci_dev *hdev, u8 powered)
3965{
3966 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3967 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3968 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3969 int err;
f0ff92fb 3970
70da6243
JH		 3971 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3972 return 0;
3973
70da6243 3974 if (powered) {
229ab39c
JH		 3975 if (powered_update_hci(hdev) == 0)
3976 return 0;
fe038884 3977
229ab39c
JH		 3978 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3979 &match);
3980 goto new_settings;
b24752fe
JH		 3981 }
3982
229ab39c
JH		 3983 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3984 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3985
3986 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3987 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3988 zero_cod, sizeof(zero_cod), NULL);
3989
3990new_settings:
beadb2bd 3991 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3992
3993 if (match.sk)
3994 sock_put(match.sk);
3995
7bb895d6 3996 return err;
5add6af8 3997}
73f22f62 3998
3eec705e 3999void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4000{
4001 struct pending_cmd *cmd;
4002 u8 status;
4003
4004 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4005 if (!cmd)
3eec705e 4006 return;
96570ffc
JH		 4007
4008 if (err == -ERFKILL)
4009 status = MGMT_STATUS_RFKILLED;
4010 else
4011 status = MGMT_STATUS_FAILED;
4012
3eec705e 4013 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4014
4015 mgmt_pending_remove(cmd);
96570ffc
JH		 4016}
4017
744cf19e 4018int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4019{
76a7f3a4 4020 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 4021 bool changed = false;
4022 int err = 0;
73f22f62 4023
5e5282bb
JH		 4024 if (discoverable) {
4025 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4026 changed = true;
4027 } else {
4028 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4029 changed = true;
4030 }
73f22f62 4031
ed9b5f2f 4032 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 4033 &match);
ed9b5f2f 4034
beadb2bd
JH		 4035 if (changed)
4036 err = new_settings(hdev, match.sk);
5e5282bb 4037
73f22f62
JH		 4038 if (match.sk)
4039 sock_put(match.sk);
4040
7bb895d6 4041 return err;
73f22f62 4042}
9fbcbb45 4043
744cf19e 4044int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4045{
2b76f453 4046 struct pending_cmd *cmd;
5e5282bb
JH		 4047 bool changed = false;
4048 int err = 0;
9fbcbb45 4049
5e5282bb
JH		 4050 if (connectable) {
4051 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4052 changed = true;
4053 } else {
4054 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4055 changed = true;
4056 }
9fbcbb45 4057
2b76f453 4058 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 4059
beadb2bd 4060 if (changed)
2b76f453 4061 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 4062
7bb895d6 4063 return err;
9fbcbb45 4064}
55ed8ca1 4065
744cf19e 4066int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4067{
ca69b795
JH		 4068 u8 mgmt_err = mgmt_status(status);
4069
2d7cee58 4070 if (scan & SCAN_PAGE)
744cf19e 4071 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4072 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4073
4074 if (scan & SCAN_INQUIRY)
744cf19e 4075 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4076 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4077
4078 return 0;
4079}
4080
53168e5b
CC		 4081int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4082 bool persistent)
55ed8ca1 4083{
86742e1e 4084 struct mgmt_ev_new_link_key ev;
55ed8ca1 4085
a492cd52 4086 memset(&ev, 0, sizeof(ev));
55ed8ca1 4087
a492cd52 4088 ev.store_hint = persistent;
d753fdc4 4089 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4090 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4091 ev.key.type = key->type;
9b3b4460 4092 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4093 ev.key.pin_len = key->pin_len;
55ed8ca1 4094
744cf19e 4095 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4096}
f7520543 4097
346af67b
VCG		 4098int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4099{
4100 struct mgmt_ev_new_long_term_key ev;
4101
4102 memset(&ev, 0, sizeof(ev));
4103
4104 ev.store_hint = persistent;
4105 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4106 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4107 ev.key.authenticated = key->authenticated;
4108 ev.key.enc_size = key->enc_size;
4109 ev.key.ediv = key->ediv;
4110
4111 if (key->type == HCI_SMP_LTK)
4112 ev.key.master = 1;
4113
4114 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4115 memcpy(ev.key.val, key->val, sizeof(key->val));
4116
04124681
GP		 4117 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4118 NULL);
346af67b
VCG		 4119}
4120
ecd90ae7
MH		 4121void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4122 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4123 u8 *dev_class)
f7520543 4124{
b644ba33
JH		 4125 char buf[512];
4126 struct mgmt_ev_device_connected *ev = (void *) buf;
4127 u16 eir_len = 0;
f7520543 4128
b644ba33 4129 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4130 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4131
c95f0ba7 4132 ev->flags = __cpu_to_le32(flags);
08c79b61 4133
b644ba33
JH		 4134 if (name_len > 0)
4135 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4136 name, name_len);
b644ba33
JH		 4137
4138 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4139 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4140 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4141
eb55ef07 4142 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4143
ecd90ae7
MH		 4144 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4145 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4146}
4147
8962ee74
JH		 4148static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4149{
c68fb7ff 4150 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4151 struct sock **sk = data;
a38528f1 4152 struct mgmt_rp_disconnect rp;
8962ee74 4153
88c3df13
JH		 4154 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4155 rp.addr.type = cp->addr.type;
8962ee74 4156
aee9b218 4157 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4158 sizeof(rp));
8962ee74
JH		 4159
4160 *sk = cmd->sk;
4161 sock_hold(*sk);
4162
a664b5bc 4163 mgmt_pending_remove(cmd);
8962ee74
JH		 4164}
4165
124f6e35 4166static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4167{
b1078ad0 4168 struct hci_dev *hdev = data;
124f6e35
JH		 4169 struct mgmt_cp_unpair_device *cp = cmd->param;
4170 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4171
4172 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4173 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4174 rp.addr.type = cp->addr.type;
a8a1d19e 4175
b1078ad0
JH		 4176 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4177
aee9b218 4178 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4179
4180 mgmt_pending_remove(cmd);
4181}
4182
9b80ec5e
MH		 4183void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4184 u8 link_type, u8 addr_type, u8 reason)
f7520543 4185{
f0d6a0ea 4186 struct mgmt_ev_device_disconnected ev;
8962ee74 4187 struct sock *sk = NULL;
8962ee74 4188
744cf19e 4189 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4190
f0d6a0ea
MA		 4191 bacpy(&ev.addr.bdaddr, bdaddr);
4192 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4193 ev.reason = reason;
f7520543 4194
9b80ec5e 4195 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4196
4197 if (sk)
d97dcb66 4198 sock_put(sk);
8962ee74 4199
124f6e35 4200 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4201 hdev);
8962ee74
JH		 4202}
4203
7892924c
MH		 4204void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4205 u8 link_type, u8 addr_type, u8 status)
8962ee74 4206{
88c3df13 4207 struct mgmt_rp_disconnect rp;
8962ee74 4208 struct pending_cmd *cmd;
8962ee74 4209
36a75f1b
JD		 4210 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4211 hdev);
4212
2e58ef3e 4213 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4214 if (!cmd)
7892924c 4215 return;
8962ee74 4216
88c3df13 4217 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4218 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4219
7892924c
MH		 4220 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4221 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4222
a664b5bc 4223 mgmt_pending_remove(cmd);
f7520543 4224}
17d5c04c 4225
445608d0
MH		 4226void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4227 u8 addr_type, u8 status)
17d5c04c
JH		 4228{
4229 struct mgmt_ev_connect_failed ev;
4230
4c659c39 4231 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4232 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4233 ev.status = mgmt_status(status);
17d5c04c 4234
445608d0 4235 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4236}
980e1a53 4237
744cf19e 4238int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4239{
4240 struct mgmt_ev_pin_code_request ev;
4241
d8457698 4242 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4243 ev.addr.type = BDADDR_BREDR;
a770bb5a 4244 ev.secure = secure;
980e1a53 4245
744cf19e 4246 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4247 NULL);
980e1a53
JH		 4248}
4249
744cf19e 4250int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4251 u8 status)
980e1a53
JH		 4252{
4253 struct pending_cmd *cmd;
ac56fb13 4254 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4255 int err;
4256
2e58ef3e 4257 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4258 if (!cmd)
4259 return -ENOENT;
4260
d8457698 4261 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4262 rp.addr.type = BDADDR_BREDR;
ac56fb13 4263
aee9b218 4264 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4265 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4266
a664b5bc 4267 mgmt_pending_remove(cmd);
980e1a53
JH		 4268
4269 return err;
4270}
4271
744cf19e 4272int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4273 u8 status)
980e1a53
JH		 4274{
4275 struct pending_cmd *cmd;
ac56fb13 4276 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4277 int err;
4278
2e58ef3e 4279 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4280 if (!cmd)
4281 return -ENOENT;
4282
d8457698 4283 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4284 rp.addr.type = BDADDR_BREDR;
ac56fb13 4285
aee9b218 4286 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4287 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4288
a664b5bc 4289 mgmt_pending_remove(cmd);
980e1a53
JH		 4290
4291 return err;
4292}
a5c29683 4293
744cf19e 4294int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4295 u8 link_type, u8 addr_type, __le32 value,
4296 u8 confirm_hint)
a5c29683
JH		 4297{
4298 struct mgmt_ev_user_confirm_request ev;
4299
744cf19e 4300 BT_DBG("%s", hdev->name);
a5c29683 4301
272d90df 4302 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4303 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4304 ev.confirm_hint = confirm_hint;
78e8098e 4305 ev.value = value;
a5c29683 4306
744cf19e 4307 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4308 NULL);
a5c29683
JH		 4309}
4310
272d90df 4311int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4312 u8 link_type, u8 addr_type)
604086b7
BG		 4313{
4314 struct mgmt_ev_user_passkey_request ev;
4315
4316 BT_DBG("%s", hdev->name);
4317
272d90df 4318 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4319 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4320
4321 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4322 NULL);
604086b7
BG		 4323}
4324
0df4c185 4325static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4326 u8 link_type, u8 addr_type, u8 status,
4327 u8 opcode)
a5c29683
JH		 4328{
4329 struct pending_cmd *cmd;
4330 struct mgmt_rp_user_confirm_reply rp;
4331 int err;
4332
2e58ef3e 4333 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4334 if (!cmd)
4335 return -ENOENT;
4336
272d90df 4337 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4338 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4339 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4340 &rp, sizeof(rp));
a5c29683 4341
a664b5bc 4342 mgmt_pending_remove(cmd);
a5c29683
JH		 4343
4344 return err;
4345}
4346
744cf19e 4347int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4348 u8 link_type, u8 addr_type, u8 status)
a5c29683 4349{
272d90df 4350 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4351 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4352}
4353
272d90df 4354int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4355 u8 link_type, u8 addr_type, u8 status)
a5c29683 4356{
272d90df 4357 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4358 status,
4359 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4360}
2a611692 4361
604086b7 4362int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4363 u8 link_type, u8 addr_type, u8 status)
604086b7 4364{
272d90df 4365 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4366 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4367}
4368
272d90df 4369int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4370 u8 link_type, u8 addr_type, u8 status)
604086b7 4371{
272d90df 4372 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4373 status,
4374 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4375}
4376
92a25256
JH		 4377int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4378 u8 link_type, u8 addr_type, u32 passkey,
4379 u8 entered)
4380{
4381 struct mgmt_ev_passkey_notify ev;
4382
4383 BT_DBG("%s", hdev->name);
4384
4385 bacpy(&ev.addr.bdaddr, bdaddr);
4386 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4387 ev.passkey = __cpu_to_le32(passkey);
4388 ev.entered = entered;
4389
4390 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4391}
4392
bab73cb6 4393int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4394 u8 addr_type, u8 status)
2a611692
JH		 4395{
4396 struct mgmt_ev_auth_failed ev;
4397
bab73cb6 4398 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4399 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4400 ev.status = mgmt_status(status);
2a611692 4401
744cf19e 4402 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4403}
b312b161 4404
33ef95ed
JH		 4405int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4406{
4407 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4408 bool changed = false;
4409 int err = 0;
33ef95ed
JH		 4410
4411 if (status) {
4412 u8 mgmt_err = mgmt_status(status);
4413 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4414 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4415 return 0;
4416 }
4417
47990ea0
JH		 4418 if (test_bit(HCI_AUTH, &hdev->flags)) {
4419 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4420 changed = true;
4421 } else {
4422 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4423 changed = true;
4424 }
4425
33ef95ed 4426 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4427 &match);
33ef95ed 4428
47990ea0
JH		 4429 if (changed)
4430 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4431
4432 if (match.sk)
4433 sock_put(match.sk);
4434
4435 return err;
4436}
4437
890ea898 4438static void clear_eir(struct hci_request *req)
cacaf52f 4439{
890ea898 4440 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4441 struct hci_cp_write_eir cp;
4442
976eb20e 4443 if (!lmp_ext_inq_capable(hdev))
890ea898 4444 return;
cacaf52f 4445
c80da27e
JH		 4446 memset(hdev->eir, 0, sizeof(hdev->eir));
4447
cacaf52f
JH		 4448 memset(&cp, 0, sizeof(cp));
4449
890ea898 4450 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4451}
4452
c0ecddc2 4453int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4454{
4455 struct cmd_lookup match = { NULL, hdev };
890ea898 4456 struct hci_request req;
c0ecddc2
JH		 4457 bool changed = false;
4458 int err = 0;
ed2c4ee3
JH		 4459
4460 if (status) {
4461 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4462
4463 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4464 &hdev->dev_flags)) {
4465 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2 4466 err = new_settings(hdev, NULL);
9ecb3e24 4467 }
c0ecddc2 4468
04124681
GP		 4469 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4470 &mgmt_err);
c0ecddc2
JH		 4471
4472 return err;
4473 }
4474
4475 if (enable) {
9ecb3e24 4476 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4477 } else {
9ecb3e24
MH		 4478 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4479 if (!changed)
4480 changed = test_and_clear_bit(HCI_HS_ENABLED,
4481 &hdev->dev_flags);
4482 else
4483 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4484 }
4485
4486 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4487
c0ecddc2
JH		 4488 if (changed)
4489 err = new_settings(hdev, match.sk);
ed2c4ee3 4490
5fc6ebb1 4491 if (match.sk)
ed2c4ee3
JH		 4492 sock_put(match.sk);
4493
890ea898
JH		 4494 hci_req_init(&req, hdev);
4495
5fc6ebb1 4496 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4497 update_eir(&req);
5fc6ebb1 4498 else
890ea898
JH		 4499 clear_eir(&req);
4500
4501 hci_req_run(&req, NULL);
cacaf52f 4502
ed2c4ee3
JH		 4503 return err;
4504}
4505
92da6097 4506static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4507{
4508 struct cmd_lookup *match = data;
4509
90e70454
JH		 4510 if (match->sk == NULL) {
4511 match->sk = cmd->sk;
4512 sock_hold(match->sk);
4513 }
90e70454
JH		 4514}
4515
7f9a903c 4516int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4517 u8 status)
7f9a903c 4518{
90e70454
JH		 4519 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4520 int err = 0;
7f9a903c 4521
92da6097
JH		 4522 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4523 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4524 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4525
4526 if (!status)
04124681
GP		 4527 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4528 3, NULL);
90e70454
JH		 4529
4530 if (match.sk)
4531 sock_put(match.sk);
7f9a903c
MH		 4532
4533 return err;
4534}
4535
744cf19e 4536int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4537{
b312b161 4538 struct mgmt_cp_set_local_name ev;
13928971 4539 struct pending_cmd *cmd;
28cc7bde 4540
13928971
JH		 4541 if (status)
4542 return 0;
b312b161
JH		 4543
4544 memset(&ev, 0, sizeof(ev));
4545 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4546 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4547
2e58ef3e 4548 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4549 if (!cmd) {
4550 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4551
13928971
JH		 4552 /* If this is a HCI command related to powering on the
4553 * HCI dev don't send any mgmt signals.
4554 */
4555 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4556 return 0;
890ea898 4557 }
b312b161 4558
13928971
JH		 4559 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4560 cmd ? cmd->sk : NULL);
b312b161 4561}
c35938b2 4562
744cf19e 4563int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4564 u8 *randomizer, u8 status)
c35938b2
SJ		 4565{
4566 struct pending_cmd *cmd;
4567 int err;
4568
744cf19e 4569 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4570
2e58ef3e 4571 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4572 if (!cmd)
4573 return -ENOENT;
4574
4575 if (status) {
04124681
GP		 4576 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4577 mgmt_status(status));
c35938b2
SJ		 4578 } else {
4579 struct mgmt_rp_read_local_oob_data rp;
4580
4581 memcpy(rp.hash, hash, sizeof(rp.hash));
4582 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4583
744cf19e 4584 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4585 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4586 sizeof(rp));
c35938b2
SJ		 4587 }
4588
4589 mgmt_pending_remove(cmd);
4590
4591 return err;
4592}
e17acd40 4593
901801b9
MH		 4594void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4595 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4596 ssp, u8 *eir, u16 eir_len)
e17acd40 4597{
e319d2e7
JH		 4598 char buf[512];
4599 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4600 size_t ev_size;
e17acd40 4601
12602d0c 4602 if (!hci_discovery_active(hdev))
901801b9 4603 return;
12602d0c 4604
1dc06093
JH		 4605 /* Leave 5 bytes for a potential CoD field */
4606 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4607 return;
7d262f86 4608
1dc06093
JH		 4609 memset(buf, 0, sizeof(buf));
4610
e319d2e7 4611 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4612 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4613 ev->rssi = rssi;
9a395a80 4614 if (cfm_name)
612dfce9 4615 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4616 if (!ssp)
612dfce9 4617 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4618
1dc06093 4619 if (eir_len > 0)
e319d2e7 4620 memcpy(ev->eir, eir, eir_len);
e17acd40 4621
1dc06093
JH		 4622 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4623 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4624 dev_class, 3);
1dc06093 4625
eb55ef07 4626 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4627 ev_size = sizeof(*ev) + eir_len;
f8523598 4628
901801b9 4629 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4630}
a88a9652 4631
9cf12aee
MH		 4632void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4633 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4634{
b644ba33
JH		 4635 struct mgmt_ev_device_found *ev;
4636 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4637 u16 eir_len;
a88a9652 4638
b644ba33 4639 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4640
b644ba33
JH		 4641 memset(buf, 0, sizeof(buf));
4642
4643 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4644 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4645 ev->rssi = rssi;
4646
4647 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4648 name_len);
b644ba33 4649
eb55ef07 4650 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4651
9cf12aee 4652 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4653}
314b2381 4654
2f1e063b 4655void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4656{
f963e8e9 4657 struct mgmt_ev_discovering ev;
164a6e78
JH		 4658 struct pending_cmd *cmd;
4659
343fb145
AG		 4660 BT_DBG("%s discovering %u", hdev->name, discovering);
4661
164a6e78 4662 if (discovering)
2e58ef3e 4663 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4664 else
2e58ef3e 4665 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4666
4667 if (cmd != NULL) {
f808e166
JH		 4668 u8 type = hdev->discovery.type;
4669
04124681
GP		 4670 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4671 sizeof(type));
164a6e78
JH		 4672 mgmt_pending_remove(cmd);
4673 }
4674
f963e8e9
JH		 4675 memset(&ev, 0, sizeof(ev));
4676 ev.type = hdev->discovery.type;
4677 ev.discovering = discovering;
4678
2f1e063b 4679 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4680}
5e762444 4681
88c1fe4b 4682int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4683{
4684 struct pending_cmd *cmd;
4685 struct mgmt_ev_device_blocked ev;
4686
2e58ef3e 4687 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4688
88c1fe4b
JH		 4689 bacpy(&ev.addr.bdaddr, bdaddr);
4690 ev.addr.type = type;
5e762444 4691
744cf19e 4692 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4693 cmd ? cmd->sk : NULL);
5e762444
AJ		 4694}
4695
88c1fe4b 4696int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4697{
4698 struct pending_cmd *cmd;
4699 struct mgmt_ev_device_unblocked ev;
4700
2e58ef3e 4701 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4702
88c1fe4b
JH		 4703 bacpy(&ev.addr.bdaddr, bdaddr);
4704 ev.addr.type = type;
5e762444 4705
744cf19e 4706 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4707 cmd ? cmd->sk : NULL);
5e762444 4708}
5976e608
MH		 4709
4710static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4711{
4712 BT_DBG("%s status %u", hdev->name, status);
4713
4714 /* Clear the advertising mgmt setting if we failed to re-enable it */
4715 if (status) {
4716 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4717 new_settings(hdev, NULL);
5976e608
MH		 4718 }
4719}
4720
4721void mgmt_reenable_advertising(struct hci_dev *hdev)
4722{
4723 struct hci_request req;
4724
b145edcd 4725 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 4726 return;
4727
4728 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4729 return;
4730
4731 hci_req_init(&req, hdev);
4732 enable_advertising(&req);
4733
4734 /* If this fails we have no option but to let user space know
4735 * that we've disabled advertising.
4736 */
4737 if (hci_req_run(&req, adv_enable_complete) < 0) {
4738 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4739 new_settings(hdev, NULL);
5976e608
MH		 4740 }
4741}
Linux kernel - Deliverables
This page took 0.772172 seconds and 5 git commands to generate.